Tag

Security

Browsing

Most contractors hired by the Department of Defense over the past five years failed to meet required minimum cyber security standards, posing a significant risk to US national security.

Managed services vendor CyberSheth released a report on November 30 showing that 87% of the Pentagon supply chain fails to meet basic cybersecurity minimums. Those security gaps are subjecting major defense contractors and their subcontractors to massive cyberattacks, putting US national security at risk.

Those risks have been well known for some time without efforts to fix them. According to CyberSheth, this independent study of the Defense Industrial Base (DIB) is the first to show that federal contractors are not properly protecting military secrets.

DIB is a complex supply chain consisting of 300,000 primes and subcontractors. The government allows these approved companies to share sensitive files and communicate securely to get their jobs done.

To keep those secrets safe, defense contractors will soon be required to meet Cybersecurity Maturity Model Certification (CMMC) compliance. Meanwhile, the report warns that nation-state hackers are actively and specifically targeting these contractors with sophisticated cyberattack campaigns.

“Awarding contracts to federal contractors without first validating their cybersecurity controls is a complete failure,” Eric Noonan, CEO of CyberSheth, told TechNewsWorld.

Defense contractors have been mandated to meet cyber security compliance requirements for more than five years. Those terms are embedded in more than a million contracts, he said.

alarming details

The Merrill Research Report 2022, commissioned by CyberSheth, revealed that 87% of federal contractors have a sub-70 Supplier Performance Risk System (SPRS) score. The metric shows how well a contractor meets Defense Federal Acquisition Regulation Supplement (DFARS) requirements.

DFARS has been in law since 2017 and requires a score of 110 for full compliance. Critics of the system considered the 70 to be “good enough”. Yet, the overwhelming majority of contractors still come up short.

Eric Noonan said, “The report’s findings show a clear and present threat to our national security.” “We often hear about threats to supply chains that are more susceptible to cyberattacks.”

The DIB is the Pentagon’s supply chain, and we see how poorly prepared contractors are despite being in the crosshairs of risk actors.

“Our military secrets are not secure, and there is an urgent need to improve the cyber security posture for this group, which often does not meet even the most basic cyber security requirements,” Noonan warned.

more report findings

Survey data came from 300 US-based DOD contractors, with accuracy tested at the 95% confidence level. The study is completed in July and August 2022, with CMMC 2.0 on the horizon.

Roughly 80% of DIB users failed to monitor their computer systems around the clock and lacked US-based security monitoring services. Other deficiencies were evident in the following categories that would be required to achieve CMMC compliance:

  • 80% lack a vulnerability management solution
  • 79% lack a comprehensive multi-factor authentication (MFA) system
  • 73% lack an endpoint detection and response (EDR) solution
  • 70% have not deployed Security Information and Event Management (SIEM)

These security controls are legally required of the DIB, and since they are not met, there is a significant risk to the DoD and its ability to conduct armed defense. In addition to widespread non-compliance, 82% of contractors find it “moderately to extremely difficult to understand government regulations on cyber security”.

Confusion prevails among contractors

As per reports, some of the DIB’s defense contractors focused on cyber security have only been halted by roadblocks.

When asked to rate DFARS reporting challenges on a scale of one to 10 (with 10 being extremely challenging), about 60% of all respondents rated “understanding requirements” a seven out of 10 or more. Also regular documentation and reporting were on top of the list of challenges.

The primary barriers listed include challenges in understanding the steps required to achieve compliance, difficulty in implementing sustainable CMMC policies and procedures, and the overall cost involved.

Unfortunately, these results are in line with what CyberSheth expected, Noonan acknowledged. He said the research confirmed that even fundamental cyber security measures such as multi-factor authentication were largely ignored.

Noonan said, “This research, combined with the False Claims Act case against defense giant Aerojet Rocketdyne, shows that defense contractors both large and small are not meeting contractual obligations for cyber security and that the DoD has access to their supplies.” There is systemic risk in the series.”

no big surprise

Noonan believes the Defense Department has known for a long time that the defense industry is not addressing cyber security. News reporting of never-ending nation-state violations by defense contractors, including large-scale incidents like the SolarWinds and False Claims Act cases, prove that point.

“I also believe that the DoD has run out of patience after giving contractors years to fix the problem. Only now is the DoD going to make cyber security a pillar of contract acquisition,” Noonan said.

He noted that the planned new DoD doctrine would be “no cyber security, no contract”.

Noonan acknowledged that there is merit to some of the conflicts raised by contractors about difficulties in understanding and meeting cyber requirements.

“It is a fair point as some of the messaging from the government has been inconsistent. In fact, however, the requirements have not changed since 2017,” he offered.

what will happen next

Perhaps the DoD will adopt a stricter policy with contractors. If contractors complied with the legislation required in 2017, the entire supply chain would be in a much better shape today. Despite some communication challenges, the DoD has been incredibly consistent on what is required of defense contractor cybersecurity, Noonan said.

The current research now sits on top of a mountain of evidence that proves federal contractors have a lot of work to do in improving cyber security. It is clear that without enforcement from the federal government the work will not get done.

“Trust without verification failed, and now DoD is moving to enforce verification,” he said.

DoD response still pending

TechNewsWorld submitted written questions to the DoD about the supply chain criticism in the CyberSheath report. A spokesperson for the Cyber/IT/DOD CIO for the Department of Defense responded, adding that it would take a few days to investigate the issues. We’ll update this story with any response we get.

The sentencing of former Uber chief security officer Joseph Sullivan could lead to a quiet re-evaluation of how the chief information security officer (CISO) and the security community handle network breaches going forward.

A San Francisco federal jury indicted Sullivan on October 5 for failing to tell US officials about the 2016 hack of Uber’s database. Judge William H. Orrick did not set a date for sentencing.

Sullivan’s lawyer, David Angeli, said after the verdict was announced that his client’s sole focus was to ensure the security of people’s personal digital data.

Federal prosecutors noted that the case should serve as a warning to companies about how to comply with federal regulations when handling their network breaches.

Officials accused Sullivan of working to hide the data breach from US regulators and the Federal Trade Commission, and attempting to link his actions to prevent hackers from being caught.

At the time, the FTC was already investigating Uber after the 2014 hack. Two years later, hackers in Uber’s network repeatedly emailed Sullivan about the theft of large amounts of data. According to the US Justice Department, they promised they would delete the data if Uber paid the ransom.

The conviction is a significant precedent that has already sent shock waves through the CISO community. This dynamic policy highlights the personal liability involved in being a CISO in a legal and attacking environment, noted Casey Ellis, founder and CTO of Bugcrowd, a crowded cybersecurity platform.

“This calls for clear policy at the federal level around privacy protection and treatment of user data in the United States, and it emphasizes the fact that here a proactive approach to handling vulnerability information rather than a reactive approach is an important The component is flexibility for organizations, their security teams and their shareholders,” he told TechNewsWorld.

problem description

There is a growing tendency for companies afflicted with ransomware to interact with hackers. But the trial discourse showed prosecutors reminding the companies to “do the right thing,” according to media accounts.

According to published test accounts, Sullivan’s employees confirmed widespread data theft. This included theft records and 600,000 driver’s license numbers of 57 million Uber users.

