The addition of Network Perception will provide Dragos with enhanced network visibility, compliance and segmentation analytics to the Dragos OT cybersecurity platform.

Source: ElenaBs via Alamy Stock Photo

Industrial control systems (ICS) provider Dragos today announced that it has acquired Network Perception for an undisclosed sum, a move aimed at expanding its threat detection and visualization capability for operational technology (OT) environments.

Since its founding in 2016, Dragos has emerged as one of the leading providers of cybersecurity protection for ICS systems. It has amassed $440 million in Series D funding and has over 400 employees. The company that Dragos bought, Network Perception, is lesser known and considerably smaller. It has only 27 employees and has raised $15.73 million, most of which is Series A funding from 2022.

The Dragos threat intelligence platform, designed for OT infrastructure, includes sensors that monitor networks for anomalies and IOCs and visualization tools to track assets and risks and provide response playbooks.

Adding Network Perception promises to fill a gap in the Dragos platform, company officials told Dark Reading. Network Perception's NP-View tool provides network visibility, compliance monitoring, segmentation analytics and reporting for various large electric utilities.

**Early Ties with Government and Industry Regulators**

Network Perception was incubated roughly a decade ago at the University of Illinois at Urbana-Champaign (UIUC) cybersecurity research lab. At the time, co-founder and CEO Robin Berthier says he and his team were working on the U.S. Department of Energy's 10-year cybersecurity roadmap, which developed a prototype for what is now NP-View.

"We grew pretty fast to become the de facto solution in the electric industry as the OT network visibility and segmentation analysis solution, which is extremely important in the case of compliance for the regulation in this industry," Berthier says.

He credits Network Perception's initial success to the decision by the industry's key regulators, North American Electric Reliability Corp. (NERC) and the Federal Energy Regulatory Commission (FERC), to use NP-View to conduct audits nationwide in 2017. According to Berthier, Network Perception has since tallied about 100 customers.

Berthier claims that NP-View is unique because it ingests only configuration files from firewalls, routers and switches deployed in OT networks, not log data or telemetry from sensors.

"From those configuration files, we build a model of the environment, and we can then show a topology map of those complex networks and check all the potential pathways inside those environments, which is very complementary to what Dragos is doing," Berthier explains.

Further, he notes that while Dragos' sensors monitor network traffic, security operators still must decide what steps to take to address suspicious activity and anomalies. "It's really important to have the context around the network's access policy, like the zone-to-zone accessibility," Berthier says.

**Modeling Network Traffic for Threats**

NP-View models an adversary's potential targets, including which ports and services are vulnerable and what's permitted by the firewalls, according to Berthier. "It is that part of the modeling of networks that gives you that information that is extremely complex and sophisticated," he says.

"It's a level of sophistication today that no human, even expert analysts, can comprehend because of the different layers of logic that the firewalls are using, from VPNs to VLANs to access rules to network address translation," Berthier adds. "We model and present that in a very simple, comprehensive way for both technical as well as non-technical users.”

When integrated, the Dragos platform will be able to consume the data ingested into NP-View to add context around the different levels of suspicious activity that is needed, he notes.

The addition of Network Perception will likely boost Dragos' visualization and risk-based capabilities while enhancing customers’ cyber resilience and compliance efforts, predicts Omdia principal analyst for IoT cybersecurity, Hollie Hennessy.

"Many OT organizations are struggling with challenges such as skills shortage and resource issues, meaning compliance can be a struggle--thus being able to automate functions such as reporting instantly, can alleviate some of those issues," she says. "Network perception also has micro segmentation capabilities which again can help to mitigate risk - something that will enrich Dragos' preventative capabilities and can also help with compliance."

Dragos field technology officer Phil Tonkin says that half of Network Perception's customer base, which is all in the electric sector, uses the Dragos platform. While Dragos's earliest customers were electric utilities, the company has expanded its base to include oil and gas providers, manufacturers, water utilities, transportation and mining.

In the coming quarters, Tonkin says Dragos will integrate NP-View into its platform and offer it as an option to its customers in adjacent OT sectors. "Although the driver to get capabilities like this into the electric sector in the US has often been driven by compliance, we're seeing more and more people understanding the need to carry out those same actions just to manage their risks," he says.

The deal marks only the second acquisition for Dragos. The company bought assessment tool provider NexDefense in 2019. Though isn’t ruling out other potential acquisitions, Dragos is not currently shopping for other companies. “Right now, our focus is to just build on the strengths that we've just gained by bringing Network Perception into the team,” Tonkin says.

**About the Author**

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Dragos Expands ICS Platform with New Acquisition

Prioritizing security as a critical element to an organization’s effectiveness and success will reduce the risk of incidents, while benefiting the whole team and the organization’s reputation.

Source: Xavierlorenzo via Alamy Stock Photo

October is National Cybersecurity Awareness Month in the U.S. when IT teams prep their annual security education and awareness training program. For many employees, this may be their only interaction with the security team outside of onboarding, submitting a help ticket, or a potential incident. But every person plays a part in the security function of the business every day, whether they realize it or not. As they do, they have the potential to be an asset or risk to the team’s security posture.

