This blog lists out 6 key metrics to measure the maturity and effectiveness of your Data Loss Prevention (DLP) program. All the metrics are operational and can be measured quantitatively to help you fine-tune your DLP program.

• Number of policy exceptions granted for any defined time period:

This is the number of exceptions granted over a defined time period. Exceptions are temporary permissions granted on a case-to-case basis. If the Exceptions are not tracked or documented these could result in potential vulnerabilities for exploitation. Ideally, the number of exceptions for a defined time period should remain as minimum as possible

• Number of False positives generated for any defined time period:

One of the major challenges in DLP program is dealing with false positives. Any mature DLP program within an organisation will try to reduce the false positives to near zero value. This metric is a very good indicator of your Data classification effectiveness, DLP rule-set effectiveness etc.

• Mean time to respond to any DLP alerts:

This is the mean time to respond and initiate action to DLP alerts regarding possible data ex-filtration attempt. This metric is important as most DLP implementations are for alerts only and aren’t put into Blocking mode due to high False-positives.  DLP alerts are among the most significant security events that if not prioritised can result in a major data breach. DLP alerts can uncover malicious insider attacks,  advance persistent threats

• Number of un-managed devices in your network handling sensitive data:

This is the number of unmanaged devices which processes and stores sensitive data. This could be file shares, endpoints, servers etc. Each of these devices is potential egress points for sensitive data. A good DLP program will have all of the devices, that handles sensitive data, managed using DLP tool.

• Number of Databases not yet fingerprinted:

Database fingerprinting is one of the key methods which any modern Data Loss Prevention tool use to protect your sensitive data against possible leakages. Ideally, all the databases holding sensitive data must be fingerprinted and available to the DLP tool. This metric gives an indication of the risks associated with databases which are yet to be fingerprinted.

• Number of Databases and data residents not yet classified:

The first step in any Data Loss Prevention program is data classification. Data classification is done to identify sensitive data wherever it resides. It is imperative to classify databases and other data resident devices so that effective controls can be applied to them. If you are blind about your sensitive data sources your DLP is already a failure. This metric indicates you the number of databases, devices, endpoints, file shares which are still at your blind spots.

Do let me know if you want us to add or modify any of the listed metrics. Check out the Data Loss Prevention market within FireCompass to get more information on these markets.

We have completed our selection of the final list of 50 emerging IT Security Vendors to look out for in 2017 from the 1500+ Vendors globally. Believe me this was not easy & we don’t claim this is exhaustive list as it probably will never be as we might have missed some of the products. But still we gave our best to give you the top guns who are uniquely innovative.

Emerging IT Security Vendors:

Here is the list of Top 50 Emerging IT Security vendors to watch out for: 

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.  The solutions are anchored on patented innovations in Deception and Data Science. This enables a DevOps approach to ATD, enabling ease of deployment, monitoring and management. Acalvio enriches its threat intelligence by data obtained from internal and partner ecosystems, enabling customers to benefit from defense in depth, reduce false positives, and derive actionable intelligence for remediation.

Anomali provides earlier detection and identification of adversaries in your organization network. Anomali delivers earlier detection and identification of adversaries in your organization’s network by making it possible to correlate tens of millions of threat indicators against your real-time network activity logs and up to a year or more of forensic log data. Its approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred. They have offerings like STAXX (Free), ThreatStream and Anomali Enterprise.

Arxan is the world’s most comprehensive enterprise solution for application protection, period. Specializing in Mobile and IoT, Arxan protects sensitive data, prevents copying, tampering, unauthorized access and modifications to applications. It also blocks the insertion of malicious code and determines whether or not environments are safe for running mobile apps.

Baffle™ Encryption as a Service (End-to-end encryption for the sensitive data in your database with no risk of breach): Baffle addresses this insider threat by providing an easy way to keep data encrypted on database servers. This solution protects data irrespective of whether the data is on disk, in memory, or being processed in the database. Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

BigID is transforming enterprise protection and privacy of personal data. Organizations are facing record breaches of personal information and proliferating global privacy regulations with fines reaching 4% of annual revenue. Today enterprises lack dedicated purpose built technology to help them track and govern their customer data. By bringing data science to data privacy, It aims to give enterprises the software to safeguard and steward the most important asset organizations manage: their customer data.

BluVector is a cyber-threat detection and hunting platform that defends enterprises against evolving security threats. Leveraging patented machine learning technology and based upon years of malware analysis and classification, BluVector delivers fast, highly scalable, and integrated detection of malicious software targeting enterprise networks to help security teams stay ahead of advanced threats and protect against data breaches and theft.

Cato Management Application enables full traffic visibility for the entire organizational network and a way to manage a unified policy across all users, locations, data, and applications (both internal and Internet/Cloud-based). The Cato Cloud environment is managed by Cato’s global Network and Security Operations Center, manned by a team of network and security experts to ensure maximum up-time, optimal performance, and highest level of security.

Cavirin provides security and compliance across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker. It has capabilities like Continuous Visibility Extended to the Cloud, Automated Analysis and Reporting, Cloud-Agnostic Security & Continuous Security Compliance etc.

Centrify is the next generation enterprise security platform, built to protect against the leading point of attack for cyber threats & data breaches — compromised credentials. It protects against the leading point of attack used in data breaches — the password. It protects end users and privileged users by stopping the breach at multiple points in the cyber threat chain and secures access to apps and infrastructure across your boundary less hybrid enterprise through the power of identity services.

Claroty discovers the most granular OT network elements, extracts the critical information, and distils it into actionable insights needed to secure and optimize complex industrial control environments. Claroty provides a clear view of each site’s control assets, and displays real-time status.  Claroty provides the deepest and broadest visibility across complex multi-vendor OT environments. It uncovers hidden issues and provides real-time monitoring of critical control systems.

Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts.

CryptoMove is a fundamental innovation that protects data with continuous movement. As CryptoMove moves data, distributed and decentralized CryptoMove nodes perform dynamic mutation, fragmentation, distribution, and re-encryption with any algorithm. Their solution key value offerings are active defense fights back (Integrity attacks, Data destruction & Ransomware, Data Recon & Exfiltration, future-proof software defined secure storage (Encryption agnostic, re-encryption, Security orchestration etc.)

Cybellum’s Zero-Day Prevention Platform™ is easily deployed with no need to configure learning algorithms prior to the set-up. Their platform gives fully automatic forensics and visibility into each incident without the need for cyber experts to operate the platform. Deterministically tackling the cause of zero-days gives you a real solution for known and unknown threats in your organization. True security cannot be achieved using heuristic algorithms and are always prone to error unlike Cybellum. Alerts and false positives are vast and occur daily which consumes a lot of management resources.

Cyence brings together data science, cybersecurity, and economics to build a unique analytics platform that quantifies the financial impact of cyber risk. It is used by leaders across the insurance industry to prospect and select risks, assess and price risks, manage risk portfolios and accumulations, and bring new insurance products to market.