The DOJ reported that Sullivan sought the hackers’ agreement to pay out US$100,000 in bitcoin. That agreement included the hackers signing a non-disclosure agreement to keep the hack from public knowledge. Uber reportedly hid the true nature of the payment as a bug bounty.

Only the jury had access to the evidence in the case, so it’s counterproductive to testify to specific details of the case, said Rick Holland, chief information security officer and vice president of strategy at Digital Shadows, a provider of digital risk management solutions.

“There are some general conclusions to draw. I am concerned by the unintended consequences of this case,” Holland told TechNewsWorld. “CISO already has a daunting task, and the outcome of the case has made CISO a scapegoat. Have given.”

important unanswered questions

Holland’s concerns include how the results of this trial could affect the number of leaders willing to take on the potential personal liability of the CISO role. He is also concerned about dismissing more whistleblower cases such as the escalating cases from Twitter.

He expects more CISOs to negotiate the insurance of directors and officers into their employment contracts. That type of policy provides personal liability coverage for decisions and actions a CISO may take, he explained.

“Furthermore, given the way both the CEO and CFO became responsible for corruption on the heels of the Sarbanes Oxley and Enron scandals, the CISO should not be the only culpable role in the case of wrongdoing around intrusions and breaches,” He suggested.

The Sarbanes-Oxley Act of 2002 is a federal law that established comprehensive auditing and financial regulations for public companies. The Enron scandal, a series of events involving questionable accounting practices, resulted in the bankruptcy of energy, goods and services company Enron Corporation and the dissolution of accounting firm Arthur Andersen.

“CISOs should effectively communicate risks to the company’s leadership team, but should not be solely responsible for cybersecurity risks,” he said.

twisted conditions

Sullivan’s conviction is a kind of ironic role reversal. Earlier in his legal career, he prosecuted cybercrime cases for the United States Attorney’s Office in San Francisco.

The DOJ’s case against Sullivan hinged on obstructing justice and acting to conceal a felony from officers. The resulting conviction can have a long-term impact on how organizations and individual authorities approach cyber incident response, particularly where it involves extortion.

Prosecutors argued that Sullivan actively concealed the massive data breach. The jury unanimously agreed with the allegation beyond a reasonable doubt.

Instead of reporting the breach, the jury found that Sullivan, backed by the knowledge and approval of Uber’s then CEO, paid the hackers and signed a non-disclosure agreement with them, falsely claiming that he had stolen data from Uber. did not do.

A new chief executive who later joined the company reported the incident to the FTC. Current and former Uber executives, lawyers and others testified for the government.

Edward McAndrew, an attorney for Bakerhostetler and former DoJ cybercrime prosecutor and national security cyber expert, told TechNewsWorld that “Sullivan’s prosecution and now conviction is unprecedented, but it needs to be understood in its proper factual and legal context.”

He said that the government has recently adopted a very aggressive policy towards cyber security. This affects white-collar compliance, where organizations and officials are increasingly cast in the simultaneous and separate roles of crime victim and enforcement target.

“Organizations need to understand how the actions of individual employees can expose them and others to the criminal justice process. And information security professionals need to understand the actions they take in response to criminal cyberattacks. How to avoid becoming personally liable for that,” warned McAndrew.

A new phishing-as-a-service offering on the dark web poses a threat to online accounts protected by multi-factor authentication, according to a blog posted Monday by an endpoint security company.

Called EvilProxy, the service allows threat actors to launch phishing campaigns, with the ability to largely bypass MFAs without the need to hack upstream services, the Resecurity researchers noted in the blog. .

The service uses methods supported by APT and cyber espionage groups to compromise accounts protected by MFA. According to the researchers, such attacks have been discovered against Google and Microsoft customers whose accounts have MFA enabled via SMS text messages or application tokens.

Phishing links produced by EvilProxy lead to cloned web pages that have been compromised by accounts associated with multiple services, including Apple iCloud, Facebook, GoDaddy, GitHub, Dropbox, Instagram, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex. has been prepared to do.

Threat actors using EvilProxy to gain access to their repositories are targeting software developers and IT engineers with the ultimate goal of hacking “downstream” targets, the researchers wrote.

He explained that these tactics allow cybercriminals to capitalize on end users who believe they are downloading software packages from secure resources and do not expect them to be compromised.

faster, faster, better

“This incident poses a threat to software supply chains because it targets developers by giving the service’s cybercriminal customers the ability to launch campaigns against GitHub, PyPI and NPM,” said Avid Gershon, leader of the security research team at Checkmarks. Said, an application security company, in Tel Aviv, Israel.

“Just two weeks ago,” he told TechNewsWorld, “we saw the first phishing attack against PyPI contributors, and now we see the service take it a few steps further by making these attacks accessible to less tech operators and adding capability. To bypass the MFA.”

Checkmarx’s head of supply chain security Tzachi Zorenstein said the nature of supply chain attacks increases the reach and impact of cyber attacks.

“Abusing the open-source ecosystem represents an easy way for attackers to increase the effectiveness of their attacks,” he told TechNewsWorld. “We believe this is the beginning of a trend that will increase in the coming months.”

A phishing-as-a-service platform can also increase attacker effectiveness. “Since PhaS can operate at scale, it enables adversaries to be more efficient at stealing and defrauding identities,” said Resecurity CEO Jean Yu.

“Old-fashioned phishing campaigns require money and resources, which can be overwhelming for one person,” he told TechNewsWorld. “Fas is just faster, faster, better.”

“It’s something that’s very unique,” he said. “It’s very rare to produce a phishing service on this scale.”

well packed

Many illegal services, hacking and malicious intent are solution products, explained Alon Nachmani, field CISO at AppviewX, a certificate lifecycle management and network automation company in New York City.

“By using a PhaS solution malicious actors have less overhead and less to spring an attack,” he told TechNewsWorld.

“Quite honestly,” he continued, “I’m surprised it took so long to become a thing. There are so many marketplaces where you can buy ransomware software and link it to your wallet. Once deployed , you can collect the ransom. The only difference here is that it is completely hosted for the attacker.”

While phishing is often considered a low effort activity in the hacking world, it still requires some work, said Monia Deng, director of product marketing at Bolster, a provider of automated digital risk protection in Los Altos, Calif. You’ll need it to do things like stand up to a phishing site, create emails, automate managers, and nowadays, steal 2FA credentials on top of primary credentials, she explained.

“With Faas,” she continued, “everything is neatly packaged on a subscription basis for criminals who do not require any hacking or even social engineering experience. It Opens the ground for many more threat actors who want to exploit organizations for their own gain.”

bad actors, great software

Security researchers explained that payment for EvilProxy is conducted manually through an operator on Telegram. Once the subscription funds are received, they will be credited to the account in the customer portal hosted on TOR. The kit is available for $400 per month.

EvilProxy’s portal has many tutorials and interactive videos on using the service and configuration tips. “To be clear,” the researchers wrote, “the bad actors did a great job in terms of service usability, and configuration of new campaigns, traffic flow, and data collection.”

“This attack just shows the maturity of the bad actor community,” said George Gerchow, CSO and senior vice president of IT at Sumo Logic, an analytics company focused on security, operations and business information in Redwood City, Calif.

“They are packing these kits nicely with detailed documentation and videos to make it easier,” he told TechNewsWorld.

