Archive for February 11, 2025

Check Point Teams Up With Wiz

Posted in Commentary with tags , on February 11, 2025 by itnerd

Earlier today the news filtered out that Wiz and Check Point are going to team up:

The partnership between Check Point and Wiz addresses these issues head-on offering customers:

  • Unified Security Insights: Check Point’s cloud network security controls integrated within Wiz’s CNAPP risk platform, enabling cloud security teams to automatically prevent attacks access real-time network-driven insights for smarter risk prioritization
  • Enhanced Risk Context: Wiz’s advanced risk analysis feeds integrate directly into Check Point’s platform, providing network security teams with actionable recommendations to optimize security coverage and configurations
  • Prioritization of Unsecured Assets: Cloud security teams are empowered to identify and address unsecured assets more effectively, leveraging network security data to guide decision-making
  • Optimized Security Operations: Network security teams benefit from tailored recommendations generated by Wiz’s platform, enhancing operational efficiency across hybrid environments

The mutually beneficial partnership includes joint integration and the assisted migration of Check Point’s CNAPP customers to Wiz. Check Point expects to reallocate resources and make further investments across its Cloud Security business, including Cloud Network Security, Web Application Firewall (WAF), GenAI and other key Cloud technologies.

Marina Segal, CEO, Tamnoon highlights the risks associated with this team up:

“As organizations transition from Check Point CloudGuard to Wiz, under their newly announced partnership, it is critical to maintain continuous security operations while minimizing disruption. CNAPP migrations can take time and energy from already understaffed security teams. Our experience has shown that it is important to follow a proven process and make sure you have experts to guide every successful migration of any CNAPP.”

It will be interesting to see how organizations navigate this so that the best outcome possible is the one that they get.

Leave a comment »

Guest Post: Safer Internet Day – Getting Serious With Passwords

Posted in Commentary with tags on February 11, 2025 by itnerd

By Darren James – Senior Product Manager and cyber security expert at Specops Software

To celebrate Safer Internet Day (SID) and raise further awareness around promoting the safe and positive use of digital technology for the theme “Together for a better Internet,” we’ve decided to focus on a critical element within security that many people will be familiar with but seemingly don’t give due attention: passwords.

For the modern person, our daily lives largely involve the internet. Whether that be online banking, connecting with friends and family on social media, checking email, shopping for groceries, or so on. Access to all of these services requires a login and a password. Now, you may think users are using strong, unbreakable, long passwords, not least because many sites now mandate passwords to meet certain requirements. After all, passwords are often all that separates the outside world from gaining entry to our sensitive information.

However, this isn’t the case as many people are still either not changing the default password or using generic, easy-to-crack credentials instead. Speaking plainly, most of us are guilty of using lazy passwords, or reusing credentials at some point in our lives.

This poor display of security behaviour is very visible in the working world and our recent findings in the 2025 Breached Password Report only highlight the critical importance of SID’s mission in improving cybersecurity habits for everyone.

The password “123456” was the most frequently compromised, appearing in more than 1.4 million leaked credentials. Alarmingly, among the 1.8 million breached administrator credentials, 40,000 admin portal accounts used “admin” as the password, highlighting that even IT professionals may not be prioritizing security.

Over a 12-month period, more than one billion credentials and passwords were stolen through malware attacks. This alarming statistic underscores the need for robust cybersecurity measures and increased awareness about online threats.

One of the key findings is that 230 million of the stolen passwords met common complexity requirements (over eight characters, including uppercase letters, numbers, and special characters). This indicates that adhering to standard password policies alone is insufficient to protect against sophisticated attacks.

With breaches often costing companies millions for each incident, the cost of lazy passwords could be seriously detrimental to any business.

The stats highlight the brutal truth that relying on end users to maintain strong password security is a losing battle. Even with cybersecurity training and strict password policies, human error remains the weakest link. Security professionals must take a proactive approach (that does not rely on end users) by implementing robust security measures – such as multi-factor authentication (MFA) and password managers – rather than assuming awareness alone will keep systems secure.

