Google updates its speech tech for contact centers

Last July, Google announced its Contact Center AI product for helping businesses get more value out of their contact centers. Contact Center AI uses a mix of Google’s machine learning-powered tools to help build virtual agents and help human agents as they do their job. Today, the company is launching several updates to this product that will, among other things, bring improved speech recognition features to the product.

As Google notes, its automated speech recognition service gets to very high accuracy rates, even on the kind of noisy phone lines that many customers use to complain about their latest unplanned online purchase. To improve these numbers, Google is now launching a feature called “Auto Speech Adaptation in Dialogflow,” (with Dialogflow being Google’s tool for building conversational experiences). With this, the speech recognition tools are able to take into account the context of the conversation and hence improve their accuracy by about 40%, according to Google.

Speech Recognition Accuracy

In addition, Google is launching a new phone model for understanding short utterances, which is now about 15% more accurate for U.S. English, as well as a number of other updates that improve transcription accuracy, make the training process easier and allow for endless audio streaming to the Cloud Speech-to-Text API, which previously had a five-minute limit.

If you want to, you also can now natively download MP3s of the audio (and then burn them to CDs, I guess).

dialogflow virtual agent.max 1100x1100

Buy a demo table at TC Sessions: Enterprise 2019

Early-stage enterprise startup founders listen up. That sound you hear is opportunity knocking. Answer the call, open the door and join us for TC Sessions: Enterprise on September 5 in San Francisco. Our day-long conference not only explores the promises and challenges of this $500 billion market, it also provides an opportunity for unparalleled exposure.

How’s that? Buy a Startup Demo Package and showcase your genius to more than 1,000 of the most influential enterprise founders, investors, movers and shakers. This event features the enterprise software world’s heaviest hitters. People like SAP CEO Bill McDermott; Aaron Levie, Box co-founder, chairman and CEO; and George Brady, executive VP in charge of technology operations at Capital One.

Demo tables are reserved for startups with less than $3 million, cost $2,000 and include four tickets to the event. We have a limited number of demo tables available, so don’t wait to introduce your startup to this very targeted audience.

The entire day is a full-on deep dive into the big challenges, hot topics and potential promise facing enterprise companies today. Forget the hype. TechCrunch editors will interview founders and leaders — established and emerging — on topics ranging from intelligent marketing automation and the cloud to machine learning and AI. You’ll hear from VCs about where they’re directing their enterprise investments.

Speaking of investors and hot topics, Jocelyn Goldfein, a managing director at Zetta Venture Partners, will join TechCrunch editors and other panelists for a discussion about the growing role of AI in enterprise software.

Check out our growing (and amazing, if we do say so ourselves) roster of speakers.

Our early-bird pricing is still in play, which means tickets cost $249 and students pay only $75. Plus, for every TC Sessions: Enterprise ticket you buy, we’ll register you for a complimentary Expo Only pass to TechCrunch Disrupt SF on October 2-4.

TC Sessions: Enterprise takes place September 5 at San Francisco’s Yerba Buena Center for the Arts. Buy a Startup Demo Package, open the door to opportunity and place your early-stage enterprise startup directly in the path of influential enterprise software founders, investors and technologists.

Looking for sponsorship opportunities? Contact our TechCrunch team to learn about the benefits associated with sponsoring TC Sessions: Enterprise 2019.

Vulnerability Assessment, Penetration Testing, Redteaming…Oh My God!

A guest post by Florian Hansemann – @HanseSecure 

Vulnerability Assessment, Penetration Testing, Redteaming, oh my god...

More and more frequently the terms ‘Vulnerability Assessment’, ‘Penetration Testing’ and ‘Redteaming’ are misused or misinterpreted. Whether the reason for this wording lies with the sales teams of the corresponding service providers (Pentesting sounds more like CyberCyber than Vulnerability Assessment 😉 ) or elsewhere is irrelevant.

The important thing is that the company knows what is hidden behind the term and when it should be used. Therefore, this article will describe the various technical security audit possibilities and explain when each method should be used.

Vulnerability Assessment

Vulnerability Assessment (1)

Description
A vulnerability assessment uses mostly automated procedures and generic scanners to detect security vulnerabilities in systems. These can be, for example, pending patches, weak passwords or a misconfiguration. These scans should be done periodically as the result of a one-time scan may be irrelevant after the next patchday. In the end, there should be a process of vulnerability management which prioritizes and documents the detected problems accordingly.

