Seed funding for Israeli cybersecurity startups has blossomed despite the economic downturn, and both deal volume and size have strengthened in 2022 as compared to 2021. The indefinite closing of the initial public offering market in spring 2022 caused late-stage investment to fall off a cliff.
Security researchers have demonstrated a practical attack that can be used to defeat biometric fingerprint checks and log into a target's Android - but not Apple - smartphone. Dubbed "BrutePrint," the brute force attack is inexpensive and practical to deploy at a large scale.
Huntress has completed a Series C round to expand beyond the endpoint protection market and bring managed security to identity and cloud. Hackers are increasingly going after employee accounts at SMBs and using the compromised identity to move into other systems via SSO, CEO Kyle Hanslovan said.
Humans continue to reuse simple passwords that criminals can access, and passwordless continues to be the way forward. Jeff Shiner, CEO of 1Password, said we're making progress toward the future of authentication - passkeys - and discussed when, why and how to adopt them.
Everyone needs to have a security-first mindset for identity because as much as it is a defender's shield, it is also an attacker's target, said Rohit Ghai, CEO at RSA. In fact, identities are the most attacked part of enterprises, yet too little energy is spent on monitoring them.
In the online world, knowing and trusting who you are interacting with has been a problem for decades. When it comes to assessing the state of identity verification, "we certainly have a lot of problems to address," according to identity expert Jeremy Grant of Venable.
While multifactor authentication helps solve some of the problems with passwords, we still need to get to being truly passwordless, said Susan Koski, PNC Financial Services. She said adopting the FIDO standards, using zero trust and relying on authentication analysis can all help speed the journey.
Thoma Bravo has agreed to spend $12 billion on three high-profile identity acquisitions to help with the transition from on-premises licenses to cloud-based subscriptions. Vendors in the space must expand their customer success organization and shift incentives for the salesforce, said Chip Virnig.
While the concept of zero trust has been around for years and has been adopted by the federal government, most small- and medium-sized businesses still don't know how to implement zero trust, said Chase Cunningham. But progress is being made - with a big focus on automation.
As COVID-19 made remote work more prevalent, managing identity through both network and remote capabilities became a challenge for organizations. Zero trust is a big initiative for the Center for Internet Security, but applying zero trust principles to its infrastructure has not been easy.
Identity is now the first line of attack, so how can enterprises minimize their attack surface? Identity threat detection and response is a newly recognized cybersecurity solutions category. Sean Deuby of Semperis discusses ITDR and how enterprises can best take advantage of it.
Diabetic patients who used a Medtronic smartphone app for managing insulin levels are being told that Google may have collected certain personal information through the sign-in infrastructure. The disclosure comes amid a wave of healthcare providers reassessing their use of third-party tools.
Hardware-based authentication vendor Yubico plans to go public at an $800 million valuation by merging with a special purpose acquisition company. The Swedish firm said becoming publicly traded will accelerate Yubico's push to enter adjacent authentication markets and land clients in new verticals.
Important lessons about security and risk management aren't being learned, remembered and applied by defenders amid organizations' rapid migration to the cloud, according to the finding that just 5% of security rules, on average, trigger 80% of all alerts, threat intelligence group Unit 42 warns.