The service uses a “reverse proxy” principle, the researchers noted. It works like this: Bad actors lead victims to a phishing page, use a reverse proxy to get all the legitimate content the user expects to see, and sniff their traffic through the proxy.

“This attack highlights how low the barrier of entry is for unsophisticated actors,” said Heather Iannucci, a CTI analyst at Tanium, creator of an endpoint management and security platform in Kirkland, Wash.

“With EvilProxy, a proxy server sits between the legitimate platform’s server and the phishing page, which steals the victim’s session cookie,” she told TechNewsWorld. “This can then be used by the threat actor to login to a legitimate site as a user without an MFA.”

“Defending against EvilProxy is a challenge because it combines cheating a victim and MFA bypass,” Yu said. “The real compromise is invisible to the victim. Everything sounds good, but it’s not.”

still in effect

Nachmany warned that users should be concerned about the effectiveness of MFAs that use text messaging or application tokens. “Fas is designed to use them, and this is a trend that will grow in our market,” he said.

“The use of certificates as an additional factor is what I expect to see an increase in use soon,” he said.

While users should be careful when using an MFA, it is still an effective mitigation against phishing, said Patrick Harr, CEO of SlashNext, a network security company in Pleasanton, Calif.

“It increases the difficulty of leveraging compromised credentials to disband an organization, but it is not foolproof,” he said. “If a link leads the user to a counterfeit replica of a legitimate site—which is nearly impossible to identify as not legitimate—the user may be the victim of an adversary-in-the-middle attack, such as this one by EvilProxy.” is used to .”

The next generation of the Web – Web 3 – has been touted as more secure than the current incarnation of cyberspace, but a report released Tuesday warned that may not be the case.

According to a report by Forrester, a national technology research company, Web3 can be difficult to break into at the infrastructure level, but there are other points of attack that could provide threat actors with more opportunities for mischief than those found in legacy Web. can go.

Web3 applications, including NFTs, are not only vulnerable to attack; Forrester explained that they often offer a wider attack surface than traditional applications due to the distributed nature of blockchains.

Furthermore, it said, Web3 apps are desirable targets as tokens can be worth substantial amounts of money.

The openness of Web3, which is considered one of its main advantages, can also be a disadvantage. Martha Bennett, Vice President and Principal Analyst, Forrester, said, “The code that runs on a public blockchain is easily accessible by anyone with the necessary technical skills, from anywhere in the world – no need to enter corporate security to achieve this. Not there.” He is also a co-author of the report.

“Source code is generally readily available, because the focus is not on running closed source ‘smart contracts’. The Web3 ethos is, after all, ‘open code,'” she told TechNewsWorld.

unwanted complication

David Ricard, CTO of North America at Cipher, a division of Prosegur, a multinational security company, explained that Web3 is based on distributed control of data and identity by its users.

“This broadens the attack surface for individuals who may be unwilling or simply unable to handle the management of their own data and identities, bringing technical complexity to an area that is ‘above anything’ in use.” ‘easy’,” he told TechNewsWorld.

“Scrolling through personal, text messaging, email and social media and shopping apps is a real challenge for them,” he said.

He said the idea of ​​making Web3 code transparent and publicly available is unlikely to gain real traction. “There is a lot of money at stake between capital investors and users of blockchain financial systems and NFTs,” he said.

He further added that making the code transparent and public can also broaden the attack surface in a clear way. “Safe coding practices that predict how someone might abuse a system for nefarious gains are generally not practiced,” he explained. “It is not easy to predict how people might use the system for purposes other than those intended.”

“Most of the financial losses associated with blockchain and NFTs do not exploit immutable objects themselves, but rather manipulate them by exploiting applications that can affect them,” he said.

Furthermore, while legacy systems may be outdated, they may also be robust. “What’s new is also the most vulnerable,” said Matt Chiodi, chief trust officer at Cerby, creator of a platform to manage Shadow IT in San Francisco.

“While time is not always a friend of security, it allows an application to become battle tested,” he told TechNewsWorld. “Web 3 is no different. It’s new and not much tested. Legacy applications have a time advantage. Web3 doesn’t.”

NFT becoming popular target

Even if the code is visible and accessible, the report said, attackers will find weak points. This makes it clear that while attacks on smart contracts and cryptocurrency wallets are confined to the Wild West of decentralized finance, increasingly, NFT projects have become a favorite target.

“Why go for more difficult hacks if there are easier ways to get what you want?” asked Bennett. “Like any other venue where value is traded, [NFT] Markets and communication tools attract people who want to steal or otherwise break the rules.”

“For anything to do with Web3, speed is of the essence, and many of the people involved do not have the necessary expertise to assess a potential security issue,” she said. “Sometimes, startups don’t even advertise for a security chief until something bad happens.”

One of the biggest breaches of the NFT marketplace occurred in June at OpenC, which exposed nearly 1.8 million email addresses. “There was an inside threat involved in that particular case, but the applications that handle the transactions can be quite vulnerable,” Ricard said.

“There may be hundreds of thousands of ways this can be abused, which coders have to try to account for, yet a hacker only needs to discover a vector, once for a breach to occur. ,” They said.

Hangout for Scammers

Forrester also pointed out that social media network Discord has become a major weak point in NFTs and other public blockchain projects. Successful phishing attacks on Discord are at the root of many, if not most, NFT thefts, it continued.

It clarified that attacks are usually targeted at community managers and administrators. Once an administrator account is successfully taken over, attackers have the opportunity to steal extensively, as users rely on messages from community administrators.

Bennett noted that Discord was primarily designed as a communication platform for gamers, not for holding and exchanging value, and that it has mechanisms to mitigate risk. “But these mechanisms can only help if they are implemented, and it is clear that often, they are not,” she said.

“Furthermore,” she said, “Discord attracts a similar share of phishing attacks and scam messages, being the preferred communication mechanism for token projects.”

Ricard said the Discord communities provide a rich source of information for scammers, as well as investors. “The harvesting of participants’ contact information leads to phishing,” he said. “Hacks in digital wallets are not uncommon.”

“The Discord bot has been hacked, so threatening actors can post fake mining offers, resulting in the theft of cryptocurrencies,” he said.

Better security than legacy web?

Forrester’s report notes that in a fast-moving Web 3 world, it’s tempting to ignore security in favor of innovating quickly, but public safety issues can easily derail a major launch or product team. to analyze and mitigate critical security flaws.

Firms can identify risks and protect both the decentralized and centralized components of their Web3 applications by engaging their security teams not only in the software development lifecycle but throughout the product lifecycle.

“Web3 needs to shift its focus to the left, which means getting as much security as possible for developers and making prevention the ultimate goal,” Chiodi said. “Without this focus, Web3 would be indistinguishable from Web2. It would be a shame given its tremendous potential, especially around decentralized identity.”

“Web3’s distributed approach provides a variety of security capabilities, but the fundamental problems remain the same,” said Mark Bower, vice president of product at Anjuna, a confidential computing company in Palo Alto, Calif.

“If an attacker gains credentials, root-level privileges or access to keys — especially private keys that run throughout the ecosystem,” he told TechNewsWorld, “then it’s game over, as if this one in a centralized platform.”

Cyber ​​security professionals want the computer industry to emphasize vendor consolidation and open standards.

