The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.

A typosquatting campaign intended to abuse popular brands is in the works, likely tied to Nobelium, the notorious Russian-state-backed group behind the SolarWinds attacks.

Recorded Future in its latest research is warning that the attackers are using infrastructure similar to that known to be used by Nobelium, to set up their command-and-control (C2) servers. 

This time, the group is preying on users looking online for specific brands who enter common spelling errors or "typos" in the URL. Those misspelled domain names are purchased by threat actors, who stand up spoofed sites to trick people into giving up their credentials, credit-card details, and more. 

"A key factor we have observed from Nobelium operators involved in threat activity is a reliance on domains that emulate other brands (some legitimate and some that are likely fictitious businesses)," the Recorded Future team explained in their report. "Domain registrations and typosquats can enable spearphishing campaigns or redirects that pose a threat to victim networks and brands."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

SolarWinds Attackers Gear Up for Typosquatting Attacks

The security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn.

After months of work by industrial control systems (ICS) cybersecurity teams, a fix for a widespread Domain Name System (DNS) poisoning bug still hasn't been found. Now they're asking for help from the wider cybersecurity community.

A blog post from a team of ICS analysts at Nozomi Networks explained the flaw exists in all versions of the widely used C standard library for Internet of Things (IoT) gear called uClibc, as well as uClibc-ng, which is a special version for OpenWRT, a "common OS for routers deployed throughout various critical infrastructure sectors."

As such, the bug exists in big name-brand products from Linksys, Netgear, and Axis, and in Linux distributions such as Embedded Gentoo. Since January, the vulnerability has been disclosed to 200+ vendors, and it likely affects millions of installed devices.

Additional specifics on the devices affected aren't being provided publicly because the DNS bug is still unpatched, but Nozomi provided details on the bug and its exploitability after the library's maintainer was unable to develop a fix — in hopes of soliciting help from the community.

The impact of an exploit could be significant: "Because of its relevance, DNS can be a valuable target for attackers," the research team explained in the post. "In a DNS poisoning attack, an attacker is able to deceive a DNS client into accepting a forged response, thus inducing a certain program into performing network communications with an arbitrarily defined endpoint, and not the legitimate one." 

Once successful, the attacker could alter or intercept network traffic to compromise connected devices, the team said.  

"A DNS poisoning attack enables subsequent Man-in-the-Middle attacks because the attacker, by poisoning DNS records, is capable of rerouting network communications to a server under their control." the Nozomi team warned. "The attacker could then steal and/or manipulate information transmitted by users, and perform other attacks against those devices to completely compromise them."

Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps Researchers

The infamous ransomware group appears to be back from the dead — maybe — and using the old brand, but experts question whether a reconstituted gang will have much success.

Evidence that members of the defunct REvil group may be reviving the ransomware gang continues to accumulate, but cybersecurity experts question whether the group will have the same impact that it once did.

On April 29, anti-malware firm Avast revealed that the company's software had blocked a ransomware sample that appeared to be generated using information that only previous members of the REvil group could have accessed. The discovery of the file came more than a week after cybersecurity firm Emsisoft revealed that the Web address of REvil's leak site now points to a new host, using both the REvil name and claiming to have compromised a US university and an oil company in India.

These two breadcrumbs suggest that someone (or someones) has access to the REvil group's source code and infrastructure and may be restarting the operation, says Brett Callow, threat analyst at Emsisoft. They don't, however, prove it's the old crew getting back together.

"These facts do not necessarily prove ... that the old REvil gang is back," he says. "Instead, they simply indicate that one or more people who were previously connected with the operation have decided to pick up the reins."

Either way, the apparent resurrection of the group highlights the difficulty that cybersecurity professionals, law enforcement, and prosecutors have in disrupting successful cybercriminal groups. 

Following the critical attacks on meat processor JBS and IT management firm Kaseya in 2021, REvil shut down for a few months but reappeared in September. Then in January, Russian officials reportedly arrested 14 members of the group and raided more than two dozen locations, raising hopes that the takedown would last.

Instead, the group seems to have fragmented, with members working with other ransomware operations. Now some members may be making a half-hearted attempt to resurrect the REvil brand, but the tepid revival raises the question of what constitutes a group, as a couple of satellite members working together to re-create the ransomware gang's operation would not seem to pose an equal threat, Callow says.

