January 2017

RedOwl to Deliver Next-Generation Insider Risk Management Platform to BT Customers

  |   Portfolio News, The Latest
 

RedOwl Analytics, Inc.

 

January 18, 2017 01:00 ET

 

RedOwl to Deliver Next-Generation Insider Risk Management Platform to BT Customers

 

LONDON, UNITED KINGDOM and BALTIMORE, MD–(Marketwired – January 18, 2017) – RedOwl, the leading provider of insider risk management solutions, today announced a global agreement with BT, one of the world’s leading providers of communications services and solutions. The agreement enables BT to offer its customers the RedOwl analytics platform to uncover insider threats as well as meet compliance requirements for regulatory surveillance.

BT has been at the forefront of providing innovative IT products and services specifically tailored to the financial services market for more than 35 years. Its global customer base includes the world’s largest banks, brokers, insurance companies, mutual societies, investment managers and exchanges.

BT customers will be able to deploy RedOwl in two critical capacities:

  • Information security: Today, BT offers a choice of services that helps customers undertake a range of pre-emptive information security measures, with device management, identity, access management and infrastructure security within the BT Security portfolio. With RedOwl, BT customers will leverage market-leading behavioral analytics to build and optimize insider threat programs and address key issues such as IP and data loss, employee flight risk and compromised employees.
  • Regulatory compliance: With RedOwl, BT customers will have a holistic view of their regulated employees and will be able to incorporate sophisticated analytics to accurately identify insider trading, market manipulation, wall crossing, improper disclosure and flight risk to help detect and prevent potential regulatory violations. 

“Our customers are seeking to extend their information security and regulatory surveillance capabilities,” said Luke Beeson, BT’s vice president security, UK and global banking and financial markets. “RedOwl provides the insight and context that information security and compliance officers need to better identify unwanted behavior. We’re delighted that our customers can now benefit from this advanced analytics solution.”

RedOwl protects enterprises’ internal attack surfaces with better people oversight. Only RedOwl identifies the precursor activities leading to unwanted behaviour, including insider trading, sabotage, data theft, or flight risk by combining content analysis with behavioral analytics, based on their communications content and context, physical activity, digital activity, and transactions.

The RedOwl platform builds an in-depth narrative that identifies and distinguishes among malicious, compromised and negligent employees. By using RedOwl, risk management professionals reduce time to detection, time of investigation, and can evolve from a purely reactive risk management posture to a proactive one by looking for precursors of unwanted behavior. Ultimately, with RedOwl, security and compliance teams leverage technology to positively impact the corporate culture.

“RedOwl is delighted to join forces with BT, one of the world’s leading providers of technology to the financial services industry, to help organizations use analytics to accelerate security and compliance initiatives,” said Guy Filippelli, RedOwl CEO. “Our analytics platform helps financial service customers transform their compliance practices into a proactive and comprehensive discipline. In Information security, RedOwl is the system of record for insider threat programs to help identify and mitigate unwanted employee behavior.”

Together, BT and RedOwl will provide tremendous value to their customers’ compliance and information security ecosystem. The joint solution will be available immediately. BT customers have the freedom to consume the service on premise, in a private cloud or reap the benefits of BT’s Cloud of Clouds portfolio strategy.

  ‘Cloud of clouds’ is BT’s cloud services integration capability, giving customers a practical route into cloud computing that meets their needs for choice and flexibility, total security and someone who knows how to make it work together. More information here: www.bt.com/point-of-view.

About BT

BT’s purpose is to use the power of communications to make a better world. It is one of the world’s leading providers of communications services and solutions, serving customers in 180 countries. Its principal activities include the provision of networked IT services globally; local, national and international telecommunications services to its customers for use at home, at work and on the move; broadband, TV and internet products and services; and converged fixed-mobile products and services. BT consists of six customer-facing lines of business: Consumer, EE, Business and Public Sector, Global Services, Wholesale and Ventures, and Openreach.

