Latest news with #BishopFox
Channel Post MEA
4 days ago
- Business
- Channel Post MEA
Redington Signs Distribution Partnership With Illumio For Containing Breaches
Redington has announced a new distribution partnership with Illumio, the breach containment company. The partnership will see Redington work with Illumio to evolve its channel strategy, drive partner enablement, and accelerate go-to-market momentum for Illumio Segmentation, helping organizations across the region reduce risk, contain attacks, and stop cyberattacks from turning into cyber disasters. Despite record spending on cybersecurity, the volume, cost, and impact of cyberattacks continue to rise. Ransomware and other threats bypass perimeter defenses, with attackers exploiting vulnerabilities in hybrid and multi-cloud environments to move across networks and reach critical data, assets, and infrastructure. Illumio Segmentation proactively protects critical assets, contains attacks, and enhances cyber resilience. By applying the principles of Zero Trust to stop lateral movement across multi-cloud and hybrid infrastructure, it enables organizations to protect critical resources and prevent the spread of cyberattacks. 'Our partnership with Illumio reflects Redington's continued commitment to bringing the most advanced and relevant cybersecurity solutions to our partners and customers,' said Dharshana Kosgalage, Executive Vice President, Technology Solutions Group, Redington. 'In today's threat landscape, Zero Trust Segmentation is no longer optional—it's essential. Through our extensive channel ecosystem, we will accelerate access to this critical technology, enabling partners to drive real cyber resilience for their customers.' Recognized as a leader in The Forrester Wave™: Microsegmentation Solutions, Q3 2024 report, Illumio Segmentation is proven to strengthen cyber resilience and reduce the impact of attacks. A Forrester Total Economic ImpactTM report shows Illumio reduces the blast radius of attacks by 66%, saving $1.8 million in decreased risk exposure. Ransomware emulations from Bishop Fox also show Illumio stops attacks from spreading nearly four times faster than detection and response capabilities alone. 'Breaches today are inevitable, but disasters don't have to be,' said Sam Tayan, Director of Sales for Middle East, Turkey and Africa (META) at Illumio. 'Illumio Segmentation provides a simple and effective way to contain threats, minimize risk, and build resilience, so that organizations can thrive without fear of cyber disasters. We're thrilled to partner with Redington to jointly deliver value to customers and empower them to stay agile in the face of today's cyberthreats.' Illumio Segmentation sits alongside Illumio Insights as part of the Illumio Platform, the first cybersecurity platform dedicated to containing breaches built on an AI security graph. Illumio Insights is an AI-powered cloud detection and response (CDR) offering that helps organizations quickly identify risks and detect threats. With both Insights and Segmentation, security teams can shrink the attack surface, detect threats, and contain breaches in real time. To ensure the successful adoption of Illumio Segmentation, Redington is going beyond basic enablement—arming its channel partners with deep technical training, strategic advisory, and hands-on deployment support. By blending cybersecurity expertise with real-world application scenarios, Redington is helping partners not only sell Illumio, but also become trusted advisors in breach containment, accelerating business growth and elevating their value in the cybersecurity ecosystem. 0 0
USA Today
29-01-2025
- Business
- USA Today
'Humans Aren't the Weakest Link, They're the Strongest Layer in Cybersecurity,' says Social Engineer Expert Alethe Denis
'Humans Aren't the Weakest Link, They're the Strongest Layer in Cybersecurity,' says Social Engineer Expert Alethe Denis When discussing cybersecurity, a common refrain emerges: 'People are the weakest link.' From phishing scams to social engineering attacks, much of the conversation centers on human susceptibility to manipulation. But Alethe Denis, a renowned social engineer and Senior Security Consultant at Bishop Fox, challenges this narrative. 'People are not the weakest link,' she asserts. 'In fact, they are a company's greatest asset.' This shift in perspective is born from Alethe's extensive experience in social engineering, open-source intelligence (OSINT), and red team engagements. With accolades including a DEFCON Black Badge—one of the most prestigious awards in the cybersecurity community—Alethe has firsthand knowledge of how people, policies and technologies interplay in protecting companies. So why does the rhetoric persist that people are easy to hack? Alethe believes it stems from a culture that perpetuates negativity. 