Made with FlowPaper - Flipbook Maker
< Previous10 With Keeper, each employee receives a private, encrypted digital vault that they can access from any device using one master password—the only password the employee will ever have to remember. Keeper generates strong, unique passwords for every account and automatically fills in login fields on websites and apps. “With Keeper, employees no longer have any reason to reuse passwords or use weak passwords, and IT administrators have the visibility they need to ensure compliance with the rules,” begins Darren Guccione, CEO & Co- Founder, Keeper Security. In a nutshell, Keeper provides security solutions for consumers, businesses of all sizes, managed service providers (MSPs), government agencies, and nonprofit organizations. Additionally, Keeper is currently listed on the FedRAMP Marketplace and is SOC-2 (Type 1 and 2) and ISO 27001 Certified, and listed for use by the federal government through the System for Award Management (SAM). Safety at its Peak For enhanced protection, organizations can deploy valuable add-ons such as Keeper Secure File Storage, which enables employees to securely store and share documents, images, videos, and even digital certificates and SSH keys, and BreachWatch, which scans Dark Web forums and notifies IT administrators if any employee passwords have been compromised in a public data breach. Organizations that use single sign-on (SSO) solutions can use Keeper SSO Connect to bridge SSO security gaps and extend their SSO deployment with Keeper’s end-to-end password management and security. Keeper SSO Connect is a fully managed, SAML 2.0 SaaS solution that can be deployed on any instance or in any Windows, Mac OS, or Linux environment, in the cloud or on-prem. It easily and seamlessly integrates with all popular SSO IdP platforms, including Microsoft 365, Azure, ADFS, Okta, Ping, JumpCloud, Centrify, OneLogin, and F5 BIG-IP APM. “Keeper is a modern zero- trust platform that provisions within a few hours, is easy to manage and scales to meet the cybersecurity needs of any organization - regardless of its size or industry,” says Guccione. What makes the company stand out is its zero-knowledge architecture—a security model that utilizes a unique encryption and data segregation framework that protects against remote data breaches. IT service providers that use a zero-knowledge framework are prevented from having any knowledge as to what is stored on their servers. As Guccione puts it in Keeper’s case, “We embed zero-trust as the foundation with a zero-knowledge security architecture. This prevents knowledge of or access to a user’s master passwords, secrets and encryption keys by us or a third-party. All encryption and decryption of data is performed at the client level.” The Modern Cybersecurity Strategy To protect passwords and files, Keeper uses PBKDF2 to derive authentication keys based on the user’s Master Password, then generates individual record-level AES-256 encryption keys locally on the device to encrypt each stored record. Keeper’s cloud only holds the encrypted ciphertext of each file. Sharing between users is performed using PKI to ensure that only the recipient of a shared file can decrypt it. Keeper also securely manages the lifecycle of privileged account credentials with role-based access control (RBAC) and controlled credential sharing. Further, businesses can choose to add single sign-on (SAML 2.0) authentication, automated team management, advanced two- factor authentication, (DUO & RSA), Active Directory and LDAP sync, SCIM and Azure AD provisioning, email auto-provisioning, command line provisioning, and developer APIs for password rotation and backend integration. While explaining the value proposition of Keeper’s cutting-edge solutions, Guccione recalls an instance when they assisted DefenTec to defend its clients’ systems from cyberattacks. As a managed security services provider (MSSP), password management is DefenTec’s top security priority, both internally and when securing clients’ systems. Because MSPs/ MSSPs manage other companies’ IT systems, they have unique password management needs themselves. In addition to all of DefenTec’s internal passwords, they needed to keep track of and secure all of their clients’ passwords as well. DefenTec’s team struggled to find a platform that could house all of their data, and sometimes, it was spread across three different platforms. They needed the ability to manage all of the client information from one dashboard. DefenTec was able to solve this issue with Keeper. In addition to using Keeper internally, DefenTec offers it as a managed service to their clients. Keeper’s security audit score provides clients with a visualization that helps them understand the With Keeper, employees no longer have any reason to reuse passwords or use weak passwords, and IT administrators have the visibility they need to ensure compliance with the rules11 importance of password hygiene to their overall cybersecurity. In addition to helping DefenTec improve internal efficiency and keep its clients secure, KeeperMSP provides an additional revenue stream, with the company able to mark up each subscription it sells to its clients. The Ransomware Impact Report With a vision to create a clear picture of ransomware and how it is impacting businesses and individuals, the company released ‘The 2021 Keeper Ransomware Impact Report,’ which surveyed 2,000 employees across the U.S. whose employers had suffered a ransomware attack in the previous 12 months. According to the research report, 29% of employees didn’t know what ransomware was before their organizations were attacked. Phishing emails caused 42% of ransomware attacks, malicious websites accounted for another 23% and compromised passwords caused 21%. A whopping 49 percent of respondents told Keeper that their employers paid the ransom, but 93 percent also reported that their employers tightened budgets in other areas following the ransom payment. Meanwhile, 77percent of respondents were temporarily unable to access systems or networks post-attack. 