Integrated OT solution streamlines the auditing of firewalls for misconfigurations and conflicting rules.

**CHICAGO & SAN CARLOS, Calif. —** **(BUSINESS WIRE) —** Network Perception, innovators of operational technology (OT) solutions that protect mission-critical assets, and Check Point Software Technologies Ltd., a leading provider of cyber security solutions globally, today announced the integration of security technologies, making it possible to ensure that OT firewall environments are properly configured and continuously verified for the protection of critical assets.

Check Point provides the security infrastructure while Network Perception’s NP-View platform protects critical assets by providing compliance verification, cybersecurity visibility and operational velocity, allowing for the continuous verification and visualization of the security posture. Network Perception NP-View uses the Check Point Security Management Restful API to import network device configurations, offline or continuously, to instantly visualize network architecture, identifying all points of network connectivity and the exposure of protected assets. The combined solution verifies access to ports and services across different trust zones to protect mission critical assets.

“Checking for firewall misconfigurations and conflicting rules sounds easy, but manual audits on dozens or hundreds of firewalls can take days or weeks of time - and one error or omission can expose your network to security vulnerabilities and risks,” said Robin Berthier, CEO of Network Perception. “Integrating with Check Point ensures that a security infrastructure is configured the best way possible, protecting networks from the latest threats.”

“Network Perception’s platform takes essential auditing technology and makes it continuous for proactive OT network security that builds cyber resiliency,” said Jason Min, Head of Business Development at Check Point Software Technologies. “By integrating our technologies, our joint solution allows for a fully consolidated cyber security architecture that protects business and OT infrastructure against sophisticated cyber-attacks across networks, endpoint, cloud and mobile.”

For more information on the integration between Network Perception NP-View and Check Point, please view this short video: https://www.youtube.com/watch?v=rZfHHmWAmEw

**About Network Perception**

Network Perception proactively protects industrial control systems by ensuring network access security as the first line of perimeter defense. Our monitoring software provides complete network transparency and continuous mapping to better support cybersecurity compliance and enable greater cyber resiliency. For more information, visit www.network-perception.com.

Network Perception and Check Point Software Technologies Partner to Tighten the Security of OT Firewall Environments

The sophisticated and ever-evolving threat known as LodeInfo is being deployed against media, diplomatic, government, public sector, and think-tank targets.

Chinese-speaking threat actor APT10 has been using a sophisticated and sometimes fileless backdoor to target media, diplomatic, governmental, public sector, and think-tank targets, since at least March, researchers have found.

Researchers at Kaspersky have been tracking the LodeInfo malware family since 2019, they said in one of two blog posts  published Monday that lay out a two-part investigation on the emerging threat. The group is bent on espionage, primarily against Japanese targets to date.

However, as threat actors are constantly updating and modifying LodeInfo — particularly with anti-detection features and varying infection vectors — it's been difficult to stay on top of its use and deployment, the researchers said.

"LodeInfo and its infection methods have been constantly updated and improved to become a more sophisticated cyber-espionage tool while targeting organizations in Japan," the researchers wrote in one of their posts. "The LodeInfo implants and loader modules were also continuously updated to evade security products and complicate manual analysis by security researchers."

JPCERT/C first named LodeInfo in a blog post in February 2020, when it was the payload in a spear-phishing campaign targeting Japan, according to Kaspersky. The following year, Kaspersky researchers also shared new findings during the HITCON 2021 conference that covered LodeInfo activities from 2019 to 2020. At the time they attributed the malware to APT10 — also known as the "Cicada" group — with "high confidence," the researchers said.

Kaspersky's latest intelligence on LodeInfo in the first half of their report focuses on their identification of current versions of the malware — in which researchers detected v0.6.6 and v0.6.7 — and their various infection methods tracked between March and September in use against targets in Japan. The second part unveils an investigation of new versions of LodeInfo shellcode — including v0.5.9, v0.6.2, v0.6.3 and v0.6.5 — identified in March, April, and June, respectively, the researchers said.

**Varied Infections Methods**

Researchers outlined four different infection methods that threat actors are using to get the LodeInfo backdoor on victim systems.

The first, identified in March and used in previous attacks observed by Kaspersky, started with a spear-phishing email that included a malicious attachment installing malware persistence modules, the researchers said. These modules were comprised of a legitimate EXE file from the K7Security Suite software used for DLL sideloading, as well as a malicious DLL file loaded via the DLL sideloading technique.

The malicious DLL file includes a loader for the LodeInfo shellcode that contains a 1-byte XOR-encrypted LodeInfo shellcode internally identified by version 0.5.9, the researchers said.

