Security Boulevard

We’re excited to share that Realm Security has raised a $15M Series A, just 12 months after our $5M seed round. We wouldn’t be here without our customers, our team, and our partners. Thank you for believing in what we’re building and for pushing us to make security data smarter, faster, and more useful every day. The post We Raised $15M to Build the Future of Security Data appeared first on Realm.Security. The post We Raised $15M to Build the Future of Security Data appeared first on Security Boulevard.

Salesforce is refusing a demand by the hackers behind that widespread data-stealing attacks on its customers, which threatened to release massive amounts of the data unless the SaaS vendor negotiated a ransom payment. In an email, Salesforce reportedly told customers about its refusal to pay and offered them its support. The post Salesforce Refuses to Pay Ransom to Data-Stealing Hackers appeared first on Security Boulevard.

Realm.Security, the company pioneering an AI-native Security Data Pipeline Platform (SDPP), today announced a $15 million Series A funding round led by Jump Capital, with participation from Glasswing Ventures and Accomplice. The post Realm.Security Redefines Security Data Pipelines with AI, Raises $15M to Accelerate Next-Gen SOC Operations appeared first on Realm.Security. The post Realm.Security Redefines Security Data Pipelines with AI, Raises $15M to Accelerate Next-Gen SOC Operations appeared first on Security Boulevard.

Tel Aviv, Israel, 8th October 2025, CyberNewsWire The post Miggo Security Named a Gartner® Cool Vendor in AI Security appeared first on Security Boulevard.

Check Point’s Q2 2025 Ransomware Report reveals the collapse of major RaaS groups like LockBit and RansomHub, giving rise to a new, fragmented wave of ransomware actors. The post Law Enforcement Pressure is Reshaping the Global Ransomware Threat Landscape appeared first on Security Boulevard.

Nisos The Risks of Polywork: Digital Recruitment and Insider Threats Not long ago, the idea of someone holding two full-time jobs at once sounded like an outlier. Now, in the age of remote work… The post The Risks of Polywork: Digital Recruitment and Insider Threats appeared first on Nisos by Nisos The post The Risks of Polywork: Digital Recruitment and Insider Threats appeared first on Security Boulevard.

Learn how MSSPs can transform compliance from a burden into a competitive advantage by scaling privacy-aligned services with DSPM. The post Turn Compliance into a Competitive Advantage: How to Scale Privacy-Aligned Services appeared first on Security Boulevard.

This is the first article in a two-part series where we show how to build your own anti-bot system to protect a login endpoint, without relying on third-party services. Why write this? Many bot detection solutions, reCAPTCHA, Turnstile, or vendor-maintained scripts, are designed for easy integration but come with tradeoffs. The post Roll your own bot detection: fingerprinting/JavaScript (part 1) appeared first on Security Boulevard.

