It is not unusual for browser-side or client-side security to get less than its fair share of attention from understaffed IT teams battling a rising number of attacks and a constantly evolving threat landscape.

Uri Dorot, Senior Security Solutions Lead at Radware, says that historically server-side attacks have drawn more attention from cyber security officers and web application firewall vendors because they’ve been the primary focus of malicious actors. However, this is changing quickly as hackers look to exploit client-side blind spots and unmonitored areas for gain.

The application architecture and environment have changed in recent years. The application’s perimeter is no longer easy to define. Not only are applications scattered across multiple environments, but they also rely on dozens of connections to third-party services that generate much of the application content on the browser or client side.

This is what we call the application supply chain, and it is on the radar of opportunistic actors with malicious intent.

If client-side protection is not a major part of a modern security strategy, it is a mistake that will eventually come at a price. To increase their security posture, organisations should make sure their application protection solutions cover the following seven common client-side threats.

1. Broken access control
   Broken access control is a security threat that leaves the door open for malicious actors to use JavaScript to exfiltrate sensitive data, such as login credentials or cached app data that is housed on the client side.

It can also include manipulation of the document object model (DOM) to gain access to client-side data. A designated client-side protection tool can protect against both types of attack.

2. DOM-based XSS attacks
   A DOM-based XSS (cross-site scripting) attack is a vulnerability that malicious actors use to inject malicious JavaScript payloads into an organisation’s web page via its DOM environment. Ultimately, it allows threat actors to take over users’ accounts.

These types of attacks are difficult to detect on the server side, which is why it’s important that a client-side protection solution is deployed.

3. Data leakage
   Data leakage is as ominous as it sounds. It occurs when data leaks out of an organisation to unauthorised destinations and falls into the hands of malicious actors.

Leaked data, personally identifiable information (PII) that’s exposed or stolen by malicious actors, can also be used later by hackers to access and take control of users’ accounts.

Leaked data can result in breaches, identity theft, credential stuffing, ransomware and more. An effective client-side protection solution blocks data from being transferred through an applications browser side to unknown destinations or known destinations with illegitimate parameters.

4. No third-party origin control
   Origin control allows cybersecurity professionals to restrict certain resources or assets by looking at their origins and comparing them to the origin of third-party libraries.

Lack of proper origin control increases the risk that an unknown and uncontrolled third-party code will access data in the application. A client-side protection solution worth its weight automatically uncovers third-party services, provides detailed activity tracking, and blocks unvetted origins to ensure that only the right third-party code has appropriate access to the application network.

5. JavaScript tracking
   Being able to track changes in JavaScript is critically important to protecting websites or applications that are interactive.

Developers use libraries and third-party tools that can be a breeding ground for JavaScript vulnerabilities, especially those created by smaller, independent developers or companies that often don’t have the time or resources to monitor and update their code on a regular basis. If a protection solution cannot identify code-level JavaScript changes on the client side, malicious intent might not be detected until it’s too late.

6. Client-side data storage
   A lot of sensitive end-user data can be stored on the client side in LocalStorage, browser cache, and transient storage like JavaScript variables.

It’s important that a client-side protection solution is advanced enough to protect stored data against theft and restrict the type of data that can be accessed and shared by vendors. This is especially important for organisations that must comply with data security requirements, such as the General Data Protection Regulation.

Client-side browser monitoring is important to ensure data and content are only exchanged or shared with predetermined domains.

7. No standard browser security controls
   Attackers are opportunists. They are looking for ways to exploit weak security configurations and poor security controls. Unfortunately, not all browsers adhere to the same security standards and share common standards-based security controls, such as iframe sandboxes, sub resource integrity, and others.

A good client-side protection solution can detect and prevent digital trackers and pixels across web properties.

By protecting against these seven client-side threats, organisations can prevent their end users from being exposed to third-party services that are embedded in applications over which they lack visibility and control.

Today’s applications load on average 20-25 third-party scripts during each user session which is why client-side protection should not be pushed to the back burner. It must be a part of an overall security posture.

Without client-side protection, organisations are flying blind and their application supply chain is left open to attack. It’s not by chance that the latest Payment Card Industry Data Security Standard (PCI DSS 4.0) is requiring organisations to make a best-effort to have client-side protection measures in place starting March 31, 2024, and as a mandatory prerequisite for certification after March 31, 2025.

Cold winds swept through offices of organisations, as the U.S. Securities and Exchange Commission (SEC) brought charges against SolarWinds Corporation and its chief information security officer (CISO).

Moshe Weis, Chief Information Security Officer at Aqua Security, says: “With one simple indictment the lives of CISOs everywhere changed (even if they may not know it yet) as the consequences have started to raise what may become the redefining of the CISO role.”

