Cyber Defense Magazine Global Edition for 2019


Cyber Defense Magazine's Annual Global Edition for 2019: Will Quantum resilient encryption change the future against breaches in our favor? Can deception technology stop the next wave of cybercriminals? This and much more inside this 78 page eMagazine exclusively distributed at each year along with our announcement of the Cyber Defense Global Awards winners for 2019; also found at



In our seventh year since we founded CDM as Editor-in-Chief, I am delighted to welcome our readers to

the 2019 Global Edition of Cyber Defense Magazine (CDM), which is now exclusively being handed out

at IPEXPO Europe 2019 and then posted online in multiple formats for easy download or reading online

on any internet connected device – from your smartphone to your tablet to your laptop or desktop. Every

aspect of IPEXPO Europe touches upon something related to cybersecurity – whether its writing better

code, as developers, to rolling out internet of things (IoT) devices to blockchain or artificial intelligence –

we see the need for more cybersecurity professionals who can respond to and plan for the next wave of

threats and exploitations by cyber criminals. It’s also now part of a bigger themed event called “Digital

Transformation Expo Europe” with more information found at this url:

It’s now projected that there will be some 2 million new jobs created in the cyber security industry over

the next 3-5 years. Indeed, some reports even project greater growth than that. In any case, what’s clear

is that the threats of cyber-attacks are not going away; if anything, they will grow in intensity and

pervasiveness as the potential payoffs get richer. Although the three principal reasons for cyber criminals

to operate remain the same, their relative growth may become skewed toward financial and political gain.

Only the thrill-seekers with little to gain other than some warped sense of power appear to have leveled

off. Rich targets of financial assets in the billions have come into play with the proliferation of

cryptocurrencies and exchanges. The use of cyber means to penetrate and influence political processes

is only beginning to be fully investigated. The challenges for the defenders of cyber integrity continue to


Nonetheless, the “good guys” are in the hunt, with new and creative technological developments to

counter the spread of cyber-attacks. AI, ML, IAM, and Cyber Risk Management as a Service (too new for

its own acronym) are among the coming techniques of cyber defense. Without attacking the attackers,

there are new deception-based techniques to at least slow them down and try to document their attacks

in more detail. Also, we’re seeing rapid growth in cybersecurity anti-phishing and best practices training

companies, which is foundational and critical. We all need frequent training, especially to avoid spear

phishing, RATs, and social engineering – including new methods called “deep fake.”

Therefore, only by keeping up to date with the broad array of developments is it possible for the cyber

defense professional to operate effectively. That’s the job of Cyber Defense Magazine – to be the

principal repository and distribution channel for the vital information flow to keep us all informed and ready

to respond to the threats as they emerge. On behalf of our entire team, we thank you for being a part of

the CDM community, and for supporting our Mission – to help you get one step ahead of the next threat.


Pierluigi Paganini




Secure Channels Delivers “XOTIC” Solution to Unprotected Industries ........................... 8

Invisible = Undependable ..................................................................................................... 11

California’s Upcoming Privacy Law Creates Questions for Companies Nationwide ...... 13

Hidden Wasp and the Emergence of Linux-based Threats ................................................ 18

Top Ten Requirements for Managed Security Services Providers ................................... 20

Migrating to Office 365 with iboss cloud ............................................................................. 22

9 Cybersecurity Metrics + KPIs to Track ............................................................................. 27

The Instant Gratification Risk ............................................................................................... 30

Improving Workforce Engagement in a Post M&A Environment ...................................... 33

To Catch a Criminal, Set a Trap ............................................................................................ 37

Maximizing Efficiency by Meeting Cybersecurity Pros Where They Are .......................... 41

CSIOS Corporation’s Made–to–Measure Cybersecurity Services: ................................... 46

Fighting Fraud in Online Services with XTN Cognitive Security ....................................... 49

Disrupt the Kill Chain with Continuous Security Validation .............................................. 52

Beyond Signatures and Sandboxes .................................................................................... 56

Welcome to the Cyber Defense Global Awards for 2019 ................................................... 60



is a Cyber Defense Media Group (CDMG)

publication distributed electronically via opt-in

GDPR compliance-Mail, HTML, PDF, mobile and

online flipbook forwards. All electronic editions are

available for free, always. No strings attached.

Annual EDITIONs of CDM are distributed

exclusively at the RSA Conference each year for

our USA editions and at IP EXPO EUROPE in the

UK for our Global editions. Key contacts:


Gary S. Miliefsky


Stevin V. Miliefsky


Tom Hunter


Pierluigi Paganini


Interested in writing for us:


Cyber Defense Magazine

Toll Free: +1-833-844-9468

International: +1-603-280-4451

New York (USA/HQ): +1-646-586-9545

London (UK/EU): +44-203-695-2952

Hong Kong (Asia): +852-580-89020

Skype: cyber.defense




Copyright © 2019, Cyber Defense Magazine

(CDM), a Cyber Defense Media Group

(CDMG) publication of the Steven G. Samuels

LLC Media Corporation.

To Reach Us Via US Mail:

Cyber Defense Magazine

276 Fifth Avenue, Suite 704

New York, NY 10001

EIN: 454-18-8465

DUNS# 078358935





Secure Channels Delivers

“XOTIC” Solution to

Unprotected Industries

Introducing Next Generation


Cryptography by Gary S.

Miliefsky, CISSP®

A few years ago at Black Hat, I bumped into

Richard Blech, CEO of SecureChannels and

some of his brilliant team members working on

the next generation of cryptography. What they

showed me back then and over the past few

years, was and is an incredible effort to solve the

giant ‘math problems’ required to make next

generation encryption a reality. They have now

produced go-to-market commercially available

quantum resilient encryption that many would

call extremely ‘exotic.’

Physicists apply the term “exotic” to states of

matter not ordinarily encountered, and the Next

Gen Encryption Winner of the 2019 InfoSec

Awards is far from ordinary. Secure Channels

Inc.’s XOTIC is a Scalable One-Time Pad (S-

OTP), cascade cipher cryptosystem that is

mathematically described in a single equation as

cccc = SS(kkkk ⊕ (aaaa + pppp)). This short formula grants

XOTIC streaming-cipher speed with block-cipher

strength. A unique feature of XOTIC that sets it

apart from other symmetric encryption, is that the

security level can be dialed with negligible

impact on performance or overhead.

In 2016, Secure Channels was approached by

the film industry with a sizeable request: protect

the ability to control the release of creative and

production content. The past several years had

seen an alarming trend in studio infiltrations.

Films were leaked in part or in whole, contract

details and production memos were released to

the public, all to devastating effect at the box

office. An industry with a disproportionally high

mission-critical data volume, a leak of even the

smallest bit of data can ruin careers, alienate

investors and harm revenue by tens of millions

of dollars. Employing hundreds of contractors,

freelancers and transmission devices creates a


vast attack surface area. The growing interest in

lone hacker and nation state infiltration of

Hollywood productions pointed to the trend

deepening, which brought the film industry to

Secure Channels. The plan was to encrypt all

transmitted data as far upstream as possible to

eliminate unwanted release of content, but all

existing ciphers on the market had proven too

slow, bloated or clunky to handle the demands

of the film production environment. Enter XOTIC.

Secure Channels developed XOTIC to encrypt

directly at the camera, audio recorder, mixer,

CGI studio, etc., to give producers complete

protective control over their product. XOTIC’s

few lines of code have an ultralightweight

footprint and drive rapid encryption that easily

keeps pace with high-velocity, data-intensive

workflows. The industry now had a solution that

could encrypt every frame of 8K, high-frame-rate

video; each sample of high-resolution, multichannel

audio; emails; videoconferences … any

channel carrying sensitive information with the

potential to diminish the size of a paying

audience, destroy careers and upset strategic

partnerships. The cipher’s agility put several

post-quantum strengths in producers’ hands.

They could dial XOTIC to provide a range of

encryption from 512-bit to archive strength

16,384-bit, or choose its Wave Form Encryption

mode of operation to vary key lengths for

additional protection. Armed with XOTIC,

content owners were better prepared for the

cybersecurity onslaught on their industry.

XOTIC’s applications extend far beyond

Hollywood. It was designed to sit lightly in

workflows and perform in environments lacking

encryption due to shortage of processor,

memory, power or space. The IoT realm, for

example, is an industry slow to adopt encryption

over limitations within the host technology. There

were 11.2 billion IoT devices in use last year, and

that number is expected to nearly double by

2020. When deployed in an environment, IoT

devices freely exchange all manner of user data

with little to no encryption protecting them,

making them ripe for man-in-the-middle attacks

and other hacks. Once an unauthorized party

gets into a system, the devices’ shared “trusted

status” furthers the hacker’s reach. There’s

simply no “room” for traditional encryption within

many IoT devices. XOTIC’s anomalous nature,

however, lets it slide easily into the environment.

The weightless code fits anywhere in the

workflow. The strength modulation

accommodates bandwidth availability. The

streaming cipher speed preserves device

responsiveness. The strength works toward

manufacturer compliance with data privacy

regulations. XOTIC is IoT’s missing piece.

XOTIC’s strength has been lauded by some of

the keenest cryptanalysts in the field. The team

of Dr. Léo Perrin, junior researcher at Inria and

author of lightweight cryptography, and Dr. Alex

Biryukov, full professor at University of

Luxembourg and the ACRYPT project’s principal

investigator for lightweight IoT cryptography,

noted that even on XOTIC’s lowest strength,

brute force attacks appear to be an impractical

threat. The team of Dr. Lars R. Knudsen,

professor at the Department of Applied

Mathematics and Computer Science at the

Technical University of Denmark and block

cipher designer, and Dr. Bart Preneel, full

professor at the Dept. Electrical Eng.-ESAT of

the KU Leuven and president of Leaders In

Security (LSEC), stated of XOTIC’s high security

margin, “In order to break the XOTIC cipher

attackers would need insurmountable computing

power which nobody will be able to demonstrate

in our lifetime, or come up with new, effective

attacking methods which nobody has

demonstrated to be close to having at this point

of time."

After covering the DPRK attack on Sony Pictures

in much detail, I’m thrilled to see a solution

designed for the punishing workload of the film


industry, XOTIC’s unique properties deliver

speed and quantum-resilience to myriad


In addition, everything from drones to email,

fintech to healthcare is well within its scope. And

industries where encryption has until now been

technologically prohibitive can find their armor in

Secure Channels’ more exotic solution.

About the Author

National Information Security Group and the

OVAL advisory board of MITRE responsible for

the CVE Program ( He also

assisted the National Infrastructure Advisory

Council (NIAC), which operates within the U.S.

Department of Homeland Security, in their

development of The National Strategy to Secure

Cyberspace as well as the Center for the Study

of Counter-Terrorism and Cyber Crime at

Norwich University. Previously, Gary has been

founder and/or inventor for technologies and

corporations sold and licensed to Hexis Cyber,

Intel/McAfee, IBM, Computer Associates and

BlackBox Corporation. Gary is a member of and is a CISSP®. Reach Gary at

Gary is the CEO of Cyber Defense Media Group

(CDMG) and Publisher of Cyber Defense

Magazine. He is a globally recognized cybersecurity

expert and a frequent invited guest on

national and international media commenting on

mobile privacy, cyber security, cyber crime and

cyber terrorism, also covered in both Forbes and

Fortune Magazines. He has been extremely

active in the INFOSEC arena, most recently as

the Editor of Cyber Defense Magazine. Miliefsky

is a Founding Member of the US Department of

Homeland Security (, the


Invisible = Undependable

Why Visibility Is Key to Lowering Digital Risk

Trying to identify sources of digital risk for your

organization can feel like searching for a black

cat in a dark room. And even if you have a torch,

you need to be shining it in the right direction to

spot the cat. And of course, it might not be sitting


But imagine you can simply turn on all the lights

in the room – and when you do, you can see

there are several black cats, as well as dozens

of mice, spiders (and who knows what else) that

you had no idea where there.

Taking digital risks out of the shadows

When it comes to your organization’s digital

footprint, consider each of these metaphorical

“creatures” to be a digital risk of some kind – a

phishing website, a chat on the dark web about

targeting one of your executives, and so on. In

this scenario, a cybersecurity “torch” is better

than nothing. But a solution that can turn on all

the lights in the room and help you remove

anything you want to eliminate is a whole lot


The industry experts behind the 2019 Cyber

Security Risk Report1 from professional

services firm Aon, agree: “In 2019, the greatest

challenge organizations will face is simply

keeping up with and staying informed about the

evolving cyber-risk landscape.” In other words,

digital risk transparency is everything. Because

what you can’t see, you can’t protect against. So,

how do you go about turning on the lights and

cleaning up in the big, scary room of digital risks?

