New CEO leading the Bugcrowd

Bugcrowd has announced a new CEO, Ashish Gupta to take the helm from founder Casey Ellis, who has stepped aside to assume the role of Chairman and CTO of the firm he founded five years ago in 2012.

The move shows a level of maturity on behalf of the company, and indeed Ellis. Startup founders often find it hard to make way for a dedicated CEO that can lead the company through the next level of its growth. By appointing a CEO, Ellis can focus on what he is best at, the technology, the product, the game theory, and the crowd itself.

The Grugq quipped that Ellis has successfully grown the company to the level that he can now outsource the boring work. While it may not be completely factually correct, the sentiment rings true.

Bridging communities
It’s also important to take a step back and examine what factors have led to the success of Bugcrowd as a company.

While its platform has definitely helped, as has funding, the real value Bugcrowd has brought to the table is its ability to bridge together communities.

The word community is thrown around a lot in the security world, almost as much as the Fast and Furious franchise uses the word family. But in this case, the sentiment is true.

Vendors and security researchers have a long and well-documented strained relationship. The debate around responsible disclosure has led to more heated arguments than climate change, or the link between vaccinations and autism.

On the surface, what companies like Bugcrowd offer is no different from any of the other “sharing economy” companies such as Uber or AirBnB. But that is an overly simplistic generalisation.

Companies that open bug bounty programs have a variety of needs, objectives and goals. Some will offer large cash rewards, while others can only afford a public acknowledgement and tip of the hat. Some have very strict requirements as to what is in scope, while others cast a much wider net.

In that regard, it’s a bit more like internet dating. Trying match up the right couples who have complex needs and requirements, whilst trying to ensure neither is an axe murderer in their spare time.

Inevitably, not every bug bounty will satisfy researchers and companies, but despite that, Bugcrowd has managed to build up its brand and influence. Its marketing campaigns and rewards to researchers has helped showcase talents and build trust.

Perhaps the biggest success of the company is that it has been successful in shining the spotlight on its researchers and participating vendors as opposed to itself. Maybe that’s what community is all about –  highlighting the successes of others before yourself.

Flashpoint, shining a light on threat intelligence from the dark web

New York-based Flashpoint was founded in 2010, and has evolved its mission to comb the dark web to provide business risk intelligence to help organizations mitigate risk across the enterprise.

The company is headed up by CEO Josh Lefkowitz, with Evan Kohlmann and Josh Devon serving as chief innovation officer, and chief operating officer respectively.

Over the course of two rounds, Flashpoint has raised a total of $15m in funding. The most recent Series B closed in July 2016 and was led by Greycroft Partners.

The company has 75 employees and over 80 customers in private and public sector across multiple verticals. The majority of customers are in North America, with plans to expand across South America and Europe over 2017.

Product

The Flashpoint offering is a combination of people, data, and technology leveraged to generate business risk intelligence for its customers, from traditional intelligence to intelligence that aids all departments across a company’s enterprise. All aspects of Flashpoint’s offering are tailored to specifically drill into, and find relevant information in the dark web. This includes having multi-lingual analysts that are experienced in embedding themselves within dark web communities and possessing an understanding of the culture and digital-customs.

The Flashpoint technology assists the analysts in working around technical issues such as captcha solving, evading bot detection, collecting timely data, and assisting in maintaining a positive reputation.

According to Flashpoint, this combination of analysts with technology allows analysts to be far more effective and provide the ability to serve a multitude of customers.

The product is sold via a subscription model. Flashpoint customers receive anywhere between three to eight reports a day. Depending on the package, they also get a set number of hours every month which they can use to engage directly with analysts. Customers can also sign onto the online Flashpoint portal and run custom queries, or use the API to import and query data in a local tool.

Breaking the Fourth Wall

Obtaining meaningful threat intelligence from the dark web, and from the internet that is relevant and usable by businesses is a large task. But with its specific focus on the deep and dark web, and mix of technology and specialist staff gives Flashpoint a good foundation upon they can build on.

Perhaps the biggest challenge Flashpoint will have is differentiating itself in an already noisy threat intelligence market. The offering differs from vendors such as FireEye (Mandiant) or Crowdstrike that focus on nation-state or APT’s, or vendors that focus on indicator feeds, or even primarily on the open web. An element of customer education will likely be needed to gain mainstream understanding of how Flashpoint differs, or complements others in this space such as Digital Shadows, InsightPartners, Recorded Future, Cyveillance, and others

In that regard, pursuing technology partnerships, as the company already does, will be key in generating more awareness of its offering as well as getting its intel in front of more customers.

Firemon reaches for the FortyCloud

Network security is a major concern for both enterprises and individuals. With threats seemingly around every corner, we focus much of our energy on awareness and mitigation, such as firewalls.

