Displaying items by tag: CyberArk

COMPANY NEEWS:  CyberArk (NASDAQ: CYBR), the identity security company, today announced it has been named a Leader in the 2024 Gartner Magic Quadrant for Privileged Access Management. CyberArk is positioned as a Leader for the sixth consecutive time and is positioned furthest in Completeness of Vision, which evaluates vendors on offering (product) strategy, innovation and market understanding among other evaluation criteria.

COMPANY NEWS:  CyberArk (NASDAQ: CYBR), The identity security company, today announced that it has earned the Trusted Cloud Provider trustmark from the Cloud Security Alliance (CSA), the world’s leading organisation dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. The Trusted Cloud Provider trustmark helps organisations to identify providers that have invested to achieve the highest standards of cloud security in their product offerings.

GUEST OPINION: In line with National Scams Awareness Week, three executives from Qualys, SailPoint, and CyberArk stress the importance of vigilance and awareness and how organisations play a critical role in protecting customer data.

 COMPANY NEWS:  New AI capabilities translate vast numbers of identity-centric data points into actionable insights to make organisations more secure, efficient and effective. 

GUEST OPINION:   Organisations should adopt passwordless authentication to withstand the ever-looming threats of cyber attacks, including phishing, keylogging, and man-in-the-middle attacks.

COMPANY NEWS:  CyberArk Secure Browser Makes It Easy to Tailor Security, Privacy and Productivity Controls on Managed and Unmanaged Workforce Devices

The growing frequency and sophistication of cyberattacks, with cybersecurity incidents responsible for a significant proportion of large-scale breaches, has led Boards and organisations to prioritise cybersecurity strategy and cyber insurance.

GUEST OPINION: With Data Privacy Day around the corner, it’s encouraging to see Australia moving in the right direction with the proposed changes to the Privacy Act. However, it is imperative for organisations to go beyond regulatory compliance and proactively safeguard sensitive data.

COMPANY NEWS: CyberArk, the identity security company, today announced the appointment of Eduarda Camacho as chief operating officer.

COMPANY NEWS: CyberArk, the identity security company, today announced it has expanded passwordless authentication capabilities with new passkeys support. Now, CyberArk Identity customers can accelerate passwordless adoption and reduce cybersecurity risk by enabling the use of passkeys to easily access apps and websites using strong authentication methods like biometrics.

COMPANY NEWS: CyberArk, the identity security company, today announced new capabilities for securing access to cloud services and modern infrastructure for all users, based on the company’s risk-based intelligent privilege controls.

COMPANY NEWS: CyberArk, the identity security company, today announced it has been named a Leader in The Forrester Wave: Privileged Identity Management, Q4 2023.

COMPANY NEWS: CyberArk, the identity security company, today announced that Accenture, a leading global professional services company, has expanded its deployment of the CyberArk Identity Security Platform to include CyberArk Privilege Cloud. The solution enables Accenture to control and monitor privileged access across on-premises, cloud and hybrid infrastructures for clients as well as their own IT environment.

COMPANY NEWS: CyberArk, the identity security company, today announced details of its new Artificial Intelligence Centre of Excellence.

Identity security company CyberArk's vice president of Red Team services Shay Nahari is committed to giving enterprises the tools to find the holes in their security before the bad guys do, and prepare them on what to do should an attack happen.

COMPANY NEWS: CyberArk, the identity security company, today announced that CyberArk Endpoint Privilege Manager will be featured in the Lenovo ThinkShield security portfolio.

COMPANY NEWS: CyberArk, the identity security company, today announced the release of its latest Environmental, Social and Governance (ESG) report. CyberArk’s approach to ESG and sustainability is grounded in its commitment to its people, core values, communities and the environment, and to integrating the principles of ESG into the company’s operations and strategic decision making.

COMPANY NEWS: iTWire met with Andrew Slavkovic, the Solutions Engineering Director for Australia and New Zealand at CyberArk.

We discussed the company, how cybercriminals are using AI to improve their cyberattacks and how organisations can defend themselves against them... including by using AI themselves!

How did CyberArk first come about?

CyberArk started 24 years ago with the explicit aim of protecting privileged identities which even back then we identified as being a critical element of any attack.

Why is CyberArk associated with identity security?

It's just a natural evolution from privileged identities into today's modern world.  All identities, under certain conditions, need to be protected whilst also being able to achieve varying degrees of actions, which are then classified as “privileged” in today’s world.

How can generative AI like ChatGPT impact cybersecurity?

Generative AI models (such as ChatGPT) will impact the way cybersecurity is conducted in the future. Organisations who don’t leverage this technology run the risk of losing the competitive advantage that will be afforded by it, to the extent we are now seeing them create policies around its usage.

The first step though must be to evaluate both the risks and benefits, and impact those have on individual organisations. We are seeing indicators for its potential impact right now. For example, the technology in its current maturity level is being used to better streamline social engineering campaigns - making them more realistic and believable.  The technology is great at generating text or voice messages to impersonate individuals when compared to traditional approaches.

As we have also demonstrated as part of our CyberArk Labs research, it has the ability to create better malware - by allowing generative AI to take existing samples and mutate them into different variations.  As a result, changes to the malware signature may result in higher levels of evasion.