Another infection method uses a self-extracting archive (SFX) file in RAR format that contains three files with self-extracting script commands. When a targeted user executes this SFX file, the archive drops other files opens a .docx containing just a few Japanese words as a decoy, the researchers said.

While this decoy file is being shown to the user, archive script executes a malicious DLL via DLL sideloading that start a process that eventually deploys LodeInfo v0.6.3, they said.

A third infection vector uses another SFX file, first seen spread via a spear-phishing campaign in June, that exploits the name of a well-known Japanese politician and uses self-extracting script and files similar to the previous vector. This initial infection method also includes an additional file that decrypts shellcode for the LodeInfo v0.6.3 backdoor, the researchers said.

"The file name and the decoy document suggest the target was the Japanese ruling party or a related organization," they explained, adding that they observed another SFX file with a similar method and payload on July 4.

The fourth infection vector that researchers outlined was observed in June and appears to be a brand-new method that threat actors added this year, they said. This vector uses a fileless downloader shellcode — dubbed "DOWNIISSA" by the researchers — delivered by a password-protected Microsoft Word file. The file includes malicious macro code completely different from previously investigated samples of LodeInfo, the researchers said.

"Unlike past samples … where the malicious VBA macro was used to drop different components of the DLL sideloading technique, in this case the malicious macro code injects and loads an embedded shellcode in the memory of the WINWORD.exe process directly," they explained. "This implant was not present in past activities, and the shellcode is also a newly discovered multi-stage downloader shellcode for LodeInfo v0.6.5."

**Advanced Evasion Tactics**

Kaspersky researchers also outlined the various advanced evasion tactics displayed in new versions of the malware's shellcode, demonstrating how threat actors are evolving the malware to increase the chances they won't be caught, the researchers said.

"These modifications may serve as a confirmation that the threat actors track publications by security researchers and learn how to update their TTPs \[tactics, techniques, and procedures\] and improve their malware," they wrote.

For example, the LodeInfo v0.5.6 shellcode demonstrates several enhanced evasion techniques for certain security products, as well as three new backdoor commands implemented by the developer, researchers said.

It also contains a hardcoded key, NV4HDOeOVyL, used later by an antiquated Vigenere cipher, and it generates random junk data "possibly to evade beaconing detection based on packet size," they noted.

Another shellcode, in LodeInfo v0.5.6, uses revised crypto-algorithms and backdoor command identifiers — obfuscated with a 2-byte XOR operation that that was defined as 4-byte hardcoded values in previous LodeInfo shellcodes, the researchers said.

"We also observed the actor implementing new backdoor commands such as 'comc,' 'autorun,' and 'config' in LodeInfo v0.5.6 and later versions," they explained. "Twenty-one backdoor commands, including three new commands, are embedded in the LodeInfo backdoor to control the victim host."

Other LodeInfo shellcodes, v0.6.2 and later versions specifically, include a curious geographic identifying feature that looks for the “en\_US” locale on the victim’s machine in a recursive function and halts execution if that locale is found, the researchers said, indicating that the threat actors are avoiding US targets.

Another core modification of the LodeInfo shellcode observed by Kaspersky was support for Intel 64-bit architecture, which expands the type of victim environments that threat actors can target, they said.

Overall, the updated TTPs and improvements in LodeInfo and related malware "indicate that the attacker is particularly focused on making detection, analysis, and investigation harder for security researchers," the researchers wrote.

Kaspersky shared various indicators of compromise in part two of its post on LodeInfo. The firm is encouraging other security researchers and the overall community in general to collaborate on identifying LodeInfo and related malware attacks in victim environments to prevent and mitigate further attacks.

China-Backed APT10 Supercharges Spy Game With Custom Fileless Backdoor

Containers and their supporting infrastructure are too important to ignore.

How will threat actors attack and utilize containers? This is a question I constantly think about. I've been working in this area for more than two decades now, and I feel like I should have an answer. But I don't.

Instead, I have a lot of different ideas, none of which I can really pinpoint as correct. Part of this indecision is because of all the time I spent learning security in the "legacy" world. Containers do not really have an analog. Sure, virtual machines (VMs) are often conflated with containers, but they were never able to scale like containers. They are also used for completely different purposes than containers. It's taken a while to adjust my thinking and understand where containers actually fit into the attack surface.

The public examples of attacks against containerized environments are very limited. The breaches almost always are cryptomining related, which are serious attacks, but the incident responder in me finds them underwhelming. Another commonality is they are mostly the result of a misconfiguration, whether that be in Kubernetes or a cloud account. The combination of the motives and the tactics have not been very inspiring so far.

**The Old Way**

Remote code execution (RCE) vulnerabilities have been the main concern in computer security for a long time. They are still, but how does this way of thinking apply to containers? It's easy to immediately jump to RCE as the primary threat, but it doesn't seem to be the right way to approach containers. For one thing, containers are often very short lived – 44% of containers live less than five minutes – so an intruder would have to be quick.