He adds that this is the second time in recent memory where a CISO is being charged with a crime allegedly committed in the execution of their duties. The fallout from the SolarWinds breach and subsequent SEC charges against the corporation and its CISO has brought into focus a pivotal question: what does this mean for cloud native security, and the responsibilities of CISOs in today’s landscape?

With input from some other CISOs, we look to understand what this means for the CISOs today and in the future.

The SolarWinds breach, discovered in late 2020, was an unparalleled cyber attack that invaded the software supply chain, resulting in a compromised update to the SolarWinds Orion software.

This tainted update was distributed to SolarWinds’ clients, including several government agencies and corporations. It allowed hackers access to a wide array of sensitive data, leading to a widespread security crisis.

The recent SEC charges against SolarWinds Corporation and its CISO revolve around allegations of inadequate cybersecurity protocols and failure to disclose critical information to investors in a timely manner.

These charges underscore the significance of maintaining robust cybersecurity measures and the necessity of transparency in the aftermath of a security incident.

The SolarWinds breach and subsequent charges have generated a significant shift in how businesses perceive and approach cloud native security, specifically in how they mitigate software supply chain attacks.

One crucial implication of this attack revealed the pressing need for enhanced security measures in the software supply chain. This attack showed how an attacker can inject malware into an update delivered by a software vendor and compromise elements in trusted IT management software deployed through bypassing existing security measures.

Companies and CISOs specifically are now re-evaluating their security postures, implementing more rigorous protocols to safeguard against supply chain attacks and fortify cloud-based infrastructure. This means greater emphasis on scanning, continuous monitoring, and zero-trust security strategies.

This incident also spurred conversations around the accountability and responsibility of CISOs in ensuring the security of their organisations. CISOs are now faced with the mandate to not only fortify existing security measures but also to ensure swift and transparent communication in the event of a breach.

CISOs are at the forefront of departments that interact directly with potential threat actors while upholding the critical mandate to protect the company’s data, employees and customers at all costs. Navigating this complex environment now means shouldering the weight of personal liability in addition to ensuring organisational security.

Jim Routh, board member, advisor and investor, and former CSO/CISO, shared his thoughts:

“There is the reality that when engaging in cybersecurity operational practices with threat actors the clarity of legal accountability is murky at best. CISOs lead functions that engage with threat actors through technical proxies and sometimes directly (for example: bug bounty programs) while using services from security intelligence firms that engage with threat actors daily. CISOs must navigate this ‘murkiness’ using guiding principles while now navigating the personal liability that comes with this.”

The recent incident has amplified discussions on the accountability and responsibility of CISOs in guaranteeing the security of their organisations. They’re not just tasked with bolstering existing security measures but are now compelled to champion swift and transparent communication in the aftermath of a breach.

As a result, Jim also points out the number of new areas that must be considered during a CISO negotiation process before an offer is made and compensation terms are resolved. Pointing also to the recent Uber verdict, he recommends that CISO’s need to determine whether they are considered a company officer:

#  Understand what level of indemnification coverage is offered (attorney fees for a representative from the company’s law firm provided, attorney fees for a dedicated attorney for the CISO, and penalties paid for by the enterprise including upon conviction.

#  The current policy for regulatory and law enforcement notification? (typically the CISO is not accountable for either the legal team does the notifying, but this didn’t help Joe). Jim shares more insights on this topic in a recent webinar: Uber Verdict: The CISO, The Law, and The Door!

To further complicate navigating information sharing. Jim adds: “The recent SEC action against Tim Brown sets a precedent that makes information sharing between regulatory bodies and the private sector much more challenging; a direct contradiction with efforts to improve information sharing between government entities and the private sector, where the majority of critical infrastructure resides.”

Jim Routh quote: The role of a CISO has evolved considerably in the wake of the SolarWinds incident and the subsequent SEC charges. CISOs are now tasked with a more strategic and all-encompassing role, encompassing not only the implementation of robust security measures but also being proactive in risk assessment and management.

One significant lesson from this case is the necessity of transparent reporting. CISOs and corporate leaders should establish a culture of openness in cybersecurity reporting, avoiding misrepresentations that can result in severe legal and financial consequences.

Additionally, there is a need for organisations to prioritise robust cybersecurity measures, not just to meet regulations but to actively defend against known vulnerabilities and emerging threats. Effective risk management and prompt resolution of known vulnerabilities, as well as alignment between internal assessments and external disclosures, are essential.

Aaron Weis, managing director of Google and former CIO at the U.S. Navy, shared his perspectives:

“This decision has significant implications for CISOs moving forward, emphasising the need for heightened vigilance, proactive risk management and transparent communication with stakeholders. Fostering a culture of cybersecurity awareness throughout the organisation is vital.

“This ensures that every employee understands their role in maintaining security. Finally, organisations must be prepared for incidents. Given the inevitability of cyber attacks, having robust incident response plans in place is essential to minimise damage and enable a swift recovery.”