Cymmetria‘s  MazeRunner platform lets you dominate an attacker’s movements from the very beginning – and lead them to a monitored deception network. MazeRunner shifts the balance of power to the defender’s side. It intercepts attackers during the reconnaissance phase, when they have no knowledge of the network. The hackers are led through a carefully planned path toward a controlled location. At this point, believing the target is real, the attacker is revealed and their tools confiscated.

Darkcubed help companies save money and improve security by reducing complexity, designing new workflows, and improving data quality.  It delivers enterprise-grade capability without impossible investment or armies of analysts. The Dark Cubed Cyber Security Platform demonstrates their commitment to meeting their customer’s needs, wherever they are. Whether you need a product that can be deployed physically, virtually or in the cloud, they have the solution.

Demisto Enterprise 2.0 is industry’s first comprehensive incident management platform to offer integrated threat intelligence and security orchestration. The new capabilities enable enterprises to integrate leading threat feeds with it to manage indicators and automate threat hunting operations, saving time, and significantly reducing the risk of exposure. Unprecedented insight and resolution into complex incident. You are the front-line – performing security incident response. You work valiantly to protect your company and its people from cyber-attacks.

EnVeil is Powered by homomorphic encryption, EN|VEIL’s scalable framework lets enterprises operate on data (query/analytics) without ever revealing the content of the interaction, the results, or the data itself. They won 2^nd Place in the RSA Conference 2017 innovation sandbox contest.

Evident.io security platform gives us the birds-eye view of their AWS infrastructure that makes us certain they are delivering a secure and solid service for their customers. Its continuous security & compliance for your public cloud. It has capabilities like security & compliance for AWS, Build for modern cloud environments, continuous monitoring etc.

FinalCode makes implementing enterprise-grade file encryption and granular usage control easy, manageable and in a way, that provides persistent protection of files wherever they go. By providing file security management, not file storage, distribution, or content management, FinalCode allows for rapid and flexible deployment.  This patented approach preserves user work flows, file storage and collaboration platform investments, while protecting files across all communication channels: trusted, untrusted, private, or public.

Fugue is an infrastructure-level cloud operating system. It builds, operates, and terminates cloud infrastructure and services and automates the continuous enforcement of declared infrastructure configurations. Fugue completes the DevOps workflow by automating cloud lifecycle management via enforced and versionable infrastructure as code. Fugue is a single source of truth and trust for the cloud. Fugue removes the complexity and undifferentiated burden of configuring and maintaining cloud infrastructure, allowing you and your team to focus on creating value with your applications.

GreatHorn is built on a foundation of machine learning, automation, and cloud-native technology, it deploys in minutes, reducing risk, and simplifying compliance through a combination of real-time monitoring and policy-driven response. They have offerings like Inbound Email Security, Messaging Security & GH Threat Platform.

GuardiCore is specially designed for today’s software-defined and virtualized data center and clouds, providing unparalleled visibility, active breach detection and real-time response. Its lightweight architecture scales easily to support the performance requirements of high traffic data center environments. A unique combination of threat deception, process-level visibility, semantics-based analysis, and automated response engages, investigates, and then thwarts confirmed attacks with pin-point accuracy.

Hexadite is a Cyber analyst thinking at the speed of automation. Modelled after the investigative and decision-making skills of top cyber analysts and driven by artificial intelligence, Hexadite Automated Incident Response Solution (AIRS™) remediates threats and compresses weeks of work into minutes. With analysts, free to focus on the most advanced threats, Hexadite optimizes overtaxed security resources for increased productivity, reduced costs, and stronger overall security. Hexadite AIRS integrates with a full range of enterprise detection tools to investigate every alert your system receives.

Click Here to know more about Security Operations, Analytics and Reporting (SOAR) Market

Illusive networks is a cybersecurity company at the forefront of deception technology, the most effective protection against Advanced Attacks. illusive creates an alternate reality, transparently woven into your existing network. Attackers led into this reality will be instantly identified beyond all doubt, triggering a high-fidelity alert you can act upon.

Immunio is based on patented runtime self-protection technology that protects your web apps and your customers against application layer attacks.When an attacker attempts to exploit your app, IMMUNIO collects and reports information about the attacker, the exploit attempt, and the code vulnerability. The attack is automatically prevented, and you have the information to stop it from ever happening again.

Intsights is an intelligence driven security provider, established to meet the growing need for rapid, accurate cyber intelligence and incident mitigation. Their founders are veterans of elite military cybersecurity and intelligence units, where they acquired a deep understanding of how hackers think, collaborate and act. This is achieved through a subscription-based service which Infiltrates the cyber threat underworld to detect and analyse planned or potential attacks and threats that are specific to their partners and Provides warning and customized insight concerning potential cyber-attacks, including recommended steps to avoid or withstand the attacks.

Kenna uses almost any vulnerability scanner you may have (Qualys, Nessus, Rapid7) and integrates it with over 8 threat feeds, giving you unparalleled insight into what you need to fix first. It’s like having a team of data scientists working on your behalf. Use the power of Kenna to correlate vulnerability scan data, real-time threat intelligence, and zero-day data into one easy-to-understand dashboard display. With less time spent on parsing scan results, integrating with threat intelligence, and creating reports, your InfoSec team can double their efficiency and productivity.Nehemiah Security operates throughout an enterprises network to make security operations – and the business – run better. They have capabilities of detecting the most harmful exploits without any prior knowledge, reduces time required to respond and remediate down to seconds and unleash artificial intelligence for continuous optimization and learning.

Perimeterx is Sophisticated attackers can inflict damage without triggering your security mechanism. By focusing on the behavior of humans, applications, and networks. It catches real-time automated attacks with unparalleled accuracy. Their solution has key capabilities like detect abnormal behavior, diagnose user as a human or malicious bot, can be deployed in minutes etc.

Phantom reduces dwell times with automated detection and investigation. Reduce response times with playbooks that execute at machine speed. Integrate your existing security infrastructure together so that each part is actively participating in your defense strategy which includes Improve security by reducing your Mean Time to Resolution (MTTR), Marshall the full power of your security investment with defense that operate in unison and Deploy apps developed by Phantom, the community, or your own team. Automate repetitive tasks to force multiply your team’s efforts and better focus your attention on mission-critical decisions.

PhishMe Simulator embraces the concept of learning through doing.  It was never meant to be “computer-based training” like the traditional videos employees have to watch once a month or quarter. It is the leading provider of anti-phishing CBT and enjoys robust success globally… This capability is supported with flexible and effective analysis and reporting capabilities.

RedLock is a platform that provides the ease of use, visibility, continuous monitoring, and investigation tools that security and compliance teams need to do their jobs at SecDevOps speed. They have capabilities like frictionless Deployment, Instant Visibility, Continuous Monitoring, Easy Audits & Security Investigations and Unprecedented Due Diligence etc.