The good news is the same technology can also be used to uplift cybersecurity capabilities in the future.

In what ways can enterprises leverage the capabilities of AI to improve cybersecurity processes?

We are already starting to see enterprises reimagine how technologies like generative AI can be used to achieve operational efficiencies, defend against cyber-attacks and gain a competitive advantage.

The perfect storm is going on right now with the maturing of AI models amidst accelerated digital transformation and advancements in quantum computing. The combination of these will completely change the way cybersecurity will be conducted in the future.

Enterprises will be able to leverage generative AI to better defend against cyberattacks and outsource some of the heavy lifting in which security professionals were previously responsible for. Specifically, there are three areas I would see where the technology could be used to help security professionals:

1) To write policy and training documents which better align with industry best practices.

2) Analyse large data sets and find anomalous patterns which would be useful in then strengthening security control framework or in conducting post incident analysis more efficiently.

3) To simplify authentication processes by using AI to determine when to apply additional security controls based on the behaviour of the identity.

What ethical considerations should businesses keep in mind?

As generative AI technologies evolve, businesses must consider the ethical considerations that the technology poses. There are areas which would require careful consideration:

Bias and Discrimination: AI models can perpetuate and amplify existing biases in the data used to train them. This can result in discriminatory outcomes, such as bias in hiring or learning practices. For example, if the data set is the whole of the internet, it may inherit the bias of the material.

Privacy: AI models have the potential to generate content that includes sensitive information, such as personal names, addresses, or financial details. This has been demonstrated recently by individuals managing to circumnavigate controls within the technology. Businesses must ensure that this information is adequately secured and that the AI models are not used to violate privacy rights for that country.

Transparency: AI models can generate complex decisions that are difficult to understand or explain. Businesses must ensure that the models are transparent and that the outcomes generated by the models are clearly communicated to stakeholders.

What are the ways in which threat actors can use ChatGPT or AI to enhance or deploy attacks?

There has been a lot written about how AI can be used to enhance cyberattacks. We would need to look at this through two lenses. Firstly, there’s the maturity of generative AI now and where it is potentially heading in the future. Today, we see it being used more in a supplementary manner rather than a mature technology in which we can just outsource the entire attack to. Specifically, we are seeing benefit of this technology being the ability to shorten activities and tasks in each phase of the attack life cycle regardless of the attacker’s skill set.

For example, during the reconnaissance phase, it can be used to gather intelligence more efficiently for the planning of the subsequent stages of the attack. It could be used to create a report on all open-source intelligence regarding specific technical aspects of a target website and work out key contracts that would be ideal for social engineering attempts.

Within that attack life cycle itself it could also be used to carry out very specific tasks, more efficiently and effectively, redirecting the attacker’s energy to tasks that require more expertise. For example, during the ‘weaponization and delivery’ phase, we could use ChatGPT to generate polymorphic malware based on a sample that’s already well known. This would aid the attack in creating malware that will have higher changes of evading detecting and achieve its objectives. We have demonstrated at CyberArk labs how this technology can you use to create this type of malware and how it can successfully evade traditional security controls.

How does Cyber Ark protect against deep fakes and voice cloning?

Deep fakes and AI voice cloning have not been around long. I think the first reported case was in 2019, when thieves recorded the voice of an executive, at a parent company of an undisclosed UK-based energy firm. The CEO actually recognised their colleague’s accent, speech, cadence, etc and quickly transferred all funds from an account as requested. Obviously, it turned out to be to be a fake.

There's been a lot of work done where the FBI has actually mandated that each image has to have an embedded watermark to distinguish it from being a deep fake, locally. In Australia, we're only starting to catch up now, with similar attacks. Although they originate as a new source, what they do is still the same. So, having those consistent security controls, a layered defence in-depth approach, will still prevent or detect these attacks.

Financial gain, which is generally the purpose of these types of attacks, needs to be kept out of email inboxes and phone conversations. Instead, establish processes and procedures which are supplemented by security controls layer onto the application itself using Identity as the cornerstone for verifying every action.

How can potential partners work with you?

We have an extensive partner community. We have an MSP programme as well. So, all partnership models are welcome.

Is there anything else you'd like to add?

I think it's almost the perfect storm, with the emergence and maturing of generative AI, deep fakes, digital transformation initiatives and advancements in quantum computing. This is really going to be the launch pad for a new era in cybersecurity.

I think organisations now need to start looking at the governance around how they're going to use the technology. I think banning it is the wrong approach and will leave organisations behind, so we must allow its use. We should look at how the same technology can be used to solve the problems that it has also created.

Andrew Slavkovic, thank you very much. You can find out more by visiting CyberArk’s website.

91% of Australian respondents experienced at least one ransom attack 

• 98% expect their organisation to suffer identity-related compromise in 2023
• Two-thirds expect layoffs and workforce churn to create new cybersecurity issues
• Over two-thirds would not be able to prevent or detect an attack stemming from their supply chain

Organisations Gain an Easy-to-Adopt Browser for Employees and Third Parties That Powers Security, Privacy and Productivity