The startup's software helps organizations secure their containers in the cloud by teasing out which packages are running and which are vulnerable.

Oligo Security launched out of stealth on Wednesday with its runtime application security platform for detecting vulnerabilities in open source components. Oligo generates a dynamic bill of materials (BOM), identifies vulnerabilities in packages, and sets fix priorities for vulnerabilities based on application context.

Some of the most damaging cyberattacks in the past couple of years originated in open source packages included within large, complex systems. For example, Log4Shell attacks continued throughout most of 2022 because many organizations didn't even realize they were running a vulnerable version of Log4j. Oligo generates a dynamic BOM that shows all the components that are actually running, which helps establish which vulnerabilities to fix first.

Oligo profiles the legitimate behavior of each library and creates a knowledge base of libraries’ profiles. The platform fires alerts when the library activity deviates from the profile, as that would indicate suspicious activity.

"Only 15% of CVEs scanned with traditional solutions are posing a real risk, and the other 85% are irrelevant, resulting in lots of false positives and noise," Avshalom Hilu, co-founder and chief product officer of Oligo, wrote in a technical blog post. Reducing false positives and targeting mitigation more tightly can help security staff close the most dangerous flaws first and reduce alert fatigue.

The company bases its product on extended Berkeley Packet Filter (eBPF), which allows programs to run in a sandbox within the Linux operating system kernel. This means developers can extend the OS to improve visibility, networking, security, and other capabilities to make using containers in the cloud more secure.

With the dominance of cloud computing and expanding use of containerization tools like Kubernetes, eBPF is seeing traction. The overall container security market is expected to rise from $714 million in 2020 to $3.6 billion by 2026, and up to $8.2 billion by 2030. Besides Oligo, other eBPF startups in the cybersecurity space include Araali Networks, which offers an eBPF-based firewall; Cilium, an open source Kubernetes connectivity tool; Falco and Aqua, which make Kubernetes runtime security tools; and Calico, a cloud-native security company.

Oligo raised its $28 million funding from Lightspeed Venture Partners, Ballistic Ventures, and TLV Partners, along with several angel investors.

Oligo Security Takes Aim at Open Source Vulnerabilities

Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.

A number of experiments suggest that ChatGPT, the popular large language model (LLM), could be useful to help defenders triage potential security incidents and find security vulnerabilities in code, even though the artificial intelligence (AI) model was not specifically trained for such activities, according to results released this week.

In a Feb. 15 analysis of ChatGPT's utility as an incident response tool, Victor Sergeev, incident response team lead at Kaspersky, found that ChatGPT could identify malicious processes running on compromised systems. Sergeev infected a system with the Meterpreter and PowerShell Empire agents, took common steps in the role of an adversary, and then ran a ChatGPT-powered scanner against the system.

The LLM identified two malicious processes running on the system, and correctly ignored 137 benign processes, potentially reducing overhead to a significant degree, he wrote in a blog post describing the experiment.

"ChatGPT successfully identified suspicious service installations, without false positives," Sergeev wrote. "For the second service, it provided a conclusion about why the service should be classified as an indicator of compromise."

Security researchers and AI hackers have all taken an interest in ChatGPT, probing the LLM for weaknesses, while other researchers, as well as cybercriminals, have attempted to lure the LLM to the dark side, setting it to produce better phishing emails messages or generate malware.

    

ChatGPT found indicators of compromise with some false positives. Source: Kaspersky

Yet security researchers are also looking at how the generalized language model performs on specific defense-related tasks. In December, digital forensics firm Cado Security used ChatGPT to create a timeline of a compromise using JSON data from an incident, which produced a good — but not totally accurate — report. Security consultancy NCC Group experimented with ChatGPT as a way to find vulnerabilities in code, which it did, but not always accurately.

The conclusion is that security analysts, developers, and reverse engineers need to take care whenever using LLMs, especially for tasks outside the scope of their capabilities, says Chris Anley, chief scientist at security consultancy NCC Group.

"I definitely think that professional developers, and other folks who work with code should explore ChatGPT and similar models, but more for inspiration than for absolutely correct, factual results," he says, adding that "security code review isn't something we should be using ChatGPT for, so it's kind of unfair to expect it to be perfect first time out."

