Latest news with #RSACConference
Irish Independent
18-05-2025
- Business
- Irish Independent
Irish cybersecurity firms up with best in world at San Francisco showcase
Enterprise Ireland is committed to supporting Irish-owned companies to start, compete, scale and connect, including companies in the cyber-security sector, an industry that has experienced significant growth in recent years. Cyber security-focused companies generate around €2.7bn in revenue annually and employ over 8,000 people nationwide, according to the CSO. A number of Irish cyber-security companies which Enterprise Ireland is proud to support recently attended San Francisco's RSAC Conference, the world's leading cyber-security conference. The RSAC has an established reputation for fostering growth, collaboration, and innovation, making it a must-attend event for anyone in the cybersecurity industry. The significant Irish participation this year reflects Ireland's growing influence in this global landscape highlighting the country's commitment to advancing secure and reliable digital solutions. At the 'Cyber Entrepreneurship Summit', a full-day in-person masterclass-style event, Enterprise Ireland representatives discussed Ireland's dynamic cyber ecosystem and Irish attendees and generative AI specialists UrbanFox participated in Startup Showcase, a sandbox-style pitching competition. This recognition reflects the advanced tech capabilities and innovation that Irish companies bring to the global stage. Other Enterprise Ireland-supported companies that participated included Dublin-based Waratek, a leader in the next significant shift toward proactive security platforms, Vaultree which is revolutionising data security by providing cutting-edge encryption solutions, and Tines, the latest Irish tech unicorn that delivers an automation platform that enables security teams to automate repetitive workloads, making them more effective and efficient. Enterprise Ireland has a network of 42 international offices, seven in the US, including an office and team on the ground in San Francisco. The RSAC also provided an important opportunity for Enterprise Ireland's team there to bring key stakeholders together from across the network in-market to showcase Ireland's cyber innovation, by hosting Ireland's Cyber Reception at Ireland House in San Francisco. Irish participants included Triangle Computer Services, Corrata, Edgescan, Threatscape &Daon and this event showcased our growing strengths and cutting-edge contributions to the global cybersecurity landscape. Enterprise Ireland's presence at RSAC follows a successful showing of Irish cybersecurity companies at the InCyber Forum in early April. Held in Lille, France, the event is Europe's leading event for digital security and trust. The participation of these Irish-owned companies at these two marquee events is testament to the strength and dynamism of the Irish cybersecurity sector. It also reflects our commitment to fostering innovation and supporting the growth of high-potential companies. As these companies engage with global industry leaders, they not only enhance their own capabilities but also contribute to the broader goal of making the digital world a safer place. Enterprise Ireland is committed to supporting Irish businesses to start, compete, scale and connect, and our new five-year strategy 'Delivering for Ireland, Leading Globally' outlines our ambitious targets for the Irish enterprise base which aims to support more Irish companies to achieve greater scale through international growth. Enterprise Ireland's objective is to 'Accelerate Sustainable Irish Business', and it is our long-term ambition that exporting Irish companies will become the primary driver of the Irish economy. For more information about how Enterprise Ireland can help your cybersecurity business identify and access supports and opportunities, visit Anna-Marie Turley is Enterprise Ireland's head of Fintech, Financial Services & Cybersecurity
Yahoo
06-05-2025
- Business
- Yahoo
RSA Announces New RSA Governance & Lifecycle ISPM Capabilities at RSAC 2025
SYDNEY, May 06, 2025--(BUSINESS WIRE)--RSA, the security-first identity leader, announced new Identity Security Posture Management (ISPM) capabilities at RSAC Conference that will help enterprises proactively find and resolve security risks across hybrid and cloud environments. Built into the RSA® Governance & Lifecycle identity governance and administration (IGA) solution, the new ISPM features address critical cybersecurity risks that result from cloud computing, remote work, and the growth of human and non-human identities. Combined with leading RSA Governance & Lifecycle IGA capabilities, RSA ISPM innovations help organisations proactively reduce their identity attack surface. New AI-powered dashboards deliver proactive and actionable insights into policy violations, excessive entitlements, orphaned accounts, and other critical risks that can weaken security and compliance. RSA solutions don't stop at identifying risks: they go further by recommending specific actions to resolve issues, helping organisations move quickly from insight to resolution. Increasingly complex IT environments have made it impossible for organisations to gain a comprehensive understanding of their identity posture using traditional approaches to identity and access management, leaving them vulnerable to attacks, compliance fines, and other risks. To adapt to this evolving threat landscape, organisations are turning to ISPM, a new cybersecurity framework that complements traditional IGA functions by stressing comprehensive visibility, continuous risk assessment, and automated remediation of identity-related vulnerabilities. RSA Governance & Lifecycle provides the ISPM capabilities enterprises need to gain comprehensive visibility into their identity ecosystem. Its advanced dashboards, powered by AI, analyze identity data to proactively uncover vulnerabilities, prioritize risks, and deliver clear, actionable insights for admins, business leaders, and executives. The new RSA Governance & Lifecycle ISPM capabilities will be generally available in Q3 2025. "Reactive identity security capabilities simply aren't sufficient for today's threats, which demand solutions that can proactively find, prioritize, and resolve identity risks," said RSA CEO Rohit Ghai. "Government agencies, banks, healthcare, energy, and other security-first organisations need a unified identity platform—including strong access security, enterprise-grade passwordless authentication, governance, and lifecycle operating in an ISPM framework—to stop cyberattacks, stay in compliance, and accelerate productivity."