Step 1 – Turning on the lights

The first step is to use a tool that scan your

organization’s digital footprint comprehensively,

across the surface web (standard, open

websites), deep web (areas of the web that are

gated such as intranets, membership sites, etc.)


and dark web (anonymized websites, chatrooms

and marketplaces that are only visible using

special web tools).

Step 2 – Cleaning up the room

Once you have identified what’s there – phishing

websites, legitimate URLs with out of date

security certificates, marketplaces selling

counterfeit goods and the like – you can start

allocating different resources to take the

appropriate action. These tasks will include

updating software, removing abandoned

websites, notifying web hosts about illegal

activity, and so on.

Step 3 – Check and validate

Ensuring that your digital risk protection solution

continues to scan the environment even as you

are eliminating risks ensures you can see which

have been addressed, which have moved, and

which new risks have appeared since the initial

scan. New tasks can be defined as a result.

Step 4 – Mitigate for the future

Once you have achieved risk transparency, you

need to maintain it. This means taking the

actions necessary to ensure certain risks cannot

reoccur at all, or can be dealt with easily and

quickly when they do. This could include, for

example, putting an automated process in place

for renewing website security certificates.

Integrating your threat defenses

However, for most large organizations, this is not

the whole story. To maximize the return on an

investment in digital risk protection, it’s important

to be able to integrate your capabilities with a

SIEM (Security Information and Event

Management) solution or IT Service

Management platform. This integration can add,

for example, proactive threat alerts and the

identification of device-based threats. This

combination can further strengthen defenses

against the ever-broadening range of digital risks

that organizations face. Not only does this help

companies avoid the significant costs of a

successful security breach, it can also deliver

business value in other ways, such as

streamlining security processes, improving the

accuracy of decision-making and lowering

overall business risk.

Cybersprint is expert in helping organizations

identify and eliminate digital risks to their data,

operational continuity and revenue, wherever

they originate online.

Are you looking for a more complete picture of

your organization’s assets? Our DRP platform

will discover, assess and remediate online risks

to your brand. Click below to request a free

Quickscan for your organization.

About the Author

Alex van der Plaats is

Marketeer & Security

Enthusiast at

Cybersprint. If you

are interested to get

tweets about Digital

Risk Protection!

Follow us on twitter



California’s Upcoming

1Privacy Law Creates

Questions for Companies


By Richard Kanadjian, Encrypted USB Business Manager of Kingston Technology


California’s Consumer Privacy Act (CCPA) goes into effect on

January 1, 2020, and will affect not only companies in California,

but also companies nationwide with serious financial penalties for

future data breaches. With the expansion of privacy laws abroad

and in the U.S. (HIPPA, CCPA, and GDPR as examples), data

breaches are serious issues for any company that holds PII

(Personally Identifiable Information) of consumers and or any other

sensitive information.

How businesses store, transport and manage sensitive consumer

and company information has become critical for companies of all


What businesses will be impacted by the new

CCPA regulations?

While the CCPA is meant to enhance the privacy rights and

consumer protections for the residents of California in the United

States, as with many laws enacted in the state, it will impact most

business across the country and rest of the world. CCPA can apply

to businesses even if they do not have offices or employees in

California. Any business that has customers who are based in

California could be affected by this new law starting in 2020. The

criteria to determine if this law will affect your business are (any one

of the three make the law apply to your business):

• Do you have gross revenue over $25 million (USD), or

• Do you possess the personal information of 50,000 or more

consumers, households or devices, or

• Do you earn more than half your annual revenue from selling

consumers’ personal information?

If the new CCPA applies to your company, the intentions of the law

are to provide California residents (defined broadly enough to cover

consumers, employees, business contacts and others) with the

ability to know what personal data is collected about them (and

have access to this information); how that data is used, sold or

disclosed; the ability to say no to the sale of personal data; request

their data to be deleted, and more. They also have the right not to

be discriminated against for exercising their right to privacy.


What are the penalties under the

new California Consumer Privacy


Companies that do not comply with the CCPA

are subject to both civil class action lawsuits in

the state of California with damages of $100 to

$750 per California resident and incident, or

actual damages, whichever is greater.

Companies are

Also subject to fines from the state as they can

be prosecuted by the California Attorney


How does Bring Your Own Device

(BYOD) hinder any cyber security


The tremendous portability, and exceptional

ease of USB drives have proven to increase

productivity to millions of businesses and

government agencies. However, since most of

these drives are unencrypted, they can pose a

major security risk to the user storing anything

more valuable than public data.

Cyber security experts say that the use of an

encrypted USB flash drive is the best solution for

keeping confidential information what it was

intended to be – confidential.

From a cost perspective, hardware-based

encrypted USBs are not much more expensive

than non-encrypted devices – and they are like

insurance against the unthinkable – the loss and

breach of private data that could be exposed

otherwise. When you consider the costs and

consequences of a data breach, losing a drive,

etc., against the low purchase price of a nonencrypted

drive, the cost of an encrypted drive is

the most cost-efficient way to manage threats

and reduce risks.

With various regulations such as HIPPA, CCPA

and GDPR among others, the use of encrypted

USB drives can also provide legal protection to

many industries and professions. The minimal

investment for encrypted USB drives will cost

exponentially less than risking a potential data

breach, exposure, damage to your reputation

and enormous possible fines.

Their extreme portability means they are very

susceptible to being lost, accessed, or

misappropriated. When that happens, there is a

fairly good chance that data stored on the device

will end up in the wrong hands, risking the users

or company’s privacy and security.

Having a company policy of standardizing on the

use of hardware-based encrypted USB drives is

a key factor in a USB drive’s ability to provide the

safest, most trustworthy means to store and

transfer personal, classified, sensitive data.

Is hardware and software

encryption preferable?

Not only is encryption vital in USB drives

securing and protecting data, how that

encryption is performed is likewise important.

Users have two choices: hardware and softwarebased


USB drive encryption can be done either through

the device’s hardware or software. A hardwarecentric

/ software-free encryption approach to


data security is the best defense against data

loss, as it eliminates the most commonly used

attack routes. This software-free method also

provides comprehensive compatibility with most

OS or embedded equipment possessing a USB


Hardware-based encrypted USB drives are selfcontained,

don’t require a software element on

the host computer, and are the most effective

means in combating ever-evolving cyber threats.

Hardware-encrypted USB drives protect against

the possibility of brute force, sniffing and memory

hash attacks due to their security being selfcontained

inside the drive.

Software-based encrypted drives are designed

differently. They share a computer’s resources

with other programs. The encryption is not done

on the USB drive at all. Because of this

computer-based encryption process, the USB

drives themselves are vulnerable. In some

cases, there are compatibility issues with older

operating systems that may make the data

unreadable. In addition, reformatting a drive

before storing data can remove all encryption on

the drive, essentially turning a secured drive into

a standard, open drive.

How can I protect my company’s

sensitive data and not hinder


Whether you are a local restaurant chain or a

manufacturing company, privacy and security

should always be front and center in how you

manage, transfer or distribute non-Cloud storage

of private / personal data. There should be

standardization for best practices for what’s

known as data “at-rest” or “in-transit.” While the

most common storage medium is the use of

inexpensive USB drives, the best practice is to

standardize on hardware-based encrypted USB

drives. This practice will provide efficiency and

security to mobile data for anyone. Even

accessing Cloud storage can be risky – while

you access the internet at a coffee shop,

someone else may be trying to hack your

system. If you carry your data on a hardwareencrypted

drive, you can work on your data and

keep your internet turned off while in an

untrusted open Wi-Fi area.

So, where to start? As a small or medium

business, you more than likely aren’t going to

need the same level of protection as large

companies and government agencies require.

There is a range of easy-to-use, cost-effective,

encrypted USB flash-drive solutions to choose

from that can go a long way toward mitigating

your privacy and security risks, and, quite

possibly, save you money and stress.

Encrypted USB drive manufacturers provide you

with options, no matter your needs. For example,

Kingston’s IronKey D300S USB Flash drive

features an advanced level of security that builds

upon the features that made IronKey wellrespected,

to safeguard sensitive information.

Its FIPS 140-2 Level 3 certified, with 256-bit AES

hardware-based encryption in XTS mode, and

has anti-tampering security built in to protect all

internal components. It is an essential pillar to

setting security standards, corporate policies

and data loss protection (DLP) best practices

and compliance to global regulations such as the



Customer and other sensitive data need to be

stored on encrypted USB drives whenever you

need to take the data with you to mitigate any

risk of data breach, data loss, and liability. Data

security and consumer privacy should be

concerns for businesses of any size so

identifying cost effective ways to mitigate the risk

is paramount as we prepare for 2020.

About the Author

Learn more at

Richard Kanadjian is currently the Business

Manager of Kingston Technology’s Encrypted

USB unit. He joined Kingston in 1994 and has

served the company in a variety of roles for both

the Flash and DRAM divisions. Among his many

positions, Mr. Kanadjian was a field applications

engineer in the company’s strategic OEM

division, where he helped build relationships with

leading PC and chipset manufacturers. Prior to

his current role, Mr. Kanadjian was part of the

SSD product engineering department helping

develop and support Kingston’s enterprise SSDs

on both a technical and customer level.


Hidden Wasp and the

Emergence of Linux-based


By Intezer

The Linux threat ecosystem is crowded with IoT

DDoS botnets and crypto-mining malware.

However, with low detection rates in nearly all

leading anti-virus solutions, Linux threats pose

new challenges to the information security

community that have not been observed

previously in other operating systems.

The low detection rates in anti-virus solutions

can likely be attributed to the rapid growth of

modern, cloud-based infrastructure in recent

years. However, as the information security

community has struggled to find a consistent

solution, malware authors have been quick to


Linux malware authors do not invest much time

or effort in writing their implants. This is because

in an open-source ecosystem, there is a high

ratio of publicly available code that can be

quickly copied and adapted by adversaries in

order to produce their own malware. In addition,

as anti-virus solutions for Linux have proven to

be less resilient in comparison to other platforms,

adversaries have become less concerned about

implementing excessive evasion techniques

because even when they reuse extensive

amounts of code, threats have relatively

managed to stay under the radar.

Malware with strong evasion techniques,

however, do exist within the Linux platform.

There is a high ratio of publicly available opensource

malware that utilize strong evasion

techniques and can be easily adapted by



Advanced HiddenWasp Malware

Stings Targeted Linux Systems

Researchers at Intezer recently discovered an

undetected malware targeting Linux systems.

The malware—which the researchers

named HiddenWasp—was enforcing advanced

evasion techniques with the use of rootkits in

order to avoid detection.

HiddenWasp is a fully developed suite of

malware that includes a trojan, rootkit and an

initial deployment script. The malware is used for

targeted attacks against victims who have

already been infected. HiddenWasp has the

ability to download and execute code, upload

files and perform a variety of commands, for the

sole purpose of gaining remote control over the

infected system. This is different from common

Linux malware, which perform distributed denialof-service

(DDoS) attacks or mine


In addition, HiddenWasp authors have adopted

large portions of code from various publicly

available open-source malware, such as Mirai

and the Azazel rootkit, and there are similarities

between the malware and other Chinese

malware families.

At the time the research was published,

HiddenWasp had a zero-detection rate in all

major anti-virus systems. Since then, some—but

not all—of the engines in VirusTotal have begun

to flag the malware.

The technical analysis published by Intezer also

includes relevant IOCs (IP addresses to block)

and a YARA rule for preventing and responding

to future variants of this threat.

The recent discovery of HiddenWasp further

supports the notion that Linux threats will

become more complex over time, and the

information security community needs to

allocate additional resources in order to more

effectively detect and respond to these threats at

a larger scale.


Learn more about the recent history and analysis

of Linux threats, mitigation recommendations,

and the importance of code reuse detection.

