Zscaler has agreed to purchase a startup established by a former Proofpoint executive to help organizations thwart SaaS supply chain attacks. The proposed acquisition of Tel Aviv, Israel-based Canonic Security will help customers streamline SaaS application governance and enforcement.
In today's rapidly evolving threat landscape, cyber attacks are becoming more sophisticated, with spear phishing attacks now the most common way for cybercriminals to enter an organization. With the advent of new technologies like ChatGPT and Deepfakes, the situation is only getting worse. ChatGPT is being used to...
Ahead of RSA Conference 2023, Greg Day, a program committee member focusing on "hackers and threats," previews top themes at this year's event. Day, a member of the RSA Conference program committee, says one common theme is "old vulnerabilities and threat techniques being used in new environments."
The SEC has come out with a wide range of proposed rules covering topics such as climate risk disclosures, SPACs, and now cybersecurity disclosures. In the event of a cybersecurity breach under the SEC’s proposed four-day time limit for cybersecurity disclosures, there are certain steps that must take place between...
Healthcare entities and their vendors should be prepared to show evidence to regulators of how they've implemented "recognized security practices," or RSPs, says Robert Booker, chief strategy officer of HITRUST. "You've got to demonstrate that you align with a framework."
Organizations have struggled to understand why APIs are so strategic even though they're an intrinsic way businesses interface with their software, according to Checkmarx CEO Emmanuel Benzaquen. He says API abuse is slated to become one of the most common types of web application data breaches.
U.S. federal authorities are establishing a new office to tackle supply chain security issues and help industry partners put federal guidance and policies into practice. Former GSA administrator Shon Lyublanovits says she is spearheading the launch of the new organization.
The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and M&A, says CEO Peter McKay. Snyk has focused on bringing open-source security, container security, infrastructure- as-code security and cloud security together.
The guardrails organizations use to protect employee identities are often ineffective for contractors, business partners or vendors since they bring their own devices. Many businesses struggle to implement identity safeguards in a setting that's more heterogeneous and offers fewer controls.
The impact of a breach is rising which makes cybersecurity as a critical concern, and the CISOs are looking for a way to manage risk across millions of diverse, dynamic and distributed assets.
Unfortunately, most CISOs lack the tools to perform effective risk assessment and remediation. This forces CISOs to stitch...
Optiv has gone beyond examining log data and classic managed security services work to pursue threats across a broader swath of structured and unstructured data. The company has focused on finding threats outside of a log environment by examining system-to-system interfaces and transactional data.
BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, CEO Jim Rosenthal says. Existing supply chain tools tend to generate lots of risk information but then put the burden on the client to interact with suppliers.
Security ratings provide a strong indication of potential risk, but boards increasingly want to drill into the underlying risk factors, says CEO Steve Harvey. BitSight has invested in both workflows around third-party risk and research and identification of CVEs on behalf of government agencies.
Most organizations rely on third parties to provide important services and capabilities, often not realizing that third-party vendors are as vulnerable to advanced attacks as the organizations are. The increasing level of access and integration within host organization environments can present risks and potential new...