According to the 2024 Verizon Data Breach Investigations Report (DBIR), 68% of all breaches include the human element, with people being involved either via error, use of stolen credentials or social engineering. While exploiting technical vulnerabilities is rising in frequency as the initial way-in for an attacker, stolen credentials and phishing still account for the lion’s share of recorded breaches.

Prioritizing security as a critical element to an organization’s effectiveness and success will reduce the risk of incidents, while benefiting the whole team and the organization’s reputation.

**Putting a Price on Trust**

Security is a core business function, as crucial to an organization's success as finance, revenue generation or product departments. It's also a key factor in shaping an organization's reputation, specifically influencing public and internal perceptions of whether the organization is trusted and reliable. To understand the profound impact of perceived security (or insecurity) on both public image and the bottom line, one need only examine customer reviews or stock prices of major businesses before and after a publicized breach or outage.

Security has a particularly significant impact on whether the company is seen as reliable and safe for business. The difference between a successful security program and a vulnerable one comes down to whether that value is communicated regularly and effectively.

**What's Measured Matters**

In some organizations, a CISO or CIO can advocate for security at the executive level, informing other leaders and stakeholders of its needs and value. In most businesses, however, this responsibility falls to the IT team leader, adding to their already substantial workload.

While it may seem like self-promotion or extraneous work, it’s extremely valuable to take the extra time to summarize threats stopped, processes improved, projects completed and team members modeling strong security behavior. This effort ensures that the benefits and value of the security program remain a priority for leadership, rather than being overshadowed by the next quarter's budget concerns or the hope of avoiding bad news.

Before starting from scratch, find existing resources by asking vendors and partners what performance reports and metrics they can provide. Many tools should already have audit or other templated reporting functions, and some may even offer custom summaries or executive briefings designed to update leaders on progress.

When choosing metrics, ask whether they truly advance effective security goals. As one example, a common phishing training misstep is solely tracking the number of people who click the link before and after training. While reducing risky clicks is valuable, reducing that number to zero is unlikely. Instead, focusing on how quickly someone reports a phish can materially reduce the time it takes to detect and stop a real-world attack. Now, training can emphasize the importance of reporting suspicious activity, even if an employee initially fell for the phish. This approach encourages openness rather than silence born from fear or embarrassment, and rewarding proactive behavior can significantly increase the likelihood of team members reaching out when something’s up.

Remember, what gets measured gets managed. Carefully selecting and tracking meaningful security metrics improves security posture and demonstrates the tangible value of a security program to the organization. This data-driven approach can help secure necessary resources and support for ongoing security initiatives, turning the security function from a cost center into a value driver for the business.

**Shedding the "Department of No" Reputation**

There’s an oft-repeated cliche of security as The Department of No: a roadblock to productivity, best unseen and unheard. And if most security interactions are perceived as “tedious and/or confusing” or “frustrating and/or terrifying,” people will go out of their way to avoid future interactions.

In reality, security works tirelessly to keep the organization and people within it safe and protected from innumerable risks. What may feel like an arbitrary refusal from a teammate’s perspective may very well be backed by good policy.

Improving this perception doesn't mean abandoning controls or approving every request. Instead, it requires clearly explaining why policies are in place, regularly collecting feedback on processes that prove to be roadblocks and showcasing wins as part of the normal business cadence.

Errors can be more than additional help tickets for IT teams to triage or irregularities to investigate: they can provide invaluable feedback where a process is unintuitive or misunderstood. Talking through “why” someone wanders off the authorized path can help identify confusing documentation, unconsidered use cases or other qualitative feedback that slips through what can be captured in a system log.

**What Have You Done For Them Lately?**

Most people don't have security experts on call in their personal life, and this gives security teams a unique opportunity to help, while building on their relationship with the team at large. Instead of just rolling out click-through training modules to meet insurance and compliance requirements, treat education like another opportunity to provide an employee benefit.

Inform employees about trending attacks and scams, so they can be aware and inform potentially vulnerable family members. Teach them about good security hygiene, not only on work systems but also on sites they’re likely to use in their daily life like social media or personal banking. Not only does this practice help keep your team safe from threats when they aren't at work, it also feeds back into organizational security by making them harder targets for attackers. It would be great if attackers took off nights and weekends, but in reality, we know they’ll go after access wherever (and through whomever) it’s available.

Sharing a few tips every week during team meetings, on team chat and at all-hands updates is also more digestible for people. It’s easier to absorb a few tips each week than resist the urge to tune out a dry, monotone hours-long training session.

This approach also improves retention. According to Hermann Ebbinghaus's research on memory and the “forgetting curve”, we forget the vast majority of newly learned information within a couple of days of learning it. However, the second iteration of reviewing that same information will increase both the percentage of information recalled, and how long it will be remembered. Regular refreshers and expansions on a topic will result in a more complete understanding and a resilient recall of the topic.