This approach also assumes that the container is exposed to the Internet. Certainly some containers are set up this way, but they often are very simple and use well-tested technologies, like NGINX. There may be zero-days out for these applications, but they would be extremely valuable and hard to come by. My experience has shown me that a lot of containers are used internally and don't connect directly to the Internet. The RCE scenario gets a lot more difficult in that case. I should mention Log4j, though these sorts of vulnerabilities have the potential of being exploited remotely even if the vulnerable system isn't on the edge.

**The New Way**

If RCE isn't the biggest threat facing containers, then what is? Are containers even on the radar of threat actors? Yes, containers and their supporting infrastructure are too important to ignore. Container orchestration software has allowed containerized workloads to be scaled to unimaginable numbers. The usage trend is also increasing, so you can be sure they will be a target. They just can't be thought of like servers you get at through RCE vulnerabilities.

Instead, the reverse is actually true. Instead of attacking containers from the outside in, they need to be attacked from the inside out. This is essentially what supply chain attacks do. Supply chain is an extremely effective attack vector against containers when you start to understand how they are built. A container starts with a definition file, such as Dockerfile, which defines everything that will be in the container when it runs. It is turned into an image once built, and that image is what may be spun up into a workload an innumerable amount of times. If anything in that definition file is compromised, then every single workload that runs is compromised.

Containers are often, but not always, purpose-built with an application that does something and exits. These applications can be almost anything — the important thing to understand is how much is built using libraries, either closed source or open source, written by other people. GitHub has millions of projects, and that's not the only repository of code out there. As we saw with SolarWinds, closed source is vulnerable to supply chain attacks as well.

A supply chain attack is a great way for threat actors to get into a target's container environment. They can even let the customer's infrastructure scale their attack for them if the compromise goes unnoticed. This type of scenario is already playing itself out, as we saw with the Codecov breach. But it is difficult to detect due to how new all of this is and how our thinking is still rooted in the problems of the past.

**A Way Forward**

As with fixing most problems, visibility is usually a great place to start. It's hard to fix what you can't see. To secure your containers you need to have visibility into the containers themselves, as well as the whole pipeline that builds them. Vulnerability management is one type of visibility that must be integrated into the build pipeline. I would also include other static analysis tools, such as ones that look for leaked secrets to that as well. Since what a supply chain attack looks like can't really be predicted, runtime monitoring becomes critical so you know exactly what your containers are doing.

Where Are All of the Container Breaches?

36% of Americans have fallen victim to holiday shopping scams.

**TEMPE, Ariz. and PRAGUE, Nov. 1, 2022 /PRNewswire/ —** A global study from Norton, a consumer Cyber Safety brand1 of NortonLifeLock (NASDAQ: NLOK), sheds new light on the risks consumers will take this holiday shopping this season. According to the 2022 Norton Cyber Safety Insights Report: Special Release – Holiday, conducted online in August 2022among 1,000 U.S. adults 18+ by The Harris Poll, one in three American adults (34%) admit to taking more risks when online shopping during holiday season compared to other times of the year.

The study found a staggering 36% of Americans have fallen victim to online shopping scams during the holidays, losing $387 on average as a result. Of those victimized, most frequently cybercriminals connected with them via email (40%), through social media (38%), third-party websites (32%), texts (28%) or phone calls (23%).

"Now more than ever, many are willing to do whatever it takes online to save on big ticket holiday items, even if it puts them at risk," said Kevin Roundy, Researcher and Senior Technical Director, NortonLifeLock. "The past frenzy of lining up outside stores early to grab must-have holiday gifts has mostly moved online."

Roundy continues, "Inflation and cost-cutting has pushed more Americans to look for discounts, with three-quarters of U.S. adults (77%) willing to take any action to cut costs this holiday season. At this time of year, and this year in particular, vigilance is needed around offers that seem too good to be true, especially when shopping on unfamiliar sites or links via social media."

Nearly 1 in 5 U.S. adults (17%) admit they would willingly risk giving away personal information to obtain a high demand gift or toy over the holiday season– more than one in ten (12%) would go so far as to share their name, email or birthdate which could compromise their identity, however 9% admit they would share the personal details of a friend or family member to secure a high demand gift. Further, more than 2 in 5 Americans (41%) admit to risking their personal information in some way during the holiday season, typically by posting a picture of an expensive gift they have received (19%), posting a picture of their travel destination (18%), tagging their current location on social media (18%), or posting a picture of their travel plans without removing any personal information (13%).

