Sumit Dhawan, CEO, Proofpoint

Proofpoint Snags Former VMware President Sumit Dhawan as CEO

Michael Novinson • November 28, 2023

Proofpoint landed top VMware lieutenant Sumit Dhawan as its new chief executive just days after the cloud and virtualization giant was acquired by Broadcom. The Silicon Valley-based email security firm said it liked Dhawan's track record of building security, cloud and end-user computing businesses.

ISC2 Cyber Workforce Study Says AI, Cloud Skills Are Needed

Latest

Security Information & Event Management (SIEM)

CrowdStrike SIEM Demand Rises Amid Cisco-Splunk, Legacy Woes

Michael Novinson • November 28, 2023

Discontent with legacy SIEM offerings and Cisco's proposed acquisition of Splunk has driven "a significant and pronounced increase in interest" in CrowdStrike's SIEM offering. It hit the $100 million ARR milestone last quarter thanks to LogScale's search speed, data gravity and cost efficiency.

Government

Second Front Raises $40M to Support More Classified Networks

Michael Novinson • November 28, 2023

A vendor focused on fast-tracking government access to commercial software closed its Series B funding round to support more classified and regulated environments. The $40 million will allow Second Front Systems to support additional bespoke networks in the U.S. Defense and National Security space.

Business Continuity Management / Disaster Recovery

Insights From Israel: Guy Shafir, WideOps

Tom Field • November 28, 2023

DDoS and other cyberattacks against media outlets and critical services are what Guy Shafir, CTO of Israeli tech vendor WideOps, has been dealing with since the start of the terrorist attacks in Israel on Oct. 7. Shafir shared details about the response to these intense attacks.

Cybercrime

Police Bust Suspected Ransomware Group Ringleader in Ukraine

Mihir Bagwe , Mathew J. Schwartz • November 28, 2023

Police have arrested a group of criminals in Ukraine, including their alleged ringleader, who they suspect launched ransomware attacks against organizations across 71 countries, amassing at least 1,800 victims, from which they demanded ransoms collectively worth hundreds of millions of dollars.

Security Operations

Mapping Access - and Attack - Paths in Active Directory

Steve King • November 28, 2023

A directory service should be a "source of truth," said Justin Kohler, vice president of products at Spector Ops. But when users are overprivileged or misconfigurations occur, that creates attack hubs. Kohler discusses BloodHound, a solution he says is like Google Maps for Active Directory.

Data Loss Prevention (DLP)

Zscaler Taps Generative AI to Measure Risk, Predict Breaches

Michael Novinson • November 27, 2023

Zscaler infused generative AI features into its data protection bundles and is introducing AI-powered products that quantify risk and predict breaches, said CEO Jay Chaudhry. The cloud security firm enhanced its data protection policies for AI/ML apps and tools to lower the likelihood of data loss.

Artificial Intelligence & Machine Learning

US, UK Cyber Agencies Spearhead Global AI Security Guidance

Akshaya Asokan , Chris Riotta • November 27, 2023

Nearly two dozen national cybersecurity organizations on Sunday urged AI developers to embrace "secure by design" and other preventive measures aimed at keeping hackers out from the mushrooming world of AI systems. The United Kingdom and United States spearheaded its development.

Artificial Intelligence & Machine Learning

How Biden's AI Executive Order Will Affect Healthcare

Marianne Kolbasuk McGee • November 27, 2023

President Joe Biden's recent executive order for artificial intelligence encourages investment in AI while setting a vision for a regulatory framework to address issues involving AI technology safety, bias and other concerns in healthcare, said attorney Wendell Bartnick of the law firm Reed Smith.

Application Security

ISMG Editors: Will Federal Budget Cuts Bite US Security?

Anna Delaney • November 24, 2023

In the latest weekly update, the former federal CISO, Grant Schneider, joins three editors at ISMG to discuss important cybersecurity issues, including advice for the next White House cyber director and liability concerns facing CISOs following SolarWinds and its CISO being accused of fraud.

3rd Party Risk Management

Getting a Tighter Grip on Vendor Security Risk in Healthcare

Marianne Kolbasuk McGee • November 24, 2023

Despite the high frequency of major health data breaches involving vendors, many healthcare sector entities remain lax in their approach to manage and reduce third-party security risk, said Glen Braden, CIO and principal of compliance auditing firm Attest Health Care Advisors.

Critical Infrastructure Security

Breach Roundup: Filipinos Under Fire From 'Mustang Panda'

Anviksha More • November 23, 2023

This week, Chinese-affiliated hackers targeted the Philippine government; Kansas courts confirmed data theft; officials warned of exploited flaws in Sophos, Oracle and Microsoft software; AutoZone disclosed a Clop ransomware attack; and Optus' CEO resigned after a network outage.

Blockchain & Cryptocurrency

Cryptohack Roundup: Heco Loses $87 Million to Hack Attack

Rashmi Ramesh • November 23, 2023

This week's cryptocurrency hack roundup features hackers stealing $87 million from Heco, Kronos reporting $25 million stolen via an API breach, regulators filing charges against Kraken, and feds charging three people with stealing $10 million and seizing $9 million tied to a pig-butchering scam.