Barracuda Networks is urging organizations with Email Security Gateway appliances impacted by a remote command injection bug in the devices to replace them, even if they were patched.

The company’s recommendation comes after Barracuda was first alerted to anomalous traffic coming from Email Security Gateway (ESG) appliances on May 18, which prompted the company to begin an investigation with the help of cybersecurity firm Mandiant.

This week, Barracuda updated its notice, urging customers with impacted ESG appliances to replace them regardless of their patch version level.

“Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG,” the company says in its advisory.

According to the advisory, Barracuda identified a remote command injection vulnerability in their ESG appliance one day after discovering the “anomalous traffic” and engaging Mandiant. A patch was released a day after that on May 20, but the patch is apparently not enough to prevent compromise of the affected devices.

The company is also releasing a “series of security patches” to all appliances.

Exploitation for 10 months

Alarmingly, Barracuda and other cybersecurity firms say exploitation of these ESG appliances has been discovered to date back to fall 2022, specifically October 2022.

According to Barracuda, the vulnerability existed in a module which initially screens attachments of incoming emails. The bug has been leveraged to obtain unauthorized access to a subset of ESG appliances, and malware was identified on a subset of appliances to give attackers a backdoor.

Evidence of data exfiltration was also identified, the company says.

The company notified users with impacted appliances to take action, but “additional customers may be identified in the course of the investigation,” the firm says.

About the vulnerability and malware

According to Barracuda, the vulnerability, CVE-2023-2868, stems from “incomplete input validation of user supplied .tar files as it pertains to the names of files contained within the archive.”

This allows a remote attacker to format file names in a particular manner that would result in “remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product,” the company says.

Barracuda also identified three malware strains that make the backdoor possible.

Recommendations

Barracuda is recommending that organizations with ESG appliances ensure that the devices are receiving and applying updates and security patches, but the company is of course also recommending that organizations discontinue the use of compromised ESG appliances and contact the company’s support to obtain a new ESG virtual or hardware appliances.

In addition, organizations should rotate any applicable credentials connected to the ESG appliance, including:

• Any connected LDAP/AD
• Barracuda Cloud Control
• FTP Server
• SMB
• Any private TLS certificates

Organizations should also review their network logs for any of the indicators of compromise listed in Barracuda’s advisory. They should contact compliance@barracuda.com if any are identified, the firm says.

Barracuda’s official statement

The company’s official statement reads as such:

The latest information related to the Barracuda’s Email Security Gateway (ESG) vulnerability and incident has been published on Barracuda’s Trust Center (https://www.barracuda.com/company/legal). The product CVE is published here: https://nvd.nist.gov/vuln/detail/CVE-2023-2868. 

An ESG product vulnerability allowed a threat actor to gain access to and install malware on a small subset of ESG appliances. On May 20, 2023, Barracuda deployed a patch to ESG appliances to remediate the vulnerability. 

Not all ESG appliances were compromised, and no other Barracuda product, including our SaaS email solutions, were impacted by this vulnerability.

As of June 8, 2023, approximately 5% of active ESG appliances worldwide have shown any evidence of known indicators of compromise due to the vulnerability. Despite deployment of additional patches based on known IOCs, we continue to see evidence of ongoing malware activity on a subset of the compromised appliances. Therefore, we would like customers to replace any compromised appliance with a new unaffected device.

We have notified customers impacted by this incident. If an ESG appliance is displaying a notification in the User Interface, the ESG appliance had indicators of compromise. If no notification is displayed, we have no reason to believe that the appliance has been compromised at this time. Again, only a subset of ESG appliances were impacted by this incident.  

Barracuda’s guidance remains consistent for customers. Out of an abundance of caution and in furtherance of our containment strategy, we recommend impacted customers replace their compromised appliance. If a customer received the User Interface notification or has been contacted by a Barracuda Technical Support Representative, the customer should contact support@barracuda.com to replace the ESG appliance. Barracuda is providing the replacement product to impacted customer at no cost. 

If you have questions on the vulnerability or incident, please contact compliance@barracuda.com. Please note that our investigation is ongoing, and we are only sharing verified information. 

Barracuda has engaged and continues to work closely with Mandiant, leading global cyber security experts, in this ongoing investigation. 

We will provide updates as we have more information to share.

The post Barracuda: Replace Compromised ESG Appliances Immediately appeared first on My TechDecisions.

According to AWS, this allows customers to act on security data faster and helps them simplify security data management across hybrid and mutlicloud environments.

The Seattle-based tech giant says Amazon Security Lake converts and conforms incoming security data to the Open Cybersecurity Scheme Framework (OCSF) open standard to make it easier for security teams to automatically collect, combine and analyze security data from more than 80 sources. Those sources include AWS, security partners and analytic providers.