While most Americans (89%) say they feel confident shopping safely online this holiday season, more than 2 in 5 (43%) admit they aren't really sure of the best ways to do so. When shopping online Norton experts recommend the following actionable steps to identify and avoid risks when online shopping:

*   Checking ratings of online sellers
*   Avoiding suspicious links from social media ads or unfamiliar emails using a virtual private network (VPN) when making online purchases on public or unsecured Wi-Fi.

Norton helps consumers shop safely online with products like Norton Safe Web, which enables users to check for unsafe hyperlinks with the Link Guard Feature. For those looking to take preventative steps to safeguard their connected devices, online privacy and identities, Norton provides all-in-one protection from cyber threats through Norton 360 with LifeLock Select.

To view the study's full results and accompanying visual assets, please visit the 2022 Norton Cyber Safety Insights Report: Special Release – Holiday press kit at https://newsroom.nortonlifelock.com/norton-cyber-safety-report.

**About the 2022 Norton Cyber Safety Insights Report: Special Release – Holiday**

The research was conducted online in the United States by The Harris Poll on behalf of NortonLifeLock among 1,000 adults aged 18+. The survey was conducted August 15 – September 1, 2022. Data are weighted where necessary by age, gender, race/ethnicity, region, education, marital status, household size, household income, and propensity to be online to bring them in line with their actual proportions in the population.

Respondents for this survey were selected from among those who have agreed to participate in our surveys. The sampling precision of Harris online polls is measured by using a Bayesian credible interval. For this study, the sample data is accurate to within + 3.8 percentage points using a 95% confidence level. This credible interval will be wider among subsets of the surveyed population of interest.

**About NortonLifeLock Inc.**

NortonLifeLock Inc. (NASDAQ: NLOK) is a global leader in consumer Cyber Safety, protecting and empowering people to live their digital lives safely. We are the consumer's trusted ally in an increasingly complex and connected world. Learn more about how we're transforming Cyber Safety at NortonLifeLock.com.

Online Holiday Shopping Frenzy: Study Shows 1 in 3 Americans Tend to Take More Risks When Shopping Online During Holiday Season

New offering goes beyond industry requirements to help maximize the value of SIEM investments.

**P****LANO, Texas, Nov. 1, 2022 /PRNewswire/ —** Critical Start, a leading provider of Managed Detection and Response (MDR) cybersecurity solutions, today announced the launch of its new managed service for Security Information & Event Management (SIEM). Available to new and existing customers, the new service is an add-on to Critical Start's existing MDR for SIEM offering and supports Microsoft Sentinel™ and Splunk Cloud®. It simplifies the architecture and deployment of SIEM solutions to help organizations derive the maximum value from their SIEM investments for risk management, compliance and threat detection use cases, and holistically improve their security posture.

According to Gartner, "Managed SIEM has a compelling adoption rate as SIEM technologies are becoming more accessible and more mid-security-maturity buyers are entering the market having accelerated their security needs and maturity by adopting cloud-based IT."1

"SIEM solutions provide important security benefits but are often complex in nature and challenging to deploy, tune, manage and maintain. As a result, security leaders may be prevented from deploying or enhancing SIEM technologies, greatly limiting the improvement of their cybersecurity maturity," said Chris Carlson, SVP Product at Critical Start. "Our new managed service works cohesively with customers' SIEM products to handle the heavy lifting associated with implementation and customization, including recommendations for log source tuning to lower SIEM ingestion costs while maintaining robust threat detection visibility."

In addition to delivering all the requirements and optional features outlined in the 2022 Gartner _Market Guide for Managed SIEM Services__,_ Critical Start Managed SIEM experts help identify and continuously analyze log sources to ensure they are of high fidelity and provide the following value-added services:

*   Configuration and Customization – includes custom development for customer-specific dashboards, reports, and log sources to support security, risk, compliance and audit use cases.
*   Quarterly Service Reviews – provides visibility into how the SIEM is performing to help customers control costs and increase security outcomes.
*   Ingest Cost Analysis for Microsoft Sentinel - analyzes billing vs. ingest for specific Microsoft data sources recommending the appropriate commitment tiers over the length of the contract to maximize log ingest cost savings. This service is unique to Critical Start.
*   Data Source Health Monitoring – offers log source performance, availability and capacity monitoring to identify potential issues with log ingestion.
*   Risk Reduction Reviews – analyzes adding log sources and detection content to deliver the most coverage under the industry-standard NIST CSF and MITRE ATT&CK® Matrix Frameworks.
*   Ease of Upgrade – Managed SIEM is a service add-on to Critical Start's industry-leading MDR for SIEM offering. Customers can add Managed SIEM when they purchase the MDR service or anytime during the MDR contract term.

For additional details on this new service offering, visit Critical Start's Managed SIEM page.

