Author: AllegisCap

CyberGRX and BitSight Partner to Deliver 360-Degree View of Third-Party Cyber Risk

  |   Portfolio News, The Latest

 

 

 

 

 

 

 

Strategic Partnership Embeds BitSight’s Market-Leading Security Ratings Capabilities into CyberGRX Third-Party Cyber Risk Exchange

 

DENVER & CAMBRIDGE, Mass.–(BUSINESS WIRE)–CyberGRX, the provider of the most comprehensive third-party cyber risk management platform, and BitSight, the Standard in Security Ratings, today announced a technology partnership to embed BitSight’s proprietary security rating capabilities within the CyberGRX Exchange, the world’s first marketplace for sharing third-party cyber risk security information.

 

Integrating BitSight’s objective, quantitative measurements of companies’ security performance into the CyberGRX Exchange provides a unique 360-degree view of third-party cyber risk. The combination of BitSight’s Security Ratings, generated through externally observable data, with CyberGRX’s validated third-party cyber risk assessments, allows customers to make more informed decisions and scale their third-party risk programs.

 

“BitSight is a leader of the security ratings market, and their ability to continuously rate the security performance of third parties from an outside-in perspective will strengthen the CyberGRX Exchange,” said Fred Kneip, CEO, CyberGRX. “Combining their proven non-intrusive approach to evaluating risk and security performance with the inside-out view our platform provides is a powerful proposition for customers: a comprehensive, continuous, 360-degree view of third-party cyber risk exposure.”

 

As digital ecosystems continue to expand, the number of vendors, partners, contractors and customers with access to a large enterprise’s network can easily run into the tens of thousands. According to research from Gartner, “By 2020, 75 percent of Fortune Global 500 companies will treat vendor risk management as a board-level initiative to mitigate brand and reputation risk.”1The integration between CyberGRX and BitSight enables customers to get the most comprehensive view of the real risk posed by their third parties.

 

“Enterprises today require access to accurate, continuous and actionable information about third-party cyber risk,” said Jacob Olcott, Vice President of Strategic Partnerships at BitSight. “CyberGRX helps to solve that problem for companies across the world, and our security ratings provide the unique, objective data that organizations need to scale their third-party risk programs and make more informed business decisions.”

 

For information on the CyberGRX Exchange, visit https://www.cybergrx.com/our-platform/. For information on BitSight Security Ratings for Vendor Risk Management, visit https://www.bitsighttech.com/security-ratings-vendor-risk-management.

 

About CyberGRX
CyberGRX provides enterprises and their third parties with the most cost-effective and scalable approach to third-party cyber risk management today. Built on the market’s first third-party cyber risk Exchange, the CyberGRX platform applies advanced analytics to eliminate waste and streamline the assessment process to help entire partner ecosystems effectively manage, monitor and mitigate risk. Based in Denver, CO, CyberGRX was designed with partners including ADP, Aetna, Blackstone and Mass Mutual, and is backed by Allegis Capital, Bessemer Venture Partners, Blackstone, ClearSky, GV (formerly Google Ventures), MassMutual Ventures, Rally Ventures and TenEleven Ventures. For more information, visit www.cybergrx.com or follow @CyberGRX on Twitter.

 

About BitSight
BitSight is transforming how companies manage information security risk with objective, verifiable and actionable Security Ratings. Founded in 2011, the company built its Security Ratings Platform to continuously analyze vast amounts of external data on security issues and behaviors in order to help organizations manage third party risk, underwrite cyber insurance policies, benchmark performance, conduct M&A due diligence and assess aggregate risk. Seven of the top 10 cyber insurers, 80 Fortune 500 companies, and 3 of the top 5 investment banks rely on BitSight to manage cyber risks. For more information, please visit www.bitsighttech.com, read our blog or follow @BitSight on Twitter.

Read More

After Equifax: Should Tech Entrepreneurs Design The Next-Gen Credit Agency?

  |   Uncategorized

 

 

 

Xconomy | By Bernadette Tansey | September 15, 2017

 

Personal financial data for as many as 143 million Americans, inadequately guarded by credit bureau Equifax and stolen by hackers, can never be sheltered again under an umbrella of privacy. Those victims could face dire consequences, such as raids on their bank accounts and identity theft, for the rest of their lives. The losses for Equifax shareholders have already reached into the billions. The company’s stock value plunged after it disclosed the huge breach on Sept. 7. By then, some Equifax executives had already sold their shares in the company. Equifax says it had discovered the cyber intrusion on July 29.

 

The Equifax hack—possibly resulting from a software vulnerability for which a patch was available two months before mid-May, when the company now says the cyberattack began—is also a watershed event that is eroding confidence in the overall credit reporting industry.

 

It has raised calls for increased regulation, not only on cybersecurity standards, but also on the core business model of credit bureaus. The security failure of Equifax, founded in 1899, may stimulate 21st century technologists to design new safeguards that would bolster Equifax and its two major competitors, TransUnion and Experian. But some tech innovators may also see opportunities to disrupt the dominance of the “big three” in an industry that dates back to the late 19th century.

 

“We’re operating with a legacy paradigm that just doesn’t scale to the digital economy,” says Robert Ackerman, founder and managing director of venture capital firm Allegis Capital, which concentrates on cybersecurity investments. “Equifax is going to start a lot of people thinking about solutions,” he says.

 

What would a new rival to Equifax look like? One response to that question came from Simon Peel, chief strategy officer at Alameda, CA-based Jitterbit, which helps banks and other customers adopt advanced technologies more quickly through the use of Application Programming Interfaces (APIs).

 

“A competitor to Equifax would integrate the current best-of-breed technologies, in fraud detection, security and analytics, while also ensuring that they are remaining agile as new and improved technologies are being developed—such as predictive analytics, deep learning and AI,” Peel says in an e-mail exchange with Xconomy.

 

Peel says financial institutions are already using technology to move well beyond the metrics often relied on by credit reporting agencies to help lenders assess risks—that is, borrowers’ payment histories for loans and credit card debt. He points to the 2016 annual report by JPMorgan Chase, in which the bank described its use of a machine learning tool called COiN, which analyzed “12,000 annual commercial credit agreements in seconds compared with as many as 360,000 hours per year under manual review.”

 

Cybersecurity innovations are top of mind for Ackerman in the wake of the Equifax breach—not surprising, given his firm’s focus. But Ackerman also identified other pain points that entrepreneurs, as well as governments, could evaluate as they look to improve the credit reporting industry.

 

Decentralizing data
Hackers may have been able to abscond with their massive data trove more easily if Equifax was keeping the personal information of millions of people in a central repository, Ackerman says. “It is folly to collect everything and put it together,” he says. The idea of maintaining a complete set of valuable data in one hardened silo may seem more secure, but distributed data storage would limit the haul for each hack, he says. As it is, criminals may now be in possession of the Social Security numbers, dates of birth, credit card numbers, and drivers license numbers of millions of Americans.