**Stronger Together**

Shifting the relationship of security from one of avoidance to one of reinforcement, safety and reliable guidance will motivate people to listen more carefully to security messaging. Greater understanding and buy-in cultivate a stronger security mindset across teams, defining security as a shared, proactive function rather than a specialized, reactive one.

Security is a collective effort, and helping your team stay safer inside and outside of work will benefit both them and the organization. By redefining security as a trusted ally rather than a dreaded email or meeting invite, we can create a more resilient and secure environment for all. Remember, when it comes to security, we are indeed stronger together!

**About the Author**

Security Strategist, Blumira

Zoe Lindsey is a security strategist at Blumira with over a decade of experience in information security. She began her infosec career at Duo Security in 2012 with a background in medical and cellular technology. Throughout her career, Zoe has advised organizations of all sizes on strong security tactics and strategies. As a sought-after speaker, she has shared best practices and recommendations at industry-leading events including RSA Conference, SecureWorld, and Cisco Live.

Normalizing Security Culture: Don’t Have to Get Ready If You Stay Ready

The bug gives attackers a way to run arbitrary code on affected servers and take control of them.

Source: Color4260 via Shutterstock

Attackers are actively targeting a severe remote code execution vulnerability that Zimbra recently disclosed in its SMTP server, heightening the urgency for affected organizations to patch vulnerable instances right away.

The bug, identified as CVE-2024-45519, is present in the Zimbra postjournal service component for email journaling and archiving. It allows an unauthenticated remote attacker to execute arbitrary commands on a vulnerable system and take control of it. Zimbra issued updates for affected versions last week but has not released any details of the flaw so far.

**Attacks Began Sept. 28**

Researchers at Proofpoint this week reported observing attacks targeting the flaw beginning on Sept. 28 and have continued unabated. In a series of posts on X, the security vendor described the attackers as sending spoofed emails that look like they are from Gmail to vulnerable Zimbra servers. The emails contain base64-encoded malicious code in the CC field instead of normal email addresses. This code is crafted to trick Zimbra into running it as shell commands, rather than processing it as a regular email address. This technique could potentially allow attackers to execute unauthorized commands on affected Zimbra servers, Proofpoint said.

"Some emails from the same sender used a series of CC'd addresses attempting to build a Web shell on a vulnerable Zimbra server," Proofpoint said. "The full CC list is wrapped as a string, and if the base64 blobs are concatenated, they decode to a command to write a Web shell."

The Web shell allows the attacker to remotely access the server via specially crafted HTTP requests and to modify files, access sensitive data, and execute other arbitrary commands. The attackers can use it to download and run malicious code on a vulnerable system, Proofpoint said. "Once installed, the webshell listens for inbound connection with a pre-determined JSESSIONID Cookie field," the vendor noted. "If present, the webshell will then parse the JACTION cookie for base64 commands. The webshell has support for command execution via exec or download and execute a file over a socket connection."

**Patch Yesterday**

Ivan Kwiatkowski, a threat researcher at HarfangLab, said the malcious emails are coming from 79.124.49\[.\]86, which appears to be based in Bulgaria. "If you're using @Zimbra, mass-exploitation of CVE-2024-45519 has begun. Patch yesterday."

Notably, the threat actor is using the same server for sending the exploit emails and hosting the second-stage payload, which suggests a relatively immature operation, says Greg Lesnewich, threat researcher at Proofpoint. "It speaks to the fact that the actor does not have a distributed set of infrastructure to send exploit emails and handle infections after successful exploitation," Lesnewich says. "We would expect the email server and payload servers to be different entities in a more mature operation."

Lesnewich says the volume of attacks has remained roughly the same since they began last week and appear to be more opportunistic in nature than targeted.

**Input Sanitization Error**

Researchers at the open source Project Discovery released a proof-of-concept for the vulnerability on Sept. 27. They identified the issue as stemming from a failure to properly sanitize user input, thereby enabling attackers to inject arbitrary commands. Zimbra's patched versions of the software have addressed the issue and neutralized the ability for direct command injection, the researchers wrote. Even so, "it's crucial for administrators to apply the latest patches promptly," they noted. "Additionally, understanding and correctly configuring the mynetworks parameter is essential, as misconfigurations could expose the service to external exploitation."

Thousands of companies and millions of users use Zimbra Collaboration Suite for email, calendaring, chat, and video services. Its popularity has made the technology a big target for attackers. Last year, for instance, researchers found as many as four Chinese advanced persistent threat actors leveraging a Zimbra zero-day (CVE-2023-37580) to target government agencies worldwide. Zimbra patched the flaw in July 2023 a month after the attacks began. Last February, researchers at W Labs spotted North Korea's prolific Lazarus Group attempting to steal intelligence from organizations in the healthcare and energy sectors by targeted unpatched Zimbra servers.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Zimbra RCE Vuln Under Attack Needs Immediate Patching

PRESS RELEASE

Herndon, VA, October 1, 2024 — Expel, the leading managed detection and response (MDR) provider, today announced cybersecurity industry luminary, Kevin Mandia, has joined its board of directors. The Mandiant founder brings over three decades of security leadership and venture capital expertise to help shepherd Expel into its next phase of growth.

