Portfolio News

China-Based Threat Actor APT10 Ramps Up Cyber Espionage Activity

  |   Portfolio News, The Latest

 

 Customers of managed security service providers, website of U.S. trade lobby group targeted in separate campaigns
Dark Reading | Jai Vijayan | April 6, 2017

An unknown number of managed service providers and their customers are victims of a massive, global cyber espionage campaign by a China-based threat actor that this week was also fingered in another attack against a U.S. group involved in lobbying around foreign trade policy.

News of the campaigns coincides with Chinese President Xi Jinping’s first official visit to the U.S. to meet with President Trump. It suggests that cyber-enabled espionage out of China continues to be an issue, despite a September 2015 agreement between the U.S and Chinese governments not to support or engage in such activities.

“Even as IP-focused cyber-espionage has reduced since the Xi Jinping-Obama agreement, big business will continue to be targeted, if nothing else than for the influence they hold over governments,” warns Hardik Modi, vice president of threat research at Fidelis Cybersecurity.

Fidelis was one of the organizations that this week disclosed new cyber espionage activity by APT10, a well-known China-based advanced threat group that is also known as Stone Panda. The other warning about the APT10 group’s resurgent activity, after a period of relative quiet, came from PwC UK and BAE Systems.

‘TradeSecret’ campaign against National Foreign Trade Council

The Fidelis report involves “TradeSecret,” the company’s name for a targeted and strategic campaign directed at the website of the National Foreign Trade Council (NFTC), a trade lobby group representing some of America’s largest companies.

According to Fidelis, its security researchers in February discovered a reconnaissance tool called “Scanbox,” previously associated with China government-sponsored threat actors, embedded on specific pages of the NFTC site. Among the infected page were those that NFTC board members used to register for meetings.

The malware was configured to infect the systems of anyone that visited the pages and to collect credential and session information and also system-level data that could later be used in phishing attacks or for exploiting specific vulnerabilities. It’s unclear how the APT10 group initially breached the site in order to embed Scanbox on it.

“Scanbox is a robust framework that can include a variety of reconnaissance modules,” Modi says. It can, for instance, be used to determine the software running on a target system, the type and version of antivirus on it, and other details. “In some instances, it has been known to serve up a JavaScript keylogger that can be used to grab credentials that the target enters on the page,” he says.

NFTC members have been major contributors to the dialogue around the new U.S. trade policy framework being developed by the Trump Administration. It is highly likely the APT10 group will use data that Scanbox collected to craft targeted attacks against them.

‘Cloud Hopper’ campaign against MSPs

Meanwhile, in a separate advisory, PwC and BAE Systems warned about a systematic and widespread APT10 campaign they have dubbed “Cloud Hopper” to steal data from an unknown, but most likely large, number of organizations.

What makes the campaign scary and highly scalable, according to the two organizations, is the APT10 group’s tactic to target companies via their managed service providers, rather than directly.

 

Multiple MSPs have been hit since late 2016 and their infrastructure has been used to gain access to the networks of their customers. Typical attacks have involved APT10 gaining access to a MSP network, looking for customers that match its interests, and then breaking into their networks using the MSP’s legitimate access.

The China-based group has then been extracting data from the victim’s network, putting the data into compressed files, sending it back to the MSP network and from there to servers controlled by APT10.

The investigations by BAE and PwC show that the campaign is focused on extracting intellectual property and other sensitive data from organizations. “APT10 is known to have exfiltrated a high volume of data from multiple victims, exploiting compromised MSP networks, and those of their customers, to stealthily move this data around the world,” the two companies said in their report.

The Cloud Hopper campaign is a classic example of the evolution of third-party cyber risk, says Fred Kneip, CEO, CyberGRX. It takes advantage of the implicit trust that many organizations place on their cloud service providers and other third parties that they do business with.

“Although attacks via third parties are the second biggest source of security incidents, most organizations do not have a consistent process to help them understand which partners pose the most risk to their organization,” Kneip says. Organizations need to truly understand their residual risk from each third party, and perform their own validation of key controls as opposed to relying on self-assessments, he says.

“Customers need to ask relevant questions of their provider as to how they achieve customer segmentation and segregation,” advises Jim Reavis, executive director of the Cloud Security Alliance. “Customers also need to understand their own responsibilities and in many cases it is their job to add data protection controls like encryption or to use the provider’s logging capabilities to monitor access to their own cloud instances.”

Meanwhile, campaigns such as Cloud Hopper also highlight the need for cloud service providers to perform segmentation at multiple levels, including networks, users, applications and data, to mitigate the fallout from a data breach, Reavis says. “No company can prevent all breaches, but systems should be designed so that a single breach impacts a maximum of one customer.”

John Pescatore, director of emerging threats at the SANS Institute said that attacks targeting cloud service providers are nothing new. Edward Snowden’s leaks showed the US government was targeting IT service providers as far back as 2013. And attacks on Google and others in subsequent years have shown that Chinese threat actors have been doing the same for some time now, he says.

