A misleading location-tracking practice ensnared the search-engine giant in massive privacy case spanning 40 states.

Google has agreed to pay $391.5 million in a settlement with 40 US state attorneys general, over its eyebrow-raising location-tracking practices. State officials are calling it a "historic" consumer privacy case.

The search-engine giant was penalized for misleading users that they were no longer being geo-tracked when they disabled location tracking in their Google account settings. In reality, Google was still collecting their location data. As part of the settlement, Google also must clarify and revamp the way it discloses tracking policy and user controls, beginning in 2023.

"For years Google has prioritized profit over their users' privacy," said Oregon Attorney General Ellen Rosenblum, who led the case along with Nebraska Attorney General Doug Peterson, in a statement. "They have been crafty and deceptive. Consumers thought they had turned off their location tracking features on Google, but the company continued to secretly record their movements and use that information for advertisers."

As part of the settlement, Google is required to:  

1.  Show additional information to users whenever they turn a location-related account setting on or off;
2.  Make key information about location tracking unavoidable for users (i.e., not hidden); and
3.  Give users detailed information about the types of location data Google collects and how it’s used at an enhanced “Location Technologies” webpage.

Besides Oregon and Nebraska, the states working on the case were: Arkansas, Florida, Illinois, Louisiana, New Jersey, North Carolina, Pennsylvania, and Tennessee. The settlement is also joined by Alabama, Alaska, Colorado, Connecticut, Delaware, Georgia, Hawaii, Idaho, Iowa, Kansas, Kentucky, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Nevada, New Mexico, New York, North Dakota, Ohio, Oklahoma, South Carolina, South Dakota, Utah, Vermont, Virginia, and Wisconsin.

Google Forks Over $391.5M in Record-Setting US Consumer Privacy Settlement

**YAKIMA, Wash., Nov. 14, 2022 /PRNewswire/ —** Yakima Neighborhood Health Services ("YNHS") has learned of a data security incident that may have impacted data belonging to certain current and former patients.

On October 4, 2022, a file containing certain individuals' personal and protected information was inadvertently distributed to one individual. Upon learning of this accidental disclosure, YNHS took steps to ensure the recipient deleted the file from their possession.

While YNHS has no evidence that any information potentially involved in this incident has been misused, out of an abundance of caution, YNHS is informing affected individuals about the steps they can take to help protect their information. The potentially affected information may include individuals' names, dates of birth, medical record numbers, and medical treatment locations. On November 10, 2022, YNHS completed the process of identifying current address information for the affected individuals in order to effectuate written notification of the incident via US mail.

YNHS has taken steps in response to this incident and has made alterations to its cyber environment to help prevent similar incidents from occurring in the future.

YNHS has established a toll-free call center to answer questions about the incident and to address related concerns. Call center representatives are available Monday through Friday between 6am – 3:30pm PST and can be reached at 855-926-1377.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Yakima Neighborhood Health Services Notice of Data Security Incident

**DENVER, Nov. 15, 2022 /PRNewswire/ —** Red Canary, a leader in Managed Detection and Response (MDR), is one of 15 providers that participated in the first-ever MITRE Engenuity™ ATT&CK® Evaluations for Managed Services. Published in November 2022, the independent ATT&CK Evaluations assessed provider capabilities in their ability to analyze and describe adversary behavior.

**Red Canary MDR Performance Summary:**

*   Detected intrusion in Step 1
*   Identified all intrusion steps
*   Named OilRig as the emulated adversary group
*   Provided zero false positives
*   Presented information just as we would to our real-world customers

To help organizations better interpret the test, Red Canary has created an unbiased analysis of the MITRE ATT&CK results. This report provides the necessary context needed to understand the results and evaluate how different participants performed. Separately, experts have also provided a deep-dive technical analysis of Red Canary's performance, highlighting what they detected and how they responded to MITRE Engenuity's emulation activity.

"One of Red Canary's core values is our relentlessness in finding and stopping adversaries, which is why we were so excited to hear there would be an ATT&CK Evaluation of managed security service providers," said Brian Beyer, CEO and co-founder of Red Canary. "The MITRE ATT&CK test is a great resource for evaluating different providers and determining how they would help protect your organization in a real-world intrusion. All the participants should be commended for being transparent enough to take part in the evaluation."

