Jon Clay, VP of threat intelligence at Trend Micro: “The criminal underground is rapidly professionalizing – with groups beginning to mimic legitimate businesses that grow in complexity as their membership and revenue increases. However, larger cybercrime organizations can be harder to manage and have more ‘office politics,’ poor performers, and trust issues. This report highlights to investigators the importance of understanding the size of the criminal entities they’re dealing with.”

A typical large organization allocates 80% of its operating expenses to wages, with the figure similarly high (78%) for small criminal organizations and cybercrime groups, according to the report. Other common expenses include infrastructure (servers/routers/VPNs), virtual machines, and software.

The study outlined three types of organizations based on size, using examples where Trend Micro collected the most data from law enforcement and insider information.

• Typically, one management layer, 1-5 staff members, and under $500K in annual turnover.
• Their members often handle multiple tasks within the group and also have a day job on top of this work.
• Comprise the majority of criminal businesses, often partnering with other criminal entities.

• Typically have two management layers, 6-49 employees, and up to $50m in annual turnover.
• They usually have a pyramid-style hierarchical structure with a single person in charge.

• Typically have three management layers, 50+ staff, and $50m+ in annual turnover.
• Feature relatively large numbers of lower management and supervisors.
• Implement effective OPSEC and partner with other criminal organizations.
• Those in charge are seasoned cyber-criminals and hire multiple developers, administrators, and penetration testers – including short-term contractors.
• They may have corporate-like departments (e.g., IT, HR) and even run employee programs, such as performance reviews.

According to the report, knowing the size and complexity of a criminal organization and cybercrime groups can provide critical clues to investigators, such as what types of data to hunt for.

For example, larger criminal entities may store employee lists, financial statements, company guides/tutorials, M&A documents, employee crypto wallet details, and even shared calendars to probe.

Understanding the size of targeted criminal organizations can also allow law enforcers to prioritize better which groups should be pursued for maximum impact.

To read a full copy of the report, Inside the Halls of a Cybercrime Business, please visit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/inside-the-halls-of-a-cybercrime-business

Related News: 

Sophos Introduces New Endpoint Security Advancements

Netwrix Launches a New SaaS-based Solution for MSPs and Upgrades Product Portfolio

The post Trend Micro Report Shows Cybercrime Groups Resemble Legitimate Businesses appeared first on Digital IT News.

“I applaud that this consummate consortium of nonprofits has formed to actively protect us against security threats to our digital infrastructure and uphold our open internet, combining their knowledge, skills, and tools for the greatest effect,” said Govind Shivkumar, director of responsible technology at Omidyar Network.

Nonprofit Cyber will initially focus on two priorities: building awareness of the work of cybersecurity nonprofits globally and aligning their work to achieve the greatest effect. Envisioned as a “collaboration-of-equals,” each member organization has committed to work in coordination to better serve Internet users globally. Coalition members must be a 501(c)(3) or 501(c)(6) nonprofit if organized under U.S. law or hold an equivalent status if organized under the laws of another country. More information is available at the coalition’s website NonprofitCyber.org and on Twitter at @NonprofitCyber.

The twenty-two founding members of Nonprofit Cyber are the Anti-Phishing Working Group, the Center for Internet Security, the Center for Threat-Informed Defense, the Cloud Security Alliance, Consumer Reports, CREST International, the Cyber Defence Alliance, the CyberPeace Institute, the Cyber Readiness Institute, the Cyber Threat Alliance, the Cybercrime Support Network, the CyberGreen Institute, the FIDO Alliance, the Forum of Incident Response and Security Teams, the Global Cyber Alliance, the National Cyber Forensics and Training Alliance, the National Cybersecurity Alliance, the Open Web Application Security Project, SAFECode, the Shadowserver Foundation, Sightline Security, and #ShareTheMicInCyber. Tony Sager of CIS and Philip Reitinger of GCA will serve as co-chairs as the organization begins operations.

Nonprofit Cyber welcomes applications for new members that work to implement best practices and solutions at scale. Nonprofit Cyber is focused on these organizations, rather than lobbying or policy development and advocacy organizations, or industry associations.

