Latest news with #ZeroTrust
Yahoo
19 hours ago
- Business
- Yahoo
Andromeda Security Unveils Strategic Enhancements to Combat Escalating Identity Attacks
Leveraging real-time context and intelligent automation, Andromeda tackles identity sprawl and enforces least privilege at a time when 80% of all breaches involve compromised identities. SAN FRANCISCO, July 30, 2025--(BUSINESS WIRE)--Andromeda Security, the company automating permissions and lifecycle across human and non-human identities, today announced a major product expansion delivering broad support for cloud services, granular resource-level access visibility, and critical integrations such as Active Directory. This launch reflects the company's continued mission to reduce the identity attack surface and help organizations accelerate their Zero Trust journey. With 95% of permissions over-provisioned, and 99% of organizations blaming insecure identities for breaches, enterprises face mounting risk from both human and non-human identities (NHIs) and the coming onslaught of AgenticAI. "Andromeda stands out as a strategic partner in identity security, providing the holistic visibility needed for both human and non-human identities," said Bill Harper, Director of IAM, New American Funding. "Its powerful risk and behavioral context fuels intelligent automation for streamlined Just-in-Time access, giving us immense confidence in our security posture." Cloud-scale has broken traditional identity tools. The complexity and speed of today's hybrid environments require intelligent automation that's informed by deep, real-time context. Siloed identity tools leave dormant accounts or over-provisioned access unmonitored, making them prime targets for exploitation and contributing directly to financial losses. When organizations are managing thousands of identities across cloud and applications with minimal visibility into actual usage patterns, they're operating blind. "This release is a testament to our team's rapid pace of innovation and deep understanding of the modern identity threat landscape," added Basavaiah. "We are not just adding features, we are expanding the breadth, depth, and precision needed to address today's most complex identity challenges." The updates deliver on a roadmap driven by customer demand, providing the most expansive coverage for identity security across multi-cloud and hybrid deployments including: Expanded Cloud Service Provider Support: Comprehensive support for Google Cloud Platform (GCP), reaching parity with AWS and Azure. Includes JIT access, User Access Reviews (UAR), and activity-based insights for GCP identities. Active Directory Integration: Bridges hybrid identity by ingesting on-prem AD data to provide compliance and risk visibility across humans, NHIs, and the Group and UARs. Business-Critical App & Data Store Integrations: New support for Salesforce, Snowflake, MongoDB Atlas, and ElasticSearch risk insights across humans and NHI, JIT access and UARs. Fine-Grained Cloud Resource Management: Resource-level visibility, JIT access and UAR now available for AWS (S3, RDS, DynamoDB, Redshift, EC2, Secrets Manager), GCP (BigQuery, Cloud Storage), and Azure (Blob Storage, VMs). Kubernetes Security: Native support for EKS, AKS, GKE, and self-managed clusters for namespace- and cluster-level access control. Expanded HRIS & ITSM Integrations: Support for Workday, ADP, and Jira, including JIRA-based access validation for JIT workflows. UAR & JIT Enhancements: More advanced user access review features (e.g., group reviews, auto-revocations) and expanded JIT workflows, now integrated with Jira, Slack, and Teams. Multi-Tenancy for MSSPs: New capabilities for MSSPs and enterprises managing multiple environments. Andromeda's architecture is purpose-built for contextual, risk-driven identity automation, ingesting data from identity providers, cloud logs, and applications into a unified graph-based data lake. Its AI models power insights and decisions around risk, posture, usage, and behavior, delivering automated remediation, access enforcement and improved compliance with confidence and speed. "What began as a search for a better User Access Review tool quickly turned into a game changing move for our identity security program," said Emilio Sepulveda, Director of Security & Compliance at Deepwatch. "Andromeda did not just improve our access reviews—it redefined how we manage identity across the organization. The onboarding was seamless and the platform gave us immediate, precise control over both human and nonhuman identities." About Andromeda Security Andromeda Security addresses the most persistent challenges in identity security: excessive and inappropriate access across both human and non-human identities, manual processes and a lack of end-to-end context – compounded by fragmented data. Its data-centric platform unifies identity, entitlement, and activity data into a graph-based architecture—building rich context and laying the foundation for intelligent automation while delivering holistic visibility and remediation. Powered by AI, Andromeda utilizes contextual intelligence built on risk and behavior insights to provide automated and continuous enforcement of least privilege, Just-in-Time (JIT) access, User Access Reviews (UAR), and identity lifecycle governance—helping organizations reduce their attack surface, improve operational agility, and simplify compliance. Learn more about Andromeda Security here: View source version on Contacts Media Contact:Karen CrowleyAndromeda Securitykaren@