"More than half of organizations use security service providers to protect their data and networks. We wanted to research how they are employing threat-informed defense practices for their clients," said Ashwin Radhakrishnan, general manager, ATT&CK Evaluations, MITRE Engenuity. "We don't rank the vendors in our evaluations. Organizations, however, can use the evaluations to determine which service providers may best address their own cybersecurity gaps and fit their particular business needs."

Red Canary is one of only two vendors to be a participant in the MITRE ATT&CK Evaluations for Managed Service Providers and is also listed as a "Leader" in the Forrester Wave™: Managed Detection And Response, Q1 2021. The impressive performance by Red Canary in the MITRE ATT&CK Evaluation comes on the heels of winning the Security Trailblazer award in the Microsoft Security Excellence Awards 2022.

Trusted by nearly 800 customers, including many Fortune 500 companies across industries, Red Canary is growing at 3x the pace of the overall MDR market. This growth is fueled by market-leading technology that allows Red Canary to detect threats missed by other tools – providing MDR across endpoints, networks, cloud, SaaS, and identity applications.

**About MITRE Engenuity ATT&CK® Evaluations**

ATT&CK® Evaluations (Evals) is built on the backbone of MITRE's objective insight and conflict-free perspective. Cybersecurity vendors turn to the Evals program to improve their offerings and to provide defenders with insights into their product's capabilities and performance. Evals enables defenders to make better informed decisions on how to leverage the products that secure their networks. The program follows a rigorous, transparent methodology, using a collaborative, threat-informed, purple-teaming approach that brings together vendors and MITRE experts to evaluate solutions within the context of ATT&CK. In line with MITRE Engenuity's commitment to serve the public good, Evals results and threat emulation plans are freely accessible.

**About Red Canary**

Red Canary stops cyber threats no one else does, so organizations can fearlessly pursue their missions. We do it by delivering managed detection and response (MDR) across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. As a security ally, we define MDR in our own terms with unlimited 24×7 support, deep threat expertise, hands-on remediation, and by doing what's right for customers and partners.

Red Canary Provides First-Ever MITRE Engenuity™ ATT&CK® Evaluations for Managed Services

The API-related vulnerabilities put conversations, email addresses, tickets, and more in danger of exposure via the Zendesk Explore reporting service.

Multiple security vulnerabilities in Zendesk's Web-based customer relationship management (CRM) platform could have allowed attackers to access sensitive information from potentially any customer account — a discovery that showcases application programming interface (API) endpoint weaknesses in enterprise software-as-a-solution (SaaS) applications.  

Researchers from Varonis Threat Labs discovered the issues — specifically an SQL injection vulnerability and a logical access flaw — in Zendesk Explore, a component of Zendesk's platform, they said in a blog post published Nov. 15.

More than 100,000 customers currently use Zendesk for their customer experience solution, according to the company's website. Zendesk Explore is the aspect of the suite aimed at helping those customers analyze, understand, and share data about their respective businesses.

Researchers found they could use the flaws to extract data from Zendesk Explore, including the list of tables from Zendesk’s relational database service (RDS) instance as well as all the information stored in the database. That info included email addresses of users, sales leads, deals from the CRM, live agent conversations, tickets, help center articles, and more, they said.

For successful exploitation, a potential victim would have to have Zendesk Explore enabled, and an attacker would first have to register for the ticketing service of a victim’s Zendesk account as a new external user, the researchers explained.

However, "registration is enabled by default because many Zendesk customers rely on end users submitting support tickets directly via the web," they wrote in the post. Zendesk Explore, on the other hand, is not enabled by default, but it is "heavily advertised as a requirement for the analytic insights page," the researchers noted.

Varonis worked with Zendesk to fix the flaws, which the company managed to do quickly, pushing out a patch that required no customer action "in less than one work week," the researchers said. There is no evidence that the vulnerabilities were exploited before the fix was issued, they added.

However, a look at the technical details brings up just how easy it is to introduce security flaws into cloud-based enterprise apps.

**Common Flaw, Unique Coding**

While SQL injection (SQLi) flaws are one of the most common types of vulnerabilities found in Web applications, the Zendesk issue was unique for a couple of reasons, Michael Buckbee, a security engineer at Varonis, tells Dark Reading.

"What made this particular attack novel was both how the Zendesk application was building its SQL queries — as nested objects within a larger GraphQL message — and the use of Postgres DB’s dollar-quoted string constant feature to bypass the application’s existing SQL injection filter," Buckbee says.