Information on joining Nonprofit Cyber can be found at its website.

About the Nonprofit Cyber Founding Members

The Anti-Phishing Working Group (APWG) is the international coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors and NGO communities. Learn more at https://apwg.org.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. Learn more at https://cisecurity.org.

The Center for Threat-Informed Defense (CTID) is a non-profit, privately funded research and development organization whose mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Learn more at https://ctid.mitre-engenuity.org/.

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. Learn more at https://cloudsecurityalliance.org.

Consumer Reports (CR) is an independent, nonprofit member organization that works side by side with consumers for truth, transparency, and fairness in the marketplace. Learn more at https://www.consumerreports.org.

CREST International is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. Learn more at https://crest-approved.org.

The Cyber Defence Alliance (CDA) is a not for profit members organization based in London working on behalf of financial institutions to proactively share threat intelligence and expertise to prevent and disrupt cyber attacks, liaise with Law enforcement agencies to target cybercriminal networks and apprehend the most prolific offenders. The CDA works on a cross sector basis and with like minded organizations on an international basis to address the global threat from cybercrime. The CDA also provides a 24/7 incident response capability to support the member organizations and the UK Financial Services Cybercrime Collaboration Centre (FSCCC) during major cyber incidents.

The Cyber Readiness Institute (CRI) mission is to empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient. Learn more at https://cyberreadinessinstitute.org.

The Cyber Threat Alliance (CTA) is working to improve the cybersecurity of our global digital ecosystem by enabling near real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. Learn more at https://www.cyberthreatalliance.org.

The Cybercrime Support Network’s (CSN) mission is to serve individuals and small businesses impacted by cybercrime. Learn more at https://cybercrimesupport.org. ‘

The CyberGreen Institute (CyberGreen) is dedicated to mobilizing a global community of experts, business leaders, and policymakers to revolutionize cybersecurity through the development of a science of Internet Public Health. Learn more at https://www.cybergreen.net.

The CyberPeace Institute is a nongovernmental organization whose mission is to reduce the harms from cyberattacks on people’s lives worldwide, provide assistance to vulnerable communities and call for responsible cyber behaviour, accountability and cyberpeace. At the heart of the CyberPeace Institute’s efforts is the recognition that cyberspace is about people. Learn more at https://cyberpeaceinstitute.org

The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords. The FIDO Alliance promotes the development of, use of, and compliance with standards for authentication and device attestation. Learn more at https://fidoalliance.org/.

The Forum of Incident Response and Security Teams (FIRST) aspires to bring together incident response and security teams from every country across the world to ensure a safe internet for all. Learn more at https://www.first.org.

The Global Cyber Alliance (GCA) builds practical, measurable solutions and tools that are easy to use, and works with partners to accelerate adoption around the world. Learn more at www.globalcyberalliance.org.

The National Cyber Forensics and Training Alliance (NCFTA) was established in 2002 as a nonprofit partnership between private industry, government, and academia. The NCFTA provides a neutral environment for operational collaboration in the ongoing effort to identify, mitigate, and disrupt cyber crime. Learn more at https://www.ncfta.net.

The National Cybersecurity Alliance (NCA) advocates for the safe use of all technology and educates everyone on how best to protect ourselves, our families, and our organizations from cybercrime. Learn more at www.staysafeonline.org.

The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web. Learn more at https://owasp.org.

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights and ideas on creating, improving, and promoting scalable and effective software security programs. Learn more at https://safecode.org.

The Shadowserver Foundation’s (Shadowserver) mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Learn more at https://shadowserver.org.

#ShareTheMicInCyber (#STMIC) is an online movement to address issues stemming from systemic racism in cybersecurity. The social media campaign highlights the experiences of Black practitioners in this field, catalyzes a critical conversation on race in the industry, and shines a light on Black practitioners’ accomplishments to showcase them as experts in their fields all while creating professional opportunities and bringing the cyber community together. Learn more at www.sharethemicincyber.com.