Well, sometimes. It’s not always this simple. Setting up a suitable firewall becomes far more of a challenge the more systems there are in a single network. It can also be difficult to gauge exactly what threats you’re up against and what tools are the best to use for your specific network.

Enter FireMon.

Founded in 2004 in Kansas, FireMon started out offering firewall management solutions. This service spun into what is today FireMon’s premiere product – the FireMon Security Manager.

The FireMon Security Manager is a firewall management platform designed for massive networks with thousands of hosts. Claimed by FireMon to provide real-time threat analysis, the ability to see and clean up overly lenient user permissions as well as firewall policies, and allows for the monitoring of network traffic behavior in order to find policies which may be overly permissive.

Not only that, but FireMon Security Manager is able to isolate, document and detect any change that may exist in your firewall policies.

FireMon offers three modules which can be purchased separately in order to extend the capabilities of Security Manager – Policy Planner, Policy Optimizer, and Risk Analyzer.

Policy Planner recommends certain policy changes and analyzes the impact any policy changes may have on overall security. Policy Optimizer allows for the automation of policy review and changes based on shifting security conditions as well as compliance requirements. Risk Analyzer is a risk-assessment tool designed to evaluate the efficacy of a network’s security infrastructure by determining which vulnerabilities are most likely to be exploited by hackers.

Breaking The Fourth Wall

FireMon continues to address a real need in the market with the FireMon Security Manager as well as its other products. In this age of increased security threats to our networks, the security of an organization’s firewall is vital as well as its durability against external threats and network vulnerabilities. The FireMon Security Manager allows users to see the existence of threats and vulnerabilities, as well as providing analysis for addressing the issue.

However, FireMon isn’t only focusing on bringing intelligence security analytics to the firewall. FireMon announced October 20, 2016 that it had acquired FortyCloud, a Cloud Infrastructure Security Broker.

Thanks to the acquisition, FireMon can now turn its gaze to the cloud and address multi-cloud management and the need for cloud-based intelligent security management capabilities. FortyCloud allows users to connect securely to multi-cloud environments and even provides options for extending cloud security, such as two-factor authentication.

With more and more organizations seeking to bring their networks into the Cloud, security is increasingly a concern. However, being able to work with the FortyCloud team leaves FireMon in a position to develop usable offerings to meet the security needs that will most certainly develop from cloud-based networks.

There is certainly competition in the market from other players, such as Skybox Security, Tufin, and Algosec, however, with the acquisition of FortyCloud, FireMon can continue being a strong player in the rapidly-changing industry.

LiebSoft seeks privileged management from Okta

Despite some of the world’s most innovative minds working tirelessly to develop solutions to security woes, the average user still lags far behind in prioritizing his or her own security online. In fact, the mobile identity company TeleSign conducted a survey  of 2000 people in 2015 and found that consumers have an average of 23 accounts online, however only an average of six passwords are actually used to protect those accounts. 73% of those surveyed used duplicate passwords.

When users continue to practice poor security habits, it puts more than just their own personal accounts at risk. Companies of all sizes have moved servers into  the cloud, and a lack of privileged security could allow but a single compromised user to wreak havoc.

Enter Lieberman Software.

Founded in 1978 as a software consultancy in Los Angeles, California, Lieberman Software’s flagship product today, Enterprise Random Password Management (ERPM), is designed to addressing this risk and more in the field of privileged management.

Lieberman Software recently integrated ERPM with a number of up-and-coming technologies, including Okta.

Okta securely authenticates a user via primary or multi-factor authentication using only a single sign-on from the user. Through ERPM with Okta, there are two methods organizations can require users to log-in.

The first way to log-in is through the ERPM user-interface, which may also use optional methods and steps of authentication. The second way to log-in would be through Okta. There are two paths which may be taken by the user when using the Okta method, both of which are powered by the protocol SAML (Security Assertion Markup Language), which assists in the exchange between authentication and authorization data between separate parties. The first would involve starting from ERPM, being redirected to Okta, and then returning to ERPM. The second allows the user to access ERPM directly through the Okta application menu.

When pricing ERPM for clients, Lieberman Software bases the cost on the number of hosts, rather than the number of total users. It  starts out at $25,000, with all current and future software integrations included in the price.

Along with the integration of Okta, the recent release of ERPM Version 5.5.1 also premiered integration with Ping Identity, OneLogin, and Active Directory Federation Services (ADFS).

Lieberman Software is choosing not to charge for ERPM integration with Okta. In fact, the integration was provided to both new and existing ERPM customers for no extra charge, as Lieberman Software is interested in Okta customers, whom they see as being more concerned with security than the average user.