SafeBreach has A Unique Approach to Offensive Security – A fundamentally-different platform that automates adversary breach methods across the entire kill chain, without impacting users or your infrastructure. It has capabilities like Deploy simulators to “play the hacker”, Orchestrate and execute breach scenarios, continuous validation and quickly take corrective action.

Silent Circle is a secure communications company offering mobile devices, software and applications, and communication management services to the enterprise. Silent Manager is a user-friendly, web-based service that manages the Silent Circle users, groups, plans, and devices in use across your enterprise with simple, zero-touch deployment. It can be used in conjunction with identity management systems to authorize a user’s account, or it can stand independently.

Sparkcognition is the world’s first Cognitive Security Analytics company. It has capabilities like adding Human Intelligence at Machine Scale. It adds a cognitive layer to traditional security solutions, increasing the operational efficiency and knowledge retention of your incident response and security analyst teams. It identifies new attacks automatically with over 45,000 zero-day attacks occurring every day, solutions that rely solely on signature matching are behind the times.

StackPath is the only web services platform built on security, with a fortified, machine learning core that aggregates, analyses, and syndicates real-time threat data both to and from each of their secure services. With StackPath, security is what’s built on, not bolted on. They have quite a few capabilities like Web Application Firewall, DDos Mitigation, Infrastructure, and Compliance.

ThinAir is the industry’s first Data Defense and Intelligence Platform. On their platform, enterprises have unprecedented visibility, control, and insight into all the data in their organization. Sensitive data is protected from insider threats, malware, and even human error. They see everything and protect what matters. It automatically tags all your digital assets—no complex processes or end-user involvement required. The full spectrum of metadata feeds directly into the powerful ThinAir platform. 

Topspin Security empowers your security professionals to go on the offensive against APT and other sophisticated network threats. Their solutions learn your network topography and sniff all egresses to keep ahead of attackers. Using their deep network insights to intelligently plant mini-traps (breadcrumbs), it identifies attacks early and diverts attackers to a decoy network. Then, they track Command and Control communications and catch attackers in the act.

Trusona solves the fundamental problem with the Internet is that you don’t know who is on the other end. For this reason, Trusona identity proofs Internet users to become TruUsers. Identity proofing is done one time. Then, on every use of Trusona, user’s dynamic credentials and their patented anti-replay runs behind the scenes to ensure the user is who they say they are.

UnifyID combines implicit authentication with machine learning to uniquely identify you on more than 500 websites and unlocks a new generation of IoT devices making remembering passwords a thing of the past. UnifyID, a service that can authenticate a user based on unique factors like the way you walk, type and sit. They won most innovative start-up award at RSA Conference 2017 innovation sandbox contest.

Uplevel applies advanced data science to aggregate and contextualize cybersecurity data from internal systems and external sources, extract meaningful insights and provide automation throughout the incident response lifecycle. They have A Sophisticated Platform for Informed Response. Their solution has capabilities like Manage incidents and threat intelligence, Orchestrate workflows, Assess and apply threat intelligence etc.

Vera (formerly Veradocs) enables businesses to easily secure and track any digital information across all platforms and devices. It has capabilities like Secure any file, on any device, Seamless user experience, Granular visibility and control, Military-grade file encryption, Real-time policy enforcement, and Centralized control and analytics.

Veridium offers an end-to-end, biometrics-based authentication solution for the enterprise. Everyone acknowledges that passwords are a weak link in enterprise security. You can lose them, share them, and crack them. Biometrics can strengthen legacy systems by adding an additional layer of security. With their technology, a company can deploy biometrics as a second factor or replace passwords altogether. Either way, you can now truly verify the identity of the end user. VeridiumID is a server-side protocol for biometric authentication that works in conjunction with a front-end mobile SDK that allows you to embed biometrics into your company’s mobile app.

Veriflow pioneered a new way for enterprises to model, manage and protect their networks from vulnerabilities and outages. Leveraging Veriflow’s patented continuous network verification technology, enterprises can now predict all possible network-wide behavior and mathematically verify availability and security, instead of waiting for users to experience outages or vulnerabilities to be exploited. Their solution has capabilities like Network Segmentation & Vulnerability Detection, network Availability & Resilience, Continuous Compliance & Dynamic Mapping etc.

Votiro patented Advanced Content Disarm and Reconstruction (CDR) technology is a proactive, signature-less technology that targets the file formats that are most commonly exploited via spear phishing, other advanced persistent threats, and cyber-attacks. Even security analyst’s firms, including Gartner, states that increasingly organizations will need to add CDR technology to their cyber security protection to assist organizations with today’s ever rising sandbox evasion techniques.

vThreat helps companies verify the efficacy of the three pillars of cybersecurity: people, process, and products. Their solutions imitate the techniques, tactics, and procedures that real-world attackers use, such as: phishing, lateral movement, data exfiltration, and malware distribution. Its 100% cloud-based solution makes it easy to verify your security posture in seconds.

Zentera CoIP® solution directly addresses the security and networking needs of the multi cloud market. CoIP’s security capabilities are deeply integrated with its virtual overlay network, accelerating productivity, and business agility. CoIP works with any transport in any environment, does not interfere with existing infrastructure, and can be up and running in less than a day. The company is a Red Herring Top 100 winner based in Silicon Valley, and offers CoIP through select partners.

Zingbox leads a new generation of cybersecurity solutions focused on service protection, today unveiled IoT Guardian: the industry’s first offering that uses Deep Learning algorithms to discern each device’s unique personality and enforce acceptable behavior. IoT Guardian’s self-learning approach continually builds on previous knowledge to discover, detect, and defend critical IoT services and data while avoiding false positives with 99.9 percent accuracy. It works for any IoT Device, Has Trusted Behavior, and Ensures Business Continuity. 

360 Security provides 360° of protection, backed by a leading antivirus engine. Their intelligent boost and clean technology keeps your device junk-free and fast. They provide capabilities like Real-time protection, at all times, Impossibly fast smartphone acceleration and will Keep your device spotless, like it’s still new etc.

1000 + Products (Product Comparison Platform):

It is the platform for simplifying your IT-security buying process. Product Comparison Platform currently has 30+ IT security markets and  700+ IT-security products listed. With PCP, you can perform:

• Benchmarking & Product Portfolio Management
• Product discovery and comparison, Fitment
• RFP and Product Evaluation

Here We are going to discuss about some of the top cyber security mistakes startups make. Thanks to the flourishing start-up ecosystem, there is a surge of entrepreneurs coming up with innovative and bright ideas and delivering great products and services.

Today in the DevOps world, the startup philosophy is to try to get the product out in the market as quickly as possible. This is due to fact that startups during their early stages aim for rapid growth. However, Cybersecurity today is a growing challenge among big and small companies alike. For small business information protection is even more important as it can adversely affect the business and even force the company out of business in some cases.