'You tell people they're not good enough for long enough, and they'll start believing it, at some point,' she explains. Constantly framing humans as the problem erodes their sense of responsibility and pride. Alethe points out that many security failures are not purely human errors but the result of systematic gaps. 'When companies don't invest in the right layers of technical, physical, and procedural security controls, they leave themselves vulnerable,' she says. Blaming humans (employees) without addressing these foundational issues oversimplifies the problem and prevents meaningful solutions. For example, this cybersecurity consultant recalls a red team engagement involving falsified documents with electronic signatures. At one store, the one in charge strictly followed the procedure, refusing access without a ticket number. At another store in the same chain, employees accepted the fraudulent document and allowed unescorted access. Despite both locations having the same training on procedure for onsite visits, the outcome was unexpected. The difference? The first location had employees who felt empowered and supported to enforce company policies, even under pressure. The second location, while staffed with equally capable individuals, lacked the same level of adherence to procedures—potentially due to a more relaxed culture or differing leadership styles. These experiences underscore Alethe's point: 'People are not inherently easy to hack. They're only as effective as the systems and support around them.' Alethe likens effective security to an ecosystem, emphasizing the importance of multiple components. 'A hardened target has technical controls, physical barriers, and human policies working together seamlessly,' she explains. When any of these components are underfunded, misconfigured, or poorly enforced; vulnerabilities emerge. She also highlights how attackers exploit time pressure and benign scenarios to bypass defenses. 'People don't always recognize manipulation because it often feels harmless. A friendly interaction or a seemingly urgent request can be enough to lower someone's guard,' she shares. This underscores the need for organizations to empower their employees with the tools and confidence to enforce policies without fear of repercussions. Alethe emphasizes that imbibing a culture of trust and respect is critical. 'People are proud to work where they feel valued and significant. When employees care about their work, they're more likely to follow procedures,' she adds. Traditional security training often focuses on fear—teaching employees what not to do and emphasizing the consequences of failure. Alethe, on the other hand, advocates for a more positive approach. 'We need to emphasize that people have the power to prevent security breaches. When employees understand the 'why' behind policies and feel confident in their roles, they become a formidable line of defense.' In one of her many engagements, the Social Engineer tested the security of a critical infrastructure facility. The organization had strict policies in place, but the lack of proper training and infrastructure left gaps. 'We saw systems left wide open due to misconfigurations and employees who weren't adequately trained to use them securely,' she recalls. For her, this highlights the need for organizations to invest in their people as much as their technology. 'You can't rely on tools alone. It's the combination of people, processes, and technology that creates a robust defense.' As a red team specialist, Alethe focuses on emulating real-world attackers to help organizations identify and fix vulnerabilities. Unlike phishing campaigns targeting the entire workforce, red team exercises often involve precise objectives or trophies, such as gaining access to a critical system or sensitive data. 'The goal isn't to embarrass employees or highlight individual failures,' she explains. 'It's to test the organization as a whole—its tools, procedures, and training.' By creating realistic but non-harmful scenarios, red team exercises provide invaluable insights without causing reputational or financial damage. Alethe further notes that the most effective red team engagements blend technical expertise with human interaction. 'You need to understand how to navigate both systems and people,' she says. This holistic approach ensures that organizations are prepared for a range of potential threats. This skilled physical penetration tester is on a mission to redefine how we view human roles in cybersecurity. By challenging the 'weakest link' narrative, she aims to inspire organizations to see their employees as assets rather than liabilities. As Alethe Denis continues to share her insights through speaking engagements, podcasts, and an upcoming book on the red team social engineering process with personal insights, one thing is clear: the future of security lies in empowering people, not exploiting their vulnerabilities.
