Content by Michael Novinson

SailPoint to Buy Privileged Access Vendor Osirium for $8.3M

Michael Novinson  •  August 30, 2023

SailPoint has agreed to buy U.K.-based privileged access management vendor Osirium for $8.3 million to better protect privileged and non-privileged identities on a single platform. The deal will allow Osirium to benefit from SailPoint's increased scale and enhanced sector and regional capabilities.

US Aids Costa Rican Post-Hack Push for Robust SOC, Secure 5G

Michael Novinson  •  August 30, 2023

Costa Rica will build a national cybersecurity operations center with substantial U.S. backing following a crippling cyberattack last year and will also commit to using only trusted 5G providers. The U.S. Department of State has extended $25 million to build a virtual security operations center.

Ransomware Evolution: Smaller Actors, Bigger Impact

Michael Novinson  •  August 30, 2023

In the evolving threat landscape, small-time threat actors are entering the ransomware space and targeting small and medium-sized businesses. These organizations must adopt a defense-in-depth approach to defend themselves, said Nick Biasini, head of outreach at Cisco Talos.

The Role of 2-Factor Authentication in Developer Security

Michael Novinson  •  August 29, 2023

In today's evolving digital landscape, application security is crucial. That’s why it is increasingly important to normalize the use of two-factor authentication in the developer community to the point that it is "effectively ubiquitous," said John Swanson, director of security strategy at GitHub.

Zero Trust Adoption in Government: Challenges and Strategies

Michael Novinson  •  August 29, 2023

Government agencies are recognizing that the seven pillars of zero trust, as outlined by U.S. federal agencies such as CISA and the DOD, should be strategically applied across various elements, including data and identity management, said Manuel Acosta, senior director and security analyst, Gartner.

Operation 'Duck Hunt' Dismantles Qakbot

Michael Novinson , David Perera  •  August 29, 2023

U.S. authorities Tuesday said they permanently dismantled the notorious Qakbot botnet in an international operation that seized 52 servers and nearly $9 million worth of cryptocurrency. Law enforcement identified more than 700,000 computers infected with the Qakbot malware.

Why a Wiz-SentinelOne Deal Makes Sense, and Why It Might Not

Michael Novinson  •  August 28, 2023

Venture-backed cloud security firm Wiz swallowing up publicly traded endpoint security firm SentinelOne would be one of the most unorthodox and surprising acquisitions the cybersecurity industry has ever seen. But despite the major financial hurdles, the potential technology synergies are obvious.

Training LLMs on Private Data for Higher Accuracy

Michael Novinson  •  August 28, 2023

Large language models have revolutionized various industries by automating language-related tasks, enhancing user experiences and enabling machines to communicate more naturally with human beings, according to Rodrigo Liang, CEO of SambaNova Systems.

The Silent Threat: Negligent Users in SaaS Cybersecurity

Michael Novinson  •  August 28, 2023

Insider threats continue to pose significant concerns in today's digital landscape. While malicious insiders have garnered attention due to harmful intent, negligent users often make unintentional mistakes, contributing to potential cybersecurity risks.

Advanced Malware: Why AI Can't Help All Hackers

Michael Novinson  •  August 28, 2023

The fear that ChatGPT could turn a low-sophisticated hacker into a sophisticated adversary is unfounded, said Howard Marshall, global intelligence lead, Accenture Security. He says most hackers lack the expertise and education to create sophisticated malware.

Trojanized Advertisements: Russian Hackers' New Move

Michael Novinson  •  August 25, 2023

Malicious actors often devise ingenuous ways to infiltrate networks. Michael Sikorski, CTO and vice president of engineering of Unit 42 at Palo Alto Networks, shed light on an unconventional tactic deployed by Russian hackers: the Trojanization of legitimate advertisements.

Thinking of Deploying Generative AI? You May Already Have

Michael Novinson  •  August 24, 2023

Enterprises have been keenly exploring the potential of generative AI, deploying it to fuel innovation. But stealthy integration of AI features into products already owned by organizations has cybersecurity experts worried, said Jeff Pollard, vice president and principal analyst at Forrester.

DDoS-for-Hire Services: Trends and Enforcement

Michael Novinson  •  August 24, 2023

The demand for DDoS-for-hire services has surged significantly in recent years. Cameron Schroeder, chief of the Cyber and Intellectual Property Crimes Section at the U.S. Attorney’s Office, said the increase is driven by accessibility, ease of use and the need for only minimal technical proficiency.

The Changing Landscape of Cybersecurity Education

Michael Novinson  •  August 23, 2023

As the digital landscape evolves, security teams need skills and training platforms that can provide the right resources for an organization "by showing what someone has got in terms of skills, without necessarily fully relying on their CVs," said Jess Burn, senior analyst at Forrester.

Securing the CISO: Navigating Liability and Investigations

Michael Novinson  •  August 23, 2023

Recent legal actions against CISOs have spawned a debate on whether security leaders should be held accountable for security incidents. CISOs should manage this shifted liability through real-time documentation and collaboration with law enforcement, said attorney Stephen Reynolds.