“I believe you need an experienced founder that truly knows security to run a great security company. I met Dave nearly 30 years ago when we were computer crime investigators in the United States Air Force, and we have been committed to cybersecurity ever since. Dave was our first pick at Mandiant to lead our software business, our managed defense business, and much of our go-to-market teams. I witnessed Dave build and scale our business from the ground up with relentless focus on the outcomes for our customers,” said Mandia, speaking about Dave Merkel, co-founder and CEO of Expel. “I believe in Expel’s leadership, products, and services, along with its commitment to solving critical security challenges for its customers, and that is what excites me as I join this remarkable team.”

Mandia’s board appointment comes as Expel continues its upward trajectory. Last year, Expel strengthened strategic partnerships with major global players in and around the security space, including Wiz, Visa, and, most recently, modePUSH, a leading incident response firm, to improve joint capabilities that meet a broader range of customer security needs. Expel’s momentum includes 50% year-over-year revenue growth (FY23-FY24) and surpassing $100 million in annual recurring revenue, achieving “centaur status,” as of FY24.

“I’ve been lucky to call Kevin \[Mandia\] a mentor and a friend for much of my professional life, and I’m honored to have his guidance again—in this official capacity—as we tackle this next chapter,” said Dave Merkel. “The opportunity in MDR is massive, and Expel is uniquely qualified to lead the market. That Kevin is willing to come along for the ride as a board member tells me we’re on the right path.”

As rapidly advancing AI-powered technologies reshape the threat landscape for attackers and defenders alike, Expel remains confident and committed to accelerating its unique approach to cybersecurity. The company’s customer base has grown by 67% since early 2023, and Expel holds an industry-leading Net Promoter Score (NPS) of 75—a notoriously unforgiving scale. Expel’s relentless focus on delivering measurable customer outcomes reflects in its impressive metrics:

*   A 20-minute mean-time-to-remediate (MTTR)
    

*   An 87% reduction in customers’ MTTR with auto-remediation
    

*   99% of customers say Expel is a brand they trust
    

These metrics provide Expel customers with the time and peace-of-mind they need to focus on the business priorities that matter most. With comprehensive coverage across cloud, on-prem, identity, network environments, and more, Expel combines skilled analysts with its purpose-built SecOps platform, Expel Workbench™, to augment teams or help develop new ones—meeting customers’ exact needs.

Mandia’s appointment to the board reunites him with Merkel, combining their deep expertise and shared roots in the defense community. This career intersection once again reflects Mandia’s strong belief in Expel’s leadership—including Merkel’s co-founders, Yanek Korff and Justin Bajko, both fellow Mandiant alums and current Expel executives—and its ability to protect organizations against evolving threats.

For exclusive insights directly from Mandia and Merkel on the future of cyber defense, register here for an upcoming webinar on Thursday, October 17 at 11am ET. To learn more about Expel MDR or get in touch with any questions, reach out anytime at expel.com/contact.

Here’s what Expel customers have to say:

“Working with Expel is like putting on noise canceling headphones—granting us the freedom to focus on AstraZeneca’s most pressing business priorities, not reams of alerts, as a true extension of our security team. Having long worked with members of Expel’s leadership team, as both a colleague and a customer, I can confidently say I never have to question whether the Expel team is prioritizing our security needs. And knowing Kevin \[Mandia\] from my years at Mandiant, I know he sees what I do in Expel: an MDR that’s fiercely committed to bettering the lives of its customers through unmatched protection and superior outcomes.”  
Kristina Sisk, Cyber Security Defense Operations Director, AstraZeneca

“Dragos has had a long and successful relationship with Expel, one that’s critical to our ability to achieve our mission to protect the industrial infrastructure that we depend on every day. We see how the threat landscape is evolving, and Dragos and Expel have always been in lock-step in our approach to improving the security postures of our customers. Welcoming Kevin onto Expel’s board adds to the company’s already formidable leadership and advisory team, and further reinforces the crucially important role that MDR plays in modern cybersecurity programs.”  
Robert M. Lee, co-founder and CEO, Dragos

About Expel

Expel is the leading managed detection and response (MDR) provider trusted by some of the world’s most recognizable brands to expel their adversaries, minimize risk, and build security resilience. Expel’s 24/7/365 coverage spans the widest breadth of attack surfaces, including cloud, with 100% transparency. We combine world-class security practitioners and our AI-driven platform, Expel Workbench™, to ingest billions of events monthly and still achieve a 20-minute critical alert MTTR. Expel augments existing programs to help customers maximize their security investments and focus on building trust—with their customers, partners, and employees. For more information, visit our website, check out our blog, or follow us on LinkedIn.

Kevin Mandia Joins Expel's Board of Directors

PRESS RELEASE

PHOENIX, AZ – September 26, 2024 – Bishop Fox, the leading authority in offensive security, today announced Cosmos for ServiceNow, developed in partnership with ServiceNow to enable customers to effortlessly sync validated exposures from the Bishop Fox Cosmos portal into their ServiceNow® environment, where they can be managed as part of existing security workflows. This integration further improves a customer’s security posture by closing the window of vulnerability while reducing the manual burden on security teams.