Watch the recording to Intezer’s recent webinar

on the Linux Threat Landscape here:


Topics covered include:

Recent history and analysis of Linux

threats, including crypto-miners,

backdoors and botnets

Advanced, targeted Linux threats,

including HiddenWasp and QNAPCrypt

Reasons for low Linux detection rates

Mitigation recommendations and the

importance of code reuse detection


Top Ten Requirements for

Managed Security Services


By John Humphreys, Senior Vice President, Proficio

According to research by the Ponemon

Institute, cybercrime is increasing significantly

and the cost of the average data breach has

risen to a $3.92 million. With security threats

becoming more prevalent and more costly, many

organizations are choosing to partner with a

Managed Security Services Provider (MSSP) as

an extension of their internal security team.

MSSPs provide 24/7 Security Operations

Centers (SOCs), efficient workflows that improve

time to remediation for security issues, access to

security expertise, research and threat

intelligence, and significant cost savings and

scalability. While the benefits of partnering with

an MSSP are wide ranging, choosing an MSSP

is a complex decision for many organizations.

Following are the top ten requirements you

should look for in an MSSP…

Advanced Threat Detection. Industry leading

MSSPs use a combination of people and

technology to accurately detect and prioritize

indicators of attack or compromise. Components

of advanced threat detection include 24/7

investigations by security analysts, customized

SIEM use cases, business context modeling,

threat intelligence profiling and AI-based threat

hunting models.

Managed Detection and Response. Managed

detection and response (MDR) services will

assist your team by leveraging technologies at

the perimeter, core and endpoint to detect and

contain threats both in on-premise and cloudbased

environments. MDRs also offer

vulnerability management and extensive

incident response services.

Security Orchestration and Automated

Response. Automation or semi-automation is

required to quickly contain high-fidelity security

events and allow time for incident responders to

investigate and remediate threats before they

cause damage.

Risk Scoring. MSSPs should provide their clients

with security dashboards and data that show

each client’s risk compared to their peer group.

They can also provide their clients with visibility

into their security posture to help identify blind


Full Lifecycle Management. Many organizations

lack the resources to manage their security

products and keep them running to vendor

recommended standards. MSSPs with the


capability to manage or co-manage these

devices help off-load IT teams to do more

important tasks while maximizing the value of

next generation tools.

Dedicated Client Success Team. In addition to

the support of a 24/7 security team, MSSPs

should assign their clients a client success team

that is focused on account management and

strategic security advisory functions, ultimately

understanding and supporting both the business

and technical needs of the organization

throughout the relationship.

Flexibility and Customization. Every organization

is unique, and an MSSP should be able to

customize their services to the needs of each

organization they work with. Flexibility spans

customizing use cases, reports, dashboards,

escalation rules, incident response actions and

more - all required to meet each organizations’

requirements. Mapping the managed security

service to each organizations’ needs improves

the quality of cyber defense and minimizes

operational disruption.

Powerful Case Management. MSSPs should

provide access to an enterprise-class ITSM tool

for case management and workflow automation.

This allows for better visibility into the MSSP’s

actions and tighter integration between the client

and MSSP’s security team.

SOC Type 2 Compliance. An MSSP should

complete an annual audit to demonstrate that it

follows strict information security policies and

procedures that encompass the security,

availability, and confidentiality of customer data.

There is much to consider when evaluating a

managed security service provider - after all,

you're placing your company's security posture

in the hands of a third-party provider.

Undertaking a thorough review of an MSSP’s

capabilities reduces the chance of surprises and

keeps your peace of mind going forward.

About the Author

John Humphreys is a

Senior Vice President

at Proficio, an awardwinning


Security Service

Provider (MSSP)

offering Managed

Detection and

Response (MDR).

John has more than

twenty years of

experience defining

and executing breakthrough marketing

strategies for IT information solution providers.

Global SOC Operations. Global MSSPs offer

both continuity of operations and unrivaled

visibility into advanced threats. Their 24/7

operations, combined with the volume and

breadth of their client base, allows global MSSPs

to see more advanced threats on a recurring

basis and puts them in a stronger position to

respond quickly.


Migrating to Office 365 with

iboss cloud

Migrating to Office 365 increases productivity

and makes an organization more agile by

providing business critical applications and data

to all users from anywhere in the world. The

iboss cloud is designed for Office 365 to ensure

a seamless coexistence between business

productivity and security.

Office 365 with iboss cloud


The volume of data and applications available to

users in the cloud will require more bandwidth

than ever. To ensure users are productive in the

office or on the road, fast connections to Office

365 in the cloud are mandatory. The iboss cloud

eases migrations to Office 365 by providing

Internet security directly in the cloud. This

reduces bandwidth costs dramatically by

eliminating the need to send data through

appliances hosted at company data centers and

increases user productivity by providing fast

connections directly between users and Office


Cloud-based Internet security that follows users

to ensure consistent protection while users work

in the office, on the road or at home

Cloud-based Internet security allows users to

access Office 365 without having to send data

back through central offices or data centers

which host security appliances for protection

Eliminating the need to send data through

company owned connections reduces costs

substantially as bandwidth is removed from

company paid connections

Eliminating the need to backhaul data to

centrally hosted appliances increases

connection speeds to Office 365 as data

exchanges directly between users and the cloud

which increases productivity

Automatically synchronized with Microsoft so

that all Microsoft domains, IP Addresses and

Office 365 signatures are automatically updated

to ensure Office 365 is never interrupted

CASB controls for Office 365 within iboss cloud

allow for the enforcement of Office 365 tenant

restrictions for compliance

Features within iboss cloud specifically designed

for Office 365 ensure Office 365 connections are

never interrupted while user Internet


connections are protected for compliance,

malware and Data Loss Prevention

The Office 365 suite is included at no additional

cost in all iboss cloud subscriptions

Figure 1 - Gain visibility and control over cloud

application use with iboss and Microsoft

Office 365 Migration Challenges

As your organization moves from on-prem email

and applications to Office 365 which runs in the

cloud, new challenges are presented related to

technology and costs:

• Office 365 runs in the cloud and requires

fast connections and large amounts of

bandwidth. Security proxy appliances

that are in place can quickly become

saturated, reducing network speeds and

impacting user productivity.

• Office 365 can be accessed by users

from anywhere. Backhauling or

hairpinning user.

traffic while they are remote back through the

organization’s network before going to Office

365 results in a variety of unsustainable


• The amount of bandwidth running

through the organization’s network will

quickly increase due to this additional

traffic resulting in substantial bandwidth


• The number of proxy appliances hosted

at headquarters will drastically need to

increase due to the extra load from

mobile and remote users resulting in

substantial costs.

• The user experience will be poor as data

traverses back to headquarters before


heading to Office 365 causing extra hops

and latency.

• This design principal goes against

Microsoft’s recommendations which

state that data should traverse directly

from users to Office 365 in order for

Microsoft to optimize connectivity.

• IP login restrictions and Zero Trust

become difficult to enforce if users are

connected directly to Office 365 while

they are remote since their IP address

does not originate from the organization’s

network. This reduces an organization’s

security posture.

Applying Internet security, which includes

compliance, malware defense and data loss,

becomes increasingly difficult as the security

technology may interfere with connections to

Office 365 resulting in end-user frustration and

IT overhead.

The iboss cloud is built for Office


The iboss cloud is designed for Microsoft Office

365 and solves the complex security challenges

of migrating to Office 365 easily. Using in the

cloud security allows users to connect directly

with Office 365 which reduces bandwidth costs

and increases speeds resulting in a great user

experience and higher productivity.

Native iboss cloud CASB support for Office 365

tenant restrictions ensures compliance and

security. In addition, the containerized

architecture of iboss cloud allows for dedicated

IP addresses that can be used to enforce Zero

Trust and IP login restrictions regardless of user


Eliminate Data Backhaul and

Hairpinning with in the Cloud


Since users are always connected to iboss cloud

regardless of location, consistent security can be

applied to their connections at all times including

compliance, malware defense and data loss

prevention. The iboss cloud follows users and

protects data as it traverses to and from the

cloud, including Office 365, without the need to

send data back through the organization’s

network for security. Data will flow directly from

an organization’s users to Office 365 whether

they are in the office, on the road or working from

home. Elasticity and horizontal scaling allows the

iboss cloud to process infinite amounts of data

so that connections are always fast and reliable

to ensure user productivity. Since iboss cloud is

delivered as a SaaS offering, scaling is

automatic and completely abstracted from users

and administrators eliminating the IT overhead

typically involved with securing increasing

amounts of bandwidth.

Eliminate Increasing Bandwidth

Costs Related to an Office 365


As bandwidth consumption increases with the

use of the vast array of Office 365 capabilities,

including Sharepoint, this bandwidth is offloaded

from the organization’s network and processed

directly by iboss cloud. Users can consume as

much bandwidth as needed without adding

additional strains or costs to the organization’s

budget. This also results in financial predictability

as bandwidth continues to increase over time.

Ensure Internet Security Never

Interferes with Office 365

With so much business already relying on

Microsoft, a move to Office 365 may bring fears


of business interruption. The iboss cloud has all

of the features and settings to ensure that Office

365 runs smoothly while Internet security is

being applied to users at all times. Simple

settings take care of properly handling all Office

365 connections so that they are never

interrupted and flow as fast as possible between

users and Microsoft. In addition, all domains, IP

Addresses and signatures are automatically

synchronized between iboss cloud and Microsoft

which eliminates the burden of maintaining and

updating Office 365 domain entries that are

typically required in other solutions.

Gain Financial Predictability by

Eliminating the Need to Purchase

More Security Appliances

As bandwidth exponentially increases with the

use of cloud applications and Office 365, the

number of gateway security proxies will have to

increase as well. This also results in additional

network complexity costs as increasing

bandwidth leads to network load balancers and

IT staff that can manage them. The iboss cloud

runs in the cloud and eliminates costs and

network complexity by automatically scaling in

the cloud as demands increase. The autoscaling

capability of iboss cloud abstracts this

burden from IT administrators and eliminates

infrastructure line items from the budget, repurposing

those dollars in other areas.

Increase User Productivity

As users work in Office 365, the need to access

files in Sharepoint, email and other applications

requires fast connections. Slow connections

result not only in user frustration, but lost

productivity which is a large organizational cost.

The cost is not only financial due to increasing

labor rates, but also puts the organization at a

disadvantage to those organizations who can

compete faster with the Office 365 suite.

Enforce Office 365 Tenant


Office 365 tenant restrictions ensure users are

connected to the appropriate Office 365 domain

to prevent inadvertent data loss and other

compliance issues. The iboss cloud natively

includes the ability to enforce Office 365 tenant

restrictions with a few simple clicks. The iboss

cloud will enforce the Office 365 tenant

restrictions at all times, regardless of whether the

user is in the office or on the road.

Enforce Zero Trust and IP login


Enforcing IP login restrictions is easily

accomplished with iboss cloud. This is due to

iboss cloud’s containerized architecture which

natively includes dedicated non-changing IP

Addresses that can be used to restrict access to

Office 365 and Okta login portals. This includes

the ability to enforce IP login restrictions when

users are outside of the office, including while

they work on the road or from home.

How It Works

Taking advantage of the vast Office 365

capabilities within iboss cloud is easy. To get


1. Get an active iboss cloud account

2. Connect users to the iboss cloud using one of

the many cloud connectors. This connects users

to iboss cloud regardless of location.

3. If users are connected to the main office with

a VPN, use VPN split tunneling to send all

Internet bound traffic directly to the cloud via

iboss cloud instead of backhauling this traffic

back through the organization’s network

4. Enable the Office 365 features


Feature Highlights

Office 365 Native Integration Features

Simply enable Office 365 support within iboss

cloud, and compatibility with Office 365 is

automatically handled. The iboss cloud

synchronizes with Microsoft Office 365 to ensure

data mappings and signatures are up to date to

optimize the flow of traffic between users and

Microsoft Office 365. There is no administrative

overhead and synchronization is automatic and

transparent to users and IT staff.

Office 365 Tenant Restrictions

Enforcing Office 365 tenant restrictions is easily

accomplished within iboss cloud. To accomplish

this, enable tenant restrictions within the iboss

cloud single pane of glass admin interface. Then

configure which domains Office 365 should be

restricted to and enter the Microsoft Multi-Tenant

Context code provided by Microsoft. The iboss

cloud will automatically handle enforcing the

tenant restrictions for the group of users. The

iboss cloud also has the unique ability to enforce

different tenant restrictions to different groups of

users for more advanced Office 365



Office 365 Features and Integration

Microsoft Office 365 features and integration is

included at no additional cost with every iboss

cloud subscription.

