Cracks in Iron Dome?

Posted on July 31st, 2014 by Dan Rampe

Iron Dome

Defense Contractors, Who Worked on Israel’s Missile Defense System, Had Big Chunks of Sensitive Info Stolen

In the latest outbreak of violence between Hamas and Israel, the Israeli government credits Iron Dome, the Israeli missile defense system, with preventing the more than 2,000 rockets fired by Hamas from causing major death or destruction.

Now, Brian Krebs in KrebsonSecurity reveals that three defense contractors responsible for building Iron Dome were hacked and huge amounts of intellectual property was stolen. And, as it turns out, the likely culprits weren’t Palestinians or Iranians or anybody else in the Middle East. Okay, the hackers were from the “East.” Only it was the Far East.

Cybersecurity expert Joseph Drissel noted, “the attacks bore all of the hallmarks of the ‘Comment Crew’” a prolific and state-sponsored hacking group associated with the Chinese People’s Liberation Army (PLA) and credited with stealing terabytes of data from defense contractors and U.S. corporations.” For Brian Krebs’ account of the breach as well as what contractors can do to prevent them in the future, go to KrebsonSecurity.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Should All Breaches Be Equal under the Law?

Posted on July 30th, 2014 by Dan Rampe

ADMA

Australia’s ADMA Head Says Breaches Should Only be Reported if Consumers’ Personal Information is at Risk

Catch of the Day, an Australian online shopping site, recently reported a breach that happened three years ago. And, in the same virtual breath, the company said there was no risk to consumers.

So, if there were no risk to consumers, was it necessary to report the breach at all? That’s the point that Jodie Sangster, head of Australia’s Association for Data-driven Marketing and Advertising (ADMA), is making in an article by Kirsten Robb on startupsmart.com (link to article).

Sangster warns against mandatory reporting when consumers’ data is not in danger of being compromised.  “On the question of whether or not ADMA supports mandatory reporting, the position we take is, if it’s going to be mandatory, we need to set a sensible benchmark. If you set the threshold too low, consumers may be unnecessarily alarmed if they are not at risk.”

According to Sangster even accidently “cc-ing” email addresses in an email – rather than “bcc-ing” them – could be considered a data breach. And, reporting such small data breaches would dilute the meaning of a warning in the event of a serious breach. Additionally, she notes that reporting every possible breach leads to a lot of unnecessary red tape.

Observes Sangster, “Are there daily data breaches happening? Probably not. Are there incidences where companies need to tighten security? Absolutely.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Newest ThreatMetrix Patent Pushes the Envelope in Context-Based Security and Fraud Prevention

Posted on July 29th, 2014 by Dan Rampe

Patewnts

Patent expands fuzzy matching technology beyond network and device attributes. Now includes account details, transaction details and more.

The new patent is U.S. Patent 8,782,783: “Method and System for Tracking Machines on a Network Using Fuzzy GUID (Globaly Unique Identifier) Technology.” This is a continuation of a previous patent that provides the cornerstone technology for ThreatMetrix industry leading cookieless device identification and global device recognition. The new patent expands ThreatMetrix global identification technology beyond network and device attributes to include broader attributes such as account, identity and transaction details to build a complete picture of an online persona. The unique fuzzy matching capability of the patent creates a reliable, anonymous global identifier, enabling persistent global tracking and classification of malicious mobile and web devices and activities on the Internet, regardless of how underlying attributes change.

“Cybercriminals are learning to disguise themselves online in the same way thieves wear gloves to mask fingerprints at a crime scene,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “As cyberattacks become more sophisticated, we must evolve our defenses even faster to best detect and keep out cybercriminals, which is where this patented technology comes into play. Without the ThreatMetrix Fuzzy GUID patent, companies lose sight of both good customers and criminals when they change their IP Address, delete cookies or change their mobile or browser settings.”