The SolarWinds incident and subsequent actions taken by the SEC have undeniably reshaped the narrative around cloud native security and the role of CISOs. The focus has shifted to emphasise the critical importance of cybersecurity practices for companies.

Beyond mere regulatory compliance, this case underscores the need for organisations to actively reduce risks and safeguard their reputation. CISOs, as key figures in this landscape, must take a leading role in this effort.

Aron Weiss quote: “As the landscape continues to evolve, companies will likely invest more in robust cybersecurity infrastructure and incident response mechanisms. CISOs will be at the forefront of this transformation, playing a pivotal role in steering their organisations towards a more resilient and secure future.”

The SEC charges against SolarWinds Corporation and its CISO have acted as a wake-up call, prompting a re-evaluation of cybersecurity strategies and the responsibilities of CISOs. Aaron summarises the takeaways as follows:

#  Elevated cybersecurity responsibilities: CISOs must recognise that their role extends beyond technical implementation to encompass broader aspects of cybersecurity governance, including risk assessment, vulnerability management, and incident response preparedness.

#  Stronger internal controls: CISOs should collaborate with senior management and internal audit teams to establish robust internal controls that effectively identify, assess, and mitigate cybersecurity risks.

#  Transparent risk disclosure: CISOs must ensure that cybersecurity risks and vulnerabilities are accurately disclosed to investors and other stakeholders, providing a transparent and realistic picture of the company’s cybersecurity posture.

The incident has underscored the critical need for proactive and transparent security measures in the era of cloud native operations. Moving forward, businesses must adapt by strengthening their security protocols and empowering CISOs to lead the charge in fortifying their organisation’s cybersecurity resilience.

The aftermath of the SolarWinds breach is a pivotal moment that propels us towards a more secure and vigilant future in the realm of cloud native security

Global leader in identity and data security, Entrust, shares thoughts on the state of the cyber security landscape as we move into 2024.

It’s the year of reckoning for the identity crisis: The decentralised identity movement goes mainstream in the age of AI

“AI spending in the Asia-Pacific region is projected to reach $78 billion by 2027 – with this rapid development and adoption of AI, we have seen bad actors find new ways to exploit the technology and use it to create more sophisticated phishing attacks and deepfakes at scale. Generative AI can craft highly convincing phishing messages that mimic the writing style of a trusted contact, making it increasingly difficult to spot these malicious communications. Their top targets? Consumer identities.

Identity is the thread that ties the world together, making it a high-value target for cybercriminals. This will reach a fever pitch in 2024 as the entire nature of identity is being disrupted as a result of AI, making it increasingly difficult to know who to trust and how to identify who (or what) you’re interacting with. Gartner predicted that, by 2024, over 80% of organisations will face modern privacy and data protection requirements. To overcome these challenges head on, many countries in the Asia Pacific region are pushing for increased privacy and data protection laws, initiating stricter regulations to protect consumer identities. We predict more organisations will adopt a decentralised approach to identity and turn to increased levels of verification, including knowledge-based, document, biometric and device authentication to further validate users.

The bottom line: It’s time to give individuals full ownership of their identities. With decentralised identity, all the information used to build an identity is encrypted and protected with digital keys that can be used to confirm an individual’s identity without exposure. Businesses don’t store those – the individual does. The core elements of a decentralised identity framework include an identity wallet, blockchain ledger, decentralised identifier and zero-knowledge proofs. Decentralised identity is overdue to go mainstream, and in 2024, we must all work towards a world with more privacy and less fraud. There is no reason why consumers should continue compromising on privacy, trading their identity for access, and taking the security risk that comes with surrendering their personal information in order to get the products, services or information they want.”  – James Cook, Director of Digital Security, Asia Pacific & Japan at Entrust

Inclusion and access in digital identity become table stakes

“As the lines between our physical and digital lives continue to blur, our world is increasingly moving towards a future where digital identity is foundational to social and economic mobility – which presents significant regulatory, ethical and practical implementation questions. Many of us take for granted having an ID – without realising what it means not to.

In Australia, more than 10.5 million people have a digital ID to access government services, allowing them to verify their identity in a secure manner when accessing services. As we continue to increase access to digital services, there is an even greater need for secure and convenient identity verification, online or in-person. This is increasingly important as 72% of APAC organisations have fallen victim to identity-based attacks in 2022.

In the next year, we will see these changes drive an urgent call to action as identity technology becomes more integrated and secure in our everyday lives. This could mean improving access to mobile smartphones, ensuring apps use basic language instead of technical, offering setup assistance at major travel points, etc. In 2024, progress must be made to make digital identity truly inclusive and accessible to all.” – Angus McDougall. Regional Vice President, Asia Pacific & Japan at Entrust

CISOs need to prepare for increased government involvement in 2024

“There is no doubt that the use of AI is here to stay. As we see AI integrate more into our daily lives, the Australian government has developed a voluntary framework of AI principles to help ensure that AI is safe, secure and reliable.