Some of those source, subscriber and service partners include Barracuda, Cisco Secure, CrowdStrike, Darktrace, ExtraHop, Lacework, Netscout, Netskope, Okta, Palo Alto Networks, Ping Identity, Trellix, Trend Micro, VMware Ario Automation for Secure Clouds, Wiz, Zscaler, Rapid7, IBM Security, Splunk, Accenture, Booz Allen Hamilton, Deloitte, PwC and many more. Read the full list of partners here.

AWS calls Amazon Security Lake part of a “broad set of AWS Cloud security services built on AWS infrastructure to help make it the most flexible and secure cloud trusted by millions of customers, including some of the most security-sensitive organizations, including some of the most security-sensitive organizations, and is supported by a broad community of security partners to help customers elevate their security in the cloud.”

The company says Amazon Security Lake essentially aggregates and optimizes large volumes of disparate log and event data to help enable faster threat detection, investigation and response so organizations can effectively address potential threats more quickly using their preferred analytics tools.

Amazon Security Lake is designed to help companies aggregate and normalize security data into one consistent schema to help analyze it and understand their vulnerabilities and monitor threats, which can be difficult in hybrid IT environments.

This can also help organizations centralize their security operations and eliminate the need to duplicate and process the same data multiple times in different security solutions, AWS says.

In addition, monitoring new users, tools, and data sources, means managing a complex set of data access rules and security policies to track how data is used while ensuring that employees can still access the information needed to do their jobs. Some security teams create a central repository for all of their security data in a data lake, but AWS says these systems require specialized skills and can take a long time to build.

AWS says the service builds the security data lake using Amazon Simple Storage Service (Amazon S3) and AWS Lake Formation to automatically set up security data lake infrastructure in a customer’s AWS account, providing full control and ownership over security data.

Amazon Security Lake is generally available today in US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), and South America (São Paulo) with availability in additional AWS Regions coming soon.

In a statement, Jon Ramsey, the vice president for Security Services at AWS, said security has been the company’s priority since the beginning.

“We also know that customers need trusted partners to extend the benefits of the cloud and make sure their organizations are secure end-to-end,” Ramsey said. “With more than 80 sources providing data to Amazon Security Lake, security teams can achieve greater visibility into potential security threats and how to respond to them, further protecting the workloads, applications, and data that are critical to driving business forward.”

The post AWS Launches General Availability of Amazon Security Lake appeared first on My TechDecisions.

While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks.

Related: Barracuda Launches New SASE Platform for Businesses, MSPs

Research from Barracuda’s 2023 spear-phishing trends report reveals the following:

• Spear phishing is widespread: 50% of organizations analyzed were victims of spear phishing in 2022, and a typical organizations received five highly personalized spear-phishing emails per day.
• These attacks are highly successful: Spear-phishing attacks make up only 0.1% of all e-mail based attacks, according to Barracuda data, but they are responsible for 66% of all breaches.
• Organizations are feeling the impact: 55% of respondents that experienced a spear-phishing attack reported machines infected with malware or viruses; 49% reported having sensitive data stolen; 48% reported having stolen login credentials; and 39% reported direct monetary loss.
• Threat detection and response remains a challenge: On average, organizations take nearly 100 hours to identify, respond to and remediate a post-deliver email threat — 43 hours to detect the attack and 56 hours to respond and remediate after the attack is detected.
• Remote work is increasing risks: Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.
• Having more remote workers slows detection and response: Companies with more than a 50% remote workforce also reported that it takes longer to both detect and response to email security incidents — 55 hours to detect and 63 hours to response and mitigate, compared to an average of 36 hours and 51 hours respectively for organizations with fewer remote workers.

“Even though spear phishing is low volume, with its targeted and social engineering tactics, the technique leads to a disproportionate number of successful breaches, and the impact of just one successful attack can be devastating,” said Barracuda’s technology chief Fleming Shi, in a statement. “To help stay ahead of these highly effective attacks, businesses must invest in account takeover protection solutions with artificial intelligence capabilities. Such tools will have far greater efficacy than rule-based detection mechanisms. Improved efficacy in detection will help stop spear-phishing with reduced response needed during an attack.”

The post Barracuda: Half of Organizations Fell Victim to Spear Phishing in 2022 appeared first on My TechDecisions.

According to the Campbell, Calif. cloud-first security company, its single-vendor SASE service is designed to help businesses and managed service providers (MSPs) strengthen their security posture and reduce costs. The company says Barracuda SecureEdge secures users, sites and IoT devices, and can connect any device, application and cloud or hybrid environment.

