Driving better security outcomes for customers through partner-delivered incident response services built on Cortex XDR.

SANTA CLARA, Calif., Oct. 25, 2022 /PRNewswire/ — Building on its managed services momentum, Palo Alto Networks (NASDAQ: PANW) announced today the expansion of the NextWave Program to empower partners to rapidly contain and remediate cyberthreats by enabling them to deliver incident response (IR) services powered by industry-leading Cortex XDR®.

The effects of cybersecurity incidents are far reaching in the digital age, but navigating rapidly evolving risks can pose a challenge for organizations. To solve this challenge, many turn to managed security service providers (MSSPs) for help strengthening their security outcomes. The NextWave Program now provides the tools, training and resources to address customer demand for IR services and aligns with the expansion of the Palo Alto Networks Cortex® MSSP ecosystem, which grew 146% year over year. Leveraging a partner specializing in IR services can accelerate response and remediation across the incident lifecycle for holistic response to an incident.

"The 2022 Unit 42 Incident Response Report found that in 44% of cases, organizations did not have an extended detection and response (XDR) security solution, or it was not fully deployed on the initially impacted systems. Palo Alto Networks Cortex XDR is designed to provide more comprehensive visibility so threats are identified early along with better context for accelerated investigation and tighter containment," said Tom Barsi, vice president, WW Cortex Ecosystems, Palo Alto Networks. "We are investing in our MSSP partner ecosystem more than ever before with the expansion of the NextWave Partner Program to encompass Threat Response. Partners that achieve this designation are highly skilled and have met stringent requirements with demonstrated deep experience in delivering Threat Hunting and IR services leveraging Cortex XDR. They are able to support customers through Incident Response, during their greatest time of need."

The Palo Alto Networks NextWave Program for Threat Response offers partners:

*   **Leading IR XDR technology** built utilizing proactive and reactive use cases to reduce time and resources spent on delivering services, including collecting data, aggregating data, analyzing data and remediating; a purpose-built platform and program that is designed for true IR in addition to endpoint detection and response (EDR).
*   **Expert technical and deployment support 24/7** for online access to XDR tenants within minutes and around-the-clock technical support.
*   **Expanded routes to market** with more ways to offer proactive services to clients pre- or post-IR engagement, including advanced threat analytics, proactive assessments and attack surface management.

**NextWave Partner Quotes  
**Deloitte India and Palo Alto Networks recently announced an expansion of their collaboration to offer complete, end-to-end technology-based cyber incident response services to businesses in India. "We are pleased to have earned the Palo Alto Networks NextWave designation for Threat Response to help transform the cyber incident response space together. With cybersecurity incidents becoming increasingly prevalent and sophisticated, along with added regulatory pressure, we foresaw the need for a smarter, faster, and more extensive suite of services that would provide our clients with next-generation security technology and services. Our partnership with Palo Alto Networks affirms that commitment to our clients," said Aloke Kumar Dani, partner — Risk Advisory, Deloitte India.

"Earning the Palo Alto Networks NextWave designation for Threat Response helps further our security team's expertise in delivering a holistic security operations platform to our customers," said Kevin Kilgo, vice president of Managed Services, Fulcrum. "Combining Fulcrum's managed security services, our 24x7x365 security operations center, SIEM as a service, and SOAR capabilities with the best-in-class power of Cortex XDR has helped our SOC team significantly in addressing the ever-growing burden of our customer's detection & response operations."

"We continue to see our enterprise clients divesting internal Digital Forensics and Incident Response (DFIR) capabilities. Instead, they are outsourcing this work to chosen partners like PwC," said Ross Foley, director, Managed Cyber Defense Lead, PwC UK. "We are proud to have achieved the Palo Alto Networks NextWave designation for Threat Response to help clients respond to, contain, and remediate cyberthreats and vulnerabilities so they can focus on their business. Our solutions powered by Palo Alto Networks Cortex XDR deliver trusted offerings to clients, combining the recognized cyber expertise of both organizations to reduce the probability of a breach as well as the impact should an incident occur."

"We required a technology that checked the boxes for IR capabilities while simultaneously meeting the needs and use cases of an incident responder. The Cortex XDR platform has been built with our biggest daily pain points in mind, and it is designed to be deployed in fragile incident response situations," said Imelda Flores, head of SCILabs, Scitum TELMEX. "By receiving the Palo Alto Networks NextWave designation for Threat Response and adopting Cortex into our service delivery portfolio, we have multiplied our capabilities and offerings without investing in additional resources."