For the year ended 31 March 2016, BT Group’s reported revenue was £19,042m with reported profit before taxation of £3,029m.

British Telecommunications plc (BT) is a wholly-owned subsidiary of BT Group plc and encompasses virtually all businesses and assets of the BT Group. BT Group plc is listed on stock exchanges in London and New York.

About RedOwl

The RedOwl insider risk management platform mitigates the threat of insiders for information security and regulatory surveillance teams. Our behavioral analytics platform integrates structured and unstructured data sources — unlike traditional tools — to provide holistic visibility of human risk across the enterprise. With offices in Baltimore, NYC, SF, and London, RedOwl’s investors include the Blackstone Group, Allegis Capital, and Conversion Capital.

Article found here: www.marketwired.com

Read More

Security and Privacy is Sometimes Suspect, but Growth of the Cloud Marches On

  |   Allegis News, The Latest

 

 

By Robert R. Ackerman Jr. | January 12, 2017

 

 

We increasingly hear that the most-discussed computing paradigm, cloud computing – especially the public cloud — is resuming its sharp rate of growth after a lull and poised to accelerate further. This is refreshing news in a world ever-more obsessed with security, underscoring that cloud purveyors are making progress in getting security right.

 

The attractions of cloud computing are obvious to those immersed in the enterprise computing arena. CIOs note that the cloud allows them to shift costs from capital budgets to operating budgets. Often, they can purchase only the resources they actually need. Cloud computing eases the process of adding or subtracting computing power on demand. And it better accommodates a mobile workforce and cutting-edge technology, such as user interface design.

But cloud computing must take additional steps to maximize privacy and security.

The belief is widespread that storing personal data, in particular, in the cloud might undermine its privacy. After all, companies that embrace the cloud lose direct control of their technology, abolishing a traditional security priority. This begs a question. Given the increasing perception of misuse of people’s digital information, is the price of cloud adoption – and the concomitant loss of proprietary security and privacy control — ultimately too high?

Happily, the answer is no. In some ways, the security offered by leading cloud vendors is superior to security at the typical corporate level. Still, cloud purveyors know they must do better still. One key step toward this end is the aggressive development of so-called homomorphic encryption, which some computer security experts have described as “the holy grail” of computer security. Customers must be vigilant, however, and invest the time to properly mitigate all security and privacy risks before and throughout cloud adoption. This is imperative not only to maximize security but to make CIOs and CISOs comfortable as they transition applications and data to the cloud.

Even though the cloud has been part of the IT arena for about 15 years, there are still lots of questions about how it works and how secure it really is. So corporate IT executives must make a point of garnering the information they need about physical security, the handling of security incidents, logs of security attacks, compliance, and backup and recovery, among other things.

How secure is the cloud? Potentially sensitive data is at risk from insider attacks, but competent cloud vendors are in a position to close that hole. And despite the explosion of high-profile cyber attacks costing major companies billions of dollars and loss of customer loyalty, a number of them didn’t directly penetrate the cloud or the data center. Rather, they compromised end points, such as end user laptops, payment terminals and myriad Internet of Things (IoT) devices. An improperly used device or inadequate protection is all it takes to open the door to a hacker.

Meanwhile, in the productivity-obsessed business world, companies continue to spend aggressively to move into cloud computing. According to Gartner, the growth rate of corporate spending on the cloud began rebounding last year – up 16 percent to more  than $200 billion globally —  after slowing in 2015 and has moved beyond application testing to cloud-based applications and platforms.

Another report by McKinsey & Co. projects that the biggest gains in cloud computing going forward will come from historically change-resistant large enterprises. Based on a survey of 800 CIOs and IT executives worldwide, 77 percent of companies in 2015 used traditional IT infrastructure as the chief environment for at least one workload. In 2018, that will drop to 43 percent, the survey says. Concurrently, companies using the public cloud will grow from 25 percent in 2015 to 37 percent in 2018.