Australia already has several pieces of legislation regulating AI usage in specific settings or circumstances. However, the regulatory environment for AI is patchwork, and regulatory gaps likely exist.  The Australian government is looking at ways  to develop safe and responsible AI practices and while it I s not looking to urgently regulate AI, CISOs must prepare for this increasing trend of regulation, as more countries around the world promote more responsible use of AI. Although the nation is taking a more wait-and-see approach, businesses should consider each new initiative a call to action to improve not only their own cybersecurity strategies, but also to consider the impact of new technologies, like AI, on their organisation and their customers.

An uptick in government guidance will help create a blueprint for businesses to navigate rising challenges and security threats. But understanding and complying with the anticipated patchwork of regulations and regional legislation may pose a challenge for businesses, especially those operating across borders. CISOs and leaders in the region will need trusted advisors, sound support, and secure solutions to successfully and safely forge ahead.” – James Cook, Director of Digital Security, Asia Pacific & Japan at Entrust

Holiday season is here again, yet as we relax, IT security professionals are completing their end-of-year tasks. Their eyes twitch and anxiety prevails as another December arrives.

Erin Stephan, Principal Product Marketer at Aqua Security suggests that their mild concern is understandable. Two years ago, the zero-day vulnerability, known as Log4Shell in the extremely popular Log4j logging framework, spoiling holiday celebrations for many across the globe and leaving organisations scrambling to fix it before it could be exploited.

Let’s discuss the lingering effects of the Log4j vulnerability in the software development lifecycle, why CISOs are still concerned about it, and how to protect environments against it and other zero-day vulnerabilities yet to come.

Why is Log4j still a concern, and why and why are we talking about Log4j when it happened two years ago? Well, according to a July 2022 report from the U.S. Department of Homeland Security’s Cyber Safety Review Board on the Log4j vulnerability, the bug will remain an issue for a decade or more.

Additionally, when CISOs are asked about what concerns them, Log4j is mentioned consistently and rightfully.  Our own research still points to the Log4j vulnerability as it continues to resonate across environments.

Efforts to mitigate the Log4j vulnerability involve updating to patched versions of Log4j, but the process continues to be complex, especially in large and interconnected systems.

While many initiatives, tools and solutions have been created to help improve the security posture for enterprises and governments, several factors remain a concern around the Log4j vulnerability. These include:

Widespread adoption: Log4j is used extensively in various software applications and systems across different industries. Many times, Log4j is intentionally left in the code as it has been deemed to pose little to no risk of exploitation particularly if the application is not connected to the internet.

Scenarios such as this show the ubiquity around Log4j and what makes it challenging to identify and update all instances promptly.

Complex ecosystems: Many software systems have complex dependencies and may rely on older versions of Log4j. Additionally, many organisations often don’t know about its presence in their environments (or that they are using this library at all), because it’s used in other software tools/frameworks, which complicates the process of finding it.

Log4j is included frequently as a default log handler in enterprise Java applications and commonly included as a component in various Apache frameworks. Millions of organisations use Log4j across their environments, often via indirect dependencies. This makes updating a component within a larger system a complex and time-consuming process.

Legacy systems: Some organisations may be using older software versions or have legacy systems that are no longer actively maintained. These systems may be more vulnerable and may not receive timely updates.

Third-party dependencies: Many software projects rely on third-party libraries, and updating these libraries can introduce compatibility issues or require significant development effort.

Lack of awareness: Not all organisations are aware of the Log4j vulnerability or its potential impact on their systems. Awareness and proactive measures are crucial for addressing vulnerabilities promptly.

Resource constraints: Some organisations may face resource constraints, making it difficult for them to allocate time and manpower to address the vulnerability promptly.

Strategic decision-making: In some cases, organisations may make strategic decisions to prioritise other tasks over immediate vulnerability patching. This could be due to business considerations, risk assessments, or resource allocation strategies.

In other words, the Log4j vulnerability is still out there, waiting for the team to miss it in the ecosystem because they are constrained on resources, or for the right connection made to a legacy system with interesting data to be mined, or worse the lack of awareness of a developer of its potential impact.

A zero-day is an unknown software vulnerability that poses a risk to a business’s environment. These provide an attacker with leverage through the vulnerability to gain unauthorised access to a network, move laterally within it, steal data or compromise part of the system.

No patch or workaround is available to fix the vulnerability, making it very dangerous.

Zero-day vulnerabilities can affect any piece of software on a device, including operating systems, applications and web browsers. Zero-day exploits are a significant challenge because they take advantage of unknown vulnerabilities in software, hence traditional security measures may not be effective at detecting or preventing them.