Possible Findings

  1. Default Credentials [cisco:cisco]
  2. Missing Patches [CVE-2017-0144]
  3. Open Ports [databases]
  4. Missing Security Configurations [HTTP Security Header, SMB Signing, etc.]
  5. Weak Cryptography [SSH or TLS]

Goal
A vulnerability assessment should continuously identify as many vulnerabilities as possible in a short period of time in order to find and fix “simple” security vulnerabilities as quickly as possible.

Penetration Testing

Description
In contrast to vulnerability assessments with automated procedures, penetration testing is primarily using manual techniques to detect more complex vulnerabilities that could not be detected by scanners. These can be both logic errors in the implementation of some software, as well as problems in organizational regulations of a company.

In addition, the vulnerabilities in a penetration test are validated and exploited to achieve a predefined target. This goal may be acquiring domain administrator rights or accessing an email from a specific user of the company.

Possible Findings

  1. Cleartext Credentials on Client/ Server [excel sheet on client]
  2. Discovering unknown Vulnerabilities [CVE-2018-7272]
  3. SQL Injection [CVE-2019-7139]
  4. Deserialization [CVE-2017-9822]
  5. Local Privilege Escalation (through misconfiguration or vulnerable software) [CVE-2019-12042]
  6. Bypassing Security Measurements [Applocker, MS SmartScreen]
  7. Bad Asset Management [discovering forgotten/ unknown systems]

Goal
More complex vulnerabilities are sought which can not be found by automated scanners and the effectiveness of the security measures taken at the technical, organizational and personnel level is checked.

Redteaming

Description
These types of assessments use state-of-the-art attack and obfuscation techniques (such as MITRE ATT&CK) to penetrate a business and achieve a specific goal. At the same time, the “defense team”, the so-called BlueTeam, should detect the intrusion and react accordingly. For more information on this new type of assessment, I recommend this blog, which published a number of sources at the end of 2018 that provide additional information about redteaming.

Possible Findings

  1. Missing Logging on One or More Server/ Clients 
  2. Weak Log-Correlation
  3. Bad Detection Rate
  4. No Automated Notification

Goal
Of course, redteaming is also about uncovering vulnerabilities in all levels of the goal, but training the BlueTeam is clearly in focus.

Which Method is Right for Your Company?

This can not be answered on a flat-rate basis, as this depends on the security level of the company/target.

Security Level: Low to Medium

If security assessments have not yet been carried out, then only vulnerability scans should be used to determine how the security level basically looks and to raise this to a satisfactory level.

Security Level: High

After a company performs vulnerability scans and closes the detected gaps, penetration testing can be used to uncover more complex gaps.

Security Level: High to Very High

If the company already uses aspects such as SOC, SIEM and Blueteam in the company, then at this stage these elements should be trained and optimized through redteaming assessments.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Slack speeds up its web and desktop client

Slack is launching a major update to its web and desktop today that doesn’t introduce any new features or a new user interface. Instead, it’s almost a complete rebuild of the underlying technology that makes these two experiences work. Over the course of the last year or so, Slack worked on shifting the web and desktop clients (which essentially use the same codebase) to a modern stack and away from jQuery and other technologies it used when it first introduced these tools in 2012.

“We want people to be able to run Slack alongside anything else they’re using to get their job done and have that be easy, uncumbersome, delightful even. So we took a look at the environment we’re in,” Jaime DeLanghe, director of Product Management at Slack, told me. “I think the other thing to note is that the ecosystem for client-side development has just changed a lot in the past five years. There have been some major updates to JavaScript and new technologies like React and Redux to make it easier to build dynamic web applications. We also wanted to update our stack to fit in with the modern paradigm.”

02 Speed Slack desktop side by side

Over the course of the last few months, the team actually quietly rolled out a lot of the prep work for this move, though the full extent of the work is only going to become apparent once you update the client to the latest version, as it’s the new Electron app that will bring it all together.

Slack promises that this new version will use up to 50% less memory than before and that Slack will load 33% faster. Joining an incoming call will also be 10 times faster now.

A lot of these changes will be especially apparent to users who are part of multiple workspaces. That’s because, as DeLanghe stressed, the team designed the new architecture with the assumption that many users are now part of multiple workspaces. Those used to take up a lot of memory and CPU cycles when you switched between them, as each workspace used to get its own Electron process in the old app. 2019 07 21 1907

In the updated app, Slack went with React to build all of the UI components, and instead of waiting for all the data to load before displaying the UI, the new app now lazily loads data as it becomes available.

The result of this is an experience that also now allows you to at least read previously opened channels and conversations when you are offline.