This major change in the security networks of IT professionals is long overdue, according to new research from the Information Systems Security Association (ISSA) International and the independent industry analyst firm Enterprise Strategy Group (ESG), a division of TechTarget.

Seller consolidation and the push toward open standards is driven by buyers themselves, who are challenged by increasing complexity, cost, and the promotion of best-of-breed technology “equipment sprawl”.

Nearly half (46%) organizations consolidate or plan to consolidate the number of vendors they do business with. Concerned by the growing complexities of security operations, 77% of InfoSec professionals would like to see greater industry collaboration and support for open standards that promote interoperability.

Thousands of cyber security technology vendors compete against each other in multiple security product categories. Organizations want to optimize all the security technologies in their stack at once.

According to the research report, vendors supporting open standards for technology integration will be best positioned to meet this shift in the industry.

“Given that nearly three-quarters (73%) of cybersecurity professionals feel that vendors are engaging in promotions on substance, vendors who demonstrate a genuine commitment to supporting open standards are more likely to engage industry-wide. would be in the best position to avoid consolidation,” he said. Candy Alexander, Board President, ISSA International.

He said CISO vendors have become so burdened with noise and security “equipment dispersion” that for many, the wave of vendor consolidation is like a breath of fresh air.

Shift to security platform

ESG studied 280 cyber security professionals, most of whom are ISSA members. The results, released last month, focused on security processes and technologies, and show that 83% of security professionals believe the technology interoperability of the future depends on setting industry standards.

The report’s details demonstrate a cybersecurity landscape that looks favorably toward a security product suite (or platform) as it moves away from a defense-intensive strategy based on deploying best-of-breed cybersecurity products. This approach is based on historical precedent that has consistently increased organizational complexity and contributed to substantial operations.

“The report shows that massive changes are taking place within the industry in what many believe is a long time to come,” said John Oltsik, Senior Principal Analyst and ESG Fellow.

“The fact that 36% of organizations may be willing to purchase most security technologies from a single vendor speaks volumes for a change in buying behavior as CISOs are openly considering security platforms in lieu of best-of-breed point of view devices. are,” he said.

Why Jump from Best-of-Breed

The number of competing security suites has skyrocketed with many organizations managing 25 or more independent security tools. It follows that security professionals are now stressing the need to juggle so many independent security products to do their job.

Managing an assortment of security products from different vendors has increased training requirements, makes it difficult to get an overall picture of safety, and requires manual intervention to fill in the gaps between products. As a result, 21% of organizations are consolidating the number of cybersecurity vendors they do business with, and another 25% are considering consolidating.

“In general, buying, implementing, configuring and operating too many different tools has become very difficult, let alone ongoing support relationships with vendors. Consolidation management/operations makes sense,” says Oltsik told TechNewsWorld.

This ongoing complication is prompting 53% of cybersecurity professionals to purchase security technology platforms instead of best-of-breed products. The study showed that 84% of respondents believe a product’s integration capabilities are important, and 86% consider it important or important that integration with other products create best-of-breed products.

According to 60% of IT teams, strict integration between already separate security controls is a primary requirement rather than a best buy. Improved threat detection efficiency such as accurate high-fidelity alerts and improved cyber-threat detection were on the wish list for 51%.

generalized government mandate

Cybersecurity products cover the basics, noted Oltsik. This includes antivirus software, firewalls, some sort of identity management system, and a range of products for endpoint encryption.

“In many cases, these technologies are mandated by government and industry regulations,” he said. “The biggest influencer in cybersecurity protections is the US federal government which can and does mandate certain standards.

For example, the Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community considerations. The In-Process Cyber ​​Security Maturity Model Certification (CMMC) standard mandates certain security certifications for DoD vendors.

“We have also seen standards from industry, such as the activity of the Organization for the Advancement of Structured Information Standards (OASIS) and other OASIS standards. This week, we introduced the Open Cyber ​​Security Framework (OCSF), a standard data schema for security data. Saw the beginning. There are also many identity management standards,” he said.

Finding a shared security base

After reviewing this data, ESG and ISSA recommend that organizations encourage their security vendors to adopt open industry standards, possibly in collaboration with the Industry Information Sharing and Analysis Center (ISAC). In addition, there are some established security standards available from MITER, OASIS and Open Cyber ​​Security Alliance (OCA).

Many vendors speak in favor of open standards, but most do not actively participate or contribute to them. However, this lukewarm behavior can change quickly.

For this to happen, cybersecurity professionals – especially large organizations big enough to send signals to the market – establish best practices for vendor qualification.

In addition, they need to emphasize process requirements that include adoption and development of open standards for technology integration as part of a broader process for all security technology procurement, according to the report.

expected result

Cyber ​​security standards and vendor integration will strengthen the cyber security landscape against the continuing increase in cyber threats by easing product development and integration. Oltsik explained that this will allow industry and security teams to focus more on innovation and security fundamentals and less on building connectors for interoperability.

He sees an opportunity within the industry to support these efforts.

“It seems that some industry leaders are collaborating. I point to OCSF where 18 vendors agreed to support it,” he said.

This group includes a number of leaders – AWS, CrowdStrike, IBM, Okta and Splunk, for starters. He said another potential driver would be the support of large security technology customers.

Oltsik concluded, “If Goldman Sachs, GM, Walmart and the US federal government said they would only buy from vendors that support OCSF, it would really hit the industry.”


The full ESG-ISSA report titled “Technology Perspectives from Cyber ​​Security Professionals” is available here. No form filling is required.

According to a new report from Parks Associates, the home security systems market continues to grow despite concerns about false alerts.

The report noted that security system ownership is at an all-time high in many areas, with more than a third of US broadband households (36%) having home security systems and 41% of multi-dwelling unit managers with systems in their common areas. are installed. and parking garage.

“The market was stagnant, making about 20% penetration for decades,” said Yaniv Amir, president of Essence USA, which is part of the Essence Group, a global technology company.

“Over the past five to seven years, we’ve seen significant growth as security has become a part of home automation,” he told TechNewsWorld. “It reached the mid-thirties.”

The report noted that the past several years have been good for selling systems in the small and medium business market. With the COVID-19 pandemic, it explained that the spring and summer of 2020 were characterized by social and political unrest, resulting in increased concerns about safety and security.

false alert problem

According to the report, despite promising growth, accurate detection of security threats remains a problem. False alarms are a threat to user satisfaction with their systems, it maintained, with two out of three security system owners paying fines for false alarms with an average cost of about $150.

“In America, false alarms are a really big deal,” Amir said. “It causes a lot of people to turn off their alarm systems, making them nonfunctional.”

He said one way to avoid false alarms is to use artificial intelligence to trigger the alarm from a single detector. “If you have multiple sensors, an intruder is likely to hit more than one sensor, so an alert from a single sensor is likely to be a false alert,” he explained.

“More advanced systems can use facial recognition to determine whether a face belongs to someone living in a household,” he said. “More advanced technologies can also identify unusual behavior – for example the owner of the house was being attacked.”

Chris White, senior analyst at Parks, told TechNewsWorld that effective monitoring is the best way to avoid false alarms. In addition, he continued, new video and audio analytics will help.