Sightline Security is a nonprofit security organization whose mission is to equip, empower, and support global nonprofits to navigate and embed cybersecurity into their organizations with confidence—founded to address the lack of cybersecurity adoption in the nonprofit sector by offering a holistic, business, and community-centric approach designed to embrace cybersecurity best practices. At Sightline, there is a world where nonprofits have the confidence, knowledge, and business acumen to stay protected in a digital world. Learn more at https://sightlinesecurity.org.

The post Cybersecurity Nonprofits Team Up to Form “Nonprofit Cyber” Coalition appeared first on Digital IT News.

With cyberattacks — especially ransomware — on the rise, IT teams and security professionals must be on the alert as never before. Here are six specific predictions from Ilia Sotnikov, cybersecurity expert and VP of User Experience & Security Strategist at Netwrix:

1. Legislation will increase as security incidents at private companies affect national security. The impact of ransomware and other cyberattacks is no longer limited to just the victim company anymore; attacks are now affecting entire regions. For instance, attacks on companies that supply food or fuel have led to empty shelves in supermarkets and long queues at gas stations. Therefore, we can expect that security requirements for private organizations in critical sectors to become tougher. In particular, notification rules will be affected, as governments need more visibility into the specifics of cyberattacks in order to improve legislation. In some cases, governments may opt to use proverbial carrots as well as sticks, such as tax breaks that reward organizations for investing in cyber defenses.
2. Cyber insurance costs will increase and policies will mandate higher security standards. With insurance payouts becoming both more frequent and more costly, the cost of cyber insurance has already skyrocketed: Prices rose 96% in the US and 73% in the UK for the third quarter of 2021 compared to the same quarter last year. We expect continued increases in 2022. Moreover, insurance policies will require implementation of critical controls that reduce the risk of cybersecurity incidents. With attacks becoming increasingly common, insurance companies will pay in exceptional cases only.
3. More attacks will target MSPs as a path to infiltrate large enterprises or government agencies. Attackers have seized upon a very effective strategy for getting access to large organizations — through the relatively weaker IT infrastructures of SMBs that provide them with services. Accordingly, managed service providers (MSPs) will need to increase both the breadth and depth of their security measures, since many SMBs rely upon them on their security.
4. Quantum computing will begin to disrupt encryption. Most cryptographic algorithms today rely on the premise that there’s no processor sufficiently powerful to crack them in a reasonable timeframe — but quantum computing will allow such a processor to exist. While this technology is still far from any practical application, concern is growing. For example, the U.S. has announced export controls on eight Chinese quantum computing companies because of worries about China’s ability to break encryption. As the technology matures, we can expect more widespread adoption of post-quantum encryption standards.
5. Companies will need to address challenges in machine learning. Well over half (59%) of large enterprises today are already using data science (DS) and machine learning (ML). However, these techniques bring risks as well as benefits. ML algorithms are especially vulnerable in the learning phase because bad actors can poison the input in order to subvert the results, which can break critical processes and even put lives in danger in cases such as healthcare or traffic lights in a smart city. Organizations using ML must understand these threats and redouble their efforts to defend against them.
6. Attackers will use residential home networks as their infrastructure. A home network is much easier to infect with malicious software than a professionally secured enterprise IT environment. With processing power and bandwidth connectivity in residences increasing, home networks will become more attractive to bad actors. For example, by infecting many devices, they will be able to change IP addresses or even domain names dynamically during malware campaigns, thwarting common defenses like IP blocking and DNS filtering. IT teams should keep this new threat vector in mind when reviewing their security strategies and incident response plans. Moreover, the IT industry should seek to increase user awareness and best practices adoption to reduce the number of easy victims.

“Prioritization is the only way for organizations to manage the risk of cyberattacks in this new era of advanced technologies that can be used for both good and evil,” says Ilia Sotnikov, VP of User Experience & Security Strategist at Netwrix. “Simply put, organizations need to focus on securing their most important and valuable assets from the most likely incidents, and update their policies regularly. It is increasingly obvious that cyber insurance is not a lifebuoy. Risk assessment is first and foremost our own responsibility.”