04 Low connectivity Slack desktop side by side

What’s maybe even more important, though, is that Slack now has a modern client to build on, which should speed up feature development going forward. “I’m not going to over-promise,” DeLanghe said. “This removes one of the barriers that any company that’s scaling and building features at the same time has to think about. […] This makes that trade-off a little bit easier.”

The update will roll out to all users over the course of the next few weeks. That’s because this is a two-part change. You’ll need both the new desktop application and become eligible for the new version. Some of this is out of Slack’s hands, as your IT department may decide how it rolls out updates, for example.

03 Memory Slack desktop side by side

Serverless, Inc. expands free Framework to include monitoring and security

Serverless development has largely been a lonely pursuit until recently, but Serverless, Inc. has been offering a free framework for intrepid programmers since 2015. At first, that involved development, deployment and testing, but today the company announced it is expanding into monitoring and security to make it an end-to-end tool — and it’s available for free.

Serverless computing isn’t actually server-free, but it’s a form of computing that provides a way to use only the computing resources you need to carry out a given function — and no more. When the process is complete, the resources effectively go away. That has the potential to be more cost-effective than having a server that’s always on, regardless of whether you’re using it or not. That requires a new way of thinking about how developers write code.

While serverless offers a compelling value proposition, up until Serverless, Inc. came along with some developer tooling, early adherents were pretty much stuck building their own tooling to develop, deploy and test their programs. Today’s announcement expands the earlier free Serverless, Inc. Framework to provide a more complete set of serverless developer tools.

Company founder and CEO Austen Collins says that he has been thinking a lot about what developers need to develop and deploy serverless programs, and talking to customers. He says that they really craved a more integrated approach to serverless development than has been available until now.

“What we’re trying to do is build this perfectly integrated solution for developers and developer teams because we want to enable them to innovate as much as possible and be as autonomous as possible,” Collins told TechCrunch. He says at the same time, he recognizes that operations need to connect to other tools, and the Serverless Framework provides hooks into other systems, as well.

Screenshot 2019 07 22 09.27.24

The new tooling includes an integrated environment, so that once you deploy, you can simply click an error or security event and drill down to a dashboard for more information about the issue. You can click for further detail to see the exact spot in the code where the issue occurred, which should make it easier to resolve more quickly.

While no tool is 100% comprehensive, and most large organizations, and even individual developers, will have a set of tools they prefer to use, this is an attempt to build a one-stop solution for serverless developers for the first time. That in itself is significant, as serverless moves beyond early adopters and begins to become more of a mainstream kind of programming and deployment option. People starting now probably won’t want to cobble together their own toolkits, and the Serverless, Inc. Framerwork gives them a good starting point.

Serverless, Inc. was founded by Collins in 2015 out of a need for serverless computing tooling. He has raised more than $13.5 million since inception.

Announcing the agenda for TC Sessions: Enterprise | San Francisco, September 5

TechCrunch Sessions is back! On September 5, we’re taking on the ferociously competitive field of enterprise software, and thrilled to announce our packed agenda, overflowing with some of the biggest names and most exciting startups in the enterprise industry. And you’re in luck, because $249 early-bird tickets are still on sale — make sure you book yours so you can enjoy all the agenda has to offer.

Throughout the day, you can expect to hear from industry experts and partake in discussions about the potential of new technologies like quantum computing and AI, how to deal with the onslaught of security threats, investing in early-stage startups and plenty more

We’ll be joined by some of the biggest names and the smartest and most prescient people in the industry, including Bill McDermott at SAP, Scott Farquhar at Atlassian, Julie Larson-Green at Qualtrics, Wendy Nather at Duo Security, Aaron Levie at Box and Andrew Ng at Landing AI.

Our agenda showcases some of the powerhouses in the space, but also plenty of smaller teams that are building and debunking fundamental technologies in the industry. We still have a few tricks up our sleeves and will be adding some new names to the agenda over the next month, so keep your eyes open. In the meantime, check out these agenda highlights:

AGENDA

Investing with an Eye to the Future
Jason Green (Emergence Capital), Maha Ibrahim (Canaan Partners) and Rebecca Lynn (Canvas Ventures)
9:35 AM – 10:00 AM

In an ever-changing technological landscape, it’s not easy for VCs to know what’s coming next and how to place their bets. Yet, it’s the job of investors to peer around the corner and find the next big thing, whether that’s in AI, serverless, blockchain, edge computing or other emerging technologies. Our panel will look at the challenges of enterprise investing, what they look for in enterprise startups and how they decide where to put their money.