**Analyzing IoCs With AI**

The Kaspersky experiment started with asking ChatGPT about several hackers' tools, such as Mimikatz and Fast Reverse Proxy. The AI model successfully described those tools, but when requested to identify well-known hashes and domains, it failed. The LLM could not identify a well-known hash of the WannaCry malware, for example.

The relative success of identifying malicious code on the host, however, led Kasperky's Sergeev to ask ChatGPT to create a PowerShell script to collect metadata and indicators of compromise from a system and submit them to the LLM. After improving the code manually, Sergeev used the script on the infected test system.

Overall, the Kaspersky analyst used ChatGPT to analyze the metadata for more than 3,500 events on the test system, finding 74 potential indicators of compromise, 17 of which were false positives. The experiment suggests that ChatGPT could be useful for collecting forensics information for companies that are not running an endpoint detection and response (EDR) system, detecting code obfuscation, or reverse engineering code binaries.

Sergeev also warned that inaccuracies are a very real problem. "Beware of false positives and false negatives that this can produce," he wrote. "At the end of the day, this is just another statistical neural network prone to producing unexpected results."

In its analysis, Cado Security warned that ChatGPT typically does not qualify the confidence of its results. "This is a common concern with ChatGPT that OpenAI \[has\] raised themselves — it can hallucinate, and when it does hallucinate, it does so with confidence," Cado's analysis stated.

**Fair Use and Privacy Rules Need Clarifying**

The experiments also raise some critical issues regarding the data submitted to OpenAI's ChatGPT system. Already, companies have started taking exception to the creation of datasets using information on the Internet, with companies such as Clearview AI and Stability AI facing lawsuits seeking to curtail their use of their machine learning models.

Privacy is another issue. Security professionals have to determine whether submitted indicators of compromise expose sensitive data, or if submitting software code for analysis violates a company's intellectual property, says NCC Group's Anley.

"Whether it's a good idea to submit code to ChatGPT depends a lot on the circumstances," he says. "A lot of code is proprietary and is under various legal protections, so I wouldn't recommend that people submit code to third parties unless they have permission to do so."

Sergeev issued a similar warning: Using ChatGPT to detect compromise sends sensitive data to the system by necessity, which could be a violation of company policy and may present a business risk.

"By using these scripts, you send data, including sensitive data, to OpenAI," he stated, "so be careful and consult the system owner beforehand."

ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally

Factoring user experience and convenience into how employees and tenants access buildings is top concern for security professionals says benchmark industry survey.

**BETHESDA, Md., February 15, 2023** **–** Brivo, a leading provider of cloud-based access control and smart building technologies, today publishes the 2023 Top Security Trends Report which identifies user experience and convenience as rapidly emerging drivers behind the adoption of new physical security solutions.

Brivo's sixth annual trends report is based on responses from 677 security professionals across the world working in over two dozen sectors. They pointed to growing expectations for frictionless access into workplaces, as more Millennial and Gen Z cohorts enter the workplace, and a general rise in convenience as a major consideration in physical security. 

Key findings that speak to this trend include:

*   84% of security professionals think user experience is either extremely important or very important to access control.
*   65% pointed to user convenience as a benefit of mobile access control, speaking to the growing popularity of mobile devices as an access credential over a traditional plastic FOB.
*   Tenant and workplace experience apps are growing in popularity, ranking as the fifth most popular security system integration this year – according to the respondents. These apps give more control to employees over their office space via mobile-derived services.
*   Security professionals listed remote door management, instantaneous credential management and outsourcing oversight responsibilities as applications for cloud-based security that make their lives easier – highlighting the appreciation that security professionals have for convenience in their own work.

Responses elsewhere in the report show that data collection and system integrations are business imperatives today. Security professionals continue to integrate security systems with cross-functional areas but more are using access data to understand access trends and space usage (45%), find and prioritize unusual activity (42%), and give value to other departments like supply chain, process, and HR (42%). 

This year’s report also reveals that today’s security professionals are bullish on the potential of biometric access solutions. Sixty percent want to add biometrics to their buildings in the next three years and, again, 60% predict that facial recognition will have the biggest impact in access control technology over the next three years.

"The key takeaway from our 2023 Trends Report is that user experience and convenience are vital considerations for security professionals today, and this trend shows no sign of slowing as more cohorts of Generation Z enter the workplace with expectations for technology-enabled frictionless access,” said Steve Van Till, founder and CEO of Brivo. “Cloud-based access control collects the most valuable data for security professionals to make better informed business decisions. The integration of access control with other security and proptech platforms will be essential in meeting stakeholder expectations on convenience and delivering the next generation of access solutions."