Yahoo
03-05-2025
- Politics
- Yahoo
The nation's cyber community is quietly rebelling against Trump's changes
SAN FRANCISCO, California — In his first 100 days in office, President Donald Trump has taken a sledgehammer to many of the nation's cyber-focused agencies and programs. Now, a normally apolitical community is rising up in protest. The nation's cyber agencies, particularly the Cybersecurity and Infrastructure Security Agency, have facedrelentless cuts to programs and personnel, heightening concerns about the stability of the workforce and resiliency of U.S. capabilities. Major changes to cyber strategy were announced at the State Department and intelligence agencies such as the National Security Agency, creating additional confusion about whether there was a unified approach to cyber policy. And President Donald Trump has continued his retribution campaign against top officials he has deemed disloyal to his agenda —including ordering an investigation into Chris Krebs, who led CISA under Trump between 2018 and 2020, and firing Gen. Timothy Haugh, who served as the commander of the U.S. Cyber Command and director of the NSA. Taken together, these actions by the Trump administration are creating a deep sense of unease among the cybersecurity community, particularly as it sees countries such as China and Russia turning up the heat on attacking U.S. critical infrastructure with little public recourse. The industry has long held the view that securing the nation's most critical networks is a collective national security imperative, with private political opinions mostly kept secondary. But Trump has ushered in an era of hyperpartisanship in Washington and has rewarded public displays of allegiance to the MAGA cause, generating fury among exasperated professionals. 'With the politicization of basically everything in government, including cybersecurity, we are seeing what would be the normal course of business come under scrutiny,' said one cyber industry leader on the sidelines of the RSAC Conference, one of the largest gatherings of cyber professionals in the world. 'There are a number of groups, communities if you will, that are trying to take a more aggressive approach to say, 'Hey, we can't be quiet or complacent anymore on the way we operate,' because effectively good faith is no longer the tone that is being taken.' This person and others interviewed for this story were granted anonymity to speak candidly about their concerns amid fears of potential backlash from the Trump administration. Prominent cyber leaders, who have voiced displeasure with the nation's dwindling cyber strength in private, are finally speaking out in the face of a political divide. Last week, the Electronic Frontier Foundation, a San Francisco-based digital rights group, penned an open letter condemning the Trump administration for its retaliation against Krebs. The letter began with a few dozen signatures, butmore than 400 cyber professionals had signed on as of Friday afternoon. And just days prior, former CISA Director Jen Easterly, who stepped down from her post on the day of Trump's inauguration, posted afiery missive on LinkedIn calling on the community to mobilize in the face of grave dangers to national security. 'As experienced leaders exit and key roles remain vacant, our nation's cyber defenses are at risk of being dangerously degraded,' wrote Easterly, who has largely avoided discussing political issues. 'That's why it's more important than ever for the cybersecurity community, especially the private sector, to step forward.' At CISA itself, one current employee said town halls with agency leaders to discuss recent changes have 'popped off' in recent weeks, as personnel were abruptly asked to either stay and risk layoffs or take deferred resignations. 'I think the sense from myself and my peers is that the ability of this country to deal with cyber threats is being absolutely gutted for political reasons,' a second industry expert said. Outraged whispers circulated the halls of San Francisco's Moscone Conference Center about Trump's reprisal against Krebs, who provoked his ire in 2020 for stating that the presidential election was secure and that claims of fraud were unsubstantiated. Last month, Trump stripped him of his security clearance and ordered the DOJ to investigate his tenure as CISA head. And earlier this week, a Department of Homeland Security spokesperson confirmed thatKrebs had lost his membership to Global Entry, an expedited customs program for U.S. travelers, because of Trump's probe. 