As the name suggest “Digital Footprint”, it’s the unique traces of your digital presence. As per wikipedia, “ Digital Footprint refers to one’s unique set of traceable digital activities, actions, contributions and communications that are manifested on the Internet or on digital devices.” Here in this blog we will emphasise on how to manage enterprise digital footprint.

An Enterprise Digital Footprint, is an inventory of all the digital assets over internet (web, mobile, individual, social etc) related to an enterprise. In other words, it represent the unique traces of its digital presence like domains, subdomains, IPs, Applications, etc shared over internet intentionally or unintentionally.

We can divide Enterprise digital footprints in 2 categories same as individual digital footprint:

1- Active Digital Footprints: When personal data is released intentionally  (Like in Social Media Pages, known Domains, Subdomains, IPs, Applications etc) – Known Unknowns

2- Passive Digital Footprints: When personal data is collected without owner’s knowledge i.e. shared unintentionally. For example, Local departments like marketing launching a website , cloud/SaaS app bypassing IT and security teams causing no official record of this digital asset or IT puts some application online and forget it to shut it down – Unknown Unknowns

Why Managing Digital Footprint Is Important?

Organisations in digital age are competing based on their technology innovation and how fast are they adopting these new technologies. However, this business need of faster technology adoption causes departments to bypass IT and security teams while launching new application, buying new domains, subdomains etc. or they launched some application but forget it to put it offline, Which in turns exposes the digital attack surface with softer targets for attackers/hackers.

For large enterprise, the unknown digital assets are in hundreds or thousands, can easily find out by novice hackers as well. They have easy way go in and out since not monitored. So, it’s important to know what an attacker can see about your organisation i.e. how you look from outside.

You can’t protect what you don’t even know. So, once you have the inventory of you enterprise digital footprint. Now you can prioritise your Digital Assets. After prioritisation, you take actions to make sure that your all of your external digital assets are secured.

4 Steps To Manage Your Enterprise Footprints:

1. Discover Enterprise Digital Footprints
2. Create an Inventory of all your external Digital Assets
3. Prioritise the digital assets to take actions required to secure digital attack surface
4. Monitor Enterprise Digital Footprints Continuously

FireShadows Digital Foot-printing and Shadow IT Discovery Platform can help organisations discover and map the digital assets which are exposed to internet intentionally or unintentionally. Once you have the inventory of digital assets, Platform helps you to monitor the digital assets as per your business needs. Also with the differential reporting features, You will be notified once some new digital asset is exposed to internet.

As the name suggest “Digital Footprint”, it’s the unique traces of your digital presence. As per wikipedia, “ Digital Footprint refers to one’s unique set of traceable digital activities, actions, contributions and communications that are manifested on the Internet or on digital devices.” Here in this blog we will emphasise on how to manage enterprise digital footprint.

An Enterprise Digital Footprint, is an inventory of all the digital assets over internet (web, mobile, individual, social etc) related to an enterprise. In other words, it represent the unique traces of its digital presence like domains, subdomains, IPs, Applications, etc shared over internet intentionally or unintentionally.

We can divide Enterprise digital footprints in 2 categories same as individual digital footprint:

1- Active Digital Footprints: When personal data is released intentionally  (Like in Social Media Pages, known Domains, Subdomains, IPs, Applications etc) – Known Unknowns

2- Passive Digital Footprints: When personal data is collected without owner’s knowledge i.e. shared unintentionally. For example, Local departments like marketing launching a website , cloud/SaaS app bypassing IT and security teams causing no official record of this digital asset or IT puts some application online and forget it to shut it down – Unknown Unknowns

Why Managing Digital Footprint Is Important?

Organisations in digital age are competing based on their technology innovation and how fast are they adopting these new technologies. However, this business need of faster technology adoption causes departments to bypass IT and security teams while launching new application, buying new domains, subdomains etc. or they launched some application but forget it to put it offline, Which in turns exposes the digital attack surface with softer targets for attackers/hackers.

For large enterprise, the unknown digital assets are in hundreds or thousands, can easily find out by novice hackers as well. They have easy way go in and out since not monitored. So, it’s important to know what an attacker can see about your organisation i.e. how you look from outside.

You can’t protect what you don’t even know. So, once you have the inventory of you enterprise digital footprint. Now you can prioritise your Digital Assets. After prioritisation, you take actions to make sure that your all of your external digital assets are secured.

4 Steps To Manage Your Enterprise Footprints:

1. Discover Enterprise Digital Footprints
2. Create an Inventory of all your external Digital Assets
3. Prioritise the digital assets to take actions required to secure digital attack surface
4. Monitor Enterprise Digital Footprints Continuously

FireShadows Digital Foot-printing and Shadow IT Discovery Platform can help organisations discover and map the digital assets which are exposed to internet intentionally or unintentionally. Once you have the inventory of digital assets, Platform helps you to monitor the digital assets as per your business needs. Also with the differential reporting features, You will be notified once some new digital asset is exposed to internet.

Many organizations have hundreds of vendors and Third-Party risk exposure is one of the biggest threats. Most organizations depend upon partners, vendors, suppliers, contractors and other third parties for day-to-day operations. Each of them presents some potential risk to the organization.

Third-Party Risk Management programs help in assessing the cybersecurity of vendors/3^rd parties that handle an organization’s sensitive data or have access to internal IT systems. The main tools used for Third-Party/Vendor Risk Management are

• Questionnaires method
• Vulnerability Assessments

But these programs miss the key component of effective Third-Party risk management, which is continuous monitoring. Without continuous monitoring, the organization’s sensitive data is still at risk and the internal IT systems might be more at risk which you may not realize.