Talking Shop
Scott Farquhar (Atlassian)
10:00 AM – 10:20 AM

With tools like Jira, Bitbucket and Confluence, few companies influence how developers work as much as Atlassian. The company’s co-founder and co-CEO Scott Farquhar will join us to talk about growing his company, how it is bringing its tools to enterprises and what the future of software development in and for the enterprise will look like.


Q&A with Investors 
10:20 AM – 10:50 AM

Your chance to ask questions of some of the greatest investors in enterprise.


Innovation Break: Deliver Innovation to the Enterprise
DJ Paoni (
SAP), Sanjay Poonen (VMware) and Shruti Tournatory (Sapphire Ventures)
10:20 AM – 10:40 AM

For startups, the appeal of enterprise clients is not surprising — signing even one or two customers can make an entire business, and it can take just a few hundred to build a $1 billion unicorn company. But while corporate counterparts increasingly look to the startup community for partnership opportunities, making the jump to enterprise sales is far more complicated than scaling up the strategy startups already use to sell to SMBs or consumers. Hear from leaders who have experienced successes and pitfalls through the process as they address how startups can adapt their strategy with the needs of the enterprise in mind. Sponsored by SAP.


Coming Soon!
10:40 AM – 11:00 AM


Box’s Enterprise Journey
Aaron Levie (Box)
11:15 AM – 11:35 AM

Box started life as a consumer file-storage company and transformed early on into a successful enterprise SaaS company, focused on content management in the cloud. Levie will talk about what it’s like to travel the entire startup journey — and what the future holds for data platforms.


Bringing the Cloud to the Enterprise
George Brady (Capital One), Byron Deeter (Bessemer Venture Partners) and a speaker to be announced
11:35 AM – 12:00 PM

Cloud computing may now seem like the default, but that’s far from true for most enterprises, which often still have tons of legacy software that runs in their own data centers. What does it mean to be all-in on the cloud, which is what Capital One recently accomplished. We’ll talk about how companies can make the move to the cloud easier, what not to do and how to develop a cloud strategy with an eye to the future.


Keeping the Enterprise Secure
Martin Casado (Andreessen Horowitz), Wendy Nather (Duo Security) and a speaker to be announced
1:00 PM – 1:25 PM

Enterprises face a litany of threats from both inside and outside the firewall. Now more than ever, companies — especially startups — have to put security first. From preventing data from leaking to keeping bad actors out of your network, enterprises have it tough. How can you secure the enterprise without slowing growth? We’ll discuss the role of a modern CSO and how to move fast… without breaking things.


Keeping an Enterprise Behemoth on Course
Bill McDermott (SAP)

1:25 PM – 1:45 PM

With over $166 billion is market cap, Germany-based SAP is one of the most valuable tech companies in the world today. Bill McDermott took the leadership in 2014, becoming the first American to hold this position. Since then, he has quickly grown the company, in part thanks to a number of $1 billion-plus acquisitions. We’ll talk to him about his approach to these acquisitions, his strategy for growing the company in a quickly changing market and the state of enterprise software in general.


How Kubernetes Changed Everything
Brendan Burns (Microsoft), Tim Hockin (Google Cloud), Craig McLuckie (VMware)
and Aparna Sinha (Google)
1:45 PM – 2:15 PM

You can’t go to an enterprise conference and not talk about Kubernetes, the incredibly popular open-source container orchestration project that was incubated at Google. For this panel, we brought together three of the founding members of the Kubernetes team and the current director of product management for the project at Google to talk about the past, present and future of the project and how it has changed how enterprises think about moving to the cloud and developing software.


Innovation Break: Data: Who Owns It
(SAP)

2:15 PM – 2:35 PM

Enterprises have historically competed by being closed entities, keeping a closed architecture and innovating internally. When applying this closed approach to the hottest new commodity, data, it simply does not work anymore. But as enterprises, startups and public institutions open themselves up, how open is too open? Hear from leaders who explore data ownership and the questions that need to be answered before the data floodgates are opened. Sponsored by SAP.


AI Stakes its Place in the Enterprise
Bindu Reddy (Reality Engines), Jocelyn Goldfein (Zetta Venture Partners)
and a speaker to be announced
2:35 PM – 3:00 PM

AI is becoming table stakes for enterprise software as companies increasingly build AI into their tools to help process data faster or make more efficient use of resources. Our panel will talk about the growing role of AI in enterprise for companies big and small.


Q&A with Founders
3:00 PM – 3:30 PM

Your chance to ask questions of some of the greatest startup minds in enterprise technology.