"The fact that the new operation appears to be linked to REvil doesn’t make the threat it poses any more or less serious," he says, adding that he finds it "somewhat surprising to see the ransomware revived as, after being compromised by law enforcement, you’d think affiliates and service providers would have no confidence in the integrity of any operation connected with REvil."

**Broken Malware, Bold Claims  
**The latest concerns over yet another revival of REvil come after Callow posted a screenshot of the redirected leak blog on Twitter on April 20, and — more than a week later — Avast security researcher Jakub Kroustek posted screenshots of malware that may have been a test, as it did not attempt to encrypt anything.

"This sample was detected so called 'in-the-wild,' meaning in our user-base on one of the computers protected by Avast," Kroustek said in an email interview with Dark Reading. "We believe this machine belongs to a threat actor that was using it for testing the detection capabilities. These were obviously solid enough to trigger the detection."

He added that the malware sample, which he said no other firm has captured to date, indicates that they are augmenting the capabilities of the original REvil ransomware.

"The code itself does not look any more dangerous compared to the previous versions, \[but\] the simple fact that we see this threat active again is disturbing," he said. "Furthermore, the discovered sample was modified in a way that its core feature, file encryption, was disabled. This may indicate that the actor is testing and developing it for future malware campaigns."

**Zombie Malware**

The reappearance is also not the first time that groups have claimed the REvil mantle. A year ago, a group known as Prometheus started compromising a variety of organizations — at least 30 by mid-2021 — claiming a tenuous heritage linking the group to REvil.  

Furthermore, REvil is not the only group with nine lives. In early April, a group known as Black Cat, or ALPHV — and possibly including operators of the now-defunct BlackMatter group as members — began using a tool called FENDR, only previously available to the BlackMatter group. Also, last November, the Emotet botnet came back from the dead, more than 10 months after a task force of international law enforcement teamed with technology companies shut down the endemic Trojan.

**Ransomware Continues to Wreak Havoc  
**Despite the seeming chaos of groups disappearing, reconstituting, and rebranding themselves, ransomware continues to grow as a threat to companies, their data, and their operations. In a recent survey, 43% of companies claimed to have had data encrypted by ransomware in 2021, up from 20% in 2020. In addition, the average ransomware paid to attackers quadrupled to more than $800,000, with a total cost of $1.4 million to remediate the average attack.

With such alluring profits, stamping out cybercriminals protected by some foreign jurisdictions is nearly impossible, says Emsisoft's Callow.

"We talk about ‘groups,’ but the reality is that outside of the core membership, they’re amorphous collections of individuals who provide services or ‘rent’ access to ransomware to use in attacks — and some of these individuals cooperate with multiple groups simultaneously," he says. "You can’t eradicate groups. You can only make it harder for them to operate. It’s all about increasing their risks while decreasing their rewards."

REvil Revival: Are Ransomware Gangs Ever Really Gone?

Syxsense Enterprise delivers real-time vulnerability monitoring and remediation for all endpoints across an organization’s entire network.

**ALISO VIEJO, Calif**. – \[May 3, 2022\] – Syxsense, a global leader in IT and security management solutions, today announced Syxsense Enterprise™, the world’s first IT management and endpoint security solution that delivers real-time vulnerability monitoring and instant remediation for every endpoint across an organization’s entire network environment. Syxsense Enterprise combines Syxsense Secure, Manage, and Mobile Device Manager to deliver a completely unified platform that scans and manages all endpoints, resolves problems in real-time, and reduces the risks associated with system misconfigurations. This enables organizations to better predict, identify, and remediate vulnerabilities.

“As threats get more complex, it’s important that IT teams have consolidated solutions for IT management and endpoint security. Syxsense Enterprise is designed to give them a centralized cloud-based platform for scanning, patching, recognizing, and remediating vulnerabilities that could lead to attack or exploitation of endpoints,” said Ashley Leonard, Founder and CEO at Syxsense. “By offering our customers a unified cloud solution, we enable complete control over every endpoint device on the network so they can secure business-critical resources quickly and streamline security operations.”