Zendesk uses multiple GraphQL APIs in its products, especially in the administration console, the researchers explained in the post. GraphQL is a relatively new API format, and upon investigation of its implementation in Zendesk, they found a particularly interesting object type in Zendesk Explore, named QueryTemplate, that pointed to a potential issue.

"The querySchema field stood out because it contains a Base64-encoded XML document named Query inside of a JSON object, and many of the attributes in the XML were Base64-encoded JSON objects themselves," the researchers wrote.

This represented a multiple-nested encoding, a code scenario that always catches the attention of threat researchers, "because a large number of wrappers around data usually means that many different services (which were most likely created by separate developers or even teams) are used to process this data," they said.

In short, the more code there is in an application, the more potential locations there are for vulnerabilities to lurk, the researchers said.

Researchers leveraged the admin user of their lab's own Zendesk account to explore the application further by visualizing a report in Zendesk Explore, where they found an API called execute-query that eventually led them to discover the flaws.

**Unpacking the Issues**

Some further digging led the researchers to an XML document in which all the name attributes were found to be vulnerable to a SQL injection attack, they said. Name attributes define the tables and columns to be queried in an XML document.

Further exploration of the execute-query API found that it did not perform several logical checks on request, representing another vulnerability in the application.

"The integrity of documents was not checked, allowing our team to modify them in ways that exposed the inner workings of the system," the researchers said.

Moreover, the "query,” “datasources,” and “cubeModels” IDs were not evaluated to see if they belonged to the current user. And finally, and "most critically," the API endpoint did not verify that the caller had permission to access the database and execute queries, the researchers noted

"This meant that a newly created end-user could invoke this API, change the query, and steal data from any table in the target Zendesk account’s RDS, no SQLi required," they said.

**Mitigating Risk**

With Zendesk patching the flaw quickly before it affected any customers, enterprises using the CRM solution don't need to take further action to mitigate the issue, Buckbee says. However, with SQLi issues such a common problem, Zendesk and other companies offering Web-hosted application suites should be more proactive by taking preventative steps to monitor their environments to avoid similar scenarios in the future, he says.

The situation is real: US companies face a combined $12 billion to $23 billion in losses in 2022 from compromises linked to Web APIs, which have proliferated with the increased adoption of SaaS and cloud services, and DevOps-style development methodologies, according to a recent analysis of breach data.

"Enterprise SaaS vendors should rigorously test their API endpoints for novel SQL injection attacks," Buckbee says, "such as those involving internally developed methods of generating dynamic SQL statements, to avoid exposing customers to similar risk."

Nasty SQL Injection Bug in Zendesk Endangers Sensitive Customer Data

As the threat landscape increases, public cloud security needs to evolve.

Multicloud services have become the norm rather than the exception as organizations shift to accommodate increasingly dynamic workloads. IDC has predicted that by the end of 2022, more than 90% of enterprises worldwide will rely on a mix of on-premises, dedicated private clouds, multiple public clouds, and legacy platforms to meet their infrastructure needs. As these changes continue to take root, the threat landscape has increased, and security approaches developed for the public cloud also need to evolve.

This is particularly true for government agencies. Cloud infrastructure delivers benefits including agility, mobility, cost control, and performance, but government agencies manage significant volumes of sensitive information. The stakes are higher when they move to the cloud and network traffic patterns change. As the Internet now serves as the network, firewalls, virtual private networks (VPNs), and the concept of perimeter security is obsolete. This dynamic requires a new security model, one that leverages the power and scale of the cloud.

**New Challenges**

Multicloud models enable new services for citizens and improve efficiency across the federal government; however, they also introduce new security challenges, including:

*   **Understanding and prioritizing cloud risk:** Gartner predicts that by 2025, 99% of cloud security incidents will be an enterprise's own fault, as cloud processes are managed by well-intentioned employees with little knowledge of secure cloud configuration or understanding of highly dynamic cloud environments.
*   **Applying security policies across multicloud environments:** Agencies must ensure security across infrastructure, applications, and data in multiple clouds. But managing a multicloud architecture is extremely complex, as cloud providers can be very different in terms of access and resource management.
*   **Gaining workload visibility and understanding risk exposure:** The whirlwind pace of cloud adoption creates new opportunities for threats as the attack surface expands. Security teams may find it difficult to keep pace with agile development methodologies and, in the process, lose visibility into infrastructure and risk.
*   **Ensuring misconfiguration does not expose private services or data:** Continuous development, testing, and deployment improves efficiency, but can also allow misconfigurations to slip through the cracks and introduce security vulnerabilities.
*   **Achieving workload segmentation:** IP-based network segments are typically configured to be open whether they need to be or not, which increases the attack surface. Workload segmentation, on the other hand, uses machine learning and cryptographic identity to segment application workloads and automatically update security policies.
*   **Routing traffic among multicloud environments:** Multiple environments can mean fragmented security solutions across the various cloud and data center environments. Fragmented security creates points of weakness that can make agencies vulnerable to attack.

The federal community is working to improve multicloud security. The National Institute of Standards and Technology's (NIST) Multi-Cloud Security Public Working Group explores best practices for securing complex cloud solutions involving multiple service providers and clouds. NIST has recreated a resource hub that includes free assessment tools (many developed by industry partners) to help agencies understand their cyber-risks. And, the General Service Administration Data Center and Cloud Optimization Initiative's Program Management Office has released a Multi-Cloud and Hybrid Cloud Guide for agencies migrating and deploying various cloud services.

**Multicloud Best Practices**

You can reduce multicloud security risks with best practices including:  

*   **Implement zero trust:** Protecting government data in a cloud-based, mobile-enabled world demands a “trust nothing, inspect everything” approach as mandated by the May 2021 cybersecurity executive order. A recent survey of federal cybersecurity decision-makers found that 82% agree allocating staff and budget to zero trust is vital to national security.
*   **Securely connect** **users, devices, and workloads using business policies over any network:** A cloud-delivered approach to providing fast, seamless, and policy-based access to external and internal applications can ensure employees work securely and productively from anywhere.
*   **Reduce risk of lateral threat movement**: Identity-based workload protection prevents lateral movement of malware and ransomware across servers, cloud workloads, and desktops.
*   **Simplify cloud communications:** Once lateral threat movement has been reduced, the next step is to secure workload communications to the Internet, other clouds, and data centers. Agencies need zero-trust connectivity across multicloud and hybrid cloud infrastructure, securing workload-to-Internet, workload-to-workload, and workload-to-data-center communications without the need for hubs, virtual firewalls, VPNs, or network-based policies.

Although implementing multicloud security can be a heavy lift for the government, agencies are making progress. The Technology Modernization Fund has invested in a total of 29 projects to secure and modernize IT across 17 federal agencies. And 91% of federal cybersecurity decision-makers believe the 2021 cybersecurity executive order has made US data and critical infrastructure safer.

To keep on this trajectory, government agencies need to apply lessons learned from each other, while also utilizing the expertise industry can offer.

Evolving Security for Government Multiclouds

Only 30% of respondents from other industries are as concerned about the risks associated with their IT staff.

**FRISCO, Texas, Nov. 15, 2022 /PRNewswire/ —** Netwrix, a cybersecurity vendor that makes data security easy, today announced additional findings for the financial and banking sector from its global 2022 Cloud Security Report.

Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. Indeed, 44% of respondents in this sector say their own IT staff poses the biggest risk to data security in the cloud and 47% worry about contractors and partners, compared to 30% and 36% respectively in other verticals surveyed.

"Financial organizations experience accidental data leakage more often than companies in other verticals: 32% of them reported this type of security incident within the last 12 months, compared to the average of 25%. This is a good reason for them to be concerned about users who might unintentionally expose sensitive information. To address this threat, organizations need to implement a zero-standing privilege approach in which elevated access rights are granted only when they are needed and only for as long as needed," comments Dirk Schrader, VP of Security Research at Netwrix. "Cloud misconfigurations are another common reason for accidental data leakage. Therefore, security teams must continually monitor the integrity of their cloud configurations, ideally with a dedicated solution that automates the process."

All sectors say phishing is the most common type of attack they experience. However, 91% of financial institutions say they can spot phishing within minutes or hours, compared to 82% of respondents in other verticals.

"Even though financial organizations detect phishing quickly, it is still crucial for them to keep educating their personnel on this threat because attacks are becoming more sophisticated," adds Schrader. "To increase the likelihood of a user clicking a malicious link, attackers are crafting custom spear phishing messages that are directed at the person responsible for a certain task in the organization and that appear to come from an authority figure. Regular staff training, along with continuous activity monitoring, will help reduce the risk of infiltration".