According to Barracuda, its SASE solution–delivered as a service–includes multi-layered network protection for consistent policy enforcement for both remote and in-office users, delivered from the cloud, on-prem or hybrid environments.

In addition, the solution offers protection against web-based threats regardless of user location, and secure remote access for any user to any application. SecureEdge also facilitates optimized cloud and application access from any user or site by providing Secure SD-WAN capabilities.

The solution also facilitates direct access to applications for remote users by leveraging Zero Trust enforcement, URL filtering, and traffic optimization to make the most of shared internet lines, the company says.

Specifically, Barracuda says SecureEdge provides control and visibility tools that give business and MSPs insight into user-generated traffic at each endpoint, allowing them to maintain control over critical application traffic.

Barravcuda’s new SASE service also features intent-based networking policies that are applied across the entire platform, including SD-WAN and secure application access, and multiple levels of security and connectivity with auto-secure SD-WAN are included over all available uplinks.

In addition, Barracuda SecureEdge includes built-in last-mile optimization using advanced forward error correction algorithms to mitigate packet loss and optimize network traffic, which are applied when connecting office locations and endpoints.

“Barracuda’s new SecureEdge platform provides businesses and MSPs with a SaaS solution that makes remote and hybrid work easier to secure and helps to improve security and reduce costs,” said Tim Jefferson, senior vice president of engineering for data, network and application security at Barracuda, in a statement. “With SecureEdge, Barracuda offers a cloud-native SASE platform that enables customers to control access to data from any device, anytime, anywhere, and allows security inspection and policy enforcement in the cloud, at the branch, or on the device.”

The post Barracuda Launches New SASE Platform for Businesses, MSPs appeared first on My TechDecisions.

According to Barracuda Networks, 77% of organizations with cyber insurance were hit by a successful ransomware attack in 2022, while just 65% of organizations without cyber insurance suffered the same fate.

The Campbell, Calif.-based firm’s 2023 Ransomware Insights report suggests that cybercriminals are more likely to target organizations with cyber insurance because insurers are typically willing to cover all or part of the ransom demand to speed up recovery.

However, Barracuda Networks’ report also shows that companies with cyber insurance were more likely to pay the ransom to get their data back, as 39% of organizations with cyber insurance paid the ransom compared to just 22% of organizations without cyber insurance.

In addition, organizations with cyber insurance were 70% more likely to be hit by two or more ransomware attacks.

According to the report, 63% of the global organizations surveyed for the report have cyber insurance, suggesting that ransomware actors continue to get paid and fund their activities.

Other findings in the report suggest that organizations hit with ransomware more than once were more likely to pay the ransom demand, as 42% of those hit three times or more paid the ransom to restore encrypted data. Meanwhile, 31% of victims of a single ransomware attack paid to restore their data.

As far as industries most targeted, Barracuda Networks’ research found that organizations in the energy, oil/gas and utility sector see an above-average success rate of ransomware attacks at 85%. This is due to the disruption that ransomware attacks can cause, as well as the size of the payout.

The company’s previous research into ransomware attacks showed that infrastructure-related cyberattacks have quadrupled. In addition, the sector is also the most likely to be affected by multiple attacks, with 53% reporting two or more successful ransomware incidents.

Other high targets of ransomware cited in the report include financial services and healthcare, but those sectors are less likely to be hit with multiple attacks.

Phishing emails are still the main delivery method leveraged by ransomware actors, with phishing accounting for 69% of attacks, followed by web applications and traffic. The research also found that 27% of the organizations surveyed feel they are not fully prepared to deal with a ransomware attack, suggesting that organizations are still behind when it comes to training and awareness.

The post Ransomware Actors May Be Targeting Organizations With Cyber Insurance appeared first on My TechDecisions.

Microsoft Teams for Education Gets a new look

Just in time for back-to-school, Microsoft Teams has a new home page that places the most important information for educators at the center of the screen. The home page shows announcements, pinned classroom resources, upcoming assignments and more. Educators can customize the screen to add images, sections and other pertinent information. Educators can also now use Teams to create and review assignments on an iPad and Android tablets.

The new feature is expected to roll out this week and will automatically be included in all classes using Teams.

Learn more here.

Ransomware Attacks Spike to More Than 1.2 million per month

Researchers from cloud security company Barracuda identified and analyzed 106 highly publicized ransomware attacks and determined the dominant targets are still education (15%), municipalities (12%), healthcare (12%), infrastructure (8%) and financial (6%). Ransomware attacks on educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled over the last 12 months, according to Barracuda. Service providers were hit the most, and ransomware attacks on automobile, hospitality, media, retail, software, and technology organizations all increased as well.