The Log4j vulnerability, Log4Shell is one of the most famous zero-day vulnerabilities and given its success, it is obvious why more continue to exploit them.

So, while a security team must strive for perfection, attackers need only persistence and luck to find that a still-exposed weakness. Log4j was such a significant vulnerability with such consequential impact that it is only a matter of time before the next Log4j occurs.

Detect, mitigate and remediate zero day vulnerabilities with Aqua.

No-one knows, or can predict, when or where the next threat will hit and emerge in open source libraries. It can happen at any time. Some would say we are always under threat of zero-day attacks.

How can we protect against zero-days? Traditional vulnerability scanners are not effective. Over a span of four days (from December 6th, 2021 – December 10th), the Log4j vulnerability was exposed on open-source platforms.

An official patch was available from Apache during this time. However, attackers could still exploit this vulnerability against users who hadn’t applied the patch. Only after December 10th could scanning tools effectively identify this CVE in user environments.

So we need to have runtime security controls as part of our security strategy. One of the effective runtime controls is drift prevention.

This solution is built to help security teams to:

#  Detect and block known and unknown malware, zero-day exploits, and internal threats that can’t be caught early on in the application lifecycle.

# Enforce immutability by preventing code injection and unauthorised changes to running workloads to stop runtime attacks at any point.

#  Automatically block any lateral movement or escalation within or between cloud workloads.

#  Identify and & block anomalous behaviour in running containers.

#  Maintain business continuity by running code that should run and block everything else without interrupting business continuity.

My comoany can help customers to secure their applications against advanced threats such as zero-day attacks with robust runtime protection. To learn more about Log4j and a zero-day defence strategy, join us for our webinar Log4j lessons learned: a blueprint for Zero-Day defence.

Learn how our platform can help to scan for Log4j lurking in an environment or other potential zero-day vulnerabilities. Discover how we can help to prevent access to an environment proactively and block threats before the business is compromised.

2023 further solidified Keeper’s position as a leading force in cybersecurity. 

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, has unveiled the 2023 Keeper Retrospective, providing a review of the company’s biggest achievements, business growth, product innovation and industry-leading research over the past 12 months.

“Keeper exhibited record growth in 2023 which was largely fuelled by our business and enterprise cybersecurity solutions. Our team’s professional passion and dedication in identifying critical unmet needs of our global market catalysed our innovation and rapid time-to-market,” said Darren Guccione, CEO and Co-founder, Keeper Security. “The launch of our Asia-Pacific headquarters in Tokyo, Japan was a transformative operational achievement on several levels. Our exceptional team, coupled with local support, helped us successfully launch our operation and was a precursor to signing over 40 new channel partners in the region.” 

“Since inception, we’ve been focused on providing cutting-edge cybersecurity solutions that balance world-class security with ease of use,” said Craig Lurey, CTO and Co-founder. “The announcement of our KeeperPAM platform this year exemplified that commitment, with a next-generation solution that provides enterprise-wide, privileged access management for perimeterless and cloud-based environments.”

Key Achievements:

Market Expansion 

In May, Keeper Security expanded deeper into global markets. Keeper opened an Asia-Pacific headquarters in Tokyo that serves Japan, East Asia, Australia and New Zealand, marked with a grand opening event attended by US Ambassador to Japan Rahm Emanuel. With an established APAC presence, Keeper is addressing the Asia-Pacific region’s substantial growth in the consumer technology sector and enterprise demand for fortified cybersecurity strategies, including password and privileged access management solutions, to keep customers, data and systems secure.

Strategic Investment

Global growth equity firm Summit Partners completed a significant minority investment in Keeper in 2023. The synergy between Keeper, Summit and existing investor Insight Partners is further accelerating product innovation and catalysing strategic expansion of Keeper’s prominence as a cybersecurity leader in the public and private sectors. This investment continues to drive Keeper’s growth and cements its position as an innovator in enterprise password and passkey, secrets, privileged connection and privileged access management.

Product Innovation

This year marked the official launch of KeeperPAM®, the next-generation Privileged Access Management (PAM) solution that is disrupting the traditional PAM market. KeeperPAM delivers enterprise-grade password, secrets and privileged connection management within a unified SaaS platform that enables least-privilege access with zero-trust and zero-knowledge security. KeeperPAM enables organisations to achieve complete visibility, security, control and reporting across every privileged user on every device in an organisation.

In 2023, Keeper announced support for passkeys in its browser extensions for Chrome, Firefox, Edge, Brave and Safari, as well as on iOS, with Android support coming soon. With Keeper, passkeys are created, stored and managed in the Keeper Vault, and can be used to log in to websites and applications across all browsers and operating systems with ease, eliminating the lack of cross-functionality when a passkey is saved to a specific device. Passkeys hold great promise as a significant step closer to a passwordless future, as major browsers and platforms have started to incorporate passkey support into their operating systems.