Related News:

Netwrix SbPAM Continues to Minimize Privileged Access Security Risks

Cybersecurity Predictions for 2022 Unveiled by Query.AI

The post Be Aware of These Six Cybersecurity Trends in 2022 appeared first on Digital IT News.

With the key new capabilities in Netwrix SbPAM 3.5, organizations can:

• Protect their cloud environment by eliminating standing privileged accounts in Azure AD, thereby improving control over admin activity and reducing administrative burden.  
  
  
• Reduce network attack surface with on-demand privileged accounts for Cisco devices, which minimize the risk of privilege abuse and enable easier management of privilege.
  
  
• Secure critical data that resides in AD-integrated web applications and take control of shared access to web resources.
  
  
• Minimize security and business risks by removing superusers and instead with providing task-based, temporary privileged access for Linux.

Other enhancements enable organizations to:

• Disable remote desktop protocol (RDP) after each admin session to block ransomware and other cyberattacks and avoid unauthorized RDP connections.
  
  
• Detect security threats resulting from changes to critical files during privileged sessions to strengthen threat detection and investigation and minimize the chance of business disruptions.  
  
  
• Detect threats, streamline investigations and prove compliance by sending logs of privileged activity to SIEM solutions.

“Netwrix SbPAM is so simple to install and get running that we could not have solved our privileged account management problem without it. With Netwrix SbPAM we implemented privileged access management for our critical systems in days instead of months and it seamlessly integrated with our current systems and security controls,” said Craig Larsen, Information Systems Administrator at Eastern Carver County Schools.

“Compromise or misuse of admin accounts remains one of the top causes of data breaches and business disruptions today. Organizations, regardless of vertical or size, need to improve privileged access management to minimize these risks — but they are often concerned by the high cost and complexity of deployment,” said Steve Dickson, CEO at Netwrix. “Netwrix SbPAM solves this dilemma. Its simple and efficient design helps organizations dramatically improve security, yet it is easy to implement and offers a remarkably fast time to value.”

Netwrix SbPAM enables organizations to minimize their attack surface by eliminating standing privileged accounts. By granting admins just enough privilege to complete a given task and removing that privilege immediately afterwards, organizations can dramatically reduce the risk of data breaches, business disruptions and compliance failures. Plus, easy deployment and implementation means faster time to value than traditional solutions. Customers can even keep using their current tools, such as Remote Desktop Connection Manager or a password vault, but make them more secure by integrating them with Netwrix SbPAM.

Netwrix SbPAM 3.5 is globally available now. Download a free trial and get more information by visiting www.netwrix.com/sbpam3.5.html

Image licensed by pixabay.com

Related News:

Netwrix Enhances Cloud Security with New Version of StealthAUDIT

Speed the Detection of Threats to Sensitive Data and Enhance the Security of Cloud Environments with Netwrix Auditor X

The post Netwrix SbPAM Continues to Minimize Privileged Access Security Risks appeared first on Digital IT News.

The post Netwrix Enhances Cloud Security with New Version of StealthAUDIT appeared first on Digital IT News.

In 2009, there were an estimated 12.4 million malware-related cyber attacks that took place around the world. Flash forward to 2018 and that number had ballooned to an alarming 812.67 million instances. The still ongoing COVID-19 pandemic has only made matters worse, as these types of events have rapidly increased in volume thanks to the large number of employees that suddenly found themselves working remotely on inherently insecure systems. 

But while it’s absolutely true that the vast majority of these attacks happen via email and techniques like phishing, that doesn’t mean other elements of your business are immune. Case in point: your business cloud phone system. Without the right, proactive approach to cybersecurity, this is absolutely a vulnerability just waiting to be exploited by someone who knows what they’re doing. Therefore, to truly keep yourself, your employees and your business as safe as possible, there are a number of important things you’ll need to keep in mind.

Secure Your Phone System, Secure Your Business

By far, the most important best practice to follow when securing your cloud-based business phone system involves making sure that all of your endpoints and phones are NOT using the default login information. This is true even if they’re situated behind a firewall on your local area network.

