Browse our blog to see what our experts are talking about, and for insights on the latest cyber security trends impacting your business.

Preventing Palmerworm EspionagePreventing Palmerworm Espionage
March 17, 2021

Preventing Palmerworm Espionage

An espionage group known as Palmerworm used new malware to attack targets worldwide, including companies in media, finance, construction, and engineering in the US, Japan, Taiwan, and China.

In some cases, Palmerworm maintained a presence on compromised networks for more than a year using 'living-off-the-land' tactics.  These attacks take advantage of legitimate software not to raise suspicion that something might be wrong.  The malware also uses stolen code-signing certificates in the payloads to make the malware look legitimate.

Researchers cannot see what Palmerworm is exfiltrating from their victims, but the group is considered an espionage group and is likely motivated by stealing information from targeted companies.

The Palmerworm attack is similar to standard ransomware in which the thieves steal your data and ask for a ransom to block releasing your data to the public.  In this case, the difference is the attackers already see value in your data and know-how to monetize it without asking for a ransom.  An attack of this nature could go on indefinitely if not caught.

SecureCircle will not prevent the attackers from installing malware and exfiltrating data from the company.  There are End Point Detection and Response (EDR) solutions that will avert suspicious attacks.  One of the known victims was able to detect the attack within two days with proper security in place.

SecureCircle will secure your data so your confidential internal data will not be accessible by the attackers or anyone in the public should the files be released.  Data is persistently secured at all times, including at rest, in transit, and in use.  Even if files transfer outside of the company, unauthorized users will never access the encrypted data.

In the Palmerworm case, the attackers used typical applications for reconnaissance, compression, and remote transfer.  WinRAR was used to compress data to make the data easier to transfer.   Putty was used to open remote connections and transfer the data.  With SecureCircle, these applications would not be allowed to access the encrypted data within files by default.  These applications typically move data.  Similar applications like email clients and web browsers would also not have permission to read the secured data.  Applications that are not enabled to view encrypted data can only move encrypted data.  Applications such as Excel would have permission to read the secure data.  SecureCircle can provide granular permissions beyond devices and users.  SecureCircle can authorize access to secure data by application and network as well.

Another significant benefit of SecureCircle is the rapid time to deployment.  SecureCircle is transparent to end-users and doesn't change user or business workflow, unlike other security solutions.  Without impacting users, companies can secure all their data by default rather than selecting only the most crucial data.  By not having to discover or classify data, companies implement SecureCircle quickly by defining data sources such as SaaS applications, file servers, or specific applications on user devices such as CAD, Adobe, or source code applications.

SecureCircle helps eliminate data breaches from malicious external attacks such as Palmerworm and malicious and accidental insiders.

Preventing Palmerworm Espionage

Read Article
Zero Trust Data Security WebcastZero Trust Data Security Webcast
March 17, 2021

Zero Trust Data Security Webcast

Security Weekly hosts and SecureCircle's CEO, Jeff Capone, discuss Zero Trust Data Security. SecureCircle delivers a SaaS-based cybersecurity service that extends Zero Trust security to data on the endpoint. Ensure all your data is secure, without impacting the business.

Zero Trust Data Security
Read Article
Where's Your Data? Who Cares!Where's Your Data? Who Cares!
March 17, 2021

Where's Your Data? Who Cares!

App, User, and Data, but it's all about the data!  Discovering and classifying data to protect it is tough.  What if you can protect all of your data? Jeff Capone, CEO and Co-founder at SecureCircle, joins Security Weekly to discuss how to protect all of your data and stop asking "Where's your data?". If we can protect everything, who cares where it is, as you continue to maintain control!

Where's Your Data? Who Cares!
Read Article
Zero Trust DLP WebcastZero Trust DLP Webcast
March 17, 2021

Zero Trust DLP Webcast

Security Weekly hosts and SecureCircle dive into Zero Trust DLP. Zero Trust Data Security is a very popular security architecture that is being adopted by many organizations. A zero-trust solution requires the owner of the data to always be in control at all times. The owner is in control of all of the networks, devices, users, and data.

Zero Trust DLP

Read Article
Quanta Storage Inc. Secures Customer Intellectual PropertyQuanta Storage Inc. Secures Customer Intellectual Property
March 17, 2021

Quanta Storage Inc. Secures Customer Intellectual Property

Quanta Storage Inc. (QSI) is a worldwide leader in OEM and ODM services to the world’s leading consumer electronics brands with headquarters in Taoyuan City,
Taiwan, and factories and offices worldwide.

The Challenge

QSI obtains customer intellectual property (IP) such as designs, roadmaps, costs, legal documents, and schedules. Customers are concerned about the safety of their IP. The IP includes traditional Office files, source code, mechanical design files, photos, videos, and more.

QSI’s customers are some of the most recognized consumer electronic brands globally. Customers are concerned data may leak to their competitors, which are also QSI
customers, or to the public.

Additionally, QSI creates its internal intellectual property, such as design and source code files for designs and products which QSI owns and needs to secure.

The Solution

QSI evaluated many encryption and data loss prevention solutions before selecting SecureCircle. The alternative solutions could not protect any file type and impacted
QSI employees with workflow changes.

“SecureCircle was selected because their technology applies to data regardless of where the data is stored or what applications are used,” said Luis Chuang, Associate Manager. “Two critical requirements for QSI is support for all platforms including Windows, Mac, and Linux and to support any application and file type, including native design files.”

SecureCircle ensures sensitive customer intellectual property (IP) is protected when customers share data with QSI. Customers upload data to a secure FTP location. The data is automatically secured on upload and added to the customer-specific Circle. Customer data is segregated from other customers, so data cannot accidentally or malicious leak from one customer to another. Employees do not have access to
customer Circles, which they are not directly involved.

SecureCircle secures QSI’s internal confidential information, including business, design, and manufacturing data. QSI is able to secure data across multiple sites, including its headquarters in Taiwan, as well as major factories in China and Thailand. SecureCircle authenticates users across multiple Active Directory servers distributed throughout their global footprint.

SecureCircle secures software source code throughout the development process. Developers code on Windows, Mac, and Linux devices using the approved IDE (Integrated Development Environment) applications without any change to the workflow.