List of the top cyber security mistakes startups make :

• Security an Afterthought:

  Security is always an afterthought for startups. Most startups go for security assessment because either some customer has specifically asked for it or they want to comply with some industry regulations. Startups security approach is in most cases reactive.

• No Security testing and security architecture review of product and services: 

  Startups primary focus is on how to make their idea work. All they think about is faster product development, frequent feature releases and fast time to market. In this case security takes a backseat. In this process, the final product is inherently insecure and has many common security loopholes. Cost of fixing a vulnerability in production can be up to 30x of the cost of fixing it at earlier stages.

• No process for timely system update and patching:

  Since there is no defined security roles in startups, the systems and platforms used to develop the product are left unpatched for critical vulnerabilities for long time. This exposes the systems for external attacks and sometimes becomes victims of malware campaigns on internet.

• No security awareness for employees:

  There is no security awareness to employees. Many startups employees use their personal devices to handle and manipulate and store sensitive data and files. Such devices are carelessly managed and company has no security oversight on them. This increases the possibility of data breaches through their devices. Employees must be educated of security implications of such incidents and must be trained in security best practices to maintain proper security hygiene

• Use of public cloud for storage and delivery, without any security and risk oversight:

  Startups often use public cloud services like O365, Dropbox, Google drive etc. for collaboration and convenience of file sharing. They also use AWS and other public cloud services to host their applications and run critical business functions. While these services are cost-effective, they surely come with their own share of risk. Startups are required to assess and implement proper security measures before considering these services. Failing which they may violate compliance requirement or become victim of data breaches and cyber-attacks.

• Ad-hoc Focus on Prevention, None on Detection & Response:

  Most organisations take an ad-hoc approach to implementing security controls, primarily focusing on prevention (e.g.: Endpoint Security / Antivirus, Firewall etc.), but have not thought about detecting or responding to breaches in a timely manner. Detection & response should be a key component of any security program in a startup.

SIEM tool is among some of the most complex security tools to manage and operate. Here in this learn about the key parameters which you can track to make your SIEM tool more effective:

1. Percentage reduction in False Positives/Negatives over a specified period of time:

These metrics track the maturity and effectiveness of SIEM tool rule sets. A SIEM rule-sets which is not properly defined can throw a lot of alerts in a day which overloads the available resources to analyse the alerts. Fine-tuning rule sets can reduce this number drastically and help you focus your resources on more genuine alerts.

2. Number of Redundant/Out-dated SIEM rule sets:

SIEM Rule sets are continuously updated with new rule sets. Over a period of time, some rules become redundant and obsolete. Redundant SIEM rule-sets pose management overhead and also poses difficulty in auditing. This can also be a security risk for the organisation. This metrics is tracked to optimise SIEM rule-set.

3. Ratio of Alerts triggered to Alerts remediated:

A mature SIEM program will generate only high fidelity alerts. If a SIEM tool is generating thousands of alerts every day with lots of false positives then it probably needs to fine-tune. This Metric gives you the idea about your organisation risk-score. Ideally, all the alerts generated by SIEM should be looked into by Analysts in a timely manner. Alerts triggered by SIEM solution if not followed and remediated on time can render SIEM program useless

4. Number of undocumented SIEM rules:

It is of utmost importance that all SIEM rules must be documented properly for audits. Ideally, the number of undocumented SIEM rules should be zero

5. Mean time to respond to security incidents:

The time interval between when an alert is generated and first response to it is initiated. This time should not be too long

6. Number of open incidents related to your critical assets (Devices, systems, applications and users):

SIEM tools can classify Alerts and incidents in respect to their criticality. If an incident is alert is raised and the device, user, endpoint and application in question handles critical business function or data then that should be remediated on a priority basis. This metric talks about the incidents that are critical in nature. Ideally, this metric should be zero as it leaves your organisation vulnerable to severe disruptions or data breach incidents.

Check out the Security Information and Event Management (SIEM) market within Product Comparison Platform to get more information on these markets.

With Ransomware attacks becoming increasingly frequent, we thought of putting together a list of technologies that can help organizations protect themselves against ransomware attacks. Please note that even though this blog discusses technology measures, this does NOT mean people & process are secondary. There’s no single technology that can protect against ransomware, and for effective defense a combination of technologies along with right processes and skilled security professionals is a must.  

Some of the well known RansomWare are CryptoLocker, Cyrptowall, Teslacrypt, Torrentlocker and CTB locker. Frequently attackers release new variants of Ransomware by tweaking and subtly changing lines of codes in most popular ones to avoid detection.  According to various research works, India ranks 3rd in the Asia and 9th worldwide among the countries affected by Malware attacks. The most affected being Banking and Pharmaceuticals sectors. A research team at Malwarebytes has identified LeChiffre, whose name means "encryption" in French, which caused millions of dollars of damages after infecting several banks and pharmaceuticals company. According to The Economic times, some companies have paid ransoms in millions of dollars after such attacks.

Here’s the Technology Stack for Ransomware Protection:

Technologies for Ransomware Prevention

Security Awareness & Training – One of the most effective ways to secure any organization. Continuous security training & simulations can help reduce the risk significantly.

Vulnerability Assessment & Patch Management – Continuous VA & Patch Management is a very effective measure. Remember if people had patched their Windows after Microsoft released the patch for EternalBlue, they’d be protected against WannaCry.

Perimeter Security

Email Security Gateways – Email being one of the most common channels used to spread malware, requires a strong focus. Organizations can also consider dedicated email ATP technologies from major security vendors.

Firewalls / Next Generation Firewalls – Well this is for basic hygiene, scan all traffic for malicious activity and block / alert when required. UTM is another option.

Web Security Gateways – Prevent drive by attacks and infections from visiting infected websites

Endpoint Security

Anti-Virus (AV) / Endpoint Protection Platforms (Next Gen AV if you like): Platforms based on machine learning will serve the purpose better than traditional ones. There are even dedicated Ant-Ransomware solutions out there.

Application Whitelisting – There are dedicated solutions out there for this, as well as AV solutions and OSes with this capability.

Port Control – Restrict USB access by using solutions like Group Policies

• Backup – A multitude of backup solutions exists, choose the one that suits your need so that you can quickly restore in case of an infection. Make sure that the backup is not infected. If taking cloud / network backup, do not map it as a network drive
• Network Sandboxing – Helps analyze malicious files / payloads if they bypass the perimeter controls or can augment perimeter security controls
• Network Segmentation / Micro-segmentation – A number of solution exists and infection in one segment will not spread to others if properly implemented

>>Free Report- Get Your Ransomware Risk Assessment

Browser Protection

Ad-Blocker – you probably already have this, check out the browser store in case you don’t have this.