**About Netwrix**

Netwrix makes data security easy, thereby simplifying how professionals can control sensitive, regulated and business-critical data, regardless of where it resides. More than 11,500 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers.

Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.

For more information, visit www.netwrix.com.

44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security

**TEL AVIV, Israel, Nov. 15, 2022 /PRNewswire/ —** Cloud Identity and Access Security provider Authomize today announced the launch of its Identity Threat Detection and Response (ITDR) Platform, enabling customers to eliminate identity threats across all their cloud environments.

ITDR is the new category defined by Gartner for closing the security gap between Identity and Access Management (IAM) and infrastructure security controls, enabling them to protect against insider threats, account takeovers, privilege escalation, lateral movement, and other dangers to their identity and access layer.

It recognizes that just as every infrastructure surface, whether it be endpoint, network, or cloud requires a protective layer to monitor and secure it from exploitation, identity is the new perimeter and it needs security in the face of increased attacks seen over the past few years.

"From SolarWinds to Colonial Pipeline to Uber, adversaries are stepping up their focus on identities and the IAM infrastructure tools we use to manage those identities' associated access as their path to a successful breach," says Authomize's CEO and Co-founder Dotan Bar Noy. "With the launch of Authomize's ITDR Platform, we will give our customers the single point of visibility and control they need to reduce risk of an identity-based breach, detect active threats targeting the identity layer, and enable faster, more efficient responses through automation with security operations."

ITDR platform builds on Authomize's expansive Cloud Infrastructure Entitlement Management (CIEM) solutions that give it the deep, cross cloud visibility across IaaS, SaaS, and other cloud environments for the fullest spectrum of coverage over customers' identities, assets, access privileges, and activities. Their Machine Learning-driven Smart Groups engine connects to all of the environments, collecting, normalizing, and analyzing the data to create a comprehensive picture of access to the organization's cloud that is used for providing actionable recommendations for mitigating risk.

This unparalleled visibility answers the question of who has access to what, and how they are using their privileges, allowing the organization to take effective action in securing it.

"Organizations depend on valuable IAM infrastructure to help them manage their declared access, but are left blind to the state of their actual de facto access as it exists in their cloud environments," says Authomize's CTO and Co-founder Gal Diskin. "Only with Authomize can they fully understand and take control of their identity layer, proactively protecting their IAM infrastructure from malicious manipulation."

Authomize's ITDR Platform enables organizations to:

*   Harden security posture by reducing threat surface risks like stale access, over-privilege, cloud and IAM misconfigurations, and privilege escalation paths that can all lead to potential exploitation, helping them to achieve continuous Least Privilege
*   Detect active threats like creation of new admins, user impersonation, and malicious activity
*   Accelerate investigations and responses with clear visibility over identities' access in an easy to digest Access Explorer graph, along with webhooks and integrations with SIEMS, SOARs, ITSMS, and XDRs for more efficient remediation with security operations

As part of the launch of the new ITDR capabilities available on the platform, Authomize is now offering a free assessment report for interested organizations to uncover potential risks, misconfigurations, and threats to their IAM infrastructure. No agents or commitments are required to benefit from the FREE assessment.

For more information on the FREE Assessment, use the link provided here.

Authomize Launches Identity Threat Detection and Response Platform to Protect Against Identity-Based Attacks

API discovery and threat-monitoring solution tokenizes API data at its source for secure behavioral analytics, storage, compliance, and investigations.

**PALO ALTO, Calif., Nov. 15, 2022 /PRNewswire/ —** Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to enable organizations to fully see and store API data, removing the possibility of keeping sensitive data at-rest.

Today, many organizations are blind to the threats lurking within their API traffic. Even worse, organizations are forced to implement basic logging of its API traffic that doesn't contain the meaningful information about who accessed, what records were accessed or manipulated and how. There exists a justified fear of logging sensitive data or being out of compliance, and with the lack of technology that can perform it at scale, they prefer to log with low fidelity. Those logs tell you that "somebody modified or accessed a record" but typically don't disclose who accessed it, which record, or what action was performed.

This decision also results in a downstream issue of "insufficient logging", which is noted by the Open Web Application Security Project as one of the top security problems in its 2021 OWASP API Top 10. "Insufficient logging" is poor for incident forensics and, in practice, means that you can't detect abuse or investigate a case, even if you know it happened.