Our connected world is getting dangerously messy. Demands on the effective protection of OT environments has never been greater than it is today. This is only growing. Cybercrime is becoming more organized with RaaS and the internal threat is enhanced by huge payouts of initial access brokers. Additionally, Nation States are posturing for cyber war with the volatile threat of hacktivists right on their heels. Defense of OT is an asymmetric challenge as the defenders need to cover all attack vectors, while under the pressure of maintaining already stressed operational systems, with no tolerance for downtime. Meanwhile, the attackers just need to find one vulnerability to exploit with little constraint of downtime. Protecting Critical Infrastructure or Mission Critical Operations requires an effective security posture amongst the holistic entity of the Organization’s operation, including all technologies, the humans involved and the supply chain. Most of these elements would fall under the direct control of the organization’s defenders, but in today’s reality there is a fairly strong guarantee that there would always be elements outside of the defending team’s control. It is the acceptance of this reality that the defender needs to apply defense in depth with the expectation that there will be inevitable failures in each layer. Purdue 2.0? The consideration of refreshing OT security industry standards has led to exploration of concepts to adapt legacy models to be more compatible with current and emerging challenges. Among other core ideas, exploration for Purdue 2.0 includes: Focus on IT/OT convergence reality. Enhanced emphasis on Zero Trust implementation for all levels. Cloud and XIoT integration into the operational design. Granular security at every Level including microsegmentation and controls for lateral movement within Levels. Provision for realtime detection within OT Levels. Alignment of standards like NIST CPG (Cybersecurity Performance Goals); NIST CSF 2.0 (Cybersecurity Framework); IEC 62443 (Global Standard for ICS cybersecurity with plant/product certifications) against Zero Trust Frameworks. Recognition of the “flattened network” reality due to cross-layer connectivity and piercing of intended segmentation or air-gaps. By considering the current state of threats vs defense options for OT defenders the value of new tactics and technologies to achieve an effective security posture become clear: The current tools in play The tri-mix of IEC 62443, the Purdue Model for Control Hierarchy and NIST CSF provides core value as a framework for a resilient security posture, and yet, organizations that had these implemented and even passed rigorous compliance requirements still fall victim to breaches and disruption with no significant sign of decrease of mounting risks. The odds remain badly stacked against the defender. Challenges from: Sophisticated ransomware Supply chain breaches including compromised device patches Nation-state attacks involving espionage and OT-specific sabotage Full scale cyber war Phishing exploits Insider threats fuelled by Initial Access Brokers (IAB) Intellectual property theft Human error or shadow IT bridging Purdue layers AI-enhanced adversarial tactics and effective Detection Evasion These are each on their own more than enough to result in critical failure. These are stacked to form a composite risk Level that dwarfs what defenders were facing a few decades ago. Threats are exacerbated by converging IT/OT environments due to emerging IIoT and the increase of cloud based systems colliding with legacy system integrations. By simple definition, remote access and the air-gap perimeter-based models are in direct collision. The common denominator: Dissecting OT Incident response cases over the last 5 years, a clear picture emerges: Things go wrong even when defenders do most things right. Critical failure today in developed countries does not generally come from gross negligence – rather the imperfect application of the current stack of tools and security structures we rely on. For example: The industrial laser that was bridged to connect to the internet via shadow IT to allow technicians to do remote troubleshooting, or the firmware patch that contained malware waiting for the signal from a command & control server to execute service disruption. Regardless of the motive for the attack, in the tactics captured by MITRE ATT&CK there is one common denominator floating to the surface for an overwhelming number of use cases: At some stage of the attack, an egress connection from the victim network is used as a step of the attack chain. This could be for many purposes like: phishing, reconnaissance, Command & Control (C2), data exfiltration, or accessing the next payload of the attack for direct implants of insider threats. A key deduction from this is: Once a device has the potential ability to connect to the open Internet, it also has the potential ability to connect to the infrastructure of the attacker. This could be direct or through a hop from another device in that isolated segment. It is for this reason that, for the purpose of this article, we will refer to the Internet as the primary bridge to the Universal Threat Ecosystem (UTE). Relying on the notion of an air-gap or segment for security, means the potential might not currently be realized, but a single human error, shadow IT, or even spiked firmware by a compromised software patch quickens that potential into a direct point of access for the attacker – taking the whole segment / layer with it to the inevitable disruption, extortion or destruction. Enter Zero Trust Connectivity The good news is that to a large extent the common denominator of the UTE accessed via the internet is a centralized element that the defender can now focus on. Shut down egress to the attacker, and you disrupt the attack. What’s even more valuable, is that If you have the capability to apply this by default, it is possible to disrupt the attack before it can execute; and the detection evasion threat becomes irrelevant, since no detection is required in a default deny-all state. Assume breach: Layer your defense-in-depth structure in such a way that you are not only prepared for failures in the normal state of your security, you actively expect failures