Latest news with #AIthreats
Tahawul Tech
3 days ago
- Business
- Tahawul Tech
Infoblox double-down on pre-emptive protection in bid to crackdown on AI-driven attacks
Infoblox , a leader in cloud networking and security services, has announced major enhancements to its Protective DNS solution, Infoblox Threat Defense, empowering organizations to stay ahead of sophisticated, AI-driven cyber threats with pre-emptive security. As global cybercrime costs surge toward $23 trillion by 2027[1], traditional 'detect and respond' security tools are struggling to keep up. Modern attackers increasingly deploy AI to create unique, single-use malware and stealthy phishing campaigns that evade traditional defenses—making it more likely than ever that any organization can become 'patient zero.' Infoblox's Protective DNS solution, Infoblox Threat Defense, stops threats before they impact infrastructure by combining predictive threat intelligence with algorithmic and machine learning-based detections — blocking high-risk and malicious domains an average of 68 days earlier than traditional tools, with an industry-leading 0.0002% false positive rate. 'The difference between most DNS security tools and our approach is like the difference between law enforcement chasing street-level drug dealers versus taking down the cartel,' said Mukesh Gupta, chief product officer, Infoblox. 'We target the suppliers behind the cyberattackers—the cartel—so threats can be blocked before they ever reach the network. This pre-emptive strategy helps security teams reduce risk, eliminate noise and stop threats at the DNS layer before they ever reach the network.' To help customers get ahead of the new wave of AI-driven threats, Infoblox is continually delivering ground-breaking threat intelligence—solidifying the role of Threat Defense as a proactive, high-speed threat blocker. From better visibility and actionable insights to flexible licensing and clear metrics on pre-emptive protection, these new innovations are designed to help security teams close gaps before attackers can exploit them: Protection Before Impact: Provides security leaders with clear, quantifiable metrics on threats neutralized before they can cause damage, streamlining reporting and demonstrating security ROI. Provides security leaders with clear, quantifiable metrics on threats neutralized before they can cause damage, streamlining reporting and demonstrating security ROI. Security Workspace: An intuitive, centralized interface that gives security teams deep visibility into their environment with actionable insights to reduce risk and ultimately speed their mean time to respond (MTTR). An intuitive, centralized interface that gives security teams deep visibility into their environment with actionable insights to reduce risk and ultimately speed their mean time to respond (MTTR). Detection Mode: Provides organizations visibility into threats they're missing today—without changing existing DNS configuration, minimizing operational risk. Provides organizations visibility into threats they're missing today—without changing existing DNS configuration, minimizing operational risk. Asset Data Integration: Delivers deep context into what was protected as part of the pre-emptive strategy, enabling security teams to do further investigation and analysis. Delivers deep context into what was protected as part of the pre-emptive strategy, enabling security teams to do further investigation and analysis. Token-Based Licensing: Flexible, token-based pricing aligned to protected assets simplifies procurement and drives clearer ROI. Flexible, token-based pricing aligned to protected assets simplifies procurement and drives clearer ROI. Powering Google Cloud's DNS Armor: Infoblox's Protective DNS capabilities also power Google Cloud's DNS Armor, providing native security for cloud workloads, with public preview later this year. Infoblox Threat Defense gives security teams predictive insights to block attacks as threat actor infrastructure is being created—before malware is even deployed and long before a patient zero is hit. Unlike traditional security tools that must wait for the first victim to detect and respond, Infoblox's approach can pre-empt the attack entirely. By stopping attacks earlier, Infoblox reduces the load on detect-and-respond tools, such as XDR and SIEM—aligning with Gartner's view that pre-emptive cybersecurity will replace 40 percent of traditional solutions by 2028. The latest NIST SP 800-81 guidelines reinforce this shift, noting that DNS can often prevent security incidents earlier than other systems. 'Traditional 'detect and respond' security simply can't keep pace with today's AI-driven attackers and malware. Cybercrime is evolving faster than ever, costing the world trillions and exploiting gaps in legacy defenses,' said Scott Harrell, president and CEO, Infoblox. 'The legacy kill chain approach depends on someone else being 'patient zero' so those legacy systems can learn and react—but attackers today customize malware to target individual businesses or industries, rendering legacy, reactive approaches ineffective against modern AI-enabled attackers. When you're patient zero, the only thing being 'killed' is your business. The future of cybersecurity must be pre=emptive: stop threats before they ever reach your organization.' 'Before Infoblox, DNS was a blind spot in our security posture,' said Nathan Sinclair, chief information security officer for the City and County of San Francisco. 'We immediately saw value in gaining full visibility into DNS requests and the hidden threats they can carry. Infoblox Threat Defense has proven to be a powerful solution for blocking exploits and preventing incursions. It has significantly strengthened our defenses and given us greater confidence in protecting the critical services we provide.' For deeper insights into our latest innovations and why pre-emptive DNS security matters more than ever, visit our Security Momentum launch blog. To see the latest research on evolving threats—including how DNS security blocks 82 percent of attacks before impact—read our 2025 DNS Threat Landscape Report.