Syxsense Enterprise is the industry’s first Unified Security and Endpoint Management (USEM) solution that addresses the three key elements of endpoint security – vulnerabilities, patch, and compliance. It layers on a powerful workflow automation tool called Syxsense Cortex™ that remediates and eliminates endpoint security weaknesses – all through a single cloud-based, drag and drop management interface, with hundreds of prebuilt workflows. This includes the ability to identify software vulnerabilities in both OS and 3rd party applications, misconfigurations from open ports, disabled firewalls, ineffective user account polices and more. 

It also includes Syxsense’s recently launched Mobile Device Management (MDM) solution, which allows IT to manage devices running on iOS, iPadOS, and Android, in addition to previously supported Windows, Linux and Mac environments. Syxsense MDM includes all the tools necessary for Device Enrollment, Inventory and Configuration Management, Application Deployment and Rollback, Data Containerization, and Remote Device Lock/Reset/Wipe (making it possible for IT to wipe sensitive data from lost or stolen devices). 

“As the market shifts to a hybrid workforce, the number of endpoints is growing exponentially, with corporate network connected mobile endpoints soaring,” said Charles Kolodgy, principal at advisory firm Security Mindsets. “The need to manage and secure an increasing number of endpoints, including desktops, mobile phones and other devices, is becoming more apparent every day as sophisticated threats grow exponentially. Syxsense Enterprise is offering a solution that solves the need to both secure and manage a vast collection of endpoints. The key is the ability to scan for vulnerabilities and patch without losing business continuity.”

The key features of Syxsense Enterprise include:

*   Vulnerability Scanning – Prevent cyberattacks by identifying scanning authorization issues, security implementation problems, and antivirus status. 
*   Patch Everything – Automatically deploy OS and third-party patches to remediate all endpoint vulnerabilities inside the network and on roaming devices outside the network.
*   Prove Compliance and Device Health – Document patching with reporting for risk assessments, vulnerable devices, task summaries and more. And scan and prioritize patching relative to risk exposure.
*   Quarantine Devices – Block communication for an infected device, isolate endpoints, and kill malicious processes before they impact the network. 
*   Control All Mobile Devices – Oversee devices remotely, silently push OTA configurations, applications, and policies from iOS to Android to Windows and more.
*   Collaborate with Ease – IT and security teams can now collaborate in a single console to identify and close endpoint attack vectors quickly. 

For more details or to schedule a demo, visit: https://www.syxsense.com/gc-demo-syxsense

**About Syxsense**

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first unified security and endpoint management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxse

Syxsense Launches Unified Endpoint Security and Management Platform

By providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data.

Actions that a user takes from creating an email to updating a contact in the CRM system can result in several other automatic actions and notifications in the connected platforms. However, this SaaS-to-SaaS communication and supply chain is an emerging threat in the corporate cybersecurity landscape.

It bears repeating: Third-party app access is the new executable file. An innocuous process much like clicking on an email attachment, people don't think twice when connecting an app they need with their Google Workspace or Microsoft 365 environment. These third-party apps can boost productivity, enable remote and hybrid work, and are overall essential in building and scaling a company's work processes.

The OAuth mechanism makes it extremely easy to interconnect apps, and many users simply click "accept" without considering what permissions these apps are asking for — or what the possible ramifications could be. By providing these apps and other add-ons for SaaS platforms with permissions' access, businesses are presenting more opportunities for bad actors to gain access to a company's data. This puts companies at risk for supply chain access attacks, API takeovers, and malicious third-party apps. Once a bad actor is able to infiltrate one platform, they potentially have access to all of the users' connected SaaS apps.

Nowadays, when it comes to local machines and executable files, organizations already have control built in that enables security teams to block problematic programs and files. It needs to be the same when it comes to SaaS apps.

We conducted field research from within our customers' environments to identify just how many third-party apps were connected to their instances of Google Workspace, M365, and Salesforce. On average, there were approximately 150 SaaS apps connected to these business-critical apps**,** unbeknownst to the security team.

OAuth 2.0 has greatly simplified authentication and authorization, and offers a fine-grained delegation of access rights. Represented in the form of scopes, an application asks for the user's authorization for specific permissions. An app can request one or more scopes. Through approval of the scopes, the user grants these apps permissions to execute code to perform logic behind the scenes within their environment. These apps can be harmless or as threatening as an executable file.