About iboss

iboss is a cloud security company that provides

organizations and their employees secure

access to the Internet on any device, from any

location, in the cloud. This eliminates the need

for traditional security appliances which are

ineffective at protecting a cloud-first and mobile

world. Leveraging a purpose-built cloud

architecture, iboss is designed to make

transitioning from security appliances to cloud

security a seamless process. iboss is trusted by

more than 4000 organizations worldwide, spans

over 100 points of presence globally and is

backed by over 110 patents. To learn more,



9 Cybersecurity Metrics + KPIs to Track

You’ve invested in cyber security, but are you

tracking your efforts? Are you tracking metrics

and KPIs? If you’re not, you’re not alone.

A report by PwC found that just 22 percent of

chief executives believe that their risk exposure

data is comprehensive enough to inform their

decisions. This statistic has remained

unchanged for the past 10 years. Other recent

reports back this up — a report by EY shows that

36 percent of organizations in the financial

services sector are worried about “non-existent

or very immature” metrics and reporting when it

comes to cyber security efforts.

These are organizations that, in some cases,

have spent millions on cyber security for the

sake of compliance. However, they are not

maximizing their infosec investment by

measuring their efforts.

The importance of cyber security


You can’t manage what you can’t measure. And

you can’t measure your security if you’re not

tracking specific cyber security KPIs. Cyber

security benchmarking is an important way of

keeping tabs on your security efforts. You need

to be tracking cyber security metrics for two

important reasons:

Seeing the whole picture when it comes to

infosec: If you’re not tracking key performance

indicators (KPIs) and key risk indicators (KRIs),

you won’t be able to clearly understand how

effective your cyber security efforts have been,

or how they’ve improved (or declined) over time.

Without solid historical data to rely on, you won’t

be able to make informed cyber security

decisions going forward. Instead, you’ll just be

making decisions blindly.

Communicating with business

stakeholders: Without good cyber security

metrics, you won’t be able to make a case for

your infosec efforts — or budget — when you

talk to your organization’s leadership or board


You need cyber security benchmarking that tells

a story, especially when you’re giving a report to

your non-technical colleagues. The KPIs you

choose should be clear, relevant, and give a full

picture of your organization’s cyber security.

You may also need to choose benchmarks for

your vendors and other third parties, who have

access to your networks and can expose your

organization to risk.

Cyber security KPIs to track

Below are some examples of clear metrics you

can track and easily present to your business


Level of preparedness: How many devices on

your network are fully patched and up to date?


Unidentified devices on the internal

network: Your employees bring their devices to

work, and your organization may be using

Internet of Things (IoT) devices that you’re

unaware of. These are huge risks for your

organization as these devices are probably not

secure. How many of these devices are on your


Intrusion attempts: How many times have bad

actors tried to breach your networks?

Mean Time to Detect (MTTD): How long do

security threats fly under the radar at your

organization? MTTD measures how long it takes

for your team to become aware of a potential

security incident.

Mean Time to Resolve (MTTR): How long does

it take your team to respond to a threat once your

team is aware of it?

Days to patch: How long does it take your team

to implement security patches? Cybercriminals

often exploit lags between patch releases and


Cyber security awareness training results: Who

has taken (and completed) training? Did they

understand the material?

credentials, and social engineering). Based on

these 10 factors, your then assigned an overall

grade, so you and your colleagues can see at a

glance how secure your company is relative to

the rest of your industry.

Choosing your cyber security


There is no hard and fast list of the cyber security

KPIs and KRIs all businesses should be tracking.

The metrics you choose will depend, in large

part, on your organization’s needs and its

appetite for risk.

That said, you will want to choose metrics that

are clear to anyone who looks at your reporting.

A good rule of thumb is this: your business-side

colleagues should be able to understand them

without having to call you for an explanation. So,

you’ll want to avoid squishy KPIs — metrics that

might have a large margin for error — or esoteric

metrics that don’t make sense to your businessside


Number of cyber security incidents reported: Are

users reporting cyber security issues to your

team? That’s a good sign, because it means the

employees and other stakeholders recognize

issues. It also means your training is working.

Security ratings: Often the easiest way to

communicate metrics to non-technical

colleagues is through an easy-to-understand

score. SecurityScorecard’s security posture

score gives your company a simple A-F letter

grade on 10 security categories (network

security, DNS health, patching cadence, cubit

score, endpoint security, IP reputation, web

application security, hacker chatter, leaked

You may want to track a combination of different

sorts metrics: technical security metrics,

recovery metrics like backups, and non-technical

metrics, like employee security training.

Lastly, and most importantly, your cyber security

benchmarking should communicate something

important about your organization’s security to

business leaders.


About the Author

How Security Scorecard can help

SecurityScorecard’s security ratings allow you

and your organization’s business stakeholders

to enables users to continuously monitor the

most important cyber security KPIs for your

company and your third parties. The software

automatically generates a recommended action

plan when any issues are discovered and clearly

shows your historical data.

By monitoring the cyberhealth of your extended

enterprise, you’ll be able to collect data on your

cyber security efforts and make informed

security decisions in the future.

Michelle Wu is the Senior Director of Product

Marketing at SecurityScorecard and is

responsible for all aspects of the go-to-market

strategy. She has 15+ years of experience in

marketing, sales enablement and training.

Prior to joining SecurityScorecard she was the

Product Marketing Director for the Intralinks

Banking and Securities vertical. Before that, she

was an investment banker at HSBC focused on

capital markets origination working across

various product groups in New York, Hong Kong

and Japan.


The Instant

Gratification Risk

By Javvad Malik

It feels like a different life when instant messages

were not part of daily life. If one wanted to send

a document or similar, they would resort to

posting it via traditional mail. They would then

Contrast that with today, where people not only

expect a message to be delivered almost

instantly, but they want to be notified as soon as

the recipient has opened and read it.

Is patience a thing of the past? Well, not quite.

Resisting the temptation to fulfil a desire

immediately is deep-rooted in human behaviour.

Although modern technology has made the issue

worse for some.

The Marshmallow Experiment

To understand this better, we need to take a trip

down memory lane to the 1960’s at Stanford

University where Professor Walter Mischel

placed a marshmallow in front of young children

for 15 minutes.

post it, and wait a couple of days for it to be

delivered. Then wait patiently for another few

days for a response.

The children were not forbidden from eating the

marshmallow, but, if they could resist eating it for

15 minutes, they would receive two.

This experiment was repeated over many years,

and the children followed up with. It appeared

that children who had resisted temptation were

on the whole more balanced in later life. They

displayed higher self-esteem, had better grades,

and were less likely to abuse substances.

It demonstrated that those who are able to delay

gratification make better life choices.

Instant Tech

In many ways, technology hasn’t helped those

struggling to control their biggest desires. We no

longer need to wait for photographs to be sent

off to be developed before we can see the end

result. Neither do we have to wait to


communicate with people on the other side of the

world, or be held to the schedule of TV, rather

being able to watch whichever shows we want,

whenever we want. Which has led to the rise of

“binge watching” of shows.

It’s also made attention spans grow shorter.

Congratulations if you’ve made it this far into this

post, many people would have been distracted

by now by an email, or other notification on their

mobile device. In fact, according to Time, 55

percent of people spend fewer than 15 seconds

on a page.

OK, so where's the risk?

Patience is a rare thing to find in the digital world.

People huff and puff, and tweet horrible things if

they are made to wait for what they would deem

an unreasonable amount of time.

It's this impatience, or yearning for instant

gratification that many scammers, fraudsters,

and online criminals prey on.

Phishing emails use such tactics all the time,

"Click here to see these shocking photos of the

latest Tesla before it gets pulled" or "Make your

machine run faster".

But it extends further than that. When the latest

Marvel summer blockbuster comes out,

criminals look to put fake malware-ridden movie

downloads online.

Similarly, we see the pre-release of malicious

mobile apps in gaming stores which entice users

to be among the first to get a game.

Humans, unlike machines can get impatient, be

enticed or have a bad day where they are not

paying attention. It is why phishing remains the

most popular tactic of attackers.

Good things come to those who wait, and it’s

important for companies to reinforce the fact into

its employees, that no matter how tempting or

urgent something appears, taking a step back

and resisting the urge to immediately click on

that link or download the video can be the

difference between what’s best for you, or the


Getting the message across

It’s all well and good saying that we should

educate users on the risks and dangers that exist

and get them to think about issues. But one of

the big challenges in this regard is getting the

right content in front of them, and trying to ensure

the content is understood and acted upon.

I wish I could conclude with there being some

kind of formula or one-size-fits-all program or

content strategy for that. But unfortunately, that

is not the case. However, we should think about

our content strategy and delivery in a way that

takes into consideration the external factors such

as battling against notifications from mobile

devices which take away attention, and pull

people towards instant gratification.

But I will leave with what I believe to be a great

example of how you can hack the system with a

few simple tricks. Stand-up comedian Andrew

Schulz explained in his Tedx Columbus talk that

he was having trouble breaking into the comedy

scene. So, he created what many comedians do,

he recorded a one-hour special.

Unfortunately, he didn’t get much interest from

any of the comedy clubs or distributors. So, he

undertook some market research by asking

friends about comedians they watch. Nearly all

of them had the same unanimous reply, “I love x

comedian, but I’ve not seen the entire show yet.”

At this point, Schulz realised his problems

weren’t that his jokes weren’t funny enough, it’s

that he was competing against a much shorter


attention span. So, he took his one-hour special

and broke it into very small clips and uploaded

them all online.

About the Author

The result was that he found a massive surge in

interest because people would watch one short

clip, which only asked for a few minutes of

attention. And because they enjoyed it, they

would watch another, and another, and end up

binge watching his comedy for many hours.

That’s one way of breaking the system to get

through to an audience. Maybe we need to start

looking at challenges in the same way, and start

designing products and education in the same


Javvad Malik is a Security Awareness Advocate

at KnowBe4, a blogger event speaker and

industry commentator who is possibly best

known as one of the industry’s most prolific video

bloggers with his signature fresh and lighthearted

perspective on security that speak to

both technical and non-technical audiences

alike. Prior to joining KnowBe4, Javvad was

security advocate at AlienVault. Before then, he

was a Senior Analyst at 451’s Enterprise

Security Practice (ESP), providing in-depth,

timely perspective on the state of enterprise

security and emerging trends in addition to

competitive research, new product and go-tomarket

positioning, investment due diligence

and M&A strategy to technology vendors, private

equity firms, venture capitalists and end

users. Prior to joining 451 Research, he was an

independent security consultant, with a career

spanning 12+ years working for some of the

largest companies across the financial and

energy sectors. As well as being an author and

co-author on several books, Javvad was one of

the co-founders of the Security B-Sides London

conference. You can follow him on Twitter as

@J4vv4D Reach KnowBe4 at


Improving Workforce

Engagement in a Post

M&A Environment

By Gaurav Ranjit

In the last decade, there has been an uptick in

the volume of global Mergers & Acquisitions

(M&A) and some of the factors attributed to this

rise are as follows:

• the increasing value of the dollar

• improving economies of scale

• rapidly changing industries and


• need for expansion and diversification of

the business portfolio

• complement competency and resource

• converging intra and inter-industry

leading to vertical and horizontal M&A



Most Mergers & Acquisitions have difficulties

when meeting business goals due to culture

differences. Hence, a change management

strategy must be implemented by upper

management, business executives, and human

resources (HR) to integrate assets, business

processes, products and services, operations,

systems, and technology for the merged


How can an organization enable and motivate

the workforce while retaining this important


There are many successful frameworks, best

practices, and methods to help with M&A efforts,

and a common enabler is the Post-Merger

Integration (PMI) Checklist that covers some of

the important identity access management (IAM)


• hiring and transfer processes

• onboarding of workforce (employees and

contingent workers) and enrolling in


• accessing necessary technologies on

day one (1)

• offboarding of redundancies (workforce

access, job functions and roles)

The checklist improves the value of the

integration, but a common M&A challenge lies in

managing, retaining, and engaging an

organization’s workforce (employee and

contingent workers).

