The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture.

MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge.

Cynomi, the first AI-driven vCISO platform, can help.

Cynomi enables you – MSPs, MSSPs and consulting firms – to provide vCISO services at scale – without straining your existing resources. Cynomi is modeled after the knowledge of the world’s best CISOs, allowing you and your clients to gain access to expert-level security and compliance insights and tools.

Cynomi provides the two main vCISO pillars, security and compliance, in an automated and actionable manner. This includes security assessments, gap analysis, compliance readiness, policy creation, task management and reporting. With Cynomi, you will benefit from increased revenue, a growing customer base, reduction in risk assessment time, a decrease in report generation time, well-structured processed and shorter employee onboarding times.

Let’s see how easy Cynomi is to work on:

Setting Up and Managing Multi-Tenant Accounts

Focusing on partners, Cynomi was designed to support multi-tenancy. You can independently create and manage a separate sub-account for each of your clients, allowing you to easily manage and track each one, as well as giving them access to Cynomi.

Figure 1: Cynomi account management screen

To support your scalability and growth, you can delegate roles and ownership among your team for each client account. You will still enjoy admin-level cross-account visibility and privileges.

For centralized management of all your clients, Cynomi provides a unified account management screen where you can edit user details, resend invitations, unlock blocked accounts and more.

Wherever you are on the platform, you’re always just a click away from the admin panel and all your user accounts.

Building a Cyber Profile with an Onboarding Questionnaire

Onboarding a new client starts with gathering high-level information about them, allowing to build a relevant remediation plan. This includes an onboarding questionnaire about their infrastructure. Once completed, Cynomi generates a tailored set of short follow-up questionnaires for security posture evaluation.

Figure 2: Cynomi onboarding questionnaire

Figure 3: Cynomi tailored-made follow-up questionnaires

Completing all the questionnaires delivers a comprehensive view of client security posture and gaps. Based on the responses, Cynomi offers custom tailored policies that cover all steps required for remediating security gaps.

Questionnaires can be revised at any time if a client’s environment changes. Policies will be automatically updated accordingly.

Internal and External Scans

To augment and complete your understanding of your client’s cyber profiles, Cynomi allows you to scan and assess their external and internal assets.

External Scanning:

For assessing the security of externally exposed assets, Cynomi scans IPs and URLs and discovers vulnerabilities as well as secured configurations. This includes scanning risky ports, checking protocols and encryption, verifying email configuration parameters, technology updates of web applications and more.

Figure 4: Cynomi scan results screen

Users can drill down into each scan finding to see an in-depth description and remediation options. Any detected vulnerabilities are automatically added to the account’s task list, according to their severity.

Figure 5: Drill-down to a specific finding

Scan results are available in just a few minutes.

Internal Scanning:

For discovering vulnerabilities in the client’s internal networks. Scans cover client assets like active directory and endpoints and assess its security hygiene and configuration.

You can also upload your NESSUS external scan, Qualys external scan or Microsoft Secure Score CSV files.

Scan findings are aggregated in an aggregated table and linked to the relevant tasks and policies they are related to.

Security Assessment

Cynomi continuously parses each client’s cyber profile against industry-specific security standards, regulatory frameworks and industry-specific threat intelligence. These are coupled with the information from the security questionnaires and the scans.

Based on the company-specific profile, the relevant cyber domains are dynamically picked with the optimized requirements. Each requirement is assigned a criticality level, representing the importance of this requirement for the organization’s security posture. Risks such as ransomware and data leak are calculated as well, based on the organization’s sensitivity to those attacks.

The result is a single pane of glass view of each client’s overall security posture and its progress over time.

The dashboard includes:

• Overall security posture score
• Vulnerability and exploit gap analysis
• Risk score for a specific threat vector
• Remediation plan with actionable prioritized tasks
• Status against various compliance frameworks requirements

Figure 6: Cynomi main dashboard

Comprehensive, Continuous Compliance Assessment

For meeting compliance requirements, Cynomi presents the client status against various compliance and security frameworks (list continuously updated):

• CIS v8
• ISO 27001
• NIST CSF 1.1
• NIST CSF2.0
• NIST-171
• NIST-SSDF
• SOC 2
• CMMC L1, CMMC L2
• GDPR
• NIS2
• PCI-DSS
• HIPAA security
• Cyber Essentials
• FTC Safeguard Rule
• SEC compliance
• ICS Cyber Security
• CCPA
• FFIEC

The compliance module is actionable and allows seeing the details of each control in each framework and how each task maps into each framework.