The issue with the default login information is that it’s the same for all devices purchased from the same manufacturer. The standard username/password combination is typically something akin to “admin/password.” If someone attempts to infiltrate your system, this is absolutely the first combination that they’ll try and if you haven’t changed it yet, you’ve essentially invited them into your system – and thus the network behind it all.

For the best results, always use a unique username and a password with a strong combination of numbers, letters and special characters. Longer passwords are always better than shorter ones and if you have a hard time remembering complicated passwords, use a password manager to make it all easier.

Likewise, you’ll always want to make sure that your endpoints and phones area always running the latest firmware that is supported. Many don’t realize that firmware updates do more than just add new features – they also patch vulnerabilities and include security fixes to prevent people from entering your system undetected.

On an ongoing basis, you should also monitor your call logs for suspicious calls – particularly from callers that you’re totally unfamiliar with. You should also put a policy in place to control your international calling with PIN codes – or disable it entirely if it’s not relevant to your business. 

Along the same lines, you’ll want to strictly control admin access to the system and keep your logins regularly updated. Only the people who need access to administrative functions to do their jobs should have it and all employees should have to change their passwords on a regular basis for maximum security.

Beyond that, you also need to make an effort to instruct your staff, your customers and your clients to never leave sensitive information in voice mail messages – dong so is only asking for trouble. This is especially true if those voice mails can be easily duplicated, emailed or texted back out in other formats. If someone leaves sensitive information in a voicemail that can easily be exported as a .WAV mile or a text transcription, there’s no telling where it could possibly end up. Always wait to deliver sensitive information until someone is actually on the line.

In the end, it’s important to understand that this level of cybersecurity is not something you “do once and forget about.” Hackers and other people with malicious intentions are always working to stay one step ahead of you, so you need to do the exact same thing. By following the best practices outlined above when it comes to your business cloud phone system, you’ll go a long way towards protecting you – and everything you’ve already worked so hard to build – from those who wish to do you harm. 

Richard Hill is the President of SafeCall, Inc., a provider of cloud based business telephone systems, carrier services, and telecom consulting. 

Image licensed by: Unsplash.com

Related News:

Passwords Are Being Phased Out as a Result of Hybrid Work

CPowered Performance Solutions for Data Centers

The post Security Tips for a Business Cloud Phone System appeared first on Digital IT News.

The remote workforce and third-party access are elevating the security risk for business. Moving network protection to endpoints, RevBits ZTN isolates and protects internal assets, without implementing complicated network segmentation. Supporting a default no-trust security posture, RevBits ZTN provides in-transit data security through encryption, secure access to applications and services, and network security through user and device authentication.

“As enterprise threat levels rise, rethinking cybersecurity and perimeter control is paramount,” said David Schiffer, CEO at RevBits. “It is no longer a matter of ensuring data encryption for remote users through a VPN as a complement for network security; organizations must adopt a default no-trust posture.”

Building upon its technological innovation in the access management marketplace, through the award-winning RevBits Privileged Access Management (PAM), RevBits ZTN expands access management and control to the individual user level, with unified visibility and analytics, from a single vendor.

Virtual Private Networks (VPNs) have been the main security tool for remote access. However, VPN protection stops at the network perimeter, leaving the internal network vulnerable. VPN provides a level of protection by encrypting data in transit and a layer of obfuscation. However, it doesn’t authenticate users or their devices, leaving the network open to attackers if VPN credentials are stolen.

RevBits ZTN provides data security with encryption and granular access control to digital assets, by authenticating all users and devices. “Based on our unique architecture and patent-pending technologies, RevBits ZTN provides best in class protection,” said Mucteba Celik, CTO at RevBits. “By combining the principles from our PAM solution, RevBits ZTN delivers data encryption, comprehensive obfuscation, granular user and machine access control, and monitoring to protect digital infrastructure.”

