Connect with us

Startups

Zero-trust trends for 2022 | VentureBeat

Published

on

Demand for endpoint security visibility and control will grow faster than the market, leading all zero-trust priorities in 2022. Improving Identity and Access Management (IAM) effectiveness, hybrid cloud integrations, and automating patch management will follow.

Cloud-first zero trust platforms have won the enterprise because of the cost savings, speed, and scale they deliver over legacy systems. Look for cybersecurity vendors who offer well-documented, secure APIs and consumption-based and subscription pricing to grow the fastest this year. Eighty-three percent  of security and risk professionals say zero trust is an essential strategy for their organizations, and 80% plan to implement zero trust in 2022.

Zero-trust spending will accelerate in 2022 

Organizations and the CISOs leading them are starting to see that zero trust doesn’t have to be expensive or hard to implement to be effective. That realization, combined with President Biden’s executive order mandating zero trust architectures for all governmental entities, will accelerate adoption across all organizations. Gartner predicts spending on zero trust network access (ZTNA) solutions will grow from $820 million this year to $1.674 billion in 2025, attaining a 26% Compound Annual Growth Rate (CAGR). Worldwide spending on information security and risk management is projected to reach $170 billion this year, increasing to $233 billion by 2025, achieving an 11% CAGR. Security services, infrastructure protection, and IAM will drive $122 billion in spending this year alone.

Insurance, financial services, and manufacturing CISOs told VentureBeat that creating a business case for zero trust made them realize how limited their visibility and control over endpoints are. CISOs and their teams find endpoints overcrowded with software agents, leaving them more vulnerable than before. Absolute’s 2021 Endpoint Risk Report found an average of 12.9 mission-critical applications per enterprise device, 11.7 of which are security controls. The more software clients on an endpoint, the higher the probability of a packet, message, and monitoring collisions, leading to a more rapid decay in the fidelity and quality of the security data.

4 trends defining zero trust in 2022 

Many organizations are falling behind in tracking every machine, human, and endpoint identity. It gets worse when it comes to patch management across the thousands of devices being used remotely. Cloud-delivered, clientless zero trust platforms are an economical alternative to adding another endpoint agent that relies on legacy trust-based authentication. The goal is to remove trust completely from the tech stack because it’s a major liability. Based on conversations with CISOs from healthcare, information services, financial services, and manufacturing, here are the four trends that define zero trust in 2022:

1. Demand for endpoint security visibility and control is growing faster than the market

CISOs tell VentureBeat endpoint security budgets were the most defensible parts of their fiscal budgets, and there’s strong interest in self-healing endpoints. Self-healing endpoints capable of identifying an attack, taking steps to stop an intrusion attempt, then rebuilding itself is the goal. The most valuable zero trust endpoint platforms provide real-time asset and patch management data, which provide the visibility and control they need. Absolute Software, Akamai, Blackberry, Cisco, Ivanti, Malwarebytes, McAfee, Microsoft 365, Qualys, SentinelOne, Tanium, Trend Micro, Webroot, and many others claim to have endpoints that can autonomously heal themselves.

Absolute, Ivanti, and Microsoft are noteworthy for how innovatively they simultaneously solve endpoint security and asset management. Absolute relies on firmware-embedded persistence as the basis of their self-healing endpoints and endpoint analytics that includes asset management data. The company’s approach to self-healing endpoints is based on a firmware-embedded connection that’s undeletable from every PC-based endpoint. Ivanti Neurons for Unified Endpoint Management (UEM) provides a platform to secure endpoints and provide greater visibility and control using AI-based bots to scan every endpoint. Ivanti customers use the Neurons platform to achieve zero trust to the endpoint level and improve IT service management (ITSM) and IT asset management (ITAM). Finally, Microsoft Defender 365’s approach relies on behavioral-based detection and scans every file or artifact in Outlook 365, correlating threat data from emails, endpoints, identities, and applications while defining any autonomous action needed to protect the endpoint.