Continuously updating its products in its worldwide fight against hacking, fraud and ID theft, ThreatMetrix has released a number of patents over the years, securing the company’s place as an industry leader in building trust on the Internet. Patents include:

  • U.S. Patent 8,141,148: “Method and System for Tracking Machines on a Network Using Fuzzy GUID Technology” This patent – which provides the basis for the new patent – provides the technology for device identification and global recognition regardless of cookie deletion and copying. This technology is available through ThreatMetrix SmartID™, which utilizes unique device attributes to identify visitors that have wiped cookies, use private browsing or changed IP addresses.
  • U.S. Patent 8,176,178: “Method for Tracking Machines on a Network Using Multivariable Fingerprinting of Passively Available Information” This patent detects fraudsters using proxies or virtual private networks (VPNs) through the most advanced device recognition risk assessment. The technology provides a complete view of each device, taking into account the device’s historical behavior and broader context.

To broaden the reach of the company’s context-based authentication and advanced fraud prevention solutions, in March ThreatMetrix secured $20 million in Series E.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Extends Mobile and Web Context-Based Security and Fraud Prevention Innovation with Patent

Posted on July 29th, 2014 by Dan Rampe

Latest Patent Will Continue to Build Trust on the Internet Using Global Intelligence

San Jose, CA – July 29, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the United States Patent and Trademark Office has granted the company a new patent for its ability to accurately differentiate between trusted customers and cybercriminals across mobile and web interactions.

The new patent is U.S. Patent 8,782,783: “Method and System for Tracking Machines on a Network Using Fuzzy GUID (Globaly Unique Identifier) Technology.” This is a continuation of a previous patent that provides the cornerstone technology for ThreatMetrix industry leading cookieless device identification and global device recognition. The new patent expands ThreatMetrix global identification technology beyond network and device attributes to include broader attributes such as account, identity and transaction details to build a complete picture of an online persona. The unique fuzzy matching capability of the patent creates a reliable, anonymous global identifier, enabling persistent global tracking and classification of malicious mobile and web devices and activities on the Internet, regardless of how underlying attributes change.

“Cybercriminals are learning to disguise themselves online in the same way thieves wear gloves to mask fingerprints at a crime scene,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “As cyberattacks become more sophisticated, we must evolve our defenses even faster to best detect and keep out cybercriminals, which is where this patented technology comes into play. Without the ThreatMetrix Fuzzy GUID patent, companies lose sight of both good customers and criminals when they change their IP Address, delete cookies or change their mobile or browser settings.”

Companies that have implemented first generation device fingerprinting technologies find they are brittle and limited to account or application-centric identification and have no cross-channel or global view of who they are doing business with. Existing ThreatMetrix customers already take advantage of this patented technology to stop account breaches and eliminate fraud while reducing user friction.

ThreatMetrix is committed to enhancing cybersecurity through patented technology and continuous product updates. Over the past several years, ThreatMetrix has released a number of patents, securing the company’s spot as an industry leader in building trust on the Internet. ThreatMetrix’s previously granted patents include:

  • U.S. Patent 8,141,148: “Method and System for Tracking Machines on a Network Using Fuzzy GUID Technology” This patent – which provides the basis for the new patent – provides the technology for device identification and global recognition regardless of cookie deletion and copying. This technology is available through ThreatMetrix SmartID™, which utilizes unique device attributes to identify visitors that have wiped cookies, use private browsing or changed IP addresses.
  • U.S. Patent 8,176,178: “Method for Tracking Machines on a Network Using Multivariable Fingerprinting of Passively Available Information” This patent detects fraudsters using proxies or virtual private networks (VPNs) through the most advanced device recognition risk assessment. The technology provides a complete view of each device, taking into account the device’s historical behavior and broader context.

In addition to its latest patent, ThreatMetrix secured $20 million in Series E in March to broaden the reach of the company’s context-based authentication and advanced fraud prevention solutions. With the ThreatMetrix TrustDefender™ Cybercrime Protection Platform, ThreatMetrix combines comprehensive data collection, behavioral analytics and ThreatMetrix® Global Trust Intelligence Network (The Network) to differentiate between authentic and fraudulent activity and protect its customers in real time.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

 

 

 

 

Déjà vu All Over Again

Posted on July 28th, 2014 by Dan Rampe

Scams

Off-the-Shelf Hacking Tool Puts Nigerian Scammers Back in the Game

Though it’s been attributed to him, we don’t really think Hall of Famer Yogi Berra ever said “It’s déjà vu all over again.” However, he definitely did say, “It ain’t over till it’s over.” And, when it comes to Nigerian email fraud, it appears it’s never over.