Other interesting findings from Brivo’s report include:

*   Respondents reported a surge in access control integrations. Integrations of identity and access management solutions are most common as more organizations pursue streamlined operations by connecting physical and digital security systems for added protection.
*   A lack of budget (39%) was most commonly cited as the reason for not adopting cloud-based access control solutions.
*   More organizations are looking to centralize their security – with 38% saying their organizations are partly centralized today, up from 31% in 2022’s report.

Brivo’s systems generate a wealth of data for organizations to leverage. For a broader view of industry data, articles, blog posts and other content, go to www.brivo.com. For the full 2023 Top Security Trends Report, please visit this link to learn more.

**About Brivo** 

Brivo, Inc., created the cloud-based access control and smart spaces technology category over 20 years ago and remains a global leader serving commercial real estate, multifamily residential, and large distributed enterprises. The company’s comprehensive product ecosystem and open API provide businesses with powerful digital tools to increase security automation, elevate employee and tenant experience, and improve the safety of all people and assets in the built environment. Brivo’s building access platform is now the digital foundation for the largest collection of customer facilities in the world, occupying over 450 million square feet across 60 countries. Learn more at www.Brivo.com.

Brivo Reveals Top Security Trends for 2023: Convenience Is King in Securing the Hybrid Workplaces of the Future

Retail & Hospitality ISAC invites industry leaders, experts, and innovators to submit proposals for presentations and panel discussions.

**Vienna, VA (February 15, 2023)** **–** The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) is now accepting speaker submissions for the 2023 RH-ISAC Cyber Intelligence Summit. The event, which is the premier conference for retail and hospitality cybersecurity professionals, will bring together experts from across the industry to discuss the latest threats and solutions in the field.

The conference will focus on the challenges facing the retail and hospitality industries in the face of an ever-increasing number of cyber threats, and it will provide a platform for attendees to learn from the best and brightest in the field.

RH-ISAC invites industry leaders, experts, and innovators to submit proposals for presentations and panel discussions that cover topics such as threat intelligence, incident response, risk management, and security operations. The goal of the RH-ISAC Summit is to provide attendees with actionable insights, practical solutions, and meaningful connections that can help them better protect their organizations and customers from cyber threats.

“We’re thrilled to once again bring together the brightest minds in retail and hospitality cybersecurity for our annual summit,” said RH-ISAC President Suzie Squier. “The call for speakers is a critical component of the event, and we’re excited to hear from experts who can share their knowledge and experiences with our community.”

The RH-ISAC Cyber Intelligence Summit will take place October 2–4 in Dallas, Texas. To submit a speaker proposal, visit https://rhisac.org/events/call-for-presentations/. The deadline for submissions is May 5.

For more information about the RH-ISAC Cyber Intelligence Summit, visit https://summit.rhisac.org/.

**ABOUT RH-ISAC**

The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is the sector’s operational community for sector-specific cybersecurity information and intelligence sharing and collaboration. As such, the RH-ISAC not only connects and serves its members,italso seeks to partner collaboratively with all trade associations in the sector to support security development and maturity with the goal of building better security for the retail, hospitality, and travel industries through partnership and collaboration. For more information, visit www.rhisac.org.

Call for Speakers Now Open for the RH-ISAC Cyber Intelligence Summit

US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government's control.

The most recent in a series of US Government Accountability Office (GAO) reports on the state of cybersecurity across the federal government makes specific recommendations about the collection, use, and sharing of personally identifiable information (PII).

In a Feb. 14 report, the GAO recommended improving the protection of private data, particularly information collected in retirement plans.

Besides the cybersecurity of stored data, the report calls on agencies to establish data privacy policies and procedures that include record-keeping that identifies the types of personal data collected, regular privacy impact reviews, and the coordination of these data privacy functions across the agency.

The latest GAO cybersecurity assessment points out, as it has in previous reports, that agencies have been slow to adopt its recommendations.

"We have made 236 recommendations in public reports since 2010 with respect to protecting cyber critical infrastructure," the GAO added in its report. "Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

GAO Calls for Improved Data Privacy Protections

2022 saw a record number of cyberattacks. In response, regulators are prescribing how companies should manage their risks. How do you prepare?