The top five trends in endpoint security provide greater insights into how this area of the zero trust security market will accelerate in 2022. Forrester discovered that machine identities grow twice as human identities on organizational networks. Forrester defines machine, or non-human, identities as robotic process automation (bots), robots (industrial, enterprise, medical, military), and IoT devices. The predominant machine identities are for IoT devices. Interested in learning how to secure them from a DevOps perspective, VentureBeat recently interviewed Eystein Måløy Stenberg, cofounder and CTO at Northern.tech, and product manager at Mender.io. Northern.tech specializes in IoT security product development, and Mender is an over-the-air update manager they created for IoT devices.

“Given IoT devices largely operate in uncontrolled and potentially hostile environments, companies cannot assume there is any security perimeter, even physically. Centralized firewalls, VPNs, and identity databases are heavily used to secure cloud and desktop environments, but these centralized technologies are not suitable for the IoT environment,” Eystein said.

“In IoT, the main approach to security is decentralized, and this is why applying the zero-trust framework at the device level is the only possible path forward,” Eystein explained. “Since zero trust is both more important and easier to implement in IoT devices than cloud-based infrastructure, we expect to see a growth in this methodology fueled by the fast growth of the overall IoT market.” IoT architectures and platforms are becoming core to zero trust initiatives, evidenced by AWS’ series of announcements at their re:Invent conference last fall.

2. CISOs will invest more to improve IAM effectiveness in 2022

All organizations were unprepared for the scale and sophistication of cyberattacks the majority experienced last year. That’s a primary factor driving CISOs to evaluate a zero trust-based approach to passwordless authentication for their virtual teams. Privilege abuse is the leading cause of breaches today. Stopping privileged access abuse starts by designing a passwordless authentication system that is so intuitive that users aren’t frustrated using it while providing adaptive authentication on any mobile device. Leaders in the field of passwordless authentication include Ivanti, Microsoft Azure Active Directory (Azure AD), OneLogin Workforce Identity, and Thales SafeNet Trusted Access. Ivanti’s Zero Sign-On (ZSO) approach to combining passwordless authentication and zero trust on its Unified Endpoint Management (UEM) platform uses biometrics, including Apple’s Face ID as the secondary authentication factor for gaining access to personal and shared corporate accounts and systems.

CIOs tell VentureBeat that improving IAM integration in collaboration with CISOs will become a higher priority this year to achieve a more integrated identity concept across their organizations. Forrester, in their report last year on the top trends impacting shaping IAM, advised their clients to take a more granular and dynamic network access approach based on zero trust edge (ZTE) that identifies network traffic and activity to well-identified, authenticated, and authorized users (human and machine identities). Leading providers in this area include Ericom Software and their ZTEdge Zero Trust Security platform. What’s noteworthy about the Ericom platform is how it combines microsegmentation, zero trust network access (ZTNA), secure web gateway (SWG) with remote browser isolation (RBI), and ML-enabled identity and access management (IAM), enabling organizations to enforce consistent zero trust access policies across the key device, application, web, and network touchpoints.

3. Zero trust becomes the foundation of more hybrid cloud integrations

Unfortunately, organizations’ track record getting hybrid cloud security right is mixed. That’s because hybrid cloud configurations themselves are hard. By definition, a hybrid cloud is an IT architecture comprised of legacy IT systems integrated with the public, private, and community-based cloud platforms and services. Hybrid clouds’ simple definition conflicts with the complexity of making them work securely and at scale. According to Flexera, 92% of enterprises have a multi-cloud strategy, and 82% have a hybrid cloud strategy.

APT-based attacks on the SolarWinds scale happen in part because there’s no least-privileged access policy in place across hybrid cloud configurations. Enforcing least privileged access across every user and administrator account, endpoint, system access account, and cloud administrator accounts is one of the most valuable zero trust lessons learned and one that enterprises are acting on today. Giving user accounts just enough privileges and resources to get their work done and providing the least privileged access for a specific time is essential. Getting microsegmentation right across their IT infrastructures will eliminate the potential of bad actors to move laterally throughout networks. Logging and monitoring all activity on a network across all cloud platforms is key to securing hybrid cloud integrations with zero trust. Every public cloud platform provider has tools available for doing this. AWS CloudTrail and Amazon CloudWatch, which monitor all API activity, are useful for organizations on those public cloud platforms. Vaulting root accounts and applying Multi-Factor Authentication across all accounts is a given.