“Device makers are increasingly using AI powered by the cloud or more powerful EDGE to analyze video and audio data collected by cameras and microphones around the residence and verify that the detected event Instead of a pet walking on the porch or branch, there is a danger in the strong wind,” he said.

AI to the rescue

Believing that better analysis will help eliminate false alerts, Mark N. Venna, president and principal analyst at SmartTech Research in San Jose, Calif., said AI will ultimately do the best job of reducing false alerts. “This would allow the cameras to ‘learn’ about a homeowner’s specific environment,” he explained.

“This technology may be integrated at the device level, but it may also surface in Wi-Fi 6e or Wi-Fi 7e routers which can contribute by dramatically reducing latency along with improved bandwidth,” They said.

IDC senior analyst Adam Wright said vendors can do things to improve smart security systems, but it is the user’s responsibility to configure the system appropriately.

“This is one of the drawbacks of adopting a do-it-yourself approach to building a home security system – setting up, setting up and configuring all the necessary rules and sequences can be cumbersome,” he told TechNewsWorld.

“An advantage of professional installers is that they can customize the security solution to the needs of the home and help the user set up the correct configuration to ensure that the system works as intended and avoid false alerts and Minimizes other disruptions,” he said.

integration headache

False warnings aren’t the only problem with home security systems. “Reliable connectivity is a big limitation,” argued Wright. Often network-connected devices become unresponsive or offline, and troubleshooting isn’t always straightforward or easy.

“Furthermore,” he added, “integration with third-party devices remains problematic. For example, dragging a video feed onto a smart display can cause a number of errors and delays that can disrupt the experience.”

Vena agreed that it’s difficult to integrate multiple brands of appliances with many existing home security systems.

“Some of the better home security systems, though not all, do a fair job of integrating devices from different manufacturers, playing an agnostic role,” he said, “but user frustrations can be high when they determine a device that needs to be installed.” He has bought. Do not operate within the home security system’s ecosystem or integrate with your Master Control app.”

He sees future security systems departing from the use of video. “I’m most optimistic about ‘Wi-Fi Sensing’ technology, which allows every Wi-Fi device in your home to use the Wi-Fi signal to determine fall detection, break-ins, and so forth. is,” he observed.

“Acoustic sensing technology can also help detect glass breaks or screams that can be used to send alerts,” he said. “These latter capabilities also have privacy benefits because they don’t use video to make these determinations, something that’s as appealing as an indoor sensor.”

DIY Monitoring

The Parks report also noted that an important new factor in the security sector is the increase in self-monitoring security systems. These self-monitoring systems send alerts to users’ phones for a low monthly fee.

“Self-monitoring has the benefit of lower monthly costs, but it also requires the homeowner to act on alert and contact authorities if a break-in or intruder is detected,” Venna said. Vena said. “It’s a significant disadvantage, because most people don’t want or can’t have their homes monitored.”

Wright said one of the biggest benefits of self-monitoring is the peace of mind that the system won’t falsely trigger a response from emergency services, which can be disruptive or costly.

“However, the disadvantage is if an alert or alarm goes undetected,” he continued. “For example, if the user is not near their phone at all times, or there is a connectivity issue with the phone that does not receive alerts. Then the incident will go unanswered which could mean that emergency services are not dispatched in time.” Huh. “

According to the report, 33% of self-monitoring security system owners told park researchers that they intended to switch to a professional monitoring service because they were not available when a security incident occurred, and that they could not take appropriate action.

A new report from a privileged management firm (PAM) warns that IT security is getting worse as corporations become stuck deciding what to do and what it will cost.

Delinea, formerly Thycotic and Centrify, on Tuesday released research based on 2,100 security decision makers internationally, revealing that 84% of organizations have experienced an identity-related security breach in the past 18 months.

This revelation comes as enterprises are grappling with expanding entry points and more frequent and advanced attack methods from cybercriminals. It also highlights the gap between the perceived and actual effectiveness of security strategies. Despite the high percentage of accepted breaches, 40% of respondents believe they have the right strategy.

Several studies found that credentials are the most common attack vector. Delinia wanted to know what IT security leaders were doing to reduce the risk of attack. This study focused on learning about the adoption of privileged access management by organizations as a security strategy.

Key findings of the report include:

  • 60% of IT security decision-makers have been put off working on an IT security strategy due to multiple concerns;
  • Identity security is a priority for security teams, but 63% believe it is not understood by executive leaders;
  • 75% of organizations will fail to protect privileged identities because they refuse to receive the support they need.

ID security is a priority, but board purchases are critical

Leaving behind corporate commitment to actually take action is a growing policy many executives are following in relation to IT efforts to provide better breach prevention.

Many organizations are hungry to make change, but three quarters (75%) of IT and security professionals believe that promises of change will fail to protect privileged identities due to a lack of corporate support, according to researchers. .

The report noted that 90% of the respondents said that their organizations fully recognize the importance of identity security in enabling them to achieve their business goals. Nearly the same percentage (87%) said it was one of the most important security priorities for the next 12 months.

However, a lack of budget commitment and executive alignment resulted in a constant stall on improving IT security. Some 63% of respondents said that their company’s board still does not fully understand identity security and its role in enabling better business operations.

Chief Security Scientist and Advisor CISO Joseph Carson said, “While the importance of identity security is acknowledged by business leaders, most security teams will not receive the support and budget they need to provide critical security controls and resources to mitigate key risks.” A solution is needed.” in Delinia.

“This means that most organizations will be deprived of protecting privileges, leaving them vulnerable to cybercriminals searching for and abusing privileged accounts,” he said.

Lack of policies puts machine ID at great risk

Despite the good intentions of corporate leaders, companies have a long road ahead when it comes to protecting privileged identities and access. According to the report, less than half (44%) of organizations surveyed have implemented ongoing security policies and procedures for privileged access management.

These missing security protections include password rotation or approval, time-based or context-based security, and privileged behavior monitoring such as recording and auditing. Even more worrying, more than half (52%) of all respondents allow privileged users to access sensitive systems and data without the need for multifactor authentication (MFA).

Another alarming lapse has come to the fore in the research. Privileged identities include humans, such as domain and local administrators. It also includes non-humans, such as service accounts, application accounts, codes, and other types of machine identities that automatically connect to and share privileged information.

However, only 44% of organizations manage and secure machine identities. The majority leave them open and come under attack.

Graph: Delinea benchmarking security gaps and privileged access

Source: Delinia Global Survey of Cyber ​​Security Leaders


Cybercriminals look for the weakest link, Carson noted. Ignoring ‘non-human’ identities – especially when these are growing at a faster rate than human users – greatly increases the risk of privilege-based identity attacks.

“When attackers target machine and application identities, they can easily eavesdrop,” he told TechNewsWorld.

They move around the network to determine the best place to strike and inflict the most damage. He advised that organizations need to ensure that machine identity is incorporated into their security strategies and follow best practices when it comes to protecting all of their IT ‘superuser’ accounts, which could be compromised if , then the entire business could be put on hold, he advised.

The security gap is widening

Perhaps the most important finding from this latest research is that the security gap continues to widen. Many organizations are on the right track to secure and reduce cyber risk for business. They face the challenge that there still exist large security gaps for attackers to gain. This includes securing a privileged identity.