“The bigger suppliers are pretty good at protecting themselves, but they are rarely the low cost providers,” Pescatore says.  “All too often obtaining [specific security] certifications are all the lower cost providers have to show in order to win competitions,” he says. “There has been talk in the IT service provider industry association of raising the bar, like has been done in the UK, but not much movement forward.”

Read More

Exclusive: Blackstone-Backed Network for Cyber Risk Launches Today

  |   Portfolio News, The Latest
 
Fortune | Jeff John Roberts | 7:40 AM Pacific

Financial firms have long used rating agencies like Moody’s or S&P to judge the risk of bonds. Now, companies that face risk from cyber attacks—which these days is almost everyone—have a tool to do the same.

On Wednesday, CyberGRX unveiled a platform that acts as a clearinghouse for cyber risk. Developed by a group of blue chip security pros from companies like Blackstone and Aetna, CyberGRX promises to make the process of flagging cyber dangers from their vendors dramatically more efficient.

The risk posed by vendors has been top of mind for many companies ever since the infamous hack on Target (TGT, +0.40%) in 2013, which saw attackers compromise the computer systems of Target’s HVAC supplier in order to steal credit card information from 40 million customers.

According to Jay Leek, the former chief security officer of Blackstone, the idea for a clearinghouse came about because companies spend enormous amounts of time filling out check-lists to assess the security risks posed by their vendors. Many of Blackstone’s portfolio companies, for instance, were all conducting the same compliance tests to see if vendors—which can include anyone from software giants like Salesforce (CRM, +0.86%) or Workday (WDAY, +0.65%) to catering companies—had programs in place to defend against cyber-attacks.

This process, says Leek, resulted in a lot of duplicated efforts and security officers spending their time on checklists rather than on mitigating cyber dangers.

In response, Leek and others realized the approach was to build what they call a “third party global cyber risk exchange” that will let companies assess vendors in the same way banks rely on ratings agencies to assess bonds. Leek likens it to performing cyber-risk by means of a Turbo Tax method, rather than doing it by hand.

“The inherent efficiency of the CyberGRX Exchange eliminates the waste in today’s approach—largely based on sharing spreadsheets—in a way no one in the market does. For the first time, companies will know which of their third parties pose the greatest risk to their organizations,” says Fred Kneip, CyberGRX CEO.

The process has been in the works since last year when CyberGRX raised $9 million from investors that include Allegis Capital, Blackstone, TenEleven Ventures, Rally Ventures, GV (formerly Google Ventures), and MassMutual Ventures.

To building process has relied on what CyberGRX calls its “design partners” like Aetna, and their existing dossiers of tens of thousands of vendor reports.

Now, the tool is ready for primetime as CyberGRX (GRX is for global risk exchange) invited other companies to take part. Here is how CyberGRX described it in a release announcing the news:

Built in partnership with chief security and risk officers from Aetna, Blackstone, MassMutual, ADP and other large companies with a combined network of more than 40,000 companies in their digital ecosystems, the CyberGRX Exchange brings together enterprises and their third parties and creates massive efficiency to a process that has largely been driven by sharing spreadsheets and trusting unvalidated self-assessments.

While the plan will provide a way for big companies to speed up their cyber risk assessments, it will also help hundreds of thousands of vendors who currently must wait for a cyber seal-of-approval before they can start providing their services.

As for the risk assessments the platform provides, those are compiled from the reports provided by the member companies but also from a host of outside signals. These include threat reports from security companies as well as news reports from Thomson Reuters and others.

The other advantage of the service, according to CyberGRX, is that it will continually update the security profiles of all the companies on the exchange. This means companies will no longer need to rely on an annual checklist system to confirm a vendor can still be trusted.

The idea for a cyber risk clearinghouse is not a new one. According to Leek, S&P tried unsuccessfully to come up such a service way back in 2006. Goldman Sachs(GS, +0.23%), meanwhile, tried to create a risk standard with Moody’s in 2015 but was likewise unable to pull it off.

If CyberGRX is a success, its backers say the service could save companies billions in legal and compliance costs, and allow security executives to devote far more time to threat mitigation rather than bureaucratic measures.

The new service may also jumpstart the market for cyber-insurance, which has been expanding in light of the ongoing number of high profile data breach incidents. But that is far from mature—in large part because of a lack of information on how to price cyber risk.

Article found here: www.fortune.com

Read More

G6 Hospitality Leverages RedOwl to Prevent Insider Threats

  |   Portfolio News, The Latest
RedOwl Analytics, Inc.

 

 

Top Lodging Company Boosts Protection of Sensitive Data of Company and Guests

 

Marketwired | March 07, 2017 11:00 ET

 

SAN FRANCISCO, CA–(Marketwired – March 07, 2017) – RedOwl, the leading provider of insider risk solutions, today announced that G6 Hospitality, known for its iconic economy lodging brands, Motel 6 and Studio 6 in the U.S. and Canada, has deployed the RedOwl Insider Risk Management platform to mitigate the risk of negligent, compromised and malicious employees leaking sensitive company intellectual property or customer data.