Browser / Application Virtualization – Will prevent machine infections from malicious websites as the Application (Browser) is running in a virtual instance

Technologies for Ransomware Detection – i.e. Before you Seen the Demand for Bitcoins

Endpoint Detection & Response – Detect infections which have evaded your AV and other security controls

Honeypots & Deception Tech – Strategically placed decoys or honeypots (files, devices etc.) across the IT infrastructure can help detect ransomware before it causes any significant damage

File Integrity / Activity Monitoring (FIM) – Monitoring file integrity on devices can generate early warning signals to act on

Threat Intelligence (TI) – TI feeds fed into SIEM, IPS/IDS, Perimeter Security and other solutions can help provide both prevention and early detection of threats

SIEM – The one solution to rule them all, enough said

HIPS / IPS / IDS with Exploit Kit Detection – Some may have FIM capabilities built in

UBA / NBA – Behavioral analytics at network / endpoint level can provide early signals of possible infections

And of course, a number of APT Security / ATP / ATA Solutions.

In Cyber Security Maturity Report of Indian Industry (2017), we’ve researched the current cybersecurity maturity of Indian industry based on the kind of technical security controls they have in place against modern day attacks.

Cyber security is now a persistent business risk, across organizations of all size, large or small. To  secure businesses, you need to have in place a variety of security technologies along with skilled personnel and mature processes.

CyberSecurity Breaches & Impact

There has been a number of data breach and hacking incidents in 2017. Some of the them which has affected the industry in big way are as following:

• Zomato hacked: Security breach results in 17 million user data stolen Source: ET
• India based payment processing firms ElectraCard & enStage breached, Visa delists them. Source: TOI
• Data of about 3.2 million debit cards was lost in what is claimed to the India’s biggest breaches. SBI, HDFC Bank, ICICI, YES Bank and Axis were worst hit by the breach of the debit cards. Source: ET

India vs. World

As per, International Telecommunication Union’s (ITU) Global Cybersecurity Index (GCI) 2017 :

• India is ranked 23rd out of 164 Nations, with a score of 0.683
• Singapore & US are ranked 1 & 2 respectively, with a score 0f 0.925 & 0.919 respectively
• Singapore, Malaysia & Australia are the top three countries in Asia & Pacific Region

Key Findings

Some of the key findings from Cyber Security Maturity Report (2017) published by FireCompass are as following:

• Large Indian Banks and Telcos are the most mature with average score of  ~60% with Small Banks and Insurance are lagging far behind at ~45%
• Internal Technology Controls are primarily around prevention, with not sufficient measure implemented around detection & response
• Indian organizations are primarily compliance driven & reactive, with average security scores  hovering around ~50/ 100
• Response Capabilities across sectors is very poor, ranging between 25 to 40%
• Preliminary data on startup shows that the security maturity is abysmally low at around 8%

To Know more, you can download the full report from here

Source: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-R1-PDF-E.pdf

CyberSecurity Maturity of Indian Industries Show Grim Picture: Large Banks Score 61 & Online/FinTech Startups Score 8 (Out Of 100), As Per FireCompass Report

India, August 31, 2017 – FireCompass, a Cyber Security product company that specializes in security maturity assessment, has released industry’s first vertical wise maturity report for India. Based on extensive research of 200+ organizations from across India, FireCompass unveils report on CyberSecurity Maturity Score of Indian Industries.

Cyber Security is now a persistent business risk, across organizations of all sizes, large or small. To  secure businesses, an organization needs to have in place a variety of security technologies along with skilled personnel and mature processes. In this report, FireCompass has researched the current CyberSecurity maturity of Indian enterprises, based on the kind of technical security controls they have in place against modern day attacks.

Speaking on the launch of FireCompass CyberSecurity Maturity Report, Bikash Barai, Co-Founder of FireCompass and a serial IT Security technology entrepreneur said, “Management / Board are increasingly asking about the cybersecurity posture and the relative benchmark against industry peers, but so far we were not able to measure cybersecurity performance based on objective, quantitative data. Organizations traditionally have been using informal approaches to communicate security posture to the management/board, making it difficult to benchmark security across industry.”

He added, “FireCompass has standardized the approach and uses quantitative data to measure security posture across organizations. Based on this we’re pleased to launch the first report on cybersecurity performance of industry for India”. Barai earlier founded iViZ Security, an IT Security product company funded by IDG Ventures and later acquired by Cigital / Synopsys.

FireCompass has assessed 50+ data point of more than 200 organizations, both from an internal & external perspective to give a holistic view of security performance. NIST CyberSecurity Framework (promoted by USA government) was leveraged to classify the technology controls capabilities across 5 dimensions – Identify, Protect, Detect, Respond, Recover. The score is based on data on actual security controls implemented as well as open source security intelligence.

The scores are especially important for board / management to measure/benchmark their organization’s cybersecurity maturity, understanding gaps and building security roadmap. Such scores can also help insurance companies to calculate the cyber risk insurance premiums.

Research Methodology

• Online survey was conducted for which 200+ CISOs (or equivalent) in India responded, across verticals. Survey comprised questions around current technology controls in place and roadmap
• The scores were calculated based on the statistical models created by FireCompass based on NIST CSF

Key insights from the report

• Large Indian Banks and Telcos are the most mature in terms of CyberSecurity with Small Banks and Startups lagging far behind. Average industry scores are as follows:

• • Large Banks: 61%
  • Telco: 61%
  • Financial Services: 58%
  • IT/ITeS: 52%
  • Manufacturing: 51%
  • Insurance: 45%
  • Small Banks: 43%
  • Online Startups / FinTech: 8%

• Security investments have primarily been done around prevention technologies like Firewalls, AV etc., where as investments in detection & response capabilities  were largely neglected. Security should be designed considering that an organizations may be breached and there should be adequate preparedness to respond and recover from such breaches. Average scores are:

• • Prevention: 63%
  • Detection: 51%
  • Response: 30%

• Indian organizations are primarily compliance driven & reactive, with average security scores  hovering around ~50/ 100. India ranks 23 out of 164 countries in ITU’s Global CyberSecurity Index (2017).
• Response Capabilities is grossly neglected across sectors with very poor score, ranging between 3% to 40% and an average of 30%.
• Preliminary research on online startups show that the security maturity is abysmally low at around 8%. One of the major reasons for this is that FinTech & Online Startups are primarily focussing on Application Security, which covers only 5 out of the 25 capability areas, and have not focussed on rest of the 20 capability areas.

You can access the full report using the following link:

https://www.cisoplatform.com/profiles/blogs/cyber-security-maturity-report-of-indian-industry-2017

1000+ Products (Product Comparison Platform)

The product comparison platform is the world’s first AI-Assistant for CyberSecurity Strategy & Buying. It helps organizations to measure their CyberSecurity maturity for reporting to management/Board as well as creating their security strategy and roadmap. FireCompass also has detailed, granular data on capabilities of 1,000+ CyberSecurity products, which it leverages to assess the CyberSecurity posture of organizations as well as helping organization to choose the right technology for bridging the security gaps. More than 1,200 Enterprises across the globe uses FireCompass, which includes the 8 out Top 10 Indian Banks and 4 out of Top 5 Indian Telcos etc.