RevBits ZTN feature highlights

• Proxy servers located in 24 globally distributed cloud regions for fast, secure connections and automatic scaling.
• Multiple options for user authentication, including fingerprint, facial recognition, YubiKey, SAML, MFA and others.
• Control every aspect of a remote session, including monitoring, reviewing, recording and killing sessions with one click.

Image licensed by pixabay.com

Related News:

PC Matic Selected by NIST’s National Cybersecurity Center of Excellence to Demonstrate Zero Trust Architectures

The Availability of the IGEL OS Integrations Help Businesses Solve for Work-from-Anywhere Businesses

The post RevBits Zero Trust Network Strengthens Network Security and Protects Digital Assets appeared first on Digital IT News.

The need to remain competitive and cater to increased user demands has prompted a 15% jump to 37% of companies saying they plan to move business-critical applications to the cloud in 2020-21, compared to the previous year. As digital leaders build robust digital infrastructures to ensure future success, it is estimated that almost half (47%) of their IT infrastructure globally is now on the cloud, despite ongoing concerns over cloud security. These findings come from Equinix’s annual global study of the views of 2,600 IT decision-makers across the Americas, Asia-Pacific and EMEA—the Equinix 2020-21 Global Tech Trends Survey (GTTS).

Since the outbreak of the global COVID-19 pandemic, the risk of cyberattacks has greatly expanded at the digital edge. Cybercrime costs the world economy more than $1 trillion with the average cost to organizations estimated to be more than half a million dollars per incident. Risk has been compounded by the large number of companies quickly shifting network capacity to cater to increasing volumes of remote worker data traffic. This has prompted a surge in cloud migration and broad implementation of cloud-based digital infrastructure as part of a hybrid infrastructure strategy.

Balancing cybersecurity concerns with cloud adoption in a digital-first world

Jennifer Cooke, Research Director, Edge Strategies, IDC, states: “Shifts in population centers, the increasing occurrence of cyberattacks, rapidly expanding data volumes and compliance needs, the creation of business ecosystems, and the transformation to digital business, have been driving the need for a new approach to digital infrastructure. These market forces are driving IT leaders to consider the best strategies and prioritize investments across the digital core, edge, and exchange of data.”

The GTTS found 70% of respondents believe migrating to the cloud is a top priority, with 80% focused on digitizing their IT infrastructure. This move is not being made lightly, with the threat of data leaks/cyberattacks as a result of increased cloud adoption being perceived as one of the biggest threats to organizations in all three regions: 52% AMER, 50% AP, 45% EMEA.

These concerns are not without merit. The Global Interconnection Index (GXI) Volume 4, a market study published by Equinix, revealed a growth in the number of user devices and cloud resources, meaning organizations have to be aware of distributed security risks such as DDoS attacks, which have grown over 270% year-over-year.

Michael Montoya, Chief Information Security Officer, Equinix, said: “Digital transformation is essential for business survival. Every company is becoming a software company and the pandemic has accelerated the need for digital transformation.” Indeed, findings from the 2021 Gartner^® Board of Directors Survey* show 69% of boards accelerated their digital business initiatives in the wake of COVID-19.

“Moving to the cloud is at the heart of this transformation. However, as our GTTS shows, many digital leaders remain nervous about this migration, with IT decision-makers highlighting fears around increased data leaks and security breaches.”

“Cyber hygiene remains vitally important in the cloud. Equinix offers a robust and interconnected platform which allows for the direct and secure exchange of data between businesses. Equinix Fabric enables connectivity to global digital business ecosystems and a myriad of cloud service providers. As a Chief Information Security Officer, I now have the assurance that my cloud deployments avoid the public internet and the associated cyber risks.”

Stacy Hayes, Co-Founder and Executive Vice President, Assured Data Protection, added: “Equinix and Equinix Fabric enabled us to deliver our Rubrik Cloud services over a fast, scalable and secure interconnection platform, with access to multiple hyperscaler clouds, that will not only protect our customers’ data today, but also give them much more value from their data in the future.”

