Dave Pham

📢 Cybersecurity threats evolve at lightning speed - new vulnerabilities emerge daily, malware variants surface constantly, and cybercriminals become ever more sophisticated. In an article published by Nyheder24, our IT security expert, Leif Jensen, explains why threat assessments can vary so much. The key lies in the data sources, analysis methods, and focus areas used by different security firms. Leif emphasizes that while these assessments are invaluable, businesses must approach them with a critical eye, comparing multiple evaluations to find commonalities - much like checking weather forecasts from multiple sources. 🔑 His advice? Equip your business with strong IT security knowledge and tools. A well-prepared organization is better positioned to navigate the complexities of the threat landscape. Read the full article here (in Danish): https://lnkd.in/dG2uVfFW #CyberSecurity #ThreatIntelligence #ESETNordics

6

Sarnia Enterprise Security has launched esmGUI, an innovative security administration tool that streamlines mainframe security management across ACF2, RACF, and Top Secret environments - simultaneously. Officially debuting at the GSE UK Region Conference next week, esmGUI provides administrators with advanced functionality, visibility and control over multiple Enterprise Security Managers (ESMs) at once. “This intuitive web-based interface revolutionises how you manage security,” says Keith Bougourd of Sarnia Enterprise Security. “Simplifying ESM administration, it helps teams to work faster, reduce errors, and improve efficiency. Misconfigurations and security gaps become a thing of the past, and new team members can get up to speed quickly thanks to the tool’s user-friendly design.” Sarnia officially launches esmGUI during the GSE Conference 2024 (Whittlebury Park, UK) at 13:15 on Tuesday November 5 during a Lunch & Learn session. Developed by security professionals with 40+ years’ experience, esmGUI empowers mainframe security teams to bolster day-to-day user management and cyber security, enhancing long-term cyber resilience. With access to all ESM databases, security managers can respond to customer requests and threats faster: enabling new users, revising access, or disabling malicious actors with a few clicks. Administrators can handle an unlimited number of security databases across all ESMs through a single modern web interface, making it easier to apply consistent changes across multiple environments, thereby reducing the risk of human error and security lapses. Industry Adoption: esmGUI by Sarnia has been selected by BMC Software as a strategic partner through their Market Zone Direct program. esmGUI is also being deployed in partnership with Vertali, a leading provider of global mainframe skills and support. With advanced features not found in traditional ESM admin tools, esmGUI offers: ·      A consistent report format across all ESM platforms. ·      Dynamic report filtering, sorting and exporting of data. ·      On-demand selective comparison of data between reports. ·      Bulk editing and real-time changes for enhanced accuracy. ·      Command generation with selective execution. ·      Flexible report viewing for optimized data analysis. ·      Complete auditability of all actions for comprehensive reporting. Keith Bougourd of Sarnia says that esmGUI isn’t designed to compete with other solutions like zSecure but to complement them: “It’s an ideal add-on, bringing new levels of flexibility and functionality such as drag-and-drop, unlimited comparisons, and a modern web GUI, in one easy-to-use tool.” Attendees at the GSE UK Conference can explore esmGUI first-hand, ask questions, and arrange follow-up trials during the Lunch & Learn session. For more details or to schedule a demo, contact Keith Bougourd at [email protected]. #mainframesecurity #mainframe #ibmz #esmgui https://sarnia-es.com/

6

At first glance Broadcom seems to be committed to destroying the value of its purchase of VMware. But I wonder if this is more of a strategy to rid itself of pesky smaller clients and concentrate solely on fewer easier to support tech giants who will sell (and mark up) access to cloud based resources. After all, selling subscriptions with cloud based lock in is good for their most important stakeholders - the shareholders. Making the economics of running your own data center for any but the largest firms untenable is a first step.

1

Every year we use global network data from our #1 ranked Internet backbone to compile our #DDoS Threat Landscape Report. In our latest blog, our Chief Evangelist Mattias Fridström shares learnings from this year's report and the impact DDoS threats are having on the wider #Internet. While we saw a global decrease in large volumetric DDoS attacks last year, we also noticed an increase in such attacks at a national level. One of many explanations might be the improved #cooperation across our industry, which has made it more difficult for large amplification attacks to succeed. #InternetBackbone #networkdata #fibernetwork #ddosattacks #ddostrends #cybersecurity #networksecurity #ddosthreats #ddosreport #cyberattacks #ddostraffic #ddosmitigation #ddosprotection https://lnkd.in/duj9Nn34

38

Last month #CDK was hit with a #ransomware attack which affected ~15,000 auto dealerships in North America and estimates suggest about $1B USD in losses. There are some outlets reporting CDK paid the $25M USD ransom two days after the attack but it still took them a few weeks to recover and get back to normal operations. However, their losses don’t stop there as they will likely have to provide some sort of financial relief to the 15,000 dealerships in hopes they don’t go to a competitor. #LITrendingTopics #supplychain #resiliency   https://lnkd.in/gycjaFNj