Learn more about Palo Alto Networks NextWave Threat Response.

**About Palo Alto Networks  
**Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we're committed to bringing together the very best people in service of our mission, so we're also proud to be the cybersecurity workplace of choice, recognized among Newsweek's Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021) and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

Palo Alto Networks NextWave Program Provides the Threat Response Community With XDR for Incident Response Fueled by MSSP Demand

LAVAL, QC, Oct. 25, 2022 /PRNewswire/ — Terranova Security, a global leader in security awareness training, is today launching a report that showcases the level of cyber security awareness among workers in the United States. Overall, the research uncovered that U.S. businesses still aren't doing enough to protect their organizations from cyber threats by not providing proper cyber awareness training and education.

In collaboration with research company Ipsos, Terranova Security surveyed 1,500 U.S. employees and found that the level of concern over cyber risks was alarmingly low. Just over a third (35%) of employees express little-to-no concern about data theft at work, and 20% believe they can't be targeted at all by cyber criminals.

The research shows there is still confusion among employees over who is responsible for protecting company data, despite human error being the cause of 95% of cyber issues. More than three-quarters (76%) of U.S. employees believe it's the IT department's responsibility to protect company data, compared to just 53% who understand they play an essential role.

These findings come at a time when the danger from a breach is at an all-time high. According to the Identity Theft Resource Center, 294 million people were impacted by data breaches in 2021.

The research highlights that U.S. businesses are failing to provide employees with enough education on common cyber threats and security best practices. Only 41% of employees say they work in a company where cyber security awareness training is mandatory. 43% haven't participated in any cyber security training, and nearly a third (31%) indicated that their company doesn't offer any relevant training at all.

These low training rates aren't due to a lack of interest from employees, as 77% believe cyber security training is interesting, and 57% have started or completed the training when it's offered to them.

"The research shows that there's some work to do on educating people about the important role they play in protecting data at work, but the responsibility doesn't just fall on them," **said Theo Zafirakos, Chief Information Security Officer, Terranova Security.** "It's clear that security awareness training fell by the wayside for many American businesses, even though cyber crime is rising, and that's a concern. But employees also have an appetite for learning more about it. These people are the first line of defense against any cyber attack. By investing more in education and building a culture around data security within the business, companies will set up a powerful barrier against any cyber threats."

Read the full Ipsos report and learn more about Terranova Security here.

**About Terranova Security**

Terranova Security, part of the HelpSystems solution ecosystem, has been transforming the world's end users into cyber heroes for more than 20 years. Using a proven pedagogical framework, Terranova Security training solutions empower organizations worldwide to implement programs that change user behaviors, reduce the human risk factor, and build a security-aware organizational culture. As a result, any employee can better understand phishing, social engineering, data privacy, compliance, and other critical best practices. With the addition of new features like its Content Hub and Security Awareness Index, Terranova Security consistently innovates to support all organizations' cyber-security objectives. These industry-leading solution additions also strengthen long-term information security for all professionals, regardless of region or sector, in an era where remote work and borderless productivity are standard. Learn more at terranovasecurity.com.

**About IPSOS**

Ipsos is the third largest market research company in the world, present in 90 markets and employing more than 18,000 people.

Our research professionals, analysts and scientists have built unique multi-specialist capabilities that provide powerful insights into the actions, opinions and motivations of citizens, consumers, patients, customers or employees. Our 75 business solutions are based on primary data coming from our surveys, social media monitoring, and qualitative or observational techniques.

"Game Changers" – our tagline – summarises our ambition to help our 5,000 clients to navigate more easily our deeply changing world.

Founded in France in 1975, Ipsos is listed on the Euronext Paris since July 1st, 1999. The company is part of the SBF 120 and the Mid-60 index and is eligible for the Deferred Settlement Service (SRD).

US Employees Feel Little Concern for Data Theft at Work, New Research Reveals

Open source tools by Spyderbat address the needs of Platform Engineering and DevOps teams by delivering new insights to workload activities and behaviors.

AUSTIN, Texas, Oct. 25, 2022 /PRNewswire-PRWeb/ — Spyderbat, a cloud native runtime security company, today announced its Open Source program delivering new tools to increase visibility and security in cloud native environments. Spyderbat's open source projects include Spydertop, an htop-like tool for historic understanding of a workload's process behavior, and the Spyderbat Falco Connector, integrating the popular Falco open source tool for container security with the Spyderbat platform.