The Trials and Tribulations of Experience Management
Julie Larson-Green (Qualtrics), Peter Reinhardt (Segment) and a speaker to be announced
3:15 PM – 3:40 PM

As companies gather more data about their customers, it should theoretically improve the customer experience, buy myriad challenges face companies as they try to pull together information from a variety of vendors across disparate systems, both in the cloud and on prem. How do you pull together a coherent picture of your customers, while respecting their privacy and overcoming the technical challenges? We’ll ask a team of experts to find out.


Innovation Break: Identifying Overhyped Technology Trends
James Allworth (
Cloudflare), George Mathew (Kespry) and Max Wessel (SAP)
3:40 PM – 4:00 PM

For innovation-focused businesses, deciding which technology trends are worth immediate investment, which trends are worth keeping on the radar and which are simply buzzworthy can be a challenging gray area to navigate and may ultimately make or break the future of a business. Hear from these innovation juggernauts as they provide their divergent perspectives on today’s hottest trends, including Blockchain, 5G, AI, VR and more. Sponsored by SAP.


Fireside Chat
Andrew Ng (Landing AI)
4:00 PM – 4:20 PM

Few technologists have been more central to the development of AI in the enterprise than Andrew Ng . With Landing AI and the backing of many top venture firms, Ng has the foundation to develop and launch the AI companies he thinks will be winners. We will talk about where Ng expects to see AI’s biggest impacts across the enterprise.


The Quantum Enterprise
Jim Clarke (Intel), Jay Gambetta (IBM)
and Krysta Svore (Microsoft)
4:20 PM – 4:45 PM

While we’re still a few years away from having quantum computers that will fulfill the full promise of this technology, many companies are already starting to experiment with what’s available today. We’ll talk about what startups and enterprises should know about quantum computing today to prepare for tomorrow.


Overcoming the Data Glut
Benoit Dageville (Snowflake), Ali Ghodsi (Databricks) and a speaker to be announced
4:45 PM – 5:10 PM

There is certainly no shortage of data in the enterprise these days. The question is how do you process it and put it in shape to understand it and make better decisions? Our panel will discuss the challenges of data management and visualization in a shifting technological landscape where the term “big data” doesn’t begin to do the growing volume justice.


Early-bird tickets are on sale now for just $249. That’s a $100 savings before prices go up — book yours today.

Students, save big with our super discounted $75 ticket when you book here.

Are you a startup? Book a demo table package for just $2,000 (includes 4 tickets) — book here.

Google Cloud makes it easier to set up continuous delivery with Spinnaker

Google Cloud today announced Spinnaker for Google Cloud Platform, a new solution that makes it easier to install and run the Spinnaker continuous delivery (CD) service on Google’s cloud.

Spinnaker was created inside Netflix and is now jointly developed by Netflix and Google. Netflix open-sourced it back in 2015 and over the course of the last few years, it became the open-source CD platform of choice for many enterprises. Today, companies like Adobe, Box, Cisco, Daimler, Samsung and others use it to speed up their development process.

With Spinnaker for Google Cloud Platform, which runs on the Google Kubernetes Engine, Google is making the install process for the service as easy as a few clicks. Once up and running, the Spinnaker install includes all of the core tools, as well as Deck, the user interface for the service. Users pay for the resources used by the Google Kubernetes Engine, as well as Cloud Memorystore for Redis, Google Cloud Load Balancing and potentially other resources they use in the Google Cloud.

could spinnker.max 1100x1100

The company has pre-configured Spinnaker for testing and deploying code on Google Kubernetes Engine, Compute Engine and App Engine, though it also will work with any other public or on-prem cloud. It’s also integrated with Cloud Build, Google’s recently launched continuous integration service, and features support for automatic backups and integrated auditing and monitoring with Google’s Stackdriver.

“We want to make sure that the solution is great both for developers and DevOps or SRE teams,” says Matt Duftler, tech lead for Google’s Spinnaker effort, in today’s announcement. “Developers want to get moving fast with the minimum of overhead. Platform teams can allow them to do that safely by encoding their recommended practice into Spinnaker, using Spinnaker for GCP to get up and running quickly and start onboard development teams.”

 

In spite of slowing growth, Microsoft has been flexing its cloud muscles

When Microsoft reported its FY19, Q4 earnings last week, the numbers were mostly positive, but as we pointed out, Azure earnings growth has stalled. Productivity and business, which includes Office 365, has also mostly flattened out. But slowing growth is not always as bad as it may seem. In fact, it’s an inevitability that once you start to reach Microsoft’s market maturity, it gets harder to maintain large growth numbers.