Failure to implement an effective strategy on the

part of the business and HR can:

• have an adverse effect on workforce

retention due to uncertainty

• negatively impact on business

performance and operations, because of

the inability to manage day-one access to

critical systems, services, and products,


• allow competitive leverage to


As best practice dictates, the strategy to improve

the odds of success is to reduce the variability

within the processes that require workforce


Workforce Management:

• access to workforce day one (1) to critical

applications and assets

• connect to the workforce (employee)

employment benefits

• request for access, permissions, and

entitlements that are needed during and

post-merger for the workforce


• provide availability of applications,

information, entitlements and


Identity Orchestrator (IO) can boost the

workforce and customer productivity postmergers

and acquisition by 40%.

Administration and Operations:

• view of “who has access to what” in the

merger or acquired entities

• insight and intelligence into workforce

onboarding, offboarding, and

provisioning activities, visually

• manage delegated administration

Simeio’s identity-as-a-service (IDaaS) solution is

built with all end-users in mind—employees,

business partners, customers, citizens, security

executives, and administrators. By providing an

intuitive and user-friendly interface, Simeio’s

Simeio’s IDaaS sets itself apart from the

competitors with the following attributes:

• Virtual Directory Service, which allows

enterprises to rapidly aggregate

disparate identity stores — removing the

dependency on expensive and timely

directory consolidation projects and

mitigating against the risk of merging

disparate networks too quickly.

• The ability to plug Simeio’s IDaaS into

existing IAM tools and technology via the


Simeio Identity Bridge

a choice between existing Simeio’s

IDaaS technology stack or preference of

the merging entity complete cloud

environment that is hosted, secured and

managed by Simeio.

• Comprehensive program management

for your IAM solutions so your

organization can focus on Information

Technology (IT) consolidation and

merger efforts.

• Enablement for Human Resources (HR)

and change management the leverage to

focus efforts on onboarding, redundancy

elimination, process consolidation efforts

over time, and track effort spent on

managing workforce engagement.

Overall, the critical focus for entities in a post-

M&A phase is to eliminate operational

variance, improve information and resources

to end-users, and manage workforce

engagement proactively.

If you are interested in learning more about

Simeio’s IDaaS solutions for Workforce

Engagement post-M&A activities,

please contact us to speak with the advisory


About The Author

Gaurav Ranjit is a

seasoned business

professional with over

10 years of experience

in management

consulting, strategic

advisory, operations

management and

process transformation in a wide range of

industries, with primary focus in the Financial &

Banking, Health Care and Technology Sectors.

A subject matter expert in the field of Identity &

Access Management (IAM), he has provided

business and consulting services to a number of

global clients. His expertise lies in identifying

business gaps, analyzing current state

processes, and developing tactical (short term)

and strategic (long term) recommendations to

improve operational excellence. Gaurav has

worked in two of the major Big 4 consulting firms

(Deloitte and Ernst & Young) in an advisory

capacity. He has been recognized consistently

for exceptional team collaboration, highpressure

performance, and leadership skills.


To Catch a

Criminal, Set a


Cyber Detection Made Deceptively Simple

By Carolyn Crandall, Chief Deception Officer, Attivo Networks


Much has quietly evolved with deception

technology over the last few years as it quietly

established its presence within business, OT,

and government networks as a primary innetwork

threat visibility and detection control.

The technology has seen marquis coverage at

Gartner Security Summits, keynotes and panels

at CISO-focused seminars and industry events.

By using deception to set traps and lures

throughout a network, attacker dwell time is

reduced, company-centric threat intelligence

gathered, and incident response automated.

Although customers remain tight-lipped about

their use of the technology, industry surveys

reveal that deception technology is the number 2

priority on CISOs lists of technologies being

research, only slightly behind zero-trust

solutions. Plus, users of deception technology

are reporting an average of 5.5 days dwell time,

a 90%+ improvement over the cited 78+ day

industry average. A high confidence in detecting

threats is recorded along with deception being

listed as their top choice in security controls for

accurately detecting insider threats, as

compared to 13 other security solutions.

Setting a trap for a criminal is a straightforward

concept. However, there are some

misconceptions that around believability,

scalability and ease of operations that

cybercriminals would like you to continue to

believe. Commercial-grade deception

technology addresses the critical requirements

for being attractive, believable, and scalable as

well as delivering capabilities that make it a far

cry from merely being a fancy honeypot.

Additionally, deception provides the unique

ability to slow down an attacker by forcing them

to decipher real from fake, question the reliability

of their tools, and to impact the economics of

their attack negatively. Let’s break down the

technology changes and how it works.

The primary use case for a cyber deception

platform (CDP) centers on early detection.

Specifically, deception detects attackers before

they can move laterally off of their first system,

spread throughout the network, or, compromise

Active Directory. Deception starts with a mix of

endpoint and network deceptions t and then add

in additional application, and data deceptions

designed to entice the attacker away from

production assets.

At Endpoints:

Deception plays a valuable role in locking down

the endpoint from lateral movement. It achieves

this by placing deceptive credentials, file shares,

and service redirections designed to lead

attackers into the deception sandbox for

observation, alerting, and recording.

In Clouds:

Deception adds another layer of detection to

cloud environments, providing visibility and

detection into unauthorized activity and

misconfigurations. The solution alerts on

unauthorized attempts to access storage

buckets, exploit server less functions, steal

sensitive data, or conduct malicious activity.

In the Network:

Organizations create digital landmines within

their networks with decoy assets that appear

identical to the Windows, MAC, Linux, and IoT

devices present or as attractive documents or

applications. Deception management servers

can deploy as appliances on-premises,

virtualized, or (AWS, Azure, GCP, Oracle Cloud,

etc.). Machine-learning automates the

deployment, management, and orchestration of

the deception environment by learning the

network based on the traffic it observes.

Organizations are also using deception as a

primary detection control for IoT networks

because it is not reliant on logs, anti-virus

software, or agents. IoT/ICS deception supports


a wide range of devices that include medical

devices, printers, surveillance systems, energy

substations, and more.

Active Directory:

In addition to providing Active Directory (AD)

decoys, a modern innovation in deception adds

attack prevention with the ability to intercept

queries to AD, hide real data and system users,

and insert deceptive results without interfering

with production AD. This level of deception is a

new and extremely valuable tool for a defender’s


Attack Path Visibility:

Given the ability to learn the network, deception

tools also provide visibility to misconfigurations

and exposed credentials at the endpoints. This

insight, not found in other vulnerability

assessment tools, helps minimize risk by

reducing the available attack surface and

automating remediation of exposures.

Fidelity-Alerts and Company-

Specific Threat-Intelligence:

Deception alerts have exceptional signal-tonoise-ratios

since they activate on attacker

engagement. Plus, the high-interaction

deception environment gathers companyspecific

threat intelligence by recording activities

and policy violations and for safely studying the

attack and collecting Tactics, Techniques, and

Procedures (TTPs). Native integrations (firewall,

SIEM, NAC, EDR, and orchestration tools) also

extend existing security solution value and

facilitate automated blocking, isolation, and

threat hunting.

accurate detection that requires minimal

operational overhead. mMature organizations

increase efficiencies in threat detection and

investigation, as well as valuable context for

triage. Advanced organizations achieve strategic

advantages in building pre-emptive defenses,

automating intelligence gathering and incident

response playbook operations.

Standards are also incorporating deception:

• The National Institute of Standards and

Technology (NIST) draft policy 800-171b

recommending deception for High-Value

Assets holding sensitive information.

• The US Department of Energy granted

funds to Pacific Northwest National Labs,

in partnership with Attivo Networks to

create a deeper level of deception for


• The Global Cyber Alliance (GCA) AIDE

Platform enables IoT Device

manufacturers to test security, identify

and mitigate global attack risks in

conjunction with Attivo Networks.

With the cyber battlefield moving inside the

network, deception and the act of setting traps

for one’s adversary has quietly taken its place

within the security stack. It is accurate,

nonintrusive, and reliably detects in areas and

works in ways that other security controls simply

do not. And don’t be deceived; although it is

deceptively simple to operate, it is also

deceptively lethal for both human and automated


Organizations of all sizes are benefitting from

deception-based detection. Smaller

organizations gain immediate value with


About the Author

Carolyn Crandall is the Chief Deception Officer

and CMO of Attivo Networks

Carolyn has worked in her role at Attivo

Networks since 2015 and has over 30 years of

experience building emerging technology

markets. She has a demonstrated track record of

successfully taking companies from pre-IPO

through to multi-billion-dollar sales and has held

leadership positions at Cisco, Juniper Networks,

Nimble Storage, Riverbed, and Seagate(i365).

As Chief Deception Officer at Attivo Networks,

she regularly speaks on security innovation at

CISO forums and other industry events. Crandall

is recognized as a Top 25 Women in

Cybersecurity, was inducted into the Hall of

Femme by DMN, recognized as a Business

Woman of the Year by CEO Today for 2 years in

a row, is a Reboot Leadership Honoree, and a

Power 100 Woman of the Channel by CRN for 9

years. She has also been a guest on Fox News,

is co-author of the book Deception-based Threat

Detection - Shifting Power to the Defender, has

presented at several conferences including

CSO50, ISSA International, FS and H-ISAC, and

has hosted multiple technology education

webinars and podcasts.

Crandall joined Attivo Networks based upon the

company’s vision of modernizing cybersecurity

defenses with deception technology. Deception

has been used for millennia in military, sports,

and gambling to outsmart adversaries and Attivo

has now successfully brought this concept to

cybersecurity in an effort to outmaneuver and

derail the attacks of cyber criminals. This

technology is actively being adopted across all

major industries as a high-fidelity threat

detection and visibility control that is designed to

reduce attacker dwell time (time an attacker

remains undetected) and to gather adversary

intelligence that can be critical for understanding

the attack, accelerating incident response, and

fortifying defenses.

Carolyn can be reached online at

and at our company website


Maximizing Efficiency by

Meeting Cybersecurity Pros

Where They Are

Regardless of role, the browser remains to common operating environment

By The Recorded Future Team


Refining Data into Intelligence

One of the biggest challenges in cybersecurity

today is how to manage and make sense of the

huge volume of data coming into networks of

disparate systems. Security alerts, vulnerability

scan data, lists of malicious file hashes, and

more compete for attention every day

(sometimes it feels like every minute), making it

difficult to know what to focus on and what to

ignore. A recent report by the Ponemon Institute

estimated that, on average, analysts spend

about 25% of their time chasing false positives.

Not only is there too much data, but there isn’t

enough information to quickly categorize and


It can be easy for security teams to be

overwhelmed. Whether it’s SIEM data,

vulnerability scan information, alerts, and of

course, the usual emails, security professionals

are constantly weeding through data points,

trying to figure out where to focus first for

maximum risk reduction. External context from

threat intelligence is one way to understand what

to prioritize first, but this information is often

siloed in one part of the organization and not

accessible to all.

The Many Faces of Cybersecurity

The problem of too much data and not enough

context is one shared across all security

functions — whether it’s security operations,

incident response, vulnerability management,

brand monitoring, or even at the executive level,

security professionals are overwhelmed with

data. Worse, threat intelligence, which does

provide context, is often treated as yet another

individual function rather than an essential

component of each. The result is that many of

the people who would benefit the most from

threat intelligence don’t have access to it when

they need it.

There is a sizable and growing body of evidence

to support predictions of a massive cyber skills

shortage. Some estimates put the total number

of positions doomed to go unfilled in the millions.

For those already in the industry, and especially

those responsible for security at smaller

organizations, that results in a lot of crosstraining

and dual-hatting. Network administrators

may be required to conduct activities typically

reserved for security operations analysts.

Incident responders may have to conduct their

own intelligence analysis. Considering the many

varied functions of cybersecurity, it is no wonder

that getting the entire organization on the same

page can be so difficult.

With so many different positions dealing with so

much data, the industry has increasingly been in

need of a good way to unify and simplify things.

Recorded Future surveyed customers about this

very problem and realized that nearly all of their

solutions had something in common. Whether

SaaS-based or on-prem, nearly all alerts and

threat analysis came through the browser.

Seeing the opportunity, the team got to work

developing a lightweight, browser-based

solution that scans pages looking for threat

information and ties directly to the robust

Recorded Future® Platform for timely, accurate,

and relevant threat intelligence.

The result was Recorded Future® Express: A

browser extension that provides instant context

on any IP, domain, vulnerability, or file hash

being actively viewed in a web browser.