Spyderbat introduces its program to contribute and participate in the open source community with useful innovations that solve real-world problems.

"Spyderbat's open source tools demonstrate that Sypderbat isn't just a security product, it's a game-changer," comments Hal Pomeranz, a Linux Forensics Expert and Instructor. "Spyderbat has created an intelligence platform that provides highly granular and customizable information from your Linux infrastructure, both in real-time and historically."

"To align to platform engineering teams' goals for productivity and reliability, it is critical to create opportunities for automation." states Brian Smith, CTO and co-founder of Spyderbat. "The objective of our open source program is to empower these teams with the necessary tooling for securing cloud native environments and sharing visibility that fosters collaboration with other teams, all with the flexibility to adapt to individuals' or organizations' needs."

As part of Spyderbat's open source program are two new tools, Spydertop and Falco Connector.

*    Spydertop is a command-line tool with a similar view as the popular troubleshooting tool htop with the added capability of retrieving  
    historic data sets from Spyderbat's API. This added capability becomes incredibly useful for troubleshooting intermittent or difficult to  
    reproduce issues. 
*   Spyderbat Falco Connector is an integration to collect Falco events into the Spyderbat platform. Mapping Falco intrusion detection events in real-time with Spyderbat identifies processes and network activity causally connected to the Falco event, including activities in other containers or to the host itself. This results in reducing the noise of false positives while immediately presenting the root cause to real concerns.

The announcement of Spyderbat's open source program coincides with their announcement of new Series A funding, fueling growth for the company's solution for cloud native runtime security. Spyderbat is a member of the Cloud Native Computing Foundation and Linux Foundation.

Spyderbat is exhibiting at KubeCon+CloudNativeCon Oct 26th-Oct 28th. Learn more about Spyderbat's solution for cloud native runtime security by visiting their booth #SU45.

About Spyderbat Spyderbat delivers cloud native runtime security to customers with unprecedented precision in intrusion prevention and mitigation. Founded in 2019 on the recognition that the manual processes of traditional security operations are completely ineffective in rapidly-changing cloud environments, Spyderbat is making threat prevention and security operation automation available with a platform for early, accurate, and thorough recognition of attacks. To learn more about Spyderbat's solutions, open source projects, career opportunities, or to begin using Spyderbat's free tier, visit http://www.spyderbat.com.

Spyderbat Announces Open Source Program for Cloud Native Visibility and Security

Upgrade boosts Akamai's dedicated mitigation capacity by 100% and enhances attack fighting capabilities for increasingly sophisticated DDoS threats.

CAMBRIDGE, Mass., Oct. 25, 2022 /PRNewswire/ — Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today announced a significant evolution of its DDoS protection platform (Prolexic) with a global rollout of new, fully software-defined scrubbing centers, which will extend its dedicated defense capacity\* to 20 Tbps and accelerate future product innovations. In the wake of increasingly sophisticated and record-setting DDoS attacks worldwide, the move further enables Akamai Prolexic to defend customers from the largest, multi-terabit attacks and provide better performance and reliability for online businesses of any size, anywhere on the planet.

New and additional globally distributed scrubbing centers analyze incoming traffic, identify threats and remove malicious activities to prevent downtime for end users or networks. The centers are fully software-defined and facilitate rapid deployments for capacity extension, better regional coverage and improved redundancy.

The initial rollout commences in Q3 2022 and continues in 2023 with additional centers being deployed in all major regions, including North America (US-East/West, Canada), Europe (Italy, Spain, Switzerland), Asia (India, Japan, Hong Kong), and the Middle East.

DDoS threats are evolving rapidly, subjecting businesses without the proper defenses to considerable risk. Since 2020, organizations have experienced a deluge of DDoS extortion, high-profile, multi-terabit attacks, hacktivism, and an explosion of novel threats.

Security teams are also under immense pressure to defend against a booming arsenal of increasingly sophisticated attacks. In 2010, the top five DDoS attack vectors represented 90% of all attacks, whereas today's top five accounted for a mere 55%.

