Russia will get hit hardest in cyberwar over Ukraine, expert says

Join today’s leading executives online at the Data Summit on March 9th. Register here.

As substantial as the cyberattack capabilities of Russia’s affiliated hacker groups might be, the worldwide cyber effort to oppose Vladimir Putin’s unprovoked aggression against Ukraine will likely prove to be greater, a former U.S. Cyber Command official told VentureBeat.

Anonymous is the most visible group to pledge a cyber offensive against Russia on behalf of Ukraine, but some of the most sophisticated hacker groups are known to avoid attention as much as possible. Research published earlier this week by a Chinese security firm indicates that a U.S.-affiliated organization, referred to as the Equation Group, is in fact “the world’s leading cyber-attack group” — whose attack capability, paired with zero-day vulnerabilities, is essentially “unstoppable.”

The cyber battlefield

Meanwhile, in Ukraine itself, a Bloomberg report today said that a hacker group that is now forming to bring counterattacks against Russia has amassed 500 members. And beyond Ukraine, “there are probably 100X that number of hacktivists around the world working against Russia because they are the aggressor,” said Christian Sorensen, former operational planning team lead for the U.S. Cyber Command, in an email to VentureBeat.

Thus, while Russian ransomware gang Conti, the Belarus-based group known as UNC1151 and several other hacker groups may have pledged to assist Russia with its aggression against Ukraine, the cyber forces on Ukraine’s side will likely turn out to have the upper hand, Sorensen said. (And there’s reason to suspect that even some of Conti’s own affiliates aren’t actually willing to support the Russian government in this situation.)

Looking ahead, “I think things will ramp up against western targets,” Sorensen said. “But Russia and Belarus will be targeted by these groups even more.”

‘Unprecedented’ situation

It’s hard to predict exactly how things might develop, given that this is uncharted territory, however.

“It will be unprecedented,” said Marcus Fowler, senior vice president for strategic engagements and threats at Darktrace. “We have not seen a conflict on this scale with such sophisticated offensive cyber capabilities on both sides.”

This week, prior to Russia’s invasion of Ukraine, Chinese cybersecurity firm Pangu Lab posted research on the hacker group known as Equation Group — a name given to the group by Russian cybersecurity firm Kaspersky Lab in 2015.

The research concerns a backdoor, known as Bvp47, and Pangu contends that its findings suggest that a previous claim about the group — that it is affiliated with the NSA — is correct. (The NSA has never commented on the claim.)

Though the backdoor is nearly a decade old, initially discovered in 2013, the Pangu said it is “top-tier” — and evidence that the Equation Group is the “leading” cyberattack group.

“Its network attack capability equipped by 0day vulnerabilities was unstoppable, and its data acquisition under covert control was with little effort,” Pangu Labs wrote in the research. “The Equation Group is in a dominant position in national-level cyberspace confrontation.”

All of which is consistent with Kaspersky’s assessment of the Equation Group in 2015, when the company’s research team wrote that the Equation Group “surpasses anything known in terms of complexity and sophistication of techniques” — and a Kaspersky researcher told Ars Technica that the group is “second to none” in terms of skills and abilities.

Sorensen, who is now founder and CEO of cybersecurity firm SightGain, said the Pangu research on Equation Group is a “very interesting report, with extraordinary timing” in terms of its publication in the midst of the events this week.

And notably, in the report, “the research pointed out a common thread from 10 years ago that also existed in Equation Group report,” Sorensen said. “If that technical detail is still being used, it could slow down or impact operations of people using those tools. Further, it suggests that commonality between toolsets will be a tipoff for initial attribution — and then sometimes watched, and not reported, for 10 or more years.”

All in all, with the events of recent days, “we are seeing very clear signs of escalated cyber tensions,” said Stan Golubchik, founder and CEO of cybersecurity firm ContraForce. “We are seeing cyber fully emerge as the fifth domain of war.”

Making an impact

Ultimately, while it’s not clear how much can be accomplished by anti-Russian cyber forces, there is now the potential for people all around the world to actively participate in trying to thwart a military offensive, Sorensen said.

“This is the new nature of cyberwar,” he said.

“Whether sanctioned or not, official or not, if people have or can get the right information, know-how, and desire — they can make an impact,” Sorensen said. “We’ll have to wait and see what they are able to do.”

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More

You can’t stop the ‘next SolarWinds’ — but you can slow it down

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

It’s one of the biggest questions in cybersecurity of 2021, and it’s sure to remain on the minds of countless businesses into the next year, too: How do you prevent a software supply chain attack?

Such attacks have soared by 650% since mid-2020, due in large part to infiltration of open source software, according to a recent study by Sonatype.

But an even bigger driver of the question, of course, has been the unprecedented attack on SolarWinds and customers of its Orion network monitoring platform. In the attack, threat actors compromised the platform with malicious code that was then distributed as an update to thousands of customers, including numerous federal agencies.

Addressing supply chain attacks

The one-year anniversary of the attack’s discovery is on Monday, but the answer for how to stop the “next SolarWinds” attack doesn’t seem much clearer now than it did in the wake of the breach.

Perhaps because it’s the wrong question.

Peter Firstbrook, a research vice president and analyst at Gartner, has experience trying to answer this question because he’s been asked it a lot. However, in terms of preventing the impacts from a software supply chain attack, “the reality is, you can’t,” he said last month during Gartner’s Security & Risk Management Summit — Americas virtual conference.

While companies should perform their due diligence about what software to use, the chances of spotting a malicious implant in another vendor’s software are “extremely low,” Firstbrook said.

But that doesn’t mean there’s nothing to be done.

Zero-trust segmentation

While technology that offers guaranteed protection against the impacts of software supply chain breaches may never exist, solutions for zero-trust segmentation may be the next best thing, said James Turgal, a vice president at cybersecurity consulting firm Optiv.