The Browser as a Common

Operating Environment

If the problem is that too few people are doing

too many jobs with too many things to pay

attention to, then the solution is to bring them

together and simplify the task at hand. Express

empowers all members of the security team by

easily layering on top of solutions already in use.

It’s right there in every web-based application —

analysts can use it to access threat intelligence

on top of SIEM data to triage alerts faster, on top

of vulnerability scans to prioritize patching, on

top of incident response systems to get a clearer

picture of how to respond, or even on top of

intelligence sources like US-CERT to pull out the

important bits of information fast.

The Express license, with access to the

Recorded Future Browser Extension, provides

real-time intelligence that is just a click away in

any web-based application. With up-to-theminute

risk scores and transparent evidence

behind that score presented directly on the web

page, teams can easily see what indicators need

attention first, helping them prioritize their

already limited time for maximum impact.

Recorded Future’s mission has always been to

help security professionals defend their

organizations against threats at the speed and

scale of the internet. The Express browser

extension helps achieve this by reducing barriers

to getting actionable intelligence, no matter the

specific security goal. It makes threat intelligence

available to everyone, rather than the private

domain of a few expert analysts.

Recorded Future Express has been designed

with flexibility and ease of use in mind. Gone are

the walls between siloed security functions.

Express means direct access to threat

intelligence for everyone.

Triage Alerts Faster

Because of the number of alerts that security

teams deal with daily, around 44% on average

go completely uninvestigated. There’s just no

time to manually sort through them all. Even

pivoting to a separate threat intelligence solution

adds time; with the browser extension layered

directly over SIEM alerts, security teams can

instantly prioritize alerts by seeing the risk rules

they’ve triggered and the context and sourcing

behind those rules.

Prioritize Patching

Just as with security alerts, there are simply too

many vulnerabilities constantly appearing for a

“patch everything, all the time” approach to

security to be realistic, regardless of the

resources available. And nobody really needs to

patch everything — numerous vulnerabilities are

never exploited, and any one organization’s

network probably contains only a small

proportion of the “riskiest” vulnerabilities as

measured by traditional risk metrics. With threat

intelligence layered directly over vulnerability

scans, vulnerability management teams can

quickly see what vulnerabilities are actually

being targeted in the wild and which they can

safely ignore.

Respond to Incidents with


Indicators of compromise (IOCs) without context

really don’t indicate a whole lot. They could be

false positives — or a true threat that needs

immediate attention. But initial investigations

often rely on file reputation services that don’t

give all the background context to analyze

unknown files. The browser extension speeds up


malware analysis and verdicts by instantly

gaining access to intelligence on associated


Speed Read

Researching threats manually is timeconsuming

and often inconclusive. Whether it’s

one researcher or a whole team, nobody can

keep up with the glut of information that’s

constantly published about threats and other

security news. The browser extension layers on

top of any security text to instantly identify and

organize information around categories like

hashes, IP addresses, domains, or

vulnerabilities. This can cut down the time it

takes to find relevant information in a long report

from US-CERT, for example, from minutes to


Recorded Future Express Extends

Total Reach

Every problem ultimately emerges from two

fundamental shortcomings: a lack of time, or a

lack of information (or both). In the age of big

data, the information is out there — the

challenge is getting to it and applying it in time.

Threat intelligence is only really intelligence

when it is actionable, and intelligence is only

actionable when it gets to the people who can

take action with enough time to actually do


Recorded Future Express makes threat

intelligence actionable for everyone. It provides

access to real-time risk scores, triggered risk

rules for alerts, and evidence behind those rules,

all in the browser extension. It also features

access to Recorded Future University, an online

training academy for mastering threat


Respond Faster with Confidence

By making threat intelligence accessible from

existing security solutions, the browser

extension enables teams to more quickly and

confidently identify which indicators present a

real threat to their organizations. Real-time risk

scores and access to the evidence behind the

rules allows teams to understand why something

might be risky so they can respond quickly and


Reduce Risk with Better


With the added layer of threat intelligence over

SIEM data, vulnerability data, incident response

systems, and more, teams can more easily see

which indicators pose the biggest risks to their

organization and prioritize how they respond to

minimize potential damage.

Increase Efficiency of Security


The convenience of Recorded Future Express

means more members of security teams have

access to threat intelligence. This

standardization and widespread access to threat

intelligence drives better collaboration,

consistent decision-making, and overall more

efficient security processes.

Now Available From Recorded

Future and on AWS Marketplace

Recorded Future® Express is now available on

Amazon Web Services (AWS) Marketplace.

For more information, visit:


About the Author

Karen Levy, VP of Product and Client Marketing

at Recorded Future.Karen Levy is the Vice

President of Product and Client Marketing

at Recorded Future with responsibility for go-tomarket

strategy, product positioning, and client

programs. Her more than fifteen years in

marketing at cybersecurity technology

companies includes leadership roles at RSA,

CyberArk, and Recorded Future. Karen holds a

Bachelors in Chemistry from the University of

Pennsylvania and an MBA from Boston



CSIOS Corporation’s Made–to–Measure

Cybersecurity Services:

A Blueprint for Next Generation Cybersecurity Service Providers

By Cesar Pie, President and CEO of CSIOS Corporation


The size of U.S. Government networks has

made it a relatively easier target for a growing

number of cyber–attacks and exploitation

activities which are becoming more frequent,

sophisticated, aggressive and dynamic. Over the

years, U.S. cyber defenders have struggled to

protect an attack–surface that continues to grow

rapidly and significantly. Running on what

appears to be an endless hamster wheel, we are

now, as a cyber nation, are coming to the

realization that we are simply unable to defend

every information system and network against

every intrusion as our portion of the cyberspace

domain has simply become too large and vast to

close vulnerabilities that surface daily.

In that context, CSIOS’ blueprint for next

generation cybersecurity services integrates a

forward–looking cyber workforce, DCO

Framework, and cyber technologies in custom–

made–to–measure solutions. These solutions

are designed to not only protect and defend an

organization’s most important networks,

systems, data and information so that they can

carry out our missions effectively and efficiently,

even in a degraded state, but also to maintain

high level objectives of protection, monitoring,

detection, analysis, diagnosis, and response–

shifting in accordance with the differing attack–

surfaces, operational threat environments, and

classification levels they support.

The Next Generation Blueprint

The Workforce

Without question, our most important cyber

resource is our workforce; moreover, as we look

to build a world–class cyber workforce of the

future, maintaining the quality of our cyber

workforce is becoming not only our highest

priority but also our greatest challenge. To

achieve and maintain cyberspace superiority in

today’s operational threat environment, CSIOS

has developed a new kind of cyber defender who

is educated and trained to understand the

importance of command, control, computers,

communications, and cyber (C5); intelligence;


and operations collaboration. Over the past

decade and across the nation, standard DCO

operator training has been focused primarily on

a structurally strong C5 but fragile intelligence

and operations foundation. Given the size and

complexity of our U.S. Government information

systems and networks combined with disparate

operational, mission and organizational priorities

and functions, achieving effective and efficient

DCO of U.S. networks depends on farming a

new generation of DCO operators trained to

understand the value of C5, intelligence, and

operations collaboration and decision making


The Framework

At CSIOS, we maximize the full range of

implemented DCO active cyberspace defense

capabilities and investments available to the

organization and ensure cybersecurity practices

are adopted or reinstated from the outset. Our

DCO Framework works with, supports, and

improves other methodologies, standards, or

models such as Capability Maturity Model

Integration (CMMI), International Organization

for Standardization (ISO), Information

Technology Infrastructure Library (ITIL), Control

Objectives for Information Technology (COBIT),

Agile, DevOps, and DevSecOps; it also

integrates IT industry and U.S. Government

specific risk management strategies and best

practices such as National Institute of Standards

and Technology (NIST) and Risk management

Framework (RMF).

In essence, we fuse the abovementioned

methods with proven cybersecurity approaches

and principles (e.g., defense–in–depth, layered

defenses, mission relevant cyber terrain

prioritization, attack surface target reduction,

domain separation, process isolation,

abstraction, resource encapsulation, least

privilege, data hiding, modularity, simplicity,

adaptation and operational resiliency) and apply

our own proven signature for operationalization

(i.e., know–what–how–where–why) to achieve

the ideal made–to–measure solution recipe and

service size for each customer. What’s important

to emphasize at this juncture is that larger (at

scale), faster, and cheaper is not always better.

As an art, cybersecurity quality (over quantity)

through the balanced integration of people,

technology, and operations is always an

unbeaten blend.

For example, due to the criticality and sensitivity

of the organizational missions we support,

CSIOS saw the need to formalize a process to

continuously assess and improve the

cybersecurity services we provision. We are

doing this by leveraging our quadruple ISO

certification standards for ISO 9001:2015

(Quality Management System), ISO/IEC 20000–

1: 2011 (Information Technology Service

Management System), ISO 22301: 2012

(Business Continuity Management System) and

ISO/IEC 27001: 2013 (Information Security

Management System). Integrating ISO

standards has added clear and concise

requirements, specifications, and guidelines to

consistently and accurately ensure our clients’

cybersecurity services are perfectly aligned to

meet their customers’ mission and operational

priorities. By implementing a “plan, do, check,

act” best practice approach, we have established

a proven and globally recognized integrated

management system framework for continual

assessment and improvement process to ensure

and sustain the availability, integrity,

authentication, confidentiality, and non–

repudiation of the information, information

systems, and networks of the U.S. Government

customers it supports. Through this unique

construct, CSIOS has been able to identify more

efficient, effective, and time–saving

management processes; improve incident

response times; and minimize disruptions to

cyberspace operations, all while reducing


operating costs and continuing to maintain

compliance with the customers’ legislative and

regulatory requirements.

We also leverage CMMI–DEV and CMMI–SVC

Maturity Level 3 processes to deliver best–in–

class Agile, DevOps, and DevSecOps

development methods for our clients. We use

CMMI–DEV to improve engineering and

development processes in all products we

develop and CMMI–SVC to improve

management and service delivery processes to

develop, manage, and deliver services.

Additionally, we utilize Agile, DevOps, and

DevSecOps methods selectively and

methodically (not universally). For instance, we

use Agile methods to improve the process of

delivery; encouraging changes in the functions

and practices of the mission/business and

development teams to better produce the project

and product envisioned by the end–user, or

customer. We employ DevOps methods to

improve the integration of software development

and software operations, along with the tools and

culture that support rapid prototyping and

deployment, early engagement with the end

user, automation and monitoring of software,

and psychological safety (e.g., blameless

reviews). We also leverage DevSecOps

methods to improve the lead–time and frequency

of delivery outcomes through enhanced

engineering practices; promoting a more

cohesive collaboration between development,

security and operations teams as they work

towards continuous integration and delivery.

To further satisfy our U.S. Government

customers, we have complemented our DCO

Framework with another award winning plug and

play component: CSIOS’ Information

Technology Service Management (ITSM)

system. CSIOS ITSM uses the ITIL framework

as its foundation and complements it with other

standards, frameworks, and concepts

contributing to the overall ITSM discipline such

as CMMI, ISO, and PMI. When applicable,

based on the ITSM services provisioned, we also

integrate complementing and handpicked

principles and practices from ISO/IEC 15288 for

System Lifecycle Processes and ISO/IEC 12207

for Software Lifecycle Processes to maximize

the standardization of our services.

The Technologies

To build a safer future in the cyberspace domain,

CSIOS management has committed to ongoing

research and development, adoption of

innovation, and evolution through

modernization. Our immediate future requires

harnessing technologies that integrate

meaningful and relevant intelligence, operations,

and C5 through machine learning, artificial

intelligence, and data science. Equally

important, we strategically, operationally, and

tactically overlay the abovementioned

ingredients on two very important elements.

First, the organizational mission essential

functions, including the implications of the

unclassified and classified environments (e.g.,

cloud environment, weapon systems, space

systems, Industrial Control Systems, IoT) they

support, as well as the operational threat

environment they confront. Second, the differing

and unique high volume, variety, veracity, and

velocity (4Vs) data environments they operate.

These 4V's of big data are of no relevance if

unable to be transformed into meaningful data

visualization and data value (2vs). The 2vs ought

to focus on a joint common operational picture

and shared situational awareness environment

for command decision support.


Fighting Fraud in Online Services with

XTN Cognitive Security

XTN’s goal is to fight fraud in online services through our Advanced Behavior-based Security

solutions we develop since 2014. Through the award-winning and multi-layered Cognitive

Security Platform®, we protect the services of several kinds of environments, such as Banks,

Fintech, e-commerce, and Automotive.