43

An interesting read from Cloudflare's DDoS report for Q1 2024: > A 50% increase in DDoS attacks, notably targeting Sweden after it joined NATO. > DNS-based attacks surged by 80%. > The U.S. remained the top target, followed by China and Canada. > The gambling and gaming industry was the most attacked. #DDos #cloudflare

1

Is the leak real, and what can we expect to come out of this if it is? If they've come over the tools they say, it can be really damaging for all us Apple users, so I really urge everyone to keep an eye out for more news about this leak. #Apple #Cybersecurity #DataPrivacy #FSgroup

1

New on the IAM Radar Industry Tracker: The rise of credential stuffing attacks is perhaps not news - but the use or residential proxies (RESIP) to do so is yet another twist in the every changing adversarial tool chain. Okta have recently released an advisory discussing this in detail with Orange Cyberdefense also being listed with a great detail on what RESIPs are. Analyst comment -> https://lnkd.in/e8YzUtTB

6

Check out Raz Probstein's latest blog post, which includes her key takeaways and actionable steps to transform DSOMM theory into real-world security practices. https://bit.ly/3UVmXXJ

1

How do we protect ourselves from being victims of misinformation in a time when hacktivist attacks continue to grow? In the latest episode of VikingCloud's CyberIntel, Brian Odian discusses the growth of hacktivist attacks, and how global institutions are responding. #Cybersecurity #Misinformation #Hacktivism #DigitalSafety #CyberThreats

16

What would it take for SailPoint to go public again? Bloomberg and Michael Novinson at ISMG did some solid reporting in the past week, breaking the news that Thoma Bravo is in the early stages of taking SailPoint public again. > Already?! They've only been private for two years! I know – this seems like it's defying the odds for a normal private equity transaction. It's defying the odds of the current IPO window, too. There hasn't been a traditional IPO for a pure cybersecurity company for 1,099 days and counting. SailPoint is anything but typical, though. I'm not convinced they even needed to go private. Here's what it would take to go public again: → Profitable growth and scale SailPoint was sitting at $495.4M of revenue (TTM), $429.5M of ARR, and 31% revenue growth as of their last public earnings report in June 2022. Its net income was -$61.6M as of FY'21 year end. Roughly speaking, the current IPO expectations are $500M+ revenue scale, 20%+ growth, profitability, and a clear path to $1 billion. If we project out SailPoint's revenue since going private at 30% growth, they're likely approaching $1 billion in both ARR and total revenue. This might be generous, but they're getting close at anything over 20%. Their losses got out of control, but they're in good shape if they can get net income back to pre-2020 levels (-$10M or lower). → A good story around their ability to compete with Okta, CyberArk, and Microsoft The narrative for a SailPoint IPO is pretty good right now: there is a unique opportunity in the identity security market right now. SailPoint is well positioned to capture it. Under Thoma Bravo's ownership, they've acquired PAM and third party access companies. This matches Okta's entry into the PAM market and puts them in a position to compete with CyberArk in some market segments. I'm a little surprised they didn't try to add SSO to complete the narrative of being a full workforce identity platform (and fully compete with Okta). They were in the middle of their transition from on-premise to SaaS (which probably drove them to go private). I've heard good momentum on SaaS adoption for new implementations. This has to be part of the narrative if they're going to go public again. → No strategic buyers at a higher price than an IPO A strategic acquisition seems like a long shot. At a $6.9 billion acquisition price in 2022, a strategic acquisition might require close to $10 billion – otherwise, an IPO could be a more attractive exit. Large and mega-cap tech companies are the only buyers who can realistically absorb an acquisition of this scale. Palo Alto Networks, CrowdStrike, and the rest of the pure cybersecurity companies aren't doing this big of an acquisition. There just aren't many buyers. I don't see SailPoint wanting to move to another private equity firm, either – there's too much mutual respect between Thoma Bravo and SailPoint for that. The only option here might be to go public.

65

🔥❗ PAN-OS RCE UPDATE: tl;dr: somehow it's getting worse For those of us just waking up and getting going in the UK, if you're tracking the RCE in PAN-OS (CVE-2024-3400), please be advised: Telemetry is no longer a pre-requisite for exploiting this vuln for RCE. This is being exploited in the wild by motivated threat actors right now. It has been for ages. Stop messing about and get patched.

11

"Am I exposed to identity attacks?" 🆕 This week we launched new Proactive Exposure Hunting capabilities, including integrations with Okta and Microsoft Entra ID to reveal identity exposures. 🆔 With agentless integrations into your identity controls, Zafran can surface exposures such as a "root user account without MFA". We then present evidence of the exposure and auto-generate fix recommendations, so you can close these gaps quickly and efficiently. ⏯ Visit us at Black Hat or see the full demo video here: https://lnkd.in/gtB4ba8q #BeyondPatching #BlackHat2024 #ExposureManagement #IdentitySecurity

26

Great #acquisition by Silverfort of Rezonate to fortify it's #Identity security value proposition ever further. 2024 has seen many acquisition in security tech space. I wonder what other acquisition are in progress:)

2