1Gartner, _Market Guide for Managed SIEM Services_, Al Price, John Collins, Andrew Davies, Mitchell Schneider, Angel Berrios, August 17, 2022. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

**About Critical Start  
**Today's enterprise faces radical, ever-growing, and ever-sophisticated multi-vector cyber-attacks. Facing this situation is hard, but it doesn't have to be. Critical Start simplifies breach prevention by delivering the most effective managed detection and incident response services powered by the Zero Trust Analytics Platform™ (ZTAP™) with the industry's only Trusted Behavior Registry™ (TBR) and MOBILE**SOC**®. With 24x7x365 expert security analysts, and Cyber Research Unit (CRU), we monitor, investigate and remediate alerts swiftly and effectively, via contractual Service Level Agreements (SLAs) for Time to Detection (TTD) and Median Time to Resolution (MTTR), and 100% transparency into our service. For more information, visit criticalstart.com. Follow Critical Start on LinkedIn, Twitter, Facebook, Instagram.

Critical Start® Launches New Managed SIEM Service

FitStack offers a SaaS-based platform — supporting both cloud native and on-prem environments — to take risk and vulnerability out of application development.

**MADISON, Wis., Nov. 1, 2022 /PRNewswire/ —** Today Varsity Venture Studio – a collaborative venture studio between the University of Wisconsin-Madison, the Wisconsin Alumni Research Foundation (WARF) and venture builder High Alpha Innovation – announced the public launch of FitStack (www.fitstack.dev), a proactive risk management solution for application development teams to address the ongoing challenges in managing software supply chain security.

To address these issues, co-founders Roger Cummings (CEO) and Dr. Mohannad Alhanahnah, Ph.D. (CTO) are positioning FitStack to streamline the overall DevSecOps process. Unlike passive tools that merely identify code and container vulnerability and configuration issues, the FitStack platform proactively addresses them, shows developers the changes that have been made, and ensures that modified applications will execute at runtime.

"In today's environment, it's essential for development teams to gain control, limit exposure, and reduce overall risk," explains Cummings. "FitStack is proactively driving security best practices into the earliest stages of the application development lifecycle. We are building FitStack to make sure our solution can fit into everyone's CICD pipeline in the most efficient manner. By reducing application attack surfaces, exposing application vulnerabilities, and generating compliance reports, we are protecting organizations from malicious events and delivering the insight they need to run their business."  

Cummings and Alhanahnah bring decades of leadership experience in the data, cloud, networking, and infrastructure computing industries. Cummings is a serial entrepreneur who has led five early-stage companies to successful acquisitions, assisted in raising over $1B in funding while scaling organizations worldwide. He previously served as CEO of Evidence IQ, an evidence-based data intelligence company. Alhanahnah has extensive experience in software security research with a focus on leveraging static analysis, dynamic analysis, and formal methods for securing application and machine learning. He recently completed post-doctoral research in the lab of Dr. Somesh Jha, a professor in the Department of Computer Sciences at UW-Madison and a co-founding advisor to FitStack. They have co-authored several papers on improving application safety, security and privacy.

WARF not only helped launch the company as a partner in Varsity Venture Studio, but also licensed the technology to FitStack. Greg Keenan, Senior Director of WARF Ventures, notes, "Helping campus innovators like Drs. Jha and Alhanahnah bring their patented technology to market delivers on our mission to support the commercialization of UW-Madison research for both commercial and societal impact. We are really excited about the market opportunity the company is addressing and look forward to seeing what the FitStack team accomplishes from here."

"Development teams who aren't addressing risk management are already behind the curve, but they can't do it alone," concludes Elliott Parker, CEO of High Alpha Innovation. "Roger and Mohannad's solution to such a pressing problem is the perfect fit for building a startup via Varsity Venture Studio."

**About Varsity Venture Studio**

Varsity Venture Studio, a University of Wisconsin-Madison-wide venture studio, turns ideas into funded software businesses. Varsity Venture Studio is a collaboration between the University of Wisconsin-Madison, Wisconsin Alumni Research Foundation (WARF) and venture builder High Alpha Innovation, and is the first university venture studio of its kind. Learn more about Varsity Venture Studio at varsityventurestudio.com, High Alpha Innovation at highalphainno.com, and about WARF at warf.org.

FitStack, a New Solution For Code and Container Risk Management, Launches With Support From Varsity Venture Studio

Nudge Security releases new research conducted in consultation with leading psychologists at Duke University linking employee security behavior with attitudes and emotions.

**AUSTIN, Texas, Nov. 1, 2022 /PRNewswire/ —** What cybersecurity practitioners have long suspected is true: **67%** of employees would try to circumvent security controls that block access to unsanctioned SaaS applications at work. However, the reason why might come as a surprise. According to new research from Nudge Security, undesirable security behaviors may have less to do with lack of awareness and more to do with basic human emotions.