83percent said that their organizations installed new software or made other major updates post-attack, such as migrating some assets to the cloud. 71 percent of respondents said that these updates were inconvenient or disrupted productivity. This report signifies only the tip of an iceberg. With its advanced technology, Keeper protects thousands of businesses across the globe from such critical security threats. Building the Futuristic Cybersecurity Founded in 2011 by Darren Guccione and Craig Lurey, CTO & Co-founder, Keeper is the market- leading, top-rated cybersecurity platform for preventing password-related data breaches and cyberthreats. Millions of people and thousands of businesses across the globe trust Keeper to mitigate the risk of cyberattacks, boost employee productivity and meet compliance standards. Under the leadership of Guccione and Lurey, Keeper is launching new, modern applications to further enhance Keeper’s ubiquitous cybersecurity platform against the most common attack vectors. “We’re also making significant investments to protect the U.S. Public Sector in support of the recent White House Executive Order mandating greater cybersecurity protection in the sector,” concludes Guccione. ARE YOU WATCHING CLOSELY??AuthenticID provides identity proofing solutions to leading enterprises, including some of the country’s largest telecom carriers and financial institutions. AuthenticID’s disruptive and cutting- edge, AI-driven solution quickly, accurately, and securely reproduces real-world identity verification so that companies can be assured of who they are conducting business with. J ust like cyber security is implemented in every aspect of a company, when used in GRC, it solidifies a company's security posture. It raises awareness of the potential for a data incident and its impact on an organization. There is a multitude of established regulatory compliance frameworks that can help an organization tie its processes to established industry requirements, specifications, and government legislation. CISOs and other cyber security professionals need to determine their organization-specific needs to match them to the appropriate framework. Today, there are indeed no unregulated industries, but there are under-regulated industries. Therefore, cybersecurity leaders must treat compliance as a business opportunity rather than an obligation. It means turning compliance into a competitive advantage and staying one step ahead of industry competition before under-regulated industries are regulated. Cybersecurity directors can help comply with current industry guidelines that are under-regulated by complying with the framework. The result is cost reduction of the future compliance work because companies will already prepare themselves to withstand. And once the regulations are in action, there will be no such financial burden. Better late than never, these actions - if done correctly - go long to save you from operation overheads as well. The "Top 10 Cybersecurity Solution Providers" for GRC features players that help companies demonstrate innate transparency. These game-changers are famous for their third-eye-like perfection in conducting compliance and security assessment of an organization. They specialize in suggesting mitigations without bias. So that you can prioritize your GRC requirements besides saving your business from any unwanted actors - all this with a central layer of control. Founded in 1997, Cimcor is an industry leader in developing innovative security, integrity, and compliance software solutions. The firm is on the front lines of global corporate, government and military initiatives to protect critical IT infrastructure and has consistently brought IT integrity innovations to market. Blair Cohen, Founder Management Location Website authenticid.com Seattle, WA Robert Johnson President & CEO Management Location Website cimcor.com Merrillville, IN14 Cylera is the leading edge in IoT and medical device security, with enhanced intelligence. They deliver richer data, stronger security and faster reaction times in order to safeguard what matters most: people, data and privacy. Unlike others who use “first-generation” approaches that fall short, Cylera’s Platform is next-generation, patented technology, with a unique digital twin method that has zero disruption and can assess true risk within a healthcare and clinical workflow context. Digital Edge provides the most advanced, stable, secure, efficient and compliant services to clients operating Enterprise Class IT systems. FusionAuth is a single-tenant CIAM solution that deploys on-premises, in your private cloud, or on our fully- managed FusionAuth Cloud. Their JSON REST API provides advanced identity management that is easy for developers to deploy and implement on any platform or framework. Keeper is the top-rated personal and business password manager for protection from password-related data breaches and cyberthreats. Timur Ozekcin Co-Founder & CEO Management Location Website cylera.com New York, NY Michael Petrov Founder & CEO Management Location Website digitaledge.net Staten Island, NY Brian Pontarelli CEO Management Location Website fusionauth.io Denver, CO Darren Guccione, Co-Founder & CEO Craig Lurey, Co-Founder & CTO Management Location Website keepersecurity.com Chicago, IL15 McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. McAfee’s historical accomplishments