 

Regardless of the storage strategy, a business model that calls for assembling all that consumer data under the control of one company is asking for trouble, two University of Houston computer science professors write in a commentary this week for The Hill.

 

“What Equifax and others have done in concentrating massive quantities of personal data simply is not desirable in our time of cyber insecurity,” according to the commentary’s authors, professors Wm. Arthur Conklin, director of the university’s Center for Information Security Research and Education, and Christopher Bronk, the associate director of the center. “Private firms and government agencies that maintain such data stores need to be regulated concerning protection and isolation of the data.”

 

Encryption
All of that sensitive data held by credit reporting agencies should be encrypted, wherever it’s stored, Ackerman says. Hackers may inevitably get into any data cache, but companies can make it less useable for them by encrypting it. IBM and other companies are working on methods to encrypt data even when it’s in use, he says. That could be a key improvement for the credit reporting industry, he says.

 

“If I were building a company in that space, that’s where I’d be going,” Ackerman says.

 

Open source software
Equifax says hackers were able to overcome the company’s defenses by taking advantage of a vulnerability called Apache Struts CVE-2017-5638. Even if that vulnerability in open source software was the gateway for the breach, it’s no excuse for Equifax, Ackerman says. Users of open source software must constantly probe and validate it, using a variety of methods such as code scanners, white hat hackers, and diligent adoption of security patches when they’re released. According to a story by Ars Technica, a patch was available to fix the software flaw in March, two months before the time period in May when Equifax says the breach began.

 

Monitoring of company systems for security breachesAckerman says the hackers may have been operating inside Equifax’s defense perimeters for a longer period than the company has acknowledged. Companies holding that much sensitive data should be vigilantly monitoring the data leaving the network to detect the exfiltration of information by cybercriminals, he says.

 

Social Security numbers
A fundamental weakness in the U.S. financial services system is the widespread use of Social Security numbers as a means to identify customers, Ackerman says. Those numbers were originally intended to be used only for communications about government benefits, not as an identifier demanded by private vendors, such as utilities and credit card companies, he says.
“The fact that we’ve allowed people to use it as a national identity is a tragedy,” Ackerman says. Unlike account numbers, Social Security numbers can’t be easily changed once they’ve been stolen.

 

Authentication
Now that criminals may hold the Social Security numbers of more than 44 percent of the U.S. population, lenders will be much less certain that a person who can provide a valid number is the real owner of that identity. Millions of spoofed identities could be created based on filched Social Security numbers, Ackerman says.

 

“What we clearly need is a much more rigorous regime of identity authentication,” Ackerman says. Technology could help with that, by creating methods of authentication that can scale to an almost unlimited number of factors without slowing transactions, he says. Novel authentication factors made possible by technology include the location where a user logs into an account; the angle at which a cell phone is held; the user’s thumb pressure; and a customer’s walking gait, Ackerman says.

 

Jitterbit’s Peel says smartphones themselves provide the means for verifying the identities of their users.

 

“Two-factor authentication simply sends an SMS message containing a password to the mobile phone that is on record for that person at the credit agencies,” Peel says. “With the iPhone 6, 7 or 8 it would be simply a matter of putting your thumb on the fingerprint reader. With the newly announced iPhone X it could be as simple as holding up the phone to your face and using your face as the password to prove your identity.”

 

Such technology solutions can produce good outcomes, but they can also lead to some of the downsides consumers now resent about traditional credit agencies, says professor R.A. Farrokhnia, a member of Columbia University’s business and engineering faculty, and executive director of Advanced Projects and Applied Research in Fintech at Columbia.

 

Just as the credit agencies sweep up our financial information without our permission, new technologies can monitor personal behaviors such as our Internet search histories, which have also been proposed as possible indicators of creditworthiness—or a lack of it, Farrokhnia says.

 

Government response
Ackerman sees regulatory actions by governments as one of the important ingredients in re-engineering the credit reporting industry for the 21st century. That also goes for other sectors responsible for safeguarding the valuable data of individuals, in his book. He admires the EU General Data Protection Regulation (GDPR) data privacy scheme that will be enforced starting in May 2018. It will impose substantial penalties on companies that fail to safeguard the data of EU residents, no matter where the company is located.

 

Multiple functions of credit bureaus
Ackerman and others see problems worth solving due to the array of different roles filled by credit bureaus. The primary function of the agencies is to help banks and other lenders to determine whether a borrower is creditworthy; these entities report back to the credit bureau on each consumer’s track record of repayment.

 

The credit agencies also offer services to consumers, by helping them correct inaccuracies in their credit reports. But Ackerman sees these efforts as half-hearted.

 

“Their interest in our privacy and security and accuracy of information is lip service,” Ackerman says. “They care only if (an inaccuracy) reduces the value of information they’re selling. They collect your information without your permission, and they only work with you in response to regulatory pressure.”

 

As an investor, Ackerman says he’s been talking to colleagues for some years now about possible business models for an independent company that would protect consumer privacy and identity.

 

“I think there’s an opportunity,” he says. “More than an opportunity; there’s a need.”

 

University of Houston professors Conklin and Bronk think regulators should peel away another of the multiple functions of the credit bureaus: they sell the sensitive financial information of consumers to marketers.

 

“Lawmakers should consider investigating and possibly banning data brokering by the credit bureaus,” the professors suggest. “It is one thing for credit bureaus to inform lending establishments of consumer creditworthiness, but another for them to serve as behind the scenes marketing intelligence firms. So long as these companies cannot protect their data resources, they will harm U.S. consumers, financial institutions, and government through the countless cases of identity theft that incidents like the Equifax breach enable.”

 

Currently, U.S. government regulations applying to credit agencies are scanty, as detailed by the New York Times.

 

Farrokhnia, the fintech expert at Columbia, says the chance of a U.S. regulatory overhaul of the credit reporting industry may be slim, given the many distractions on the political scene and the current administration’s inclination to reduce regulation rather than expand it. Even so, the Federal Trade Commission has announced that it is investigating the Equifax hack, Reuters reported. Pressure is coming from other government sources, including investigations and lawsuits by state attorneys general. Class action law firms are lining up to sue Equifax on behalf of consumers.

 

Equifax’s management of the crisis is adding to public outrage. It delayed announcing the cyberattack after discovering it, and during that delay, company executives sold some of their share holdings. Equifax offered consumers free credit monitoring for a year, but at first made it a condition that they give up their right to sue the company for damages due to the data breach. Equifax later removed that condition under pressure.

 

The fallout from the huge breach could end up imposing substantial costs not only on Equifax, but also on most businesses, according to a report by the financial institution UBS.

 

“Major high profile attacks involving consumer data, like this Equifax incident, tend to lead to reevaluation of industry wide security practices and the architecture of digital security,” according to the UBS report. The result could be higher spending not only on cybersecurity measures, but also on insurance to cover the potentially devastating financial impact of a cyberattack, UBS stated. Citing a Gartner report, UBS says global cybersecurity spending could grow to $170 billion by 2020.