"DDoS attacks are innovating at an unprecedented rate, but our customers can rest assured that Akamai's DDoS defense evolves even faster and will always be many steps ahead of the latest threats," said Akamai's Senior Vice President and General Manager of Infrastructure Security, Sean Lyons. "This platform advancement drastically accelerates our time to market and will enable us to deliver new cybersecurity innovations with greater frequency. In addition, our extension of defense capacity, regional presence and next generation scrubbing centers further strengthens our ability to mitigate all types and volumes of attacks. And by bringing DDoS protection even closer to our customers, they know they can rely on Akamai to deliver unmatched security without impacting latency and end user experience."

Akamai Prolexic stops attacks with a cloud-based DDoS scrubbing platform to protect applications wherever they are deployed, whether in a data center, the public cloud, or a colocation facility. It provides comprehensive protection against the broadest range of DDoS attack types and defends against high-bandwidth sustained attacks, as well as today's complex multi-vector attacks that jump from application to application. Prolexic includes proactive mitigation controls tailored to network traffic to stop attacks instantly, backed by active mitigation performed by Akamai's 24/7 global SOCC, and provides customers a unique 100% uptime Service Level Agreement (SLA).

\*Dedicated defense capacity represents the resources available for consuming and stopping attacks, and is a better indicator of DDoS mitigation capabilities than total network capacity, which also accounts for traffic delivery and utilization.

**About Akamai**

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. With the world's most distributed compute platform — from cloud to edge — we make it easy for customers to develop and run applications, while we keep experiences closer to users and threats farther away. Learn more about Akamai's security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

Akamai Announces Next Generation DDoS Defense Platform

New release extends best-in-class coverage of identity vulnerability discovery and remediation.

NEW YORK and TEL AVIV, Israel, Oct. 25, 2022 /PRNewswire/ — Illusive, a leader in identity threat detection and response (ITDR), today announced the release of its enhanced ITDR solution, enabling organizations to protect privileged identities, which are at risk of cyberattack and regulatory non-compliance. Account takeover attacks, which evade traditional detection and reduce attack dwell time to days instead of months, have become the top vector of cyberattacks.

According to Gartner®, "Deploying and maturing ITDR is a crucial security best practice."

Illusive's ITDR solution, Illusive Spotlight™ and Illusive Shadow™, enables the comprehensive discovery of the unmanaged, misconfigured and exposed identity risks that leave every organization vulnerable to attack. It delivers aggregated, prioritized and contextualized insights into identity risks, so that security teams can focus on responding to their greatest risks first. Further, the solution fully automates remediation where there is no risk to business impact.

Illusive's agentless approach scans directory structures (e.g., Active Directory), privileged access management (PAM) solutions (e.g., CyberArk, Delinea), endpoints, servers and services, revealing the gaps between the intention of an organization's identity security policies and the reality of their environment. Illusive prevents attacks by taking away what attackers need to succeed: privileged account access.

New features and benefits in Illusive's ITDR solution include:

*   **MITRE ATT&CK Risk Correlation** – Associate identity risk factors to MITRE ATT&CK tactics, techniques and sub-techniques. Dashboard-level information indicating an aggregate view of the percentage of identities vulnerable to any specific attacker tactics, such as initial access, privilege escalation or credential access, which can be drilled down into the individual identities for an aggregated view of risk.
*   **Kerberoastable Accounts** – Discover and remediate misconfigured Active Directory accounts with vulnerable Kerberos tickets that can be exploited by attackers to brute force credentials.
*   **Active Directory Domains & Trusts** – A graphical visualization of Active Directory forests, domains and trusts reveals misconfigurations that could enable an attacker to move between domains.
*   **ServiceNow Integration** – Integrate with ServiceNow to create identity-based incident tickets to facilitate identity risk resolution in the ServiceNow Incident module from within the Illusive console.
*   **Delinea Centrify Integration** – Connect with Delinea Centrify vault to continuously discover unmanaged accounts.
*   **Azure AD Privilege Classification** – Classify Azure AD user privileges based on automatically collected evidence, such as directory or subscription level privileged roles.

**About Illusive**

lllusive continuously discovers and automatically mitigates privileged identity risks that are exploited in all ransomware and other cyberattacks. Despite best-practice investments to protect identities, including deployment of PAM and MFA, 1 in 6 enterprise endpoints holds exploitable identity risks.

Illusive makes it easy for security teams to get visibility into the vulnerable identities sprawled across an organization's endpoints and servers, then eliminate them or deploy deception-based detection techniques as a compensating control to stop attackers. Illusive has participated in over 140 red team exercises and has never lost one!