'Nobody should be blackballed for doing their job,' said a third industry leader. 'That's the situation we have right now — widespread anger that it doesn't seem to be getting any better. And where are our industry leaders?' The percolating paranoia was summed up by Jeff Greene, former executive assistant director for cybersecurity at CISA,who posted on LinkedIn following the conference that while 'RSA was terrific as always … there was a level of unease and uncertainty I'd never felt before.' The Trump administration is aware of the pushback, and top officials traveled to the conference this week to smooth ruffled feathers. Homeland Security Secretary Kristi Noem gave a keynote address Tuesday, in which she assured the crowd of the administration's commitment to cybersecurity and to keeping CISA operating — with some significant modifications. Noem told attendees to 'just wait' to see the administration's grand plans for cyber and promised further investment — though on Friday, the White House released a budget plan that would slash $500 million from CISA if enacted, creating further dissonance between the administration's words and actions. 'I'm committed to cybersecurity as is the president, recognizing it's a national security imperative responsibility that rests on our shoulders, and that the national defense comes through a CISA that continues to do its job well, but becomes more improved and on mission every day,' Noem said. Alexei Bulazel, senior director for cyber on the White House's National Security Council, also gave a keynote address at the conference, reiterating that cybersecurity 'is an important thing for us,' and pledged to push back hard on China offensively. But these promises have done little to assuage concerns. 'Though she said many of the right things, folks are focusing on actions rather than words, including dramatic cuts at CISA,' one former official said. 'Noem's response to this criticism that, essentially, people should 'just wait for what's coming' lacked any detail and gave little solace.' Former Republican Rep. John Katko of New York, who previously served as ranking member of the House Homeland Security Committee, defended the changes to CISA, noting that it was the administration's 'prerogative' to shift budgets and change directives. Still, Katko, who currently serves as senior adviser to cyber company SecurityScorecard, acknowledges that 'if they did deprioritize cybersecurity, it's borderline suicidal for this country, and I think they realize that.' On a deeper level, experts are also increasingly worried that the chaos and lack of cohesion at the top will hand cyber adversaries like China and Russia an opportunity to capitalize on a perceived distraction from protecting critical networks. 'I've had meetings in the White House … they are very serious about cyber defense,' said Bob Ackerman, co-founder and managing partner at cyber startup company DataTribe. 'At the same time, they have this kabuki theater going on that would raise the question for an adversary, 'well who's in charge?' And it would appear to create a window of opportunity for misbehavior.' Michael Leland, field CTO at enterprising browser company Island, warned that given the pending personnel cuts across the federal government, 'we're not getting the best work out of red teamers right now because they don't know if they're going to have a job next week, those are all concerns and adversaries know that.' Brandon Wales, former executive director of CISA and current vice president of cyber strategy at SentinelOne, was careful in noting that while he hopes 'the new administration, as they're looking at making changes to CISA, spend some time really understanding what aspects of it are most essential,' ultimately, 'this mission needs a functioning CISA.' Support for Krebs was overwhelming at the conference — he took strong stances against the administration during two panel sessions, and his encouragement to the cyber community to push back received thunderous applause. 'To the community that right now is in distress, that's under attack, that's being picked out from all sides, cybersecurity is national security,' Krebs said at the end of a keynote panel Thursday. 'Please stay in the fight. Do not lose faith, don't let it grind you down. We have to win this. We will win this.'