The compliance status against frameworks is updated continuously so you are always aware of your client’s readiness level.

Figure 7: Cynomi compliance dashboard

You can also download a dedicated compliance status report per client. The report includes:

• Overall compliance status
• A list of controls
• Maturity level
• Control status
• Control mapping to framework
• Implementation status
• A link to the relevant Cynomi tasks

With this information, you can easily understand where your clients stand and what gaps need to be closed in order to comply with different frameworks. You can then build a remediation plan for each framework you selected with just a few clicks.

Tailor-made Security Policies

It’s time to get down to business. Cynomi automatically generates a set of policies for each client. They are custom-created leveraging decades of built-in CISO expertise and crafted to be easy to follow and actionable.

On the policies view, you’ll find:

• The company score for all generated policies
• The option to drill down into the details of each policy, including purpose, scope and protection requirements
• Information on the tasks and progress that need to be completed for securing the policy’s domain

For example, this policy screen shows the client’s score per policy and allows you to drill down to see a breakdown of the policies requirements.

Figure 8: Cynomi policies screen

Policies are editable and customizable.

Actionable, Prioritized Remediation Tasks

Modeled after the knowledge of the world’s best CISOs, each policy requirement is also translated into an actionable task for remediation. Tasks are easy and intuitive to understand and follow and are displayed in an AI-generated prioritized list that includes its severity and status.

Task types include:

• Technical controls
• Administrative procedures
• Security components configurations
• And more

Figure 9: Cynomi tasks screen

The list and tasks can be edited. This flexibility allows the operating vCISO to postpone or defer certain tasks without affecting policy status or severity.

To track and manage tasks, users can apply filters, jump back to tasks that are already in progress, or focus on high severity tasks only. All progress is tracked, and tasks completed are automatically reflected in the client’s overall security posture score.

To execute and understand tasks, each task can be drilled into for step-by-step guidance on putting a control in place or mitigating the risk. Tasks are also customizable, allowing you to add best practice guidance, as well as evidence that supports the task.

Figure 10: Drill-down to a specific task

Plan and Roadmap

Cynomi leverages AI and automations to create a suggested plan. Then, the Cynomi platform provides the user with a wealth of tools and capabilities for planning, ongoing task management optimization and progress tracking:

• Assigning tasks to short-, medium- and long-term plans
• Allocating tasks to plans
• Adding due dates
• Filtering according to framework, due date, status, and more
• Editing tasks per changing needs
• Adding information and evidence to each task, per account or across the board, with specification, details and recommendations
• Adding product and service recommendations to tasks for upselling new services

Figure 11: Cynomi automated risk mitigation plan

Customer-facing Reports

Cynomi includes built-in customer-facing reporting for each client. You can generate reports at the click of a button with your own branding showing the client’s security level, improvement, trends, compliance gaps and comparisons with industry benchmarks. Reports include:

• Full Report – Your client’s cybersecurity posture. Use the report to present your clients’ status to them and your suggested remediation plan. Over time, updating the report will show the security improvements you helped them make.
• Risk Findings Report – Your clients’ risk exposure based on the platform scans.
• Compliance Report – Your clients’ compliance readiness and status.

Figure 12: Cynomi reports

These reports can help you to easily show your clients their current cyber posture status, the progress you helped them make and the impact of your work. Use these reports to open up conversations with management, IT and other stakeholders. Show them the security risks, help them understand requirements and demonstrate progress as each task is completed.

Continuous Optimization

Unlike one-time assessment tools, Cynomi continuously updates your client’s risk score, compliance readiness policies and tasks and shows progress over time. These are based on changes in your client environment, regulatory requirements and industry-specific threat intelligence. With this information, you can rest assured that you will always stay on top of your clients’ compliance and cybersecurity posture and demonstrate the value of your strategic cybersecurity service to them.