 

“I can tell you, the cybersecurity budgets for Experian and TransUnion are now unlimited,” Ackerman says.

 

Find article here: www.xconomy.com

Read More

Cybersecurity Automation is Coming to the Rescue

  |   Uncategorized

 

 

 

RSA Conference | By Bob Ackerman | September 7, 2017

 

Every now and then, it may seem as though the explosive growth of increasingly sophisticated, novel and successful cyberattacks is overwhelming. Who can keep up and fend off the attacks? Certainly not the federal government, and certainly not most major corporations.

 

Further undermining a strong defensive posture is the swelling shortage of cybersecurity specialists– more than 1 million globally today, according to multiple cyber experts, and a number expected to nearly double by 2021.

 

Is there any light at all at the end of the tunnel?

 

Fortunately, there is. Organizations are turning to automation and analytics to aid cyber specialists and, increasingly, to “force multiply” the effective size of cyber staffs. Automation can help spot attacks before they begin and save time for IT staffers, enabling them to focus on other tasks. Already, automation is accomplishing faster detection and remediation of cyber threats, courtesy of emerging providers that leverage advanced technologies, including user behavioral analytics, machine learning and real-time, automated remediation.

 

Cybersecurity automation was predictable

 

This development should come as no surprise. Look around and you see automation everywhere – in, among other areas, manufacturing, finance, marketing, transportation and in social networking. Even cars – i.e., autonomous vehicles – are becoming automated.

 

All forms of successful automation substantially improve efficiency. How this is accomplished depends on the specifics of different industries. In the case of cybersecurity, the role of automation boils down to better and far faster management of complexity. Bigger networks, mobile devices and multiple cloud services are making the workload for IT teams unmanageable. This becomes a crisis during a cyberattacks, when time is of the essence.

 

When a data breach occurs, organizations must respond immediately. Credentials are compromised in minutes, and typically most of an organization’s critical data or intellectual property is lost within the first day. Verizon’s 2016 Data Breach Investigation Report highlights this sad realty. It found that 82% of organizations surveyed said that a compromise took only minutes to infiltrate company systems, and 68% said associated data was breached within days.

 

Threat detection must be rapid

 

The obvious upshot is that a threat detection solution that cannot detect and remediate threats in near real-time is of little use. This is where cybersecurity automation enters the picture. It doesn’t replace cyber specialists. Rather, it massively extends their reach.

 

A good automated cybersecurity system detects an alert immediately and assesses it for legitimacy and severity. Real threats are prioritized and steps are taken to address the problem. If the incident can be resolved automatically, without the need for human input, it will be.

 

Typically, customizable and scalable automated incident response “playbooks” are built and deployed. Their development is usually based on real-life scenarios and actual incidents, enhancing their effectiveness in detecting and resolving legitimate incidents quickly. Automated incident response helps substantially reduce the time it takes to resolve an issue from weeks and sometimes months to hours and sometimes even minutes.

 

As such, a cyber breach that slips through the cracks can often be isolated and nullified before it has time to wreak havoc. This is a rarity for an IT staff without the aid of automation, which all too often finds itself weeding through scores of potential threats while the one truly dangerous incident busts through the defensive perimeter. In addition, automated incident response can also be used for protection 24/7.

 

Not all players in cybersecurity automation are young companies. Microsoft, for example, recently bought U.S.-Israeli artificial intelligence cybersecurity firm Hematite, reportedly for $100 million. More common, however, is activity among startups and in academia.

 

Carnegie Mellon and cyber automation

 

Carnegie Mellon University, for instance, has employed the attributes of web servers, such as the software they use, as variables to predict how likely a server is to be hacked. A model developed by researchers there successfully predicted 66% of future attacks.

 

In addition, software vendors are stepping into the breach and employing software and modeling approaches applicable to cyberattack behavior, stemming from efforts to identify credit card fraud. Both are a form of anomaly detection and can be unusually speedy and highly effective.

 

None of this should suggest that cybersecurity automation is a panacea. It still produces too many false positives and false negatives and misses some intrusions altogether. And some cyber pros are uncomfortable with it, fearing it could cost them their jobs. The latter, at least, is an unfounded concern. Humans are still best at identifying previously unknown threats. Cybersecurity automation must be woven into the fabric of a team; it is not a stand-alone solution and probably never will be.

Cybersecurity automation inevitable

 

In any case, there is really no alternative but to embrace automation. Statista, a statistics portal, estimates there were 23 billion connected devices in 2016 – a number that it adds will grow to 50 billion by 2020, reflecting an avalanche of Internet of Things (IoT) devices. In addition, there is an urgent need to reduce the time it takes to spot and contain organizational breaches – commonly 200 days-plus to spot them and another 69 days to contain them, according to Ponemon Institute. The longer the timeframe, typically the worse the financial consequences.

 

Not far away will be the application of artificial intelligence to automation. Human analysts, however, will go nowhere. They know their own environment, and they have intuition about how their system operates, making it relatively easy to distinguish between what is normal and what is questionable. Humans are also good at quickly adapting to rapidly changing conditions and, unlike software, are usually good communicators.

 

What humans cannot do, of course, is scale, and they often make mistakes. They are relatively slow, too. This is why they need to team up with cutting-edge software. The best cybersecurity systems are a union of analyst and machine.

 

 

Find Article Here: www.rsaconference.com 

Read More

Reddit Teams with Lucidworks to Build New Search Framework

  |   Allegis News, Portfolio News, The Latest

 

 

 

 

 

 

TechCrunch | By Ron Miller | September 7, 2017

 

Reddit revealed today that it has teamed with Lucidworks to provide a long-needed, modern search tool for the immensely popular online discussion platform.

 

When you face the kind of scale that Reddit does with over 300 million monthly active users generating 5 million comments and a staggering 40 million searches every day across a more than a million communities, it’s a daunting task to find a search tool to handle that kind of volume.

 

The challenge with Reddit extends beyond indexing these massive numbers. They also have to deal with wide variety of content with text, gifs, images and video by the score. While part of the goal was to improve traditional search functionality and deliver more relevant results, perhaps even more critically, they wanted a tool to help users surface the subjects that interest them without having to explicitly state it in the search box, Nick Caldwell, VP of engineering at Reddit explained.

 

“I think that people who come to any site, and Reddit in particular, prefer an experience where they don’t have to do manual keyword entry, but want a continuous stream of interesting content,” he said.

 

Reddit’s search engine had actually been notoriously bad and Caldwell made upgrading it a priority. “One of the things I wanted to do when I started at Reddit, was I wanted to fix [search]. People have been complaining about it for five years,” he said.

 

Part of the issue up to that point wasn’t a lack of desire to improve the search experience. Everyone understood the issue, but finding the time to update it was another matter. When Caldwell came on board, Reddit had a small team of 40 engineers, whose primary job was keeping a site of this size and scope up and running.