Founded by nation state attackers, Illusive's technology is trusted by large global financial companies, retailers, services organizations, and pharmaceutical companies.

Illusive's Identity Threat Detection and Response (ITDR) Solution Protects Privileged Accounts

**BURLINGTON, Mass., October 24, 2022 —** Aware, Inc. (NASDAQ: AWRE), a leading authentication company applying proven and trusted adaptive authentication to solve everyday business challenges with biometrics, disrupted the industry today with the introduction of its newest product, AwareID™. Gone are the days when advanced security was only available to those organizations with large budgets, deep IT teams and time to spare. AwareID combines the historically-disjointed best practices behind identity verification, multi-factor authentication and multi-modal biometrics into a single, low-code platform that is pre-configured for the most common use cases and is functional right from the start.

“We know that the increased frequency of data breaches, the rising rate of fraud and the introduction of government regulations and mandates have driven organizations from all industries to look for security solutions that promise protection,” commented Bob Eckel, president and CEO of Aware. “The problem is, what they find when they go looking is a plethora of products from a variety of providers that all need to be technically integrated and multi-sourced to make a complete offering. This sourcing and integration takes time, money and advanced technical knowledge—thus preventing any organizations that don’t have those resources available from deploying the level of security they need. With AwareID, we’re making the latest in next-generation authentication available to the masses.”

Pre-configured for the most common use cases, and positioned at an affordable price point, AwareID tackles onboarding and authentication to help organizations of all sizes improve their security posture while enhancing the end-user experience. Non-IT professionals can protect their organization through AwareID’s intuitive, easy-to-use, low-code administrative platform. For those organizations that do have deep technical expertise, IT teams can override the pre-configuration and scale the realm of possibilities to fine tune for unique requirements—or to simply develop internal workflows and/or trade secrets to drive differentiation for their organization and offerings.

“From a consumer perspective we know that users are fed up with passwords, as reiterated in our recent survey. From a customer perspective, we know organizations are struggling to piece together disparate technology in an attempt to find the right balance of friction and security,” says Craig Herman, chief revenue officer at Aware. “AwareID takes the burden off the customer’s organization and provides a functional offering that can be deployed in a matter of minutes versus months, and at a fraction of the cost of existing piecemeal solutions.”

Aware is leveraging its 25+ years of proven implementation expertise and converging machine learning, artificial intelligence and biometrics to provide a next-generation authentication platform that aligns with the needs of organizations and protects identities against newly-emerging attack vectors. AwareID’s scalability and open environment allow it to continue to adapt to enterprise needs and the changing security landscape, giving Aware’s customers an edge they can’t find anywhere else.

To learn more about how AwareID can help your organization—and how you can bring trusted technology deployed within more than 20 countries, more than 80 government agencies (including within 12 of the 15 major Departments in the U.S. Federal Government), and more than 100 commercial leaders to your company—visit awareid.com.

**About Aware**  
Aware is a global authentication company that validates and secures identities using proven and trusted adaptive biometrics. Aware’s software and software-as-a-service offerings address the growing challenges that government and commercial enterprises face in knowing, authenticating and securing individuals through frictionless and highly secure user experiences. Aware’s algorithms are based on the most diverse data sets in the world and can be tailored to the unique security and requirements of each customer. The company empowers users to have control over identities through clear, intuitive opt-in/opt-out features, helping them feel secure and improving their lives. Aware is a publicly held company (Nasdaq: AWRE) based in Burlington, Massachusetts. To learn more, visit https://www.aware.com or follow Aware on Twitter @AwareBiometrics.

**Safe Harbor Warning**  
Portions of this release contain forward-looking statements regarding future events and are subject to risks and uncertainties, such as the projected benefits and success of AwareID, and the growth of the biometrics markets. Aware wishes to caution you that there are factors that could cause actual results to differ materially from the results indicated by such statements.