Here are the reasons why you should consider continuous monitoring for Third-Party risk management:

1. Why Continuous Monitoring is required?

Cyber attacks through third parties have become more common, IT teams started concentrated on cybersecurity of their vendors. Continuous third-party monitoring helps in the improvement of event identification time, event remediation time, response time to events, in comparing security postures among vendors/3^rd parties, industry-specific technology trends.

2. Questionnaire Methods/ Point-In-Time Assessments Are Ineffective:

There are many third-Party risk management tools like questionnaire methods, Vulnerability assessments, penetration tests. But these assessments are done at a single point of time and reflects the cybersecurity posture at that time. Cyber attacks can happen any day and without continuous monitoring, threats and vulnerabilities could not be found out immediately. Continuous monitoring will help the organizations to identify the possible threats and recover based on the technologies implemented. Questionnaire driven approach is flawed since vendors’ answers may not represent the reality and conducting a comprehensive audit is time-intensive and costly and is infeasible to conduct regularly.

FireCompass continuously monitors, analyses and provides alerts on any changes or risks associated. Also, its dashboard gives the opportunity to organization to choose their best vendors based on security score to continue their partnership.

3. Continuous Monitoring Is Necessary:

Continuous Monitoring of vendor risk is necessary for competitive organizations as Data Breaches are becoming common and all it takes is one weakness (risk) from a vendor that would give away sensitive information/data. Public and consumers expect that the organizations will make efforts to protect the data. If your organization experienced a breach caused by a third party then the fact is that consumers probably were not caring whether their information was accessed via your systems or some vendors.

>>See For Yourself (Free Trial): Continuous Recon & Monitoring

Summary:

Continuous Monitoring reduces data breaches, increases accountability. 

Reference:

https://www.firecompass.com/recon-and-attack-platform-firecompass/

https://www.pericertum.com/solutions/third-party-risk-scoring/

Third-Party risks are more as the Third-Party breaches continue to dominate and these breaches are expensive to organizations. Third-parties are those companies that you directly work with such as data management companies, law firms, e-mail providers, web hosting companies, subsidiaries, vendors, sub-contractors. Third-Parties are  basically any organization, whose employees or systems have access to your systems/ data. However, third-party cyber risk is not limited to these companies. Any external software/ hardware that you use for your business also poses a cyber risk. Sometimes the JavaScript that is added to your website, for analytics, may cause a breach by exposing the information of people who visits your website. Recent hacks like CCleaner in 2017 exposed backdoors to well-known software have confirmed that the definition of third-party should not be limited to only the companies that you directly work with. IoT devices can even be considered as a third-party and can be source of a breach.

Here we will explore the Shadow IT Risks for OT Departments. Operations Technology groups can be an integral part of important business functions like production, maintenance and more. This means there are a lot of IT related functions which can be handled by the OT department members in terms of functionality. However, not involving the IT department could mean these IT functions could cause potential security concerns. The OT department member might not be aware of the exact way of handling the IT function like a professional IT member can. Easy attack vectors like servers, insecure IoT devices can pose as common security threats.

Shadow IT has been an increasing trend in the LoB departments. According to a C-space report, LoB managers spent more than 30% of their time making IT decisions. A likely reason is, it’s faster to get things done sometimes without going through an IT department who already are bandwidth constrained. With the rise of high-tech industrial equipments, the dependence on IT related operations increase. According to an IDC report, it predicts IoT spending will reach $1.1 trillion in 2021. This is really placing a higher demand on IT functions, thus needing IT guys in the OT departments.

What’s The Problem?

In short, OT Department is responsible for major functions in the organization and doesn’t necessarily coordinate with the IT department for all IT needs. The enormous small activities get work done faster but this ends in orphaned assets and various other vulnerabilities that the OT department person didn’t have the skills to handle.

Possible Mitigation Strategies

• Stricter IT Policy

Stricter IT policy for connected OT systems could be a solution. However, there are implementation challenges. The OT department may not deem it necessary to contact the IT. OT Department has the responsibilities of production, maintenance and thus like might to retain the authorities here. The IT may have to enforce more severe actions.

The IT concerns may be well founded based on the trending reports. According to a Gartner report, it predicts by 2020, IoT will be involved in more than 25 percent of known enterprise security attacks.

The OT-IT convergence and departmental cooperation seems like a healthy balance to lower costs, increase efficiencies and minimize Shadow IT.

• Using Third Party Vendors With Integrated Solutions And Converged Skills (OT-IT)

These parties can have a set of understanding on both departmental skills (major ones), thus bringing in great flexibility. Advanced OT technologies can be complicated in terms of implementation. This third party adds in a pool of skill resources which are transferable between the OT and the IT departments.

• Continuous IT – OT Asset & Risk Identification

Various tools like Shodan can help in achieving this. The continuous tracking /risk identification of all IT – OT (inter-department) assets can help. The IT department can then formulate their policy to meet the needs of the OT department and even formulate training programs for the simple requirements empowering OT department.

Reference :

https://www.hpe.com/us/en/insights/articles/why-shadow-it-is-a-risky-bet-for-ot-departments-1803.html#

Digital Footprint is the information about the organization that exists on the Internet due to their online activity. Organizations’ digital footprints are expanding and changing at a formidable rate. Employees, suppliers and other third parties are exposing sensitive information without their knowledge. This sensitive data can leave organizations exposed and are used by attackers to exploit organizations. By continuous monitoring and managing their digital footprint and their attackers, organizations can manage to reduce their external digital risks. External Digital Risk Management helps organizations in continuous monitoring for risks in surface, deep and dark web and helps them quickly respond to these risks. 