 

Caldwell said that the company went with the Lucidworks Fusion platform because it had the right combination of technology and the ability to augment his engineering team, while helping search to continually evolve on Reddit. Buying a tool was only part of the solution though. Reddit also needed to hire a group of engineers with what Caldwell called “world class search and relevance engineering expertise.” To that end, he has set up a 30-person engineering search team devoted to maximizing the potential of the new search platform.

 

Lucidworks is built on the open source search tool, Apache Solr, but company CEO Will Hayes says the commercial product has been built to scale to Reddit-like proportions. “Solr is the core engine. We still heavily contribute to the open source project, but we put a lot of focus on how people consume data,” Hayes explained.

 

The means working in a streaming fashion to span billions of records in near real time, while using analytics and machine learning to understand the underlying data and deliver more relevant results and content to Reddit users.

 

Today’s search update is part of Reddit’s wider campaign to update the site’s look and feel, which became an organizational priority after the site’s two founders returned to the company — with Alexis Ohanian coming back in 2014 and Steve Huffman in 2015.

 

“With Steve and Alexis coming back, they brought to table that the site should be more welcoming and engaging than it has been in the past. It took the leadership of Steve and Alexis to see that the content we have is really a gold mine, and we have to find a way to present it to users to unlock that potential,” he said.

 

While Lucidworks remains an active partner in the project, Caldwell hopes his team will be able to take over by the end of the year. He says the ultimate goal is a tool that is not only more relevant, but looks better and is more engaging.

 

Find article here: www.techcrunch.com

Read More

Forcepoint Acquires RedOwl, Extends Global Human-Centric Security Leadership

  |   Allegis News, Portfolio News, The Latest

 

 

 

 

 

 

PR Newswire | August 28, 2017

 

Integration of RedOwl UEBA with Forcepoint technology delivers holistic view of cyber behaviors to identify and address enterprise risk in real-time

 

AUSTIN, TexasAug. 28, 2017 /PRNewswire/ — Global cybersecurity leader Forcepoint today announced the acquisition of RedOwl, the leader in security analytics focused on helping customers understand and manage human risk. This latest milestone in Forcepoint’s strategy arms customers with cybersecurity systems designed for the reality of today’s threats.

 Forcepoint’s human point strategy views people – rather than technology infrastructure – as the focal point for cybersecurity. Cloud, mobility and ever-changing infrastructure makes the traditional perimeter a fallacy; by focusing on how, when, where and why people interact with critical data and IP, organizations can more effectively identify and address risk.

 

“The world has fundamentally changed and the way we think about security must change, as well. If the cybersecurity industry fails to put people at the center, it is certain to fall short in helping customers protect their most vital assets,” said Matthew P. Moynahan, chief executive officer of Forcepoint. “Forcepoint is absolutely committed to empowering customers with human-centric security systems, and RedOwl fits squarely into this promise.”

 

RedOwl’s user and entity behavior analytics (UEBA) technology is ideally suited for this human-first approach to addressing security and regulatory use cases. Since 2011, the company has focused specifically on delivering capabilities that provide visibility into the holistic activities of people, including cyber, physical and financial. Customers deploy these capabilities to analyze large amounts of complex data, assess high-risk events and behaviors, and enact centralized and supervisory oversight to satisfy both security and regulatory requirements.

 

“As I’ve watched Forcepoint’s story unfold, it is clear we share the view that a human-first approach must be the path to addressing cybersecurity and internal risk,” said Guy Filippelli, chief executive officer at RedOwl. “The opportunity to deliver a holistic solution around proactive human oversight is exciting; joining Forcepoint will accelerate our ability to deliver these important capabilities to our customers. We’re thrilled to become a part of the Forcepoint team.”

 

RedOwl brings a sophisticated analytics platform to Forcepoint’s human-centric cybersecurity system and will be integrated across the company’s portfolio, as well as with customers’ existing technologies (e.g., SIEM). This platform delivers real-time insight into anomalous interactions and access across people, data, devices and applications.  In addition, the combination of RedOwl’s, Forcepoint DLP and Forcepoint Insider Threat will provide the industry’s only comprehensive solution for understanding and responding to the behaviors and intent of people.

 

“Combining the deep collection capabilities of Forcepoint Insider Threat, the powerful analytics of RedOwl’s technology and the risk mitigation of DLP creates a system capable of protecting critical business data and IP like no other,” said Heath Thompson, senior vice president and general manager of the Data and Insider Threat Security business at Forcepoint. “Context is everything and we look forward to helping customers differentiate between carelessness, compromise and malice in the most efficient way possible.”

 

RedOwl technology and employees are joining the Forcepoint team as part of the Data and Insider Threat Security business reporting to Thompson.

 

Find Article Here: www.prnewswire.com

Read More

You Have to Know Plenty To Pursue a Cybersecurity Career – But Not Nearly Everything

  |   The Latest

 

 

 

RSA Conference | By Robert R. Ackerman Jr. | August 21, 2017

 

Ask a cybersecurity firm or a big financial services company with a huge cybersecurity staff what they’re looking for in new cybersecurity talent, and they will tick off their requirements in rapid-fire succession, barely stopping to take a breath.

 

They want somebody with a bachelor’s degree in computer programming, computer science or computer engineering. They also want to see an academic background replete with courses in statistics and math. They want cybersecurity certifications as well, and, of course, experience in specialties plagued by staffing shortages, such as intrusion detection, secure software development and network monitoring.

 

Sound too demanding, especially if you’re relatively fresh out of school? Don’t despair.

 

This is more like a wish list than actual requirements because there is an enormous shortage of cyber talent, estimated to reach two million positions globally in 2019.

 

What Would-Be Cyber Pros Need To Do

 

What is really needed to get in the door is training at a cyber boot camp or a two-year associate’s degree in cybersecurity from a community college, a background in IT, and a demonstrated interest in and some knowledge of cybersecurity fundamentals. People with backgrounds as programmers, systems administrators and certified network engineers are particularly strong candidates. More important, however, is that you have — and can demonstrate — a passion for learning and strong research instincts.

 

What, exactly, is a cybersecurity specialist?

 

He or she works with organizations to keep their computer information systems secure. They determine who requires access to which information, and then plan, coordinate and implement information security programs. They also use their expertise and up-to-date knowledge to help protect against web threats that facilitate cybercrime, including malware, phishing, viruses, denial-of-service attacks and hacking. And, too, they troubleshoot company-wide security threats and implement creative solutions.

 

Cyber jobs are pretty much all over the place, in, among other places, government agencies, military contracting firms, IT services companies, the armed forces, professional services firms, financial institutions and cybersecurity consulting firms. There are also a growing number of industry-specific cybersecurity specialties, such as security work in the development of autonomous vehicles, sadly reflecting that motivations to hack self-driving cars are almost limitless.

 

Even Ambitious Novices Have a Shot

 

If you don’t have a competitive background but still want to break into cybersecurity, this, too, is doable. The answer is to attend a cyber boot camp, albeit it can be expensive, or to enroll in a two-year associate’s degree program being offered by a growing number of community colleges.