Risk factors related to our business include, but are not limited to: i) our operating results may fluctuate significantly and are difficult to predict; ii) we derive a significant portion of our revenue from government customers, and our business may be adversely affected by changes in the contracting or fiscal policies of those governmental entities; iii) a significant commercial market for biometrics technology may not develop, and if it does, we may not be successful in that market; iv) we derive a significant portion of our revenue from third party channel partners; v) the biometrics market may not experience significant growth or our products, including AwareID, may not achieve broad acceptance; vi) we face intense competition from other biometrics solution providers; vii) our business is subject to rapid technological change; viii) our software products may have errors, defects or bugs which could harm our business; ix) our business may be adversely affected by our use of open source software; x) we rely on third party software to develop and provide our solutions and significant defects in third party software could harm our business; xi) part of our future business is dependent on market demand for, and acceptance of, the cloud-based model for the use of software: xii) our operational systems and networks and products may be subject to an increasing risk of continually evolving cybersecurity or other technological risks which could result in the disclosure of company or customer confidential information, damage to our reputation, additional costs, regulatory penalties and financial losses; xiii) our intellectual property is subject to limited protection; xiv) we may be sued by third parties for alleged infringement of their proprietary rights; xv) we must attract and retain key personnel; xvii) our business may be affected by government regulations and adverse economic conditions; xviii) we may make acquisitions that could adversely affect our results, xix) we may have additional tax liabilities; and xx) we believe the effects caused by the COVID-19 pandemic may have an adverse impact on our revenue over the next several quarters.

We refer you to the documents Aware files from time to time with the Securities and Exchange Commission, specifically the section titled Risk Factors in our annual report on Form 10-K for the fiscal year ended December 31, 2021 and other reports and filings made with the Securities and Exchange Commission.

AwareID™ Offers Lightning-Fast Identity Verification, Multi-Factor Authentication and Multi-Modal Biometrics in a Single Low-Code platform

Passkeys are designed to replace passwords and allow seamless logins for consumers across devices and platforms.

SAN JOSE, Calif., Oct. 24, 2022 /PRNewswire/ — Today, PayPal announced it is adding passkeys as an easy and secure log in method for PayPal accounts. Passkeys are a new industry standard created by the FIDO Alliance and the World Wide Web Consortium that replace passwords with cryptographic key pairs, offering customers a simple and secure way to log in to PayPal based on technology that is resistant to phishing and designed so that there is no shared passkey data between platforms. The new PayPal log in option will first be available to iPhone, iPad, or Mac users on PayPal.com and will expand to additional platforms as those platforms add support for passkeys.

A founding member of the FIDO Alliance, PayPal is one of the first financial services companies to make passkeys widely available to its users. This cutting-edge security standard is significant as passkeys address one of the biggest security problems on the web, which is the weakness of password authentication. Over 2.6 billion records were hacked in 2017 and of these hacks, 81% are estimated to have been caused by password stealing and guessing1. Many consumers recycle passwords across online services, which can not only be cumbersome but can also lead consumers to reuse the same, potentially vulnerable passwords across services. Passkeys are designed to replace passwords for an even more seamless and secure login experience with PayPal.

Passkeys will also help more consumers complete their purchases with PayPal - once PayPal users create a passkey, they won't have to remember their password, allowing them to check out with greater ease. According to a recent survey of U.S. consumers, 44% of consumers have abandoned an online purchase because they forgot a password.2

"Launching passkeys for PayPal is foundational to our commitment to offering our customers safe, secure and easy ways to access and manage their daily financial lives," said Doug Bland, SVP and GM, Head of Consumer, PayPal. "We are excited to provide our customers a more seamless checkout experience that eliminates the risks of weak and reused credentials and removes the frustration of remembering a password. We are making it easier for customers to shop online."

**How to Create a PayPal Passkey**

Creating and using a passkey with PayPal is a quick and easy process on an Apple device. Once created, passkeys are synced with iCloud Keychain, ensuring a strong, private relationship between a customer and their device, and an easy sign-in experience for PayPal users with devices running iOS 16, iPadOS 16.1, or macOS Ventura.

*   Once existing customers log in to PayPal with a browser on desktop or mobile web using their existing PayPal credentials such as a username and password, they will have the option to "Create a passkey."
*   Customers will then be prompted to authenticate with Apple Face ID or Touch ID. Then the passkey will be automatically created, and next time PayPal customers log in, they won't need to use or manage a password again.

**PayPal Passkeys Can Be Used to Log In on Any Device**

If they have devices that don't support passkeys yet, users can still use an iPhone to log in with a PayPal passkey. Users simply scan the QR code that will appear after they enter their PayPal User ID.