Fraud in online services

Online services suffer from a wide variety of frauds. One of the more common patterns is related to

account or sensitive information takeover. Takeovers range from the control of the bank account of the

victim up to stealing their credit card information. The result is most of the time an undesired transfer to

a temporary account managed by the fraudster. There are more technologically advanced frauds where

the attacker takes control of the application used to perform fraudulent transactions directly. With the

rising of online onboarding procedures in next-generation payment services, there is also a rising trend


elated to rogue identities and BOT driven account creation. In the end, the fraudster goal is to monetize

the attack as quickly as possible, finding an easy to scale and maintain fraud flow.

XTN vision is to correlate different layers of analysis to obtain a holistic approach to detect fraudulent

events. The Platform considers the posture of the endpoint used to access a critical service, the digital

identity of the user and the risk profiling related to business content of events. Our unique technology

relies on cutting edge artificial intelligence to provide excellent accuracy and minimal false positives.

XTN technology conciliates different needs that are mandatory in the fraud analysis space: behavioral

perspective, the intelligibility of the risk causes, flexibility and real-time response.

We solve the challenge of providing visibility about fraud attempts coming from consumer-facing or

internal critical services. The banking sector is one of our reference markets and is pretty evident the

urgency of limit payment related frauds. But also other markets need this kind of protection. That's why

we are also working in the automotive environment to protect connected-vehicles services.

Mobile and web application security

We see, globally, very high pressure on mobile online services. Security awareness is increasing, and

users demand secure services, both considering privacy and money. On the other side, service providers

are struggling with growing security while keeping easy and enjoyable user experience in their apps. The

result is that a new generation of service providers is starting pointing on great functionalities designed

to include security and easiness of use by default. These new generations of services are finding spaces

to compete in these fields. Our aim for the future is to face advanced threats while maintaining small or

no impact on the user experience. At XTN, we are ready to embrace this challenge. Our goal is to provide

the smoothest user experience possible while keeping the highest security level. To do that we consider

the endpoint, and in particular mobile devices, as the central actor in identity proofing.

Smart Authentication

Authentication for us is much more of a password or second factor of authentication. In the XTN Cognitive

Security Platform®, digital identity validation relies on different layers: behavioral biometrics features,

endpoint trust and cryptographic quantities. These layers let us modulate the authentication factors

considering the endpoint trust or risk and including continuous behavioral analysis to recognize


In-App protection next level

At XTN, we believe that protecting the app goes beyond the app assets in the end-point. We think that

modern protection requires implementing a probe-evaluate-react pattern, including the app's

technological threats detection together with behavioral and identity-related features. Our technology is

taking all relevant information from the app to our clients, without any user experience impact, building

risk-driven reaction flows that originate at server-side, where the trust should be.


XTN goes global

Nowadays, we are approaching the global market, knowing that our technology offers unique features

and differentiators. Moreover, having a stable presence in Italy could be a value for clients worldwide.

You probably don't know that, but Italy is a virulent country from a fraud perspective, and this came out

to be an excellent training ground for our technology.

XTN is based in London, Boston, Milan and Rovereto (TN).


XTN Cognitive Security® develops Advanced Behavior-based Security solutions since 2014.

Thanks to founders' experience in cybercrime, XTN designs a new generation of Anti-Fraud solutions

which allows companies and institutions to protect their business and their customer’s sensitive data.

XTN non-invasive and frictionless solutions are made unique by breakthrough Behavioral Biometrics

technology. Through the award-winning and multi-layered Cognitive Security Platform®, XTN protects

the services of several kinds of environments, such as Banks, Fintech, e-commerce, and Automotive.

Since its inception, the company has significantly invested in activities, thus improving and earning

competencies in developing Artificial Intelligence and Machine Learning based solutions.

XTN is based in London, Boston, Milan and Rovereto (TN).

About the Author

Guido Ronchetti is the CTO of XTN Cognitive Security.

In his career, he has been involved in designing several security


In XTN one of its primary aims has been to apply machine learning

models to behavioral related security problems.

Watch some interesting interviews with him at or visit him online at


Disrupt the Kill Chain

with Continuous

Security Validation

Cyber-attacks are growing,

breaches are becoming more


Despite the fact that global spend on

cyber security keeps increasing over

10% annually, we’re seeing an uptick in

the number of reported breaches and

affected records. It seems like breaches

happen more frequently and with more

devastating effects although there are

more resources available for cyber

defenses. This is partially due to

increased transparency, as recent

regulations such as GDPR require

organizations to report data breaches. So

the public gets to hear more about the

breaches and security incidents. But a

simple data comparison of affected

records per year by breaches indicate

that data breaches are indeed getting

more impactful. Today, increased risk of

cyber attacks and breaches are

acknowledged within the top 5 business

risks by organizations globally.

Throwing money at the problem

doesn’t work well for cyber

Cyber security is a unique domain within

information technologies that requires

awareness, technology, people and


processes to get right. Unlike purely

operational aspects of information

technologies, throwing money at the

problem doesn’t work well for cyber.

Instead, investment decisions require a

complete understanding of the threat

landscape, security context with

imminent threats and business goals for

the organization. Organizations who

spend huge budgets annually and have

big security teams can suffer from the

simplest of attacks whereas other

organizations who spend less money in a

smart way can attain better levels of

security. So success has little to do with

the annual security budget and a lot to do

with smart coverage, continuous

situational awareness and security

effectiveness. Consequently, spending

more money on cyber security ends up

soothing the symptoms but rarely solves

the root cause of the problem.

The missing ingredient is not the

what, it’s the how

In the face of cyber adversaries and

higher risk of being breached, we all

agree as an industry on what we should

do: Focus on prevention, detection and

response capabilities with limited

resources. We also agree on new trends

and concepts such as zero trust, security

automation, AI and machine learning,

privacy regulations and how these new

initiatives can help improve overall


The missing ingredient for success in

cyber security isn’t what we should do,

though. It’s how we need to do these

activities to increase to improve security

levels. The average security practitioner

today is still haunted by simple questions

about the effectiveness of the solutions in

place such as: “Are we protected against

advanced email attacks?” or “What’s the

biggest risk for our ERP systems today?”.

In similar fashion, security leaders lose

sleep over simple questions such as

“How have the latest investments in tools

improved our security stance?” or “What

are our current security gaps? How can

we prioritize remediation?”. It feels like

we know the defenses in place and how

much CAPEX or OPEX we’re spending,

but we’re not so sure when it comes to

the level of protection we’re getting in

return. This makes it extremely difficult to

demonstrate the value of recent

investments or getting management

signoff for upcoming investments.

Organizations need continuous,

consistent and metrics-based validation

of their cyber defenses.

Breach and Attack Simulation

offers a new way to improve


Breach and Attack Simulation is a new

concept that helps organizations

evaluate their security posture in a

continuous, automated and repeatable

way. This approach allows organizations

to identify imminent threats, take action

and obtain valuable metrics about their

cyber risk levels. Continuous security

validation is a fast growing segment and

it provides significant advantages over

traditional security evaluation methods


including penetration testing and

vulnerability assessment.

Breach and Attack Simulation solutions

help organizations:

1. Leverage current security

investments and reduce cyber


2. Gain comprehensive visibility,

align cyber security with business

strategy and risk appetite.

3. Improve security posture by

identifying and prioritizing

imminent threats.

4. Supercharge security teams with

actionable and prescriptive

mitigation guidance.

5. Know themselves, understand

cyber risks to make the right


Picus offers a complete solution to

disrupt the kill chain

Picus continues to be the pioneer in

Breach and Attack Simulation market

and still drives innovation in this space

with: The most complete continuous

security validation vision and actionable

mitigation guidance. Understanding how

cyber adversaries operate and how cyber

defenses measure up against threats

serve as the essentials to disrupt the kill

chain, therefore the attackers.

The Largest Attack Coverage:

Continuous attack simulation &

mitigation platform with the broadest

attack coverage: 8,100+ real threats

including endpoint, email, and network

assessment scenarios.

The Broadest & Actionable

Mitigation Coverage:

Picus customers get immediate results

on how defenses stack up against

adversaries and take action using

34,000+ prescriptive mitigation guidance.

Rapid Deployment, Results in Hours:

Picus customers start validating

defenses and getting results in hours.

Trusted, Risk-Free & False-

Positive Free Approach:

Picus was founded in 2014 and is trusted

by 100+ customers. Picus operates with

proven zero risk for production

environments and zero false-positives for

validated attack actions. Picus also

supports MITRE ATT&CK mapped

endpoint attacks.

Please visit to

find out how we can help you disrupt the

cyber kill chain.

Picus continuously validates your

security operations to harden your

defenses. We empower organizations to

identify imminent threats, take the most

viable defense actions and help business

understand cyber risks to make the right


Picus offers:


About the Author

Volkan Erturk, CEO & Co-founder at

Picus Security

Volkan has 10+ years of business and

technical leadership in IT security. He

consulted several mid and large size

enterprises and government agencies on

security audits, policy and process

development, and architecture topics. He

also worked as cyber defense specialist

and instructor at the NATO Science for

Peace and Security program.

Volkan holds a Bachelor’s in Math and

M.S. in Information Systems; thesis on

continuous security monitoring. He is a

Ph.D. candidate in Information Security.

The certificates he holds are ISO 27001

Lead Auditor, CISA (Certified Information

Systems Auditor), and CISM (Certified

Information Systems Manager).


Beyond Signatures and Sandboxes:

CDR Is The Future Of Document Security

By Aviv, Grafi, CEO Votiro, Inc.

The predictions for global ransomware damage

continue to be gruesome: by one industry

estimate, over $7 billion in damages for 2018

from ransomware and other document-borne

attacks, with 2019 expected to exceed that

amount. According to the Cisco's Annual

Cybersecurity Report, ransomware is growing at

a yearly rate of 350%. If more than 90% of

successful hacks and data breaches stem from

virus and malware attacks that originate in

weaponized documents, then there simply hasn't

yet been a completely successful way of

disarming the weaponized document.

Until now

could scan a document for known threats,

threats whose signatures could be identified

from known patterns, or quarantined in

sandboxes for further inspection. The problem

with these techniques is twofold: firstly, the virus

or malware has to have a signature that is known

and can be identified. That means that new,

"Zero Day" attacks are often successful simply

because the signature of the malware was

previously unknown. Another problem was

productivity: sandbox technology could

quarantine a document for further inspection, but

this put a heavy cost on productivity, especially

for document-intensive industries like finance,

insurance, healthcare, and others. By slowing

Until now, finding the malware in a document

was an inexact science that required a slow

process based on yesterday's patterns: next

generation anti-virus and sandbox technologies


down a document's processing in order to

inspect it, one was in effect, slowing down the

workflow of the company or organization.

That's all changed now.

With the creation of a new technique in

disarming weaponized documents, identified by

Gartner as "Content Disarm and

Reconstruction(CDR)" , documents are being

sanitized and processed at lightning speed, and

with near perfect accuracy compared to the old

signature and sandbox techniques.

That's because CDR does not scan documents:

it simply deconstructs and reconstructs them.

And by doing that, it simply leaves out any

malware, virsuses, or other malicious elements

that were not part of the original document. And,

because this can be done in a fraction of a

second, productivity is boosted while the level of

protection is nearly flawless.

My company, Votiro, is the leader in this new

category of document protection. As the founder

and inventor of our patented Disarmer(r)

technology, I was able to patent these disarmand-reconstruct

techniques based in part in what

I learned as a soldier in the elite 8200 Cyber Unit

of the Israeli Defense Forces. It was there that

the notion that I could slip documents past the

existing next-gen AV deployments by

manipulating elements in the documents

themselves. That idea led me to do the opposite:

what if I could deconstruct the document and

make a perfect replica? Wouldn't' that leave out

all the bad stuff?

It took some time for me to create a way to

identify legitimate elements of the document, so

that it could be properly reassembled. There was

also the pesky problem of macros: how do you

handle those? What about zip files and other

complex file structures? Over time, we were able

to create a layered approach to CDR:

deconstructing and reconstructing at element

levels, which proved in the end to be the way to

handle those complex problems. Today, our

Votiro Disarmer can handle over 170 known file

types in our processing.