For more information, please visit: http://products.cisoplatform.com/security/home

Media Contact

Denise Bailey : contact@cisoplatform.com

Our Mission

Children are amongst the most vulnerable in the Cyber world and we believe It is time for us to do something for our next generation.

At CISO Platform community, we have taken on a mission to help the kids. We are creating "Kid's Cyber Safety Week" on June 4 -10 to help train kids and their parents.

We need you to help to realize our vision. It would be great if you could indicate your interest by volunteering.

For more details visit here : https://www.cisoplatform.com/page/kids-cyber-safety-initiative

Progress Report - Kids Cyber Safety November 2019

Community Contributors

• Sesanka Pemaraju (Director Enterprise Technology, ISB-Indian School Of Business) ,
• Lalit Kumar Jha (DGM-IT, GatiKwe)
• Sridharan (Ex-CISO, NCDEX) ,
• Gowdhaman Jothilingam (Senior IT Manager, LatentView Analytics),
• Kanika Jain (Ex-Lead IS Analyst, Target) , 
• Ashish Paliwal (Information Security Officer, Sony), 
• Nitin (School Contributor), Priyank Seth (Head IT, Midday Infomedia),
• Sudarshan Singh (CISO, Capgemini),
• Neha Vachhani (Information Security Analyst, IDFC Bank),
• Anuprita Daga (CISO, Reliance Capital) , Nabankur Sen (Ex-CISO, Bandhan Bank)
• Vijay, Nitin Bhogan (Head Risk Awareness, Mahindra SSG)
• more ( this list is partial)
• here is a link to our first training pilot in Mumbai: https://www.cisoplatform.com/m/blogpost?id=6514552%3ABlogPost%3A61832

Next Actions

• 3 Kids Cyber Safety Training in chennai local group
• 2 Kids Training in hyderabad group
• Create calendar of activities in remaining local groups and volunteers

Key Meeting Presentations & More

https://www.cisoplatform.com/profiles/blogs/securing-today-s-online-kids-rsa

https://www.cisoplatform.com/profiles/blogs/cyber-safety-training-for-young-students

https://www.cisoplatform.com/profiles/blogs/chennai-local-city-round-table-ciso-meet-kids

https://eforensicsmag.com/child-identity-theft-101-by-mark-neuzil/

[PPT] CYBER Safety Training For Young Students

The Chennai security community got together for their November meet. Here's the session learnings and documents. Glad to see the Chennai chapter growing. Downloadable document links are given under header 'Documents from meeting'. Or Click Here To Go to download

Agenda Sessions : 

1.Networking and High Tea
2.GDPR Session by Dhanasekaran
3.Open Source Intelligence Session By Gowdhaman
D4.iscussion on Cyber Security Initiative for Kids and planning for next meeting.

Minutes Of The Meeting

1.Next meeting will be on 19th Dec 2019. Topic: Zero Trust Security Model. Session By: A V S Prabhakar (FSS).Venue will be confirmed by Prabhakar Sir (TNQ)Vijay, Palani, Dhana, Srinivasulu ,
2.AVS Prabhakar other CISO's are interacting with schools and will be finalized by next week.
3.Prabhakar Sir has collected feedback on Kids cyber security Topic and Presentation.
4.Chennai CISO's are ready to create the awareness among students and have set of volunteers.

Presentations

By Community Members Gowdhaman Jothilin and Dhana Madaswamy

Mention Chapter Lead Sridharan

Download below

Documents From Meeting (Download)

Documents from the meeting are mentioned below. Click on the link to visit the individual document. At the bottom of each link, the document in excel version is available for download

P.S. Please login with your member details to view and download the meeting documents as this is for the community by the community

• OSINT Tools For CISOs - View here
• GDPR CISO Kit - View here
  • CISO Priorities for GDPR
  • GDPR Data Protection Survey
  • GDPR Program Management Checklist
  • GDPR Data Protection Impact

You can download all the documents by visiting each link. Each page will have a download link at the bottom

Register For Next Chennai Meet

1.Next meeting will be on 19th Dec 2019. Topic: Zero Trust Security Model. Session By: A V S Prabhakar (FSS). Venue will be Chennai 

You can register here

This talk will bring to us the current applications and future possible impacts of artificial intelligence in security. Sign up here

Key Points To Be Discussed : 

-AI & industry 4.0
-Brief intro AI, ML, IoT
-Security Evolution (AI related)
-Era Of Data
-AI use cases in security
-Building and deploying an intelligent security product

>> Register for webinar here

About Speaker : 

Subrat Panda, Capillary Technologies, Principal Architect AI & Data Sciences
He is currently working as a Principal Architect with Capillary Technologies where he is heading AI and Data Sciences teams which builds products in the Retail domain. Prior to this he worked with a bay area based food tech startup, Taro and as a Senior architect with Nvidia and as a research engineer with IBM. He completed his BTech(2002) and PhD(2008) in Computer Science from IIT Kharagpur. He is Co-Founder of IDLI(Indian Deep Learning Initiative). He has multiple patents and publications. He was previous SACON Speaker

>> Register for webinar here

How do tech companies manipulate the way people think? What would a top-secret Russian agency do to affect the outcome of the US presidential elections? Can systems today analyze people’s behavior to the point where they can predict every move they’ll make?

Watch Webinar : 

Key Points Discussed : 

-Privacy Mining will increase because of billions of IoT devices being connected every day. Combined with advanced psychologic research, this can be a very powerful tool for manipulating people's behavior.

-A Fake reality also poses a big threat to our future of privacy. Software, such as Deep Fakes, has the ability to use someone's facial structure and create fake videos featuring digitally created characters with an uncanny resemblance of real people, such as celebrities. This technology is so advanced, that our minds aren't sophisticated enough to comprehend the difference between real and fake data created by it, which leads to the next point

-We are entering a trust crisis. Trust is the foundation for innovation and technological advance. If people don't trust autonomous cars - they won't use them; if people don't certain websites - they won't read their news; Without trust, we cannot move forward, which is why we need to raise awareness about the dark future of privacy.