An attacker only needs to find a privileged account. When businesses still have many privileged identities left vulnerable, such as application and machine identities, attackers will continue to exploit and influence businesses’ operations in exchange for ransom payments.

The good news is that organizations realize the high priority of protecting privileged identities. The sad news is that many privileged identities are still exposed because it is simply not enough to secure a human privileged identity, Carson explained.

Not only is the security gap widening between business and attackers but also the security gap between IT leaders and business executives. While this is improving in some industries, the problem still exists.

“Until we address the challenge of communicating the importance of cyber security to the executive board and business, IT leaders will continue to struggle to obtain the resources and budget needed to close the security gap,” he said. warned.

cloud whack-a-mole

One of the main challenges to achieving identity is that mobility and the identity of the cloud environment are everywhere. According to Carson, this increases the complexity of securing identity.

Businesses are still trying to secure them with the current security technologies they already have in place today. But this results in many security gaps and limitations. He said some businesses fall short even by trying to check security identity with simple password managers.

“However, this still means relying on business users to make good security decisions. To secure identities, you must first have a good strategy and plan in place. This means knowing the types of privileged identities that exist in business. Understanding and using security technology that is designed to find and protect them,” he concluded.

A recent gathering of global cybersecurity professionals has unearthed the latest attack scenarios that hackers use to infiltrate corporate networks. But contrary to the hopes of misguided potential victims, no silver bullet or software guarantee will completely protect them.

RSA Conference (RSAC) presenters focused on increasing demand for implementing the zero-trust philosophy. Presenters urged network managers to educate their employees about digital identity proofing. This includes securing the data points needed to practically spread digital ID proofing solutions.

Another major cause of network breaches is organizations integrating their on-premises environments into their cloud environments. This makes the cloud prone to various on-premise generated attacks.

“The RSA Conference plays a vital role in bringing the cyber security industry closer together. As cyber attacks grow in frequency and sophistication, it is imperative that public and private sector practitioners and experts are able to address today’s greatest challenges. Be called upon to hear unique perspectives to help,” commented RSA Conference Vice President Linda Gray Martin.

RSAC provides a year-round platform for the community to engage with, learn from and access cyber security content. That process is available online and at in-person events.

According to the RSAC, better cyber security will come only with a greater focus on threat hunting activities along with authentication, identity and access management.

head in charge

RSA Federal President Kevin Orr oversees the deployment of security, specifically identity access management tools, for federal and commercial customers. His company has its roots in the early days of cybersecurity security.

At this year’s RSA conference and related Public Sector Day, he had the opportunity to speak with leaders in the government and enterprise cybersecurity sector. He discussed his comments on the state of cyber security with TechNewsWorld.

RSA Federal is an identity and access management (IAM) solutions firm that began as a cybersecurity section within Dell Computer Company. Today, it has contracts with some of the most security-sensitive organizations in the world.

Important among the tech firm now known as RSA Federal LLC and the name of one of the leading encryption technology algorithms. RSA provides security services and solutions to customers throughout the federal public sector ecosystem.

RSA is a public-key encryption technology developed by RSA Data Security, which was founded in 1982 to commercialize the technology. The acronym Rivest stands for Shamir and Edelman, the three MIT cryptographers who developed RSA public key cryptography.

long-standing convention roots

A series of RSA company sales have positioned it to capitalize on a growing need for cybersecurity specialists. Security Dynamics bought the company in 1982. Dell later acquired RSA from EMC in 2006. A consortium of private equity investors led by Symphony Technology Group bought RSA from Dell in 2020.

The sales reflected both RSA’s and Dell’s corporate strategies. This allowed RSA to focus on security-first organizations, while Dell pursued its product strategy, according to Orr.

The annual RSAC event is an important gathering for the computer security community. It is considered the world’s leading information security conference and exhibition. Originally scheduled for February 7–10, world events led to it being rescheduled for June 6–9 at The Moscone Center in San Francisco.

RSA Federal is not a conference sponsor. However, its representatives participate in panels, showcases and speeches throughout the event.

This year’s 31st annual conference was the first to be held as a standalone, independent business since the investment from Crosspoint Capital Partners in March. The event was attended by over 26,000 attendees, including over 26,000 speakers, 400 exhibitors and over 400 members of the media.

notable takeaway

According to Orr, the biggest takeaways for cybersecurity were placed in key addresses. Security was impacted by a rapid digital transformation.

This change happened rapidly due to the pandemic. This forced it to accelerate partnerships with people working away from home.

The disruption of change in the physical world is now creating a digital ripple across the entire supply chain. Better supply chain security is needed to prevent tampering within its technology.

“Another major theme was the role played by massive propaganda. We are in a hyper-connected world. The propaganda blurs how people separate fact from fiction,” Orr said. This continues to influence the use of technology.

Perhaps one of the most damaging effects is a lack of deteriorating talent. He said that not enough people are skilled to deal with cyber security threats and what needs to be done within the cyber security domain.

Attacks are on the rise now with many different factors. In a previous world, we were all sitting behind a firewall in a corporation, Orr noted. Security teams can keep tabs on the good guys and the bad guys, except maybe insiders.

“The firewalls disappeared as soon as we went mobile from the pandemic. Your personal limit of security has disappeared. Some of that boundary needs to be built around identity,” he urged.

Identity border protection

From Orr’s catbird seat in the world of cybersecurity, he sees how preventing identity breaches is now necessary. Organizations must know who is connecting to their network. Security teams need to know what the detection does, where they are in the network, and what access they should have to see. In this globalized world, those derailments really changed things.

“The attack vectors also became realised. The attack vectors have really changed,” Orr said.

Network managers must now look at the danger areas and figure out how and where to spend the money. They also need to learn the techniques available and more importantly know that the attack surface is large.

“That means they need additional sets of people or different sets of skills to come across these open issues and address them,” Orr said.

Those decisions also include ROI factors. He further added that what is really driving the security question is that generally a corporate expense should have a return on investment.

Ransomware Gone Rogue

The rise of ransomware attacks sucks money from businesses. Initially the strategy was not to pay the ransom demand. From Orr’s point of view the better strategy now depends on the circumstances.

Either way, the victims of the ransom pay and hope for the best. Or they refuse to pay and still hope for the best. There must be a plan for the worst in the game.

“I think it is a personal decision depending on the situation. Now one size does not fit all. You have to see what the bad guys have and what they value. The big question is how to stop it from happening all the time,” he said.

lack of software options

The cyber security industry is not only facing a shortage of talent. Advanced equipment may be lacking.

“I think there’s a lot of basic technologies. I’ll start with the stuff first. Take a look at the truth. For some types of organizations cybersecurity products aren’t really something you can buy. First Step Click on Phishing Attempts Have to learn not to do,” Orr advised.

The solution starts with education. Then it continues with placing some parameters. Determine what your most valuable data is. Next research how to keep it safe. How do you monitor it?

“Cyber ​​security is really a layered approach,” Orr warned.

never trust, always challenge

That was a big topic of the security conference, he continued. Part of the big change is not being able to trust network visitors.

“It was the kind of thing that has really changed now, not to be trusted. There is always the essential approach to verify. Now you are looking at things differently,” he observed.

We are making good progress. The difference is that we are now preparing for a cyberattack, he concluded.