G6 Hospitality owns, operates and franchises over 1,300 lodging locations and employs more than 10,000 team members across the U.S. and Canada. Like many organizations, at G6, email is how business is done — both internally and with its franchisees who still at times maintain their own email systems. The company selected RedOwl specifically because it is the leading solution for electronic communication content and behavioral analytics as well as having the capability to integrate other critical streams of activity and employee-specific characteristics.

“One of the biggest strains on resources within our security team is ensuring all of our employees across North America are aware of how email should and shouldn’t be used and are educated on the risks of phishing and other types of external attacks and internal risky behavior that could result in critical data loss for our organization,” said Harvey Ewing, chief information security officer (CISO) of G6 Hospitality. “With RedOwl, our team no longer has that burden, as the platform can analyze and alert potential threats before they become incidents.”

RedOwl combines content and behavioral analytics to identify both acts of exfiltration and the potential precursor activities that indicate unwanted behavior in the enterprise, such as data theft and even employee flight risk. Critical to the team at G6 is RedOwl’s ability to reduce the noise and false positives typically seen in monitoring as well as to be able to quickly go from alert to in-depth investigation.

“Insider threats can no longer be ignored by organizations looking to protect their intellectual property and customer data,” said Guy Filippelli, founder and CEO of RedOwl. “RedOwl is proud to be G6’s partner as they work to further protect themselves and their customers from insider threats.”

In the year ahead, G6 Hospitality will continue to strengthen its defenses by leveraging more insider risk management capabilities offered on the RedOwl platform.

ABOUT REDOWL
RedOwl helps large enterprise and government organizations mitigate insider threats with technology designed for the modern workplace. Information security and regulatory surveillance teams trust our behavioral analytics platform to provide holistic and actionable visibility of all human risk, ranging from common employee data leaks to malicious insider attacks. With offices in Baltimore, New York City, San Francisco, and London, RedOwl’s investors include the Blackstone Group, Allegis Capital, and Conversion Capital. To learn more about RedOwl, visit: https://redowl.com.

ABOUT G6 HOSPITALITY
G6 Hospitality LLC owns, operates and franchises more than 1,350 economy lodging locations under the iconic Motel 6 and the extended stay Studio 6 brands in the U.S and Canada, and Hotel 6 and Estudio 6 brands in Latin America. Headquartered in Dallas (Carrollton), Texas, G6 Hospitality was rated one of the top ten hospitality companies according to the Hotel Management 2015 Top Hotel Companies rankings list, which evaluated over 260 hotel companies. For more information please visit G6Hospitality LLC.

Article found here: www.marketwired.com

Read More

RedOwl Enters Agreement with immixGroup to Reduce Insider Threat Risks for Government

  |   Portfolio News, The Latest

 

 

 

 

New Relationship to Strengthen Agencies’ Risk Management Posture

 

Marketwired | February 21, 2017

 

 

SAN FRANCISCO, CA–(Marketwired – February 21, 2017) – RedOwl, the leading provider of insider risk solutions, today announced an agreement with immixGroup, an Arrow company that helps technology companies do business with the government. Through immixGroup contracts with governments at the federal, state and local levels, agencies will be able to purchase RedOwl’s behavior risk analytics to avoid insider threats to mitigate classified information leaks, intellectual property loss, data theft and employee flight risk. In addition, government organizations can use RedOwl to comply with the Presidential Order for agencies to implement an insider threat program, in addition to meeting compliance standards set by National Industrial Security Program Operating Manual (NISPOM) for government contractors.

“Major cyber espionage and data leaks affecting the U.S. government over the past few years are proof that, more so than ever before, the public sector has the huge responsibility to protect against insider threats within their own organizations, but also the societal imperative to respect the privacy of employees,” said Guy Filippelli, CEO of RedOwl. “With its deep-rooted commitment to providing governments with reliable access to the enterprise software and hardware solutions they need to achieve mission success, our agreement with immixGroup aims to do just that. Only RedOwl can help governments and enterprises monitor and detect precursor behavior in a comprehensive, unbiased, systematic and automated way while ensuring employee privacy.”

RedOwl unlocks the power of existing enterprise data to identify and mitigate unwanted behavior. Only RedOwl ingests and combines structured, unstructured and business data to analyze interactions between employees, contractors, devices, files and applications. Using a combination of statistical pattern matching, machine learning and content analytics to profile user behavior, RedOwl gives risk management professionals the in-depth narratives required to effectively pinpoint and distinguish negligent, compromised and malicious employees.