About Speaker : 

Menny is an internationally known cybersecurity expert and evangelist of innovation. He is a strategic adviser to leading enterprises around the world, as well as States and Governments and sits in the advisory board of several startup companies. Menny is also a co-founder of ALiCE, an AI Cyber Security Startup, co-founder at FortyTwo Global, Cyber Security Professional Services (Israel), and co-founder at FortyTwo R&D Labs (India). Additionally, he is the CTO of the Interdisciplinary Cyber Research Center at Tel-Aviv University. Furthermore, he is a former CISO in the intelligence services of the Israeli Defense Forces (Capt. Res.) and worked at the leading Israeli banking group in various positions including the head of the IT Audit Department

(NASA Hacked) On 21 June, 2019 major news channels disclosed a major hack on NASA. Hackers were able to gain unauthorized access using Raspberry Pi and stole ‘Mars Mission Data’ and breached ‘NASA’s satellite dish network’. This happened around April 2018 and went unnoticed for for almost a year. It is advisable to do an attack surface analysis for an organization to have a know-how of all the access and assets.

What Will You Learn ?

• Why It Happened ?
• Audit Recommendation From Office of Inspector General
  
• Detailed Audit Report By Inspector General, NASA

Read the complete report here

(NASA Hacked) On 21 June, 2019 major news channels disclosed a major hack on NASA. Hackers were able to gain unauthorized access using Raspberry Pi and stole ‘Mars Mission Data’ and breached ‘NASA’s satellite dish network’. This happened around April 2018 and went unnoticed for for almost a year. It is advisable to do an attack surface analysis for an organization to have a know-how of all the access and assets.

What Will You Learn ?

• Why It Happened ?
• Audit Recommendation From Office of Inspector General
  
• Detailed Audit Report By Inspector General, NASA

Read the complete report here

(NASA Hacked) On 21 June, 2019 major news channels disclosed a major hack on NASA. Hackers were able to gain unauthorized access using Raspberry Pi and stole ‘Mars Mission Data’ and breached ‘NASA’s satellite dish network’. This happened around April 2018 and went unnoticed for for almost a year. It is advisable to do an attack surface analysis for an organization to have a know-how of all the access and assets.

What Will You Learn ?

• Why It Happened ?
• Audit Recommendation From Office of Inspector General
  
• Detailed Audit Report By Inspector General, NASA

Read the complete report here

Breaches are at all time high. In this webinar learn the do's and don't of handling breach disclosure. Best practices of how to set up a bounty program . How to respond to responsible disclosures? Do's and Don'ts and learning from the industry.

Key Points To Be Discussed:
-How to build a vulnerability disclosure program?
-What are various types of vulnerability disclosures programs?
-When and when NOT to have a bug bounty program?
-Do's and Don'ts for handling a breach disclosure

Presentation Slides : 

Full Webinar Video :

Watch The Webinar Video (By Section)

(Part 1) : Publicly Available Breach Risk Information

(Part 2) : How To Handle A Breach Disclosure

Meet the best security minds & learn @ SACON

This presentation will address all the relevant information about default security postures achieved by using the -aaS model. This session will be a unique opportunity to hear from Murray Goldschmidt, renowned DevSecOps expert, explaining the key items to achieve a secure deployment from build through ongoing continuous deployment, particularly for CI/CD DevOps environments

Key Points To Be Discussed:
-Learn the no-cost or low-cost measures to put in place immediately to secure their -aaS deployments.
-Understand where commercial products provide capability, particularly for container security.
-Understand the weaknesses of public cloud PaaS defaults—examples provided for AWS and Azure. Pre-Requisites:AWS and Azure PaaS offerings.

About Speaker :
Murray Goldschmidt is the Co-Founder and Chief Operating Officer at Sense of Security, now celebrating 18 years in business. He is an industry-recognized information security expert, particularly for agile and cloud, and is seen as the region’s thought leader on successful automated security integration for DevOps environments (DevSecOps). Articulate and eloquent, with extensive experience, Goldschmidt is a high-profile speaker, providing candid, unbiased and to-the-point media commentary for both enterprise and consumer cyber security trends, attacks and issues. Along with a degree in electrical engineering, he holds CISSP, IRAP and PCI QSA certifications.

Presentation Slides : 

Full Webinar Video : 

Meet the best security minds & learn @ SACON

RBI & SEBI has recently notified the Banks and Stock Brokers/Depository Participants and published a cyber security framework to be deployed. Here is a consolidated learning compiled by us and you can also access the detailed frameworks from here

>> Access The RBI & SEBI Cyber Security Frameworks for Banks and Stock Brokers/Depository Participants

Top Learning From RBI Cyber Security Framework For Banks

• Cyber Security Policy to be distinct from the broader IT policy / IS Security Policy of a bank
• Arrangement for continuous surveillance
• IT architecture should be conducive to security
• Comprehensively address network and database security
• Ensuring Protection of customer information
• Cyber Crisis Management Plan
• Cyber security preparedness indicators
• Sharing of information on cyber-security incidents with RBI
• Supervisory Reporting framework
• An immediate assessment of gaps in preparedness to be reported to RBI
• Organisational arrangements
• Cyber-security awareness among stakeholders / Top Management / Board

Baseline Cyber Security and Resilience Requirements

Baseline Controls

• Inventory Management of Business IT Assets
• Preventing execution of unauthorised software
• Environmental Controls
• Network Management and Security
• Secure Configuration
• Application Security Life Cycle (ASLC)
• Patch/Vulnerability & Change Management
• User Access Control / Management
• Authentication Framework for Customers
• Secure mail and messaging systems
• Vendor Risk Management
• Removable Media
• Advanced Real-time Threat Defence and Management
• Anti-Phishing
• Data Leak prevention strategy
• Maintenance, Monitoring, and Analysis of Audit Logs
• Audit Log settings
• Vulnerability assessment and Penetration Test and Red Team Exercises
• Incident Response & Management
• Risk based transaction monitoring
• Metrics
• Forensics
• User / Employee/ Management Awareness
• Customer Education and Awareness

Setting up and Operationalising Cyber Security Operation Centre (C-SOC)

Key Responsibilities of SOC could include:

• Monitor, analyze and escalate security incidents
• Develop Response - protect, detect, respond, recover
• Conduct Incident Management and Forensic Analysis
• Co-ordination with contact groups within the bank/external agencies

Detailed information on points that need to be considered, expectations and key requirements are mentioned. It is very illustrative cover here, kindly access the framework for this. Further details on people, process, external integrations are also mentioned.