 

Cyber boot camps are intensive programs that accept non-programmers, train them in key skills and help them land jobs. In Denver, for example, Securest Academy has graduated a number of cyber pros and placed all of them in respectable cybersecurity jobs, helped by its partnerships with top security employers. Other boot camps include Evolve Security Academy in Chicago, and Open Cloud Academy in San Antonio.

 

A hybrid between a boot camp and community college program is the City Colleges of Chicago (CCC), which recently became the first community college system in the country to partner with the Department of Defense on a new free cybersecurity training program for active military service members and civilians. This effort is modeled after an intensive six-month cybersecurity boot camp tested with government personnel at Fort McNair in Washington D.C. The program has been initially funded by $1 million from the City of Chicago and $500,000 from the Defense Department.

 

Another, perhaps better start to a path in a cybersecurity career is attendance at a community college. Community colleges with two-year cybersecurity degree programs include Anne Arundel Community College in Baltimore, Herkimer County Community College in Herkimer, N.Y., Thomas Nelson Community College in Hampton, Va., Umpqua Community College in Roseburg, Oregon, Clark State Community College in Springfield, Ohio, and River Valley Community College in different cities in New Hampshire.  Still others are Northern Virginia Community in different cities in northern Virginia, and Tidewater Community College in different cities in southern Virginia.

 

Cybersecurity Jobs

 

Most starting positions in cybersecurity are for security analysts, who plan and activate computer system security measures. Once a cyber specialist gains more experience and expertise and earns a certification or two, such as a CISSP (Certified Information Systems Security Professional), he or she can aspire to focus on more advanced cyber specialties.

 

These include:

 

  • Intrusion detection. Experts in this area search for potentially harmful activity that could undermine the confidentiality, integrity or availability of information.
  • Secure software development. Most data breaches are successful because of vulnerabilities or flaws in software code. Specialists in this area patch code on a routine basis.
  • Cloud security. Cloud security specialists analyze threats particular to cloud security. Dangers include data breaches, system vulnerability exploits, hijacked accounts, inadequate diligence and malicious insiders.
  • Network monitoring. This requires professionals who know what they’re looking for in networks and can make decisions rapidly when suspicious behavior is detected. They work in concert with advanced network monitoring apps.
  • Risk mitigation. This entails tracking security risks that have been identified, discovering new risks, and tracking risk throughout select projects. This position also involves brainstorming what might happen if there is a breach.
  • Data security. This has become a common job as organizations move to cloud computing. The job of data security pros is to protect company information from threats.

 

 

Regardless of specialty, cybersecurity pros need valuable soft skills. These include:

 

  • Strength in research and writing. To establish sound policies, cybersecurity staff must be equipped to conduct exhaustive research into industry best practices and work with end users to understand how they use technology on a daily basis. They must then synthesize these insights into a thoughtful policy.
  • It’s essential for cybersecurity specialists to know how to navigate projects and difficult conversations with a wide array of people, ranging from the CIO to end users and vendors. Security pros must be friendly, patient and open-minded.
  • A teacher’s disposition. Cyber pros must be able to educate their colleagues about safe technology habits. They must also instill awareness about the risks of poor IT hygiene.
  • A passion for learning. Cyber pros need to be lifelong students as much as teachers because the IT threat landscape is constantly changing. Cyber pros must be proactive, always exploring for ways to get ahead of tomorrow’s biggest challenges.
  • A consultative mindset. Cyber pros must think like a consultant. Every company of any size has different constituencies. Cybersecurity experts need to be able to look at the big picture and ask the right questions of colleagues and senior management to solve cybersecurity issues. They should also understand how their work impacts the bottom line.

 

The Future of Cyber Teams

 

What about cybersecurity teams of the future? What will they look like?

 

The staffing of teams is likely to evolve with fewer generalists and more cybersecurity domain experts. In particular, it will be important to deeply understand how previously “siloed” security concepts and domains evolve into a horizontal structure. This will require cyber experts from different areas of the business working together cohesively.

 

Cybersecurity teams will also adopt more geographic diversity as the talent shortage persists.

 

It’s obvious that the search for qualified cybersecurity talent will remain a priority indefinitely. Companies, consulting firms and government agencies already know this. They are also slowly learning they have to be somewhat flexible about the cybersecurity professionals they hire. They will have to speed the pace because the deluge of increasingly sophisticated cyberattacks will not stop. Let’s face it: The protectors of data need all the help they can get.

 

Find Article here: www.rsaconference.com

Read More

Changing the security landscape for entrepreneurs

  |   Allegis News, The Latest

 

 

 

 

 

 

TechCrunch | By Robert R. Ackerman, Jr. | August 17, 2017

 

Throughout the course of human history, disruptive innovation has been required to unleash higher tiers of human potential. Think of Gutenberg and movable type, Edison and electricity or Berners-Lee and the World Wide Web.

 

We are in need of another such breakthrough today. Cloud computing and the Internet of Things (IoT) embody vast promise for advancing civilization. But they also have given rise to seemingly intractable security exposure, including nation-state rifts, not to mention profound quandaries about the erosion of individual privacy.

 

The good news is that a new technological advance could unleash the full promise of cloud computing and put IoT on the verge of everyday use by U.S. intelligence agencies and in the private sector. This advance — two decades in the making — is called “homomorphic encryption,” and it allows data to be queried and analyzed without decrypting it.

 

Homomorphic encryption: Smashing through a technology barrier

 

“Homomorphic encryption is the Holy Grail of encryption,” says Ellison Anne Williams, a math PhD, former NSA senior researcher and co-founder and CEO of ENVEIL, a security startup that has fine-tuned a homomorphic encryption system for commercial use.

 

The explosive growth of cloud computing makes this crucial. Amazon EC2, Google Cloud and Microsoft Azure have made cloud storage and processing services a major enabler of digital commerce. An enterprise that uses one of these services is effectively extending the boundary of their trusted enterprise compute environment, owned and managed by them, to an untrusted location owned and managed by a third party.

 

The problem is that there is a security gap in cloud services today. Companies routinely encrypt data kept in storage and make certain only encrypted data is transported to and from cloud storage facilities. But in order to act on this data — to, say, do a simple search or perform an analytic — both the query and the stored data must be decrypted. This creates an opportunity for an alert intruder lurking on the network to steal the data in unencrypted form.

 

The genesis of homomorphic encryption

 

Threat actors are acutely aware of this “Achilles’ heel” of cloud computing and are salivating to exploit it. We know this because business networks routinely falter and briefly expose decrypted data. When this happens, security analysts at large enterprises pay close attention. In a few cases recently, network intruders have been detected doing much the same type of reconnaissance of a company’s crown jewels.

 

The current roots of homomorphic encryption date back to 2008, when IBM researcher Craig Gentry came up with a way to perform mathematical operations on encrypted data without first needing to decrypt the data — the first working example of homomorphic encryption.