Associated Press
2 days ago
- Business
- Associated Press
Ransomware Surges as Attempts Spike 146% Amid Aggressive Extortion Tactics
Key Findings: SAN JOSE, Calif., July 29, 2025 (GLOBE NEWSWIRE) -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today published its annual Zscaler ThreatLabz 2025 Ransomware Report. The report examines the latest trends shaping the ransomware threat landscape, revealing how attacks are adapting and escalating. It highlights the most targeted sectors and regions, profiles the most active ransomware families, analyzes shifting attack methodologies, and provides actionable recommendations to help organizations strengthen their defenses. ThreatLabz's findings underscore the critical importance of organizations adopting a comprehensive Zero Trust Everywhere strategy. This approach is essential to prevent ransomware and other malicious threats from lateral movement and compromising sensitive user data, applications, and information. 'Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example,' said Deepen Desai, EVP Cybersecurity, Zscaler. 'GenAI is also increasingly becoming part of the ransomware threat actor's playbook, enabling more targeted and efficient attacks. As threats advance, security measures must keep pace. The Zscaler Zero Trust Exchange™ platform empowers organizations to shrink their attack surface, identify and block initial compromise threats, prevent lateral movement, and stop data exfiltration to shut down extortion events before they happen.' Data Demand Fuels Steady Attack Growth Ransomware attacks are intensifying at an alarming rate, with attempted attacks blocked in the Zscaler cloud up 146% year-over-year. This escalation reflects a strategic shift: ransomware groups are increasingly prioritizing extortion over encryption. Accordingly, the report details a 92% increase in the total volume of exfiltrated data by 10 major ransomware groups in the past year, rising from 123 TB to 238 TB. This emphasis on data theft—and the threat of exposure—allows attackers to exert greater pressure on victims, amplifying the impact of ransomware on organizations globally. Industries Under Siege Cybercriminals continue to focus on the high-stakes environments of the Manufacturing (1,063 attacks), Technology (922), and Healthcare (672) sectors, making them the most frequently hit by ransomware over the past year. These industries are particularly vulnerable due to the potential for operational disruption, the sensitivity of stolen data, and the associated risks of reputational damage and regulatory fallout. The Oil & Gas sector has seen a staggering increase in ransomware attacks, spiking over 900% year-over-year. This surge is likely a result of increased automation of systems that control critical infrastructure, including drilling rigs and pipelines, expanding the sector's attack surface, coupled with outdated security practices. United States Is the Target of Half of All Ransomware Attacks Leak site data highlights a distinct geographic disparity, with victims in the United States accounting for 50% of ransomware attacks, significantly outpacing Canada (5%) and the United Kingdom (4%). Ransomware attacks in the U.S. more than doubled to 3,671, exceeding the combined total number of attacks reported across all other countries in the top 15 most-targeted countries. This concentration demonstrates how threat actors continue to strategically target digitally concentrated, high-value economies. Ransomware Groups Driving the Surge Several highly active groups continued to dominate the ransomware ecosystem, with RansomHub leading the pack, claiming the highest number of publicly named victims at 833. Akira and Clop have both moved up in the ransomware attack rankings since last year. Akira, associated with 520 victims, has steadily expanded its reach through numerous affiliates and initial access brokers. Clop, known for its focus on supply chain attacks, is close behind with 488 victims, employing an effective strategy of exploiting vulnerabilities in commonly used third-party software. Zscaler ThreatLabz identified 34 newly active ransomware families over the past year, bringing the total number tracked to 425 since their research began, and has a public GitHub repository that now hosts 1,018 ransomware notes, with 73 added in the last year. How Zscaler Stops Ransomware with Zero Trust + AI Ransomware flourishes in environments with fragmented security, limited visibility, implicit trust, and outdated legacy architectures that amplify risk rather than reduce it. The Zscaler Zero Trust Exchange mitigates these risks by replacing traditional, network-centric models with a cloud-native, AI-driven zero trust architecture, and stops ransomware at every stage of the attack life cycle by: Additional AI-powered ransomware protections from Zscaler include: Download the Report Get the full ThreatLabz 2025 Ransomware Report to explore how Zscaler ThreatLabz plays an active role in protecting enterprises worldwide. Download today. Research Methodology The research methodology for this report is a comprehensive process that uses multiple data sources to identify and track ransomware trends. The ThreatLabz team collected data between April 2024 and April 2025 from sources including the Zscaler global security cloud, and the team's