Separately, the major cloud purveyors – Amazon Web Services, Google and Microsoft — have all been opening multiple data centers in Europe, not only to expand their market but also to satisfy security and privacy-oriented European companies that want to store information closer to home.

In another key cloud computing front – innovation – Amazon has just rolled out a new service to help protect customers against denial-of-service attacks. Far more significantly, major technology companies such as IBM and Microsoft and startups such as Fulton, Md., based Enveil are also working hard on the development of homomorphic encryption to push cloud computing privacy and security to a higher level. When enterprises need to process encrypted data today, it must first be decrypted, a major security vulnerability. Homomorphic encryption would allow data to remain encrypted while being processed, plugging this security hole.

None of this should suggest that cloud computing customers can be complacent. In weighing the transition to cloud computing, they must have a clear understanding of potential security risks and set realistic expectations with their cloud provider. Failure to ensure appropriate security and privacy protection when using cloud services can lead to higher costs and the potential loss of business, eliminating any benefits.

Potential risks that must be addressed by customers in the cloud transition process include:

  • Making sure that none of the components of security fall through the cracks. Responsibility over aspects of security may be split between the cloud provider and the customer. Failure to allocate responsibility clearly could create security holes.
  • Making sure that your cloud service provider conducts thorough background checks on employees with physical access to data center servers. Also affirm that data centers are frequently monitored for suspicious activity.
  • Making sure your cloud provider appropriately protects the privacy of data subject to the legal requirements of regulation, such as The Health Insurance Portability and Accountability Act (HIPAA).
  • Making sure the identity of users is established with certainty. Remember that cloud resources are accessed from anywhere on the Internet. Strong authentication and authorization are critical.
  • Making sure that the cloud provider has appropriate certifications in place. Customer efforts to achieve certification may be futile if the cloud provider cannot provide evidence of its own compliance with requirements. There can also be problems if the cloud provider doesn’t permit audits by the cloud customer.
  • Making sure security breaches are handled professionally. The detection, reporting and management of security breaches may be delegated to the cloud provider, but these incidents impact the customer. Negotiate notification rules so that you are promptly and fully informed of problems.
  • Lastly, bear in mind you are tied tightly to any particular cloud provider, for better or worse. Applications and data across providers is not easily portable. Because it is difficult to switch to another provider, do everything possible to choose the right one in the first place.

It is obvious that the cloud, coupled with mobile computing, means that the IT landscape reaches far beyond an organization’s premises. This creates new security holes, and the explosive growth of IoT devices further compounds the challenge each and every day. The good news is that these challenges are hardly insurmountable. Strict attention to key details is a cornerstone of cloud computing security.

 

 

Robert Ackerman Jr.    by Robert Ackerman Jr. | Founder and Managing Director, Allegis Capital

 

Article found here: www.rsaconference.com

Read More

Signifyd Signs On Chendong Zou, Previously at IBM and Rocket Fuel, as VP of Engineering to Amplify Machine Learning and Eliminate Fraud for E-Commerce Merchants

  |   Portfolio News, The Latest

 

SAN JOSE, Calif.–Signifyd, the fastest-growing provider of guaranteed fraud protection for e-commerce businesses, announced today the hiring of Chendong Zou, as its new Vice President of Engineering. This strategic addition comes just months after a $19 million round of Signifyd funding led by Amex Ventures, Menlo Ventures and TriplePoint Capital last September. For almost twenty years, Zou has used Artificial Intelligence, machine learning and big data science to empower businesses through automation and predictability. In his new role, Zou’s aim will be to further advance Signifyd’s machine learning technology which eliminates fraud losses for ecommerce merchants and is backed by a 100% financial guarantee. Zou earned his PhD in Computer Science from Northeastern University.

“His years of experience managing real-time machine learning and strategic integrations with market leaders will help scale our platform to meet the growing demands of our customers and partners.”