 

Trouble was, it took gargantuan computing power to make Gentry’s rudimentary prototype work. Steady progress was made over time by others, however, and today we are finally on the threshold of seeing homomorphic encryption deployed in daily business use.

 

Speaking recently at the Billington Cybersecurity Summit in Washington, Jason Matheny, director of the government’s Intelligence Advanced Research Projects Activity (IARPA), told attendees it has taken “math magic” for this technology to arrive at this point. IARPA is in the late phase of developing a database query system based on homomorphic encryption.

 

Homomorphic encryption creates new investigative opportunities

 

The embrace of homomorphic encryption is powerful. For example, authorities, acting on evidence, will be able to search travel and financial records or telephone and email logs, while, say, hot on the trail of a terrorist. And they will be able to do so without ever exposing the underlying data — personal information that belongs to the wider citizenry, muting the possibility of abusing power.

 

Computer processing power, of course, has advanced steadily since IBM’s Gentry produced his prototype. But it is really the collective brainpower of a group of math geniuses who followed him that brought us to the point we are at today. Driving efforts within the federal government and in private research labs at places like IBM and Microsoft, these highly insightful experts have been pushing the envelope.

 

Last year, Microsoft researchers smashed a homomorphic encryption speed barrier. While there is still work to be done, Kristin Lauter, a principal research manager at Microsoft, has said that initial results look very promising and that the technology could be used, for example, on specialized devices for medical or financial predictions. “We are definitely going toward making it available to customers and the community,” she told The Register, a British technology news website.

 

IBM also continues to make progress. It has been granted a patent, for instance, on a particular homomorphic encryption method. This is a strong hint that it continues to work toward a practical solution, not simply continued pursuit of theoretical research. Meanwhile, ENVEIL’s Williams, who spent years at the NSA chiseling away at a practical version of homomorphic encryption, now has 10 pending customers analyzing its proof of concept.

 

Heightened innovation and commercial disruption will occur

 

It is in the commercial arena, in particular, where homomorphic encryption is destined to be truly disruptive. To start with, it shrinks the attack surface for organizations increasingly dependent on cloud services. That alone will make compliance much easier, both in meeting data handling rules and, for governments, enforcing them. Neither is a small feat. Meeting federal rules for the handling of medical and financial records or the handling of transaction data is significantly easier for companies with well-defended networks.

 

Meanwhile, regulatory pressure to better protect data is intensifying. There is a rising tide of state-imposed data security rules, such as those recently enacted in New York, Massachusetts, Vermont and Colorado. In addition, there is Europe’s pending new General Data Protection Regulation, one replete with exhaustive data protection requirements and onerous penalties if they are not met.

 

A key byproduct of the elimination of the unencrypted security gap will be heightened innovation, and at an important juncture. Consider, for example, the oceans of sensitive personal information that will be collected as IoT continues to grow. Analysts will be far more inclined to gather this broad expanse of data if they know it will be protected properly. They are keenly aware of a personal privacy line that must not be crossed in mining IoT data for marketing purposes, lest consumers revolt.

 

Beyond consumerism, opportunities to enhance the world of medicine could open up with the embrace of homomorphic encryption. Imagine, for example, medical researchers being able to query millions of HIPAA-protected patient records to identify disease trends by demographics and geographic location. We could enter a golden age of medical advances.

 

No doubt, other amazing developments are sure to spin out of the mainstreaming of homomorphic encryption. Stay tuned. This disruption can change everything for the better.

 

Robert Ackerman Jr. is the founder and a managing director of Allegis Capital, an early-stage cybersecurity venture firm, and a founder of DataTribe, a startup “studio” for fledgling cyber startups staffed by former government technology innovators and cybersecurity professionals.

 

Find Article Here: Techcrunch.com

Read More

Dragos, a Global Industrial Control System Cybersecurity Startup, Raises $10 Million in Series A Venture Capital

  |   Allegis News, Portfolio News, Series A, The Latest

 

 

 

 

 

 

Funding Provided by Allegis Capital, Energy Impact Partners and DataTribe Dragos Is Building the First Industrial Cybersecurity Ecosystem

 

HANOVER, Maryland (August 14, 2017) — Dragos Inc., (pronounced Dray-gohs), an industrial control system (ICS) cybersecurity company made up of industry experts with the vision of securing global industrial infrastructure, announced today that it has received a $10 million Series A round of venture capital from co-lead investors Allegis Capital and Energy Impact Partners (EIP), with additional support from DataTribe, a cybersecurity startup studio that initially funded Dragos.

 

The Series A round will be used to increase the company’s workforce to meet rising customer demand, generated in part through key partnerships with Deloitte, the global audit and financial advisory services firm, and CrowdStrike Inc., a leader in cloud-delivered endpoint protection.

 

CRASHOVERRIDE AND DRAGOS REPORT

Dragos has attracted attention for recently producing a report on CRASHOVERRIDE, the malware used to temporarily interrupt power in the Ukraine in a widely publicized cyber-attack last December. CRASHOVERRIDE is the only known malware that disrupts the electrical grid and only the fourth known type of malware to be specifically tailored toward ICS overall.

 

Founded May 2016 and funded until this point with a seed round of $1.2 million from DataTribe, Dragos has built the first industrial cybersecurity ecosystem. This consists of three core offerings and an assessment tool – the Dragos Platform, the Dragos Threat Operations Center, Global ICS Intelligence, and CyberLens network assessment software. This combination gives customers access to technology to monitor and respond to threats in the ICS, along with intelligence to make informed decisions about threats. Services range from threat hunting to incident response, as well as lightweight software for routine assessments.

 

The company’s biggest technological differentiator is its behavioral analytics. Instead of “anomaly detection” and other types of machine learning-driven technologies that are hitting the market, the approach of Dragos is to codify human experience facing human adversaries. It identifies adversary tradecraft and turns it into behavioral analytics. As a result, defenders get context of what is going on and recommendations on what to do next, not merely a series of alerts.

 

“Dragos exists to safeguard civilization,” said Robert M. Lee, the CEO of Dragos.  “Critical infrastructure powers the global economy and the fabric of modern society. We all strongly believe that civilian infrastructure should be off limits to any adversaries, no matter where the infrastructure is located in the world.”

 

Dragos was founded by ICS cybersecurity experts Lee, Jon Lavender and Justin Cavinee, all veterans of the U.S. intelligence community. There they established a first-of-its-kind mission for the U.S. government to identify, analyze and respond to nation-states launching ICS-focused cyberattacks.

 

“Industrial control systems are unique unto themselves – hybrid digital and analog environments with very different operational temperaments,” said Bob Ackerman, the founder and a Managing Director of cybersecurity investment specialist Allegis Capital. “Unless you have lived your life in this environment, you can’t truly appreciate how different or complex ICS systems are.  With Dragos, we invested in the “A” team.”