Keeper also embarked on a journey to make significant User Interface (UI) updates to its password management platform for a friendlier and more intuitive experience. Taking an incremental approach to improving the user experience, Keeper enhanced the look, feel and usability of its platform while being mindful of the importance of familiarity, consistency and the world-class functionality users are accustomed to. Keeper’s upgraded user interface offers clearer distinctions between elements, as well as enhanced clarity and searchability, to improve the user experience and make it even easier to take advantage of Keeper’s powerful features.

Research Leader

Throughout the year, Keeper partnered with industry analysts and third-party research firms to gauge insights from both IT/security executives and consumers about their attitudes, practices and concerns regarding password and privileged access management. The findings revealed the efficacy of KeeperPAM, reinforced the effectiveness of Keeper’s approach to password management and underscored the criticality of upholding password best practices.

Password Management 

Keeper released its Keeper Password Management Report: Unifying Perception with Reality in June. The report revealed that a majority (64%) of global respondents either use weak passwords or repeat variations of passwords. More than a third of respondents admitted to feeling overwhelmed when it came to taking action to improve their cybersecurity. Keeper addresses these widespread issues by making password management secure, simple, efficient and cost-effective for both consumer and enterprise users.

In August, Keeper announced findings from the Keeper Security Parental Practices Report: Conversations on Cybersecurity. This study highlighted the need for increased awareness and education on digital safety among parents, as well as the importance that schools play in filling this gap. Almost 30% of parents have never spoken to their children about cybersecurity. Meanwhile, 41% who admitted they don’t know how to create strong passwords still give their child access to their mobile phone and almost a third (32%) give them access to their computer.

Privileged Access Management

Keeper published the Privileged Access Management Survey: User Insights on Cost & Complexity in February, which revealed an overwhelming industry desire for PAM  solutions that are easier to deploy and maintain, with 84% of IT leaders saying they wanted to simplify their PAM solution. The industry needs modern, unified PAM solutions that address perimeterless, multi-cloud IT environments and distributed remote workforces.

This summer, Keeper released its Privileged Access Management Survey: Deployment Amid Economic Uncertainty, which revealed that while IT leaders consider PAM solutions critical to their security stack, cost constraints and complex solutions are impacting deployment. Fifty-six percent of respondents tried to deploy a PAM solution but did not fully implement it and 92% cited overly-complex solutions as the main reason. Fifty-eight percent of IT teams have not deployed a PAM solution because traditional platforms are too expensive.

Finally, in December, Keeper announced the Keeper Security Insight Report: Cloud-Based Privileged Access Management. This report explored what IT and security leaders are seeking in a PAM solution and the benefits of moving away from traditional, on-premises platforms. An overwhelming 82% of respondents said they would be better off moving their on-premises PAM solution to the cloud, with only 36% of IT leaders saying it makes sense to have an on-premises PAM solution in the current economic climate. 

As 2024 inches closer, Keeper celebrates 2023 as a year full of research, innovation and industry recognition, marked by growth and a relentless pursuit of excellence. We extend our deepest appreciation to our talented team, loyal customers and collaborative partners for their unwavering support. Looking ahead to 2024, we are energised by the possibilities that lie ahead and remain committed to delivering unparalleled cybersecurity solutions around the globe. 

Commvault has hired Jo Dean to the newly-created role of Area Vice President for Channels and Alliances, APAC, in a move that signifies a renewed focus on the organisation’s channel business. The data protection giant recently announced the release of its AI-based cloud platform, at the same time announcing significant vendor partnerships with a wide range of cyber security players.

Michel Borst, a veteran in digital transformation and innovation, has joined as Area Vice President for Asia.

In both cases, these leaders bring strong technology expertise to the table, a passion for helping customers achieve business outcomes, and a keen understanding of the role Commvault Cloud plays in driving cyber resilience.

In their new roles, Michel and Jo will focus on delivering advanced capabilities through the Commvault Cloud platform.

“Recognising the tremendous potential and momentum within the APAC region, it was crucial to onboard leaders like Michel and Jo with proven industry experience and strong sales and partner expertise. I wish them great success on this journey,” said Martin Creighan, Vice President, Asia Pacific, Commvault.

Joanne Dean, a strong channel advocate with two decades of experience working within partner ecosystems, is based in Perth, Australia. She will be responsible for spearheading the region’s channel strategy, working alongside Commvault’s partner ecosystem to jointly deliver cyber resilience for the hybrid world.

“Enterprises across APAC are at an important juncture in their digital journey as the opportunities to do more with data have never been greater, but the need to protect, secure, and recover data has never been more important,” said Dean. “I’m excited to lead Commvault’s channels and alliances efforts and work hand-in-hand with our partners to help joint customers achieve their business goals and advance resilience. The partner ecosystem that we’ve built with security, AI, and cloud leaders is a testament to the power of collaboration in combatting a landscape marked by chaos and complexity.”