In 2022, we saw a large number of cyberattacks and breaches that affected both companies and countries, driven primarily by accelerating innovation by threat actors and continued diversification of the threat actor economy. While many technical responses have been proposed, the policy responses pose a more challenging issue, as companies will need to comply with public policy decisions despite challenging macroeconomic conditions and a persistent lack of skilled professionals to work on cybersecurity.

In short, 2023 will be the year of risk.

**1\. Anticipate org chart changes and more collaboration with the C-suite.**

Pending regulatory changes require that the CISO be independent, and this independence will likely require organizational chart changes, as CISOs have historically reported to the CIO, CTO, or another senior executive with a background in technology.

This frequently creates an implicit conflict of interest when budgets and staffing considerations arise, as the incentives of the CIO or other senior executives do not necessarily align with the goals of the CISO. In 2023, CISOs should prepare to be adequately independent and have good visibility into the management of cyber-risk. Being independent includes the responsibility of setting staffing and budgets for approval by a committee, rather than providing a cybersecurity budget line item as part of another senior executive's larger budget for the year.

**2\. Be ready to answer more risk-related questions from the board …**

Boards want to have more oversight of cyber-risk. In 2023, organizations should plan on inviting their CISO to a board meeting (and to be somewhat forgiving of that first meeting with those CISOs who come from a technical background). While not all board members need to understand cybersecurity, all CISOs (or CIOs, or whoever presents to the board) need to be able to speak to the board in the language of risk to effectively communicate status, learn about larger initiatives, and ask for assistance or perspective when needed. Although this will be a new requirement for publicly traded companies, privately held companies should strongly consider adopting this new change to reporting.

**3\. … and as a result, be more diligent about communicating risk.**

Companies should track the risk of noncompliance and be able to describe their risk management plans associated with noncompliance. Depending on the specific regulatory body, civil and criminal penalties are potential outcomes, as well as congressional hearings or reputational damages.

Companies that have DFARS requirements — particularly those with CMMC level 2 control requirements — hold the dual risks of noncompliance leading to denial of future Department of Defense contracts as well as the potential of whistleblowers under the False Claims Act. As a result, CISOs will need to be consistent and persistent about communicating the status of their risk and compliance posture.

**4\. CISOs will need to invest in internal assessments as more security breaches hit the news.**

Cybersecurity breaches were a hot topic in 2022, with several high-profile cases making national headlines. For example, the Federal Trade Commission (FTC) sought action against online alcohol marketplace Drizly — and its CEO, Cory Rellas — for cybersecurity failures affecting over 2.5 million consumers. Notably, the FTC specifically named and sanctioned Rellas — a new move for the governing body. This change in posture may indicate a larger shift toward enforcement at the FTC, particularly for organizations that don’t have adequate controls around the protection and disposition of consumer data.

One lesson carries across these stories: the importance of effective internal assessments, as they are critical tools to find weaknesses in your security program and assuring that those weaknesses are fixed. We predict a sharp increase in investigations with adversarial discovery in 2023 as companies watch these major news stories play out in real-time.

**5\. SMBs should consider increasing security control monitoring to avoid cyberattacks.**

Smaller companies are more vulnerable to cyberattacks, but why? Simply put, they don’t have the budget or resources to combat ransomware attacks, which is why they are a high priority for threat actors.

More controls in place means more processes for maintaining those controls, which results in more manual processes that IT security professionals must handle. For example, SMBs will need to map out the GDPR compliance legalese to controls for breach notifications, or quickly finding CIS Control Group 3 to help with data disposal.

IT, security, and risk management professionals will need to better collect and organize their evidence in preparation for applications and renewals of their cyber insurance policies. They might also consider a tool that enables them to link risks to controls to decide how much coverage they actually need.

**About the Author**

    

Kayne McGladrey, CISSP, is the field CISO for Hyperproof and a senior member of the IEEE. He has over two decades of experience in cybersecurity and has served as a CISO and advisory board member, and focuses on the policy, social, and economic effects of cybersecurity lapses to individuals, companies, and the nation.

2023 Is the Year of Risk: 5 Ways to Prepare

Information security is a high-stakes field with sky-high expectations. Here's how CISOs can offset the pressures and stay healthy.