Other findings of note from the Global Tech Trends Survey include:

• 80% of IT decision-makers said digitizing their IT infrastructure is a top priority, with 76% working to improve user experience.
• Almost half (48%) of respondents said they believe the threat of data leaks and cyberattacks as a result of cloud migration to be one of the biggest threats globally.
• 81% of digital leaders said they are prioritizing improving their organization’s cybersecurity—a significant increase from the 70% who said this in the 2019-20 edition of the survey.

To read more about the Global Tech Trends Survey, or download a copy, please visit: https://www.equinix.com/resources/infopapers/equinix-tech-trends-survey

About the Equinix 2020-21 Global Tech Trends Survey (GTTS)
The independent study, commissioned by Equinix, surveyed 2,600 IT decision-makers in diverse enterprises across the Americas (Brazil, Canada, Colombia, Mexico, U.S.), Asia-Pacific (Australia, China, Hong Kong, Japan, South Korea, Singapore) and EMEA (Bulgaria, Finland, France, Germany, Ireland, Italy, Netherlands, Poland, Portugal, Spain, Sweden, Switzerland, Turkey, UAE, UK). Respondents were selected for participation from Dynata’s online panel. The survey was conducted online between December 17, 2020, and January 8, 2021.

*Gartner, Press Release, Gartner Says 69% of Boards of Directors Accelerated Their Digital Business Initiatives Following COVID-19 Disruption, September 30, 2020.

Image licensed by pixabay.com

Related News:

Survey Finds 76% of Enterprises Have Already Adopted a Multi-Cloud Strategy According to HashiCorp’s Inaugural State of Cloud Strategy

Gartner Says Four Trends Are Shaping the Future of Public Cloud

The post Cloud Migration Plans Surge Despite Security Concerns appeared first on Digital IT News.

The new functionality in Netwrix Auditor X enables customers to:

• Reduce the time to detect and investigate incidents involving sensitive data. Security teams can quickly detect and respond to activity that threatens sensitive content, thanks to more granular security intelligence.
• Enjoy a personalized security experience. The customizable home screen gives users instant access to the information most relevant to them, such their current risks and favorite reports, so they can swiftly make informed decisions to strengthen their security posture.
• Gain control over Azure AD users and their roles. With the detailed information about Azure AD users and roles in Netwrix Auditor X, IT teams can further mitigate the risk of security incidents and prove to auditors that they are following compliance requirements and industry best practices for their cloud users.
• Identify and eliminate security gaps in SharePoint Online. New detailed reports make it easy to spot security risks in SharePoint Online, such as documents that have been shared with external users or that can be accessed by everyone in the organization.
• Know who’s reading sensitive data in SQL Server. Organizations can hold privileged users accountable for improper actions in SQL Server, such as reading information they are not supposed to. As a result, security teams can deter behavior that could lead to data leakage, speed security investigations, and prove to auditors that only authorized users are viewing the confidential content stored in SQL Server.

“Netwrix Auditor has evolved from an Active Directory auditing tool for operational problems into a comprehensive security intelligence solution for issues that are top of mind at the executive level,” said Steve Dickson, CEO of Netwrix. “Over 11,000 organizations around the globe rely on Netwrix Auditor, and with each release, it becomes even simpler to use while further strengthening security. This is how Netwrix is changing the industry — we make powerful data security easy.”

Netwrix Auditor is a security solution that helps organizations detect security threats, prove compliance and increase IT team efficiency. The platform provides security intelligence to minimize IT risks, detect activity that threatens the security of sensitive data and investigate incidents in time to prevent real damage.

Netwrix Auditor X is now globally available. To learn how Netwrix Auditor X can make IT admins into heroes and IT managers into superstars, please visit www.netwrix.com/auditorx.

Related News:

Lack of Budget and Cloud Security Skills are Top Obstacles Keeping Organizations from Protecting Data in the Cloud, According to Netwrix Study

Stealthbits, Now Part of Netwrix, Named to Carahsoft ITES-SW2 Contract to Support U.S. Army Enterprise Infrastructure Goals

The post Speed the Detection of Threats to Sensitive Data and Enhance the Security of Cloud Environments with Netwrix Auditor X appeared first on Digital IT News.