The Bottom Line

Cynomi’s AI-powered vCISO platform is designed to help MSPs and MSSPs grow their business and revenue through vCISO services. Cynomi helps service providers deliver comprehensive vCISO services to SMBs and SMEs, from risk assessments to security policies to plans and reporting, across both vCISO pillars: security and compliance. By understanding the impact of each task and action on both security and compliance, MSPs/MSSPs can make the most professional decisions for their clients. This allows MSPs and MSSPs to expand their customer base and secure recurring revenue with existing customers.

Cynomi also reduces vCISO tasks’ time by over 40% and helps onboard new employees quickly, so responsibilities can be delegated to them, regardless of seniority. By simplifying and standardizing processes, MSPs/MSSPs can onboard employees and customers quickly and cut time-to-value by half.

Finally, Cynomi’s reports allow MSPs and MSSPs to leverage reports and demonstrate tangible impact. This opens up conversations with leadership and increases upsell of services and products.

Visit Cynomi website to test it yourself.

Mar 27, 2024NewsroomVulnerability / Data Security

Cybersecurity researchers are warning that threat actors are actively exploiting a “disputed” and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining.

“This vulnerability allows attackers to take over the companies’ computing power and leak sensitive data,” Oligo Security researchers Avi Lumelsky, Guy Kaplan, and Gal Elbaz said in a Tuesday disclosure.

“This flaw has been under active exploitation for the last seven months, affecting sectors like education, cryptocurrency, biopharma, and more.”

The campaign, ongoing since September 2023, has been codenamed ShadowRay by the Israeli application security firm. It also marks the first time AI workloads have been targeted in the wild through shortcomings underpinning the AI infrastructure.

Ray is an open-source, fully-managed compute framework that allows organizations to build, train, and scale AI and Python workloads. It consists of a core distributed runtime and a set of AI libraries for simplifying the ML platform.

It’s used by some of the biggest companies, including OpenAI, Uber, Spotify, Netflix, LinkedIn, Niantic, and Pinterest, among others.

The security vulnerability in question is CVE-2023-48022 (CVSS score: 9.8), a critical missing authentication bug that allows remote attackers to execute arbitrary code via the job submission API. It was reported by Bishop Fox alongside two other flaws in August 2023.

The cybersecurity company said the lack of authentication controls in two Ray components, Dashboard, and Client, could be exploited by “unauthorized actors to freely submit jobs, delete existing jobs, retrieve sensitive information, and achieve remote command execution.”

This makes it possible to obtain operating system access to all nodes in the Ray cluster or attempt to retrieve Ray EC2 instance credentials. Anyscale, in an advisory published in November 2023, said it does not plan to fix the issue at this point in time.

“That Ray does not have authentication built in – is a long-standing design decision based on how Ray’s security boundaries are drawn and consistent with Ray deployment best practices, though we intend to offer authentication in a future version as part of a defense-in-depth strategy,” the company noted.

It also cautions in its documentation that it’s the platform provider’s responsibility to ensure that Ray runs in “sufficiently controlled network environments” and that developers can access Ray Dashboard in a secure fashion.

Oligo said it observed the shadow vulnerability being exploited to breach hundreds of Ray GPU clusters, potentially enabling the threat actors to get hold of a trove of sensitive credentials and other information from compromised servers.

This includes production database passwords, private SSH keys, access tokens related to OpenAI, HuggingFace, Slack, and Stripe, the ability to poison models, and elevated access to cloud environments from Amazon Web Services, Google Cloud, and Microsoft Azure.

In many of the instances, the infected instances have been found to be hacked with cryptocurrency miners (e.g., XMRig, NBMiner, and Zephyr) and reverse shells for persistent remote access.

The unknown attackers behind ShadowRay have also utilized an open-source tool named Interactsh to fly under the radar.

“When attackers get their hands on a Ray production cluster, it is a jackpot,” the researchers said. “Valuable company data plus remote code execution makes it easy to monetize attacks — all while remaining in the shadows, totally undetected (and, with static security tools, undetectable).”

Mar 04, 2024NewsroomAI Security / Vulnerability

As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform.

These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said.

“The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims’ machines through what is commonly referred to as a ‘backdoor,'” senior security researcher David Cohen said.

“This silent infiltration could potentially grant access to critical internal systems and pave the way for large-scale data breaches or even corporate espionage, impacting not just individual users but potentially entire organizations across the globe, all while leaving victims utterly unaware of their compromised state.”