Lear more here.

Hackers Exploit Whole Email Inbox

A hacking group called Charming Kitten are targeting users with email accounts from Google, Microsoft and Yahoo, according to Google security researchers. The hacking group is using a tool called Hyperscraper to download whole inboxes undetected.

Learn more here.

130 Organizations Affected by Twilio Hackers

An investigation into the phishing campaign that targeted Twilio and Cloudflare in July revealed that more than 130 organizations have been affected since the initial attack. Nearly 10,000 user credentials were stolen in the campaign, which started in March 2022, as well as more than 5,000 multifactor authentication codes. Victims of the targeted attack were customers of identity and access management provider Okta. Imitation Okta authentication sites were used in each attack.

Researchers at Group-IB noted “despite using low-skills methods [the threat actors] were able to compromise a large number of well-known organizations.” Group-IB also noted the threat actors may have been inexperienced based on the “improperly” configured phishing kit used.

Learn more here.

64% of businesses suspect they’ve been targeted or impacted by nation-state attacks

Research from machine identify management firm Venafi found that 66% of organizations have changed their cyber security strategy as a direct response to the conflict between Russia and Ukraine, while nearly two thirds (64%) suspect their organization has been either directly targeted or impacted by a nation state cyber attack.

Other key findings found that 77% believed we’re in a perpetual state of cyberwar, more than two-thirds of security decision makers have had more conversations with their board and senior management in response to the Russia-Ukraine conflict.

“We’ve known for years that state-backed APT groups are using cybercrime to advance their nations’ wider political and economic goals. Everyone is a target, and unlike a kinetic warfare attack, only you can defend your business against nation-state cyberattacks. There is no cyber-Iron Dome or cyber-NORAD. Every CEO and board must recognize that cybersecurity is one of the top three business risks for everyone, regardless of industry,” said Kevin Bocek, vice president, security strategy and threat intelligence at Venafi in a statement.

Learn more here.

The post This Week in IT: Microsoft Teams for Education Updates, Ransomware Attacks Spike, Organizations Impacted by Nation State Cyber Attacks appeared first on My TechDecisions.

Company sees over 350% year-over-year Astra DB growth as enterprises including Freshworks, Recruiter.com and Trigyn select its serverless database to scale real-time data without limits on any cloud

SANTA CLARA, Calif.–(BUSINESS WIRE)–DataStax, the real-time data company, announced a strong Q1 FY23, highlighting over 350% year-over-year sales growth for Astra DB, its award-winning serverless, multi-cloud database. In addition, over 50% of DataStax’s new annual recurring revenue was attributed to Astra DB as organizations from around the globe look to its scale, performance and pay-as-you-grow affordability to deliver the real-time applications that fuel their business.

DataStax also recorded nearly 120% net dollar expansion and over 90% gross dollar retention year-over-year, a strong testament to the company’s award-winning customer service and trust in its unified open stack.

“Delivering stellar customer experiences is no longer a luxury, but a mandate,” said Prasad Ramakrishnan, CIO of Freshworks. “Our 50,000+ customers around the globe turn to Freshworks to understand the experiences their customers have when engaging with their brand. With Astra DB, we have the global-scale, high-performance and zero-downtime we need and our customers have the gold mine of customer experience data they need to create delightful experiences at scale.”

“We live in a time when real-time applications are the engines of innovation,” said Chet Kapoor, DataStax chairman and CEO. “Software developers are on the front lines tasked with bringing these applications to life – only hindered by their imaginations and the technologies available to them. Astra DB is unlocking developer creativity with access to the world’s best and most scalable cloud data stack that makes the data available in real time and empowers them to build the digital experiences that are driving businesses forward.”

According to IDC FutureScape: Worldwide Data and Content Technologies 2022 Predictions, by 2024¹, net-new production-grade cloud-native apps will increase to 70% of all apps because of the adoption of technologies such as microservices, containers, dynamic orchestration, and DevOps. This represents a fundamental shift in business strategy — moving beyond product differentiation and pricing toward ecosystem-based value creation and the transformation into digital-native enterprises.

For Q1 FY23, DataStax inked new and expansion deals with leading enterprises from around the globe, including: CEVA Logistics, Commonstock, Enovos Luxembourg SA, EOS Smart Connectivity, Freshworks, Janus Henderson Investors, Jooycar, Loyalty Communication, MegaZebra GmbH, Rambus, Recruiter.com, text+, Trigyn, Uniphore Software Systems, Zendesk, and Zonar Systems.