ServiceNow’s expansive partner ecosystem and partner program is critical in supporting the $275 billion forecasted market opportunity through 2026 for the Now Platform. The ServiceNow Partner Program recognizes and rewards partners for their varied expertise and experience to drive opportunities, open new markets, and help customers transform their business across the enterprise.

As a Registered Build Partner, Bishop Fox developed this solution to help organizations take action on the detailed findings and remediation guidance provided by the Cosmos managed service as part of their existing security operations. This seamless, bi-directional integration with the Now Platform simplifies the management of vulnerabilities and allows security teams to concentrate on resolving threats and safeguarding assets. The solution is available in the ServiceNow Store. Full product details can be found here, but briefly, the major benefits include:

1.  Streamlined vulnerability remediation with automatically created and updated remediation tickets based on Cosmos findings.
    
2.  Improved incident response efficiency and speed with Cosmos vulnerability data directly integrated into ServiceNow workflows, as well as customizable workflows that mirror an organization’s processes.
    
3.  No data silos or communication gaps, with vulnerability information fully synchronized across Cosmos and ServiceNow
    
4.  Enhanced compliance and reporting by consolidating remediation tracking and reporting into a single platform.
    
5.  Scalable security operations with an augmented ability to manage large volumes of security data efficiently across multiple instances of ServiceNow.
    

“Cosmos has become a standard bearer for vulnerability identification and management with more than 110 billion operations executed per year, a 70 percent reduction in time to remediate critical vulnerabilities, and elimination of 93 percent of resource requirements,” said Kevin Tonkin, chief product officer of Bishop Fox. “By integrating with platforms like ServiceNow, on which our customers depend for managing security operations, we help to further accelerate internal efforts and unburden security teams by making it easier for an organization to take advantage of the full power of Cosmos.”

“Partnerships succeed best when we lean into our unique skills and expertise, and have a clear view into the problem we’re trying to solve,” said Erica Volini, senior vice president of global partnerships at ServiceNow. “Bishop Fox’s Cosmos integration extends our reach well beyond where we can go alone and represents the legacy and goals of the Now Platform. I am thrilled to see the continued innovation we will achieve together to help organizations succeed in the era of digital business.”

About Bishop Fox

Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. We’ve worked with more than 25% of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies to improve their security. Our Cosmos platform, service innovation, and culture of excellence continue to gather accolades from industry award programs including Fast Company, Inc., SC Media, and others, and our offerings are consistently ranked as “world class” in customer experience surveys. We’ve been actively contributing to and supporting the security community for almost two decades and have published more than 16 open-source tools and 50 security advisories in the last five years. Learn more at bishopfox.com or follow us on Twitter.

Bishop Fox Announces Cosmos Integration With ServiceNow

PRESS RELEASE

VIENNA, Va., Oct. 1, 2024 /PRNewswire/ -- The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced that Pam Lindemoen will join the organization as Chief Security Officer & VP of Strategy. In this role, she will oversee the organization's security operations, including cybersecurity and information security, while also leading strategic planning and partner engagement. With nearly 30 years of experience, Lindemoen brings a wealth of knowledge in information security, application development, and infrastructure to the organization.

"We're thrilled to welcome Pam Lindemoen to the RH-ISAC team," said Suzie Squier, president of RH-ISAC. "Her extensive experience in navigating complex regulatory environments and fostering robust security postures will be invaluable to our members. Pam's strategic vision and proven track record in developing comprehensive cybersecurity programs align perfectly with our mission to enhance the security of consumer-facing industries through collaboration."

Lindemoen's expertise spans various industries, including healthcare, technology, financial services, and manufacturing. Most recently, she served as CISO Advisor at Cisco. In this role, among other duties, she was instrumental in facilitating the CISO Leadership Development Program that RH-ISAC provided to develop talent in the industry. Lindemoen also serves on the advisory board for Cyber Florida: The Florida Center for Cybersecurity.

Lindemoen's appointment comes at a critical time for the retail and hospitality industries, which face increasing cybersecurity threats and complex regulatory requirements. Her multifaceted expertise in information security, application development, and infrastructure positions her uniquely to address the diverse challenges faced by RH-ISAC members. As CSO, Lindemoen will play a key role in shaping the organization's strategic initiatives and supporting members in their cybersecurity efforts.

Learn more about RH-ISAC and memberships at rhisac.org.

ABOUT RH-ISAC  
The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is a trusted community for sharing sector-specific cybersecurity information and intelligence. RH-ISAC connects information security teams at the strategic, operational, and tactical levels to work together on issues and challenges, to share practices and insights, and to benchmark among each other – all with the goal of building better security for consumer-facing industries through collaboration. RH-ISAC serves businesses including retailers, restaurants, hotels, gaming casinos, food retailers, consumer products, and other consumer-facing companies. For more information, visit www.rhisac.org.