as the new norm. Enter Zero Trust Connectivity (ZTC): A novel technology that was matured over the last 10 years and is now rolling out to enterprise, critical infrastructure and mission critical OT environments. The philosophy is that you move your networks and operational control into whatever state you would be in by the time you would have detected a breach, but using intelligent systems to facilitate full operational resilience while operating this hardened state. To achieve this posture, all connections are disallowed by default unless requested by a verified device and to a destination allowed by policy for that specific device. This is applied at various policy sets appropriate for each operational layer, to allow operational resilience for each Level, while maintaining a hardened posture against potential UTE exposure. Implementing Zero Trust in OT and IoT environments introduces additional challenges due to the restriction of applying endpoint agents. For this reason Zero Trust Connectivity was designed to operate out of band and without the need of an endpoint agent. Applying Zero Trust control through the network gateways, allows full layer 2 visibility for automatic device inventory. Without the requirement of an endpoint agent, it means that all devices with potential connectivity can be protected – regardless of device type. This specifically addresses the OT/IT merger, IIoT and cloud native services for emerging technologies such as AI enriched sensors. A decentralized Muscle-Brain configuration allows for distributed application of multiple ZTC gateways throughout the Purdue Reference Levels, while centralized control allows a single pane of glass for policy assignment. This facilitates multi-site and multi-tenant management that allows for the sharing of policies and configurations between them. Provision for Disrupted, Degraded, Intermittent and Low-Bandwidth (DDIL) environments allows the muscle to re-boot in the state of last commands from the brain for resilience, as well as the essential provision for high-availability through redundancy. Since every single connection request is visible by the gateway, the default deny-all posture also shuts down shadow IT by default that otherwise might have bridged Level zones and compromised isolation. Integration with SIEM and SOC systems provides highly enriched data of potential risks but due to the default-deny-all state the uncovered threats are already neutralized by default by the time detection via integrated systems occur. This allows defenders to have a first-mover advantage over attackers, and exhaust the attacker’s resources effectively to either move on to another target or abandon the attack altogether. Where ZTC fits into the Security Stack Zero Trust Connectivity is facilitated by a ZTC capable protective resolver that tightly integrates with a firewall engine which can simultaneously operate securely with or without DNS. Firewall rules are written and destroyed at the order of 10000/second on command of the policy engine. As a general rule of thumb, wherever a traditional firewall would have existed, is where Zero Trust Connectivity nodes are inserted. The core application would be covering IoT and IT in Level 5 but also ensure it exists between any potential internet connection and the organization. From there, distributing nodes down into lower Levels of IIoT and OT allows for centralized control over additional physical segments and layers as well as vastly enriched data feeds to SIEM / SOAR. East-West traffic within Levels is also controlled by segmentation from the ZTC gateway. ZTC nodes run in High Availability (HA) pairs to provide resilience, and updates to muscle instances could be rolled back in an instant should it be required without taking the secondary node off-line. Firmware changes on OT have no effect on the efficacy of a ZTC node as it operates independently of an agent and is completely device agnostic. Additionally, ZTC nodes can be used for facilitating very strict access control for rolling updates and diagnostics for any OT elements. Since this closes the door for egress for the attacker, any demarcation point where internet connectivity is possible is fitting to place a Zero Trust Connectivity node. For any technologies that might have direct cellular connectivity a dedicated Access Point Network (APN) can be facilitated with Zero Trust Connectivity by placing a ZTC node in the cellular provider’s data centre. For direct satellite connectivity, a dedicated node can be introduced between the modem and the device. The same is true for roaming or multi homed IT devices, regardless of which Level they are segmented to, but with added options of using a dedicated VPN to a ZTC node, or even moving the ZTC resolver directly onto the device in the form of an agent. Layering detection sensors inside the segments are easily facilitated by the ZTC gateway and should any indicators of compromise appear, the ZTC gateway could be used to move specific devices into a quarantine state (should the SOC team choose to take additional action beyond the automatic benefit of egress control already applied to all devices by default.) Test cases To explore the attack disruption value of Zero Trust Connectivity, here are use case examples of how ZTC disrupts the attack chain: Shadow IT bridges a zone gap Level 2 ICS: Technicians are required to troubleshoot a defective industrial laser and an employee disregards security protocols in order to give it temporary access to the Internet. This remote access remains open and an attacker finds his way into the Level 2 segment. In normal circumstances, the security team would be completely oblivious of the unfolding breach. >ATTACK DISRUPTED< The Zero Trust Connectivity gateway immediately sees a new device connecting to the network segment and automatically places it in the default quarantine state. No connection is allowed and thus no egress is made available for an attacker to exploit. With no other choice but to follow security protocol, the employee follows the appropriate channels to have a secured connection established to the remote technician. The security team assigns a policy to the device that allows connection to the remote technician – but to that connection alone and collapses