own analysis of ransomware samples and attack data. About ThreatLabz ThreatLabz is the security research arm of Zscaler. This world-class team is responsible for hunting new threats and ensuring that the thousands of organizations using the global Zscaler platform are always protected. In addition to malware research and behavioral analysis, team members are involved in the research and development of new prototype modules for advanced threat protection on the Zscaler platform, and regularly conduct internal security audits to ensure that Zscaler products and infrastructure meet security compliance standards. ThreatLabz regularly publishes in-depth analyses of new and emerging threats on its portal, About Zscaler Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange™ platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 160 data centers globally, the SASE-based Zero Trust Exchange is the world's largest in-line cloud security platform. Media Contact: Nick Gonzalez [email protected] A photo accompanying this announcement is available at


Tahawul Tech
3 days ago
- Business
- Tahawul Tech
'Security is not just an add-on, it is a core part of the infrastructure'
Anjum Mushtaq, Distribution Manager, Cisco Gulf Region and Renton D'Souza, Vice President, Comstor MEA speak about the priorities and developments of Cisco Security within the wider portfolio in this exclusive interview. What are the top priorities for Cisco Security in 2025, and how are you addressing the challenges of the AI era? Anjum: Our top priorities revolve around embedding security deeper into the network, security suites enabling zero trust architectures, and innovating for the AI era. With the rise of agentic AI and increasingly sophisticated threats, we're introducing multiple solutions that allow organisations to simplify policy management, enhance visibility, and scale securely across hybrid and AI-driven environments. We're also leveraging AI for advanced threat detection and response, ensuring that security is not just an add-on but a core part of the infrastructure. How does the partnership between Comstor and Cisco help partners and customers access and deploy Cisco Security solutions more effectively? Renton: Comstor's deep alignment with Cisco means we offer specialised support and expertise that broadline distributors can't match. Our programs are tailored to Cisco's ecosystem, providing partners with training, enablement, and value-added services like staging, configuration, and logistics. Recently, our partnership expanded to include AWS Marketplace, allowing partners to access and procure Cisco's cybersecurity solutions more flexibly and efficiently—meeting customers where they want to buy and accelerating deployment and adoption. What innovations has Cisco introduced recently to help organisations secure hybrid and cloud environments? Anjum: We've launched several innovations, such as the Hybrid Mesh Firewall and Universal ZTNA, which provide distributed, identity-based zero trust protection for users, applications, and AI models. Our Security Cloud Control platform centralizes policy management, integrates with Splunk (now a Cisco company) for unified threat detection, and leverages AI to automate response. These solutions are designed to secure complex, distributed environments without adding operational complexity. How do Cisco and Comstor support partners in building expertise and growing their security business? Renton: We offer a range of bespoke sales and technical training courses, tailored campaigns, and funding aligned to Cisco's strategy. Our enablement programs help partners develop true competencies in Cisco Security, from managed services for SMBs to advanced enterprise deployments. Our unique Comstor Bot and partner portal streamline access to resources, making it easier for partners to maximise returns from Cisco's channel programs and incentives. Image Credit: Comstor & Cisco


Forbes
24-07-2025
- Business
- Forbes
Eliminating Blind Spots: How Browser-Based ZTNA Closes Security Gaps
Etay Maor is Chief Security Strategist for Cato Networks, a leader of advanced cloud-native cybersecurity technologies. Zero trust promised a fundamental shift: security where access depends not just on identity, but on full context—rigorous authentication, device posture, location and real-time risk assessment. Zero trust network access (ZTNA) became the engine driving this vision, replacing porous network perimeters with granular, policy-driven control. Yet, a critical blind spot persists in many implementations: the unmanaged device. Contractors, partners and BYOD users leverage unmanaged endpoints daily—essential for modern business, yet often outside IT's direct visibility and control. They lack agents and consistent configuration. For security leaders, this gap isn't an inconvenience; it's a direct threat to zero trust integrity. Unmanaged devices represent a glaring vulnerability, undermining the model's core principles. The Shortcomings Of Traditional ZTNA: Where The Perimeter Fades ZTNA dethroned legacy VPNs, offering stronger authentication, micro-segmentation (app-specific access) and superior visibility. However, its Achilles' heel is clear: It primarily serves managed devices running dedicated agents under IT's control. Unmanaged devices are left exposed, and common workarounds are flawed. Consider the following shortcomings: • Agent Deployment Hurdles: Installing