Misconceptions about embedded SIM cards (eSIM) for IoT are preventing companies from adopting this new technology. This is harmful, as eSIM patching is critical to successful secure IoT deployment.

eSIMs are slowly replacing standard SIMs in IoT devices and products such as smartwatches. They are also making their way into the machine-to-machine world.

However, the rollout has been slowed by unresolved conflicts between competing technical standards and tighter restrictions on data management rules globally. Despite the need for better IoT device security, removing barriers to adoption is less than likely any time soon.

Machine-to-machine, or M2M, is a broad label that can be used to describe any technology that enables network devices to exchange information and take actions without the manual assistance of humans. .

controversial technology

Mostly led by the automotive and transportation industries, eSIMS also contributes to tracking operations in healthcare, smart mobility, utilities and other sectors. But eSIM technology remains controversial so far, noted Noam Lando, CEO and co-founder of global connectivity provider Webbing.

Webbing provides enterprise-grade solutions for Fortune 500 and IoT/M2M companies, as well as an embedded solution for a variety of manufacturers worldwide. The deployment is part of a phased process to ensure a secure and continuous Internet connection for all devices, no matter where in the world they are.

Lando said that “eSIM technology is a game-changer in telecommunications. It completely digitizes the cellular subscription provisioning process. As with any technology that is disruptive, it is important to better understand its benefits, clear up misconceptions, and help with IoT usage.” There are a lot of debates and discussions around it for its effect on expediting matters.”

Why all the commotion?

We asked Lando to go down the circuit boards to find out why eSIM technology is causing such an industry-wide uproar.

TechNewsWorld: Is the technology upgraded in eSIMS worth the current turmoil?

Noam Lando: eSIM technology promises cost-effective connectivity establishment and maintenance that is accessible anywhere in the world, regardless of device manufacturing or deployment as well as ultimate control. With the promise of eSIM technology, enterprises can scale their IoT deployments globally, reducing total ownership and business process management costs and shortening time to market.

This generates a lot of hype, especially when you have device makers like Apple, Microsoft, and Google that have eSIM as a standard feature in their new devices.

I understand a “BUT” here. It always takes BUT in the works. So what is the big but around eSIM development?

Lando: However, when companies look deeper into implementing eSIM technology, they realize that there are two standards: consumer and machine-to-machine (M2M). They are not sure which standard to use and often feel that the implementation of eSIM technology is not as easy for their IoT devices as it is for smartphones, laptops and tablets.

Therefore, there is a lot of discussion about the two standards and their pros and cons, especially around M2M.

What are the drawbacks of standard sim?

Lando: For traditional SIM cards, carrier provisioning is done at the manufacturing level. They can only host one profile and are not reprogrammable. That’s why you need a new SIM when switching cellular providers. It is not ideal for IoT deployment. Especially the global ones.

Noam Lando, CEO and Co-Founder of Webbing
Noam Lando, CEO of Webbing

Once the SIM is implemented, you have vendor lock-in. With thousands and even millions of devices in IoT deployments, it is impractical to change SIM cards when you want to change wireless carriers. This requires site visits, and it can be physically difficult to access the card.

In addition, issues complying with the global trend to impose regulatory requirements on communication services and data management. These include restrictions on data leaving countries and global enterprises requiring localized deployment with local wireless carriers.

This requires the storage, management and deployment of multiple wireless carrier-specific product SKUs that increase production and logistics costs.

The attraction towards eSIM seems to be evident. What are the main benefits?

Lando: eSIM technology provides a robust, scalable solution to the limitations of traditional SIMs. What makes eSIM unique is the technological advancement made in UICC, the SIM’s software, now called eUICC.

That new technology follows a new standard developed by GSMA. It is remotely programmable and reprogrammable, can host multiple cellular carrier subscriptions, and simplifies the selection, contracting, and onboarding of cellular providers with over-the-air (OTA) provision.

I think another but works here. What are the unresolved issues with eSIM replacement?

Lando: Consumer and M2M are implemented differently. Consumer Standard targets consumer devices such as mobile phones, tablets and laptops, wearables, and other IoT devices with end-user interactive environments. It is secure by design, can host multiple wireless carrier profiles, and features carrier swap. However, it is designed for private consumer use.

How suitable are eSIMs for other uses?

Lando: The M2M standard targets industrial M2M and IoT devices such as cars, water meters, trackers, smart factories, and other components used in industrial, non-end-user interactive environments.

The M2M eSIM standard is also secure by design. It facilitates carrier migration and, in theory, provides remote centralized management and provision of carrier profiles. However, it is not as cut and dry as it seems.

That said, why isn’t the upgrade so promising yet?

Lando: M2M eSIM implementation is cumbersome, time consuming, and has long capital investment cycles. Implementing this requires collaboration between the enterprise, eSIM manufacturers and wireless carriers during the manufacturing process.

What are the biggest misconceptions about eSIM for IoT?

Lando: The biggest misconception about eSIM for IoT is that the benefits it provides to consumer devices can be implemented on IoT. Enterprises quickly realize that they have to implement a separate standard for IoT/M2M, which requires SM-DP (Subscription Manager – Data Preparation) and SM-SR (Subscription Manager – Data Preparation) to provision and manage carrier subscriptions remotely. Subscription Manager – Secure Routing). The M2M standard is cumbersome, requiring a substantial investment of money and time to organize the implementation of a wireless carrier.

Where do you see the fight between competing standards headed?

Lando: When looking at mobile data connectivity, there is no big difference between M2M and IoT device requirements when it comes to remote SIM provisioning. If anything, the benefits of eSIM (eUICC) technology are greater for M2M devices as they usually have a longer life cycle, and the demand for changing carriers at some point is high.

This can be for commercial or technical reasons. Hence, M2M devices are also likely to get eSIM instead of standard SIM.

Developers support eSIM to solve IoT and embedded firmware patch issues. eSIM hardware and eUICC components are certified in accordance with GSMA’s Security Accreditation Scheme (SAS). This guarantees a very high level of security. In addition, cellular connectivity is secure by design: data is encrypted, and users are securely identified.

What are the most important problems facing IoT and embedded technologies?

Lando: One of the most important problems facing IoT deployments is dealing with carrier lock-in and various global regulatory requirements. In such cases, enterprises require local deployment and local wireless carriers. Enterprises with global deployments need the flexibility to easily and efficiently change carriers to meet local regulations.

Why are companies not actively adopting eSIM technology?

Lando: From our experience, companies want the promise of eSIM technology, but the current ecosystem fails to provide it. The two eSIM standards disregard the need for enterprises to manage their own fleet of devices.

On the one hand, enterprise-based devices such as mobile phones, laptops, tablets, scanners, and so on are covered under the consumer standard. Hence companies do not have complete control over setting up and managing career profiles with centralized eSIM management. The consumer standard requires the end user with the device to consent to the carrier profile being installed.

Meanwhile, the M2M standards for IoT deployments are cumbersome. They require a substantial investment of money and time to organize the implementation of wireless carriers.

It also limits the choice of customers due to a complex implementation to switch between carriers.

This is why we have developed WebbingCTRL, an eSIM, with a management platform that can be easily and remotely configured as the profile of any wireless carrier, paving the way for the adoption of eSIM technology in the IoT space. does.