QSI is able to secure data without additional operational overhead. Unlike other DLP solutions, QSI is not required to discover and classify data prior to securing it. There is also no need to create or maintain DLP policy rules since SecureCircle secures all data by default.

The Outcome

Due to the OEM and ODM industry’s sensitive and competitive nature, QSI strives to achieve the highest data protection level to ensure internal IP and customer IP are
always protected.

QSI has deployed to employees around the world, securing IP while not impacting employee or business workflows. There has been no additional management overhead since SecureCircle leverages the Active Directory groups, which were already maintained to grant access to file servers and other resources.

SecureCircle transparently secures data from internal and external threats, including accidental sharing, lost/stolen devices, shadow IT, and rogue employees.

To Learn More Contact your Data Access Security Broker expert at or 408-827-9100

Quanta Storage Inc. Secures Customer Intellectual Property
Read Article
Securing Source Code on EndpointsSecuring Source Code on Endpoints
March 17, 2021

Securing Source Code on Endpoints

Securing Source Code on Endpoints

Securing source code from loss or theft has historically been challenging due to the lack of security options available to deliver effective security without impacting developer productivity. For many businesses, their source code is an extremely valuable asset yet to enable productivity it has to be copied onto developer endpoints in plain text formats, making it difficult to keep this valuable asset secured and monitored.

SecureCircle’s Data Access Security Broker (DASB) is a simple and reliable security architecture that enables customers to secure source code on the endpoint without impacting developers from doing their job. DASB protects against both insider threat and accidental data loss without constraining developers to a particular IDE or build tools.

When deployed in a best practice configuration, SecureCircle can secure source code on endpoints without development teams needing to change how they operate or interact with code, IDEs, and development tools. This focuses on SecureCircle best practices for securing source code in development environments.

High Level Architecture

The most common approach to managing and working with source code is to leverage one or more code repositories that are considered the source of truth for a given development project. The code repositories provide functionality that simplifies managing various versions of code, branches, and releases.

In development environments, it is common practice for developers to copy code onto their endpoints (Mac/PC/Linux) using a pull request or checkout process. This checkout or pull operation allows developers access to move code directly to their local endpoint for the fastest and most reliable development experience when working with code.

SecureCircle ensures source code is persistently encrypted when it moves to the developers’ endpoint without impact to developers and their tools so businesses always remain in control of their source code regardless of where the code resides.

Securing Source Code on Endpoints

Securing Source Code on the Endpoint

When SecureCircle has been configured to best practice, source code is secured as it moves from the code repository to developer endpoints. Specifically, the client process (e.x. git, svn) on the developers’ system is configured as a Secure Process. When the Secure Process copies or writes source code files to the developer endpoint, the SecureCircle agent ensures the source code within the files is encrypted at all times and remains secured even in-use.

An additional layer of security recommended by SecureCircle is to use SSH as the transfer protocol for any pull requests from the code repository. Not only will this ensure source code is encrypted in transit, but it also allows an added layer of security by allowing the private SSH key file on developers’ endpoints to be managed by SecureCircle. By securing the key with SecureCircle, access to both the source code on the endpoint and access to the repository over the network can be revoked when disabling a user or device. When access to the code is revoked, it can no longer be read on the endpoint by any process. Similarly, the endpoint will no longer be able to make requests to the repository, as the SSH key that grants access to the code repository is also unreadable. All secured source code on developer endpoints is monitored. When the applications and process attempt to access the source code, the attempted actions can be logged in a SIEM for further analysis.

Securing Source Code on Endpoints

Allowing Access to the Source Code on the Endpoint

Source code within files that have been checked out by an approved developer on an approved endpoint, by an approved process, are always kept in an encrypted state. Not only is the code always encrypted, only approved IDEs and compilers are granted access to the code within the file other processes on the developers’ endpoint can’t access the plain text version of source code unless explicitly approved.

When an approved IDE opens source code, it reads plain text yet the file is never decrypted. However, the source code is kept within the IDE and other approved processes, such as alternate IDEs. Compilers can also be approved applications and read plain text within the secured file so that compiled code can be successful without any change to the developers’ normal workflow or changes to the build tools.

In general, when processes that consume data run on the endpoint they are either considered an Allowed Process that grants permission to read the content within files or a Denied Process, in which case they are forced to read the encrypted version of the bytes. Transport tools such as windows explorer, Mac Finder, email clients, and file sync clients (e.g. Dropbox) are all recommended to be Denied Processes, which means these processes can transport secured files but never read the plain text contents.

Securing Source Code on Endpoints

Securing source code within the clipboard‍

It is common to use the clipboard in the operating system to move data from one location to another. In source code development, the ability to copy and paste is an important tool for productivity. With SecureCircle, developers are free to copy and paste within and between Allowed Processes. However, if a developer attempts to paste code from an Allowed Process to a Denied Process, the operation will be blocked. By controlling copy and paste in this way source code can be blocked from being exfiltrated into unapproved applications and processes that are considered high risks, such as email clients or web browsers.

Securing newly created and derivative source code

When new source code files are created, they can either be secured by default, as part of a Secure Process, which secures every new file created or they can be secured based on the content of the code being a derivative of source code that was previously secured by SecureCircle.

By enabling Secure Derivative, similarities within data across files will be detected. When a new file is created with similar contents to an existing file, it will be automatically secured with the same policies as the original file and transparently encrypted to allow the security to move with the data. When source code is copied from one file to another within an Allowed Process, Secure Derivative ensures the file that receives that code will inherit the security of the file that contained the original code.

Checking source code into the repository

When checking code back into the code repository, the process on the developer endpoints can be set as an Allowed Process, which removes the encryption from the bytes within the source code as it is sent to the code repository. The source code files are encrypted in transit through SSH but are then stored in plain text format within the source code repository, which allows standard server-side tools within the code repository to continue to operate as expected. When a developer checks out the code in the future, it will be secured as per the original method described above. SecureCircle recommends that security controls be implemented on the repository to complement the code workflow described in this whitepaper.

Securing Source Code on Endpoints

Revoking access to source code

In the event that access to source code needs to be revoked, SecureCircle allows the ability to disable access to source code on endpoints by user, group, or device.