Breaking The Fourth Wall

Lieberman Software has had a long life in the technical sector and boasts about tackling the issue of privileged management from as early as the mid 1990s. Globally, Lieberman Software has more than 1200 clients, from healthcare providers, financial institutions, and government agencies, to smaller businesses with large and complex networks

Rather than charge for integration with technologies like Okta, Lieberman provides it at no extra cost to both existing and future users of ERPM. Instead of trying to profit off users interested in advanced security, Lieberman is trying to attract those advanced security-minded users.

By integrating with multiple systems of authentication, Lieberman Software is also giving its clients more options to customize security solutions to match their individual needs.

The privileged identity management sector is a crowded field, with Lieberman Software facing stiff competition from CyberArk, BeyondTrust, CA, Centrify, Osirium, Xceedium, and even IBM and Dell. However, by continuing to prioritize the security profile of its users and seeking out the best possible solutions to these privileged security woes as they appear, Lieberman is continuing to build its reputation. But the issue of privileged management is far from solved, and by continuing to prioritize the security of its users, Lieberman could continue to carve out a respectable spot for itself in the industry.

One Dell of a Ride

Michael Dell founded Dell in Austin, Texas 1984. As a student he initially ran the company from his dorm. In just four years, Dell was able to file for IPO in 1988.

Dell continued on a growth trajectory, hitting $1bn in revenue by 1994 and launching its online shop Dell.com in 1996. Within six months online sales reportedly generated $1m in sales per day.

However, it wasn’t all smooth sailing. Dell himself was removed as CEO and the company struggled at times to meet the expectations of the market.

In 2013, with Dell back in the CEO seat, he partnered with Silver Lake Partners to take the company private for $25bn. A figure, many analysts said underpaid shareholders.

By taking the company private, Dell was able to restructure and make changes without having to worry about the market or shareholders. In its attempts to carve out a leaner business, Dell has shed some divisions that didn’t return, notable Perot Systems, Quest Software and SonicWALL.

While it was shedding low-return divisions with one hand, Dell announced a deal worth $67bn with its intention to acquire EMC – the biggest technology integration ever.

However, an integration of this size is not a simple case of signing an agreement, shaking hands, and wiring some money. EMC is a hugely complex company in its own right; made up of several independent companies. Some of which trade independently, such as VMware. Other key components of EMC include Pivotal and RSA.

Looking at EMC, Dell may want to offload some divisions. Documentum, much like Veritas within Symantec was never a natural fit – so could be a candidate to go.

The combined Dell and EMC entity – named Dell Technologies, is estimated to be worth around $74bn in revenue with 140,000 staff. With this considerable horsepower and private status, Dell could choose to delve into the hottest technology markets through R&D or acquisition.

The figures look convincing on paper. But acquisitions – even small ones can get messy quickly. Few companies manage a truly successful integration when there’s only a technology component. Dell still has financial and regulatory challenges to overcome in the process.

Looking ahead, one thing can be sure that the ride is far from over for the company Michael Dell founded in his dorm.

Keeper Security Password Manager And Secure Vault Continues To Advance

It is no secret that data breaches are a growing epidemic, with the average cost of a data breach being nearly $3.8 million, according to the IBM-sponsored Ponemon 2016 Cost of Data Breach Study. As a result, businesses of all sizes have found themselves searching for tools to better manage the security of their data, with vendors of all types popping up in this growing market, ready to meet security needs.

Keeper, which was founded in 2011 in Chicago, IL, is one such company. Built on the premise that passwords are the greatest single cause of data breaches, Keeper developed their offering with the goal of meeting an increasing need for password management software, both for consumers and businesses.

It first started life as a consumer product. Version 1.0 of Keeper first launched on the iPhone, and has since amassed millions of users. It later added a password management offering for businesses, and has since attracted 3,000 business customers, most of which are SMBs.

The most recent version of Keeper, released in June 2016, was designed for individuals, small to medium sized businesses and enterprises with the goal of improving ease of use, flexibility, and security for the user.

Claimed by Keeper to be unique to its offering are such features as a unified password and data vault, a robust security architecture which Keeper boasts has never been compromised, native apps on every Mobile OS, device and browser, and SOC-2 Type II compliance: a rigorous security audit focused on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.

From a user behavior perspective, Keeper has built in features to help encourage and enforce healthy password habits. Users can generate strong passwords and store them in a secure vault while administrators have the ability to monitor overall password security using metrics such as password strength or uniqueness.

The latest release included such features as enhanced administration, Duo two-factor authentication, enhanced security through HTTP Public Key Pinning, and more, with each added feature being intended to improve the security of Keeper and the data within it as much as possible.

Breaking The Fourth Wall

After five years, Keeper has resisted the lure of investment that flows into the security industry and has managed to be entirely self-funded.

Keeper manages to both address the needs of the consumer while also allowing for itself to be a product well-positioned for businesses.

Keeper’s platform strategy involves embracing a variety of platforms, including mobile (Android, iOS, Windows Phone), desktop (Linux, Mac, PC) and browser (Chrome, Firefox, IE). It also has an emphasis on creating engaging and appealing experience for users.