“As the world moved to remote work a year and a half ago, it became clear that cybersecurity would need to follow workers home. We quickly and quietly assembled a team of some of the best consumer tech engineers and put them together with the exceptional teams who built Palo Alto Networks top security products. The result is Okyo Garde. It shows up as beautiful hardware and an easy app. But under the hood, it’s pure world-class security with constantly updated threat intelligence — the same technology that secures some of the world’s largest companies, banks, hospitals and the rest of our 85,000 worldwide customers,” said Mario Queiroz, executive vice president, Palo Alto Networks.

Okyo Garde for Work-From-Home Employees
In many cases, the home is quickly becoming a “branch of one,” with multiple devices but without IT teams, and without a deep set of cybersecurity protections. Now these homes face the same threat landscape as any enterprise — threat actors may even see them as vulnerable entry points into the corporate network. Okyo Garde was designed to help protect these homes.

For larger companies looking to protect employees who are working from home, Okyo Garde will be integrating with Prisma^® Access, Palo Alto Networks’ cloud-delivered security platform. By combining Okyo Garde and Prisma Access, corporations will be able to extend their corporate networks and bring unified security policy management and SASE (secure access service edge) to work-from-home employees, while offering employees a premium Wi-Fi experience in a beautiful package. The work-from-home employee can also use Okyo Garde to enable an additional separate, private Wi-Fi network for the rest of their home and family’s needs. This network will also have advanced security capabilities designed for consumers and will be solely under the control of the employee or other family members.

Okyo Garde for Small Businesses
Because the number and frequency of cyberattacks have increased significantly, small businesses also need to ensure they are protected with the best available security — but they also need to be able to install and manage that security as easily as using their favorite app. Okyo Garde gives small businesses the cybersecurity protection they need with unparalleled malware and ransomware prevention, phishing protection, infected device detection, along and suspicious activity monitoring and control — all while delivering ultra-fast Wi-Fi. The Okyo Garde mobile app makes it easy for businesses to have comprehensive control and visibility over their digital security and Wi-Fi network activity, and it helps make setup simple. Okyo Garde can also be ordered with the Okyo Concierge service, designed to provide peace of mind for small businesses or for anyone wishing extra attention for installation, 24/7 support or on-site troubleshooting.

“The changing nature of work from home is transforming the home network into a new, unmanaged enterprise edge,” said Zeus Kerravala, founder and principal analyst, ZK Research. “Securing and managing the home as a branch extension of the enterprise network, at scale requires a new security, networking, and management paradigm. An approach that delivers enterprise-grade cybersecurity with consumer simplicity and is built upon the principles of Zero Trust.”

With Okyo Garde, enterprises, small businesses and work-at-home employees can all have world-class security and be ready for what comes next.

Pricing and Availability
Okyo Garde subscriptions for small businesses start at $349/year and include a mesh-enabled Wi-Fi 6 system. Starting today, in the U.S., Okyo Garde can be pre-ordered on okyo.com, with estimated ship date this fall. For pre-orders through September 30, 2021, we offer Okyo Concierge with Pro subscription tier at no cost, a value of up to $148. Expanded distribution is expected from Palo Alto Networks NextWave partners later this year. Okyo Garde Enterprise Edition, with Prisma Access integration, is expected to be available from Palo Alto Networks and Palo Alto Networks NextWave partners in the U.S. in early 2022.

More Information
More information about Okyo Garde for small business is available at okyo.com and for enterprises at paloaltonetworks.com/okyo as well as in our blog.

Tune into our Okyo special event at okyo.com to hear CEO Nikesh Arora and founder Nir Zuk discuss Okyo and how it helps secure remote work and small businesses.

Image licensed by pixabay.com

Related News:

Palo Alto Networks Introduces Complete Zero Trust Network Security

Palo Alto Networks Launches NextWave 3.0 to Help Partners Build Expertise in Dynamic, High-Growth Security Markets

The post Palo Alto Networks Introduces Enterprise-Grade Cybersecurity, Okyo Garde, for Work-From-Home Employees and Small Businesses appeared first on Digital IT News.