clients on third-party or personal devices is often unscalable, invasive and blocked by user permissions or policies. • The VDI Burden: Virtual desktops (VDI) create a secure "bubble" but sacrifice performance and user experience—and add significant infrastructure complexity and cost. • Fragmented Tool Chains: Bolting on separate solutions (browser gateways, SWGs, reverse proxies, etc.) creates parallel access paths, inconsistent policy enforcement and siloed visibility—reintroducing complexity that zero trust aimed to solve. These approaches fail to deliver true zero trust for unmanaged devices and introduce new risks: policy gaps, visibility holes, operational overhead and user friction. We need a unified approach that can secure every user and device without multiplying complexity. The Imperative Of Consistency: No Exceptions Allowed Security effectiveness hinges on consistency. If managed users face stringent zero trust controls while unmanaged users operate through weaker exceptions, the entire model unravels. Uniform enforcement is impossible. This inconsistency has tangible consequences, especially for compliance (PCI-DSS, HIPAA, GDPR, SOC 2, etc.). These frameworks demand demonstrable, uniform security controls across all access points handling sensitive data. Gaps for unmanaged devices aren't just vulnerabilities; they are potential compliance violations with severe penalties. To address this, some organizations are turning to browser-based ZTNA. Unlike agent-based ZTNA models that require deep device integration, browser-based ZTNA delivers secure access directly through the user's standard web browser. This simple difference can be transformative. Contractors on home PCs, partners on their laptops and BYOD users can instantly fall under the exact same granular access policies, continuous risk assessment and inspection frameworks as managed users. Crucially, it achieves this without requiring device-level control, persistent software installs or intrusive endpoint changes. The browser becomes the universal conduit. Every access request undergoes rigorous verification, monitoring and filtering—true zero trust extended to the entire workforce ecosystem. Reducing Complexity, Not Just Risk Security leaders know the trade-off: more control often means more complexity. Accommodating unmanaged access historically meant buying new tools and managing parallel policy engines—draining resources and creating gaps. Browser-based ZTNA offers consolidation. It can eliminate the need for separate point products for external users. All traffic flows through a single, unified policy engine with common enforcement points. This ensures uniform access control, threat prevention, data protection and monitoring, reducing the overhead of managing siloed systems. In my experience, it streamlines multiple checkpoints into one efficient lane. Just as importantly, browser-based ZTNA respects the user experience. By supporting standard browsers (Chrome, Edge, Firefox, etc.), users access resources as they always have. No disruptive workflow changes, no specialized software installs or configuration changes. Adoption, I've found, is often frictionless. Use Case: Secure Access For Unmanaged Devices The most compelling application of this model is securing access from unmanaged devices, delivering core zero trust benefits universally. By focusing on these devices, you can: • Enforce identity and risk-based access policies. • Limit users to specific, authorized applications or data sets. • Prevent lateral movement within the network. • Log and audit access for compliance reporting and forensics. • Inspect web traffic for threats and data loss—no endpoint agent needed. In contrast to traditional VPNs or VDI setups, I've found that this model is lighter, faster, more scalable and simpler to manage. Getting Started Organizations beginning their zero trust journey should first address the critical vulnerability of unmanaged devices. Established, traditional ZTNA models often fail here, leaving contractors, partners and BYOD users outside consistent security controls. Agent deployment is impractical, while VDI introduces performance penalties and complexity. Fragmented solutions recreate the visibility gaps zero trust aims to eliminate. Prioritize implementing browser-based ZTNA for unmanaged access. This approach directly tackles the core weakness: It allows applying rigorous zero trust policies—strong authentication, granular access control, continuous inspection—to every user without agents or disruptive changes. The standard web browser becomes the secure conduit, delivering immediate risk reduction at the perimeter's weakest point. Ensure consistent policy enforcement across all users and access paths; security and compliance demand no exceptions. Base access decisions on rich context: identity, device posture (where feasible), location and real-time risk. Critically, reduce complexity by choosing solutions that unify access paths and policy management, avoiding fragmented tools that undermine zero trust. Start by securing high-value applications via this browser approach to demonstrate value and build momentum. Why This Matters Now Hybrid work and third-party collaboration are not temporary—they're the permanent operational fabric of our day-to-day efforts. Unmanaged devices are integral to this landscape. Half-measures are obsolete. A consistent, identity-centric, browser-based ZTNA approach can eliminate fragmented solutions and ensure comprehensive policy coverage. The same stringent rules apply to the CEO on a corporate laptop and the contractor on a personal device. It simplifies operations for security teams. For CISOs, this means fewer dangerous security exceptions, fewer exploitable gaps and more confidence in protecting data and meeting regulatory obligations—regardless of where work happens or which device is used. Browser-based ZTNA doesn't just close the blind spot; it provides the consistent control demanded by boundary-less work. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