Of course there are a couple of new wrinkles. One is the scammers have gone “hi-tech.” There is no longer a Mrs. Susan Shabangu, wife of the minister of mining of the Republic of South Africa who needs help collecting $10.5 million in an inheritance. Nor a Nana Wilson, personal attorney to the late Mr. Jack Jacobson, a diamond/gold broker/consultant with a gold export business. She would’ve gone fifty-fifty with anybody who’d claim to be his next of kin to get a $16.8 million inheritance.

Instead of the two emails above which, incidentally were real examples of Nigerian email scams, Nigerian cybercriminals have gone to buying or leasing off-the shelf hacking tools that can get past victims without being detected by traditional antivirus.

Nicole Perlroth on nytimes.com (Find her full article on this link.) writes: “The attacks begin, as so many do, with a malicious email attachment….Once clicked, victims inadvertently download malicious tools onto their devices; one, NetWire, is capable of remotely taking over a Windows, Mac OS or Linux system, and another, DataScrambler, makes sure the NetWire program is undetectable by antivirus products.”

Perlroth goes on to write that criminals are able to lease DataScrambler “for between $25 and $60, depending on how long [they] want to remain undetected as they record their victims’ keystrokes.”

So how do security people know the scam is Nigerian? For one thing, the criminals didn’t bother to cover their tracks by masking their I.P. addresses. For another, one of the criminals repeatedly mentioned “his use of the malware on his Facebook page, where his cover photo [featured] a wad of $100 bills.”

So far this criminal activity has only been detected in Taiwan and South Korea where, instead of attempting to con individuals, the cybercriminals go after businesses.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

Internet Security: An Oxymoron?

Posted on July 24th, 2014 by Dan Rampe

Security

If you’re insecure about Internet security, Richard Adhikari’s article on technewsworld.com (Go to this link for his complete article.) won’t help you sleep any better. However, it could alert you to challenges that have to be overcome to keep the bad guys at bay. The following has been excerpted from Adhikari’s piece and edited to fit our format.

Security products are built around using outdated techniques, Randy Abrams, a research director at NSS Labs, told TechNewsWorld.

Information security has evolved over the past 40 years “in a way that has created a layered model that has added capabilities but deviates little from its core design,” he said. Security “chases the last known problem, while attackers focus on the next possible vector.”

Are vendors serving up flawed software?

[Roberto Martinez,] a security researcher at Kaspersky Lab, [said software] developers have to maintain a balance between security, functionality and ease of use when developing an application. “If priority is given to the functionality instead of application security, then the risk of a compromise is elevated. The complexity in requirements and architecture to run a program can be a factor too….”

[Chris Morales, practice manager, architecture and infrastructure, at NSS Labs added,] “The primary reason why applications are insecure is because developers generally are not security experts.”

Many parts make life hell

Many widely used PC applications and operating systems have millions of lines of code, and “it’s a statistically proven fact that new vulnerabilities are likely to get introduced per few thousand lines of code,” Rahul Kashyap, chief security architect at Bromium, pointed out.

Size is one issue, and the complex interactions between systems constitute another, Seth Hanford, manager of Cisco’s Threat Research Analysis & Communications, told TechNewsWorld.

Further, researchers constantly are discovering new ways to attack existing systems, “not because computers are better or faster, but just because of new investigations, insight or inspiration,” he said. We could be discovering more security flaws because we’re now paying more attention to security.

As for Pass-the-Hash [a hacking technique], that’s “an architectural part of Microsoft Windows,” Hanford stated. “Truly fixing that problem will require a change in the way Windows works.”

Other issues affecting security

Inadequate security training for developers, along with deadlines and budget constraints, may contribute to the existence of security flaws, Jerome Segura, senior security researcher for Malwarebytes, told TechNewsWorld.

Further, quality assurance testing “is often focused on finding typical bugs but not necessarily security vulnerabilities,” he pointed out.

Third-party libraries that may contain vulnerabilities themselves are a problem, Segura remarked, pointing to the Heartbleed flaw in OpenSSL that impacted hundreds of applications.

The nature of multipurpose OSes “makes it nearly impossible to effectively secure them,” NSS’ Abrams remarked.