PayPal passkeys will start rolling out today to customers in the U.S.. PayPal passkeys will become available in additional countries early in 2023, and on additional technology platforms as they add support for passkeys.

**About PayPal**

PayPal has remained at the forefront of the digital payment revolution for more than 20 years. By leveraging technology to make financial services and commerce more convenient, affordable, and secure, the PayPal platform is empowering more than 429 million consumers and merchants in more than 200 markets to join and thrive in the global economy. For more information, visit paypal.com.

PayPal Introduces More Secure Payments with Passkeys

For organizations struggling to protect a rapidly expanding volume of IoT devices, IoT fingerprinting could help with security and management.

The growing ecosystem of Internet of Things (IoT) devices, from basic IP phones and printers to more sophisticated hardware like medical devices and manufacturing equipment, requires a more comprehensive approach to IoT security.

However, businesses are struggling to adequately protect IoT devices. A July report from Barracuda Networks found 93% of organizations surveyed had failed IoT security projects. The survey also found many firms face significant challenges regarding implementation, including basic cyber hygiene.

IoT devices have proliferated because they solve a lot of problems for users, but, unfortunately, the companies that make IoT devices have been traditionally unconcerned with security. The devices often ship with known vulnerabilities (e.g., blank admin password), they are difficult to patch when vulnerabilities are found, and these headless devices are difficult to monitor as you would a laptop, especially since they don't self-identify on the network.

Organizations could turn to IoT fingerprinting to shore up device security. An IoT device fingerprint is essentially information collected about the hardware of an IoT device for the purpose of identifying its make, model, manufacturer, operating system, or device type.

**Moving to a Cloud-Native Approach**

Network and endpoint security startup Portnox recently expanded its IoT fingerprinting and profiling capabilities with a cloud-native platform for midmarket and enterprise businesses. The platform offers profiling and access control and is built to enhance zero-trust security models with no on-premises footprint.

"Without fingerprinting and profiling capabilities, all IoT devices effectively look the same or simply like an unidentifiable device," explains Portnox CEO Denny LeCompte. "All these challenges make IoT devices an attractive target for threat actors, and rightly so, as most IT teams have found shadow IoT on the network."

These shadow IoT devices are connected to the network, but the organizations have no clear visibility into or control over them.

"An attacker could enter the network through an IoT device as a part of a botnet for a denial-of-service attack, or they could use it as a stepping stone to get to more valuable devices," he explains.

While other vendors like Forescout, Cisco, and Aruba offer on-premises IoT fingerprinting platforms, LeCompte maintains that a cloud-native solution can deliver a "radically simpler deployment and management experience," enhanced security that places the onus for patching on the vendor, and a generally lower total cost of ownership.

"Organizations are shifting more and more critical security capabilities to the cloud to save on either capital or operational costs," LeCompte says. "This generally aligns with a 'do more with less' — or even 'do more with the same' — operational mindset."

**Factoring in Zero Trust**

For businesses looking to deploy an IoT fingerprinting approach as part of their security strategies, LeCompte says it's important to prioritize the solution for zero-trust security.

In theory, this would mean not allowing any IoT device onto the network if the organization is trying to legitimately institute zero trust. "That simply isn't an option from an operational standpoint, however," he adds.

LeCompte also points out that active profiling methods can place a significant burden on the IoT devices in use across the network. With passive methods, the platform pulls information that is available on the device itself or from other devices on the network.

Many IoT devices are often not prepared to perform their tasks and become overloaded with signals, which could render them ineffective or useless. "As such, it's preferred to rely on passive profiling methods, such as MAC address clustering or DHCP gleaning," he says.

LeCompte predicts that IoT fingerprinting will continue to evolve in response to innovation in IoT and the increased sophistication of cybercriminals. He notes that his company is investigating the use of fingerprinting information to bring robust security to the traditionally insecure MAC Address Bypass (MAB) devices, as well as to provide agentless risk assessment information by tapping into vulnerability and Common Vulnerabilities and Exposures (CVE) databases.

"IoT fingerprinting represents a huge gap closure with respect to zero-trust security models," he explains. "Without accurate profiling data on IoT devices, organizations simply can't confidently know what IoT devices are on their network."

IoT Fingerprinting Helps Authenticate and Secure All Those Devices

Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows.

The stress and strain of cyberattacks on the staff tasked with protecting businesses is driving droves of desperately needed security practitioners to rethink their roles.