Third-party app access is just one component of the SaaS security posture management picture. Recent surveys have shown that an enterprise with 1,000 or more employees is likely to use more than 150 SaaS apps to run the business. While each individual SaaS app comes with built-in native security controls, it is up to the organization to ensure that all the configurations and user permissions are correct.

Further complicating matters is the fact that no two apps are the same — each has unique terminology, environment, and organization of their security configurations. Understanding every app's "language" and managing the complex, ever-changing environment, now with the additional third-party app access risk, opens organizations up to even more exposure and vulnerability.

**Best Practices to Mitigate Third-Party App Access Risk  
**To secure a company's SaaS stack, the security team needs to be able to identify and monitor all that happens within their SaaS ecosystem. Here's what a security team can share with employees and handle themselves to mitigate third-party app access risk. 

**Educate Employees  
**The first step in cybersecurity always comes back to raising awareness. Once employees become more aware of the risks and dangers that these OAuth mechanisms present, they will be more hesitant to use them. Organizations should also create a policy that requires employees to submit requests for third-party apps.

**Get Visibility Into Third-Party Access for All Business-Critical Apps  
**Security teams should gain visibility into every business-critical app and review all the different third-party apps that have been integrated with their business-critical SaaS apps — across all tenets. One of the first steps when shrinking the threat surface is gaining an understanding of the full environment.

**Map Permissions and Access Levels Requested by Connected Third-Party Apps  
**Once the security team knows which third party apps are connected, it should map the permissions and the types of access that each third-party app has been given. From there, it will be able to see which third-party app presents a higher risk. Being able to differentiate between an app that can read versus an app that can write will help the security team prioritize which needs to be handled first.

In addition, the security team should map which users granted these permissions. For example, a high-privileged user, someone who has sensitive documents in their workspace, who grants access to a third-party app can present a high risk to the company, and this needs to be remediated immediately.

These best practices are just the start for a cybersecurity department to better ensure its organization's SaaS security hygiene remains intact.

Third-Party App Access Is the New Executable File

As the talent shortage rages on, companies have found mentorship programs to be one of the best ways to obtain the security skills they need to develop their existing teams.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

How to Create a Cybersecurity Mentorship Program

Tiger Global Management invests $35 million in SkyHawk Security to accelerate growth.

**TEL AVIV, Israel, May 3, 2022—** Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today announced the spinoff of its Cloud Native Protector (CNP) business to form a new company called SkyHawk Security. To accelerate

SkyHawk Security’s development and growth opportunities, an affiliate of Tiger Global

Management will make a $35 million strategic external investment, resulting in a valuation of $180 million. Tiger Global Management is a leading global technology investment firm focused on private and public companies in the internet, software, and financial technology sectors.

Skyhawk Security is a leader in cloud threat detection and protects dozens of the world’s leading organizations using its artificial intelligence and machine learning technologies. Its Cloud Native Protector provides comprehensive protection for workloads and applications hosted in public cloud environments. It uses a multi-layered approach that covers the overall security posture of the cloud and threats to individual workloads. Easy-to-deploy, the agentless solution identifies and prevents compliance violations, cloud security misconfigurations, excessive permissions, and malicious activity in the cloud.

“We recognize the growing opportunities in the public cloud security market and are planning to capitalize on them,” said Roy Zisapel, Radware’s president and CEO. “We look forward to partnering with Tiger Global Management to scale the business, unlock even more security value for customers, and position SkyHawk Security for long-term success.”

The spinoff, which adds to Radware’s recently announced strategic cloud services initiative, further demonstrates the company’s ongoing commitment to innovation. SkyHawk Security will have the ability to operate with even greater sales, marketing, and product focus as well as speed and flexibility. Current and new CNP customers will benefit from future product development efforts, while CNP services for existing customers will continue without interruption.

Radware does not expect the deal to materially affect operating results for the second quarter or full year of 2022.

**About Tiger Global Management**

Tiger Global Management is a leading global technology investment firm that focuses on private and public companies in the software, internet, and financial technology sectors. Since 2001, Tiger Global has invested in hundreds of companies across more than 30 countries, including investments ranging from Series A to pre-IPO. The firm aims to partner with dynamic entrepreneurs operating market-leading companies in its core focus areas.