When access to data is disabled, the data is no longer accessible to the user, group or device implicated, regardless of where the data resides. Attempts to access the source code on a device that had access revoked will be denied and these attempts will be logged. Additionally, the ability to copy source code from the repository will also be revoked as the SSH private key file will no longer be accessible to the clone process on the developers endpoint. Removal of access to source code can be effective within seconds based on the configuration of time to live (TTL) settings within the SecureCircle service. Finally, access to any additional copies or derivatives will also be revoked even in the event they were copied onto removable media.

Securing Source Code on Endpoints


SecureCircle allows businesses to create workflows that automatically secure data as it moves to endpoints. By deploying SecureCircle source code is encrypted within files as they are pulled out of source code repositories with no impact to developers or the tools they use. Source code is always kept in an encrypted state, and only approved applications can access and modify the plain text code. Access to source code can be revoked at any time, regardless of where the secured source code files are being stored. Keeping data encrypted within any type of file without impacting developers or developer tools is what makes this approach to source code security unique. At SecureCircle, we believe that frictionless data security drives business value for our customers by providing persistent protection against
accidental exfiltration and insider threat. For more information on how we approach data security, please visit our website

Download Whitepaper : Securing Source Code on Endpoints

Read Article
Conditional Data Access for EndpointsConditional Data Access for Endpoints
March 17, 2021

Conditional Data Access for Endpoints

Security Weekly hosts and the CEO of SecureCircle, Jeff Capone, dive into how we can have conditional data access for endpoints. "Most folks think about using Conditional access for SaaS applications or access to specific data sources. However, once that data is accessed how do you continuously enforce conditional access "to the data" on an endpoint."

SecureCircle delivers a SaaS-based cybersecurity service that extends Zero Trust security to data on the endpoint. At SecureCircle, we believe frictionless data security drives business value for our customers. End users operate without obstacles, while data is continuously secured against breaches and insider threats. Instead of relying on complex reactive measures, we simply secure data persistently in transit, at rest, and even in use.

Conditional Data Access for Endpoints
Read Article
Cybersecurity isn't Going to Work Until it is SimpleCybersecurity isn't Going to Work Until it is Simple
March 17, 2021

Cybersecurity isn't Going to Work Until it is Simple

IBM recently reported in its fifth annual Cyber Resilient Organization Report 2020 that the average enterprise deploys 45 cybersecurity tools. Additionally, enterprises using over 50 tools ranked themselves 8% lower in their ability to detect threats and 7% lower in their defensive capabilities. Having more tools is not helping. It is causing more harm.

Enterprises often deploy multiple tools in the same category because one tool handles specific use cases the other cannot.

The idea of a converged solution is Gartner's Secure Access Service Edge (SASE). SASE aims to offer four benefits to organizations that

·   Reduce IT cost and complexity

·   Deliver a great user experience and high productivity

·   Reduce risk and fewer data breaches

·   Improve compliance with broader visibility and control

SASE replaces point products such as DLP (data loss prevention), SWG (secure web gateway), NGFW (next-generation firewall), VPN (virtual private network), CASB (cloud access security broker), and Routers with services:

·   Web Security

·   Cloud Security

·   Network Security

·   Data Security

·   Advanced Threat Protection

·   Zero Trust Network Access

So if 50 and 45 are not the right amount of tools, how many are needed? Let's focus on one of the critical tenets of SASE or any similar architecture, data security. Let's define data security as sensitive data that should never leave the organization.

Data security has failed because it monitors data only within the deployed environments, such as network, endpoints, and cloud. Legacy solutions relied on technology designed for on-premise perimeters and later extended and adapted to cloud use cases and loaded with features, disjointed policies, configurations, and workarounds. Data security has become very complex, difficult to deploy and manage at scale, and too expensive.

SecureCircle is a cloud-delivered solution based on the data itself. Policies are applied uniformly to protected data at rest, in transit, and in use regardless of location. SecureCircle deploys many of the principles of SASE.

·   Intrusion protection - SecuerCircle logs all data access attempts for SOAR (security orchestration automated response). Rich metadata is available, including user, application, device, location, and much more.

·   Content inspection - Unknown data is scanned to determine the digital DNA (dDNA) within the file. If dDNA is similar to other protected data, SecureCircle protects the new data with the same permissions as the original data. Additionally, SecureCircle can monitor data patterns and automatically protect PII, PCI, and other pattern identifiable data.

·   Malware protection & application access - Applications policies determine which applications are allowed to access protected data. Block unauthorized or unknown processes from touching data. SecureCircle automatically protects all data from critical applications such as finance tools or design software like Git or AutoCAD.

·   URL filtering & firewalling - Firewall policies to allow or reject data transfers. Policies are granular to the application level. Automatically protect data transferred from specific URLs such as HR data from or sales data from

Benefits of SecureCircle

·   Transparent to end-users. Authorized users will not even notice SecureCircle is protecting data in the background. Users follow their existing workflows. SecureCircle supports any application and file type without changing the file name or extension or modifying the application.

·   Reduce operational overhead compared to legacy solutions. All policies are managed by exception, not by rule. Removes any security tasks such as discovery and classification, which was required by legacy solutions.

·   Cost savings. SecureCircle focuses on protecting data in today's distributed environment. Licensing cost is much lower than legacy tools, and there is no dependency on discovery or classification tools. Reduction in operational overhead saves hundreds of hours used to create and maintain policies and classification states.

·   Zero trust approach. SecureCircle verifies user, device, application, network, and other factors for authorization and automatically protects data based on workflow, content, pattern, and context. For example, ransomware applications will not be able to read the contents of protected data.

·   Visibility and orchestration. SecureCircle provides unparalleled visibility to data access as well as data modification patterns. The comprehensive monitoring allows for automated orchestration tools to disable suspicious devices or notify administrators of potential ransomware applications trying to access data.

SecureCircle's Zero Trust data security allows enterprises to deploy a data security solution that relies on a scalable and straightforward architecture that enables lower operational overhead and a transparent end-user experience.