are founded upon decades of threat and vulnerability research, product innovation, practical application and a brand which individuals, organizations and governments have come to trust. Riverbed enables organizations to maximize performance and visibility for networks and applications, so they can overcome complexity and fully capitalize on their digital and cloud investments. Fortune 1000 companies turn to Skybox Security because its platform provides a holistic view of complex, hybrid environments and the insights needed to protect the modern enterprise. Skybox is the only platform that collectively visualizes and analyzes hybrid and multi- cloud networks, providing full context and understanding of the attack surface. Neustar is an information services and technology company and a leader in identity resolution providing the data and technology that enables trusted connections between companies and people at the moments that matter most. Peter Leav President & CEO Management Location Website mcafee.com Santa Clara, CA Charles E. Gottdiener President & CEO Management Location Website home.neustar Reston, VA Dan Smoot CEO Management Location Website riverbed.com San Francisco, CA Gidi Cohen CEO & Founder Management Location Website skyboxsecurity.com San Jose, CAAUTHENTICID Developing Airtight Identity Verification T oday, many organizations are faced with the challenge of providing their employees with the right level of access to the right resources at the right time. Moreover, with advances in modern technology, stealing passwords and hacking into networks is easier than ever. If data is not on a completely private server, a breach anywhere on the server could compromise everyone’s data. An innovative solution provider that deals with such issues are AuthenticID—a company that provides identity proofing solutions to leading enterprises, including some of the country’s largest telecom carriers and financial institutions. AuthenticID’s disruptive and cutting-edge, AI-driven solution quickly, accurately, and securely reproduces real-world identity verification so that companies can be assured of who they are conducting business with, strengthen underwriting, reduce the losses associated with fraud, and streamline onerous customer onboarding procedures, leading to higher conversion rates. This system uses cutting edge fused machine learning algorithms and AI leveraging neural networks and state-of-the-art computer vision to identify a person. If a photo and face don’t match, if an ID is a fake, or if a name OR a face has been associated with suspicious activity, the solution tracks it in an instance. The company’s solutions are carefully crafted to help clients attain nearly 100% accurate decisions. It can verify that submitted identification is accurate, has not been tampered with, and is checked for liveness via selfie. Moreover, it plays a key role in building trust, reduce abandonment rates and increase sales. Unlike other solutions that rely upon time-intensive, inaccurate manual processes, AuthenticID delivers verification in mere seconds without the risk of human error. This kind of a unique solution enables to tailor any verification process to enterprise-grade specified risk tolerances with a patented suite of technologies. While the world is going mobile, AuthenticID has also adopted the new trend. To authenticate, all that is needed is a mobile device, a government-issued ID, and a selfie. The AuthenticID’s disruptive and cutting-edge, AI-driven solution quickly, accurately, and securely reproduces real-world identity verification so that companies can be assured of who they are conducting business with Blair Cohen, Founder17 advanced machine-learning SaaS platform immediately determines if people are who they say they are. This enables businesses to sipategn on new customers, partners, and employees instantly while avoiding bad actors. Moreover, AuthenticID is very selective in who they work with. Due to the highly sensitive nature of the company’s work — and the extreme toll that they take upon organized-crime-sponsored fraud— the company operates under the radar with the utmost discretion. AuthenticID clients enjoy an average ROI of 1,000- to-1 and hundreds of millions of dollars in fraud loss savings per company. “Our differentiator is the significant ROI we deliver to customers, from stopping more fraud to converting more sales than our digital identity competitors. Our mission is to improve the security for all of our collective identities,” says Jeff S. Jani, CEO, AuthenticID. AuthenticID provides security solutions across a wide variety of businesses including e-commerce & retail, education, financial services, gaming, government, healthcare and travel. When a client partner with AuthenticID, they’ll be joining a who’s-who of customers and partners with substantial influence. This includes a majority of the world’s leading identity verification, monitoring and protection companies, a majority of the top U.S. telecommunications companies, global banks and some of the leading credit bereaus. Under the leadership of Blair Cohen, Founder, and Jani, AuthenticID is creating an impact in the identity management space today. Partnering with AuthenticID allows businesses to bolster their team with experts who have formerly worked for eight of the world’s top security agencies and criminal acquisition systems. As crime syndicates rely upon stealth, ingenuity, and new tactics applied at extreme velocities. AuthenticID continually stays ahead of these forces using the same strategies. The result does more than infuriate organized crime, it convinces criminals to move on to softer targets and often results in arrests. As part of the company’s evolution plan, they