>> Access The RBI & SEBI Cyber Security Frameworks for Banks and Stock Brokers/Depository Participants

Top Learning From RBI Cyber Security Framework For Primary (Urban) Cooperative Banks (UCBs)

• Need for a Board approved Cyber Security Policy
  • Cyber Security Policy to be distinct from the IT policy/IS Policy of the UCB
  • IT Architecture/Framework should be security compliant
  • Cyber Crisis Management Plan
• Organisational Arrangements
• Cyber Security awareness among Top Management/Board/other concerned parties
• Ensuring protection of customer information
• Supervisory reporting framework

Top Learning From SEBI Cyber Security & Cyber Resilience Framework For Stock Brokers / Depository Participants

• Governance
• Identification
• Protection
  • Access Control
  • Physical Security
  • Network Security Management
  • Data Security
  • Hardening of Hardware and Software
  • Application Security in Customer Facing Applications
  • Certification of off the shelf products
  • Patch management
  • Disposal of data, systems and storage devices
  • Vulnerability Assessment and Penetration Testing (VAPT)
• Monitoring and Detection
• Response and Recovery
• Sharing of Information
• Training and Education
• Systems managed by vendors
• Systems managed by MIIs
• Periodic Audit

The above pointers are just a gist of the overview, the details involve looking into infrastructure and setting up processes. We suggest you read the detailed frameworks and consult a security analyst. Here's a free 30 Minutes analyst consultation to ensure your security readiness for RBI & SEBI

>> Check Your RBI & SEBI Readiness (Free Analyst Consultation)

We wanted to share an alert with all the community members

Yesterday HCL data Breach was made public by a security research organization which is now in news. We wanted to share some best practices on how to handle such situations


Dos & Don'ts On How To Handle Such Situations

• Create A Public Page: Create a public page on how researchers can disclose vulnerabilities and breaches to your organization. Create a hall of fame or rewards program.
  
  
• Respond And Engage: Respond and engage with researchers who disclose breach or vulnerability. 
  
  
• Appoint Headed Security Persons: Appoint headed security persons to interact. In our past experience when we disclosed such breaches in several cases we found that folks who were in denial mode and sometime rude to researchers. We need to be tactful not create new enemies. There are already a lot of them :)
  
  
• Do It Jointly: If such disclosing organizations requests for press release then do it jointly so that you can control the messaging
  
  
• Conduct Proactive Measures: Conduct proactive measures to know your attack surface and discover such exposures and breaches before it gets known to others

BTW, We are hosting a webinar on 'How to handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Disclosures and more..' Here is the link to join: Webinar

>> Sign Up for webinar on 'How to handle breach disclosures'

In recent past there have been some major breaches and some key reasons responsible for the breach were Shadow IT, Leaked Credentials, 3rd Party/Vendor Risks. Major breaches happened, like American Express, Uber, Dropbox, Dunkin Donuts, British Airways & many more. FireCompass product & their research team continouosly monitor the web (surface,deep,dark) to understand the leaked credentials, pattern of data loss etc... this webinar talks about teh shocking results they found from their 12 months of monitoring.

We were excited to have the head of engineering, FireCompass (Jitendra Chauhan) with us sharing with us insights from his team's 12 month monitoring of the hidden internet that led to some shocking results.

(Webinar) Key Points Of Focus :
- Major causes of recent breaches
- Results from indexing the deep, dark & surface web
(Exposed database, Leaked passwords, Code leaks, Open cloud resources, Exposed network services)

Watch Webinar

Speaker : Jitendra Chauhan, Head Of Engineering, FireCompass

If you want to learn more about the exposed attack surface, types of sensitive data these are exposing and how you can help to mitigate this problem contact FIRECOMPASS

The RSAC Innovation Sandbox Contest brings out cybersecurity’s boldest new innovators who have made it their mission to minimize infosec risk. Each year, 10 finalists grab the spotlight for a three-minute pitch while demonstrating groundbreaking security technologies to the broader RSA Conference community. Over the past five years, the contests top 10 finalists' have received over $2.05 billion in investments. (Source : RSA Conference)

RSA Innovation Sandbox is one of the platform where information security startups can showcase their research and innovation. For the past 14 years, it is working as interface for cybersecurity companies to promote their new technology and connect with venture capitalists, industry veterans and experts at RSA Conference. In the past five years alone, the RSAC Innovation Sandbox Contest’s top 10 finalists have collectively seen 14 acquisitions and have received over $2.2 billion in investments. “A key trend among this year’s RSAC Innovation Sandbox Contest finalists was machine-based security and automation, which emphasizes just how critical it is to develop solutions that will increase response times to outpace modern cyber-crime,” said Linda Gray Martin, Director & Chief of Operations of RSA Conference. (Source : Business Wire)

This year, out of 10 finalists, RSA Conference awarded Axonius as the Most Innovative Startup 2019 with their innovative solution for cyber security asset management.

Process Of Selection

This year RSA Innovation Sandbox team is working with WSJ Pro Cyber Security as Exclusive media partner. In the final round of the contest, each finalist has to give a presentation to jury panel (a team of industry experts). Jury team includes Hugh Thompson (Program Committee, RSA Conference), Asheem Chandra (Partner, Greylock Partners), Gerhard Eschelbeck (Vice President Security and Privacy Engineering, Google), Nillofar Razi Howe (Senior Vice President and Chief Strategy Officer, RSA Corp.), Patrick Heim (Operating Partner and Chief Information Security Officer, ClearSky), Paul Kocher (Entrepreneur/Researcher). For more information about the current standing status and funding of the past finalists of RSA Innovation Sandbox, visit the RSAC Innovation Sandbox Leaderboard.

Top 10 finalists of RSA Innovation Sandbox 2019

Axonius- Named as “RSAC Most Innovative Startup 2018”

Axonius is the cybersecurity asset management platform that lets IT and Security teams see devices for what they are to manage & secure all. They are based out of Tel Aviv, Israel

Arkose Labs- Runner up at RSAC Innovation Sandbox 2018

Arkose Labs solve multimillion-dollar fraud problems for the world’s most targeted businesses with zero friction to users. They are based out of San Francisco, California

Capsule 8- is an information technology company that develops real-time zero-day attack detection at production scale. They are based out of Brooklyn, New York, United States

Cloud Knox- provides a single platform that manages the entire identity privilege lifecycle across any private and public cloud infrastructure. They are based out of Sunnyvale, California, United States

Disrupt Ops- is building a platform to bring unprecedented insight, control, and expertise into your cloud environment. They are based out of Kansas City, Missouri, United States

Duality Technologies- addresses the rapidly growing need of enterprises across regulated industries to collaborate on sensitive data. Duality’s award-winning SecurePlus platform enables secure analysis and AI on encrypted data, deriving insights from sensitive data without exposing the data itself. The groundbreaking technology also protects valuable analytics models from exposure to external collaboration parties during computations. They are based out of Israel

Eclypsium- provides technology that helps organizations defend their systems against firmware, hardware, and supply chain attacks. They are based out of Portland, Oregon, United States

Salt- The Salt API Threat Protection solution discovers APIs, detects vulnerabilities and provides prioritized insights to eliminate risk. They are based out of Palo Alto, California, United States

ShiftLeft- delivers a new model for protecting cloud or data center hosted software.They are based out of Santa Clara, California, United States

Wirewheel-is a software company that revolutionizes data privacy and protection as-a-service for companies. They are based out of Arlington, Virginia, United States

References

Source: RSA Blog https://www.rsaconference.com/events/us19/agenda/innovation-sandbox-contest