Key finding: 67% of employees would try to work around security controls that block access to unsanctioned SaaS apps.

Released today, "Debunking the 'stupid user' myth in security," is a new report from Nudge Security that explores how workers' attitudes and emotions influence security behaviors. Based on research conducted in consultation with leading psychologists at Duke University, it confirms that workers are more likely to comply with security controls if they find the experience to be positive and reasonable.

"We now have evidence to suggest that improving the employee experience of security can actually lead to better security outcomes," said Russell Spitler, CEO and co-founder of Nudge Security.

The research took 900 participants through a common scenario: needing to access a SaaS application for work. Participants were randomly assigned to one of three "security interventions" that either blocked access to the application, revoked access punitively, or nudged participants to justify access. Participants were asked to rate how reasonable they found the intervention, how positively or negatively they felt about it, and how likely they were to comply with it. Overall, participants' attitudes and emotions strongly correlated with their likelihood of compliance.

**Key Findings**

*   **67%** of participants said they would not comply with the blocking intervention. Instead, they would look for a workaround.
*   Participants perceived nudging as the most positive and reasonable intervention. They were **3X** more likely to feel negatively about blocking and punitive interventions.
*   **78%** of participants would comply with a nudge, **2X** the compliance rate of the blocking intervention.

Dr. Aaron Kay, PhD, J Rex Fuqua Professor of Management and Professor of Psychology & Neuroscience at Duke University and Nudge Security advisor, consulted on the development of the research.

"This research underscores basic tenets of human psychology and demonstrates that, even in cybersecurity, attitudes and emotions are strong predictors of behavior," said Kay. "Security leaders are setting themselves up for failure when they implement security controls with the assumption that employees will comply mechanically, regardless of their own self interests."

Kay and Spitler will discuss the research during an upcoming webcast. Register here. Download the full report at www.nudgesecurity.com.

**About Nudge Security**

Nudge Security is transforming the human element of cybersecurity by nudging employees towards secure SaaS adoption. Founded in 2021 by Jaime Blasco and Russell Spitler, the company secured funding from Ballistic Ventures in 2022. A fully remote company, Nudge Security has outposts in Austin, Texas and Jackson, Wyoming. Learn more at www.nudgesecurity.com and follow on Twitter and LinkedIn.

Can You Nudge Employees Toward Better Cybersecurity? New Research Says Yes

Announces technology partnership with Verve Industrial.

**CHARLOTTESVILLE, Va., Nov. 1, 2022 /PRNewswire/ —** Mission Secure, a leader in OT and ICS cybersecurity, today announced the release of its Sentinel 5.0 platform, a milestone in enabling Zero Trust security architectures for critical infrastructure. The Sentinel 5.0 platform provides dynamic, context-aware cybersecurity policy monitoring and enforcement for operational technology systems.

"Zero Trust architectures are the most powerful and practical way to increase safety and reduce risk for industrial cyber-physical processes," says Jens Meggers, Executive Chairman of Mission Secure. "With Sentinel 5.0, we are launching a game changer that allows granular implementation of access policies from the physical signal all the way to the cloud. It is whitelisting on steroids: industrial strength, context-driven, intrusion prevention and mitigation."

**Why Zero Trust?**

Zero Trust is a well-established IT cybersecurity principle that has yet to be widely adopted in industrial OT. It eliminates implicit trust in the network perimeter by validating every stage of digital interaction continuously. In the absence of Zero Trust architectures, industrial operators often rely on disjointed collections of tools, such as firewalls, intrusion detection systems, and endpoint vulnerability scanning, without fully gaining the ability to manage and secure industrial operating environments.

**A Powerful Policy Engine**

With Sentinel 5.0, Mission Secure launches a platform that allows operators to define and enforce granular policies based on a wide range of inputs, including network traffic, attempted remote access, asset firmware versions and vulnerabilities, and the actual digital or analog signal generated by physical devices.

While the Sentinel 5.0 platform includes standard capabilities such as passive monitoring, asset discovery, and alerting, the platform's core component is a fine-grained policy engine that enables highly sophisticated, OT-specific workflows:

*   Creating access control policies to define the conditions under which users or applications can send commands to an industrial device.
*   Identifying firmware state and vulnerabilities, as well as limiting access to only fully-patched systems.
*   Alerting and acting on anomalies in physical signals, and isolating systems that show abnormal behavior.
*   Supporting root cause analysis by correlating network events with sensor outputs.