Most Dangerous Causes of Security Breaches:

• Applications used by teams unknown to security team(Shadow IT)
• Attacks on Unknown or orphaned applications, database, APIs & Misconfigured Cloud Assets
• Lack of visibility on entry points for a hacker (through internet exposed assets & infrastructure)
  
  

The top 4 ways to mitigate risks through digital footprint monitoring are

1. Understand Your Digital Exposure & Shadow IT

2. Mitigate Shadow IT Risks

3. Prioritize Your Remediation Efforts

4. Monitor Continuously

Attackers have their techniques to exploit the exposed digital assets and ineffective security solutions. Digital attacks expose the organization’s sensitive information, and sometimes these attackers trade this information in Dark Web forums.

• Understand Your Digital Exposure & Shadow IT:

Attackers focus on the digital presence to gain access to customer’s credentials and the organization’s sensitive data. You need to have continuous visibility into your entire digital ecosystem. You need to discover an organization’s ever-changing digital footprint including shadow IT, unknown exposed databases, cloud buckets, code leaks, exposed credentials, risky cloud assets and open ports, etc. This means you must be able to validate and manage your digital footprint across a complex environment.

>>Get a Free Report: Find Blind Spots Before Hackers

• Mitigate Shadow IT Risks:

As an organization, you need to track all the exposed digital assets and internet-facing digital assets including Identifying exposed documents & files, Identifying compromised / malicious infrastructure and Identifying exposed services like APIs and RDP.

• Prioritize Your Remediation Efforts

You need to prioritize digital risks to focus efforts on the vulnerabilities that are most likely to be exploited. Having a dashboard summarizing the high, medium, and low priority risks and mitigation recommendation steps is very useful. For example, you should prioritize remediating any incidents that involve crown jewels or a critical asset with a high risk of breach.

>>Get a Free Report on the Your Digital Exposure

• Monitor Continuously

Continuous monitoring provides near real-time view of your digital footprint and risks associated. Monitoring the deep, dark and surface web using nation-state grade reconnaissance techniques and real-time alerts to the right teams help you to identify risks and mitigate them before being exploited.

Reference:

https://www.firecompass.com/blog/top-4-risks-that-can-be-mitigated-through-digital-footprint-monitoring-2/

https://www.enterpriseinnovation.net/files/whitepapers/digital_shadows-digital_risk_management-wp.pdf

https://www.proofpoint.com/sites/default/files/pfpt-us-eb-are-you-monitoring-and-protecting-you-companys-digital-footprint.pdf

Shadow IT  threats involves pushing back on any initiatives that try to bypass IT and fighting the line of business managers for ownership of these projects. Shadow IT opportunity involves transforming shadow IT into official line-of-business shortcuts and becoming the corporate champion of innovative initiatives. Below are a few ways one could looks at Shadow IT as an opportunity.

CISO’s Choice:

There was a time when Business Apps were highly customized that they could not be upgraded or modified without the IT’s assistance and company owned systems (PCs & Laptops) were the only devices available to employees. But these days, IT monopolizing the use of technology within the organization is truly over. All evidence indicates that the Shadow IT trend is only gaining momentum. Even CIO magazine article declared that “conventional IT is rapidly becoming shadow IT”

Now, Information Security Officers ( like CISOs, CIOs) have only two choices: either to see – Shadow IT threat or Shadow IT opportunity.

In a study, analyst firm Frost and Sullivan found out that shadow IT is not actually the result of “rogue employees looking to rebel”, but rather the IT department’s inability or unwillingness to provide users with the technology they need. In this study, it was found that 49% are more familiar and comfortable with their unapproved application, and are therefore able to do their job more efficiently. Another 38% of employees blamed “slow or cumbersome IT approval processes” for the need to procure the service elsewhere. However, shadow IT poses a threat only if it is not managed correctly, or worse, ignored.

Best ways for CISOs to address the issue of shadow IT is to offer the sort of agility and functionality that employees need so they aren’t inclined to look beyond the organization. This means spending less energy on enforcing corporate policy, and more on empowering users. They must recognize that shadow IT can have positive impacts for them professionally and the organization. .

The CISO’s first step to shadow IT management is to start communicating with other business departments. IT needs to take the time to understand the root causes of shadow IT and assess whether the IT service portfolio is really meeting users’ needs. This way, the IT department can be seen to be taking positive steps towards being an enabler – rather than an obstacle – to innovation.

In terms of governance, the key is to have a complete picture of the IT organization. CISOs should have total visibility across all on and off premise environments, both physical and virtual, mobile and desktop systems, applications and services consumed by corporate users, including employees, customers and contractors. An uninterrupted view of the network is also required to identify any threats. These insights enable IT to mitigate the security challenges imposed by shadow IT.

Be Vigilant:

Business functions (Be it finance, marketing or HR) are more tech-intensive and department heads want the most up-to-date technology to drive their operations. As a result, the way organizations buy technology is changing, and the technology budget is no longer solely in the hands of IT.

Shadow IT Is not A Threat To Organization:

Shadow IT is not a threat necessarily – it can be an effective way to meet changing business needs and forge tighter alignment between IT and the business. CISOs must be vigilant about identifying, assessing and managing these unofficial systems to ensure risks are minimal. CISOs need to trust the business units to choose the software and apps they need, and then assist them in making the most of these technology investments.

Domain hijacking is the act of changing the domain name registration without the original Registrant’s permission, or by abuse of privileges on domain hosting and registrar software systems. It is a form of theft that takes place online, where the thief/attacker takes access of a domain without the consent of the domain registrant. It is up to you and your domain/ hosting company to prevent your domain falling prey to these kinds of attacks because they happen due to security flaws.