**About Radware**

Radware® (NASDAQ: RDWR) is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android.

©2022 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please

see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Radware Launches SkyHawk Security, a Spinoff of Its  Cloud Native Protector Business

Funding follows dramatic revenue growth as identity-based access requirements skyrocket.

**OAKLAND, Calif., May 3, 2022** – Teleport, the leading provider of Identity-based Infrastructure Access Management, today announced it has raised $110 million in Series C funding led by Bessemer Venture Partners with participation from Insight Partners and existing investors Kleiner Perkins and S28 Capital. This investment brings Teleport’s total funding raised to $169 million at a current valuation of $1.1 billion, and comes after the company nearly tripled its revenue and doubled its customer base from 2020 to 2021.

As a part of the investment, Bessemer Venture Partners’ Mary D’Onofrio will take a seat on Teleport’s board, and Insight Partners’ Matt Koran will be a board observer. In August 2021, Teleport announced its $30 million Series B round led by S28 Capital and Kleiner Perkins.

“Growing complexity of modern cloud environments has led to a situation where managing secure access to infrastructure begins to break, as evidenced by increased frequency and severity of breaches.,” said Ev Kontsevoy, co-founder and CEO, Teleport. “Our customers are forward thinking organizations that are scaling quickly. They realized that the right way to scale access is consolidation across all protocols and environments. Our platform, the open-source Teleport Access Plane, addresses these challenges by giving every engineer, every piece of hardware and every application an identity. With identity based access for everyone and everything, more security threats are neutralized and the impact of breaches is dramatically reduced without impacting developer productivity.”

As organizations deal with complexity because of shifts to the cloud, modernization of IT stack and growth of mixed infrastructure environments, Teleport’s open-source Access Plane technology consolidates the four essential capabilities every security-conscious organization needs: connectivity, authentication, authorization and audit. By providing the only cloud-native, identity-based infrastructure access solution for humans and machines, Teleport eliminates network perimeter security issues, reduces attack surface area, cuts operational overhead, enforces security & compliance, and improves developer productivity, all at once.

With this latest funding, Teleport will expand its go-to-market organization to serve its fast-growing, global customer base. Teleport will also bolster its R&D organization to solve the most complex security challenges faced by organizations of all sizes.

“Now, more than ever, is the time to make it easy for any company to employ world class security practices as global cyber attacks become more and more sophisticated,” said Mary D’Onofrio, partner and co-founder of growth investment practice, Bessemer Venture Partners. “With Teleport, security becomes stronger \*and\* simpler for both humans and machines, making it possible to deploy and enforce security and compliance best-practices throughout all organizations. We’re excited to lead this round and I am looking forward to working closely with Ev and his team to offer elegant cybersecurity solutions to a growing customer base of household names.”

Customers including Doordash, Elastic, Nasdaq, Snowflake and others use Teleport to secure digital infrastructure access for remote and hybrid workforces and combat the ever-increasing cyber threats.

"Speed is key to our business. But so is security,” said Luke Christopherson, Software Engineer at Doordash. “The Teleport Access Plane allows our engineers to securely access the infrastructure they need to do their jobs without getting in the way of productivity. Everybody wins."

Teleport recently announced Teleport 9, the latest edition of the open-source Teleport Access Plane. This release introduced Teleport Machine ID which delivers identity-based access and audit capabilities for resources including servers and databases, CI/CD automation, service accounts and custom code in applications such as microservices. Teleport 9 also included Teleport Connect, a secure, developer-friendly browser for cloud infrastructure. The browser solves the issues posed by terminals optimized for local environments when a majority of development now happens in the cloud.

Steven Dickens, Senior Analyst, Futurum Research commented, "As digital transformation takes hold from the core to the edge, security becomes more critical. The team at Teleport are focused on delivering cloud-native, identity-based infrastructure access solutions for both humans and machines. The announcement today take the company one step closer to its mission of eliminating the need for secrets when accessing infrastructure, and as a result delivering both simpler, stronger identity-based authentication.”

To learn more about Teleport and today’s news, visit the company’s website or most recent blog about the funding.