Read Article
Cybersecurity Breakthrough AwardCybersecurity Breakthrough Award
March 24, 2021

Cybersecurity Breakthrough Award

In the 4th annual Cybersecurity Breakthrough Awards 2020, SecureCircle was recognized as the top Enterprise Encryption Solution of the Year. SecureCircle delivers a SaaS-based cybersecurity service that extends Zero Trust security to data on the endpoint. At SecureCircle, we believe frictionless data security drives business value for our customers. End users operate without obstacles, while data is continuously secured against breaches and insider threats.

Cybersecurity Breakthrough Awards 2020

Cybersecurity Breakthrough Awards 2020
Read Article
National Cybersecurity Awareness MonthNational Cybersecurity Awareness Month
March 24, 2021

National Cybersecurity Awareness Month

Now that work, school, and many other life aspects have shifted online this year, it is vitally important that we remember to take on cybersecurity precautions. Working from home introduces many new challenges for companies because their data is now in multiple different locations on different devices. Since October for National Cybersecurity Month, SecureCircle wants to remind you data breaches are still increasing. 

For starters, the average cost of a data breach is now 8.64 million dollars, which is a 5% increase since 2019. Internal actors account for 31% of data breaches in North America. When working from home, many employees tend to abandon security practices and expose company information due to negligent or malicious acts. 76% of companies that have experienced a data breach have said that remote work would increase time to identify breaches. Legacy security tools do not work. 

Cybercriminals have many advantages when it comes to a remote workforce. In most cases, home setups are often insecure. Most of them lack a defense-in-depth approach, such as using VPNs, antivirus solutions, firewalls, and intrusion prevention systems to protect data in residential environments. While at home, employees also tend to use several devices, leading to multiple potential entries for threats. Overall, there are so many more cracked doors for cybercriminals to open and attack. With a Zero-Trust data security solution, companies will steer clear of data breaches and cybercriminals. 

At SecureCircle, we believe frictionless data security drives business value for our customers. We deliver a security service that simplifies Zero Trust data security on endpoints. Customers use SecureCircle because of these four key reasons :

1) Remove users from the security process

2) Transparent and frictionless to users and applications

3) Reduce cost and complexity

4) Rapid and simple deployment

Along with that, SecureCircle secures an endless amount of use cases, but we focus on three primary use cases. These use cases include :

1) Source Code Protection

2) Zero Trust data security for Saas

3) User-generated intellectual property

With SecureCircle, companies proactively keep all of their data secure without impacting user or business workflows. Instead of relying on complex reactive measures, SecureCircle simply secures data persistently in transit, at rest, and even in use.

National Cybersecurity Awareness Month

Read Article
Jeff Capone of SecureCircle: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and CybersecurityJeff Capone of SecureCircle: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity
March 24, 2021

Jeff Capone of SecureCircle: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity

As part of Authority Magazine's series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, the CEO of SecureCircle, Jeff Capone, is interviewed by Jason Remillard. Capone shares his own experiences and tips that many organizations can use to enhance their own data privacy and cybersecurity.

Jeff Capone's "5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity" :

  1. Zero Trust Data Security.
  2. Impose control around users, data, devices, and networks.
  3. Make sure to have visibility.
  4. Users should not be part of the security process.
  5. Look for the latest and greatest technology because security changes rapidly.

Read the full interview at Authority Magazine

Optimize Your Company’s Approach to Data Privacy and Cybersecurity
Read Article
The Real Enterprise Data Protection Problem: CAD files and Other Legacy Apps DataThe Real Enterprise Data Protection Problem: CAD files and Other Legacy Apps Data
March 24, 2021

The Real Enterprise Data Protection Problem: CAD files and Other Legacy Apps Data

Talk to any enterprise CISO and you quickly learn that despite all the DLP and encryption solutions that focus on protecting office files, the real problem that nobody talks about is protecting highly valuable data in non-office file formats:

  • Automotive, manufacturing and industrial enterprises rely heavily on the CAD design data format to store and exchange critical IP
  • Healthcare exchanges data in proprietary billing and patient record formats exported from Electronic Medical Records systems
  • Media and design enterprises put their most valuable IP into MOV and MP4 files, Photoshop PSD files and other media formats
  • Source code used more and more by large enterprises as part of their digital transformation contains valuable IP
  • MS Visio and MS Project formats - even Microsoft offers little to protect these critical forms of IP

Even worse, the majority of large enterprises also rely heavily on line of business ERPs like SAP, as well as their own legacy or home-grown line of business applications at the core of their operations. When data is exported from those applications whether for sharing internally or externally, that is an immediate threat to the business. 

Imagine a legacy CAD tool that produces an enterprise’s key industrial designs, however the editor is no longer supported by the vendor. Or a home-grown content authoring tool that no longer has an in-house development team. These legacy applications are so entrenched in business workflows that changing to another application for security reasons is unrealistic, so the enterprise has no choice to find a data protection solution… or simply operate with no protection. 

Compound this with sharing data between more remote workers and more data sharing with 3rd party vendors, and your most valuable data is simply pouring into the wrong hands at an alarming rate.

Traditional DLP Is Not Enough

Most enterprises have a data loss prevention (DLP) solution in place, but despite this data breaches still happen at an alarming rate. The root cause is simple: DLP lets all data flow by default and attempts to only selectively identify, classify and block sensitive data from falling into the wrong hands. But identifying sensitive data to protect is extremely error-prone. A DLP might be able to spot highly structured, pattern-oriented data like credit card numbers and social security numbers (though even that is not always true). But DLP will miss most forms of intellectual property like product designs, manufacturing blueprints, corporate IP, employee personal information, HR information, etc. This is because IP is rarely in a machine-detectable format like a credit card, and it is often housed in non-office formats like CAD, PSD, image files, source code, as well as legacy and proprietary formats that DLP doesn’t handle. 

No wonder half of all manufacturers experienced a data breach in the last year! 

Other traditional data protection technologies attempt to augment DLP to solve the issue, but are clearly ineffective as data leaks are still rampant. Manual classification, for example, puts the identification of IP in the hands of employees. However employees are busy, make error-prone decisions, and may even represent an insider threat.  Cloud Access Security Broker (CASB) and Digital Rights Management (DRM) are dependent on accurate identification of data as well, rendering them as inaccurate as DLP. And none of these solutions have true support for non-office data formats anyway.