Prior to joining Signifyd, Zou served as the VP of Engineering at Rocket Fuel, a programmatic marketing company that uses AI and big data to precisely predict behaviors for each customer as their priorities and motivations change from moment to moment. Zou helped scale the team at Rocket Fuel through the company’s impressive IPO in 2013. In the early 2000s, Zou served as a Senior Technical Engineer for CrossWorlds Software, Inc that enabled businesses to integrate enterprise processes for their specific industry. After CrossWorlds was acquired by IBM for $129 million, Zou continued working on the architecture for WebSphere BPM for many years.

“I’m ecstatic to make the transition from adtech to the fraud prevention space and believe my experiences at Rocket Fuel and IBM will provide a fresh perspective on how disparate data from dynamic sources can be scaled in real-time to meet the needs of a rapidly growing customer base,” said Zou. “I look forward to scaling Signifyd’s engineering team and its infrastructure, as well as keeping Signifyd’s real-time machine learning ahead of fraudsters and any existing solution in the market.”

Signifyd’s confidence in its Engineering team and its real-time machine learning is demonstrated by its 100% financial guarantee against fraud for its customers. Far from the outdated score-reporting methods used by traditional fraud prevention companies, Signifyd provides an instant “Approve” or “Decline” decision for every order it evaluates. Signifyd serves over 5,000 ecommerce merchants, including Fortune 1000 retailers like Jet.com, Lacoste, and Peet’s Coffee & Tea.

“We are incredibly fortunate to have Chendong lead Signifyd’s mission to eliminate fraud losses for ecommerce merchants,” said Raj Ramanand CEO and co-founder of Signifyd. “His years of experience managing real-time machine learning and strategic integrations with market leaders will help scale our platform to meet the growing demands of our customers and partners.”

Signifyd is integrated with larger fraud prevention solutions, such as Accertify, to provide enterprise customers with flexible protection options from within their existing platform. Signifyd is also integrated with leading ecommerce platform Magento and ThreatMetrix® The Digital Identity Company™.

About Signifyd

Signifyd was founded on the belief that e-commerce businesses should be able to grow without fear of fraud. Signifyd solves the challenges that growing e-commerce businesses persistently face: billions of dollars lost in chargebacks, customer dissatisfaction from mistaken declines, and operational costs due to tedious, manual transaction investigation. Signifyd Guaranteed Payments protect online retailers against fraud and chargebacks with a 100% financial guarantee against fraud for every approved order. Signifyd’s full-service machine-learning engine automates fraud prevention allowing businesses to increase sales and open new markets while reducing risk. Signifyd is in use by multiple companies on the Fortune 1000 and Internet Retailer Top 500 list. Signifyd was recognized as one of the 50 most innovative Fintech companies of 2016 by Forbes and is headquartered in San Jose, CA. For more information, please visit www.signifyd.com.

Contacts

VSC for Signifyd
Kayla Abbassi
Senior Account Executive
kayla@vscpr.com

Article found here: www.businesswire.com

Read More

Security VCs Predict Rise In Managed Security Services In 2017

  |   Allegis News, The Latest

 

CRN | By Sarah Kuranda | January 3, 2017, 9:27 am EST

 

Security industry venture capitalists said the role of managed security service providers (MSSPs) will become more important as enterprise customers deal with a new host of security concerns.

“I see a continued significant expansion in the market for managed security services,” said Bob Ackerman, founder and managing director at Allegis Capital, a cybersecurity-dedicated venture capital firm that focuses on early-stage investments.

Driving that growth is an accelerating threat landscape, Ackerman said, which only a “small percentage” of businesses have the technical resources to handle, pushing them to turn to MSSPs.

Alberto Yepez, co-founder and managing director of Trident Cybersecurity, a fund of prominent VC firm Trident Capital that focuses on cybersecurity investments, said he sees the same trend. He said customers are recognizing that they need help and are becoming more and more willing to outsource their security, automation, and remote management to third-party companies, like MSSPs.