**About Teleport**

Teleport, leading provider of Identity-based Infrastructure Access Management, consolidates the four essential infrastructure access capabilities every security-conscious organization needs: connectivity, authentication, authorization, and audit. Teleport’s unique approach is not only more secure but also improves developer productivity. Teleport is used by leading companies including Elastic, Snowflake, Doordash, and NASDAQ. The company is backed by Bessemer Venture Partners, Insight Partners, Kleiner Perkins, and S28 Capital. Headquartered in Oakland, California, the company embraces a remote-first work culture.

**About Bessemer Venture Partners**

Bessemer Venture Partners helps entrepreneurs lay strong foundations to build and forge long-standing companies. With more than 135 IPOs and 200 portfolio companies in the enterprise, consumer and healthcare spaces, Bessemer supports founders and CEOs from their early days through every stage of growth. Bessemer’s global portfolio includes Pinterest, Shopify, Twilio, Yelp, LinkedIn, PagerDuty, DocuSign, Wix, Fiverr and Toast and has $9 billion of capital under management. Bessemer has teams of investors and partners located in Tel Aviv, Silicon Valley, San Francisco, New York, London, Boston, Beijing and Bangalore. Born from innovations in steel more than a century ago, Bessemer’s storied history has afforded its partners the opportunity to celebrate and scrutinize its best investment decisions (see Memos) and also learn from its mistakes (see Anti-Portfolio).

Teleport Raises $110 Million Series C at $1.1 Billion Valuation Led by Bessemer Venture Partners

Providing continuous penetration testing with context, and a host of other features, the Incenter platform is built to give organizations what they need to effectively secure their environment.

**NEW YORK, NY, May 3, 2022 -** OccamSec, a leading cybersecurity provider, announced today the launch of their Incenter platform. Incenter identifies the security weaknesses an organization has in real-time, and helps teams develop insights and communicate business context from a security perspective.

For today’s organizations, the threat landscape is constantly evolving. Penetration testing and vulnerability scanning can help, but with new vulnerabilities and exploits found all the time, infrequent testing means risk data may be outdated. At the same time the industry is trending towards slicing the solution ever thinner, which means costs keep increasing.

Incenter combines the functionality of a range of security services in one single solution. The platform provides, in real time, where an organization is vulnerable, and just as critically, what the impact will be if an attack occurs.

Incenter utilizes a dual approach. It combines the best in technology with advanced automated testing, and the best in people with OccamSec’s security team. Supported by vulnerability research and a threat intelligence team, the burden on clients having to buy multiple services is eliminated.

Users have the ability to generate reports that compile real-time information with the touch of a button, rather than waiting for a timed report to be generated. Incenter also provides step-by-step guidance on how to mitigate any risks that are identified, with the tools an organization already has which means no hidden costs.

Incenter combines the functionality of a range of security services in one single solution:

*   Manual Penetration Testing
*   Penetration Testing as a Service (PTaaS)
*   Automated Security Validation (ASV)
*   Vulnerability Scanning
*   External Attack Surface Management (EASM)
*   Crowd Source Penetration Testing
*   Threat Intelligence

This provides a single source of truth on the exposures an organization faces. Improving the effectiveness of any security team, regardless of size, and at the same time breaking organizations out of ever increasing cyber security expenditure.

The platform's focus on the unique business context of each organization means that security teams no longer have to trudge through 1000’s of scan findings or determine how relevant a penetration test finding is and how to fix it. At the same time from the dashboard, management can see a high level summary of their organization's exposure, the likelihood of a breach, and how much it’s going to cost them.

“Over the years we have seen what works, what doesn’t and where the gaps are,” says OccamSec founder Mark Stamford. “The biggest gap is organizations needing more and more tools and services to effectively secure themselves. The key to effective security is joining the dots, not having ever more dots scattered in ever more places. With Incenter we have combined the talents of our security team and their expert knowledge, with a technical solution that is unrivaled. The result is a win for our clients, regardless of size.”

Incenter is now available. For more information, visit: www.occamsec.com/incenter

**About OccamSec**

OccamSec is a leading provider in the world of cybersecurity. Its clients rely on them to provide information security services that exceed current industry standards. OccamSec provides accurate, actionable information to reduce risk and enable better informed decisions. Its unique end-to-end solutions detect, identify, respond, and protect in order to maximize the effectiveness of security programs.