ABOUT REDOWL
RedOwl helps large enterprise and government organizations mitigate insider threats with technology designed for the modern workplace. Information security and regulatory surveillance teams trust our behavioral analytics platform to provide holistic and actionable visibility of all human risk, ranging from common employee data leaks to malicious insider attacks. With offices in Baltimore, New York City, San Francisco, and London, RedOwl’s investors include the Blackstone Group, Allegis Capital, and Conversion Capital. To learn more about RedOwl, visit: https://redowl.com.

Article found here: marketwired.com

Read More

Behavioral Intelligence Innovator E8 Security Wins Best Cybersecurity Startup In 2017 Cybersecurity Excellence Awards

  |   Portfolio News, The Latest

Behavioral Intelligence Innovator E8 Security Wins Best Cybersecurity Startup In 2017 Cybersecurity Excellence Awards

 

 

 

 

Led by Innovative Machine Learning Approach to Transforming Traditional Security Operations, E8 Security Recognized By LinkedIn Information Security Community

Redwood City, Calif. — February 9, 2017 — E8 Security, an innovator of behavioral intelligence for cybersecurity, today announced that it won ‘Best Cybersecurity Startup’ with 50 or fewer employees in the 2017 Cybersecurity Excellence Awards. E8 Security emerged victorious over 27 other finalists. E8 Security was also named as a finalist for ‘Most Innovative Cybersecurity Company’ with 50 or fewer employees, as well as in the ‘Best Security Analytics’ and ‘Best Threat Hunting’ product categories.

The annual Cybersecurity Excellence Awards honor individuals and companies that demonstrate excellence, innovation and leadership in information security. The awards are produced in partnership with the Information Security Community on LinkedIn, tapping into the vast experience of over 350,000+ cybersecurity professionals to recognize the world’s best cybersecurity products, professionals and organizations.

“Congratulations to E8 Security for winning the Best Cybersecurity Startup category in the 2017 Cybersecurity Excellence Awards,” said Holger Schulze, founder of the Information Security Community on LinkedIn which organizes the awards program. “With over 450 entries, the 2017 awards are highly competitive, and all winners and finalists reflect the very best in leadership, excellence and innovation in today’s cybersecurity industry.”

In addition to this latest accolade, earlier this week E8 Security unveiled its E8 Security Fusion Platform, which transforms traditional security operations by automating the learning of user and device behaviors to discover malicious activity unknown to security analysts, resulting in improved alert quality and accelerated investigations to make security operations more proactive. Security operations teams are able to reach conclusions quickly by offloading the data mining, analysis, and correlation process, typically done manually, to the Fusion Platform, which provides them with answers to questions they didn’t even know to ask.

“At E8 Security, our team and the environment they create fosters ingenuity and is constantly driven by understanding our customers’ challenges,” said Matt Jones, CEO, E8 Security. “Being recognized with an award of this nature by security industry practitioners is further validation that we have quickly achieved a culture of collaborative innovation that has allowed us to ascend to a leadership position in Behavioral Analytics, which is transforming the way security operations teams detect, hunt for, and respond to hidden threats inside their organizations.”

About E8 Security

E8 Security is transforming security operations by automating the learning of user and device behaviors to discover malicious activity unknown to security analysts, resulting in improved alert quality and accelerated investigations to make security operations more proactive. E8 Security raises the bar, as the first be The Hive. Find out more at www.e8security.com.

PRESS CONTACT

Doug De Orchis

Voice Communications for E8 Security P: (617) 897-8259

E: ddeorchis@vocecomm.com

Read More

RedOwl to Deliver Next-Generation Insider Risk Management Platform to BT Customers

  |   Portfolio News, The Latest
 

RedOwl Analytics, Inc.

 

January 18, 2017 01:00 ET

 

RedOwl to Deliver Next-Generation Insider Risk Management Platform to BT Customers

 

LONDON, UNITED KINGDOM and BALTIMORE, MD–(Marketwired – January 18, 2017) – RedOwl, the leading provider of insider risk management solutions, today announced a global agreement with BT, one of the world’s leading providers of communications services and solutions. The agreement enables BT to offer its customers the RedOwl analytics platform to uncover insider threats as well as meet compliance requirements for regulatory surveillance.

BT has been at the forefront of providing innovative IT products and services specifically tailored to the financial services market for more than 35 years. Its global customer base includes the world’s largest banks, brokers, insurance companies, mutual societies, investment managers and exchanges.

BT customers will be able to deploy RedOwl in two critical capacities:

  • Information security: Today, BT offers a choice of services that helps customers undertake a range of pre-emptive information security measures, with device management, identity, access management and infrastructure security within the BT Security portfolio. With RedOwl, BT customers will leverage market-leading behavioral analytics to build and optimize insider threat programs and address key issues such as IP and data loss, employee flight risk and compromised employees.
  • Regulatory compliance: With RedOwl, BT customers will have a holistic view of their regulated employees and will be able to incorporate sophisticated analytics to accurately identify insider trading, market manipulation, wall crossing, improper disclosure and flight risk to help detect and prevent potential regulatory violations. 