recently closed a $100 million minority investment from Long Ridge Equity Partners, a technology-focused growth equity firm. The investment will support AuthenticID’s continued expansion within telecommunications, financial services, government, and other consumer segments looking to establish trust and mitigate fraud, as well as enable AuthenticID to support the next generation of digital identity platforms. “This investment marks a significant milestone in AuthenticID’s growth and will drive research and development activities that will take the Company to the next level,” concludes Cohen. Our differentiator is the significant ROI we deliver to customers, from stopping more fraud to converting more sales than our digital identity competitors. Our mission is to improve the security for all of our collective identities Jeff S. Jani, CEO18 Dan Nickolaisen is an information security professional who has served in systems engineering and security consulting roles for nearly a decade. His past includes time at Proofpoint, serving as both a systems engineer and technical lead for Proofpoint’s competitive intelligence organization. Following his time at Proofpoint, Dan joined Sirius Computer Solutions, a Managed Services Provider and Value Added Reseller, where he consulted customers across security domains, with a heavy emphasis on email and cloud security. Dan currently works at Abnormal Security as a Senior Systems Engineer, working with organizations of all sizes to address email and cloud security risks through behavioral data science. By Dan Nickolaisen Senior Sales Engineer at Abnormal Security 3 RD PARTY RISK MANAGEMENT STRATEGIES WITH BEHAVIORAL EMAIL THREAT DETECTION Insights19 T oday’s security landscape is drastically different than it was 5 years ago. The majority of IT services have been or are migrating to the cloud and an increasing number of employment positions are remote, even without considering the effects of COVID-19 and its variants. With this shift in service delivery and employment location, your perimeter has also shifted from an on-premises network with a defined perimeter, protected by a suite of controls; to your people and your ecosystem of customers, suppliers and partners (third parties). Again, your people and the external entities with whom you interact are your perimeter. Focusing in on your third parties; Many organizations have built or are currently building robust third party risk management programs that cover the following areas: • Security Risk • Operational Risk • Legal, Regulatory and Compliance Risk • Reputational Risk • Financial Risk • Strategic Risk Security specifically addresses loss attributed to data breaches, often in the following ways: • Ensuring that third parties have appropriate technical and operational controls via vendor questionnaires and regular auditing. • This will address data collection, processing, encryption, third party security stack, etc. • Ensuring that third parties are addressing email spoofing and domain abuse via implementation of SPF, DKIM and DMARC. • Ensuring that third parties are taking steps to reduce data exposure and man-in-the-middle attacks via SSL encryption, running up-to- date and patched software, and ensuring that only necessary ports are open and only accept port-appropriate traffic. These risk identification and management techniques are typically delivered through vendors dedicated to profiling third parties, identifying their security maturity and overall risk, that is represented by some sort of risk score. While these three general inspection areas are a great start, the ever-increasing threat posed by compromised third parties is not something that can be addressed by simply scanning their infrastructure for known vulnerabilities, assessing the state of their certificates, or ensuring that they have deployed DMARC in p=reject. The next evolution of third party risk management should include deep insight into the most active threat vector - email. Third party risk management needs greater insight into email threats that originate from compromised third parties, or impersonate the same. In the below example, we have an email originating from a legitimate third party account, which has been compromised, and is now being used to send credential phishing emails, which are masquerading as a PO and eFax: Message Context: • Comes from a known external domain (good reputation) • Comes from an unknown sender at that external domain (still good reputation) • Sending infrastructure is O365 (good reputation) • SPF and DKIM pass, while there is no DMARC record published for this domain There are no hits on this third party organization via normal risk indicators, outside of the fact there is no DMARC record published for this domain. The traditional method of assessing third party risk via email authentication does not account for email content or email intent. Email threats sent from compromised accounts will still show as successful messages from the point of view of SPF, DKIM and DMARC. A strong ability to identify email threats, especially when such originate from compromised or impersonated third parties, offers deep insight into third party risk that is not present in today’s programs. This insight will not only reduce risk for the organization as a whole, but also better-identify third parties who have suffered a compromise, even if said third parties are not yet aware of it, or an account compromise did not lead to data access and exfiltration that normally result in a broad disclosure. Ultimately, detecting these types of threats consistently, while providing insight into the compromised third party, will improve your third party risk program and reduce risk across the organization. Next >