OccamSec’s methodology is the result of years of experience in the field, providing real business outcomes. Its team has performed security assessments at some of the world’s largest companies, including financial services and technology. They bring this experience to each and every project, ensuring that their clients get the best service in the industry.

OccamSec Unveils New Cybersecurity Platform

Software accountability offers a fresh perspective for creating and managing digital products, mainly by making processes more reliable and transparent for every stakeholder.

With the ever-growing customer demands, the future will be continuously defined by greater transparency and data privacy guarantees. But as software companies adjust, they often forget that it's not only about shifting their external strategy; they need to be looking inward, too.

Software accountability proposes a fresh perspective for creating and managing digital products, mainly by making processes more reliable and transparent to every stakeholder involved. According to Patrick Lencioni, a veteran team management author, accountability represents a clear sign of a successful, high-performing team.

These are the steps to weave accountability into the fabric of your business.

**Know That Accountability Isn't Pointing Fingers  
**Accountability is more than just being answerable for one's actions. It refers to creating a culture, "where new ideas are welcomed, people from across the organization collaborate in the pursuit of common goals, where we train people to bring bad news so we can act on it, and where failures and accidents are treated as opportunities to learn how to improve rather than witch-hunts."

Prioritizing autonomy, competence, and relatedness (the feeling of being connected to others) is fundamental. When an error appears, the conversation can happen straight away, not with the aim to point fingers but to _redirect_. Ultimately, mistakes represent a chance to step up; they shouldn't be occulted but owned as a badge of an important lesson for the entire team.

Formalizing accountability in a comprehensive document is a much-needed investment for startups. At Octobot, we created a playbook where, apart from ground rules like "Don't assume that people know something they don't," we stress the importance of empathy. Team members should collaborate and try to comprehend each other to take the best course of action in any given situation.

**Implement the Four Steps to Accountability  
**No matter your setup, know that accountability should be governed by absolute transparency. You can't hold people accountable unless you give them the information and tools they need to develop solutions they also feel empowered to execute. Here are four ways to get started.

**Sow the Seeds  
**Starting small allows you to set positive dynamics and accountability structures to develop a healthy client relationship step by step. With smaller projects, you can also get results as fast as possible before scaling up.

A notorious mistake in software development projects is to go directly to the development stage. A lack of understanding and subsequent planning can have fatal consequences for your business, including soaring project costs, delays in timelines, or the launch of a product that no one will use. Don't underestimate initial diagnosis: Analyze how much information you have and what you might need to investigate to better empathize with users and grasp the project goals.

**Set Up a Dedicated Team  
**If you have a team dedicated to one project at a time, you can drive more focus and engagement over time. However, always make sure the team has all the nuts and bolts to make independent decisions for success.

We had to learn this the hard way: In the past, we did not share all the necessary information with the team involved in each project. For example, we didn't see the need for them to know the value of the contract. But over time, we realized how vital it was for them to have these insights to set up more accurate budgets, plan over a set amount of time, or even lead better client negotiations.

**Communicate Frequently and Openly  
**Today, 83% of decision-makers say that better sharing and communication are crucial for software development organizations. Therefore, you should encourage the team to discuss their work and share their decisions candidly to ensure the team's alignment and a common focus on the business priorities.

Scrum and other agile methodologies give you many touchpoint opportunities to ensure everyone is on the same page. The ceremonies (daily, planning, retrospective, etc.) should become open spaces where everyone feels comfortable sharing their thoughts, difficulties, and suggestions. Accountability thrives when people are transparent and supportive: Problems are dissected, and everyone understands their impact and collectively comes up with the best next steps.

**Give Ownership  
**For true accountability, let the team know they can push back on requirements if they see a better way of doing things, as long as clients' interests are taken into consideration. Each individual should feel safe and inspired to speak up, brainstorm, use tools like mood boards, and share feedback openly. The equation here is simple: information + commitment + decision-making powers = accountability.

It would be against the very principles of accountability for startups to embrace it by simply incorporating a set of rigid rules. Being accountable is all about finding what works best for everyone involved – and as a leader of your company, your task is to observe this over time and take the necessary steps to help your team succeed.

Source

DARKReading