Possible solutions

Security and risk professionals are considering replacing third-party AV tools with native OS AV augmented with one or more third-party alternatives such as application whitelisting, application privilege management, and endpoint execution isolation, according to Forrester.

However, “blacklisting is too reactive” and whitelisting “is not practical for end users,” Bromium’s Kashyap told TechNewsWorld.

“We need tools — programming languages, Web frameworks, even configuration guides — that make it hard to do the wrong thing,” Cisco’s Hanford suggested.

“…. As a security community, we need to do more … to identify the things that are hard to get right, important to solve, and critical to Web security, and ensure they are well and widely supported.”

In the meantime, enterprises should implement systems to monitor their networks and servers, detect anomalies, and identify any security incidents, Kaspersky’s Martinez suggested. Existing applications should be constantly audited for flaws. And, of course, systems should be patched and firewalls maintained.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Would You Be a Human Sacrifice for $2 Million a Year?

Posted on July 23rd, 2014 by Dan Rampe

CISO

A plotline in bad (okay really bad) movies, books and TV is the one about the uncharted South Sea island where one person each year is honored by being sacrificed to the volcano god. Kind of an extreme form of taking your boss out to lunch on his/her birthday. Anyway, for a full year before being tossed into the volcano…er…happily jumping in… the sacrificee* is treated to every pleasure the island can provide.

*FYI the added “e” was intentional.

Sacrifice with perks

The job description of the person being sacrificed has a lot of similarities to the job description of chief information security officer (CISO). Well, it does if you add soccer goalie and baseball manager to the mix. There’s an old saying that baseball managers are hired to be fired and one mistake by a goalie can negate all the saves that he/she racked up in the previous minutes. As David Jordan, the chief information security officer for Arlington County, Virginia put it, “We’re like sheep waiting to be slaughtered. We all know what our fate is when there’s a significant breach.” The good news is that while they’re waiting, they’re well treated. According to one study, CISO signing bonuses and salaries range from $188,000 to $1.2 million with perks like working from home, lots of time off and promises of big budgets for staff and security software.

In Nicole Perlroth’s piece on nytimes.com (find the complete article at this link.), she discusses the lot of the CISO from high stakes decisions to getting burned at the stake. The following has been excerpted from her piece and edited to fit our format:

[Toughest job in business world]

Chief information security officers have one of the toughest jobs in the business world: They must stay one step ahead of criminal masterminds in Moscow and military hackers in Shanghai, check off a growing list of compliance boxes and keep close tabs on leaky vendors and reckless employees who upload sensitive data to Dropbox accounts and unlocked iPhones.

They must be skilled in crisis management and communications, and expert in the most sophisticated technology….

[Always right]

“We have to be correct 100 percent of the time,” said Tom Kellermann, the chief information security officer at Trend Micro, a security firm. Cybercriminals, he said, “must be correct once.”

A decade ago, few organizations had a dedicated chief information security officer, or CISO (pronounced SEE-so), as they are known. Now, more than half of corporations with 1,000 or more employees have a full- or part-time executive in the post, according to a study conducted last year by the Ponemon Institute, a research firm.

Many of the chief information security officers who took part in the Ponemon study rated their position as the most difficult in the organization. Most of those questioned said their job was a bad one, or the worst job they have ever had.

[Forced out]

Beth Jacobs, who oversaw Target’s data protection, among other duties, was forced to resign….Stephen Fletcher, who supervised data security for the State of Utah, resigned after a breach two years ago revealed the personal data of 780,000 Medicaid recipients. In January, Justin Somaini, Yahoo’s chief information security officer, left his post shortly before the company acknowledged a breach of some customers’ newly revamped email accounts.

The job is so pressured that many end up leaving — voluntarily or not — after two years, according to the Ponemon study. This compared with chief executives, who stick around for 10 years on average, according to other research.

[Whom/what do you trust?]

Of all the headaches that chief information security officers face, one of the biggest is figuring out which security products to trust.

“In the old days, there was a saying, ‘Nobody ever got fired for buying IBM,’ because you could trust IBM,” said Andrew Caspersen, a former chief information security officer at Charles Schwab. “But security firms have never been able to establish that level of credibility.”