You May Also Like

Retail &amp; Hospitality ISAC Announces Pam Lindemoen As New CSO and VP

Poor permission controls and user input validation is endemic to the platforms that protect Americans' legal, medical, and voter data.

Source: Xinhua via Alamy Stock Photo

A veritable laundry list of high- and critical-severity bugs have been uncovered in software platforms used by government agencies across the US.

Govtech systems are some of the most critical out there, responsible for storing the most sensitive personally identifying information (PII) US citizens own: Social Security numbers (SSNs) and IDs; legal and medical records; voter registrations; and much more. It will surprise few and comfort no one that these systems also happen to be riddled with vulnerabilities. 

Security researcher Jason Parker uncovered issues in 19 such platforms this year, disclosing more than a handful of them late last week. There was the bug in the state of Georgia's portal for canceling voter registrations, the access control issue that exposed court documents in counties across Florida, and the many critical vulnerabilities bogging down a public records request management platform used by hundreds of city, county, and state governments nationwide.

**Case Study: A Voter Registration Issue**

Some might be old enough to remember when government bugs were cool and inventive. "The Thing," for example — a listening device embedded into a wooden seal, which hung in the residence of the US ambassador to Moscow for seven years before it was discovered.

Today's government bugs are rather banal — access control flaws or improper validations of user input. The kinds of things hackers can use them for, however, are not at all dull.

At the end of July, for example, Georgia launched a voter cancellation request portal. Within days, researchers discovered multiple issues with the site. Parker, for example, found that anyone could submit a cancellation request using only the information easily gleaned from public sources — names, dates of birth, counties of residence — while skipping any requirement for more serious PII, like a driver's license or SSN. The issue earned a "high" Common Vulnerability Scoring System (CVSS) score of 8.6 out of 10, and was fixed shortly after initial disclosure.

It turned out that members of the public had attempted to take real advantage of these issues in the meantime, though, most notably by unsuccessfully deregistering Rep. Marjorie Taylor Greene, and Georgia's Secretary of State Brad Raffensperger, two prominent Republicans in the state.

**A Panoply of GovTech Bugs**

This kind of basic lack of authentication was emblematic of the security flaws Parker has stumbled upon.

Besides the Georgia bug, for example, were the trio of bugs in Granicus' GovQA. GovQA is a public records management system that is used by more than one-third of the largest US cities, more than 80 state agencies, and nearly half of the "top" US counties, according to GovQA's website.

Another series of bugs in Granicus' electronic filing system allowed for the leakage of sensitive information, the ability to block user logins or modify accounts without authorization, and privilege escalation. The "critical," 9.8 CVSS-rated bugs were reportedly patched back in April.

A similar platform, Thomson Reuters' C-Track eFiling, allowed attackers to escalate from regular user accounts to those saved for court administrators by manipulating certain fields in the registration process. A patch for the "critical" 9.1-rated bug was confirmed last week.

More issues of similar severity were uncovered in court record systems used in counties in Florida, Arizona, Georgia, South Carolina, and others.

**Why GovTech Is So Flawed**

Government technologies tend to be flawed for all the reasons one might guess.

"A lot of their systems that I've seen are quite literally 20 years old," Parker explains. "They're just adding whatever on top of these legacy platforms for years and years."

Besides standard bureaucracy, outdated and unloved tech is kept alive thanks to a lack of sufficient funding for new systems, services, and security solutions to protect them. And vendors aren't always held to account for the ways in which they fall short on their ends of the bargain.

If anything's going to change, Parker says, it will start with the Federal Risk and Authorization Management Program (FedRAMP) — a governmentwide program for cloud security assessment, authorization, and continuous monitoring — and StateRAMP — a nonprofit offering a similar program for state and local governments. "These are minimum requirements for cybersecurity," Parker says, "and they're being adopted by more and more states, and counties, too."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Gov't, Judicial IT Systems Beset by Access Control Bugs

PRESS RELEASE

CAMBRIDGE, UK, Oct. 1, 2024 /PRNewswire/ -- Darktrace, a global leader in cybersecurity AI, has today announced the completion of its acquisition by Thoma Bravo, a leading software investment firm, for $5.3bn. The recommended cash acquisition was announced on 26 April 2024 and the Scheme of Arrangement has now become effective. 

Jill Popelka, CEO of Darktrace, said: "Thoma Bravo will be a hugely valuable partner as we pursue further scale and innovation for our next stage of growth. Darktrace's position at the cutting edge of cybersecurity AI coupled with Thoma Bravo's deep strategic and sector expertise will be a powerful combination. Protecting businesses and organisations with best-in-class AI-powered, proactive cybersecurity will remain at the absolute core of what we do. Together, we can take this even further, investing in our people to enhance our technical capabilities and delivering exceptional service and value for our customers."

Seth Boro, Managing Partner at Thoma Bravo, said: "Darktrace holds a unique position at the forefront of cybersecurity technology. As one of the early adopters of AI, the value of its capabilities is evident to businesses, governments and society across the world. We are excited to work alongside Jill and the Darktrace team to build on their success, supporting their ambitions to protect the world from the most advanced cyber threats." 