Tahawul Tech
04-08-2025
- Business
- Tahawul Tech
AI-driven cyberattacks demand machine-speed defences, says Kiteworks CISO
Frank Balonis, CISO and SVP of Operations at Kiteworks, warns that compliance-led organisations must replace human-dependent security with automated, AI-enabled controls to survive the next wave of autonomous cyber threats. AI-driven cyberattacks are reshaping the threat landscape with unprecedented speed, scale, and precision. Frank Balonis, CISO and SVP of Operations at Kiteworks, spoke to Sandhya D'Mello, Technology Editor, CPI Media Group about how traditional compliance frameworks and human-dependent controls are no match for autonomous adversaries. Organisations must now adopt machine-speed defences, real-time data visibility, and automated enforcement to withstand AI-enabled threats. With regulatory demands increasing and the financial impact of breaches soaring, the path forward demands unified architectures, zero-trust strategies, and AI-powered anomaly detection to ensure both security and compliance. Interview Excerpts: The recent research demonstrates AI's ability to autonomously execute complex network attacks with alarming precision and scale. How do you see this redefining the cybersecurity threat landscape for compliance-driven organisations? The convergence of autonomous AI attack capabilities and organisational vulnerability creates an unprecedented compliance crisis. Carnegie Mellon and Anthropic research proves AI can autonomously breach networks with 100% success rates, while 83% of organisations lack basic controls against AI data exposure. This redefines the threat landscape fundamentally. Attacks now operate at machine speed 24/7, systematically exploiting hundreds of vectors simultaneously while, per IBM, shadow AI incidents cost $670,000 more than standard breaches. With 59 new AI regulations in 2024 and fines exceeding $100,000 becoming common, compliance-driven organisations face a stark reality: deploying AI-enabled security isn't optional anymore. For healthcare, financial services, and any entity handling sensitive data, machine-speed defenses have become the minimum viable protection against adversaries that never sleep, never forget, and scale infinitely across attack surfaces. What makes traditional data loss prevention (DLP) and regulatory compliance frameworks ineffective against such AI-driven attacks? Traditional DLP and compliance frameworks fail against AI-driven attacks because they were designed for predictable, human-speed threats within controlled environments. The research reveals fundamental mismatches. DLP relies on signature-based detection, but AI attackers generate novel attack vectors in real-time that never existed before, rendering pattern databases obsolete. While security teams investigate alert #1, AI has already executed attacks #2 through #50 at machine speed. Most critically, compliance frameworks like GDPR and HIPAA require tracking all data processing activities. Yet, 86% of organisations are blind to their AI data flows. With employees routinely sharing sensitive data through 1,200+ shadow AI applications. The fragmentation compounds failure: organisations average 15,000 ghost users and 176,000 inactive identities that AI can exploit, while disconnected security tools create visibility gaps. Traditional controls – training (40% adoption), policies (10%), and warnings (20%) – provide zero protection against autonomous systems that methodically catalog every vulnerability and execute multistage attacks with surgical precision. From a compliance standpoint, what immediate controls or policies must be re-evaluated or re-implemented in light of this development? From a compliance standpoint, organisations must immediately shift from human-dependent controls to automated technical enforcement. The research proves only 17% of organizations with automated blocking survive AI attacks. Training, policies, and warnings provide zero protection. Critical re-evaluations are required in regard to: Access Controls: Deploy automated AI-specific blocking, as 97% of breached firms lacked proper controls. Audit Trails: Establish forensic-quality tracking for GDPR/HIPAA compliance, since 60% can't respond to data requests. Real-time Classification: Only 10% have properly labeled files required for compliance. Unified Governance: Consolidate fragmented tools into command centers, tracking data lineage through AI processing. The mandate is clear. Compliance requires machine-speed technical controls, not human measures that fail universally. What architectural shifts should organisations consider to secure sensitive content when attackers operate at machine speed and scale? Organisations must architect for machine-speed defense through four fundamental shifts. Unified Command Centers should be used to consolidate fragmented security tools into platforms providing total visibility, as AI exploits blind spots between disconnected systems. Automated Technical Controls should be used to deploy blocking and scanning at machine speed, since only 17% with these controls survive AI attacks while human-dependent measures fail universally. Zero-Trust Data Architecture implements controls that verify every access in real-time, as AI systematically exploits trust relationships and 15,000 ghost users in typical enterprises. AI-vs-AI Defense Layers includes AI-powered anomaly detection that learns organisational patterns and responds in milliseconds, not hours, matching attacker capabilities. The architectural imperative here is to shift from perimeter-based human-speed security to data-centric machine-speed protection that follows sensitive information wherever it flows. With forensic-quality audit trails satisfying regulatory requirements while defending against adversaries that operate 24/7 at inhuman precision. Given the scale and memory capabilities of AI-driven attacks, what practical steps would you recommend to CISOs and compliance heads to strengthen their defence posture and ensure regulatory readiness? CISOs and compliance heads need three critical defenses against AI's perfect memory and infinite scale. Immediate (0-30 days): Deploy automated blocking and anomaly detection, as only 17% with these controls survive AI attacks. Establish zero-trust verification for every access since AI catalogs all discovered credentials. Consolidate (30-90 days): Unify fragmented tools into a single platform, eliminating blind spots between 1,200+ shadow applications. Deploy AI-powered defense responding in milliseconds, not hours. Compliance (90+ days): Implement forensic audit trails for every data movement, automated classification, and real-time reporting. Success metrics: sub-second detection, 100% audit coverage, minutes-to-containment. The mandate here is to match AI's machine speed and memory with equally capable defenses. Human-dependent measures guarantee failure.'