“Our customers are seeking to extend their information security and regulatory surveillance capabilities,” said Luke Beeson, BT’s vice president security, UK and global banking and financial markets. “RedOwl provides the insight and context that information security and compliance officers need to better identify unwanted behavior. We’re delighted that our customers can now benefit from this advanced analytics solution.”

RedOwl protects enterprises’ internal attack surfaces with better people oversight. Only RedOwl identifies the precursor activities leading to unwanted behaviour, including insider trading, sabotage, data theft, or flight risk by combining content analysis with behavioral analytics, based on their communications content and context, physical activity, digital activity, and transactions.

The RedOwl platform builds an in-depth narrative that identifies and distinguishes among malicious, compromised and negligent employees. By using RedOwl, risk management professionals reduce time to detection, time of investigation, and can evolve from a purely reactive risk management posture to a proactive one by looking for precursors of unwanted behavior. Ultimately, with RedOwl, security and compliance teams leverage technology to positively impact the corporate culture.

“RedOwl is delighted to join forces with BT, one of the world’s leading providers of technology to the financial services industry, to help organizations use analytics to accelerate security and compliance initiatives,” said Guy Filippelli, RedOwl CEO. “Our analytics platform helps financial service customers transform their compliance practices into a proactive and comprehensive discipline. In Information security, RedOwl is the system of record for insider threat programs to help identify and mitigate unwanted employee behavior.”

Together, BT and RedOwl will provide tremendous value to their customers’ compliance and information security ecosystem. The joint solution will be available immediately. BT customers have the freedom to consume the service on premise, in a private cloud or reap the benefits of BT’s Cloud of Clouds portfolio strategy.

  ‘Cloud of clouds’ is BT’s cloud services integration capability, giving customers a practical route into cloud computing that meets their needs for choice and flexibility, total security and someone who knows how to make it work together. More information here: www.bt.com/point-of-view.

About BT

BT’s purpose is to use the power of communications to make a better world. It is one of the world’s leading providers of communications services and solutions, serving customers in 180 countries. Its principal activities include the provision of networked IT services globally; local, national and international telecommunications services to its customers for use at home, at work and on the move; broadband, TV and internet products and services; and converged fixed-mobile products and services. BT consists of six customer-facing lines of business: Consumer, EE, Business and Public Sector, Global Services, Wholesale and Ventures, and Openreach.

For the year ended 31 March 2016, BT Group’s reported revenue was £19,042m with reported profit before taxation of £3,029m.

British Telecommunications plc (BT) is a wholly-owned subsidiary of BT Group plc and encompasses virtually all businesses and assets of the BT Group. BT Group plc is listed on stock exchanges in London and New York.

About RedOwl

The RedOwl insider risk management platform mitigates the threat of insiders for information security and regulatory surveillance teams. Our behavioral analytics platform integrates structured and unstructured data sources — unlike traditional tools — to provide holistic visibility of human risk across the enterprise. With offices in Baltimore, NYC, SF, and London, RedOwl’s investors include the Blackstone Group, Allegis Capital, and Conversion Capital.

Article found here: www.marketwired.com

Read More

Signifyd Signs On Chendong Zou, Previously at IBM and Rocket Fuel, as VP of Engineering to Amplify Machine Learning and Eliminate Fraud for E-Commerce Merchants

  |   Portfolio News, The Latest

 

SAN JOSE, Calif.–Signifyd, the fastest-growing provider of guaranteed fraud protection for e-commerce businesses, announced today the hiring of Chendong Zou, as its new Vice President of Engineering. This strategic addition comes just months after a $19 million round of Signifyd funding led by Amex Ventures, Menlo Ventures and TriplePoint Capital last September. For almost twenty years, Zou has used Artificial Intelligence, machine learning and big data science to empower businesses through automation and predictability. In his new role, Zou’s aim will be to further advance Signifyd’s machine learning technology which eliminates fraud losses for ecommerce merchants and is backed by a 100% financial guarantee. Zou earned his PhD in Computer Science from Northeastern University.

“His years of experience managing real-time machine learning and strategic integrations with market leaders will help scale our platform to meet the growing demands of our customers and partners.”

Prior to joining Signifyd, Zou served as the VP of Engineering at Rocket Fuel, a programmatic marketing company that uses AI and big data to precisely predict behaviors for each customer as their priorities and motivations change from moment to moment. Zou helped scale the team at Rocket Fuel through the company’s impressive IPO in 2013. In the early 2000s, Zou served as a Senior Technical Engineer for CrossWorlds Software, Inc that enabled businesses to integrate enterprise processes for their specific industry. After CrossWorlds was acquired by IBM for $129 million, Zou continued working on the architecture for WebSphere BPM for many years.