About Commvault

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience, helping more than 100,000 organizations to uncover, take action, and rapidly recover from cyber attacks—keeping data safe and businesses resilient and moving forward. Today, Commvault offers the only cyber resilience platform that combines the best data security and rapid recovery at enterprise scale across any workload, anywhere with advanced AI-driven automation—at the lowest TCO.

A huge cybersecurity threat exists because threat actors are hiding in encryption, one of the very mechanisms created to protect us, warns Jonathan Hatchuel, Country Manager A/NZ, at Gigamon.

He says that’s why his company has launched a breakthrough cybersecurity technology for the world, specifically designed to eliminate this blind spot.

Today, over 90 percent of all communications are encrypted, including organisations’ internal communications, and threat actors are increasingly hiding their activity under the cover of encryption.

As attackers have grown more sophisticated, they are even employing encryption for their own lateral movement, data siphoning and data exfiltration. Moreover, they are doing this on virtual and cloud workloads, where the security measures are still maturing.

More advanced security organisations have been attempting to address this using decryption. The U.S. National Security Agency (NSA), among others, promotes TLS decryption as necessary for a strong security posture.

Unfortunately, decryption can prove costly, modern TLS 1.3 has made it wicked hard, and it’s an outright nightmare in cloud and containers, where systems and microservices are designed to take advantage of efficient lateral communication.

According to a report by EMA, a staggering 90 percent of organisations expressed concern over the lack of visibility that comes with TLS 1.3.

This problem set is now directly addressed with our new technology  Gigamon Precryption™ , which allows security teams to shine a bright spotlight on encrypted lateral (also known as East-West) traffic across virtual, cloud, and container workloads.

Leveraging Linux eBPF and standard encryption libraries, Precryption technology offers plaintext visibility into all encrypted communications before the payload is encrypted, hence the name Precryption.

With Precryption, no decryption is required — the first of several reasons why this is a breakthrough technology.

Rather than try to break something that wasn’t meant to be broken, we access traffic at the most basic level, then deliver it efficiently and securely to the full security stack for further inspection. We’re leveraging a process that’s already happening, making this an elegant solution and not some unnatural act.

Not only is it elegant, it’s independent. Precryption technology is part of the GigaVUE® Universal Cloud Tap, which runs independently of other applications or containers.

In this way, we’re simultaneously providing an independent, immutable source of truth, while avoiding any operational entanglements around testing and upgrades commonly associated with embedded agents.

Today, a proper solution for plaintext visibility is more important than ever. As organisations modernise their security posture to become perimeter-less or adopt Zero Trust architecture, inspection becomes mandatory for lateral traffic.

This point always gets head nods by those who understand how cybersecurity breaches are perpetrated, and even bigger head nods when considering they need to apply it to modern virtual or cloud workloads. Precryption technology meets them exactly where they are.

The goal is to broaden the scope of an organisation’s security posture, extending it all the way to lateral movement. And to do so efficiently and at scale.

Since no decryption is taking place, this means we don’t have to manage keys, we don’t sniff keys, we don’t expose keys, we don’t need key libraries, and we certainly don’t care about cipher strength.

Also we aren’t having to break and inspect the encrypted channel: nothing gets broken, no proxies, no re-encryption, no retransmissions. But the critical plaintext inspection still happens.

Lastly, Precryption technology is an extension of our Deep Observability Pipeline. The plaintext access is just the first step: along with that comes a whole host of filtering, optimisation, transformation and replication capabilities.

Packets get delivered to NDR tools, metadata gets enriched for SIEM tools, and the whole security stack works better because it now knows what’s inside the encrypted traffic versus guessing with other approaches.

Too often organisations get serious about modernising their security posture only after they’ve had a breach. With Gigamon, you can move from reactive breach management to proactive threat detection and can now see where threat actors hide — especially in the cloud.

Enterprises are building, deploying and managing modern applications in cloud computing environments. By adopting cloud technologies, they can build highly scalable, flexible and resilient applications that can be updated quickly.

Kristen Nolan, Global Customer Marketing Manager at Aqua Security, says cloud native technologies support fast and frequent changes to applications without impacting service delivery. They help industries to increase efficiency, reduce costs and ensure availability of applications to meet their customer demands.

With all the benefits the cloud has to offer, it also introduces a new set of challenges, particularly for industries where security and compliance are priorities.

When PPRO and Spotnana, influential companies within the fintech and travel sectors, needed to prioritise their security and regulatory compliance they turned to my company for a solution.