DataStax Q1 Highlights

In its fiscal Q1, DataStax was recognized as a great place to work and delivered several technology advancements that validate the company’s unique approach in helping businesses unlock the value of real-time data.

• Astra DB change data capture (CDC) for connected, real-time data pipelines powered by streaming
• New security features in Astra DB help protect sensitive PII data
• DataStax added multi-cluster support for Apache Cassandra on Kubernetes for real-time applications that require high availability on Kubernetes, across multiple regions
• DataStax customer service won the NorthFace ScoreBoard Service Award for the second year in a row and the company was recognized by Comparably as a great place to work

Resources

• Watch DataStax CEO, Chet Kapoor, talk about creating an awesome developer experience
• Learn more about DataStax Astra DB in action
  • Ankeri’s path to providing real-time telemetry data from ships’ fleets
  • Barracuda Networks’ journey from MySQL to managed Apache Cassandra
  • Endowus invests for high growth with Astra DB
  • ESL Gaming relies on DataStax for critical real-time global gaming service delivery
  • WellAware avoided big database headaches with Astra DB

¹ Oct 2021, Doc # US48082521, IDC FutureScape: Worldwide Data and Content Technologies 2022 Predictions

About DataStax

DataStax is the real-time data company. With DataStax, any enterprise can mobilize real-time data and quickly build the smart, highly scalable applications required to be a data-driven business. The DataStax Astra cloud service uniquely combines the power of Apache Cassandra—the world’s most scalable database—with the advanced Apache Pulsar streaming technology in a unified stack, available on any cloud. Hundreds of the world’s leading enterprises, including Verizon, Audi, ESL Gaming and many more rely on DataStax to unleash the power of real-time data to create the in-the-moment digital experiences that can win new markets and change industries. Learn more at DataStax.com.

© 2022 DataStax, All Rights Reserved. DataStax is a registered trademark of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Pulsar, Pulsar and Apache Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States, and/or other countries.

Contacts

Valerie Beaudett

Public Relations

+1 650-400-7833

press@datastax.com

The post DataStax Reports Strong Q1 Momentum with Global Adoption of its Astra DB Cloud Database appeared first on My TechDecisions.

Organizations that continue to leverage Windows Server 2012 and 2012 R2 after this date will become increasingly vulnerable to cyber attack and compliance risks.

Any business that is still running Windows Server 2012 and 2012 R2 needs to institute a migration policy as soon as possible. Migrations can take months to years to complete – depending on the number of servers and the size of the company.

IT execs without an upgrade path will soon find themselves at a critical “point of no return” that may leave their business and their executives personally liable for the risk caused by unsupported servers.

The Dangers of Letting Support Expire

When Windows ended support for Windows 7 in January 2021, the US Federal Bureau of Investigation issued a warning to industry users that the platform had become unsafe.

“As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered,” the FBI notice said. “With fewer customers able to maintain a patched Windows 7 system after its end of life, cybercriminals will continue to view Windows 7 as a soft target.”

As expected, hackers thrive in attacking environments that no longer receive security support. These attacks do not just hit the technology product in question, but also serve as an entry point into your entire enterprise.

Related: What IT Pros Need to Know About Windows Server 2022

That was the case in 2018 when Zoll, a medical device vendor, sued Barracuda Networks. Zoll contended that Barracuda failed to manage a server migration properly, leaving the data of more than 275,000 of its users exposed.

As a result of those failures, Zoll is now liable for injury and damages incurred by its patients because of the breach. Failing to ensure all systems remain in compliance can put your company at risk and for senior management, possibly even making them criminally liable in the case of a security breach on unsupported OS’s.

Along with security challenges, there is also the loss of functionality. Your organization relies on Windows Server 2012 or 2012 R2 to run applications and manage data on a daily basis. Microsoft’s Modern Lifecycle Policy calls for an organization to use the most current and updated applications. However, when those applications are updated, they are done without outdated servers. This creates issues in performance, compatibility, and reliability.

The Best Options for Migration

If you find yourself behind on the migration for Windows Server 2012 and 2012 R2 there is still time to act. Microsoft offers four primary ways for users to transfer data and applications to a new server platform. These include:

• An in-place upgrade is where you keep the same hardware (if possible) and all server roles. If you’re moving to Windows 2022 from Windows Server 2012, you’ll have to do this in stages (you can only move up two versions) – migrating first to Server 2012 R2 or Server 2016, then to Server 2022. Note that you can move up three versions from Windows Server 2012 R2 so it is possible to do an in-place upgrade to Windows 2022, as long as all your applications and hardware drivers are compatible.
• A clean install involves implementing new server hardware, server virtual machine, or cloud virtual machine and migrate all data and applications to new environments.
• Utilizing a cluster operating system upgrade rollout for Windows Server 2012 R2 will allow you to keep multiple servers in a virtualized cluster to ensure redundancy. This also allows for continuous service through the process, but can be arduous.
• A standard migration allows server owners to move one feature at a time from a source computer running Windows Server to a destination computer on a new version.