John has built a stellar reputation as a problem solver and cyber defender. Yet, today, John, the chief information security officer of a major manufacturing company, is frantically trying to find out why the CEO had been unable to retrieve or send any emails for the past four hours. The CEO is extremely irate, and as John takes in the barrage of anger, John begins to feel fear sinking into his chest. Would this incident tarnish his hard-earned reputation? Will he lose his job?

John prides himself on having answers and receiving praise for fixing problems, so he is taking this situation to heart. He started his IT security career as an analyst. He was incredibly talented at spotting gaps in security posture and determining creative ways to close those gaps. John's intelligence and innovation helped him quickly climb the ranks to CISO. However, each level of promotion brought with it increasing challenges and demands.

As an analyst, John's responsibility was confined to himself and his specific role. The CISO role has widened John's scope of responsibility immensely. He now has to manage a team of people with varying personalities; budget and request funds for projects; communicate and build relationships with other business leaders within his company; negotiate and buy products and services from vendors; and meet a number of other responsibilities. John also has to find time to be a husband, to be a father, and to take care of his own physical and mental health.

It doesn't help that John's leadership expects the IT security department to protect 100% against malicious threats targeting their company. John and his team are expected to perform perfectly. It's an unrealistic and unreasonable expectation, which leads to high stress and burnout. Unfortunately, many are in this position.

**What Leaders Should Do**

Had there been someone coaching John, he would have been taught about effective leadership traits that would help him have less emotional fallout in this scenario. There are three core tactics John could use to keep from questioning his own efficacy or suffering burnout.

**1\. See mistakes as a learning opportunity.** Mistakes happen. They are a part of life. Those who thrive see mistakes as learning opportunities and ways to get better. Accept any mistake as what it is: an outcome you did not want. Investigate what led to that outcome, determine what alternative choices were available, and understand what better option exists moving forward.

**2\. Control the controllables.** There are not a lot of things in our control. For example, we have no control over how others respond (like a yelling CEO), if a salesperson gives us all the information we need to make an educated purchase, if employees leave the company, if it's going to rain, or a litany of other things. Focusing on things outside of our control will lead to increased fear and manifesting more of what we do not want.

However, we do have the ability to focus on what we have control over. We have control over how we respond to situations; we have control over our energy, effort, and attitude; and we have control over how we choose to model for others. Focusing on what we control will not guarantee things work out. However, it will allow us to have more sanity and certainty we are doing the right things at the right time, which will increase our chances of success.

**3\. Remain calm.** When threats to our safety (real or perceived) occur, we instinctively go into survival mode — fight, flight, or freeze. In times of fear and panic, our cortex disconnects from the cerebellum, known in psychology as a "flipped lid." We lose our ability to critically think and problem-solve. Our breathing also becomes faster and shorter. You can get back to calm through your breath.

Box breathing is a simple and effective technique for recovering a mental space in which you can problem-solve. It employs four equal parts, just like the sides of a box. You inhale for 5 seconds, hold at the top of that breath for 5 seconds, exhale for 5 seconds, and hold at the bottom of that exhale for 5 seconds. Repeat this process for a minimum of 5 rounds or more.

**Reduce Stress to Reduce Turnover**

Stress is on the rise within the IT security space, which leads to problems like burnout and employee turnover. The 2022 Global Chief Information Security Officer (CISO) Survey from management consulting firm Heidrick & Struggles shows some concerning statistics. The survey showed stress (60%) and burnout (53%) were the top responses as being the most significant personal risks to CISOs in the United States.

People are leaving CISO roles for other operational positions, pursuing consulting opportunities, or not entering the CISO roles altogether. This exacerbates two big issues in the industry: not enough talent to fill seats and employee retention.

"They're \[CISOs\] choosing to punch out," Matt Aiello, partner and leader of the cyber practice at Heidrick & Struggles, told CNBC recently. "What we're hearing in off-line conversations is that it's a great role, but it's very hard and the regulatory pressures are increasing, and that makes being a CISO even more challenging."

Awareness and prioritization of mental health support and performance coaching is growing in this industry. In 2018, for example, the Black Hat conferences introduced a community track focused on mental health and other nontechnical topics that's continued to this day.

Being an IT security leader is hard. There are so many challenges to being effective in the role — unrealistic expectations of protecting your organization 100%, not getting the funding you need to purchase resources, difficulties finding and retaining good talent, etc. Ineffective leadership skills make this job harder. You and your team can thrive if you learn how to lead effectively and avoid burnout.