Scalable cloud-based solutions are widely popular among IT professionals these days. The cost, convenience and reliability of ready-to-use software as a service make this disruptive technology a favorable choice.

Still, the market needs some reassurance that backing up to the cloud is a smart and secure thing to do, as suggested by Paul Evans, CEO of UK-headquartered data management provider RedStore.

Redstor has over 40,000 customers globally, over 400 partners, and over 100 million restores a year. Last month in London, RedStore was named Hosted Cloud Vendor of the Year at the 2022 Technology Reseller Awards.

“Companies should not only say goodbye to on-premises boxes, they should celebrate because their removal reduces the risk of ransomware or the effects of fire or flooding in the data center,” Evans told TechNewsWorld.

SaaS is a software delivery model that provides great agility and cost-effectiveness for companies. This makes it a reliable choice for many business models and industries. It is also popular among businesses due to its simplicity, user accessibility, security and wide connectivity.

According to Evans, SaaS trends are disrupting the industry this year. Spiceworks Jiff Davis predicts that next year half of all workloads will be in the cloud.

Many organizations are undertaking cloud-first migration projects. Of particular interest are hard-hit businesses that are looking for infrastructure through operational excellence (OpEx) models and frameworks to avoid huge upfront investments.

“Data will become increasingly cloud-native in the coming year, especially with the continued growth of Kubernetes, Microsoft 365, Google Workspace and Salesforce,” he said.

Danger Landscape Driving Factor

Grand View Research recently reported that the global managed services market, which was valued at US$ 239.71 billion in 2021, is expected to grow at a compound annual growth rate (CAGR) of 13.4 percent from this year to 2030. Many Managed Service Providers (MSPs) are looking to become more service driven.

At the same time, value-added resellers are looking to become cloud service providers. Evans said other distributors are trying to figure out which way they might be the best fit.

“The backdrop of this is a threat landscape that has changed dramatically, especially after Russia’s invasion of Ukraine. State-sponsored malware and cyber warfare are coming to the fore in opposition to renegade shrewd criminals,” he said. .

US President Joe Biden has called for the private sector to step in and close its “digital doors” to protect critical infrastructure. Sir Jeremy Fleming, director of the UK’s intelligence, cyber and security agency GCHQ, warned that the Russian regime is identifying institutions and organizations to bring down, making it only a matter of time before the attacks come.

“Threats are not only increasing in scale and complexity. The range of ransomware attacks makes it abundantly clear that companies of all shapes and sizes will increasingly become targets. As a result, we will see more businesses increase their IT, cyber security and compliance Enlisting MSPs to run the programs,” predicted Evans.

During our conversation, I discussed further with Evans how RedStore and other providers can strengthen digital security.

TechNewsWorld: What’s unique about Redstor technology compared to other solutions for data management and disaster recovery?

Paul Evans: Our approach focuses on the concerns of businesses regarding their risk position, resource constraints and profitability challenges while IT skills are lacking. Redstor offers what we believe is the smartest and simplest backup platform for MSP.

One factor is the ease associated with onboarding. With three clicks and a password, users are up and running and can scale easily. In addition, it requires lightweight support for multiple data connectors and is purpose-built from the ground up for MSPs that manage multiple accounts.

It’s not a monster of some Frankenstein’s hastily achieved solutions bolted together.

What makes Redstor’s platform technically smart?

Evans: Whether MSPs are protecting data on-premises or in the cloud – Microsoft 365, Google Workspace, or cloud-native Kubernetes – they can do it easily and all with one app. By being able to span the on-premises cloud and SaaS worlds from a single location, rather than moving to several different interfaces, MSPs save time and money.

Redstor is smart because we enable user-driven recovery by streaming backup data on demand, so organizations have everything they need to get straight up and running in the event of data loss.

You don’t need to mirror everything, copy everything, or recover everything before it starts working again. During an outage, InstantData technology restores critical data back in seconds, while less critical recovery continues in the background.

This platform is also smart because it offers more than just backup. You also get archive and disaster recovery with high-end search and insights – all from one app.

Redstor is influenced by AI, and our machine learning model automatically detects and isolates suspicious files in backups so that they can be removed for malware-free recovery. MSP can do data classification with tagging. In the future, we will introduce anomaly detection.

How do cloud-based SaaS data protection and recovery systems compare to other solutions?

Evans: Organizations find that they need multiple boxes onsite to quickly pull data down to get a faster experience with the cloud. But on-premises Frankenstein solutions, coupled with technology from multiple acquisitions, aren’t going to meet today’s challenges.

Paul Evans, Redstor .  CEO of
Redstore CEO Paul Evans

Also, with hardware, there can be supply-chain issues and the lack of critical components such as semiconductors. Moving your data security to the cloud eliminates both these issues and the responsibility rests entirely on the MSP.

Without cloud-based security, you lack the best means of securing data. SaaS security is constantly updated and built in. Free updates are provided on a regular release cycle to keep customers ahead of the risks. MSP ensures reliable and secure connectors for many sources and popular applications now and in the future.

Also, storing backups securely in geographically separated data centers creates an air gap between live data and backups to enhance security.

What is driving the popularity of SaaS data protection?

Evans: The most important reason was when being onsite became problematic during the pandemic. Those with hardware-connected data security faced challenges fixing and swapping out the box. Many organizations also do not want boxes onsite because they are hard to come by because of supply-chain issues. Furthermore, the devices are known to be ransomware magnets.

SaaS overcomes these issues and more. MSPs are open to data portability requests and enable tools and services designed for today’s challenges. They can also complete the services digitally and distributors appreciate the value of SaaS made to channel supplied through online marketplaces.

Most SaaS applications now stress the need for a separate backup. More people are realizing that just because you have Microsoft doesn’t mean you can’t be compromised. You may have an internal user that destroys the data, or you may not have enough retention. Backing up SaaS applications is now the fastest growing part of our business.

What should an MSP look for from a vendor besides good technical support?

Evans: Technology built for MSPs should be partner-friendly from the start and include deep sales and marketing support. It should offer attractive margins with clear, transparent pricing so that MSPs can easily sell services.

The software should rapidly enhance data security, and by the end of the first negotiation, MSPs should be able to offer a proof of concept by deploying backups and performing rapid recovery to close deals faster.

Vendors are required to provide MSPs with the ability to purchase whatever they need from a single source, whether it’s protection for a Kubernetes environment, malware detection for backup, or data classification.

The key is also an interface to eliminate the complexity of switching between different solutions and consoles. Plus, having the ability to view and manage data from a single interface saves valuable time.

A vendor’s platform should be designed for multi-tenancy and provide a high-level view of MSP’s own usage and customer consumption. It also requires that the types of data protected and where it resides. The vendor must have a history of using new advances, particularly AI, to detect and remove malware, data classification and cyberattack predictions.

How should businesses assess seller suitability?

Evans: Many vendors make a bold claim to be the best solution to the challenges in the market. MSPs should receive direct feedback from their peers and adequately field-test the solutions.

Top 20 Backup Software, Top 20 . Check the rankings for the G2 lists online backup software, and other user-supported reviews. Focus on reports based on user satisfaction and review data. For example, Redstor ranks first with the G2.

Also look for vendors that provide a clear road map of future growth that the MSP should be able to influence. Lastly, MSPs should focus on smart solutions that provide simplified security.