Enhancing password security is crucial for protecting organizations against cyber threats. Here are five key tips to strengthen your organization’s password practices:

Train Employees on Secure Password Practices

Educate staff on password security risks, such as weak storage methods and easily guessed passwords. Ultimately, we want to help users by providing detailed, local language feedback when they set or change their passwords.

Enforce Strong Password Policies

We want to encourage the use of longer passphrases, using memorable words so that users are less likely to write them down. Policies can include increased password expiry time but to avoid users incrementing the same password, organizations must continuously check the password and require it to be changed if it becomes breached. Furthermore, certain departments or individuals may require specific password policies for compliance requirements, so this needs to be accounted for.

Defend Against Brute-Force Attacks

Protect accounts by locking them after multiple failed login attempts and blocking suspicious IP addresses. Configure these settings in Active Directory and other security systems. Organizations can start by blocking easy-to-guess passwords that might relate to the company or business.

First-Day Password & Promptly Deactivate Departing Employee Accounts

When a new employee joins, having a “First Day Password” security capability will enable the user to securely set their initial password, eliminating the need for IT to share temporary credentials and reducing onboarding security risks. Moreover, when an employee leaves the company, immediately disabling accounts will prevent unauthorized access. Updating shared passwords will also minimize security risks.

Implement Multi-Factor Authentication (MFA)
Strengthen security by requiring multiple verification steps, ensuring access is not solely dependent on passwords.

With Safer Internet Day 2025, we can’t let another year pass and not take the required action. It’s imperative to reflect on these findings and take proactive steps to safeguard our digital lives. By working together, we can create a more secure and trustworthy internet for all. Furthermore, by adopting these strategies, your organization can significantly improve its password security posture and reduce the likelihood of breaches related to compromised credentials.

Leave a comment »

AppSOC Tests DeepSeek And Finds A Wide Range Of Flaws

Posted in Commentary with tags on February 11, 2025 by itnerd

AppSOC, specialists in AI governance and application security, today published “Testing the DeepSeek-R1 Model: A Pandora’s Box of Security Risks detailing in-depth model testing that reveals a wide range of flaws with high failure rates. 

Through a combination of automated static analysis, dynamic tests, and red-teaming techniques, the DeepSeek-R1 model was put through scenarios that mimic real-world attacks and security stress tests using AppSOC’s AI Security Platform and risk scoring.

Among alarming results: 

  • Jailbreaking: Failure rate of 91%. DeepSeek-R1 consistently bypassed safety mechanisms meant to prevent the generation of harmful or restricted content.
  • Prompt Injection Attacks: Failure rate of 86%. The model was highly susceptible to adversarial prompts, resulting in incorrect outputs, policy violations, and system compromise.
  • Malware Generation: Failure rate of 93%. Tests showed DeepSeek-R1 capable of generating malicious scripts and code snippets at critical levels.
  • Supply Chain Risks: Failure rate of 72%. The lack of clarity around the model’s dataset origins and external dependencies heightened its vulnerability.
  • Toxicity: Failure rate of 68%. When prompted, the model generated responses with toxic or harmful language, indicating poor safeguards.
  • Hallucinations: Failure rate of 81%. DeepSeek-R1 produced factually incorrect or fabricated information at a high frequency.

You can read the research here.

Leave a comment »

Aptum Welcomes Jaime Konzelman as Chief Revenue Officer

Posted in Commentary with tags on February 11, 2025 by itnerd

Aptum, a hybrid cloud, infrastructure, networking and managed services provider, today announced the appointment of Jaime Konzelman as Chief Revenue Officer. In this role, she will lead Aptum’s go-to-market strategy, overseeing sales, partnerships, and marketing to help customers make the most of their cloud investment. 