Yahoo
29-04-2025
- Business
- Yahoo
JPMorgan Chase CISO warns software industry on supply chain security
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. The senior information security executive at JPMorgan Chase is urging the software industry to prioritize secure development practices over speed to market, warning that increasing supply-chain disruptions are weakening the global economic system. Patrick Opet, global CISO at JPMorgan Chase, warned in an open letter on Friday that global companies are dependent on interconnected technologies and warned that software needs to be secure by default. Opet said that because global companies are increasingly reliant on a small number of software-as-a-service providers, a hack or other disruption can disrupt critical infrastructure providers around the world. JPMorgan Chase officials have seen the warning signs up close, Opet said. 'Over the past three years, our third-party providers experienced a number of incidents within their environments,' Opet wrote. 'These incidents across our supply chain required us to act swiftly and decisively, including isolating certain compromised providers and dedicating substantial resources to threat mitigation.' JPMorgan Chase in 2024 disclosed a third-party software issue that impacted more than 451,800 people, according to a filing with the Maine attorney general's office. The flaw allowed three employees to see certain records of retirement plan participants. The bank faced trading disruptions because of the July 2024 international IT outage created by a faulty CrowdStrike software upgrade, according to Bloomberg. The outage caused 8.5 million Windows devices to fail, leading to widespread disruptions across the airline industry, health care, financial services and other critical industries. Modern identity protocols like OAuth create direct connections between third-party services and sensitive internal resources at companies, making it easier for attackers to gain access to confidential data or internal communications, Opet noted in the letter. Threat actors are increasingly targeting third-party technology providers as a method of gaining access to sensitive documents and disrupting systems. Opet cited a March blog post about efforts by the China-linked espionage group Silk Typhoon to abuse remote-access tools and cloud applications to gain initial access to target networks. Opet wrote the letter on the eve of the annual RSAC Conference in San Francisco, where more than 45,000 members of the cybersecurity industry are scheduled to discuss pressing issues like software security. Opet said he wanted to see improved security standards and more transparency in how suppliers use privileged access. He also said technologies like confidential computing could reduce risks when suppliers use sensitive information. 'We're looking for the software industry to recognize the criticality of risks today and collectively work together on a number of fronts,' Opet told Cybersecurity Dive. Opet's letter echoes a recent call from former Cybersecurity and Infrastructure Security Agency director Jen Easterly for the software industry to embrace secure-by-design principles. Software security leaders welcomed the letter, although some argued for even tougher measures, including potential legal liability. 'The software supply chain is uniquely vulnerable as no one party builds the entire software up and downstream, creating opportunities for bad actors to exploit,' Brian Fox, co-founder and CTO at Sonatype, told Cybersecurity Dive via email. Sign in to access your portfolio
Business Wire
28-04-2025
- Business
- Business Wire
TrueFort Recognized as a Leader in Microsegmentation at the 2025 Global InfoSec Awards
SAN FRANCISCO--(BUSINESS WIRE)-- TrueFort, the lateral movement protection company, today announced it has been named a Trailblazer for Microsegmentation in the 2025 Global InfoSec Awards by Cyber Defense Magazine (CDM), unveiled today at the RSAC Conference. TrueFort is redefining microsegmentation for the modern enterprise, delivering next-generation cybersecurity that addresses today's most sophisticated threats, including compromised credentials, ransomware, supply chain attacks, and insider threats. Lateral movement continues to be a leading technique for successful cyber attacks. By combining deep application intelligence with behavioral analytics and automated policy enforcement, TrueFort helps enterprises mitigate business risk by stopping attacks. 'We're honored to be recognized once again as a leader in microsegmentation by Cyber Defense Magazine,' said Sameer Malhotra, CEO of TrueFort. 'Lateral movement continues to be a leading technique for successful cyber attacks. By combining deep application intelligence with behavioral analytics and automated policy enforcement, TrueFort helps enterprises mitigate business risk by stopping attacks before they spread—ensuring critical workloads remain secure and operations resilient across even the most complex hybrid and multi-cloud environments.' 'TrueFort embodies three major features we judges look for to become winners: understanding tomorrow's threats today, providing a cost-effective solution, and innovating in unexpected ways that help mitigate cyber risk and stay a step ahead of the next breach,' said Gary S. Miliefsky, Publisher of Cyber Defense Magazine. The TrueFort Platform enforces Zero Trust security across complex environments—spanning bare metal servers, virtual machines, containers, Kubernetes, and cloud-native architectures. The platform provides security teams with unparalleled visibility into application behavior and communication flows. Built to address the dynamic nature of hybrid and multi-cloud environments, TrueFort blocks unauthorized lateral movement and enforces automated policies without disrupting operations. Its open ecosystem integrates seamlessly with leading endpoint and security tools such as CrowdStrike and SentinelOne, while supporting its own proprietary agent for fine-grained policy enforcement. A trusted partner to some of the world's most security-focused Fortune 500 companies, TrueFort delivers application-centric Zero Trust protection that scales across the most complex IT environments—from containers and Kubernetes to legacy systems and cloud-native architectures. The judges, certified security professionals (CISSP, FMDHS, CEH), evaluated submissions based on an independent review of materials such as data sheets, white papers, and product literature. CDM prioritizes innovation over market size, always asking 'What's Next?' in search of next-generation InfoSec solutions. About TrueFort TrueFort puts you in control of lateral movement across the data center and cloud. The TrueFort Cloud extends protection beyond network activity by shutting down the abuse of service accounts. Founded by former IT executives from Bank of America and Goldman Sachs, leading global enterprises trust TrueFort to deliver unmatched application environment discovery and microsegmentation for both identity and activity. For more information, visit and follow us on LinkedIn and Twitter.