“I’m ecstatic to make the transition from adtech to the fraud prevention space and believe my experiences at Rocket Fuel and IBM will provide a fresh perspective on how disparate data from dynamic sources can be scaled in real-time to meet the needs of a rapidly growing customer base,” said Zou. “I look forward to scaling Signifyd’s engineering team and its infrastructure, as well as keeping Signifyd’s real-time machine learning ahead of fraudsters and any existing solution in the market.”

Signifyd’s confidence in its Engineering team and its real-time machine learning is demonstrated by its 100% financial guarantee against fraud for its customers. Far from the outdated score-reporting methods used by traditional fraud prevention companies, Signifyd provides an instant “Approve” or “Decline” decision for every order it evaluates. Signifyd serves over 5,000 ecommerce merchants, including Fortune 1000 retailers like Jet.com, Lacoste, and Peet’s Coffee & Tea.

“We are incredibly fortunate to have Chendong lead Signifyd’s mission to eliminate fraud losses for ecommerce merchants,” said Raj Ramanand CEO and co-founder of Signifyd. “His years of experience managing real-time machine learning and strategic integrations with market leaders will help scale our platform to meet the growing demands of our customers and partners.”

Signifyd is integrated with larger fraud prevention solutions, such as Accertify, to provide enterprise customers with flexible protection options from within their existing platform. Signifyd is also integrated with leading ecommerce platform Magento and ThreatMetrix® The Digital Identity Company™.

About Signifyd

Signifyd was founded on the belief that e-commerce businesses should be able to grow without fear of fraud. Signifyd solves the challenges that growing e-commerce businesses persistently face: billions of dollars lost in chargebacks, customer dissatisfaction from mistaken declines, and operational costs due to tedious, manual transaction investigation. Signifyd Guaranteed Payments protect online retailers against fraud and chargebacks with a 100% financial guarantee against fraud for every approved order. Signifyd’s full-service machine-learning engine automates fraud prevention allowing businesses to increase sales and open new markets while reducing risk. Signifyd is in use by multiple companies on the Fortune 1000 and Internet Retailer Top 500 list. Signifyd was recognized as one of the 50 most innovative Fintech companies of 2016 by Forbes and is headquartered in San Jose, CA. For more information, please visit www.signifyd.com.

Contacts

VSC for Signifyd
Kayla Abbassi
Senior Account Executive
kayla@vscpr.com

Article found here: www.businesswire.com

Read More

Signifyd and ThreatMetrix® Combine Machine Learning and Digital Identities to Eliminate Online Payment Fraud

  |   Portfolio News, The Latest
 
SAN JOSE, Calif.–Leading ecommerce fraud prevention company, Signifyd and ThreatMetrix®, The Digital Identity Company® announced today they will combine efforts to eliminate online fraud for their customers. The partnership enables ecommerce merchants to remove the liability for fraud by leveraging the power of the ThreatMetrix Digital Identity Network® through Signifyd’s Guaranteed Payments solution.

“As online fraud evolves at an ever-increasing pace, merchants need new ways to mitigate risk. Signifyd’s use of the ThreatMetrix Digital Identity Network in its Guaranteed Payments solution allows merchants to aggressively grow their business and accept more legitimate customers without risk”

Signifyd’s VP of Partnerships, Skye Spear, summarizes what the partnership means for ecommerce merchants, “ThreatMetrix provides global shared intelligence on more than a billion digital identities. The ThreatMetrix Digital Identity Network provides additional insights for Signifyd’s machine learning capabilities enabling us to authenticate orders from customers who may have previously been denied. We’re able to incorporate additional data in real-time to identify and mitigate sophisticated fraud scenarios across one or more of our customers emulating multiple buying identities. Our goal is to increase decision confidence for online merchants through a managed service that’s backed by a financial guarantee.”

Through the partnership, Signifyd will leverage the ThreatMetrix Digital Identity Network to further enhance Signifyd’s Guaranteed Payments, which provide a 100% financial guarantee against fraud on every approved order. This new intelligence and subsequent guarantee allows merchants to accept more orders without the risk of chargebacks as the liability of fraud losses are shifted to Signifyd. Guaranteed Payments are ideal for fast-growing businesses, merchants in fraud-prone industries and those looking to expand overseas or in new markets and segments previously considered too risky.

“As online fraud evolves at an ever-increasing pace, merchants need new ways to mitigate risk. Signifyd’s use of the ThreatMetrix Digital Identity Network in its Guaranteed Payments solution allows merchants to aggressively grow their business and accept more legitimate customers without risk,” commented Leah Evanski, ThreatMetrix VP Strategic Alliances.

Signifyd and ThreatMetrix together provide a winning alternative to merchants using restrictive platforms that decline legitimate orders, delay shipments and are unable to eliminate chargebacks. Even other fraud prevention platforms with machine learning lack the closed loop for data feedback that Signifyd and ThreatMetrix provide with Guaranteed Payments and the Digital Identity Network. This partnership allows Signifyd and ThreatMetrix to leverage extensive fraud data and expertise to stop subsequent attempts at fraud, regardless of merchant size, industry or value of transaction. With more data and complete transparency, Signifyd and ThreatMetrix can significantly reduce financial losses from fraud for merchants.