What is more, while many information security officers agree that antivirus software, a traditional form of protection, fails to defend against modern-day threats, some say newer products are not much better.

[Layered defense]

They say there is no silver bullet when it comes to breach defense. It is a matter of layering the most effective technologies, hiring the best people, then hoping for good luck.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

Second Year in a Row ThreatMetrix Makes AlwaysOn Top Private Innovative Companies Tech List

Posted on July 22nd, 2014 by Dan Rampe

AlwaysOn

For the second time in as many years, ThreatMetrix has been named as one of the AlwaysOn Global 250 Top Private Companies in the “B2B Cloud and Infrastructure” category.

Created by Red Herring founding editor, Tony Perkins, AlwaysOn connects the entrepreneurial community with information about events, sponsors, participants and more. Now, the AlwaysOn editorial team, venture capital partners and industry experts have selected their 2014 list of top companies based on innovation, market potential, commercialization, stakeholder value and media buzz. In short, these are the 250 companies that most represent leadership in global innovation and developing software and hardware solutions that are ushering in a new era of global prosperity.

“We’re honored to be selected among a talented group of companies making a promise to innovate solutions and disrupt fraud and cybercrime in the B2B arena,” said Reed Taussig, CEO, ThreatMetrix. “Our fraud and security solutions build off of the ThreatMetrix® Global Trust Intelligence Network (The Network), the most complete repository of device identification, threat assessments, identity and behavioral intelligence, which enables our customers – some of the world’s largest brands in e-commerce, financial services and other industries – to easily and accurately protect against fraudsters, while maintaining a positive user experience for trusted customers.”

In an innovative move, ThreatMetrix integrated its solution with Ping Identity’s PingFederate identity bridge leveraging context-based authentication with single sign-on. The integration enables enterprises to deliver secure, frictionless access to their business productivity applications.

ThreatMetrix also recently secured a $20 million round of Series E financing, further proof of the company’s continuing efforts to build innovative technologies and stay ahead of today’s sophisticated cybercriminals.

Winners of the AlwaysOn Global 250 Top Private Companies List will be honored July 29-30 at the Silicon Valley Innovation Summit in Mountain View, Calif. For a full list of winners, visit http://aonetwork.com/blogs/Announcing-the-2014-AlwaysOn-Global-250-Top-Private-Companies.

ThreatMetrix Resources

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

ThreatMetrix Named to the 2014 AlwaysOn Global 250 Top Private Companies List

Posted on July 22nd, 2014 by Dan Rampe

The AlwaysOn Editorial Team and Industry Experts Identified the Most Innovative Private Technology Companies for the Distinguished Annual List

San Jose, CA – July 22, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced it has been named to the AlwaysOn Global 250 Top Private Companies List in the “B2B Cloud and Infrastructure” category for the second year in a row.

The AlwaysOn editorial team, along with venture capital partners and industry experts selected the list based on the following criteria: innovation, market potential, commercialization, stakeholder value and media buzz. The top 250 companies represent leadership in global innovation, developing software and hardware solutions that are ushering in a new era of global prosperity.

“We’re honored to be selected amongst a talented group of companies making a promise to innovate and disrupt in the B2B arena,” said Reed Taussig, CEO, ThreatMetrix. “Our fraud and security solutions build off of the ThreatMetrix® Global Trust Intelligence Network (The Network), the most complete repository of device identification, threat assessments, identity and behavioral intelligence , which enables our customers – some of the world’s largest brands in e-commerce, financial services and other industries – to easily and accurately protect against fraudsters, while maintaining a positive user experience for trusted customers.”

ThreatMetrix’s continued innovation was recently demonstrated when the company announced its integration with Ping Identity’s PingFederate® identity bridge. The integration of ThreatMetrix and PingFederate leverages context-based authentication and single sign-on, enabling enterprises to deliver secure, frictionless access to their business productivity applications for all users. ThreatMetrix also recently secured a $20 million round of Series E financing, which serves as further validation of the company’s continued efforts to build innovative technologies and stay one step ahead of today’s sophisticated cybercriminals.

The winners will be honored July 29-30 at the Silicon Valley Innovation Summit in Mountain View, Calif.

For a full list of winners, visit http://aonetwork.com/blogs/Announcing-the-2014-AlwaysOn-Global-250-Top-Private-Companies.