Mission Secure also announced a technology partnership with Verve Industrial, the leading provider of IT-OT asset inventory and vulnerability management solutions. "Going beyond perimeter detection to protect the most vulnerable and critical OT assets at the endpoint level is a significant step forward toward securing the cyber-physical process," said John Livingston, CEO of Verve.

"Zero Trust is a long journey for industrial operators," said Chet Mroz, President of Mission Secure. "Sentinel 5.0 marks a bold step into the future for our customers as they start their journey."

**About Verve Industrial**

Verve Industrial Protection has ensured reliable and secure industrial control systems for over 25 years. Its principal offering, the Verve Security Center, is a unique, vendor-agnostic OT endpoint management platform that provides IT-OT asset inventory, vulnerability management, and the ability to remediate threats and vulnerabilities from its orchestration platform. Verve Industrial's Design-4-Defense professional services support clients in ensuring their OT environments are designed and operated in a secure manner. To learn more about Verve Industrial, please visit www.verveindustrial.com.

**About Mission Secure**

Mission Secure is a leader in cybersecurity for operational technology and industrial control systems, helping customers gain visibility and control over their critical assets. With unmatched threat detection and policy enforcement capabilities, Mission Secure enables effective Zero Trust architectures for customers in manufacturing, maritime, oil and gas, and other industries. Learn more at www.missionsecure.com.

Mission Secure Releases Sentinel 5.0 Platform, Enabling Context-Aware, Zero Trust Security for Critical Infrastructure OT

Renowned information security expert to lead Kodiak's cyber and data security team, further reinforcing Commitment Kodiak's to cybersecurity.

**MOUNTAIN VIEW, Calif., Nov. 1, 2022 /PRNewswire/ —** Kodiak Robotics, Inc., a leading self-driving trucking company, today announced that it has hired Google's former Chief Information Security Officer (CISO) and Vice President of Security and Privacy Engineering Gerhard Eschelbeck to the position of Chief Information Security Officer. Eschelbeck will draw on more than 25 years of experience to guide Kodiak's cybersecurity and data security strategy and team. Most recently, as CISO for Aurora, Eschelbeck established the cyber security organization and developed the security program and architecture for their autonomous vehicles.

"Safety and security are the primary building blocks upon which Kodiak was founded and bringing Gerhard onboard will keep us at the bleeding edge," said Don Burnette, Founder and CEO, Kodiak Robotics. "Gerhard's incredible experience and leadership at some of the world's leading companies, including Google and Deutsche Bank, make him an indispensable addition to the Kodiak team."

Eschelbeck has built a distinguished cyber- and data-security career by creating and championing foundational new technologies. As Kodiak's CISO, he will focus on further enhancing the security of the company's cloud and on-premises systems as well as its growing fleet of autonomous trucks. In addition, he will lead the deployment of new protocols for the company's broader data security team.

"Throughout my career I've always been attracted to companies doing transformational, remarkable and exciting things in clever ways," said Eschelbeck. "Kodiak has taken a safety-first approach to bringing autonomous trucks from concept to market. Ensuring the security of critical systems like Kodiak's is vital, and I couldn't pass up an opportunity to be part of the team that makes it happen."

Eschelbeck has built high-performance multi-national teams in the U.S., Europe and Asia that have launched transformative security technologies. He is widely regarded as one of the world's foremost experts on network and system security. Prior to Eschelbeck's roles with Aurora Innovation and Google, he held several Chief Technology Officer and executive engineering roles for companies including Sophos, Webroot and Qualys. He also served as Digital and Technology Advisor to the International Olympic Committee for the Tokyo 2020 Olympics and as a member of the supervisory board for Deutsche Bank.

Eschelbeck holds a doctorate and master's degree in computer science from the University of Linz, Austria.

**About Kodiak Robotics, Inc.**

Kodiak Robotics, Inc. was founded in 2018 to develop autonomous technology that carries freight forward — so people, partners, and the planet thrive. The company is developing an industry-leading technology stack purpose-built specifically for long-haul trucks, making the freight industry safer and more efficient. Kodiak's unique modular hardware approach integrates sensors into a streamlined sensor-pod structure that optimizes for perception, scalability, and maintainability. The company delivers freight daily for its customers across the South, operating autonomously on the highway portions of the routes. Learn more about Kodiak on the web at kodiak.ai, and on LinkedIn and Twitter. You can find the company press kit HERE.

Kodiak Robotics Hires Former Google Chief Information Security Officer Gerhard Eschelbeck

Major partnership program aims to break down barriers and empower underrepresented groups in cybersecurity across the globe.

**ALEXANDRIA, Va., Nov. 1, 2022 /PRNewswire/ —** (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals – today announced five key global partnerships in support of its diversity, equity and inclusion (DEI) initiative. The partners include the Australian Women in Security Network (AWSN), Cyversity, Blacks United in Leading Technology International (BUiLT), Women4Cyber and Chartered Institute of Information Security (CIISec).