Domains can be hijacked for malicious use, when attackers seek to take a website/domain down. If it is inaccessible then the domain owner might be losing money, their reputation as a safe website gets affected. The attackers might extract money form you to hand back the domain or they might use it for sensitive information from unknowing visitors which is called as phishing.

Some Attackers/Hackers might transfer the domain from its rightful owner to other name. For these kinds of cases, it is difficult to get back your domain. They might impersonate you to request the registrar to transfer the domain to another account. Legal help is necessary for cases like these.

What Happens When a Domain is Hijacked:

To hijack a domain, an Attacker/Hacker needs to gain access to the targeted domain’s control panel. For domain hijacking, they need the details like

• Domain registrar name
• Administrative email ID and Password associated with the targeted domain. A Hacker can use one of the most popular password cracking methods such as brute-force attack, which involves trying all combinations of numbers, letters and special character combinations until it guesses the password correctly

A straightforward lookup in the public WHOIS database of the target domain will give away the information related to administrator record to attacker including the admin email ID associated with the domain. In effect, anyone listing their information in the WHOIS database is giving out the back-door entry to hijacking their domain name.

To unlock the domains control panel to take over full access, the hacker must hack the admin email to get full access. Once they have this access, they will reset the control panel password, login in and hijack the domain.

Protect your Domains With These Countermeasures:

Domain privacy protection –

Protect your domain cPanel (Control Panel) – don’t allow your domain to suffer from hijacking because of your negligence toward security. Once the domain is registered, the registrar will grant you access to your domain’s cPanel. From the Control Panel, you can modify your domains settings such as which server it is pointed toward.

On registration, you will have to provide an email address for access to the panel. If anyone has the access to the administrative email account, they have get access to your domains control panel and all its settings. Hackers often get this information from the WHOIS registration records. Using domain privacy will block them from access to any information. Use WHOIS privacy to block your name from the WHOIS records, swapping your details for your domain registrars in the records.

Choosing a trusted domain provider –

Another security threat comes is the result of the security failings of your domain provider. If a hacker/attacker has access to the back end of your registrar, your domain might be at risk.

To protect yourself, choose an ICANN accredited domain registrar. ICANN is the body who coordinate IP addresses for domain names across the world, and they also issue new domain extensions. If there are any disputes over ownership, administering body ICANN is the best bet to recover a domain.

Enabling domain auto-renewal –

Not all domains are easily stolen, your domain registration could expire, and someone can register the domain in the meantime. This is an entirely legal practice, so you can’t take any actions against this kind of behavior. To avoid this to happen, enable auto-renewal for your domain or register the domain for longer durations. Most registrars keep it for ten years for example.

How To Recover A Stolen Domain Name:

• Contact your domain registrar, the people you purchased your domain name from initially. Contact the support team and explain the situation and provide them with relevant details such as the account name and mail ID used to purchase the domain, any recent correspondences, and complete any paperwork required
• If the registrar can’t help if the domain has already been transferred to another registrar, then seek legal help. Documentation is the key to proving your right to ownership, for example, copies of registration records or correspondence from registrars relating to the hijacked domain, keep track of any financial transactions associated with you or your organization with the hijacked domain and any marketing material or directory such as the Yellow pages associating the hijacked domain with your organization
• And the final option is to contact ICANN. ICANN has extensive documentation relating to domain dispute resolution

The Deep Web contains nearly 550 billion individual documents. Search engines can only access 16% of the available information, this gives you an idea of the huge size of dark web. There is about 5+ Billion Leaked Credentials, Credit Card Breaches information available on dark web. In this blog, we will talk about Top 8 ways to handle leaked credentials incidents.

Read More: Searchable Database of 1.4 Billion Stolen Credentials Found On Dark Web

Top 8 Ways To Handle Leaked Credentials Incidents

1 – Employees Awareness Training

When comes to leaked credentials incidentas, employees awareness is of utmost important. Employees must be educated about the risks associated with the password reuse in different accounts. Employees should avoid using same password in corporate accounts as they have for social media accounts. Because when one of the account get breached, it gives hackers to do credentials stuffing and get access to your other accounts when same password has been reused.

Departments like HR should take care while clicking on the links in emails coming from employees who has left organisation. Because this might be an attacker disguising as past employees to get access to internal systems through HRs (the weak link). So all these departments should be educated about the impact of such incidents.

2-  Strong Password Policy

Weak passwords should be avoided throughout the organisation, and there should be a policy to have a stronger password (Not reused, not repeated, combination of characters, special characters, numbers, etc).

Employees must be restricted to use corporate Ids in their social media or for any personal use. Also the external corporate services or softwares which are associated with corporate Ids should be checked properly for any vulnerability causing leaked credentials incidents.

Passwords should be updated frequently based on the business criticality of the applications, and services.

3 – Multi Factor Authentication For 3rd Party Corporate Services

As we know that every enterprises uses a lot of 3rd party applications like Salesforce, Google Applications, Enterprise Chat software etc  for their corporate needs. And these applications are associated with corporate email ids. So, there are chances of getting your data breached from these 3rd party applications.

It is recommended to use multi factor authentication to control the access to accounts at your end.

4 – Monitor External Password Dumps For Employees Details Regularly

There are always good chances of making mistakes and data getting breached. So, as a good practice, enterprise should look for breached credentials proactively in external password dumps, and ask employees to update the password whose credentials got breached.

5 – VVIPs Password Management

Passwords on VVIPs like CXO level executives, board members, etc should be taken a special care of. These VVIPs are not only the employees but the brand which represents the company overall.

They will be using their corporate accounts while travelling so make sure that their mobile has secured access of the corporate accounts.

6- User Behaviour Analytics To Understand The Pattern

Enterprise can use past employees leaked credentials and map it with the behaviour of them. This can help them to create a model which can be useful to stop such leaked credentials incidents in future.