3 Ways CISOs Can Lead Effectively and Avoid Burnout

Here are some of the easily avoidable mistakes most companies made last year, gleaned from hundreds of cybersecurity engagements by red and blue teams.

After analyzing and buttoning up hundreds of cybersecurity incidents in 2022, a group of purple team consultants compared notes to share five of the most common mistakes they've observed organizations make.

A purple team is a group of offensive cybersecurity professionals (red team) working in tandem with defending teams (blue team) to improve operations and mitigate threats.

Lares security assessment firm has published its purple-team findings that found companies keep making the same five errors: bad event logging, a lack of offensive security knowledge, maintaining a codependent relationship with the security operations center (SOC), too great a reliance on tools, and excessive outsourcing. Organizations need to pay attention to critical log events so that they don't overlook signs of malicious activity, to not expect detection and response tools to find all bad actors, and invest in their employees to learn and grow their security skills.

"To properly defend their organizations, security professionals need to be aware of the latest threats and how to respond," Andrew Hay, chief operating officer of Lares, said about the new report. "Security teams also need to be mindful of the potential issues that can arise from their defensive measures."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

What Purple Teams Wish Companies Knew

CISOs need to define their risk tolerance, identify specific critical data, and make changes based on strategic business goals.

The past few years have been a bumpy ride all around. 2022 was supposed to be a breather for CISOs as the uncertainty surrounding the pandemic largely subsided. Sadly, they found themselves coming to terms with the new "never normal" instead.

A soaring cost of living, geopolitical conflicts, catastrophic climate crisis, and a rapidly evolving regulatory environment all will shape the cybersecurity landscape this year. Newer threats have emerged and older ones have evolved. Critical infrastructure, public service delivery, and people's privacy all seem to be in the line of fire. And with ongoing digital transformation initiatives, exponential data growth, limited funds, and an ongoing skills shortage, CISOs and their teams, it seems, are barely holding it together.

**Waypoints on Path to Action**

Keeping up with emerging threats and challenges in 2023 can help organizations get on the path to developing a coherent security strategy.

**1\. Cyberattacks increase, tactics evolve:** Ransomware incidents dropped by 34% earlier in 2022, only to roar back with a vengeance. Ransomware has evolved to double and triple extortion with data theft and denial of service. We'll see an uptick in stolen data being sold on Dark Web forums and later being used in highly targeted phishing attacks.

The underground cybercrime landscape is also shifting from cybercrime-as-a-service to cyber mercenaries for hire. Expect cybercriminals and nation-state actors to hire highly skilled cyber mercenaries for granular tasks that can lead to major attacks and breaches. These attacks will be very impactful but near impossible to trace.

**2\. Supply chain risks balloon:** Supply chain security risks quickly bleed into the business side of operations, often bringing them to a halt. These risks will likely balloon this year as businesses outsource the infrastructure, applications, and services they need to multiple cloud and software-as-a-service (SaaS) vendors. With so many external providers and partners, attackers will target the most vulnerable ones to gain easy access.

**3\. Data-well poisoning attacks emerge:** Artificial intelligence-powered systems depend on the integrity of the data they're fed to make sound decisions. As businesses get real with AI in 2023, data will become an invaluable asset as well as a liability. Cybercriminals will be targeting data wells to manipulate systems into making rogue decisions. Beyond confidentiality and availability, data integrity is now at risk.

**4\. Tech, threat, and regulatory environments continually change:** Threats are evolving, and so is the regulatory landscape. General and country-specific regulations will compel organizations to ensure ethical data collection, storage, and use. These changes will likely keep CISOs on their toes, trying to preserve all the good pieces of the security pie while also ensuring enough flexibility to accommodate new changes.

**Creating a Business-Based Security Strategy**

Here's what organizations in general need to focus on to create a security strategy that can steer them through what appears will be a challenging year for security, economy, and trade.

**1\. Aligning security with business strategy:** CISOs are responsible for assuring business executives that cybersecurity is a business risk, not just an IT issue. As boards determine a business's strategic direction, CISOs must incorporate security into that process. To do that, addressing cyber-risks should frequently be on the agenda for board meetings.

A CISO who appreciates the business tactic of developing a security strategy that supports the organization's goals probably won't have to chase after the board for security funds and resources.