The growing complexity of their environments, the numerous alerts hindering their ability to effectively monitor and mitigate vulnerabilities and the mounting concerns around keeping speed and agility in the DevOps team while ensuring security were only a few of the challenges each were looking to resolve.

PPRO (pronounced ‘p-pro’) is at the forefront of the fintech industry providing banks and businesses with a globalised digital payment infrastructure. PPRO’s secure and unified payment platform grants customers access to card schemes, payment methods, fraud screening tools and other robust capabilities.

These tools empower users to conduct quick transactions, enhance checkout conversions, and streamline services via a single connection. PayPal, Stripe and GlobalPayments are just a few of the businesses that rely on PPRO.

As a global payment provider, PPRO adheres to stringent regulations spanning various industries and countries. Looking for a complete cloud native solution to help balance the multiple workloads and environments, PPRO chose us to protect and monitor their customers’ payment platforms, ensuring end-to-end visibility, speed, and compliance.

Our solution bridges the gap between PPRO’s developers and management to prioritise vulnerabilities and streamline remediation efforts.

PPRO’s security team can now collaborate to address and resolve discovered vulnerabilities, whether that means fixing them immediately, monitoring for malicious activity at runtime, or flagging the non-compliant resource. By scanning for secrets hidden below the surface of PPRO’s platform, our product has transformed PPRO’s operational hygiene.

Time savings proved evident during the Log4J and Spring4Shell vulnerabilities. The first instance occurred before PPRO’s deployment of our tech, while the second vulnerability was detected shortly after the implementation.

In response to the first CVE report, PPRO’s security team took immediate action, developing and testing writing scripts to run against all known repositories – a task that consumed hours of effort.

Since the implementation of the defence platform, PPRO’s security team receives instant notifications and gains clear visibility into all affected applications via the dashboard. What used to take hours or days of research and remediation now only takes a matter of minutes. Our cloud native protection platform provides PPRO with a competitive advantage in the financial services sector respectively.

A new call-to-action

Spotnana is a global travel-as-a-service platform redefining corporate travel with personalised and cost-effective offerings. Spotnana provides cloud-based travel solutions to bring simplicity and trust to adventurers worldwide.

Leveraging cloud computing, microservices and open APIs, Spotnana drives innovation in the travel industry. Corporations, agencies, suppliers and technology providers using Spotnana’s platform can deliver travel experiences smoothly to connect people from all around the world.

To establish trust with its customers, Spotnana must secure the cloud native technology that powers their transformative travel-as-a-service platform.

Built on AWS Fargate, Spotnana assumes responsibility for the security of their cloud native applications, including video and runtime. Gabriel Alexandru, Senior Security Engineer at Spotnana, emphasised key concerns in the company’s security posture.

“We were building the security function from the ground up and lacked telemetry and protection on our AWS containers,” he said. “Without forensic evidence of what was happening on those containers, we couldn’t harden runtime and certainly couldn’t prevent anything from happening at runtime.”

Spotnana needed cloud native protection that would fit into its existing tools and workflows, ensuring end-to-end protection from development to runtime.

My company’s tech emerged as the optimal solution to secure Spotnana’s travel-as-a-service platform with AWS Fargate. It platform provides essential telemetry, runtime hardening, and comprehensive cloud native security across the entire application lifecycle.

Seamlessly integrating into Spotnana’s DevSecOps workflows, our technology brings dynamic threat analysis, container protection and detection of malicious behaviour into their security landscape. With effortless scalability, accurate threat detection, and Kubernetes expertise, it delivers unmatched value for the Spotnana platform, its security team, and its customers.

Spotnana intends to further leverage the technology’s’ features and values our company’s valuable research and educational content, which keeps them informed of the latest threats. With such support, Spotnana maintains a secure infrastructure while cultivating innovation and delivering exceptional travel experiences.

In navigating the complexities of the cloud, the stories of PPRO and Spotnana highlight the pivotal role our technology plays in enabling organisations to harness the full potential of cloud native technologies while addressing the unique challenges they bring.

As cloud computing continues to reshape industries, security and compliance remain paramount concerns. PPRO’s journey illustrates how our security facilitates the seamless integration of security into DevOps workflows, transforming operational hygiene and reducing response times to vulnerabilities.

Spotnana’s experience highlights how we empower companies to build trust by securing cloud native environments and ensuring end-to-end protection.

Both stories exemplify the ability to not only safeguard critical assets but also drive innovation and enhance the delivery of exceptional customer experiences in the cloud era.

The technology is not merely a solution but a strategic partner in navigating the cloud’s complexities, safeguarding enterprises, and propelling them towards success in the ever-evolving digital landscape.

Forrester Consulting recently examined the Total Economic Impact™ (TEI) and the return-on-investment (ROI) that enterprises may realise by deploying my company’s solution. Dive into the new study to learn how to achieve 207% ROI along with other quantifiable benefits of using our platform.