7- Emergency Password Reset Procedure

Enterprises should have a emergency password reset procedure to make sure of reduction in further damage in case of leaked credentials. This emergency password reset system should be able to reset the account details from every critical system user has access of.

8- 3rd Party Risk Management

Enterprises are outsourcing a lot of functions to 3rd parties. And these 3rd parties/partners are being the integral part of the business these days with a lot of information being shared with them.

There are good chances of data being leaked from partners end.  So, it is critical for organisations to have a look into the security postures of their partners, and help them to improve their security if needed.

We are super excited to have Terry Cutler (voted #1 Top Influencer in CyberSecurity by IFSEC Global 2018) do a web conference as part of our Kids Cyber Safety Initiative. As a part of his talk he will talk about internet safety for students, social media safety & more

We would also request you to encourage your children, peers, colleagues to register and join us

This is a part of CISO Platform Kids Cyber Safety Initiative Children are amongst the most vulnerable in the Cyber world and we believe It is time for us to do something for our next generation. At CISO Platform community, we have taken on a mission to help the kids. We are creating "Kid's Cyber Safety Week" on June 4 -10 to help train kids and their parents. We need you to help to realize our vision. It would be great if you could indicate your interest by volunteering. Please feel to volunteer here : https://www.cisoplatform.com/page/kids-cyber-safety-initiative

We look forward to as many helping hands as possible. Help us make this place a safer place for kids

Watch Webinar : 

Progress Till Date : 

• 300+ check-lists, frameworks & playbooks
• Platform for comparing security products
• Task force initiatives to solve specific industry problems
• Kid’s cyber safety initiatives

Key Discussion Points : 

• What is Shadow IT?
• What are the types of Shadow IT?
• Practical demo using open source tools
• Controls to manage shadow IT risk

Reason Of Risk : 

• No standardization
• Unknown risks
• Security breaches
• Data leaks

Types Of Risks :

• Third party email service
• Third party applications – whatspp, box
• Unknown assets
• Custom applications / individual built applications / scripts
• Database
• Cloud Buckets, S3
• Github ..online code repository
• Online Free tools / SaaS
• API
• Owner change of assets (person has left)
• Data in non electronical/ Physical forms
• Shadow accounts/privileges
• Shared / Leaked / Default / Weak / Written down passwords
• Backdoors
• IoT
• Rogue devices
• BYOD
• CCTV – source and data destination; set-top box
• 3rd party
• 4th party
• Supply chain

(PPT) Presentation from the discussion : 

RSA conference is one of the leading security conference worldwide.  It creates a tremendous opportunity for vendors, users and practitioners to innovate, educate and discuss around the current security landscape. This blog enlists the top End point Security vendors at RSAC 2017

Endpoint security solutions are suite of products that apply centralized policy based controls to endpoint devices ie, workstations, servers, mobile devices, and other end devices before they are granted access to enterprise network. Endpoint security solutions are one of the basic security tool sets in any organization. They protects endpoints from viruses, spywares, Trojan’s, phishing, unauthorized access and data theft.

Here are the top 6 End point security vendors to watch out for in the EPS market :

Trend Micro

Trend Micro endpoint security gives you the threat protection and data security you need to protect your users and your corporate information across every device and application. You get multiple layers of advanced threat protection, including anti-malware, ransomware protection, memory inspection, encryption, device control, data loss prevention (DLP), vulnerability shielding, command and control blocking, browser exploit prevention, application whitelisting, behavior monitoring, web threat protection, and more.

To Know More: Visit Trend Micro Endpoint Security Product Page

Intel Security

Mcafee new endpoint protection suites emphasize integration, automation, and orchestration as the foundation of the threat defense lifecycle. It harnesses the power of machine learning to detect zero-day threats in near real-time and streamlines the ability to quickly expose and remediate advanced attacks.

To Know More: Visit Intel Security Endpoint Protection Product Page

Kaspersky

Kaspersky offers powerful, granular endpoint controls combined with proactive and management for mobile devices and data. Application, web and device controls, including dynamic whitelisting supported by Kaspersky’s unique in-house laboratory, add a further dimension to deep endpoint security.

To Know More: Visit Kaspersky Endpoint Security Product Page

(Read more: – Top 6 Reasons Why Data Loss Prevention(DLP) Implementation Fails)

Sophos

Sophos Endpoint doesn’t rely on signatures to catch malware, which means it catches zero-day threats without adversely affecting the performance of your device. By correlating threat indicators, Sophos Endpoint can block web and application exploits, dangerous URLs, potentially unwanted apps, and malicious code from ever touching your endpoints.

To Know More: Visit Sophos Endpoint Protection Product Page

Symantec

Symantec multi-layered endpoint protection provides everything from file reputation and behavioral analysis to advanced machine learning AI. And Symantec Endpoint Protection 14 is our lightest and the strongest endpoint protection on the market. Symantec in consistent leader in Endpoint security market from the start.

To Know More: Visit Symantec Endpoint Protection Product Page

Cylance

Cylance PROTECT®, the only enterprise endpoint solution that blocks threats in real time BEFORE they ever cause harm. It will protect your organizations from threats, such as, system- and memory-based attacks, malicious documents, zero-day malware, privilege escalations, scripts and potentially unwanted programs.

To Know More: Visit Cylance PROTECT® Product Page

 For more info on Endpoint Security (EPS) market, please visit: Endpoint Security (EPS) Market Page

RSA conference is one of the leading security conference worldwide.  It creates tremendous opportunity for vendors, users and practitioners to innovate, educate and discuss around the current security landscape.