About Signifyd

Signifyd was founded on the belief that e-commerce businesses should be able to grow without fear of fraud. Signifyd solves the challenges that growing e-commerce businesses persistently face: billions of dollars lost in chargebacks, customer dissatisfaction from mistaken declines, and operational costs due to tedious, manual transaction investigation. Signifyd Guaranteed Payments protect online retailers against fraud and chargebacks with a 100% financial guarantee against fraud for every approved order. Signifyd’s full-service machine-learning engine automates fraud prevention allowing businesses to increase sales and open new markets while reducing risk. Signifyd is in use by multiple companies on the Fortune 1000 and Internet Retailer Top 500 list. Signifyd was recognized as one of the 50 most innovative Fintech companies of 2016 by Forbes and is headquartered in San Jose, CA. For more information, please visit www.signifyd.com.

About ThreatMetrix

ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, ecommerce, payments and lending, media, government and insurance. ThreatMetrix is headquartered in San Jose, CA. For more information, please visit www.threatmetrix.com.

Contacts

VSC for Signifyd
Kayla Abbassi, 562-412-2038
kayla@vscpr.com
or
ThreatMetrix
Upright Position Communications
Paul Wilke, 415-881-7995
paul@uprightcomms.com

Find article here businesswire.com

Read More

Building a New Cybersecurity Startup Platform: DataTribe

  |   Allegis News, Portfolio News, The Latest

 

 

National Venture Capital Association | By Robert R. Ackerman Jr.

 

If you want to get a sense of the size and significance of the U.S. cybersecurity ecosystem in one location, a must-visit is the National Business Park at Fort Meade in Maryland. It is highly impressive and may someday serve as a stellar example of an effective new way to participate in the startup ecosystem and its venture capital brethren.

Fort Meade has been transformed from an Army base into a sprawling cyber city. Thirteen years ago, the young park had 10 buildings. Today, the square footage of the 28-building complex is roughly half the size of the Pentagon, and it is completely full. Tenants include the National Security Agency, the U.S. Cyber Command, the Defense Information Systems Agency and the cybersecurity businesses of Boeing and General Dynamics, among others.

This represents a snapshot of the breadth of the U.S. cybersecurity industry today, albeit only one relatively small piece because the private sector has come to dwarf the size of the government sector. In 2004, the global cybersecurity market was $3.5 billion. This year, it’s expected to exceed $122 billion, according to Research and Markets, which also projects that it will exceed $202 billion by 2021. Cybersecurity has become by far the fastest-growing sector of information technology. The growth of the sector is also apparent from the recent increase in cybersecurity acquisitions.

The venture capital ecosystem has responded accordingly and, along the way, has had to develop its own cyber experts internally to separate the wheat from the chaff among cybersecurity startups – a world immersed in the domain of deep science and advanced engineering and one in which expertise is essential. VCs also have to approach potential cybersecurity startup investments gingerly because too many “me-too” companies are being funded by a venture community eager to participate in one of the hottest sectors of IT innovation.

Nonetheless, the cybersecurity investment picture remains very bright. Last year, VCs invested $3.2 billion in 219 cyber startups, more than double the total funding in 2012, according to CB Insights. Last year, five of the seven (seven confirmed, nine rumored) private cybersecurity unicorns reached their required $1 billion valuations. This year, while cooling a bit, cybersecurity VC funding remains vibrant.  As the founder of Allegis Capital, a Silicon Valley early-stage cybersecurity venture firm, it’s no surprise that I enjoy the proliferation of cyber startups in the Valley. At the same time, the cyber expertise around Fort Meade has always been impressive and so I’ve invested in Maryland-based cyber startups over the years. To put things in context, Maryland has more than three times as many cyber engineers as the rest of the country combined, and many work at the cutting edge, out of the necessity that comes with national defense imperatives.

Despite this wealth of engineering and technical expertise, start-up success in the Washington D.C. Beltway has faced a series of obstacles. No startup succeeds solely on the strength of its technological prowess. Also essential to success is entrepreneurial experience, startup “know how” and a broad cross section of commercial skills, contacts and customer and partner relationships. In other words, the cyber community around the Washington Beltway has needed a mini Silicon Valley ecosystem and the Silicon Valley “playbook”.

That’s why DataTribe was created—to merge the cyber security innovation of Maryland with the startup building expertise and resources of Silicon Valley. DataTribe is a cybersecurity startup platform – a crucible in which to forge start-ups – co-based in Fulton, Md., and Silicon Valley – and one dedicated to leveraging the expertise created from working with the most advanced information technologies forged by the NSA and related institutions, as well as national laboratories.