Konzelman brings more than two decades of experience with Fortune 500 and 1000 companies across industries including entertainment, hospitality, and IT managed services. Her expertise in selling complex IT services, leading high-performing teams, and empowering people aligns with Aptum’s mission to simplify IT complexities and unlock tech freedom for its customers. 

Konzelman was most recently Vice President and General Manager, Americas Sales at Rackspace Technologies. She began her career with the Walt Disney Corporation and has held leadership roles at Unisys, Atos, Xerox, Acxiom and MGM Resorts. As a dealmaker at Atos, she secured more than US$3 billion in IT services contracts, earning multiple accolades, including ISG’s Sales Leader of the Year and Atos’ President’s Club recognition.

A bestselling author, Harvard-trained leadership facilitator, motivational speaker, and executive coach, Konzelman has developed proprietary training programs to help teams and individuals achieve outstanding results. She holds a B.S. in Business Management from the University of Massachusetts and an A.A.S. in Business Administration from the Borough of Manhattan Community College. A passionate triathlete, she also serves on the board of Rockin Runners in Las Vegas. 

Leave a comment »

EnGenius Technologies Announces Zoom Certification for Extreme-Range Phone System

Posted in Commentary with tags on February 11, 2025 by itnerd

EnGenius Technologies has successfully obtained certification for their extreme-range phone system, DuraFon ROAM, from Zoom Communications, Inc., a renowned innovator in seamless collaboration technologies. Together, these solutions are enhancing connectivity by aligning EnGenius’s powerful DuraFon Roam system with Zoom’s robust communication platform. This will unlock new possibilities for customers to maintain crystal-clear communication across vast and challenging operational spaces.

Revolutionizing Long-Range Connectivity

EnGenius’s DuraFon ROAM is a breakthrough product delivering unparalleled coverage for voice communications. Offering up to 200,000 sq. ft. in resorts and assisted living facilities, 1,000,000 sq. ft. in warehouses and fulfillment centers, and an impressive 4.7 square miles in expansive outdoor venues and agricultural sites, DuraFon ROAM ensures robust and reliable connectivity. This long-range solution now works seamlessly with Zoom Workplace, enabling users to leverage Zoom’s capabilities even in the most remote and challenging environments.

Expanding the Reach of Collaboration

This solution benefits a wide range of industries by combining EnGenius’s industry-leading hardware with Zoom’s dynamic communication platform. Key advantages include:

  • Enhanced Collaboration: Enable seamless voice communication through Zoom in vast or complex areas where traditional systems might not reach.
  • Industry Versatility: Tailored for resorts, assisted living, warehouses, fulfillment centers, outdoor venues, and agricultural facilities, this solution extends the utility of Zoom to new operational domains.
  • Unparalleled Range: Leverage DuraFon Roam’s extended coverage to expand the communication footprint without sacrificing reliability.

Future-Proofing Communication Solutions

EnGenius demonstrates its dedication to innovation and adaptability by meeting industry demands for flexible and scalable communication solutions. By combining the capabilities of DuraFon Roam with Zoom, businesses can overcome connectivity challenges and ensure seamless communication across all areas of their operations.

Availability

The solution is now available to customers worldwide, offering a reliable and comprehensive system for organizations aiming to expand their reach and improve their communication capabilities. Customers are encouraged to contact EnGenius Technologies for more information.

Leave a comment »

Cisco Has Apparently Had A Data Breach

Posted in Commentary with tags on February 11, 2025 by itnerd

Cybersecurity News is reporting that Cisco has suffered a data breach linked to the Kraken ransomware group with sensitive credentials from its internal network and domain infrastructure leaked online. Additional details here:

https://cyberpress.org/cisco-data-breach-2/

Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:

“I had an opportunity to speak to other CISOs about this incident last week. The prevailing viewpoint is that this is a highly sophisticated ransomware-as-a-service attack that took many months of diligent work by the threat actor using sophisticated tools. One of the tools used, Mimikatz, is designed to extract credentials from Microsoft Active Directory and is only accessible by privileged users or threat actors using credentials from those with privilege . Mimikatz is both an exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit. It was created by French programmer Benjamin Delpy and is French slang for “cute cats”. Wikipedia  

“The most effective set of controls to manage this risk is within privilege user monitoring (PAM) with an added component for continuous validation. The continuous validation, in this case, is measuring the deviation in established on-line patterns for privileged users (while using the privilege) and revoking the privilege automatically in milliseconds when the deviation score of the patterns triggers it. This approach (continuous validation) on top of PAM is not widely used today and there are only a few commercial products developing this capability.” 

This incident shows that even the big guys can get pwned if they don’t have proper controls in place. Which illustrates why you need to do everything possible, no matter how difficult to keep yourself from getting pwned.

Leave a comment »

Taking Major Business Momentum in 2025, Datadobi Reimagines How Enterprises Can Transform Unstructured Data into a Valuable Asset

Posted in Commentary with tags on February 11, 2025 by itnerd

Datadobi, a global leader in unstructured data management, has today set out its vision to capture its place in the Unstructured Data Management market, propelled by 12 months of outstanding performance, technology innovation, and industry recognition. As organizations look to release the value of unstructured data across their hybrid cloud environments, Datadobi is ideally positioned to address their needs and transform it into a valuable asset that drives innovation and success.

As Gartner® quoted in its Modernizing File Storage Data Services with Hybrid Cloud report* at the end of 2024, “ New hybrid cloud storage capabilities are now considered ‘must have’ to address the growing challenges of exponential data growth, digitalization and globalization of data, generative AI, resilience, cloud integration and migration.”                                                                  

To deliver on these growing challenges, technology leaders worldwide are focusing on their storage infrastructure to prepare for generative AI and other strategic IT priorities. This includes investment in effective hybrid-cloud strategies, which is now a key requirement for addressing ubiquitous data growth. With limited mature HCDS solutions on the market, Datadobi has built customer trust in the value of effective data management, building a software platform that reimagines how organizations can navigate data complexities, optimize business intelligence, and find a competitive edge.

Datadobi’s leadership position in the Unstructured Data Management market has been established following a range of significant business achievements over the last 12 months, which include:

StorageMAP 7.0 – a game-changer for the Unstructured Data Management market

StorageMAP 7.0 is a game-changer for the Unstructured Data Management market, with previously unheard-of features and functionality to provide the deepest insights possible into heterogeneous unstructured data environments. The solution enables customers to make the most intelligent data-driven decisions that drive innovation and competitive advantage with StorageMAP 7.0 while also managing their unstructured data’s inherent risk and escalating costs as never before.

Award-winning achievements and analyst recognition

A series of industry award wins underlined Datadobi’s exceptional performance in 2024. These included the Cloud Computing Magazine Excellence and ChannelVision Visionary Spotlight awards. The company also made CRN’s Big Data 100 and Storage 100 lists. In addition, Denise Natali, Datadobi’s Vice President of Americas Sales, was included on CRN’s “100 People You Don’t Know But Should” list.

The company was also featured in several key industry analyst reports, including Gartner’s “Modernize File Storage Data Services With Hybrid Cloud.” Additionally, Omdia recognized Datadobi’s StorageMAP platform for offering “comprehensive unstructured data management” capabilities and noted, that “Datadobi’s ability to handle unstructured data (documents, emails, social media posts, images, videos, audio files, sensor data, etc.) puts it above most other solutions.”

A growing international team

In 2024, Datadobi also strategically expanded its team, adding key sales leadership personnel, including Denise Natali as Vice President of Americas Sales, Michelle Butler as California Sales Executive, and other new personnel across the USA and EMEA. These strategic hires across multiple regions are central to the company’s commitment to growth and have significantly enhanced its capabilities in key target markets.

Leave a comment »