Identity and Access Management is the practice of managing digital identities through-out their life-cycle, managing access rights to enterprise resources and auditing of user access rights, use/misuse of digital identities. The entire process is mostly automated and require little to no human involvement.

Here are the top 5 Identity and Access Management Vendors to watch out for :

IBM

IBM Security Identity and Access Manager provides automated and policy-based user lifecycle management and access controls throughout the enterprise. Available as an easy-to-manage virtual appliance, it pairs IBM Security Identity Manager with IBM Security Access Manager Platform for more secure user authentication and authorization to applications and data.

To Know More: Visit IBM® Security Identity and Access Manager Product Page

Sailpoint

IdentityIQ® is SailPoint’s governance-based identity and access management (IAM) software solution that delivers a unified approach to compliance, password management and provisioning activities for applications running on-premises or from the cloud.

To Know More: Visit Sailpoint IdentityIQ^_® Product Page

(Read More : Checklist to Evaluate Privilege Identity and Access Management Solutions)

Oracle

Oracle extends its leadership in IAM by introducing the next generation comprehensive security and identity platform that is cloud-native and designed to be an integral part of the enterprise security fabric, providing modern identity for modern applications.

To Know More: Visit Oracle Identity and Access Management Suite Plus Product Page

EMC-RSA

RSA Via is a set of SaaS and software solutions that work together to protect the entire identity and access lifecycle. It features a governance-driven approach to ensure consistency in access controls, regardless of the user’s location, device or where the resources reside. RSA Via ensures continuous compliance with changing rules and regulations without rendering current IAM investments obsolete.

To Know More: Visit RSA® VIA Access Product Page

(Read More : Buyers Guide for Identity & Access Governance)

CA Technologies

The CA Identity Suite provides comprehensive identity management and governance capabilities with a simple, intuitive user experience. In addition, the CA Identity Suite performs risk analysis and certification and enables remediation actions in real-time during the access provisioning steps.

To Know More: Visit CA Identity Suite Product Page

RSA conference is one of the leading security conference worldwide.  It creates tremendous opportunity for vendors, users and practitioners to innovate, educate and discuss around the current security landscape.

Web Security Gateway Vendors provide solutions to protect web-surfing PCs from infection and enforce company and regulatory policy compliance. These gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular web-based applications, such as instant messaging (IM) and Skype.

Here are the top 6 Secure Gateway Vendors you should watch out for :

Zscaler

 Zscaler Web Security provides security, visibility and control, going beyond the basics of web content filtering. Delivered in the cloud, Zscaler includes web security integrated with robust network security platform that features advanced threat protection, real-time analytics and forensics.

To Know More: Visit Zscaler Web Security Product Page

Symantec (Blue Coat)

Blue Coat Secure Web Gateway sits between users and their interactions with the Internet to identify malicious payloads and to control sensitive content. It has broad feature-set to authenticate users, filter web traffic, identify cloud application usage, provide data loss prevention, deliver threat prevention, and ensure visibility into encrypted traffic.

To Know More: Visit Blue Coat Secure Web Gateway Product Page

(Read More : An Overview on Cloud Security)

Cisco

The Cisco Web Security Appliance (WSA) combines advanced threat defense, advanced malware protection, application visibility and control, insightful reporting, and secure mobility in a single solution to make up comprehensive web protection solution.

To Know More: Visit Cisco Web Security Appliance Product Page

Forcepoint

TRITON AP-WEB stops more advanced, non-signature threats to your data than any other solution. TRITON AP-WEB is built on a unified platform that enables all of our products to work together and provides industry-leading reporting, sandboxing and DLP capabilities.

To Know More: Visit TRITON AP-WEB Product Page

(Read More : Technology/Solution Guide for Single Sign-On)

Intel Security

McAfee Web Gateway delivers web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine. McAfee Web Gateway is part of the McAfee Web Protection solution alongside McAfee Web Gateway Cloud Service, available together to provide optimal protection for users everywhere.

To Know More: Visit McAfee Web Gateway Product Page

Please suggest the 6th Secure Web Gateway solution of your liking, which you feel has worked for your organization, in the comments below.

For more info on Secure Web Gateways (SWG) market, please visit: Secure Web Gateways (SWG) Market Page

RSA conference is one of the leading security conference worldwide.  It creates a tremendous opportunity for vendors, users, and practitioners to innovate, educate and discuss around the current security landscape.This blog enlists the top IT GRC vendors at RSAC 2017.

IT-GRC solutions allow organizations to effectively manage IT and Security risks while reducing the cost and complexity of compliance. IT and Security GRC management solution are focused on leveraging near-real time information on IT and Security assets – application, data and infrastructure – that are increasingly virtual, mobile and in the cloud – and correlating that information in the context of business processes, policies, controls, as well as partners, supply chain and customers to understand the size, scope, and scale of risks.

Here are the top 6 vendors to watch out for in ITGRC market:

EMC-RSA

RSA Archer eGRC Solutions allow you to build an efficient, collaborative enterprise governance, risk and compliance (eGRC) program across IT, finance, operations and legal domains. These solutions include Policy, Risk, Compliance, Enterprise, Incident, Vendor, Threat, Business Continuity and Audit Management

To Know More: Visit RSA Archer eGRC Solutions Page

IBM

The IBM OpenPages GRC Platform delivers a modular platform for foundational GRC, enabling businesses to deploy scalable solutions for managing enterprise wide risk and compliance. Designed to increase overall productivity and efficiency, the OpenPages GRC Platform supports agile implementation for rapid time to value.

To Know More: Visit IBM OpenPages GRC Platform Page

Metricstream

MetricStream offers an advanced and comprehensive IT GRC software solution for streamlining IT GRC processes, effectively managing IT risk, and meeting IT regulatory requirements. The MetricStream solution enables companies to implement a formal framework to rigorously measure, mitigate, and monitor IT risks.