Each partnership has unique objectives and will include support from (ISC)² in areas such as partnership promotion, co-branded and DEI-focused webinars, (ISC)² Certified in Cybersecurity promotion, grants for education and exams, along with co-branded toolkits and guides to assist both leaders, organizations and professionals on their DEI journeys and career development.

"It's no secret that the cybersecurity industry isn't nearly as diverse as it should be," said Dwan Jones, director of Diversity, Equity and Inclusion at (ISC)². "Our mission at (ISC)² is to not only enable individuals from all backgrounds to enter the cybersecurity industry but also to empower and equip them to excel in their positions and continuously grow in their careers. These five organizations have unique expertise and perspectives that will empower us to accomplish that mission and open new and diverse pathways for professionals looking to join the industry globally. Kicking off our DEI partnership program with this group of dedicated organizations is an exceptional opportunity to work together to transform this industry."

**Australian Women in Security Network**

The AWSN is a not-for-profit association and network of people aimed at increasing the number of women in the security community. Founded in 2015, it connects women, who often felt isolated in organizations and tertiary education institutions with like-minded individuals.

"(ISC)² is just the type of organization the cybersecurity industry needs today," said Jacqui Loustau, the founder and executive director of the AWSN. "At the AWSN, we believe partnering with membership organizations is a fundamental way to not only reach women we haven't been able to reach yet but also to introduce them to other women with similar interests, goals and aspirations. That shared passion is what's going to keep women in the field and make them want to share that passion with the next generation."

**Blacks United in Leading Technology International**

BUiLT is the largest community and nonprofit professional organization that focuses on black people in the technology industry. BUiLT is dedicated, with its allies, to increasing the representation and participation of black people in the technology industry by fostering the connection, development, and employment of its members.

"Diversity continues to lag in the tech and cyber industries – and in order to meet the workforce gap head on, we need to create racial equity by helping the black community explore new career possibilities within these fields," said Peter Beasley, executive director and chairman of the board, BUiLT. "Partnering with (ISC)² enables our members to explore new opportunities. It encourages a shift we need – to convert, train and educate adults already in the workforce to meet the open roles in the tech and cyber industries."

**Chartered Institute of Information Security**

CIISec is committed to raising the standard of professionalism in information and cybersecurity. CIISec provides a universally accepted focal point for the information cybersecurity profession. It is an independent not-for-profit body representing between 20,000-30,000 individuals in the information and cybersecurity industry. Governed by its members, it ensures standards of professionalism for training, qualifications, operating practices and individuals.

"Without diversity and inclusion, the industry will stagnate and be left unable to keep up with complex cyber threats," said Amanda Finch, CEO of CIISec. "To attract a pool of diverse professionals into cyber security, the industry needs to highlight the variety of roles available. From forensics to threat intelligence to researchers, there are opportunities out there for everyone. Cyber security can no longer be viewed as a 'boys-only club' where technical skills are valued above all. We need to move away from this and keep creating a culture where everyone can thrive, feel valued and be accepted.**"**

**Cyversity**

Cyversity is a diverse community of cybersecurity professionals whose mission is to achieve the consistent representation of women and underrepresented minorities in the cybersecurity industry through programs designed to diversify, educate, and empower. Cyversity tackles the 'great cyber divide' with scholarship opportunities, diverse workforce development, innovative outreach, and mentoring programs.

**Women4Cyber**

Women4Cyber is an initiative that aims to address the gender gap among cybersecurity professionals in Europe. In pursuing this objective, its main goal is to encourage and promote the skilling, up-skilling, and re-skilling of girls and women toward cybersecurity education and professions.

"These partnerships broaden our reach and open the doors to more women and underrepresented groups who are interested in pursuing a career in cybersecurity," said Clar Rosso, CEO at (ISC)². "We've been making huge strides as an organization in expanding cybersecurity training and education to more diverse groups. These partnerships help further that mission, ultimately addressing the global workforce talent gap we are facing today as an industry. There's only more to come."

In August, Rosso announced (ISC)²'s One Million Certified in Cybersecurity initiative at the Cyber Workforce and Education Summit at the White House. The initiative is a multi-year commitment to deliver free exams and educational resources to one million people looking to enter a career in cybersecurity. Of the one million pledged, 500,000 certifications will go to underrepresented groups, furthering the association's efforts to reduce the global cybersecurity skills gap through greater diversity and inclusion.

To learn more about (ISC)²'s diversity, equity and inclusion initiatives and access available resources, please visit https://www.isc2.org/DEI.

**About (ISC)²**  
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our association of candidates, associates and members, more than 235,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.

Source

DARKReading