Specialized Solutions for Different Forms of IP

There are security solutions marketed specifically for source code, or specifically targeted at protecting CAD designs. This may be the best way to address an urgent use case for a particular type of sensitive data.

Buyer beware, however: 

  • Many of these solutions are marketed as if specialized, however under the hood they simply use the same age-old techniques that have made DLP ineffective.
  • Purchasing solutions that are specialized in one use case may create additional integration and maintenance challenges 
  • There may not be a specialized solution for legacy or home-grown data formats.

DASB Solves the Enterprise Data Protection Problem

SecureCircle's Data Access Security Broker (DASB) is a specialized solution that addresses the unique needs of intellectual property data protection in any data format - CAD, PSD, Visio, MOV, etc. 

DASB achieves this in 3 ways:

  1. DASB’s default is to protect data, rather than allow data to flow. Much like a firewall that protects by default and only allows by exception, DASB protects any specialized IP by default. This is very different from DLP’s heavy and error-prone data classification techniques. 
  2. DASB is completely transparent to the end-user. DASB is able to protect by default because it can do so without the end-user even knowing that it is working behind the scenes. 
  3. DASB protects all types of data. Not just office files, but all formats including source code, specialized CAD, MOV and other formats, even home-grown and legacy data formats. 

DASB achieves this by adding an invisible layer of indirection between the user and the data, just as http became https by adding a layer of security over all exchanges on the web, regardless of the type of content served in your web browser. 

When it comes to legacy and home-grown client/server and web applications, DASB is agnostic to applications. Security is applied with zero change to the application and no impact to existing integrations or workflows.

And when it comes to users creating, copying and importing new data into the enterprise, DASB is data-centric.  DASB follows data as it moves from file to file and application to application to automatically protect derivative work without any user intervention and regardless of format including CAD, images, and health records.

A Specialized Solution, For All Data Types

CISOs who have already invested in DLP but still have a laundry list of unprotected data use cases need not worry. This is the sad norm. DASB is a specialized solution that can immediately solve a specialized data protection use case such as CAD manufacturing designs, media files, images, and homegrown and legacy data formats. DASB is fast to deploy and works in a way that is invisible to users and other security tools, so there is no need for custom integrations or changes to your process. An enterprise that deploys DASB will solve their data use case in days, not years.

But DASB is a paradigm shift that works for any data, allowing it to take on more and more use cases as needed, to evolve with the needs of your data protection strategy, rather than leaving you buying a separate product for every situation that comes up. 

What is your data protection use case? Put specialized DASB to the test. 

The Real Enterprise Data Protection Problem

Read Article
Need Zero Trust for a Remote Workforce? There's a Missing Link.Need Zero Trust for a Remote Workforce? There's a Missing Link.
March 24, 2021

Need Zero Trust for a Remote Workforce? There's a Missing Link.

Think you've secured every part of your remote employee's access? Think again. Here is what typical remote workforce security looks like:

  • the employee logs in to your network through the secure VPN - check.
  • employee uses cloud services and manipulates data, protected by the SaaS vendors - check.
  • employee access to data in the SaaS apps is limited by access controls - check.
  • employee exports data from the cloud service, and now has unfettered access to share or leak that data - OOPS!

Many enterprises have perimeter security, identity and access management, and contracts with SaaS vendors to protect their data while it is in the cloud. The weak link is the moment that data is exported by a user from a cloud service - whether Box, Dropbox, Salesforce, Github, AWS folders, SAP, etc. From the moment of export, the SaaS app vendor is no longer responsible for the data or its security, and other security tools like CASB do little to protect the data that has been exported. This allows ordinary users to accidentally share the data where it doesn’t belong, and malicious users to purposefully extract data with ease! 

This problem has been referred to as "last mile security", suggesting it is a minor edge case to be addressed down the line. However with the explosion of remote workers, contractors and 3rd party vendors working for most enterprises, and the fact that most data is now hosted in cloud services - this problem is now anything but "last mile". Securing data as it’s being exported into the user’s hands - data at the point of egress, in other words - is now front and center as the big challenge of enterprise data protection today.

What Security Tools Exist to Protect Data Exported From Cloud Services?

There are technologies that are commonly used to protect data exported from cloud services and SaaS applications, however as we will see, the problem with these technologies is that they do not work at scale. This is why cloud data leaks are so rampant, and only increasing in today's world of remote work. 

Cloud Access Security Brokers, or CASB, are installed by enterprises to filter data that passes to and from the cloud. 

By default, they allow all data to pass through unfettered, but run algorithms to attempt to identify and classify sensitive data and block the sensitive data from being shared, based on a rule set. Unfortunately, the automatic identification of data is highly error prone, often blocking data that should not have been blocked, while missing highly sensitive data that is allowed to pass without a word. 

CASBs have some practical uses. They can be useful to identify "shadow IT" - unsanctioned cloud services that employees are using. CASBs can apply classification to data that passes in and out of the cloud, which can be useful for enterprise data management and analytics, privacy and compliance programs. But as a way of solving the last mile problem, CASB does not begin to protect data accurately, and imposes a heavy burden on productivity along the way. 

Digital Rights Management, or DRM, is another technology that traditionally attempts to protect data exported from cloud services. DRM manipulates the data that has been exported from the cloud, encrypting files and embedding access control information into the header such that any attempt to access the file requires a callback to the enterprise server to allow the file to be decrypted. Unfortunately, this technology still relies on identification and classification to accurately identify what files to encrypt, which is highly error prone. And files that do get encrypted impose a heavy usability burden. Only certain file types can be encrypted, they can only be read by certain applications, they require special access credentials, there is no interoperability between DRMs, and access rights are often too restrictive, just to name a few limitations - rendering DRM-protected data unusable at scale. In practice, there are virtually no real-world examples of DRM deployments in the enterprise.

DASB Provides Zero Trust Data Protection, at Scale

Data Access Security Broker (DASB) is the missing link to protect data exported from cloud services, and more generally, to protect any data. 