To Know More: Visit MetricStream GRC Product Page

Rsam

Rsam’s Enterprise GRC software helping organizations successfully manage risk, compliance, audit, and security needs, effectively. The Rsam Platform provides the most intuitive and flexible solutions for GRC, Security Risk Intelligence, Vendor /Third-Party Risk Management, KPI/KRI Metrics, and On-Demand applications.

To Know More: Visit Rsam’s Enterprise GRC Software Page

(Read More:- Key Metrics for your IT GRC Program)

Risk Vision

RiskVision™ is an integrated, purpose-built risk intelligence platform that offers a flexible, modular approach to managing enterprise risk. RiskVision pre-packages concurrent Integrated Risk Management Solutions (IRMS) and Security Operations, Analytics, and Reporting (SOAR) use cases that integrate risk’s three lines of defense.

To Know More: Visit RiskVision™ Platform Page

Lockpath

Lockpath Keylight Platfrom consists of a fully integrated suite of management applications designed to manage all facets of compliance and risk programs, including IT Risk Management, Operational Risk Management, Vendor Risk Management, Audit Management, Business Continuity Management and Corporate Compliance.

To Know More: Visit Lockpath Keylight Platfrom Page

For more info on ITGRC market, please visit: IT Governance, Risk and Compliance (IT GRC) Market Page

RSA conference is one of the leading security conference worldwide.  It creates a tremendous opportunity for vendors, users and practitioners to innovate, educate and discuss around the current security landscape.

Threat Intelligence Program is a set of people, process and technology which enables you to proactively Identify, collect, enrich and analyze threat information, strategic and tactical, so that your organization is ever ready to defend and respond to any kind of cyber attacks. Threat intelligence as applied in conventional security is  any information that helps you tune your security defenses, build an effective response program for any contingency and also if required take preemptive measures to neutralize any looming threats.

Here are the top 7 vendors to watch out for in Threat Intelligence market:

FireEye (I-Sight partners)

FireEye iSIGHT® Threat Intelligence is a nation-grade offering that provides tactical, operational and strategic intelligence. It delivers knowledge about adversaries and their motivations, intentions, and methods to help organizations proactively assess and manage the risks that they face, detect and prevent attacks, and build attack context for the alerts that they face.

To Know More: Visit FireEye iSIGHT® Threat Intelligence Product Page

Symantec

Symantec Deepsight threat intel is a cloud-hosted cyber threat intelligence platform that provides that edge. DeepSight provides you access to technical and adversary intelligence collected by Symantec through its end-points and other security products and aggregated through its big data warehouse.

To Know More: Visit Symantec Deepsight Threat Intel Product Page

LookingGlass (Cyveillance)

LookingGlass delivers comprehensive threat intelligence-driven solutions which includes, a threat intelligence management platform, threat mitigation solutions, and threat intelligence services. LookingGlass enables security teams to prevent, detect, understand, and respond to analyzed, prioritized, relevant threats.

To Know More: Visit LookingGlass Threat Intelligence Solution Page

(Read More: Opening the Door to DoD Perspectives  on Cyber Threat Intelligence)

EMC

The RSA FirstWatch mission provides RSA Security Analytics customers covert tactical and strategic threat intelligence on advanced threats and actors. The team focuses on threats that were previously unknown to the security community including malicious code and content analysis, threat research, ecosystem analysis, and profiling threat actors.

Website link: https://www.emc.com/

Verisign

Verisign iDefense Security Intelligence Services has established a proven track record of providing timely, relevant and actionable cyber threat intelligence to the largest organisations in the world. Equally notable is iDefense’s role as the security intelligence provider for Verisign, helping keep .com and .net critical DNS infrastructure secure and 100 per cent available.

Website link: https://www.verisign.com/

Crowdstrike

With CrowdStrike Falcon Intelligence, you’ll develop insights into the tools, tactics, and procedures of 70+ adversary groups – allowing you to plan for events in the future, diagnose incidents more efficiently, and monitor changes to your environment to prevent damage from advanced malware and targeted attacks.

To Know More: Visit CrowdStrike Falcon Intelligence Product Page

(Read More: Webinar on “Defusing Cyber Threats Using Malware Intelligence”)

Alienvault

Alienvault Labs Threat Intelligence feeds are available to the AlienVault USM Platform users. AlienVault Labs Threat Intelligence drives the USM platform’s threat assessment capabilities by identifying the latest threats, resulting in the broadest view of threat vectors, attacker techniques, and effective defenses. AlienVault also has Open Threat Intelligence exchange platform for collaboration and sharing of threat intelligence among communities.

To Know More: Visit AlienVault Threat Intelligence Product Page

For more info on Cyber Threat Intelligence (CTI) market, please visit: Cyber Threat Intelligence (CTI) Market Page

RSA conference is one of the leading security conference worldwide.  It creates a tremendous opportunity for vendors, users and practitioners to innovate, educate and discuss around the current security landscape.

Email security gateways prevent malware, phishing attacks, spam and other unwanted emails from reaching their recipients and compromising their devices, user credentials or sensitive data. Email security refers to the collective measures used to secure the access and content of an email account or service. It allows an organization to protect the overall access to one or more email addresses/accounts.

Here are the top 5 vendors to watch out for in Email security market:

Proofpoint

Proofpoint Email Protection stops malware and non-malware threats such as impostor email (also known as business email compromise, or BEC). Deployed as a cloud service or on-premises, it provides granular filtering to control bulk “graymail” and other unwanted email and business continuity capabilities keep email communications flowing, even when organizations email server fails.