Looking Toward the Future

Microsoft and other technology providers give users plenty of runway to prepare for end-of-life events. Following the decommission of Windows Server 2012, the countdown begins for both Windows Server 2016 and Windows Server 2019, along with their different versions.

While many organizations rely on extended support, organizations should look to migrate servers before the standard end-of-life date. Extended support costs more, and organizations that delay a migration could find themselves quickly migrating data up to the last minute, elevating their risk.

Take a proactive approach to migrating server data. While these migrations offer a significant effort from technology teams, they are critical to maintaining operations and reducing security risk. Create a robust action plan for future migrations, and don’t let end-of-life deadlines sneak up on you.

Paul Deur is co-founder of ReadyWorks, a digital platform conductor (DPC), which collects and aggregates data from IT and business systems and spreadsheets, then cleans and analyzes information about the entire IT estate, including endpoints, users, applications, servers, and all their interdependencies. The company identifies risk/what needs to be upgraded, defines the rules for change, uses artificial intelligence (AI) and intelligent automation to automate and orchestrate all human and system workflows, and reports on results. ReadyWorks provides up-to-date audit trails that can be used to demonstrate security compliance.

The post Why Soon-To-Be Unsupported Windows 2012 and 2012 R2 Servers Pose Serious Corporate, Personal Risk for Execs appeared first on My TechDecisions.

The company fills a gaping hole in data security: authorization — the ability to understand, manage, and control who can and should take what action on what data.

PALO ALTO, Calif.–(BUSINESS WIRE)–#Veza—Veza, the data security platform built on the power of authorization, announces it is emerging from stealth today. Veza, which was founded in 2020, is also announcing funding totaling more than $110 million from top-tier venture firms, including Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures, as well as angel investments from notable industry leaders, including Kevin Mandia, Founder and CEO, Mandiant; Enrique Salem, former CEO, Symantec and Partner, Bain Capital; Lane Bess, former CEO, Palo Alto Networks; Manoj Apte, former CSO, ZScaler; Joe Montana, Liquid2 Ventures; and, security leaders Niels Provos, Karthik Rangarajan, and many more.

Data is rapidly and irreversibly moving to the cloud, but organizations around the world are still missing a critical piece of data security: authorization. Because legacy and first-generation data security solutions don’t work in hybrid multi-cloud environments, data and security leaders face significant challenges related to ransomware, digital transformation, cloud adoption, loss of customer trust due to data breaches, and failed audit and compliance. With the amount of data tripling from 2020 to 2025 and incidents of cyber crime doubling every year, organizations need a data security solution that can give them the power to understand, manage, and control who can and should take what action on what data.

“When we founded the company two years ago, we were driven to help advance the state of data security for decades to come,” said Tarun Thakur, CEO and Co-Founder of Veza. “Data and security teams have been inundated with tools, and yet have not been able to answer a fundamental question: Who can and should take what action on what data? Thanks to the dedication of our team, and the invaluable feedback from our customers, Veza has demonstrated the power of authorization metadata as the source of truth to help organizations modernize data security for the hybrid multi-cloud era. We are committed to helping enterprises trust confidently so they can unlock the value of their data.”

Veza is the first and only data security platform that is built on the power of authorization. The platform supports both on-premise and cloud systems, and makes it possible for data and security teams to understand the sensitive nature of data; manage human identities; and service accounts across hundreds and even thousands of disparate data systems, apps, and cloud services. Veza’s core differentiation is its Authorization Metadata Graph. This includes:

• A high-performance streaming engine that integrates out-of-band and agentless, with multiple cloud and on-premises identity, data, apps, compute and infrastructure systems
• A canonical object model that organizes identities, relationships and granular data objects
• A translation layer that processes multiple system-specific permissions and converts them into a natural language for data and security professionals, delivered in a single control pane
• Data Security applications, including: real-time search about who has access to what; authorization-rich workflows for access governance and privilege management; pre-built least-privilege violation alerts and associated recipes to fix them; automated rules and queries for remediation; recommendations; and much more.

“Finally, a start-up taking on cybersecurity’s biggest challenge: Our collective ignorance to our own data environments,” said Nicole Perlroth, special advisor to Veza; former New York Times cybersecurity reporter and advisor, Cybersecurity and Infrastructure Security Agency. “Until now, no senior executive has been able to say with a straight face that they know where their data lives and who has access to it. Veza gives them no excuse. This platform marks a huge advance for cyber defense.”