**2\. Building cyber resiliency:** Cyber resiliency is an organization's preparedness to deal with the impact of threats that can't be predicted or prevented. The first step to achieving cyber resilience is to adopt a governance framework for monitoring cyber activities, including partner collaborations and relevant regulatory changes. Organizations must also develop cyber situational awareness through cyber threat intelligence gathering, analysis, and sharing.

Next, they should identify and prioritize critical assets and continually evaluate them as their value changes. Based on the insights they gather, they need to plan and rehearse for just-in-case scenarios. Rehearsed incident-response plans can cut down the cost of a data breach almost by half.

Building cyber resilience is an ongoing process because threats evolve, businesses mature, and the value of different assets changes. Keeping up with the process, organizations can prevent, detect, and respond to emerging threats and their aftermath immediately and effectively.

**3\. Determining cyber-risk tolerance:** Organizations need to determine and define their risk tolerance regarding cyber-loss incidents. And that involves evaluating the dependencies, stability, and security of external partners and providers as well. Monitoring and protecting assets and data is not about boiling the ocean. It's about starting small, being very specific in identifying critical data elements, and then ensuring their security and integrity at all stages of the data life cycle.

A similar, selective approach should work for addressing changes in regulatory and compliance requirements, too. Organizations don't have the time or resources to do it all. They must identify what matters and make changes selectively based on their strategic business goals.

Addressing cyber-risks isn't a static process. Security teams know it, and the boards must realize it. The world of work is changing, and policies and procedures will have to reflect that. This rapidly evolving work and security environment can cause cyber fatigue and mental health challenges. Organizations must prioritize employees' education, satisfaction, and mental health. Otherwise, we'll also be witnessing a surge in insider threats on top of everything else.

Build Cyber Resiliency With These Security Threat-Mitigation Considerations

**MUNICH, February 15, 2023 –** IGEL, provider of the managed endpoint operating system for secure access to any digital workspace, today announced IGEL COSMOS. Unveiled at DISRUPT23 – The Ultimate Global EUC event in Munich, COSMOS is a unified, agile platform to securely manage and automate the delivery of digital workspaces, from any cloud. Offering a modular architecture, granular endpoint control and end-user freedom, COSMOS is designed to enable organizations to garner the full power of current-day and future clouds with extensive control, while powering great user experiences for today’s hybrid work.

The most significant new advancement with IGEL COSMOS is that, for the first time, IGEL is completely separating the base IGEL OS from its validated and integrated applications and interfaces, while adding an additional separate component in the form of value-added cloud services. Together, these three vital components comprise IGEL COSMOS. This modular architecture of “separate but equal” elements of endpoint operating system, management and control, and cloud services enables maximum IT flexibility in introducing or enhancing apps, desktops, services, and any other form of cloud-delivered digital workspaces as the cloud continues to evolve.

Featuring extensive management and control powered by the new IGEL UMS 12, the next generation of the IGEL Universal Management Suite (UMS), COSMOS enables the parallel use, management and control of endpoints running both IGEL OS 11 and the new IGEL OS 12 operating system. New cloud services, which are de-coupled from the OS, include the IGEL App Portal for use-case specific software applications offered from IGEL software partners and available for seamless download and implementation. Additional cloud services include the IGEL Onboarding Service, IGEL Insight Service, and other services and portals all designed to enhance effectiveness and user experiences for both IT professionals and end users. 

“Today’s workspaces are hybrid. Hybrid work, hybrid clouds and hybrid applications. While VDI and DaaS continue to provide organizations the safest way to deliver secure access to windows client server applications, a transition to SaaS and web-based applications has already started.  IT organizations need to make sure they can evolve at their optimal pace and at the same time, enable employees seamless, yet secure access to their cloud workspaces,” said Matthias Haas, Chief Technology Officer, IGEL. “The COSMOS platform has been designed for this new era of hybrid work. With a new modularized version of IGEL OS, a new version of our UMS management platform coupled with new cloud services that extend capabilities and enhance user experiences, COSMOS enables unmatched speed and flexibility to our customers across traditional and modern application delivery models, while still retaining security, management, and control across the entire endpoint estate.” 