To Know More: Visit Proofpoint Email Protection Product Page

Cisco

Cisco Email Security protects against ransomware, business email compromise, spoofing, and phishing. It uses advanced threat intelligence and a multilayered approach to protect inbound messages and sensitive outbound data.

To Know More: Visit Cisco Email Security Appliance Product Page

(Read More: Secure your Gmail , Hotmail & Dropbox with 2-Factor Authentication)

Microsoft

Microsoft Exchange Online Protection provides a layer of protection features that are deployed across a global network of datacenters, helping organizations simplify the administration of their messaging environments. Another Microsoft product for exchange “Office 365 Advanced Threat Protection you can protect against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.

To Know More: Visit Microsoft® Forefront® Online Protection for Exchange Product Page

Symantec

Symantec™ Email Security.cloud filters unwanted messages and protects users from targeted attacks. The service has selflearning capabilities and Symantec intelligence to deliver highly effective and accurate email security. Encryption and data loss prevention help you control sensitive data. It supports Microsoft Office 365, Google Apps, on premises or hosted Microsoft Exchange, and other mailbox services, delivering always-on, inbound and outbound messaging security.

To Know More: Visit Symantec™ Email Security.cloud Product Page

(Read More: 50 EMERGING IT SECURITY VENDORS TO LOOK OUT FOR IN 2017)

Mimecast

Mimecast Secure Email Gateway uses multi-layered detection engines and intelligence to protect email data and employees from malware, spam, phishing, and targeted attacks. Mimecast email security appliance is deployed in cloud.

To Know More: Visit Mimecast Secure Email Gateway Product Page

For more info on Email Security market, please visit: Email Security Gateways Market Page

From our experience of helping organisations in building their ‘Vulnerability Management’ program, we feel that one of the major challenge the security manager/management faces does not always know the reality on the grounds. Obviously, the management is extremely busy and has got too many priorities. It is natural to get into managing whirlwinds. So, I wanted to define a few questions which can help you to find out how robust is your application security management program and also for assessing vulnerability management program better. Not just that, by asking the questions you will also be able to formulate your vulnerability management strategy better.

( Read More: Top 6 Reasons Why Data Loss Prevention (DLP) Implementation Fails )

Vulnerability Management Program – Key Questions to assess the maturity of your application:

Goal Setting, Measurement, Team

1. Do you have clearly defined and measurable application security program goals which can be understood across your team?
2. Do you have a set of measures to assess if the application security program has failed or succeeded? (Lead Measures)
3. Do you have a set of measures that can predict whether your program goals will be met in future? (Lag Measures)
4. Does your team have a weekly/real time dashboard to know how well they are performing without being reviewed by their manager?
5. Do you know the team’s capacity of testing? Is there a gap between the need and the capacity? Are you measuring the output vs capacity?
6. Do you have a single owner for managing the Application Security Program?

Knowing your Key Metrics

1. Do you know how many applications you have, their owners and business criticality?
2. Do you know how many critical vulnerabilities are open i.e yet to fixed?
3. Do you know the average fixing time?
4. Do you know the cost per test? (all inclusive i.e. Salary, hardware, software, Management cost)
5. Do you have enough people to test and remediate?

Quality

1. Have you tested for business logic flaws? What’s the “False Negative Rate”?
2. Are similar vulnerabilities being repeated again and again?
3. Did you build an integrated application security program?  i.e Vulnerability Management, Fixing, Training, SIEM, WAF etc are integrated in a seamless manner.

( Read More: 8 Questions To Ask Your Application Security Testing Provider! )

Here is the list of my top 10 blogs on DLP solution, which you should go through if you are in-charge of creating, implementing and managing DLP program in your organisation.

1. A business case for Data loss prevention:

A good small write up giving out some of the tips for building a business case for DLP in terms of some of the immediate benefits that it brings to the organisation, such as data security and compliance obligations.

2. Building a business case for DLP tools:

A comprehensive article and guide to help you build a business case for DLP solution.

3. Positioning DLP for executive buy-in:

A blog from Digital Guardian, one of the leading vendors in DLP market, talks about how to build allies and properly position DLP to decision makers. This Blog is a part of more comprehensive guide ” The definitive guide to DLP”

4. Tips for creating a data Classification policy:

A good data classification policy is perhaps the most important pre-requisites for a successful DLP program in any organisation. This Blog from TechTarget gives out some of the tips for a workable data classification policy.

5. Key considerations in protecting sensitive data leakage using DLP tools:

This article from ISACA highlights 10 key considerations that could help organisations plan, implement, enforce and manage DLP solutions. This article also gives a good overview of DLP solution in general

6. 5 tips to evaluate your readiness before implementing DLP solution:

This Blog from CISO platform lists out the five questions to ask yourself to assess your organisational readiness for implementing DLP solution. You should take care of these 5 things before you go ahead with your DLP project.

7. 7 Strategies for a successful DLP deployment:

This blog from CSOonline lists out a set of strategies to help you see through a successful DLP implementation. Though it’s obvious people often miss out on these.

8. How to evaluate DLP solutions: 6 steps to follow and 10 questions to ask:

Choosing the right DLP solution for your company can be overwhelming; in order to make an educated buying decision, each vendor must be properly evaluated for its strengths and weaknesses.

9. Top 6 reasons why DLP implementations fail:

Another blog from CISO Platform lists out some of the top reasons why a DLP implementation may fail or may not achieve the stated company objectives.

10. An Expert Guide to Securing Sensitive Data: 34 Experts Reveal the Biggest Mistakes Companies Make with Data Security:

Digital guarding has some of the good resources on DLPsolution. This blog elicits insights from some of the data security experts on top mistakes one can make while approaching a data security problem in organisations.