Another challenge we wanted to solve for was

the many ways in which a document enters the

client's domain: most are via email, so that was

a given. But there are client-facing portals for

document uploads, as well as mobile media like

USB's. We solved for those as well, and have

now "surrounded" the ways a document enters

the domain with a Votiro Disarmer solution.

After launch of Disarmer(r), we were surprised at

where we got our first significant traction: in the

governments of both Japan and Singapore,

where our technology has been mandated by

some agencies for use. Both countries are wellknown

for their strict and detailed requirements

for security, and the rapid adoption of Disarmer

in those countries taught us a valuable lesson:

the more strict an organization or country's

security requirements, the more valuable our

Disarmer products become.

Today, I am proud to say that we have hundreds

of deployments around the world, not just in

governments, but also in finance and other

vertical markets as well.

The future for CDR is bright: when you have a

technology that is easily understood by even

non-technical people, then it's been my

experience that you're on to something. CDR

makes document security safer than it was in the

past, and a big productivity jump makes it

inevitable as the future of document security. We

at Votiro are proud to do our part.


About the Author

Aviv Grafi is the CEO & Co-Founder of Votiro, an

award-winning cybersecurity company

specialized in neutralizing files containing zeroday

and undisclosed attacks.

He has been the principal software architect for

the company’s enterprise solution - File

Disarmer, which is based on a unique patented

Content Disarm and Reconstruction (CDR)

technology for protection against cyber

threats. Aviv is a recognized cyber security

thought leader and public speaker, with

significant experience in network security, IDS /

IPS / firewall internals, defensive programming,

enterprise security penetration testing,

vulnerability research, and virtualization. Aviv

graduate of the Israeli Army’s elite 8200

intelligence unit, I hold a in computer

science, a BA in economics, and an MBA from

Tel Aviv University.



Welcome to the

Cyber Defense

Global Awards for


Cyber Defense Awards in

conjunction with Cyber Defense Magazine is pleased to announce the

Winners of our annual Global Awards for 2019. There are 3,000

cybersecurity companies in the world. Of these 3,000 we only accept

nominations from a mix of companies that are in various countries,

around the globe, in balance. This was narrowed down to only 300

companies and our judges like to choose no more than 100-150 winners,

although some companies deserve and receive multiple awards in

various categories.

I’ve interviewed some of these winners in

his hot seat program – where they had to

answer difficult and challenging questions – completely unprepared and

unscripted. I hope to interview more winners during upcoming Cyber

Defense TV opportunities.

In addition, our search focused us on startups and early stage players to

find those who could have the potential to stop breaches in a new and

innovative way. It, therefore, gives us great pleasure to recognize and

celebrate the accomplishments of winners, who have unique people,

software, hardware, services and even cloud-based solutions that might

just help you get one step ahead of the next cybersecurity threat.

Congratulations to all our winners!

Gary S. Miliefsky, CEO

Cyber Defense Media Group

Publisher, Cyber Defense Magazine



PC Matic Inc. Leader Anti-Malware

XTN Cognitive Security Best Product Anti-Malware


IRONSCALES Next Gen Anti-Phishing

Security Mentor Next Gen Anti-phishing

Application Security

AppViewX Editor's Choice Application Security

Contrast Security Hot Company Application Security

Signal Sciences Next Gen Application Security

Virsec Systems Next Gen Application Security

XTN Cognitive Security Best Product Application Security

Artificial Intelligence and Machine Learning

Vectra AI Cutting Edge Artificial Intelligence and Machine Learning



Jumio Leader Authentication

Hideez Publisher's Choice Authentication (Multi, Single or Two-Factor)

WatchGuard Technologies Best Product Authentication (Multi, Single or Two-Factor)


Jumio Most Innovative Biometrics

Nuance Cutting Edge Biometrics

Breach & Attack Simulation

Picus Security Next Gen Breach & Attack Simulation

AttackIQ Cutting Edge Breach & Attack Simulation

Cymulate Editor's Choice Breach & Attack Simulation

XM Cyber Best Product Breach & Attack Simulation

Bring Your Own Drive (BYOD)

Kingston Cutting Edge Bring Your Own Drive (BYOD)

Chief Executive Officer of the Year

WatchGuard Technologies Prakash Panjwani Chief Executive Officer of the Year


Chief Technology Officer of the Year

WatchGuard Technologies Corey Nachreiner Chief Technology Officer of the Year

CISO of the Year

TTEC Kip James CISO of the Year

Cloud Security

Attivo Networks Best Product Cloud Security

DivvyCloud Hot Company Cloud Security

Guardicore Most Innovative Cloud Security

iboss Leader Cloud Security

Sysdig Editor's Choice Cloud Security


Stash.Global Editor's Choice Compliance

SaltStack Most Innovative Compliance

Cybersecurity Service Provider

CSIOS Corporation Best Cybersecurity Service Provider


Cyber Range Training Program

Aries Security Editor’s Choice Cyber Range Training Program

Content Disarm and Reconstruction (CDR)

Votiro Next Gen Content Disarm and Reconstruction (CDR)

Cybersecurity Analytics

Awake Security Cutting Edge Cybersecurity Analytics

Cybersecurity Internet of Things (IoT)

Armis Most Innovative Cybersecurity Internet of Things (IoT)

Cybersecurity Training

Global Learning Systems Publisher's Choice Cybersecurity Training

Inspired eLearning Leader Cybersecurity Training

KnowBe4 Most Innovative Cybersecurity Training

Security Mentor Editor's Choice Cybersecurity Training

Consent & Preference Management

OneTrust Next Gen Consent & Preference Management


Cyberspace Operations Service Provider

CSIOS Corporation Best Defensive Cyberspace Operations Service Provider

Data Loss Prevention (DLP)

Altaro Editor's Choice Data Loss Prevention (DLP)

Kingston Hot Company Data Loss Prevention (DLP)

Deception Based Security

Attivo Networks Next Gen Deception Based Security

SmokeScreen Technologies Most Innovative Deception Based Security

Device Visibility and Control

Forescout Most Innovative Device Visibility and Control

Digital Footprint Security

Cybersprint Cutting Edge Digital Footprint Security

Encrypted Storage

Kingston Best Product Encrypted Storage



Secure Channels Leader Encryption

Endpoint Security

Attivo Networks Hot Company Endpoint Security

Nyotron Editor's Choice Endpoint Security

SparkCognition Best Product Endpoint security

Enterprise Security

Nucleon Next Gen Enterprise Security

Stash.Global Hot Company Enterprise Security

ERP Security

Onapsis Best Product ERP Security


WatchGuard Technologies Leader Firewall


Email Security and Management

Trustifi Editor's Choice Email Security and Management


Endace Publisher's Choice Forensics

Fraud Prevention

CyberTeamSix Editor's Choice Fraud Prevention

Terbium Labs Cutting Edge Fraud Prevention

XTN Cognitive Security Best Product Fraud Prevention

Identity & Access Management

ForgeRock Cutting Edge Identity & Access Management

Herjavec Group Best Service Identity & Access Management

LogMeIn Leader Identity & Access Management

Ping Identity Cutting Edge Identity & Access Management

Simeio Solutions Hot Company Identity & Access Management

Incident Response

Endace Next Gen Incident Response


Intezer Leader Incident Response

Infosec Startup of the Year

Picus Security Most Innovative Infosec Startup of the Year

SaltStack Editor’s Choice Infosec Startup of the Year

Insider Threat Detection

Attivo Networks Editor's Choice Insider Threat Detection

Internet of Things (IoT) Security

Attivo Networks Cutting Edge Internet of Things (IoT) Security

Intrusion Detection System (IDS)

Perch Security Next Gen Intrusion Detection System (IDS)

IT Vendor Risk Management (ITVRM)

ProcessUnity Publisher's Choice IT Vendor Risk Management (ITVRM)

Identity Remediation

CyberTeamSix Hot Company Identity Remediation


Malware Analysis

Intezer Most Innovative Malware Analysis

Managed Detection and Response (MDR)

CyberProof Cutting Edge Managed Detection and Response (MDR)

Proficio Best Service Managed Detection and Response (MDR)

Perch Security Editor's Choice Managed Detection and Response (MDR)

ThreatBook Leader Managed Detection and Response (MDR)

Managed Security Service Provider (MSSP)

Proficio Editor's Choice Managed Security Service Provider (MSSP)

Managed Security Services

Herjavec Group Market Leader Managed Security Services

Messaging Security

Hotshot Technologies Next Gen Messaging Security


Network Security and Management

Aria Cyber Security Best Solution Network Security and Management

iboss Leader Network Security and Management

Plixer Best Product Network Security and Management

Tigera Editor's Choice Network Security and Management

Open Source Security

WhiteSource Cutting Edge Open Source Security

Cyberspace Operations Service Provider

CSIOS Corporation Best Defensive Cyberspace Operations Service Provider

Privacy Management Software

OneTrust Leader Privacy Management Software

Privileged Account Security

Thycotic Leader Privileged Account Security

Patch and Configuration Management

SaltStack Most Innovative Patch and Configuration Management


Risk Management

SecurityScorecard Best Product Risk Management

CyberTeamSix Cutting Edge Risk Management

Risk Ratings Platform

SecurityScorecard Most Innovative Risk Ratings Platform

SaaS/ Cloud Security

Securonix Best Product SaaS/ Cloud Security

Coronet Editor's Choice SaaS/Cloud Security

iboss Hot Company SaaS/Cloud Security

ManagedMethods Publisher's Choice SaaS/Cloud Security

Stash.Global Next Gen SaaS/Cloud Security

ThreatBook Leader SaaS/Cloud Security

Perimeter 81 Most Innovative SaaS/Cloud Security


ThreatQuotient Cutting Edge Security

Security Company of the Year

DivvyCloud Editor's Choice Security Company of the Year

Herjavec Group Most Innovative Security Company of the Year


Security Company of the Year (cont’)

iboss Market Leader Security Company of the Year

Recorded Future Next Gen Security Company of the Year

SecurityScorecard Hot Company Security Company of the Year

Security Expert of the Year

TrendMicro Rik Ferguson Security Research Team Leader of the Year

WatchGuard Technologies Marc Laliberte Security Expert of the Year

Security Software or Hardware

LogicHub Best Security Software

Endace Publisher's Choice Security Hardware

Kingston Most Innovative Security Hardware

Security Investigation Platform

Endace Cutting Edge Security Investigation Platform

ThreatQuotient Most Innovative Security Investigations Platform

Secure DNS Service

ThreatBook Most Innovative Secure DNS Service

Security Project of the Year

Stash.Global Most Innovative Security Project of the Year


Telecoms Fraud Protection

Trustonic Next Gen Telecoms Fraud Protection

Third Party Risk Management (TPRM)

OneTrust Vendorpedia Publisher's Choice Third Party Risk Management (TPRM)

ProcessUnity Editor's Choice Third Party Risk Management (TPRM)

SecurityScorecard Leader Third Party Risk Management (TPRM)

LinkShadow Most Innovative Threat Hunting

Threat Intelligence

Anomali Cutting Edge Threat Intelligence

Nucleon Best Product Threat Intelligence

Plixer Leader Threat Intelligence

Recorded Future Best Product Threat Intelligence

ThreatQuotient Hot Company Threat Intelligence

ThreatBook Publisher's Choice Threat Intelligence

Threat Hunting

LinkShadow Most Innovative Threat Hunting

Threat Modeling

CyberTeamSix Most Innovative Threat Modeling

Picus Security Hot Company Threat Modelling


Unified Endpoint Management

ManageEngine Next Gen Unified Endpoint Management

Unified Threat Management (UTM)

WatchGuard Technologies Best Product Unified Threat Management (UTM)

Vulnerability Management

Kenna Security Cutting Edge Vulnerability Management

NopSec Most Innovative Vulnerability Management

Vulnerability Assessment, Remediation and Management

SaltStack Most Innovative Vulnerability Assessment, Remediation and Management

Women in Cybersecurity

Nyotron Sagit Manor Women in Cybersecurity

Secure Channels Sindhu Aithal Women in Cybersecurity

Arkose Labs Hedda Peters Women in Cybersecurity

Arkose Labs Vanita Pandey Women in Cybersecurity

Guardicore Ophir Harpaz Women in Cybersecurity

Jumio Ervinna Lim Women in Cybersecurity

NTT Security Edith Santos Women in Cybersecurity






More magazines by this user
Similar magazines