DataTribe focuses on those areas of innovation in which government labs, out of necessity, have been innovating in cybersecurity, data and analytics well in advance of the commercial market. DataTribe’s business model is unique, partly because it is an operating company, not a venture firm, although it can provide startups with up to $1.5 million in seed capital (with follow-on participation in subsequent rounds).  It’s also unique in that DataTribe itself creates the concept for each startup and co-founds each company with a team of technologists with deep, relevant technical expertise and experience. These are teams that have “been there and done that” in production environments.  Supporting these efforts on a daily basis is an operating team of highly experienced, dedicated executives with decades of successful start-up experience in Silicon Valley and Boston.

DataTribe will co-found and launch three start-ups a year. The first three startups came on board in this inaugural year and are already gaining market traction…

Dragos — recently named one of Cybersecurity Ventures “Cybersecurity 500” top companies  — was the first of the startups. It specializes in network mapping, detection and remediation of cybersecurity problems in industrial control systems. The second, Enveil, is developing the first commercial solution for end-to-end lifecycle encryption; including data-in-use (homomorphic encryption based Cloud Security). The third company, Kesala, is developing lightweight solutions for low cost and ad-hoc, secure virtual private networks as well as cloud-based security monitoring of large-scale traffic.

The cybersecurity market is large, rapidly growing and driven by non-stop innovation. It is enormously complex at every level – within its individual components, in its connection to complex networks and in its relationship to data in all its forms and flows. You simply can’t learn fast enough from a standing start.

DataTribe is bringing the Silicon Valley playbook to the nation’s center of innovation excellence in cyber-related domains to forge a new generation of cyber security startups.  In time and with success, we expect to see the emergence of a self-sustaining cybersecurity startup ecosystem, fueled by an unusually deep reservoir of relevant U.S. technical talent. In a broader sense, this is how Silicon Valley started, and there is no reason why a smaller, more concentrated version can’t take root on the other side of the country.

Robert R. Ackerman Jr. is founder and managing director of Allegis Capital, a Palo Alto, Calif.-based early stage venture capital firm specializing in cybersecurity.  Ackerman is a co-founder of DataTribe and Allegis Capital is a strategic partner.

allegis

datatribe

Article found here: nvcaconnection

 

Read More

Inphi Corp. (IPHI) to Acquire ClariPhy Communications in $275M Deal

  |   Portfolio News, The Latest

 

November 1, 2016 | Streetinsider | Inphi Corporation (NYSE: IPHI) announced that it has signed a definitive agreement to acquire ClariPhy Communications Inc., a leading provider of ultra-high-speed systems-on-chip (SoCs) for multi-terabit data, long haul and metro networking markets for $275 million in cash as well as the assumption of certain liabilities at the close. The acquisition is expected to close in December of 2016, at which time ClariPhy’s employees are expected to join Inphi.

“With the acquisition of ClariPhy, we are completing our product portfolio as the leading component and platform supplier for optical networking customers,” said Ford Tamer, president and CEO of Inphi. “The ClariPhy coherent DSP complements Inphi TiA, driver, optical PHY and silicon photonics components to provide system OEM and module customers high-performance and low power platform solutions. Following closing, we expect to have platform offerings for long haul, metro, DCI edge, and intra-data center applications. We believe this will provide customers with faster time-to-market, proven quality, and competitive cost.”

As the world turns toward optical networking, the ability to communicate in “coherent” DWDM technology over both long and short distances is becoming increasingly important. ClariPhy is one of only three merchant suppliers with this coherent DSP technology in the world today. On the product front, following closing, Inphi expects to be able to offer customers (1) coherent DSP, TiA, drivers for long haul, and metro, (2) direct detect PAM DSP-based solutions for DCI edge between data centers, and (3) NRZ and PAM short reach solutions for inside data centers. On the component front, following closing, Inphi expects to be able to offer TiA, driver, silicon photonics, coherent DSP, PAM and NRZ physical layer devices.

IHS estimates the total available market for 100G & 200G coherent optical network hardware will grow at 18% CAGR, from $3.2 billion to $7.4 billion, between 2015 and 2020. This growth will be driven by several concurrent, powerful tailwinds: the optical super cycle, a growing and expanding SAM (serviceable available market), opportunities in regions such as China and with new markets such as Cloud. Inphi believes that this acquisition will position the company to be one of the most comprehensive component and platform suppliers across all three optical market segments inside/outside data centers, metro and long haul.

Strong Additions to the Inphi Team Inphi enthusiastically welcomes the addition of the ClariPhy employees who are expected to join our team as a part of this acquisition. Nariman Yousefi, ClariPhy’s current CEO is expected to join Inphi to run the Coherent DSP business unit. Additionally, the company’s already strong design team is expected to be augmented by ClariPhy’s well-known VP of Engineering and DSP architect, Oscar Agazzi.

Further details of the transaction and arrangements are set out in Inphi’s Current Report on Form 8-K filed with the Securities and Exchange Commission on November 1, 2016.

Article found here: streetinsider.com

Read More