There are 3 keys to the DASB paradigm:

  1. Data is protected by default. Much like a firewall that protects by default and allows by exception, DASB protects all data exported from cloud services by default. This is very different from CASB that is heavy and error-prone data classification techniques. 
  2. DASB is completely transparent to the end-user. DASB is able to protect by default because it can do so without the end-user even knowing that it is working behind the scenes. 
  3. DASB protects any type of data. Not just office files, but all formats including source code, specialized CAD, MOV and other formats, even home-grown and legacy data formats. 

When you can protect all data by default, any data type, and do that in a way that is completely transparent to the end-user, you have a paradigm that scales

With DASB, enterprises are now able to achieve zero-trust data protection, even on data exported from their SaaS apps into the hands of remote workers, contractors and third-party vendors. At scale, this means the largest enterprises enable productivity of their remote workforce with total protection. That data remains persistently protected wherever it goes, only accessible to those who have permissions to access it. However, DASB is completely invisible to end-users. This is true for any data type, without modifying applications or the data itself.

In today's work-from-anywhere world, there is a missing link. Controlling data once it is exported out of your perimeter and out of your SaaS apps. This is a rampant source of data leaks because no technology exists that can solve the problem at scale - until now. Welcome to DASB.

Zero Trust for a Remote Workforce

Read Article
Zero Trust: SecureCircle plus Endpoint Detection and ResponseZero Trust: SecureCircle plus Endpoint Detection and Response
March 24, 2021

Zero Trust: SecureCircle plus Endpoint Detection and Response

The Challenge

ISCS obtains confidential information from their customers as part of the normal operations. The data could include business plans, detailed cost information, and intellectual property such as source code. ISCS wants to deploy a Zero Trust data security solution to demonstrate to customers’ their data is safe by preventing insider threats and securing SharePoint sites which ISCS uses to collaborate with their customers.

The Solution

Unlike other security solutions which rely on users to be involved in the security process, SecureCircle has adopted a Zero Trust philosophy. Zero Trust data security is a practice of never trusting users with data. For zero trust to be effective, data must be secured by default and not by exception.

ISCS has a very cloud-centric application model which can cause issues with users downloading SaaS data on unauthorized devices. To prevent this, ISCS has adopted SecureCircle’s Data Access Security Broker (DASB). Now, all data downloaded from the cloud will automatically be secured by SecureCircle. SecureCircle is deployed as a SaaS service itself, so there are no operational tasks involved with maintaining SecureCircle. Employees are unaware of any additional layer of security since their workflow for downloading SaaS data such as Microsoft, ADP, and Oracle has not changed and employees continue to use the same applications.

SecureCircle monitors the ISCS SharePoint Server and SaaS applications such as ADP, Oracle, NetSuite, GitHub, and others to automatically secure data as it leaves the cloud and moves onto employee endpoints. SecureCircle is able to secure corporate devices and well as BYOD devices. There is no change to data in the cloud so all SaaS applications continue to work without modification or awareness SecureCircle is securing data as the data egresses.

All identity management is centralized with ISCS’ existing Azure Active Directory server. Deployment of SecureCircle is simple for ISCS. ISCS deploys SecureCircle endpoint agents via their Mobile Device Management (MDM) solution that is already in place to deploy and update applications on endpoints.

The Outcome

Since other data security services cannot meet the requirements of Zero Trust, by deploying SecureCircle the ISCS CISO said, “The combination of SecureCircle with an advanced Endpoint Detection and Remediation solution provided us the capability to affordably implement a Zero Trust security architecture that completely captures and controls all user’s interactions with our information no matter where they are, what device they are using (corporate owned, BYOD or customer owned) or what system they are using. SecureCircle is the breakthrough information rights and data loss prevention technology we were looking for.”

Not only did SecureCircle secure ISCS data, but also without increasing the operational over-head required to maintain the solution.

Download PDF version of this case study

SecureCircle plus Endpoint Detection and Response

Read Article
Case Study
Millions of Data Leaked Due to Unsecured DatabasesMillions of Data Leaked Due to Unsecured Databases
March 24, 2021

Millions of Data Leaked Due to Unsecured Databases

Unsecured databases are quickly becoming a massive data security problem. Researchers have found close to 10.5 billion pieces of consumer data left vulnerable on almost 10,000 unsecured databases across 20 countries. With the information stored in unprotected databases, cybercriminals would have to put little to no effort to access the data. 

Since hacking databases can be an easy target for cybercriminals to steal data, they are becoming more frequent. Just the smallest mistake made by a database manager can lead to large amounts of intimate data to be left sitting on the internet. Virtually anyone could access these unsecured databases through publicly available websites and tools. Search engines such as Censys and Shodan assist hackers in scanning the web to view databases left open. 

With the data in hand, hackers can easily cause all sorts of damage to their victims and their data. Information such as full names, logins, and addresses are most valuable to spammers and cyber criminals conducting phishing campaigns. Data could also be used to run phishing attacks that could lead to thousands of dollars in losses from selling on the dark web.

Last month, 235 million users on popular databases such as Instagram, Tik Tok, and Youtube profiles were exposed to massive data leaks. Based on collected samples, one in five records contained either a telephone number or an email address. Along with that, every record contained some or all data, including full names, profile photos, and account descriptions.  The leaked data is said to have originated from a Hong-Kong registered company, Deep Social, which sells data on social media. 

Unfortunately, unsecured databases are not disappearing anytime soon. It will only become more common. For organizations to protect and secure their website databases,  they should deploy Zero Trust data security such as SecureCircle.  Regardless of where data is stored including databases, source code repositories, or SaaS applications such as Salesforce or Workday, data needs to persistently secure.  

At SecureCircle, we believe frictionless data security drives business value for our customers. End users operate without obstacles, while data is continuously secured against breaches and insider threats. Instead of relying on complex reactive measures, we simply secure data persistently in transit, at rest, and even in use.

Millions of Data Leaked Due to Unsecured Databases

Read Article
Enterprise Security Weekly | Zero Trust Data SecurityEnterprise Security Weekly | Zero Trust Data Security
March 24, 2021

Enterprise Security Weekly | Zero Trust Data Security

Enterprise Security Weekly | Zero Trust Data Security is a very popular security architecture that is being adopted by many organizations. In this webcast, Paul Asadoorian of Security Weekly and SecureCircle walk through how SecureCircle implements a zero-trust solution. A zero-trust solution requires the owner of the data to always be in control at all times. The owner is in control of all of the networks, devices, users, and data. 