In addition to AlwaysOn’s award, ThreatMetrix has received a host of other awards so far this year:

  • Named to the 2014 Lead411 Hottest Companies in Silicon Valley list
  • Products Guide (NPG) 2014 Hot Companies and Best Product Award Winner for the “Best Products and Services – Information Security and Risk Management” category and also in the “Best Products and Services – Security Software” category.
  • Judges Choice for Best Overall Fraud/Security Solution at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform
  • A 2014 Info Security Products Guide Global Excellence Award for Most Innovative Company of the Year (Security)
  • 2014 Cyber Defense Magazine Award Winner in 2 Categories: Most Innovative Anti-Malware Appliances Solution & Best Product Network Access Control Solution

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

About AlwaysOn

AlwaysOn is the leading business media brand connecting and informing the entrepreneurial community in the Global Silicon Valley. Founded by Red Herring founding editor, Tony Perkins in 2003, AlwaysOn’s mission is to continue to lead the industry by empowering its readers, event participants, sponsors, bloggers, and advertisers like no other media brand.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

 

 

 

Last Year Data Breaches Cost Almost Half a Billion Dollars with over 800 Million Records Compromised

Posted on July 16th, 2014 by Dan Rampe

The Economist

More than Enough Material to Merit a Special Report, “Defending the Digital Frontier” by the Legendary British Journal, The Economist

If your Economics 101 class was anything like the ones many of us had to endure, just the word, “economist”, is enough to have you racing to the closest Starbucks for a double Venti. Fortunately, The Economist’s report is a lot livelier than that economics class back in the day — likely one of the reasons the publication’s been around since 1843.

Anyway, The Economist’s just released “Defending the Digital Frontier” (You may find the complete report by clicking this link.), which explores everything from possible remedies to the different types of hackers, their motives and modes of operation and why they can be so difficult to track.

Tracing the exact source of an attack can be next to impossible if the assailants want to cover their tracks.

Over the past decade or so various techniques have been developed to mask the location of web users. For example, a technology known as Tor anonymizes internet connections by bouncing data around the globe, encrypting and re-encrypting them until their original sender can no longer be traced.

Conversely, some hackers are only too happy to let the world know what they have been up to. Groups such as Anonymous and LulzSec hack for fun (“lulz” in web jargon) or to draw attention to an issue, typically by defacing websites or launching distributed-denial-of-service (DDoS) attacks… Anonymous also has a track record of leaking e-mails and other material from some of its targets.

Criminal hackers are responsible for by far the largest number of attacks in cyberspace and have become arguably the biggest threat facing companies. Some groups have organized themselves so thoroughly that they resemble mini-multinationals. The police found that [one] group was paying salaries to its staff and had hired a marketing director to tout its software to hackers. It even maintained a customer-support team.

The report also argues that there is a need to provide incentives to improve cybersecurity.

One idea is to encourage internet-service providers (ISPs), or the companies that manage internet connections, to shoulder more responsibility for identifying and helping to clean up computers infected with malicious software (malware). Another is to find ways to ensure that software developers produce code with fewer flaws in it so that hackers have fewer security holes to exploit.

An additional reason for getting tech companies to give a higher priority to security is that cyberspace is about to undergo another massive change. Over the next few years billions of new devices, from cars to household appliances and medical equipment, will be fitted with tiny computers that connect them to the

web and make them more useful. Dubbed “the Internet of things”, this is already making it possible, for example, to control home appliances using smartphone apps and to monitor medical devices remotely.”

And the report contains a number of fascinating anecdotes.

One night in April a couple in Ohio was [awakened] by the sound of a man shouting, “Wake up, baby!” When the husband went to investigate, he found the noise was coming from a web-connected camera they had set up to monitor their young daughter while she slept. As he entered her bedroom, the camera rotated to face him and a string of obscenities poured forth.

The webcam was made by a company called Foscam, and last year a family in Houston had a similar experience with one of their products. After that episode, Foscam urged users to upgrade the software on their devices and to make sure they had changed the factory-issued password. The couple in Ohio had not done so. The problem arose even though Foscam had taken all the right steps in response to the initial breach, which shows how hard it is to protect devices hooked up to the internet.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.