Numerous Fortune 500 and emerging organizations across multiple industries, including finance, health care, hospitality, media and technology, high-tech, trust Veza. Veza’s customers include: ASAPP, ATN International, Barracuda Networks, Choice Hotels, InComm, Nozomi Networks, The Translational Genomics Research Institute (TGen), and many more.

“The creation and execution of data security policies is challenging because there is a large variety of data security products that provide specific security controls against specific repositories or processing steps. This emphasizes the need and opportunity for market convergence and emergence of new data security markets that enable appropriate business access privileges to use data or share it with partners throughout its life cycle.”

Hype Cycle for Data Security, 2021

Brian Lowans, Senior Director Analyst, Gartner

Customer Quotes

“Authorization is a fundamental security requirement for any company creating value from data,” said Craig Rosen, Chief Security & Trust Officer, ASAPP. “It’s time for a modern approach that allows companies to see beyond authentication and master the complexities inherent to authorization in a multi-cloud world. Veza takes the intricate problem of aligning identities to data to truly understand who has access to what and simplifies it in a way that’s easy to consume for any organization, no matter its size.”

“Axon’s mission is to protect life and protect truth by enabling public safety through technology. And that focus on safety certainly extends into the security of the entire Axon ecosystem,” said Jenner Holden, Chief Information Security Officer, Axon. “Using Veza, our security teams have gained valuable visibility across our systems — apps, infrastructure, and data — to better understand who can access what, helping drive stronger privileged access security practices.”

“If you’re using a cloud of any size, there are probably plenty of things that you’ve done in the past that didn’t have the right governance around them,” said Jason Simpson, Vice President Engineering, Choice Hotels. “And being able to go back, see that, fix it, and then put governance on top of it to ensure that it doesn’t sprawl again, that’s one of the things that we love about Veza.”

“We needed to understand how users and service accounts have been entitled to specific data. Veza is the only tool I’ve seen that can show you both parts of the picture,” said Steven Guy, VP Security Solutions, InComm Payments. “One part is the people or accounts who are supposed to have access as part of a security group. And then there’s the flip side where you look at it from the data end and say, this is who also has access, and this is how that access was granted. Veza is the clearest view I’ve ever seen for data access.”

What Veza’s Investors are Saying

“Securely managing authorization for the cloud can be an area of quicksand for CISOs and IT teams, since multi-cloud environments are extremely broad,” said Eric Wolford, Partner at Accel. “Veza helps teams manage this complexity with ease. As a result, the company has already seen impressive adoption among a variety of enterprise customers.”

“It’s time for a scalable approach to authorization, built to tackle the dynamic nature of today’s hybrid multi-cloud enterprise environments,” said Enrique Salem, former CEO Symantec and Partner Bain Capital. “Pulling together the relationships between any enterprise identity, app, and data system, and visualizing and managing those relationships in a single place — seems like a simple idea, but it’s a highly complex problem to solve. Veza makes the task of understanding who has access to what data simple, yet scalable for even the largest organizations.”

“It turns out you need a lot of trust to implement zero-trust,” said Jake Seid, Co-Founder and General Partner, Ballistic Ventures. “That’s because what built big security companies in the past, creating safe spaces defined by just securing networks and endpoints, no longer makes sense in a hybrid multi-cloud world. Veza’s insight is that, in this new world, authorization is what brings trust to zero-trust.”

“Organizations need a data security product built both for the on-premise and multi-cloud world. Veza’s comprehensive approach pulls together authorization metadata from disparate systems and presents them in a single schema: the metadata authorization graph,” said Karim Faris, General Partner at GV. “It’s the only company that can show you the truth of your data permissions — or authorization — across your organization’s entire cloud ecosystem. We’re excited to work with Tarun Thakur and the Veza team on the road ahead.”

“The Veza team is a perfect example of what we call ‘founder-market-fit,’” said Rama Sekhar, partner at Norwest Venture Partners. “The leadership team, with its deep domain experience in data, witnessed a universal trend firsthand: the volume of data born in the cloud is exploding and the task of managing who can and should have access to that data is an intractable problem. Veza tackles this challenge head-on by translating the vast complexity of identities, permissions and data sources into a single control panel. Their approach has already earned the trust of an impressive roster of customers and we look forward to seeing Veza continue to help enterprises around the world secure their data.”

“We jumped at the chance to fund Tarun and the team for a second time,” said Puneet Agarwal, partner at True Ventures. “Veza is filling a major gap in data security for environments across both on-premises and the cloud, and we believe this is the team uniquely suited to carve out and lead a massive new category.”