One of Keeper’s biggest strengths is that it can mitigate against the fundamental user errors which threaten security. One of the greatest security risks is password reuse or simple passwords (such as “password1”). The latest iteration of Keeper makes it easy for IT admins to ensure that users create unique, strong, and distinct passwords for each online service.

The software has evolved considerably through the years, there still remains ample opportunity to further develop the product through additional features, such as enhanced reporting or analytics.

Keeper has developed a solid product, but it’s in a competitive market with other established and well-funded products, such as LastPass (owned by LogMeIn), Thycotic, and Dashlane. However, is addresses a real need in the security market, and with some effort, the right marketing, and a continued dedication to a secure and user-friendly product, Keeper will be able to continue to make its mark on the market.

Open Source Threat Awareness Comes Out Of The Shadows

Even for the largest organizations, threat awareness is a serious challenge. How can you tell whether sensitive corporate documents have been leaked online, or if someone is impersonating and undermining your brand online, without committing significant numbers of people to finding out?

Digital Shadows aims to make this process much easier. Its flagship product, SearchLight, automates as much of this time-consuming process as it can. For the tasks which can’t be automated, it has a skilled team of researchers and analysts.

Based jointly in San Francisco and London, and with a recently opened third office in Dallas, Texas, Digital Shadows is enjoying a prolonged period of growth. Earlier this year, it concluded a Series B round of funding, during which it at attracted $14 million led by Trinity Ventures. This follows an earlier Series A round in 2015, led by Storm Ventures, where $8 million was pulled in.

According to the company, it is in a process of scaling upwards. It expects to reach 100 employees by the end of the year.

There’s certainly a market for a cyber situational awareness product like SearchLight. According to VP of security strategy Rick Holland, Digital Shadows has already signed more than 60 contracts for it. Financial services were the natural vertical to initially target, but the company has since signed a number of contracts in a diverse mix of organizations including insurance companies, financial institutions, agricultural firms – even a candy manufacturer.

Product

Searchlight works by taking details from a client – email addresses, executive information, document markings, building plans – and then trawling through the dark and light web for traces them. It’s fully automated, and uses open source intelligence. It doesn’t pay for credentials

Once its findings have been aggregated and verified, Searchlight will then generate a report. Most customers receive this via email, but it’s also possible to get it through the SearchLight web portal, or the API. Digital Shadows provides a HTTP REST based API for vendor and client integrations.

When SearchLight identifies a piece of leaked corporate data, it will allow the user to send a takedown request through the app.

Tying this together is a web portal. This is a bit like iGoogle, or NetVibes, and features content aggregation about threats facing a particular corporation, vertical, or industry. This features information on threat actors, news, as well as potentially relevant calendar events.

In addition, Digital Shadows provides every client with eight hours of Request for Information (RFI) time per month, where an analyst will look into specific security threats.  A client could provide SearchLight with an email address or Twitter handle, and Digital Shadows will provide all the information it could find on that particular item. Clients can also use the RFI time for more strategic intelligence products including forecasting of threats against specific verticals.

SearchLight is in a seemingly endless spate of growth and improvement, with some of the biggest changes to the platform to come in Q3.

Digital Shadows expects to release an update to SearchLight, which will allow customers to get an even better understanding of their digital footprint. SearchLight will soon include Passive Infrastructure Monitoring to reveal details on hosts, services, vulnerabilities and expired certificates.

It also intends to launch a new domain fuzzing integration. This will attempt to find sites that use domain and typo squatting, and will identify phishing sites which target the customer’s brand.

Digital Shadows targets small and large enterprises alike. Typical buyers include CSOs, CTOs, CIOs, directors of security, security operations teams, as well as physical security, brand protection and data leakage teams.

Breaking The Fourth Wall

Perhaps the biggest strength of SearchLight is that it does the job of multiple products, but with the cost and management burden of just one. For overstretched IT departments, this is going to be a significant attraction.

It may be the case that vendors which focus on single tasks are best in breed. For example, MarkMonitor may provide better brand protection services. But SearchLight’s biggest strength is that it can offer a broader range of capabilities which will only enhance over time. With Digital Shadows having pulled off not one, but two successful funding rounds, and expanding its workforce to over 100 employees by end of year, this process may accelerate.

However, the threat intelligence space is a crowded one, and Digital Shadows are coming up against some entrenched incumbents, like iSight/FireEye, RecordedFuture, BitSight, Cyveillance/Looking Glass. For it to thrive, it will need to continually innovate and differentiate itself.

With Digital Shadows increasingly targeting the Global 1000 down to SMBs, it could benefit from segmenting its product, in order to be affordable to IT departments with lower budgets. This airline-style pricing model typically performs well for SaaS providers.