That said, AWS launched the first cloud infrastructure service, Amazon Elastic Compute Cloud in August, 2006. Microsoft came much later to the cloud, launching Azure in February, 2010, but so were other established companies in Microsoft’s market share rearview. What did it do differently to achieve this success that the companies chasing it — Google, IBM and Oracle — failed to do? It’s a key question.

Let’s look at some numbers

For starters, let’s look at the most numbers for Productivity & Business Processes this year. This category includes all of its commercial and consumer SaaS products including Office 365 commercial and consumer, Dynamics 365, LinkedIn and others. The percentage growth started FY19 at 19% but ended at 14%

Screenshot 2019 07 19 14.34.00

When you look at just Office365 commercial earnings growth, it started at 36% and dropped down to 31% by Q4.

TrustRadius, a customer-generated B2B software review platform, raises $12.5M

Customer reviews play a key role in helping people decide what to buy on consumer-focused marketplaces like Amazon or app stores, and the same tendency exists in the B2B world, where nearly half a trillion dollars is spent annually on software and IT purchases. TrustRadius, one of the startups capitalising on the latter trend with total feedback sessions today standing at close to 190,000 reviews, has now picked up a Series C of $12.5 million led by Next Coast Ventures with existing investors Mayfield Fund and LiveOak Ventures also participating.

The funding, which brings the total raised by TrustRadius to $25 million (modest compared to some of its competitors) will be used to build more partnerships and use cases for its reviews, as well as continue expanding that total number of users providing feedback.

In addition to its main site — which goes up against a huge number of other online software comparison services like TrustPilot, G2 Crowd, Owler, and many others — TrustRadius is already working with vendors like LogMeIn, Tibco and more (including a number of huge IT companies that have asked not to be named).

TrustRadius mainly works with them on two tracks: to source a wider range of reviews from their existing customer bases to improve their profiles on the site; and then to help them use those reviews in their own marketing materials. Partnerships like these form the core of TrustRadius’s business model: people posting reviews or using the site to read them access it for free.

Vinay Bhagat, founder and CEO of TrustRadius, believes that his company’s mission — to help IT decision makers vet software by tapping into feedback from other IT buyers — has found particular relevance in the current market.

“I think that gravity is on our side,” he said in an interview. “If you think about how the tech industry is evolving and getting things done, IT decisions are getting decentralized and moving out of the CIO’s office. Millennials are ageing into positions of authority, and it means that the way people had previously bought software — by way of salespeople or on the basis of analyst reports — are changing. There is pent-up demand to hear the roar of peers and that’s where we come in.”

User-generated reviews have come under a lot of criticism in recent times. Regulators have been going after companies for not being vigilant enough about policing their platforms for “fake” reviews, either planted to big up a product, or by rivals to knock it down, or coming from people who are being paid to put in a good word. The argument has been that the marketplaces hosting those reviews are still bringing in eyeballs and product conversions based on that feedback, so they are less concerned with the corruption even if it longer term can likely sour consumers on the trustworthiness of the whole platform.

That belief is not wholly true, of course: Amazon for one has recently been making a huge effort to improve trust, by going after dodgy reviewers and setting up systems to halt the trafficking of counterfeit goods.

And Bhagat argued to me that it doesn’t hold for TrustRadius, either. The company has a focused enough mandate — B2B software purchasing — within a crowded enough field, that losing trust by posting blindly positive reviews would get it nowhere fast.

At the same time, he noted that the company has held a firm line with its customers on making sure that the “truth” about a product is made clear even if it’s not completely rosy, in the hopes that they can use that to work on improvements, and also provide more balanced feed back at the least from existing customers in order to give a more complete picture. (It also, like other reviews sites, makes people who provide feedback do so using professional credentials like work emails and LinkedIn profiles.)

That line has so far carried it into relationships with a number of software companies, which are using reviews as a complement to their own sales teams, and the papers and analysis published by analysts like Gartner and Ovum and Forester, to reach people who are weighing up different options for their IT solutions.

“TrustRadius has become an integral part of today’s economic cycle”, said Bill Wagner, CEO of LogMeIn, in a statement. “Software buyers today need detailed reviews to make sure that the product works for a business professional like themselves. TrustRadius provides that in a transparent way, so buyers can make confident decisions, even about enterprise-grade software.”

The recent swing in the digital world towards data protection and people getting increasingly aware of how their own personal details are used in ways they never intended, has presented an interesting challenge for the world of online services. Most of us don’t like getting marketing and will generally opt out of any “yes, I consent to getting updates from XYZ and its partners!” boxes — if we happen to spot them amid the dark patterning of the net.