Finextra
04-08-2025
- Business
- Finextra
Maven leads £5 million investment in Approov
Approov Limited ('Approov'), a mobile app security software business, has secured a £1.2m investment from the Investment Fund for Scotland, managed by Maven Capital Partners ('Maven'). 0 This is part of a £5 million funding round with participation from Souter Investments, and existing investors Lanza techVentures and Scottish Enterprise. Approov has developed patented mobile security technology that protects apps and APIs from AI-driven threats by using a cloud-first approach, offering a stronger and more reliable alternative to traditional code obfuscation. Its mobile security solution ensures only genuine, unmodified apps running in trusted environments can access your backend services. It works by continuously verifying app and device integrity to stop bots and tampered apps with real time analytics and cloud based secret management to protect mobile apps and APIs. As winner of the Cyber Innovation Award at this year's Scottish Cyber Awards, Approov's solution has already established a strong presence in the global automotive and financial service sectors. The mobile RASP market is a fast-growing subsegment of the cyber security industry, driven by the proliferation of mobile threats and increased demand for embedded, in-app security. Enterprises are proactively embedding security within app development lifecycles to combat rising incidents of reverse engineering, app tampering, and overlay attacks. Approov's technology protect apps from tampering and fraudulent API access, offering a critical defence in today's rapidly shifting cyber threat landscape. This funding milestone will enable Approov to bolster its R&D team in Edinburgh, driving the creation of advanced technologies to secure mobile applications and APIs against evolving threats in real time, including those powered by AI. The investment will also allow the business to invest in its sales and marketing operation as it grows its market reach, diversifies into new sectors and expands its international footprint. Craig McGill, Investment Manager at Maven, said: 'Approov is a leading innovator in mobile app and API security with proven applications in multiple target sectors. With their strong IP and the growing demand for API-level defences across the industry, the business is uniquely positioned to lead this next era of mobile security. We look forward to working with Ted and the team to drive the business forward at such an exciting point in the company's growth journey.' Ted Miracco, CEO of Approov, said: 'As the threat landscape continues to evolve, developers and enterprises alike are recognizing that mobile app security cannot be an afterthought,' said 'This funding marks a pivotal moment in our mission to ensure that every mobile app instance is authenticated and that backend APIs are protected from fraud, abuse, and unauthorized access.' Sarah Newbould, Senior Investment Manager at Nations & Regions Investment Funds, the British Business Bank, said: 'Approov is a strong example of a Scottish company developing smart technology to tackle a global challenge. As mobile apps and APIs become central to business, protecting them from increasingly sophisticated threats, including those driven by AI, is critical. We're pleased the Investment Fund for Scotland is able to support Approov as it grows its team in Edinburgh and expands into new markets. This investment reflects IFS's commitment to backing ambitious companies with the expertise to drive Scotland's tech sector forward.'