“Having deployed IGEL OS to our remote workforce, we have been excited to pilot the latest innovation from IGEL including UMS 12 and IGEL OS 12,” said Simon Barlow, Group Chief Technology Officer, Operations, AXA UK & Ireland. “Our remote workforce, the agile application landscape and more frequent update cycles of unified comms require us to onboard, manage and update our endpoints faster and more efficiently than ever before. Based on our initial testing of OS 12, we are already confident that we can remotely configure, update, and patch our remote machines faster and more efficiently. With small updates and the ability to only update the Azure Virtual Desktop client, IGEL COSMOS allows us to be more agile without compromising security or change control. We are excited about the new cloud services which complement IGEL OS and UMS 12 and are proud to be included in the COSMOS platform launch.”

“Having utilized the secure IGEL OS for our VMware VDI environment, we were excited to work with IGEL on the IGEL OS 12 pilot,” said Billy Cruz, Technology Services Manager, Desktop Engineering, COCC. “The ability to update the VMware Horizon client independently from IGEL OS in the new offering allows us to deploy the latest innovation from VMware faster and more efficiently than before. The additional ability to now also update the Zoom and Webex offloading clients, independently from the VMware Horizon app, also provides additional flexibility and reduces the amount of time needed to perform management updates to increase employee experience. With a smaller attack surface and faster updates, we are excited about rolling out IGEL OS 12 in the future.”

**The Powerful, Unified Components of COSMOS**

At the core of the IGEL COSMOS platform is the new IGEL UMS 12, which offers a unified view across a heterogeneous mix of endpoints running either IGEL OS 11 or the new IGEL OS 12. This powerful, yet simple to use, management and control console enables environments already benefitting from IGEL OS to easily migrate and leverage immediate value of COSMOS without requiring an OS upgrade on all their existing devices. 

Released with COSMOS is the new IGEL OS 12 which is more lightweight and adaptable than ever. Offering increased flexibility, speed, and agile integrations, IGEL OS 12 has been architected to support any form of cloud-delivered digital experiences. It also supports a faster, more efficient delivery of features and applications tuned to specific use cases via the IGEL App Portal.  Other key services tuned to IGEL OS 12 include fast user onboarding and deep insights into endpoint usage, security, status, and compliance of IGEL UMS-managed endpoints. 

One of the most significant new cloud services adding additional value to COSMOS is the IGEL App Portal. The App Portal delivers a full range of validated applications from IGEL’s vast IGEL Ready technology partner community designed for use on IGEL OS-powered devices. Since the App Portal operates separately and independently from the IGEL OS endpoint operating system, it sharply streamlines the process of application integration, introduction, and qualification for IT teams since there is no longer any dependence on the classic, highly integrated software release process. Available for download at no extra cost, these apps can be rapidly qualified and delivered as a feature-rich experience for users, while reducing the app qualification, implementation and update processes for IT. Applications include the Microsoft Azure Virtual Desktop client, VMware Horizon client, Citrix Workspace app, Chromium Browser, Zoom Media Plugins for VDI and many more. IGEL also offers an IGEL OS API (application programming interface) for software providers that want to validate their solution for availability using COSMOS and the IGEL App Portal. 

**Availability**

COSMOS, IGEL UMS 12, and IGEL OS 12 will be available April 1. Existing users of IGEL OS 11 will be able to engage IGEL UMS 12 via an easy migration to access COSMOS advancements for existing and new devices running IGEL OS 12 in the future. For more information visit igel.com/cosmos. To schedule a discovery meeting and get early access to GA code, visit igel.com/yes.

**DISRUPT23**

COSMOS was announcement from DISRUPT23 – The Ultimate Global EUC in Munich, held February 15 and 16 at the INFINITY Hotel & Conference Resort. DISRUPT23 will hold its North American installment at the Gaylord Opryland Resort & Convention Center in Nashville, Tennessee, on April 3-5. Registration is $399 per person. To register, visit: www.disruptEUC.com.

**About IGEL**

Today, the world of work is hybrid. Multiple clouds can deliver applications sourced from anywhere to a widely distributed workforce using all types of devices. Right at the moment when the world of work needs it most, IGEL has the solution for fully managed, secure endpoint access to any digital workspace that gives IT teams strong control and end-users the freedom to work as they wish in a hybrid world. Enabling choice of any cloud, from any device, anywhere, IGEL unlocks a collaborative and productive end user computing experience while solving the common security and management challenges required to compete and win in today’s world of hybrid work.  With a growing ecosystem of more than 100 IGEL Ready technology partners, IGEL has offices in Europe and the United States and is represented by partners in over 50 countries. For more information on IGEL, visit www.igel.com.

Source

DARKReading