TrustRadius and companies like it have an opportunity through that, though: by targeting IT buyers who have to make complicated purchasing decisions and most likely more than one, and in a way that ensures each purchase works with the rest of an existing tech stack, they represent one of the rare cases of where a user might actually want to hear more.

Indeed, one of the company’s plans longer term is to continue developing how it can work with its users through that IT lifecycle by providing suggestions of software based on previous software purchases and also what that user’s feedback has been around a past purchase.

“From day one we have been deal with complex purchasing decisions,” Bhagat said. “Buying technology that will be used to run your business is not the same as buying an app that you use casually. It can be make or break for your company.”

What You Should Know About the Equifax Data Breach Settlement

Big-three credit bureau Equifax has reportedly agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let intruders steal personal and financial data on roughly 148 million Americans. Here’s a brief primer that attempts to break down what this settlement means for you, and what it says about the value of your identity.

 

Q: What happened?

A: If the terms of the settlement are approved by a court, the Federal Trade Commission says Equifax will be required to spend up to $425 million helping consumers who can demonstrate they were financially harmed by the breach. The company also will provide up to 10 years of free credit monitoring to those who had their data exposed.

Q: What about the rest of the money in the settlement?

A: An as-yet undisclosed amount will go to pay lawyers fees for the plaintiffs.

Q: $650 million seems like a lot. Is that some kind of record?

A: If not, it’s pretty close. The New York Times reported earlier today that it was thought to be the largest settlement ever paid by a company over a data breach, but that statement doesn’t appear anywhere in their current story.

Q: Hang on…148 million affected consumers…out of that $425 million pot that comes to just $2.87 per victim, right?

A: That’s one way of looking at it. But as always, the devil is in the details. You won’t see a penny or any other benefit unless you do something about it, and how much you end up costing the company (within certain limits) is up to you.

The Times reports that the proposed settlement assumes that only around seven million people will sign up for their credit monitoring offers. “If more do, Equifax’s costs for providing it could rise meaningfully,” the story observes.

Q: Okay. What can I do?

A: You can visit www.equifaxbreachsettlement.com, although none of this will be official or on offer until a court approves the settlement.

Q: Uh, that doesn’t look like Equifax’s site…

A: Good eyes! It’s not. It’s run by a third party. But we should probably just be grateful for that; given Equifax’s total dumpster fire of a public response to the breach, the company has shown itself incapable of operating (let alone securing) a properly functioning Web site.

Q: What can I get out of this?

A: In a nutshell, affected consumers are eligible to apply for one or more remedies, including:

Free credit monitoring: At least three years of credit monitoring via all three major bureaus simultaneously, including Equifax, Experian and Trans Union. The settlement also envisions up to six more years of single bureau monitoring through Experian. Or, if you don’t want to take advantage of the credit monitoring offers, you can opt instead for a $125 cash payment. You can’t get both.

Reimbursement: …For the time you spent remedying identity theft or misuse of your personal information caused by the breach, or purchasing credit monitoring or credit reports. This is capped at 20 total hours at $25 per hour ($500). Total cash reimbursement payment will not exceed $20,000 per consumer.

Help with ongoing identity theft issues: Up to seven years of “free assisted identity restoration services.” Again, the existing breach settlement page is light on specifics there.

Q: Does this cover my kids/dependents, too?

A: The FTC says if you were a minor in May 2017 (when Equifax first learned of the breach), you are eligible for a total of 18 years of free credit monitoring.

Q: How do I take advantage of any of these?

A: You can’t yet. The settlement has to be approved first. The settlement Web site says to check back again later. In addition to checking the breach settlement site periodically, consumers can sign up with the FTC to receive email updates about this settlement.

The settlement site said consumers also can call 1-833-759-2982 for more information. Press #2 on your phone’s keypad if you want to skip the 1-minute preamble and get straight into the queue to speak with a real person.

KrebsOnSecurity dialed in to ask for more details on the “free assisted identity restoration services,” and the person who took my call said they’d need to have some basic information about me in order to proceed. He said they needed my name, address and phone number to proceed. I gave him a number and a name, and after checking with someone he came back and said the restoration services would be offered by Equifax, but confirmed that affected consumers would still have to apply for it.

He added that the Equifaxbreachsettlement.com site will soon include a feature that lets visitors check to see if they’re eligible, but also confirmed that just checking eligibility won’t entitle one to any of the above benefits: Consumers will still need to file a claim through the site (when it’s available to do so).