the connection once the service need is over. Implant of malware by an insider threat Level 4 Workstation. An insider threat plugs in a flash-drive and runs a malicious application. The malware attempts to reach the C2 server via a direct IP or FastFlux FQDNs for security circumvention & resilience. >ATTACK DISRUPTED< Zero Trust Connectivity denies access to all direct request IPs if not first requested by DNS and allowed by AI-driven policy – regardless if the IP is block-listed or not. This connection request is captured by the log and passed on to SIEM. Since it is a novel attack and the IP does not exist on a block-list yet, threat intelligence takes some time to flag it as malicious. This is inconsequential since the attack is already disrupted and no second phase of the attack can be executed. Once SIEM or the SOC intelligence catches up, the workstation can be quarantined and restored with additional forensics in play. The additional value to the defender here is that the SOC is looking at an event that could have caused a breach, and not a breach that has already occurred. Spear phishing attack to deploy ransomware through the Enterprise network Level 5 Workstation. An employee receives an email with a malicious attachment that manages to bypass other security controls. This executes a dropper or loader on their corporate workstation. The loader reaches out to newly-minted (or strategically aged) domains that are not yet on any threat intelligence block list. >ATTACK DISRUPTED< The default deny-all state of ZTC sees the domain as unverified since no proper reputation exists. The connection request is denied and no additional payload reaches the target workstation. The log is passed on by the ZTC gateway in real-time to the SOC, which can respond to the incident that is already contained by the ZTC gateway. Additional automation from the SIEM directs the ZTC Gateway to quarantine the infected workstation which moves it into a quarantine state for the security team to clean up. Compromised firmware patch Level 2 ICS: Through a supply chain vulnerability, a firmware patch contains advanced malware that bypass traditional firewalls by using PLCs as proxies. As an example: Indestroyer. However, its activation does not rely on a single specific trigger but rather on the attacker’s ability to deploy its components within the target environment. The attack toolkit is designed to be user-friendly, with a modular architecture and automated functionality, allowing even lower-skilled threat actors to emulate advanced persistent threat (APT) capabilities. >ATTACK DISRUPTED< Communication between the malware kit and the attacker’s Command and Control (C2) server is severed by default via the Zero Trust Connectivity gateway. Although the malware exists in the OT environment, it remains dormant with no method to connect to the attacker. Monitoring of ICS traffic and real-time connectivity logs from the ZTC gateway to SIEM surfaces the presence of the malware and the appropriate steps can be taken to roll back the firmware update to a safe version. Conclusion There is no question that Zero Trust brings an additional force multiplier to the defender against the advanced threats in OT today. Zero Trust Connectivity provides the flexibility and versatility that OT/IT and IIoT requires to allow defenders to move the entire organization into a Zero Trust state. The value of getting an alert in the defender’s SIEM or SOC for threats that were already neutralized before they were detected is a value that is hard to overstate. The asymmetric odds against the defender can now be changed with the proper application of ZTC technology. In the light of cyber war and escalation of threat capabilities, all countries need sovereign capabilities to protect their technological assets and the people it serves. Zero Trust Connectivity provides these capabilities as tools for our defenders to rise to the challenge of keeping our industry and critical infrastructure safe. Author: Francois J. Driessen. COO | CMO Co-Founder: ADAMnetworks Research Assistant: Jed D.S. Sananda First version published in CCN The State of OT 2025: Securing Canada’s Critical Infrastructure TL;DR Rising Threats: OT environments face increasing risks from organized cybercrime, nation-state attacks, insider threats, and supply chain vulnerabilities, exacerbated by IT/OT convergence and IIoT. Defense Challenges: Traditional frameworks like IEC 62443, Purdue Model, and NIST CSF are insufficient against sophisticated attacks, as defenders must secure all vectors with no downtime tolerance, while attackers need only one vulnerability. Common Denominator: Most attacks involve egress connections to the Universal Threat Ecosystem (UTE) via the internet, enabling phishing, C2, data exfiltration, or malware delivery. Zero Trust Connectivity (ZTC): A Canadian-developed solution that enforces a default deny-all posture, blocking unauthorized connections without endpoint agents, ensuring resilience across OT/IT, IIoT, and cloud environments. How It Works: ZTC gateways provide Layer 2 visibility, automatic device inventory, and distributed control across Purdue Levels, neutralizing threats like shadow IT, malware, phishing, and compromised firmware by preventing egress to attackers. Benefits: Disrupts attack chains before execution, integrates with SIEM/SOC for enriched threat data, and allows defenders to focus on neutralized threats, enhancing operational security. Conclusion: ZTC is a critical tool for OT defenders, offering sovereign capabilities to protect critical infrastructure and OT environments against advanced cyber threats. 1 post – 1 participant Read full topic The post Purdue 2.0? : Rising to the Challenge to secure OT with Zero Trust Connectivity appeared first on Security Boulevard.

As AI overload becomes a real thing, ominous, outsized claims are becoming annoyingly de rigueur. But testing those claims against real-world frameworks and threat vectors are harder than it seems. We should know, we’re doing it. For us, this is nothing new, we’ve been working on AI testing methodology for some time now with researchers The post AI testing – harder than it looks appeared first on SecureIQ Lab. The post AI testing – harder than it looks appeared first on Security Boulevard.