Forbes
31-07-2025
- Forbes
How A Clash Of Cultures Changed Software Security Forever
Chris Wysopal is Founder and Chief Security Evangelist at Veracode. In 1998, I found myself in an unexpected place: testifying before the U.S. Senate about computer security alongside my fellow L0pht members. We weren't executives or policymakers—we were hackers. But our message was clear: something had to change. Software was being shipped with critical vulnerabilities, and no one was being held accountable. We got to the Senate floor because we made noise. We did full disclosure. We forced uncomfortable conversations. We weren't seeking notoriety; we were advocating for a safer digital world. Back then, responsible disclosure was ad hoc and adversarial. The tools we built and the research we published were often seen as threats rather than contributions. But we believed that exposing systemic flaws was the only way to compel progress. That mindset of transparency as a driver of accountability feels more relevant than ever. Today's threat landscape is shaped by AI, automation and hyperconnectivity. Just as we once exposed buffer overflows and insecure protocols, today's researchers are surfacing flaws in machine learning models, hallucinated code and autonomous agents. The same principle applies: visibility must precede security. You can't fix what you can't see. Leaders need to prepare for vulnerability discovery at machine speed. Create pathways to disclose flaws uncovered by AI systems, whether in third-party code or your own models. Build red-teaming capabilities for your AI stack, and design systems that reward (not resist) the signals surfaced by independent researchers. At first, L0pht operated outside the system because the system wouldn't listen. But over time, things changed. We sat down with Microsoft in the late 1990s to explain our intent. We weren't trying to embarrass anyone. We just believed users deserved to know when protocols were insecure. That conversation led to coordinated disclosure policies and, later, acknowledgment of researchers in vendor advisories. The lesson we learned—that collaboration beats confrontation—should guide leaders today. Security isn't just a technical function; it's a human one. And culture determines whether people share what they know. CISOs should create internal equivalents of coordinated disclosure. Your engineers, product managers and legal teams must feel empowered to raise issues, even when they're inconvenient. Normalize the flow of uncomfortable truths. Adopt a blameless disclosure culture. And externally, build partnerships with the open-source community, independent researchers and other vendors that make collaboration frictionless and high-trust. Our philosophy at L0pht was 'hack everything.' The goal was never just to break things, but to understand them. Security, to us, wasn't about checking boxes. It was about gaining a deeper grasp of how systems worked so we could make them safer. That approach shaped the work we did when we joined @stake in 2000 and, later, consulted with Microsoft to help secure products such as Internet Explorer 6. Our team introduced methodologies like threat modeling, fuzzing and runtime attack surface analysis that became foundational to Microsoft's Security Development Lifecycle. Today, the pressure to move fast is orders of magnitude greater than it was back in our L0pht days. Leaders are constantly balancing innovation with compliance and risk mitigation, but the real opportunity lies in embedding security into the innovation process itself. Partner with engineering early in the development cycle. Build threat modeling into product design. View security not as a bottleneck but as a catalyst for better code and more resilient systems. The faster you move, the earlier security needs to be involved, because it's far more expensive and disruptive to fix things after the fact. At its core, L0pht wasn't just a lab or a company. It was a culture. We shared tools, ideas and research openly because we believed in democratizing knowledge. That spirit helped seed today's bug bounty programs, open-source security tooling and responsible disclosure norms. As AI reshapes development, security and infrastructure, leaders need to cultivate a similar culture of curiosity and principled dissent. Hire for grit and creativity, not just credentials. Promote the quiet truth-tellers. Build psychological safety so people feel safe flagging issues even when it's politically risky. Security today isn't just about firewalls and encryption; it's about culture. And the most resilient organizations are the ones where people feel empowered to speak up, challenge assumptions and think like attackers, because they want to protect what matters. It's easy to forget how radical it once was for a vendor to listen to a hacker. But that's the shift we helped drive in the early 2000s: from antagonism to collaboration—from underground to boardroom. Today, security researchers have a seat at the table, but the lessons of the past still apply. Vulnerabilities don't get fixed because we wish them away. They get fixed because someone insists that they can't be ignored. That insistence, combined with collaboration, transparency and a willingness to embrace uncomfortable truths, is what made the difference then. It's what still makes the difference now. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
14-07-2025
- Business
- Yahoo
AI Sparks Cybersecurity Boom
Wedbush sees cybersecurity spending surging as AI threats grow more complex, and names Palo Alto Networks (NASDAQ:PANW), CrowdStrike (NASDAQ:CRWD), Zscaler (NASDAQ:ZS), CyberArk (NASDAQ:CYBR), Check Point (NASDAQ:CHKP)and Varonis Systems (NASDAQ:VRNS) as top picks. Warning! GuruFocus has detected 6 Warning Sign with PANW. Wedbush analyst Daniel Ives notes that Agentic AI rollout is expanding attack surfaces faster than ever. Companies embedding these smart systems without built-in safeguards are racing to shore up cloud, network and endpoint defenses. We are still in the early innings of this trend. Ives and his team are spotting module add-ons across a range of platforms and expect large strategic deals to pick up through 2026 as budgets stretch to match the sophistication of new breaches. Resilient cybersecurity budgets could make this subsector a standout performer even if broader tech markets wobble. Investors who get positioned now may ride the wave of AI fueled demand in the months ahead. Watch for an uptick in mergers and acquisitions as both corporate buyers and private equity firms seek AI enabled security targets. Any deal announcements could reset valuation benchmarks across the space. This article first appeared on GuruFocus.