National Post
22-07-2025
- Business
- National Post
ManageEngine Enhances AD360 With Risk Exposure Management and Local User MFA Features to Strengthen Identity Threat Defenses
Article content New Capabilities Help Enterprises Visualize Attack Paths, Enforce MFA on Unmanaged Local Accounts, and Align Identity Security With the Zero Trust Framework Article content The identity risk exposure management feature adds identity threat detection capabilities that help uncover how attackers could escalate privileges or move laterally within the environment With local user MFA, enterprises can extend enterprise-grade MFA to previously unmanaged local accounts Read about AD360's identity risk exposure management at and local user MFA capabilities at Article content AUSTIN, Texas — ManageEngine, a division of Zoho Corporation and a leading provider of enterprise IT management solutions, today announced the general availability of identity risk exposure management and local user MFA features in AD360, its converged identity and access management (IAM) platform. The release enables security teams to detect privilege escalation risks and secure unmanaged local accounts, two common identity attack vectors that attackers continue to exploit at scale. Article content Identity remains the primary attack vector in modern enterprises, as shown by Verizon's 2025 Data Breach Investigations Report, which found that credential abuse was the initial access vector in 22% of breaches. The report also highlighted widespread abuse of poorly managed local accounts and privilege paths across over 12,000 confirmed breaches. Article content 'With this release, ManageEngine AD360 moves beyond traditional IAM by embedding identity threat defenses into core identity operations. By turning identity data into actionable security insights, we're helping customers make IAM the first line of defense, not a check box,' said Manikandan Thangaraj, vice president of ManageEngine. Article content While most IAM tools focus on provisioning and policy enforcement, AD360 adds risk exposure mapping via attack path analysis as well as local MFA enforcement, helping enterprises close attack paths that often go undetected. This marks a key step in identity management evolving from an access control layer into an active security control. New Capabilities Article content Identity risk exposure management: Graph‑based analysis maps lateral movement and privilege escalation paths in Active Directory (AD), automatically prioritizing risky configurations and recommending remediation steps. The graph engine models AD objects as nodes and privilege inheritance as lines, revealing multi‑step attack chains in real time, with actionable suggestions that IT teams can implement to close exposed paths. Local user MFA: This feature extends adaptive MFA to local accounts on non‑domain‑joined servers, DMZ assets, and test environments, thwarting credential stuffing and persistence techniques. ML‑driven access recommendations: During provisioning and access review campaigns, machine learning analyzes permission patterns and suggests adjustments to implement least privilege access, helping prevent excess entitlements. Article content Additionally, ManageEngine has enhanced AD360's access certification module, which now includes expanded entitlements for comprehensive review coverage, and the risk assessment capabilities feature new indicators for improved identity risk monitoring across AD and Microsoft 365 environments. These enhancements are designed to streamline compliance reporting and strengthen access governance across the enterprise. The new capabilities support NIST SP 800-207 on Zero Trust architecture, align with PCI DSS Version 4.0 Requirement 8, and facilitate SOX, HIPAA, and GDPR controls. Article content About AD360 Article content ManageEngine AD360 is a unified identity platform that seamlessly connects people, technology, and experiences while giving enterprises full visibility and control over their identity infrastructure. It offers automated life cycle management; secure SSO; adaptive MFA; and risk-based governance, auditing, compliance, and identity analytics—all from a single, intuitive console. With extensive out-of-the-box integrations and support for custom connectors, AD360 easily integrates into existing IT ecosystems to enhance security and streamline identity operations. Trusted by leading enterprises across healthcare, finance, education, and government, AD360 simplifies identity management, fortifies security, and ensures compliance with evolving regulatory standards. For more information, please visit Article content Article content Article content Article content Article content Contacts Article content Media Contact: Article content Article content Article content Article content