ABOUT VEZA

Veza is the data security platform built on the power of authorization. Our platform is purpose-built for hybrid multi-cloud environments to help you use and share your data safely. Veza makes it easy to understand, manage, and control who can and should take what action on what data. We organize authorization metadata across identity providers, data systems, cloud service providers, and applications — all to address the toughest data security challenges of the modern era. Founded in 2020, the company is funded by top-tier venture capital firms including Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures. To learn more, please visit us at veza.com.

Get started with a free trial
Register for our launch webcast
Explore Veza Open Authorization API (OAA) on GitHub

Contacts

Teju Shyamsundar
tshyamsundar@veza.com

The post Veza, the Data Security Company Built On The Power of Authorization, Emerges from Stealth and Announces $110 Million in Funding appeared first on My TechDecisions.

Move expands Jumio’s global footprint, further positions company at the heart of the region’s financial center

DUBAI, United Arab Emirates–(BUSINESS WIRE)–#AI—Jumio, the leading provider of AI-powered end-to-end identity orchestration, eKYC and AML solutions, today announced the launch of a Middle Eastern solutions portfolio and the appointment of Arshad Sheikh as its first sales leader for the Middle East, Turkey and North Africa (METNA) region. This expansion builds on Jumio’s long-standing presence in the Middle East and its ongoing commitment to revolutionize banking for a growing number of customers in the region.

A recent forecast from the International Data Corporation states that digital transformation efforts in the Middle East, Turkey and Africa are set to top $58 billion in 2025, accounting for 40% of all information communication technology (ICT) investments made that year. Additionally, McKinsey & Company found that 83% percent of payments practitioners operating in the Middle East and Africa believe digitizing the customer journey is the most important way to remain relevant in an evolving market.

With the Jumio KYX Platform, businesses from banking and financial services to government, healthcare and travel sectors can tap into services that accelerate digital transformation without sacrificing security and convenience. The KYX Platform leverages AI, biometrics, machine learning and certified liveness detection to help enterprises rapidly convert customers, stop fraudsters and maintain KYC and AML compliance. The key features and advantages of the platform extend an organization’s ability to monitor customer behavior from the initial point of account creation through the full lifecycle of customer interactions.

Based in Dubai, Sheikh will focus on expanding the company’s client base, growing relationships with existing clients and cultivating a sustainable partner network. Sheikh has more than 20 years of sales, business development and cybersecurity experience in the Middle East. Before joining Jumio, Sheikh worked at Carbon Black/VMWare, Barracuda Networks, Informatica, TrendMicro and Mindware.

“We are proud to continue growing in the METNA region in order to better serve the needs of our local customers and partners and to expand our global footprint so organizations can truly know their end users, no matter where in the world they are,” said Dean Hickman-Smith, Jumio chief revenue officer. “Most industries in the region have been swept up in the need to digitally transform their businesses. Jumio’s end-to-end orchestration platform, aided by our extensive partner network, will massively simplify the journey and deliver successful business outcomes across all key industry sectors.”

For a live demonstration of the Jumio KYX Platform, visit Jumio at booth A34 during GISEC Global, which takes place this week in Dubai.

About Jumio

When identity matters, trust Jumio. Jumio’s mission is to make the internet a safer place by protecting the ecosystems of businesses through a unified, end-to-end identity verification, eKYC and AML platform. The Jumio KYX Platform offers a range of identity proofing and AML services to accurately establish, maintain and reassert trust from account opening to ongoing transaction monitoring.

Leveraging advanced technology including AI, biometrics, machine learning, liveness detection and automation, Jumio helps organizations fight fraud and financial crime, onboard good customers faster and meet regulatory compliance including KYC, AML and GDPR. Jumio has carried out more than 500 million verifications spanning over 200 countries and territories from real-time web and mobile transactions.

Based in Palo Alto, Jumio operates globally with offices in North America, Latin America, Europe and Asia Pacific and has been the recipient of numerous awards for innovation. Jumio is backed by Centana Growth Partners, Great Hill Partners and Millennium Technology Value Partners.

For more information, please visit www.jumio.com.

Contacts

EMEA Media Contact
Gemma Lingham

FleishmanHillard UK

gemma.lingham@fleishman.com
+44-752-569-9347

U.S. Media Contact
Diana Gallagher

10Fold Communications

jumio@10fold.com
408-656-9699

APAC Media Contact
Luke Nazir

FINN Partners

Luke.Nazir@finnpartners.com
+65 8139 2504

The post Jumio Accelerates Digital Transformation in Middle East with KYX Platform appeared first on My TechDecisions.