Source code is one of the most fluid and valuable pieces of data that organizations need to protect and maintain control. With SecureCircle, keeping source code protected is now possible with Zero Trust Data Security. The owner of the source code will have control at all times and enables the developer to do their job without giving up control over their data.

Zero Trust Data Security
Read Article
Traditional Data Security Fails to Be Zero TrustTraditional Data Security Fails to Be Zero Trust
March 24, 2021

Traditional Data Security Fails to Be Zero Trust

Data security tools are not providing enough value for their customers.  The average total cost of a data breach in the United States is nearly $9million per the 2020 IBM Cost of Data Breach Report.  That is a five % increase from 2019.  31% of data breaches in North America can be attributed to internal actors.

Per the Verizon 2020 Data Breach Investigations Report, 76% of companies that experienced breaches said remote work would increase time to identify and thus continue to increase costs to organizations.

What is Zero Trust Data Security

  • Zero Trust data security is a practice of never trusting users with data.  For zero trust to be effective, data must be secured by default and not an exception.
  • Never trusts the user with the data or giving them control. Instead, allow users to work with the data as if they’re in control.

Data breaches and news headlines confirm Data Loss Prevention (DLP) solutions are broken.  Customers like DLP because it seems easy. Three well-known steps: discover, classify, and protect.  With DLP, chief information security officers (CISO) and other security teams feel like DLP casts a wide net.

Customers dislike DLP because it relies on users to be trusted, which creates security gaps that are hard to anticipate.  Maintaining DLP is impossible because the DLP model creates rules to block behavior, so IT and security teams are constantly chasing the next unknown.  Rule maintenance is a never-ending battle of finding new egress points in organizations.  Let’s review the three components of DLP.

Discover and identification of data that needs to be classified doesn’t work because legacy DLP solutions rely on fragile pattern matching like a regex expression.  Tiny changes to the pattern leave false positives and negatives that are not reliable.  

DLP regex discovery may work for phone numbers and very static formatted data, but there is no pattern to match to locate ‘top secret’ data.  ‘Top secret’ data could include intellectual property, internal finance and HR data, and more.  DLP relies on users to discover this type of data.

Classify and tag data with labels so the protection systems can take the proper action.  Tagging data in legacy DLP solutions only captures the data at the moment in time.  DLP tags do not automatically update when the data changes.  DLP requires tags to be added to file metadata.  But most file types don’t support the ability to add metadata to the file.  This creates a dependency that DLP requires to function properly.  It is the same reason these solutions can’t support any file type or any application.  So again, DLP relies on users to classify and tag data.

Protection of tagged data.  Assuming the discovery and classification steps were correctly executed, data is protected by creating rules to block activity and transfers. Information is not protected by default.  DLP depends on rules that either block (stopping the action or transfer), allow, or encrypt the data.  Rules have to be created for every workflow possibility.  When new applications are used, new rules must be created.  When new functionality is added to existing applications, new rules must be created.  DLP is an operational nightmare as security teams are in an endless battle to keep rules updated.  Users will find ways to egress data.  There are too many possibilities, and manual rule creation is error-prone at a minimum and deficient for most organizations.

Alternatives to DLP include Secure Access Service Edge (SASE).  SASE is a combination of Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), DLP, and SD-WAN to isolate applications, segment networks, and authenticate based on user permissions, authentication, and verification before giving access to resources that include data.  Designed for a cloud world, SASE puts a perimeter around cloud services but still forces all data through one focal point, which has different performance, reliability, and security concerns.  Data protection for SASE still relies on traditional DLP for data protection.  Therefore, SASE has the same downfalls as traditional DLP.

Another security option for organizations looking for Zero Trust data protection is Virtual Desktop Infrastructure (VDI).  VDI was never designed as a security solution.  VDI provides all the benefits of SASE by putting the user in the data center.  The user is working with data but doesn’t have control over the data.  The data is always in the data center.  VDI was designed for the local area network (LAN) world like a doctor's office or call center.  

VDI is used by some organizations to protect the holy grail of data, which is source code.  Source code is exceptionally challenging to secure because appeasing developers and not impeding their productivity or changing their workflow is always a concern for organizations.  Developers are a tough audience to keep happy.

The downfalls of VDI is that the solution is costly, latent, decreases productivity, and user experience is not optimal. Still, it does check all the requirements for Zero Trust data protection.

SecureCircle is able to deliver a Zero Trust data protection solution that allows organizations to control data without impacting how the user needs to do their job.  Users aren’t affected by reduced productivity or a change in the workflow, so they won’t try to find ways to get around security because security is transparent.

We have highlighted source code as the holy grail of data because source code has been complicated to secure. Still, SecureCircle protects data in other use cases such as (1) protecting SaaS data as it leaves the cloud application and (2) user-created content such as media, design, and office data.

Why Do Customers Choose SecureCircle?

  • We remove users from a security process so you don’t have to rely on users doing the right thing.
  • Transparent and frictionless to applications and users
  • Reduce cost and complexity (one tool, protect by default persistently)
  • Rapid deployment 

SecureCircle persistently protects data by default.  Data is secured at rest, in transit, and in use.  Organizations grant workflows, applications, or users the ability to egress data from protection and create auditable events for compliance visibility.  SecureCircle focuses on protecting not just devices or data but also the process and workflow around data creation, storage, and use.

SecureCircle tracks protected data, and when protected data is moved to new or unprotected files, the new file is automatically protected with the same permissions as the original data.  Tracking data and not files allows SecureCircle to allow copy and paste and SaveAs functions while continuing to protect data as it moves.

User, device, application, and network permissions can be changed in real-time since organizations never lose control of data regardless of where data is created, stored, or transferred.

SecureCircle is the only Zero Trust data protection solution that can protect data, reduce management overhead and cost, and not impact user behavior or workflow.