 

“Protecting the integrity of the grid has always been a top priority for utility operators,” said Sameer Reddy, a Vice President at EIP and co-leader of the Series A financing. “One of the critical challenges is access to sufficient human capital. The Dragos platform, which is built and managed by true ICS cybersecurity experts, provides significant force multiplication to ICS operators around the world.”

 

“Energy is essential to our economy and way of life. As a result, energy infrastructure is increasingly a target,” said Thomas A. Fanning, Chairman, President and CEO of Southern Company. “As a founding investor in Energy Impact Partners, Southern Company is proud to support enhancing the resiliency of critical infrastructure, in order to better protect the communities where we live and serve.”

 

 

About Dragos Inc.

Dragos Inc., based in Hanover, Md., is the trusted authority on threats to industrial networks (ICS/IoT). The Dragos Platform is an on-premise or cloud-based security technology that continually and passively collects data to perform asset identification, detects cyber threats through industrial specific behavioral analytics, and enables better efficiency and effectiveness of security personnel through the codification of automated workflows, best practices and incident response procedures. The Dragos Platform is continually enhanced through the Dragos Threat Operations Center, a team of experts providing services that include incident response, threat hunting, and compromise assessments. Both are backed by Dragos Intelligence, which allows for the analysis of adversary intrusions and provides the industry with weekly threat intelligence reports and adds new behavioral analytics to the Dragos Platform. For more information, visit https://dragos.com.

 

About Allegis Capital 

Allegis Capital is a premier, early-stage venture firm that invests solely in cybersecurity and was the first venture fund to focus strictly on cyber. In addition to Dragos, current investments include Area 1 Security, Bracket Computing, Callsign, Cyber GRX, E8 Security, RedOwl, Shape Security, Signifyd, Synack, tCell.io and vArmour. Allegis is also a founding partner in DataTribe, a cybersecurity startup studio based in Fulton, Maryland. Allegis Capital is based in San Francisco. For more information, visit www.allegiscap.com or Twitter at @AllegisCapital.

 

About Energy Impact Partners

Energy Impact Partners is a collaborative strategic investment firm that invests in companies optimizing energy consumption and improving sustainable energy generation. Through close collaboration with its strategic investor base, EIP seeks to bring the best companies, buying power and vision in the industry to bear on the emerging energy landscape. EIP’s utility partners include Southern Company, National Grid, Xcel Energy, Ameren, Great Plains Energy, Fortis Inc., AGL, Avista, MGE Energy Inc., TEPCO, PTT Public Company Limited, OGE Energy Corp., TransCanada, and Alliant Energy. For more information, visit www.energyimpactpartners.com.

 

 

About DataTribe

DataTribe, based in Fulton, Maryland, and Silicon Valley, is a cybersecurity startup studio formed with the mission of combining breakthrough innovation in cybersecurity, Big Data and analytics. The technological base of its startups emerge from federal agencies, such as the National Security Agency, or from government research labs.  DataTribe draws upon Silicon Valley start-up expertise to help create, define and lead new market segments. As an operating company, it directly takes on the task of building startups from concept to initial customer deployments while significantly lowering risk and preserving returns. For more information, visit www.datatribe.com.

 

For media inquiries, contact Jennifer Jones at jennifer@jenniferjones.com.

Cell: 650-465-5831

 

 

 

 

 

 

 

 

 

 

 

Read More

350% more cybersecurity pros in Washington, D.C., area than rest of U.S.

  |   Allegis News, The Latest

Two entrepreneurs place a big bet on cybersecurity startups along the Capital Beltway

 

CSO | By Steve Morgan | August 7, 2017

 

Silicon Valley is home to the largest population of cybersecurity product companies in the world.

Sand Hill Road in Menlo Park, California, is the epicenter of technology (and cybersecurity) venture capital. Scores of venture capital (VC) firms dotting the Bay Area have made it an attractive HQ location for startups seeking funding.

Investors—especially angels and first round financiers—prefer to be close to their portfolio companies. Simply put, where there are VCs, there will be startups.

Bob Ackerman is the managing director and founder of Allegis Capital in Palo Alto, California, one of the best-known and most successful VC firms that invests into early-stage cybersecurity companies—a bulk of them hailing from Northern California.

Now Ackerman is dropping a line in the Washington, D.C., Beltway waters. His phish-finder says there’s 350 percent more cyber engineers and analysts in that area than the rest of the U.S. combined.

Mike Janke, former chairman of Silent Circle, a former Navy SEAL, and a highly respected cybersecurity industry veteran, has teamed up with Ackerman on their own startup—Fulton, Maryland-based DataTribe—a holding company that focuses on helping local entrepreneurs productize cyber technology solutions.

While the D.C. metro area is long on cybersecurity talent, it’s short on cybersecurity product companies, according to a paper written by Ackerman and Janke. They say Beltway cyber experts lack the commercial DNA essential to commercialize market growth.

DataTribe is an incubator of sorts—complete with venture capital, office space, in-house experts providing a range of start-up help, and most important—access to alumni who have transitioned to the private sector and built successful cybersecurity product companies.

While the D.C. metro area doesn’t have nearly the number of cybersecurity product companies in proportion to its local cyber talent pool compared to San Francisco or Israel (the world’s number two exporter of cybersecurity technology behind the U.S.)—it does boast an impressive and growing roster.

Cybersecurity who’s who in the D.C. metro area 

A short list of some hot, cybersecurity product-centric companies in the Virginia/Maryland/D.C. region:

Arxan, Bethesda, Md.

Centripetal, Herndon, Va.

CYREN, McLean, Va.

Daon, Washington, D.C.

Distil Networks, Arlington, Va.

Dragos, Washington, D.C.

Endgame, Arlington, Va.

ePlus Security, Herndon, Va.

GigaTrust, Herndon, Va.

Haystax, McLean, Va.

IronNet Cybersecurity, Fulton, Md.

LookingGlass, Arlington, Va.

Nehemiah Security, Tysons Corner, Va.

Novetta, McLean, Va.

Ntrepid, Herndon, Va.

Oberthur Technologies, Chantilly, Va.

PhishMe, Leesburg, Va.

Protenus, Baltimore, Md.

RedOwl, Baltimore, Md.

Risk Based Security, Richmond, Va.

Saint Corporation, Bethesda, Md.

Surfwatch Labs, Sterling, Va.

Tenable Network Security, Columbia, Md.

ThreatConnect, Arlington, Va.

ThreatQuotient, Reston, Va.

Thycotic, Washington, D.C.

TrustedKnight, Annapolis, Md.

Verisign, Reston, Va.

Virgil Security, Manassas, Va.

Virtu, Washington, D.C.

ZeroFox, Baltimore, Md.

This list doesn’t include all of the impressive product companies in the area or the much larger number of cybersecurity consulting, advisory and professional services firms.

Born and raised in D.C. 

One company, Dragos, born in Washington, D.C., is a DataTribe resident. Robert Lee, founder and CEO at Dragos, partnered with DataTribe to get his startup off the ground.