ANALYSIS

We’ll see how this unfolds, but I’ll be amazed if anything related to taking advantage of this settlement is painless. I still can’t even get a free copy of my credit report from Equifax, as I’m entitled to under the law for free each year. I’ve even requested a copy by mail, according to their instructions. So far nothing.

But let’s say for the sake of argument that our questioner is basically right — that this settlement breaks down to about $3 worth of flesh extracted from Equifax for each affected person. The thing is, this figure probably is less than what Equifax makes selling your credit history to potential creditors each year.

In a 2017 story about the Equifax breach, I quoted financial fraud expert Avivah Litan saying the credit bureaus make about $1 every time they sell your credit file to a potential creditor (or identity thief posing as you). According to recent stats from the New York Federal Reserve, there were around 145 million hard credit pulls in the fourth quarter of 2018 (it’s not known how many of those were legitimate or desired).

But there is something you can do to stop the Equifax and the other bureaus from profiting this way: Freeze your credit files with them.

A security freeze essentially blocks any potential creditors from being able to view or “pull” your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you. And it’s now free for all Americans.

This post explains in detail what’s involved in freezing your files; how to place, thaw or remove a freeze; the limitations of a freeze and potential side effects; and alternatives to freezes.

What’s wrong with just using credit monitoring, you might ask? These services do not prevent thieves from using your identity to open new lines of credit, and from damaging your good name for years to come in the process. The most you can hope for is that credit monitoring services will alert you soon after an ID thief does steal your identity.

If past experience is any teacher, anyone with a freeze on their credit file will need to briefly thaw their file at Equifax before successfully signing up for the service when it’s offered. Since a law mandating free freezes across the land went into effect, all three bureaus have made it significantly easier to place and lift security freezes.

Probably too easy, in fact. Especially for people who had freezes in place before Equifax revamped its freeze portal. Those folks were issued a numeric PIN to lift, thaw or remove a freeze, but Equifax no longer lets those users do any of those things online with just the PIN.

These days, that PIN doesn’t play a role in any freeze or thaw process. To create an account at the MyEquifax portal, one need only supply name, address, Social Security number, date of birth, any phone number  (all data points exposed in the Equifax breach, and in any case widely available for sale in the cybercrime underground) and answer 4 multiple-guess questions whose answers are often available in public records or on social media.

And so this is yet another reason why you should freeze your credit: If you don’t sign up as you at MyEquifax, someone else might do it for you.

What else can you do in the meantime? Be wary of any phone calls or emails you didn’t sign up for that invoke this data breach settlement and ask you to provide personal and/or financial information.

And if you haven’t done so lately, go get a free copy of your credit report from annualcreditreport.com; by law all Americans are entitled to a free report from each of the major bureaus annually. You can opt for one report, or all three at once. Either way, make sure to read the report(s) closely and dispute anything that looks amiss.

It has long been my opinion that the big three bureaus are massively stifling innovation and offering consumers so little choice or say in the bargain that’s being made on the backs of their hard work, integrity and honesty. The real question is, if someone or something eventually serves to dis-intermediate the big three and throw the doors wide open to competition, what would the net effect for consumers?

Obviously, there is no way to know for sure, but a company that truly offered to pay consumers anywhere near what their data is actually worth would probably wipe these digital dinosaurs from the face of the earth.

That is, if the banks could get on board. After all, the banks and their various fingers are what drive the credit industry. And these giants don’t move very nimbly. They’re massively hard to turn on the simplest changes. And they’re not known for quickly warming to an entirely new model of doing business (i.e. huge cost investments).

My hometown Sen. Mark Warner (D-Va.) seems to suggest the $650 million settlement was about half what it should be.

“Americans don’t choose to have companies like Equifax collecting their data – by the nature of their business models, credit bureaus collect your personal information whether you want them to or not. In light of that, the penalties for failing to secure that data should be appropriately steep. While I’m happy to see that customers who have been harmed as a result of Equifax’s shoddy cybersecurity practices will see some compensation, we need structural reforms and increased oversight of credit reporting agencies in order to make sure that this never happens again.”

Sen. Warner sponsored a bill along with Sen. Elizabeth Warren (D-Ma.) called “The Data Breach Prevention and Compensation Act,” which calls for “robust compensation to consumers for stolen data; mandatory penalties on credit reporting agencies (CRAs) for data breaches; and giving the FTC more direct supervisory authority over data security at CRAs.

“Had the bill been in effect prior to the 2017 Equifax breach, the company would have had to pay at least $1.5 billion for their failure to protect Americans’ personal information,” Warner’s statement concludes.

Update, 4:44 pm: Added statement from Sen. Warner.