Traditional Data Security Fails to Be Zero Trust

Download a PDF version of content

Read Article
Why Traditional Data Security Can't Be Zero TrustWhy Traditional Data Security Can't Be Zero Trust
March 24, 2021

Why Traditional Data Security Can't Be Zero Trust

Security Weekly Webcast: The challenge in securing data has increased in complexity as businesses move aggressively to cloud and modernize IT through the use of SaaS applications. In this virtual training, Paul Asadoorian of Security Weekly and SecureCircle will walk through how both legacy approaches, such as DLP, and modern approaches, such as CASB, struggle to plug the real world security holes that are required to meet a zero trust security model.As part of this training, the SecureCircle team will go deep into the different data security techniques and how zero trust requires more comprehensive protection that keeps data protected by default, not by exception.

Why Traditional Data Security Can't Be Zero Trust
Read Article
Intel Internal Data Leaked By Server Hacker or Third-Party?Intel Internal Data Leaked By Server Hacker or Third-Party?
March 24, 2021

Intel Internal Data Leaked By Server Hacker or Third-Party?

Yet again, another case of leaked data has hit the web. Intel, the largest chipmaker in the United States is investigating a data breach that leaked 20 GB of internal data. The assortment of documents included some marked as confidential, under NDA, and unrestricted secret. Till Kottman, a swift software engineer shared the data on the file-sharing site MEGA. 

Kottman claims to have received the files from an anonymous hacker who insists they breached Intel earlier this year. The hacker claims to have found the data on an unsecured server via a simple Nmap scan. Many of which had zip files with easy to guess passwords. Kottman received the leaks due to his management on a popular telegram channel that frequently leaks data from major tech companies. Just a few weeks ago, Kottman released source code files of over 50 high profile companies such as Disney. The data released on Intel included technical specifications, product guides, and manuals for the company's CPUs. This contained confidential details on chip road maps, development and debugging tools, schematics, training videos, process simulator ADKs, sample code, and Bringup guides. 

Even though the data breach did not include personal data of Intel’s clients or workers, it exposed the source code of their third parties. Intel denies Kottman’s claim the data breach was caused by the anonymous hacker. Intel claims the leaked data was from the Intel Resource and Design Center which hosts data for use by customers, partners, and external parties who have registered for access. Intel believes that an individual with access downloaded and shared the data. 

Whenever providing intellectual property access to another organization or individual, it is important to log who had access, when they had access, and what they accessed. With SecureCircle’s patented Data Access Security Broker (DASB), you have control of your data. Every action to your data turns into an auditable event. DASB is a completely transparent data-centric protection solution, which not only provides a data log that becomes auditable when integrated with your SIEM but also enables mapping to a wide variety of compliance requirements pertaining to data visibility/tracking and protection/encryption. So even if Intel’s third parties had access to data, SecureCircle would’ve been able to protect the files from being released publicly.

Intel Internal Data Leaked By Server Hacker or Third-Party?
Read Article
Cybersecurity Risks That Come With Remote LearningCybersecurity Risks That Come With Remote Learning
March 24, 2021

Cybersecurity Risks That Come With Remote Learning

For many students, back to school session is right around the corner. Under the new circumstances of remote learning, students need to become aware of the importance of data security. School districts in the United States already have many cybersecurity shortcomings. Many lack the funding and skilled personnel to provide cybersecurity defenses. With many cybersecurity vulnerabilities in remote learning environments, hackers know they are easily able to squeeze through the door and attack. 

SecureCircle understands the challenges enterprises have with protected sensitive data, including PII, PCI, PHI, and corporate trade secrets.  SecureCircle's Zero Trust data protection eliminates data breaches and insider threats by protecting all data outside of SaaS applications. SecureCircle's Data Access Security Broker (DASB) protects and monitors data, including data egressing from enterprise cloud services and managed repositories to enforce access controls on data regardless of location, including cloud and endpoint devices. SecureCircle protects data transparently and persistently at scale delivering the world's only Zero Trust data protection. Schools are not different.

Many schools are relying on video communications such as Zoom and Google Hangouts for remote learning. For many teachers, transitioning from in-class to online sessions has been pretty tricky already. Because of that, some teachers struggle to secure their data on the platforms adequately. “Zoombombing,” a term used for internet trolling on video conferences involving an unwelcome guest who takes over the audio or video controls to display inappropriate materials or remarks. Zoombombing was non-existent up until schools went online. On April 1, a video meeting hosted by Utah’s Alpine School District was interrupted by an uninvited guest. The hacker revealed pornographic images to dozens of elementary school students. Internet trolling is one of the many reasons why everyone should be taking extra security precautions online. Now, it is more common for schools to set up their meetings using passwords. 

Students who use learning platforms, such as K12 and Chegg, also face many cybersecurity vulnerabilities. With most of these platforms, students are required to create an account using their personal information. Without proper security measures, the user’s account information is bound to get stolen. Last year, K12 failed to keep one of their databases updated, which left almost 7 million records for 19,000 students available for anyone to take. The information exposed included full names, email addresses, birthdates, gender, age, and school names. Something as minor as a database issue can lead to a violation of a student’s privacy, increasing their risk of identity theft, spear phishing, or even physical harm. 

Another major issue with remote learning is the increased amount of phishing scams targeting students. Just with one click, a hacker can unlock your username, password, personal information, or even download malware onto the device. Hackers typically pose as administrators of the school, sending compelling messages to get students to click on their link. It is imperative for students to become aware of what they are clicking on and how much damage it can cause. 

We understand that teachers, parents, and students are not prepared to be IT administrators, so we’ve put together a few tips to improve your cybersecurity this school year.

  • Do not reuse passwords: If the password gets stolen, hackers are easily able to gain access to multiple different accounts.
  • Make sure your device is updated with the latest updates for your operating system and applications: many hackers rely on known vulnerabilities in older versions.
  • Never provide anyone your password.
  • Don’t post any personal information, such as your phone number or address online. Your teacher and school already know this information and will not be asking for it.

With SecureCircle, data is proactively protected regardless of where data is created, consumed, stored, or modified. SecureCircle’s DASB seamlessly integrates with existing systems, ensuring there is zero impact on the current workflow or productivity. Now more than ever, it is more vital that schools and students take on higher security measures.

Cybersecurity Risks That Come With Remote Learning

Read Article