About Darktrace  
Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting organizations from unknown threats using its proprietary AI that learns from the unique patterns of life for each customer in real-time. The Darktrace ActiveAI Security Platform™ delivers a proactive approach to cyber resilience with pre-emptive visibility into security posture, real-time threat detection, and autonomous response – securing the business across cloud, email, identities, operational technology, endpoints, and network. Breakthrough innovations from our R&D teams in Cambridge, UK, and The Hague, Netherlands, have resulted in over 200 patent applications filed. Darktrace's platform and services are supported by over 2,400 employees around the world who protect nearly 10,000 customers across all major industries globally. To learn more, visit http://www.darktrace.com. 

SOURCE Darktrace

You May Also Like

Darktrace Announces Formal Completion of its Acquisition by Thoma Bravo

PRESS RELEASE

New York City, NY. September 30, 2024 – Apono, the leader in privileged access for the cloud, today announced the successful completion of its Series A funding round, raising $15.5 million. The funding round was led by New Era Capital Partners, with participation from Mindset Ventures, Redseed Ventures, Silvertech Ventures, initial seed investors, and more.  

The newly secured funds will be used to advance Apono’s mission of providing AI-driven, simple, innovative, and secure solutions that organizations need to manage access in complex, distributed cloud environments. Additionally, these newly secured funds will be used to accelerate product development and enable Apono to continue its growth, deliver unparalleled value to its customers, and solidify its position as a leader in the identity security space. This latest round brings the total investment from new and current investors to $20.5 million, underscoring strong investor confidence in Apono’s vision and capabilities. 

Apono is a next-gen solution for cloud access governance. The company is committed to delivering capabilities that meet the dynamic needs of modern enterprises and support the development, operations and security teams responsible for securing and maintaining cloud environments they depend on. Apono’s innovative approach provides organizations with a deep understanding of privileged access within their cloud environments, enforces robust security guardrails, and leverages AI-driven least privilege and anomaly detection capabilities to enhance security measures while providing a frictionless experience for end-users. 

“Today, more than ever, we are seeing a shift in the identity space,” said Apono’s Co-Founder and CEO Rom Carmel. “Privileged access management and identity governance are converging, driving the need for more holistic identity and access security solutions, particularly within today’s dynamic cloud environments in which modern businesses operate. As we continue our rapid growth, this funding will enable us to maintain our momentum and continue delivering cutting-edge solutions to our clients. Our investors were drawn to Apono’s unique AI-driven product offering, innovative approach, and its swift adoption by enterprises, recognizing the company’s potential to lead the identity security market.” 

With this investment, Apono is set to significantly expand its US sales and marketing teams, while also expanding investments in research and development. After the company recorded a 300% increase in revenue the last 3 quarters, Apono has welcomed several key industry executives, further bolstering its market position and enhancing its ability to support a rapidly growing customer base. Customers can anticipate new AI-based access product offerings and improved support from Apono’s sales engineering and customer success teams, which have tripled in size in the US. Additionally, to meet the needs of new enterprise customers, the company has added enterprise support teams who will deliver the scale of service today’s enterprises require. These strategic developments will ensure seamless onboarding and continuous support for Apono’s expanding clientele. 

“We are thrilled to support Apono in their mission to revolutionize identity and access security,” said Ziv Conen, Partner at New Era Capital Partners. “Apono’s innovative solution addresses critical challenges in the cloud access management space, providing organizations with robust, scalable solutions. This investment reflects our confidence in Apono’s vision and their ability to lead the market with cutting-edge technology and exceptional customer focus. We look forward to supporting Apono’s continued growth and success as they redefine how businesses manage and secure access in today’s dynamic environments.” 

 “We were able to self-service Apono in minutes, which significantly enhanced customer trust in our global multi-cloud platform. This seamless integration allows our teams to work without friction, ensuring efficiency and productivity. Moreover, it helps us maintain a least-privilege cloud environment, which is crucial for our security and compliance standards,” said Arthur Goren, Director of Cloud Engineering at Hewlett Packard Enterprise.   

Apono is devoted to addressing the evolving needs of the identity and access security landscape, particularly as it has grown to play a more significant role in today’s modern cloud environment. Apono’s solution was built from the ground up to empower organizations to deliver just-in-time, just-enough access management at scale by bridging the security-operational gap in identity and access management. With a focus on innovation and customer success, Apono is poised to redefine how organizations manage and secure access, ensuring robust protection and seamless operations in an ever-changing digital world. 

“In response to the growing complexity and security threats associated with cloud adoption, forward-thinking organizations are increasingly aligning the goals and workflows of their security and engineering teams," said Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC. "Cloud identity and privilege management are central to these alignment efforts. Apono’s approach to cloud privileged access management aligns with these goals and helps bridge the gap between security and engineering teams.” 

For more information visit the Apono website here: www.apono.io.