Specifically, the rogue model initiates a reverse shell connection to 210.117.212[.]93, an IP address that belongs to the Korea Research Environment Open Network (KREONET). Other repositories bearing the same payload have been observed connecting to other IP addresses.

In one case, the authors of the model urged users not to download it, raising the possibility that the publication may be the work of researchers or AI practitioners.

“However, a fundamental principle in security research is refraining from publishing real working exploits or malicious code,” JFrog said. “This principle was breached when the malicious code attempted to connect back to a genuine IP address.”

The findings once again underscore the threat lurking within open-source repositories, which could be poisoned for nefarious activities.

From Supply Chain Risks to Zero-click Worms

They also come as researchers have devised efficient ways to generate prompts that can be used to elicit harmful responses from large-language models (LLMs) using a technique called beam search-based adversarial attack (BEAST).

In a related development, security researchers have developed what’s known as a generative AI worm called Morris II that’s capable of stealing data and spreading malware through multiple systems.

Morris II, a twist on one of the oldest computer worms, leverages adversarial self-replicating prompts encoded into inputs such as images and text that, when processed by GenAI models, can trigger them to “replicate the input as output (replication) and engage in malicious activities (payload),” security researchers Stav Cohen, Ron Bitton, and Ben Nassi said.

Even more troublingly, the models can be weaponized to deliver malicious inputs to new applications by exploiting the connectivity within the generative AI ecosystem.

The attack technique, dubbed ComPromptMized, shares similarities with traditional approaches like buffer overflows and SQL injections owing to the fact that it embeds the code inside a query and data into regions known to hold executable code.

ComPromptMized impacts applications whose execution flow is reliant on the output of a generative AI service as well as those that use retrieval augmented generation (RAG), which combines text generation models with an information retrieval component to enrich query responses.

The study is not the first, nor will it be the last, to explore the idea of prompt injection as a way to attack LLMs and trick them into performing unintended actions.

Previously, academics have demonstrated attacks that use images and audio recordings to inject invisible “adversarial perturbations” into multi-modal LLMs that cause the model to output attacker-chosen text or instructions.

“The attacker may lure the victim to a webpage with an interesting image or send an email with an audio clip,” Nassi, along with Eugene Bagdasaryan, Tsung-Yin Hsieh, and Vitaly Shmatikov, said in a paper published late last year.

“When the victim directly inputs the image or the clip into an isolated LLM and asks questions about it, the model will be steered by attacker-injected prompts.”

Early last year, a group of researchers at Germany’s CISPA Helmholtz Center for Information Security at Saarland University and Sequire Technology also uncovered how an attacker could exploit LLM models by strategically injecting hidden prompts into data (i.e., indirect prompt injection) that the model would likely retrieve when responding to user input.

Feb 28, 2024The Hacker NewsWebinar / Privacy

In today’s digital era, data privacy isn’t just a concern; it’s a consumer demand. Businesses are grappling with the dual challenge of leveraging customer data for personalized experiences while navigating a maze of privacy regulations. The answer? A privacy-compliant Customer Data Platform (CDP).

Join us for a transformative webinar where we unveil Twilio Segment’s state-of-the-art CDP. Discover how it champions compliant and consented data use, empowering you to craft a holistic customer view and revolutionize engagement strategies.

What Will You Learn?

• Strategies for ethically democratizing data across your organization.
• The power of first-party data in unlocking profound customer insights.
• The pivotal role of a CDP in fostering compliant and consented data utilization.
• Proven customer engagement methodologies from industry leaders.

Why Should You Attend?

Twilio Segment’s State of Personalization Report reveals a compelling truth: 63% of consumers welcome personalization, provided it stems from directly shared data.

However, the phasing out of third-party cookies, the advent of privacy-centric browsers, and stringent regulations like GDPR have left businesses pondering how to personalize effectively within a privacy-first framework.

Don’t Miss Out!

In an age where data privacy and compliance are not just buzzwords but imperatives, mastering the ethical management of customer data is crucial for businesses striving for excellence.

Circle your calendar for “Building Your Privacy-Compliant Customer Data Platform (CDP) with First-Party Data.” Secure your spot now for an enlightening session you can’t afford to miss!