4. AI-based patch management is growing as enterprises struggle to update endpoints with least privileged access control

CISOs tell VentureBeat that previous approaches to perimeter-based control have resulted in their organizations having several, often conflicting, endpoint security platforms. Legacy perimeter-based systems often relied on trusted domains and interdomain trust relationships that proved ineffective in stopping breaches years ago. Organizations plan to improve endpoint resiliency and control by re-evaluating every endpoint’s current tech stack and simplifying them with least-privileged access controls more consistent with zero trust strategies. Absolute’s 2021 Endpoint Risk Report found that 11% of endpoint devices have installed two or more IAM apps, and 52% have installed three or more endpoint management tools.

The more IAM and endpoint management tools installed, the greater the potential for software conflicts and endpoints that lack any least privileged access control. IT and security teams need to fully automate patch management instead of relying on an inventory-based approach prone to error. Automating patch management offloads help desk tasks, saves valuable IT and security team time, and reduces vulnerability remediation service-level agreement (SLA) metrics. Using bots to automate patch management by identifying and prioritizing threats and risks is fascinating to track, with CrowdStrike, Ivanti, and Microsoft being the leading vendors in this area. Data-driven patch management is helping defeat ransomware with AI and machine learning techniques today.

The future of zero trust 

CISOs tell VentureBeat that zero trust is now being discussed regularly at the board and C-level as organizations look to replace legacy perimeter-based systems with ones that can provide least-privileged access, microsegmentation, and the core foundations of a zero trust strategy. In addition, organizations are concentrating on endpoint security, improving IAM effectiveness, hybrid cloud security, and automating patch management to improve least privileged access. Look for the cybersecurity vendor landscape to reflect these priorities with more mergers, acquisitions, and private equity investors looking to create competitive platforms.

Source link

Startups

Here’s how technology and innovation are driving the growth of Arista Vault, India’s first smart luggage brand

Published

on

It was a crisp winter evening in October 2017 when Purvi Roy, an ace designer who studied at Nuova Accademia di Belle Arti in Milan, presented her high fashion fall winter collection – Warriors Alley- at India Runway Week. The collection was powerful and the show was a great success. At the after-party, she crossed paths with Colonel Krishan Kumar Singh and finance expert Atul Gupta.

After a brief conversation with Purvi, the Colonel suggested that maybe it was time for her to do something for the regular masses which would serve a larger purpose. They began brainstorming and after much deliberation, hard work, and perseverance Arista Vault was born.

Arista Vault is an innovative tech company creating concept-based products to make human life easy, simple, and safe. The company is headquartered in Delhi with offices in Gurugram, Bengaluru, Kolkata and Goa. One of their first offerings was a smart wallet with inbuilt anti-theft and anti-loss features, that would keep your most valuable belongings safe and protected while travelling.

“Arista is a Sanskrit word that means ‘unhurt’ or safest, and vault is a safe. We particularly chose a Sanskrit word for the name because while we go global it will always depict the roots which are Indian; so Arista Vault is a proud Made in India brand,” reveals Purvi.

As a D2C brand, it is also India’s first smart luggage company having filed six patents with one of them being an internationally published patent. The company is the perfect amalgamation of indigenous technology and in-house design that attempts to make customers feel the luxury as well as the safety of carrying a smart wallet.

Backed by Purvi’s years of knowledge and experience as a designer, the wallet while being the best at technology also has the slimmest silhouette which gives it a very luxurious look, making it a great gifting product. Purvi always wanted to make sure that the aesthetics of the product felt opulent, hence it has a jewel packaging with a matte-finished box.

The logo which is a power button inside a hexagon has a touch of gold to it, symbolic of a sense of pride and luxury. So you have a plush feeling when you own an Arista Vault smart wallet along with complete security of your wallet and its belongings.

Making traveller’s life hassle-free

If you had a penny for every time your heart skipped a beat while you frantically searched your pockets thinking you had lost your wallet, you’d probably beat Elon Musk’s wealth!

While that is a far-fetched reality, safeguarding your wallet is not. Arista’s Smart Wallet, with its many features, offers customers the relief to travel hassle-free even in crowded areas like trains and buses. The wallet has a power button which when pressed activates its features.