“This is a tremendous opportunity for the [managed security services] community,” Yepez said. “We’re seeing more and more companies that go after people that can help them deliver the solution-as-a-service. They will want the technology providers, but they want to make sure their resellers have the capability to offer their product-as-a-service and as a managed security service.”

Market confusion is also at play, Menlo Ventures Managing Director Venky Ganesan, said, as customers are inundated every day by new security solutions solving each aspect of the security problem. Customers are looking for “people with deep domain expertise” to help them navigate that landscape, he said.

The numbers show that trend is already starting to play out, with research firm MarketsandMarkets predicting the market for managed security services to grow to $35.5 billion by 2020, up from around $17.8 billion in 2015. For scale, MarketsandMarkets also predicts that the security industry overall, including all parts, will be $202.4 billion by 2021, up from $112.5 billion in 2016.

VCs expect to see a lot of growth and investment around the automation, orchestration and integration of managed security services. Those capabilities become more important as the number of vendors vying for a piece of a company’s security budget grows, and customers must implement new solutions in a way that can be managed, Allegis Capital’s Ackerman said.

“You will see more and more customers looking for more integrated solutions so they don’t have to parse all the bits and pieces and decide which they want and take responsibility for integrating them. They want fewer vendor offerings and more integrated solutions,” Ackerman said.

As managed security services grow in prominence, that market itself will begin to change, Trident Cybersecurity’s Yepez said. He said he expects to see a lot of acquisition in the MSSP space, both with other companies buying their way into managed security services and consolidation to create scale.

“It’s a great market. One thing I’ve learned is that security innovation doesn’t happen in the lab – security innovation comes from the new problems that customers are trying to solve … All these new technology platforms create new attack surfaces that need to be secured and then you need to integrate and automate them,” Yepez said. “I think managed security services will be a good market that will continue to evolve in the years to come.”

Article found here: www.crn.com

 

 

Read More

Trump Administration Needs To Set U.S. Cybersecurity Mandates

  |   Allegis News, The Latest

 

 

XCONOMY | By Robert R. Ackerman Jr. | January 4th, 2017

 

Robert R. Ackerman

Cybersecurity is the penultimate existential risk to the United States—economically, militarily, socially, and as we have seen recently, politically. The nature of cyber is asymmetric, and given the size of the U.S. economy, our reliance on intellectual property, and the leadership role the U.S. plays in the Community of Nations, we have a lot more to lose than we have to gain in the digital wars of cyberspace. We are target #1 for all comers.

While political rhetoric has been heating up around cybersecurity, for too long, there has been a lot more talk than concrete and substantive action from a public policy perspective.

The incoming administration needs to envision and enact a concerted initiative to ensure America is “cyber secure.” A well-rounded initiative would integrate:

1) Public policy requiring a flexible framework ensuring corporate responsibility, accountability and liability for their cybersecurity;

2) A national initiative, combining expertise and financial resources, to harden critical infrastructure with national economic and security implications—a national Cyber Works program;

3) Concerted support of cyber education at the high school and higher education levels to ensure a trained pool of talent to support our cybersecurity needs and efforts; and

4) A demonstrated ability to identify and respond to any and all cyber attacks targeting U.S. national interests. In essence, we need to create the cyber equivalent of a “Manhattan Project” to secure our welfare, safety, culture, and values in the uncontrolled and unmanaged domain of cyber space.

The key is that the Trump administration should set these requirements for accountability, and then let industry decide how to satisfy them. Government regulations tend to be broadly applied and inflexible—a problem in cyber, where flexibility is essential and there is no such thing as “one-size-fits-all.” So it’s best to give industry the freedom to figure out how to meet these government mandates.

Robert R. Ackerman, Jr. is the founder and managing director of Allegis Capital, a Palo Alto, CA-based early stage venture capital firm that specializes in cybersecurity.

Article found here: xconomy.com

Read More