Tokenization is the process of substituting a sensitive data element, like a credit card number, for a non-sensitive equivalent that has no intrinsic or exploitable value or meaning. Neosec's automated tokenization is part of its 'privacy by design' philosophy and is already deployed successfully at customers around the world in financial services, insurance and hospitality companies among others.

The process allows retaining tokenized API activity data for the purposes of performing true behavioral analytics over time, ensures that sensitive data is never stored at rest, and enables only the customer to de-tokenize, based on the strictest data privacy practices.

"Solving API security starts with basic visibility and the ability to see how the APIs are used. The problem is that virtually every company logs API activity with low fidelity that doesn't enable this basic visibility" said Giora Engel, co-founder and chief executive officer, Neosec. "In order to perform true behavioral analytics and investigate cases you must store and examine historical data. But if this analysis is performed on un-tokenized data you risk storing PII and creating compliance issues. Neosec successfully retains all API activity data, in the highest fidelity, and ensures it meets data privacy standards."

This focus on data and the visibility it brings is what previously defined the creation of the EDR (Endpoint Detection & Response) security space. "Trying to implement API security without enabling basic visibility of activity is like going back to the antivirus age before the advent of EDR. Visibility into API activity allows you to detect threats, understand behavior, investigate and remediate" said Engel.

The Neosec API security solution discovers and maintains an up-to-date inventory of all APIs in use by an organization and then uses machine learning and behavioral analytics on tokenized data to find fraud and abuse by third parties and attackers. Neosec also enables proactive API threat hunting and investigations without storing any sensitive data.

The automated API data tokenization is now a capability of the Neosec platform and is fully available. There is no extra cost for use of this unique capability.

For more information about the Neosec platform or the use of tokenization:

*   Read more: Can behavioral analytics help secure APIs?
*   Read more: What does XDR have to do with API security?
*   Free Trial: Request a trial of the Neosec platform

**About Neosec**

Neosec is re-inventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities together with a team of expert threat hunters. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel. To learn more, visit Neosec.com.

Neosec Introduces Automated Tokenization to Enable Full API Visibility Without Exposure of Sensitive Data

Extends cyber asset attack surface management solution to multi-cloud environments,

**SAN JOSE, Calif., Nov. 15, 2022 /PRNewswire/ —** Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the general availability of support for Google Cloud Platform (GCP). Security teams can now use Balbix to easily quantify, prioritize and mitigate risks in their Google Cloud environments. With this announcement, Balbix has also extended its Cyber Asset Attack Surface Management (CAASM) solution to support multi-cloud environments that span both GCP and Amazon Web Services.

The rapid move to the cloud has made IT environments more complex to manage and secure. As a result, security teams struggle to get a consolidated view of risk. Yet, 63 percent of organizations say they look at security posture in the cloud separately from on-premises, according to Cybersecurity Insiders' 2002 State of Security Posture Report.

"Our customers' environments can include over 1 million assets, spread across multiple clouds and their own facilities. Managing an attack surface this large is no longer a human-scale problem," said Gaurav Banga, Founder and CEO of Balbix. "With Balbix's new support for GCP, our customers can use automation to manage cybersecurity posture across more of their environment."

**Cyber Security Posture Automation for Google Cloud Platform  
**Balbix now provides support for popular Google Cloud services, including Compute Engine, Cloud Storage, Cloud SQL, Google Kubernetes Engine (GKE) Cluster & Deployments, Cloud Functions, Cloud Key Management Service (KMS), Pub/Sub and Secret Manager. As a result, Balbix customers with Google Cloud environments can use automation and advanced analytics to:

*   Get comprehensive, near real-time visibility of their Google Cloud assets.
*   Combine data from Google Cloud with their other IT and security tools to gain security and business context for their assets.
*   Discover misconfigurations – the most exploited attack vector for the cloud – as well as unpatched software vulnerabilities, weak credentials and trust issues.
*   Measure risk in terms of breach likelihood and business impact in order to prioritize remediation.
*   Calculate and report on cyber risk quantified in dollars (or other currencies) instead of risk scores

**Cyber Asset Attack Surface Management for Multi-Cloud Environments  
**The addition of support for GCP extends Balbix's CAASM solution to multi-cloud environments. Security practitioners no longer need to use multiple tools or combine data manually from these tools in a custom spreadsheet to understand their security posture. They can see the relationships between assets, applications and users no matter where the assets are in the cloud or on-premises. They can also identify any gaps in coverage for security controls.