-

Its main USP is the anti-loss and anti-theft features. It comes with an abundance of technologies such as an anti-theft alarm, built-in power bank, two-way tracker, remote selfie feature, RFID protection. The wallet also has a 20-meter separation alarm with two-way connectivity to your mobile phone. This way the phone can ring the wallet and vice versa. This feature especially comes in handy if your phone is either lost or stolen.

To enable such a high level of technology in a product as simple as a wallet would mean a dedicated amount of research and development.

“We are backed by the Ministry of Electronics and Information Technology and were incubated at the Electropreneur park and IIITD. We work in two world-class labs – Power lab and Fab Lab, which have state-of-the-art technology where the design, research, and technology integration are done. We also have a dedicated tannery and product design manufacturing unit where the integration of technology is done into the product after three layers of quality control,” Purvi says.

Along with technology and design, the co-founders were clear on maintaining the highest level of safety for the smart wallets. Hence all wallets are ISO certified with their privacy policy in compliance with the IT Act of the Government. As of the last quarter of this year, 6,000 smart wallets were sold amounting to Rs 2.6 crore.

Challenges along the way

It’s the trailblazing technology that makes the smart wallets of Arista Vault stand out. But this technology was not easy to develop. Purvi says that it took over a year of R&D to develop a prototype finally, but by this time all the seed fund had been exhausted.

“We knew we had a great product but for further research, innovation and product marketing more capital was needed. So all the three founders decided to put their savings and I supported the company with the earnings of my fashion venture that had initially incubated Arista Vault,” Purvi adds.

The company ran a pilot of their wallets on Amazon Launchpad and those were all sold out within three days. They used all the feedback received to further improve the product. The turning point in their entrepreneurial journey came in 2019 when the company got funding and support from the Ministry of Electronics & Information Technology under Electronics System Design & Manufacturing (ESDM), with Software Technology Parks of India (STPI) & Electropreneur Park.

Using this support, Arista Vault was able to scale their venture sustainably to build world-class smart wallets that eventually got them recognition from Amazon with the Viewer’s Choice award as an Emerging Brand in 2019. In 2021, the company received the prestigious Star award for Most Innovative Brand Year. They were also able to enter the international market by exporting their products to Germany, Chile, Dubai, and other gulf countries and finally to the USA.

This year the company achieved a major milestone in its journey when it became one of the few smart luggage brands in India to raise funding from Germany-based MainStage Angel Network and UK-based Pontaq VC.

Establishing itself in a new segment

Purvi says that while the funding was a great boost both financially and morally, the true journey of the company has begun now. The capital raised is being used to scale the business and establish itself as a market leader in a fairly new segment of smart luggage.

To do this, the company has grown its distribution model and channel partners to cover various cities across the country where Arista Vault products are being sold in a brick-and-mortar model. They have forged partnerships with relevant stakeholders like the Goa government to enter the travel and tourism sector as well, with their smart products.

In October when Prime Minister Narendra Modi launched 5G services in India, Arista Vault was one of the few tech companies to exhibit their smart products. They are also coming up with a series of 5G-implemented products.

-

Going ahead, the company wishes to build a strong presence in the smart luggage market in a B2B model. For that, they recently launched their Switch2Smart range which has a variety of smart business bags, business trolleys, laptop bags and file holders. These bags have features like GPS live and lost location which makes it almost impossible for them to be lost or stolen. They also have other features like smart charging for mobile phones, geofencing and anti-skimming.

“Nowadays from our homes to watches, everything is smart. So why should our bags be left behind? The Switch2Smart range of Arista Vault will give travellers the luxury to be free and not worry about their luggage,” Purvi says. The company has already started generating sales with B2B orders displayed in DIW 2022 Gift Expo.

In FY 2020-2021, the company generated revenue of Rs 3.59 crore and now they are well on their way to achieving Rs 12-15 crore in this financial year showing more than 4X growth in business.

Along with the sales generated on Amazon, Flipkart and their own website, this festive season Arista Vault also got into corporate gifting for occasions like Diwali and has completed bulk orders from companies such as Bharati Cement, Mitsubishi, etc. They also recently started with Amazon.com in the US and UAE.