Apono Raises $15.5M Series A Funding for AI-driven, Least Privilege Solution Set

PRESS RELEASE

NEW YORK and SANTA CLARA, Calif., Oct. 1, 2024 /PRNewswire/ -\- Palo Alto Networks (NASDAQ: PANW) and Deloitte today announced an expansion of their strategic alliance into EMEA and JAPAC regions, making Palo Alto Networks® AI-powered cybersecurity solutions and joint offerings available to Deloitte clients globally. The new agreement builds on the long-standing collaboration between the two organizations, accelerating the adoption of leading cybersecurity capabilities and helping clients realize the benefits of platformization.

Many organizations struggle to manage an increasing number of cybersecurity products to secure their business. This can create a heterogeneous environment that may increase operational complexity and difficulty to achieve essential security outcomes. Platformization, the shift to an integrated platform as opposed to incompatible point solutions, helps reduce the boundaries of these disparate solutions to help organizations enhance security posture while driving operational efficiencies. Embracing this, Deloitte has consolidated multiple point solutions by adopting Palo Alto Networks Cloud and Network Security platforms.

"True transformations require a solution that unites AI-powered platforms with deep industry insights and managed services - what Palo Alto Networks and Deloitte provide clients through our alliance," said Kristy Friedrichs, chief partnerships officer, Palo Alto Networks. "By significantly expanding the availability for our joint offerings and helping mutual customers move to unified platforms, we're addressing their evolving needs and helping them achieve better security outcomes."

"We are focused on helping our clients solve their most complex cybersecurity challenges, which requires ongoing innovation and distinct approaches to technology integration leading to cyber transformation," said Emily Mossburg, Deloitte Global Cyber Leader and a principal, Deloitte & Touche LLP. "Expanding our alliance with Palo Alto Networks enhances our global ability to deliver integrated and platformed security solutions to help global clients improve their security posture through harnessing efficiency and integrating the power of AI to combat the evolving threat landscape."

Deloitte will offer Palo Alto Networks security solutions across its network, cloud, and security operations platforms in order to help clients drive toward consolidation and realize the benefits of AI-powered solutions that ingest integrated data, creating better outcomes and actionable AI insights, including the following:

*   Cyber Detection & Response: Helps enable clients to transform their security operations through the Precision AI-powered Cortex XSIAM® platform that combines the capabilities of  SIEM, SOAR and XDR to simplify operations and accelerate response to cyber threats. Deloitte's intellectual property (IP) can accelerate SOC modernization through consolidation of a heterogeneous tech stack, adoption of complex incident response playbooks, integration with leading IT Service Management (ITSM) platforms and event log aggregation and orchestration, to assist clients in reducing technical complexity while enhancing operational efficiency.
    
*   Cloud Security: Helps to create a more proactive security posture for clients to safeguard their environments, from code to cloud. Deloitte and Palo Alto Networks joint cloud security offerings, launched a year ago, can help enhance the security of ever-changing, cloud-native applications and infrastructure. Deloitte's IP and industry-specific knowledge helps clients mitigate risk and promotes "shift left" security where Deloitte's harmonized cloud security framework, operational workflows and AI-powered automation and orchestration capabilities are deployed to enhance the native capabilities of Palo Alto Networks Prisma® Cloud.
    
*   Zero Trust Adoption: Helps organizations strategize, design, implement, operate and accelerate Zero Trust adoption with the combination of Palo Alto Networks integrated, innovative Network Security platform and Deloitte's IP, workflow integrations and managed services.
    

Learn more about the Palo Alto Networks and Deloitte alliance here.   
Follow Palo Alto Networks on X (formerly Twitter), LinkedIn, Facebook and Instagram.

About Palo Alto Networks   
Palo Alto Networks is the global cybersecurity leader, committed to making each day safer than the one before with industry-leading, AI-powered solutions in network security, cloud security and security operations. Powered by Precision AI, our technologies deliver precise threat detection and swift response, minimizing false positives and enhancing security effectiveness. Our platformization approach integrates diverse security solutions into a unified, scalable platform, streamlining management and providing operational efficiencies with comprehensive protection. From defending network perimeters to safeguarding cloud environments and ensuring rapid incident response, Palo Alto Networks empowers businesses to achieve Zero Trust security and confidently embrace digital transformation in an ever-evolving threat landscape. This unwavering commitment to security and innovation makes us the cybersecurity partner of choice.

At Palo Alto Networks, we're committed to bringing together the very best people in service of our mission, so we're also proud to be the cybersecurity workplace of choice, recognized among Newsweek's Most Loved Workplaces (2021-2024), with a score of 100 on the Disability Equality Index (2024, 2023, 2022), and HRC Best Places for LGBTQ+ Equality (2022). For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, Cortex, Cortex XSIAM, Prisma Cloud and the Palo Alto Networks logo are registered trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.

About Deloitte   
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 8,500 U.S.-based private companies. At Deloitte, we strive to live our purpose of making an impact that matters by creating trust and confidence in a more equitable society. We leverage our unique blend of business acumen, command of technology, and strategic technology alliances to advise our clients across industries as they build their future. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Bringing more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte's approximately 460,000 people worldwide connect for impact at www.deloitte.com.

Source

DARKReading