Balbix provides more than just visibility. Unlike other vendors, Balbix combines CAASM with Risk-Based Vulnerability Management (RBVM) and Cyber Risk Qualification (CRQ) solutions so security teams are able to immediately take action to reduce their cyber risk. They can continuously identify, prioritize and mitigate security issues as they emerge, while quantifying and tracking residual cyber risk in dollars. Daily cybersecurity decisions – operational as well as executive – can be made using a unified and up-to-date view of cyber risk.

"By adding support for Google Cloud, Balbix has broadened its risk model to be inclusive of multiple public cloud platforms and allowed organizations to better measure their overall cyber risk," said Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. "Customers can leverage this unified risk model to quantify cyber risk by business unit, geography, site, asset type or business owner – and quickly remediate those risks."

The API-based Balbix Connector for Google Cloud Platform collects asset inventory and misconfiguration data and is available now. Visibility into other types of vulnerabilities is provided by optional Balbix sensors. These sensors also catalog the software bill of materials (SBOM) of applications running in GCP. Data collected by Balbix connectors and sensors is automatically deduplicated, correlated and inferenced to provide security teams with an accurate and unified view of risk.

To learn more about Balbix and its CAASM solution, visit https://www.balbix.com.

**About Balbix  
**Balbix enables businesses to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. Our SaaS platform, the Balbix Security Cloud™, ingests data from businesses' security and IT tools so they can understand every aspect of their cybersecurity posture, build a unified cyber risk model and obtain actionable insights for risk reduction. With Balbix, businesses can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions.

A rapidly growing set of Fortune 500 companies trust Balbix as the "brain" of their infosec programs and are realizing the benefits of maximally automated workflows and reduced cyber risk. Balbix was recognized in CNBC's 2022 list of Top 25 Startups for the Enterprise and ranked #32 on the 2021 Deloitte Fast 500 North America.

Balbix Announces Cybersecurity Posture Automation Support for Google Cloud Platform

**SAN FRANCISCO, Nov. 15, 2022 /PRNewswire/ —** Bugcrowd, the leader in crowdsourced cybersecurity, today announced that CREST, the gold standard for quality assurance accreditation in the cybersecurity industry, has named the company as a CREST Accredited provider for penetration testing. The certification acknowledges that Bugcrowd meets the CREST standards for:

*   Company operating procedures and standards
*   Testing by trusted, reliable, qualified pentesters
*   Ethical and effective testing procedures
*   Protecting customer data

"CREST accreditation is widely considered a proof point for thorough, effective, reliable penetration testing, especially in regulated industries like Financial Services and Public Sector," said Casey Ellis, Founder, Chairperson and CTO, Bugcrowd. "We're proud to have earned this distinction for Bugcrowd Penetration Testing."

"We are pleased to welcome Bugcrowd as a CREST member company," said Rowland Johnson, president of CREST. "Bugcrowd's accreditation for providing penetration testing in the UK gives its customers added reassurance that its services meet the very highest standards because CREST accreditation requires rigorous assessment of business processes, data security and testing methodologies. This puts Bugcrowd in a strong position, along with other CREST members, to take advantage of the growing demand for high quality penetration testing services."

**About CREST**

CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence services and Security Operations Centre (SOC) services. All CREST member companies undergo regular and stringent assessment; while CREST-qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence. CREST is governed by elected Councils of experienced security professionals who also promote, develop and support awareness, ethics and standards within the cyber security marketplace.

**About Bugcrowd**

Today's organizations demand a proactive approach to cybersecurity that uncovers hidden vulnerabilities in the attack surface, before malicious hackers find them. Bugcrowd offers the only multi-solution platform for crowdsourced security that orchestrates data, technology, and human intelligence to find risks that other approaches commonly miss. With that unique approach, the Bugcrowd Security Knowledge Platform™ enables businesses to do everything proactively possible to protect their organization, reputation, and customers from being blind-sided by cyberattacks through Bug Bounty, Vulnerability Disclosure Programs, Penetration Testing, and Attack Surface Management. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at www.bugcrowd.com.

Source

DARKReading