“Going forward, both B2B and B2C have their specific areas to serve. Our products are innovative and new and require consumer awareness which is possible primarily through B2C. However at a certain level to reach a wider audience, B2B is a preferred mode of business,” Purvi adds.

Arista Vault aims to establish itself as a market leader in the smart luggage category by bringing revolutionary technology to wallets, business bags, travel backpacks and much more. In the coming year, they wish to strengthen their brand presence in India as well as abroad by launching another 15 product categories worldwide.


Source link

Continue Reading

Startups

Elon Musk Reveals Twitter Will Soon Release a New Feature

Published

on

Elon Musk continues to reach out directly to Twitter users to get feedback on his newly acquired platform.

In a tweet earlier today, the billionaire/Chief Twit turned his focus on lurkers who consume the content but don’t contribute. He politely encouraged these so-called ‘doom scrollers’ to get involved.

“I meet so many people who read twitter every day but almost never tweet,” he wrote. “If I may beg your indulgence, please add your voice to the public dialogue!”

Musk has reason to be concerned. According to a study done in 2021, around 25% of Twitter users in the U.S. produce around 97% of all tweets.

His plea to be more active on the platform received nearly 85,000 responses, but he honed in on one in particular from a Twitter user named Rocket_Medic who, perhaps channeling hundreds of thousands of others in the Twitterverse, wrote:

“I reply a lot…no one reads my tweets.”

Musk then asked Rocket_Medic if he was aware of Twitter Analytics, which can be surfaced by clicking on the graph icon at the bottom right of all users’ tweets. The feature lets you know how many times people have seen, Retweeted, liked, and replied to each tweet.

Musk told Medic that he shouldn’t be bothered by the low reply rate since that’s not the metric that really matters. “Those who read tweets outnumber those who reply/retweet/like tweets by over 1000%,” Musk wrote.

At this point, Musk revealed an upcoming feature that had not yet been discussed publicly.

Twitter will soon start displaying tweet reach metrics up-front on all tweets, just like they do for video views.

The reaction to Musk’s announcement seemed mostly positive, with over 15,000 likes. But one user was not convinced.

@JamieHutchens4 replied:

“My Tweets get zero reactions. I think that’s the case with most people. No reactions give a feeling of being unimportant. Avoiding that feeling is likely why lots do not tweet. Most probably don’t even realize that is why they aren’t Tweeting.”

To which Musk replied: “How many views do your tweets get?”

At press time, @JamieHutchens4 still had yet to respond to Musk’s question.

Ironically, his tweet has been liked over 10,000 times, with nearly 800 replies.

Continue Reading

Startups

CEO of Amazon Says Platform Won’t Stop Selling Anti-semitic Film From Kyrie Irving Tweet

Published

on

Opinions expressed by Entrepreneur contributors are their own.

On Wednesday, Amazon CEO Andy Jassy said the company would not be removing the antisemitic film Hebrews to Negroes: Wake Up Black America from its streaming service. Jewish groups such as the Anti-Defamation League (ADL) have prodded Amazon to take down the film because it contains antisemitic tropes and allegations that, throughout history, Jews have conspired to oppress Black people.



Michael M. Santiago | Getty Images

The video first received widespread attention near the end of October after Brooklyn Nets guard Kyrie Irving shared a link to it on Twitter.

Speaking at the New York Times DealBook Summit, Jassy — who is Jewish — said Amazon should allow access to controversial viewpoints. He continued: “As a retailer of content to hundreds of millions of customers with a lot of different viewpoints, we have to allow access to those viewpoints, even if they are objectionable — objectionable and they differ from our particular viewpoints.”

Jassy added that Amazon must be consistent with its policies and take care not to censor content. If the media “actively incites or promotes violence,” Jassy said, “or teaches people to do things like pedophilia,” the decision to take it down is “more straightforward.”

Amazon has “very expansive customer reviews,” according to Jassy, and where any kind of media receiving considerable public attention are concerned, “customers do a good job of warning other people.” According to the Times, Amazon has indicated that it is considering adding a disclaimer to Wake Up, but Jassy also expressed confidence in customer reviews playing a role in how the video is perceived.

Continue Reading

Trending

URGENT: CYBER SECURITY UPDATE