New research from Mimecast reveals a huge mental health toll being exacted from cybersecurity professionals with every ransomware, data theft, or other cybersecurity incident.

More than half (54%) of those surveyed told researchers ransomware attacks have put a strain on their mental health, while a full 56% say their job gets harder with each passing year.

The constant barrage of attacks has also eroded a feeling of personal responsibility when an attack is successful. For comparison, Mimecast reported that last year 71% of respondents said they would "feel very personally responsible" for a successful breach — this year it was only 57%.

"With the profession facing a pressure cooker of ongoing attacks, disruption, and burnout, it’s critical that organizations support security teams by giving cyberattacks the focus and resources needed — or face losing critical employees," according to Mimecast's State of Ransomware Readiness 2022: Reducing the Personal and Business Cost report.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Stress Is Driving Cybersecurity Professionals to Rethink Roles

Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk.

Two vulnerabilities in Atlassian Jira Align, an agile planning software-as-a-service (SaaS) tool, could allow users with access to the service to become application administrators, and then attack the Atlassian service.

That's according to cybersecurity services firm Bishop Fox, which said in an advisory today that the vulnerabilities typify the risks posed to cloud services by relatively well-known, but often hard to catch, flaws. 

The two vulnerabilities found by Bishop Fox affect the Jira Align application, which is used to set agile-development goals, track efforts toward those goals, and create agile strategies. Because every instance of Jira Align is provisioned by Atlassian, an attacker could gain control of a part of the company's cloud infrastructure, Bishop Fox stated.

One vulnerability, a server-side request forgery (SSRF), could allow a user to retrieve "the AWS credentials of the Atlassian service account that provisioned the Jira Align instance," according to Bishop Fox.

The second vulnerability — in the authorization mechanism for users with the People role — could allow those users to elevate their role to Super Admin, which has access to all settings for the Jira Align tenant, such as resetting accounts and modifying settings.

The combination of the two flaws could allow a significant attack, says Jake Shafer, a security consultant with Bishop Fox, who found the flaws.

"Using the authorization finding would allow a low-privileged user to elevate their role to super admin which, in terms of information disclosure, would allow the attacker to gain access to everything the client of the SaaS had in their Jira deployment," he says. "From there, the attacker could then leverage the SSRF finding to go after the infrastructure of Atlassian themselves."

Both vulnerabilities have been patched — the first within a week and the second within a month, according to the disclosure timeline published by Bishop Fox.

However, companies should note that the increasing reliance on cloud applications has made attacks on cloud services and workloads much more common, so much so that the top class of vulnerability, according to the Open Web Application Security Project (OWASP), is broken authentication and access-control issues.

Furthermore, authorization issues are difficult for automated tools to pinpoint; plus, SSRF is a relatively new class of vulnerability that uses a cloud service's functionality and servers to conduct attacks, often bypassing security at the network edge as well as some internal security measures. 

Atlassian's Jira software has already had to deal with other instances of server-side request forgery, but the company is not alone. In 2019, a former Amazon Web Services used a SSRF vulnerability to steal data from financial firm Capital One.

**How to Combat Cloud Security Bugs**

With cloud services becoming part of operations for the vast majority of companies, tackling the top cloud vulnerabilities is critical, Shafer says.

"With the prevalence of how integrated these SaaS applications have become in the day-to-day operations of small and large companies, it’s important to remember that even these well-established companies can make mistakes," he says. "Trust but verify for all new software you’ll have to be reliant on, especially something as entrenched in the tech."

These most recent vulnerabilities highlight that developers should always make sure to double-check content supplied by users before completing a request, Shafer says. Additional input-sanitization checks could prevent both attacks.

"You're allowing customers into your cloud infrastructure, they may be paying for the service but at the end of the day they should be considered just as untrusted as a potential attacker," he says.

Companies should make sure to either manually test third-party applications or reach out to the cloud provider and check the results of their security assessments. Unfortunately, automated tools are not great at discovering authorization issues, Shafer says.

"These tools rely on a set of instructions or guidelines for what to look for and dealing with authorization issues will be different for every single piece of software out there," he says. "It’s very difficult to establish a set of rules that a scanner can pick up on and say 'Hey, user X shouldn’t be able to do Y in the context of this specific functionality.'"

Shafer lauded Atlassian's response, saying the company "did all the right things." Atlassian did not provide a comment by publishing time.

Source

DARKReading