Are you at risk from the 'toxic cloud triad'? Tenable this week released a new report which found that 38% of cloud environments are critically exposed, containing the dangerous combination of being 1) publicly exposed, 2) critically vulnerable and 3) highly privileged. Tenable calls this the “toxic cloud triad” as it creates the perfect attack path for bad actors to exploit these environments.
Additional findings from the report include:
- 84% of organizations have unused or longstanding access keys with critical or high severity excessive permissions, which could allow bad actors access to cloud-stored data.
- 23% of cloud identities (both human and non-human) at AWS, GCP and Azure have critical or high severity excessive permissions – in AWS alone, 35% of human identities have critical permissions.
- Tenable analyzed several unmanaged cloud vulnerabilities, including CVE-2024-21626, a severe container escape vulnerability, which remained unremediated in over 80% of workloads for as long as 40 days after its publishing.
It's worth a read to determine if you're at risk -- and how to remediate. Here's a link to learn more.
As always, drop me a line at [email protected] if you have news to share or want to say hi!
Grab your coffee. Here's what you need to know today.
Today’s Tech, Channel and MSP News
1. CYRISMA raises $7M in Series A: SecurityWeek reports that CYRISMA, a cybersecurity risk management company, has raised $7 million from a Series A funding round, boosting total investment to nearly $9 million. The funds will be leveraged by the firm, which offers a complete risk management platform for managed service providers (MSPs), to advance product development, sales, and marketing initiatives, as well as bolster customer support investments, according to CYRISMA.
2. TD SYNNEX launches AI Accelerator for partners: Distributor TD SYNNEX announced the launch of its Destination AI™ Practice Accelerator in North America to fast-track AI go-to-market efforts and monetization for partners. The program provides personalized support to partners looking to deliver specialized AI solutions to their customers. Part of Destination AI, TD SYNNEX’s comprehensive global AI market strategy, the Accelerator program enables partners to identify AI opportunities for their end customers and build an AI practice to meet those needs. The program will feature a new aggregated AI solution each month, with new cohorts of partners participating in six-week courses focused on going to market with one of these solutions every quarter. Each cohort of the Destination AI Practice Accelerator Program will participate in specialized training sessions and receive enablement resources tied to their vertical use case, enabling them to craft a customized market strategy.
3. Generative AI threats rising: Generative AI security solutions company Pillar Security’s State of Attacks on GenAI found a 90% success rate for data threats due to leakage of sensitive data and a 20% success rate for jailbreak attack attempts that bypassed GenAI application guardrails. Data is gathered from the company’s telemetry data from generative AI applications. The report also found that adversaries require an average of 42 seconds to execute an attack and only need five interactions, on average, to complete a successful attack.
4. HUMAN Security raises $50M: HUMAN Security announced this week it raised $50+ million in growth capital led by WestCap with additional investment from Goldman Sachs, ClearSky, NightDragon, and Vertex Ventures US. This latest investment will further accelerate the platform's growth by incorporating advanced AI techniques to enhance scale and efficacy, including improvements to digital account protections and new media security solutions for click fraud defense and advertising integrity for platforms, agencies, and brands. The funding will also deepen HUMAN’s engagement in the public sector, driving new use cases that enhance cybersecurity for government entities in response to the proliferation of influence operations.
5. Aryaka names new CRO: Aryaka this week appointed Chris Ranalli as its new Chief Revenue Officer (CRO). Ranalli will oversee Aryaka’s go-to-market strategy and execution as the company continues to capitalize on the rapidly expanding Unified SASE as a Service market. He previously served as CRO at HyperScience, an AI-driven enterprise software unicorn. Before HyperScience, Chris held leadership positions at Imperva, RSA and Oracle. Congratulations!
In-Person MSP and Channel Partner Events
- MSSP Alert Live, October 14-16, Austin, Texas
- Canalys North America Forum, October 22-24, Miami, Florida
- Kaseya Dattocon, October 28-30, 2024, Fontainebleau, Miami Beach, Florida
- Ingram Micro One, November 6-8, Gaylord Resort, Washington DC
- IT Nation Connect, November 6-8, Orlando, Florida
- OpenText World, November 19-21, The Venetian Resort, Las Vegas, Nevada