Dragos is poised to raise venture capital shortly. Lee’s venture is focused on industrial control systems (ICS) security, an emerging and fast-growing cyber sector.

The highly experienced team of ICS and IIoT security experts at Dragos will benefit from the commercialization experience that DataTribe brings. Raising a product company is a lot different than raising a services firm, and Lee is smart enough to know the difference.

Much like many of his Beltway contemporaries, Lee is an ex-cyber military expert. He pursued cybersecurity in the U.S. Air Force, where he served as a Cyber Warfare Operations Officer in the U.S. Intelligence Community.

The mashup of DataTribe and local cyber-preneurs is sure to breed new product companies in the D.C. metro area. But one startup studio will do only so much. It remains to be seen if more Sand Hill money will flow into the Beltway.

 

Read More

Allegis and Accel partner for Callsign’s $35M Series A to Support Global Expansion

  |   Allegis News, Portfolio News, Series A, The Latest
  • Investment used to roll-out Callsign’s authentication platform to enterprises, financial institutions and consumer-facing digital services and to ramp-up hiring

 

  • Seasoned cybersecurity executive and Allegis Venture Partner David DeWalt joins the board as Vice Chairman along with Bob Ackerman Founder of Allegis Capital

 

San Francisco/London, July 27th, 2017: Callsign, the leading artificial intelligence-based authentication platform, has raised a $35 million Series A investment led by premier, early stage cyber security investor Allegis Capital and global venture capital firm Accel. Early-stage investor PTB Ventures and cybersecurity industry veteran David DeWalt’s NightDragon Security also participated in the round.

 

With the proliferation of data breaches, advanced threats resulting in stolen user credentials, there is increasing pressure on companies of all sizes around the world to implement better authentication practices. In 2015 alone, cybercrime cost businesses $500 billion, and this is estimated to rise four times to $2 trillion in 2019[1]. At the same time, companies want to minimize the friction that universal two-factor authentication introduces to the user experience.

 

In response, Callsign developed a deep learning-based authentication platform called Intelligence Driven Authentication™ (IDA). It enables enterprises to select the most secure and least invasive authentication journey for each user in real-time, based on his or her risk profile and tendencies – in other words, it adapts the type of authentication to the situation virtually eliminating advanced threats such as spear phishing. The result is an experience that optimises for both security and usability – a win-win for the enterprise and the end user.

 

Callsign’s IDA platform uniquely derives the complete intelligence picture around authentication and authorisation events, giving enterprises the ability to set adaptive policies that pinpoint suspicious usage. While Callsign can be can be deployed with out-of-the box mobile authenticators, it is a very open and flexible platform to which enterprises can easily plug-in existing authenticators or data sources. Callsign has also integrated with several Identity and Access Management providers, like ForgeRock, to provide a truly end-to-end solution.

 

Callsign was founded in 2012. Its clients are enterprises, financial institutions and consumer-facing digital services and include some of the world’s largest banks, such as Lloyds Bank and Deutsche Bank. It’s being deployed to hundreds of thousands of users globally.

 

Zia Hayat, Founder & CEO of Callsign, said: “Several years ago, I realized that the way we identify ourselves online was very broken. I knew we needed to make existing solutions like multi-factor authentication and fraud analytics better by bringing them together. Our IDA platform has had an incredible reception from financial institutions, governments and other large enterprises, and this investment will allow us to grow the business and meet some of the strong demand we’re seeing.”

 

DeWalt, a Venture Partner with Allegis Capital and formerly President and CEO of McAfee and CEO and Executive Chairman of FireEye, will join the board of directors as Vice Chairman. DeWalt brings more than 25 years of experience in the cybersecurity sector, and is widely recognized as one of the industry’s most successful executives. He currently holds a number of board positions at leading cybersecurity companies, including Vice Chairman of ForgeRock and Vice Chairman of ForeScout Technologies, among others.

 

DeWalt said: “Zia and his exceptional product and engineering team have built the foundations of a very solid business. They are pioneering a new approach to authentication with a powerful product that is quickly attracting some of the world’s leading businesses as customers. As the company rolls out its solution, it’s an exciting time to be joining the board.”

 

The new investment will help accelerate the growth of the company. Callsign will be expanding globally from its headquarters in London, with a particular focus on the US and Far East, and is planning to open offices in both the Bay Area and New York City in the next few months. Callsign will be building out its engineering and commercial teams as well, including sales, marketing and business development roles.

 

Bob Ackerman, Allegis founder and Managing Director will also be joining the Board.  Ackerman said, “authentication of identities has become a core pillar in enterprise cyber security. Callsign’s IDA represents a breakthrough in meeting levels of identify assurance that are essential to enterprise operations without compromising the effectiveness and efficiency of digital business platforms. Callsign is leading the industry in delivering identify assurance without compromise,” Ackerman added.

 

Harry Nelis of Accel and Dave Fields from PTB Ventures are also joining the Callsign board of directors.

 

About Callsign Inc.

Callsign is the leading artificial intelligence-based authentication platform for enterprises, financial institutions and consumer-facing digital services. Its unique Intelligence Driven Authentication™ (IDA) solution enables more informed and truly adaptive access control decisions, putting enterprises and their users back in control. This creates frictionless access for users, whilst reducing false rejection rates and increasing security as well as operational agility.

 

Callsign serves Tier 1 banking clients, government bodies and enterprises throughout Europe and the US. Their IDA technology puts enterprises and users back in complete control. For additional information please visit callsign.com

 

About Allegis Capital

Allegis Capital is a premier, early-stage venture firm that invests solely in cybersecurity and was the first venture fund to focus strictly on cyber. In addition to Callsign, current investments include Area 1, Bracket Computing, Cyber GRX, E8 Security, RedOwl, Shape Security, Signifyd, Synack, tCell.io and vArmour. Allegis is also a founding partner in cyber Start-Up Studio, DataTribe, based in Columbia, Maryland. Allegis Capital is based in San Francisco Ca.

 

 

About Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Atlassian, BlaBlaCar, Cloudera, Crowdstrike, Deliveroo, DJI, Dropbox, Etsy, Facebook, Flipkart, Forescout, ForgeRock, Funding Circle, Kayak, QlikTech, Slack, Spotify, Supercell and WorldRemit are among the companies the firm has backed over the past 30 years. The firm seeks to understand entrepreneurs as individuals, appreciate their originality and play to their strengths. Because greatness doesn’t have a stereotype. For more, visit www.accel.com, www.facebook.com/accel or www.twitter.com/accel.

 

About PTB

PTB Ventures is a thesis-driven venture capital firm investing in early-stage companies in the emerging digital identity ecosystem. Digital identity is the cornerstone of a transformation that will see trillions of networked devices connected to billions of humans. This transformation will create unprecedented economic expansion and a new level of security and access to billions of people. PTB is headquartered in New York City.

 

 

[1] https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion

Read More