Prior to Optiv, Turgal spent 22 years serving in the FBI, including as executive assistant director for the bureau’s Information and Technology Branch. There, he saw first-hand the types of cyber strategies that are most effective at disrupting attackers.

One of the biggest takeaways, Turgal said, is that the more difficult you can make it for attackers to transit through environments, the safer you’ll be. “I’ve interviewed these guys. Most of them are lazy as hell,” he said. “Making it more difficult for them to move across networks is really helpful.”

That’s where zero-trust segmentation comes in. The idea is to divide a company’s cloud and datacenter environments into different segments — all the way down to the level of workload — which can each be locked down with their own security controls. For a business, segmenting their architecture in this way — while also using zero-trust authentication that repeatedly verifies a user’s identity — can make it “more difficult for the bad guys to move through networks and move laterally,” Turgal said.

Reducing the blast radius

One fast-growing vendor that is entirely focused on solutions for zero-trust segmentation is Illumio, which achieved a $2.75 billion valuation in June in connection with its $225 million series F funding round.

Founded in 2013, Illumio offers segmentation solutions for both datacenter and cloud environments, with the addition of its cloud-native solution in October. The Sunnyvale, California-based company expects to reach “well north” of $100 million in annual recurring revenue this year, according to Illumio cofounder and CEO Andrew Rubin.

When it comes to segmentation, Illumio’s solutions were in fact successfully used by customers that were impacted by the SolarWinds compromise to protect against further damage from the attackers, Rubin said.

During the attack campaign, “we had customers that were running that [SolarWinds] infrastructure and used us to segment that problem off from the rest of their environment,” Rubin said in an interview with VentureBeat. “I can tell you that segmentation was an effective security control for reducing the blast radius of that problem.”

What Illumio offers with zero-trust segmentation is actually very similar in principle to the approach that’s been taken to slow the spread of COVID-19, he noted. “The fact is that if we can stop it from spreading, that is an unbelievably effective way to control the damage,” Rubin said. “We knew we couldn’t prevent the initial problem, because we already missed that. But we knew that we did have the ability to change how quickly and how pervasively it spread.”

In many ways, he said, the cybersecurity industry “is now appreciating the value of that storyline by saying, ‘We’re going to stop a lot of things — but we can’t stop everything. So let’s try and do a really good job of controlling the blast radius when they occur.’”


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Second ransomware family exploiting Log4j spotted in U.S., Europe

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

Researchers say a second family of ransomware has been growing in usage for attack attempts that exploit the critical vulnerability in Apache Log4j, including in the U.S. and Europe.

A number of researchers, including at cybersecurity giant Sophos, have now said they’ve observed the attempted deployment of a ransomware family known as TellYouThePass. Researchers have described TellYouThePass as an older and largely inactive ransomware family — which has been revived following the discovery of the vulnerability in the widely used Log4j logging software.

TellYouThePass is the second family of ransomware that’s been observed to exploit the vulnerability in Log4j, known as Log4Shell, joining the Khonsari ransomware, according to researchers.

Beyond China

While previous reports indicated that TellYouThePass was mainly being directed against targets in China,  researchers at Sophos told VentureBeat that they’ve observed the attempted delivery of TellYouThePass ransomware both inside and outside of China — including in the U.S. and Europe.

“Systems in China were targeted, as well as some hosted in Amazon and Google cloud services in the U.S. and at several sites in Europe,” said Sean Gallagher, a senior threat researcher at Sophos Labs, in an email to VentureBeat on Tuesday.

Sophos detected attempts to deliver TellYouThePass payloads by utilizing the Log4j vulnerability on December 17 and December 18, Gallagher said.

TellYouThePass has versions that run on either Linux or Windows, “and has a history of exploiting high-profile vulnerabilities like EternalBlue,” said Andrew Brandt, a threat researcher at Sophos, in an email.

The Linux version is capable of stealing Secure Socket Shell (SSH) keys and can perform lateral movement, Brandt said. Sophos initially disclosed its detection of TellYouThePass ransomware in a December 20 blog post.

Growing usage

The first report of TellYouThePass ransomware exploiting the Log4j vulnerability appears to have come from the head of Chinese cybersecurity group KnownSec 404 Team on December 12. The attempted deployment of TellYouThePass in conjunction with Log4Shell was subsequently confirmed by additional researchers, according to researcher community Curated Intelligence.

In a blog post Tuesday, Curated Intelligence said its members can now confirm that TellYouThePass has been seen exploiting the vulnerability “in the wild to target both Windows and Linux systems.”

The TellYouThePass ransomware is “capable of lateral movement through the theft of SSH credentials and OS credential dumping to propagate to other systems it can authenticate with on the local network,” Curated Intelligence said in the post.

Additionally, researchers at cyber firm Uptycs told VentureBeat that a family of Linux ransomware they had previously reported discovering is from the TellYouThePass family. The ransomware, which the company discussed in a post December 20, was observed to encrypt files with the extension “.locked,” which has been associated with numerous ransomware varieties in the past including TellYouThePass.

Ransomware, old and new

TellYouThePass had most recently been observed in July 2020, Curated Intelligence said. It joins Khonsari, a new family of ransomware identified in connection with exploits of the Log4j vulnerability.

First disclosed by Bitdefender, Khonsari exclusively targets Windows systems and has been confirmed by cybersecurity firms including Microsoft. In its post Monday, Sophos said it has observed and blocked a delivery vehicle for Khonsari, prior to deployment of the ransomware. Researchers have not reported that Khonsari includes a way for a ransom payment to be made, suggesting that it’s “effectively a wiper” used to delete hard drive data, Emsisoft threat analyst Brett Callow said on Twitter.

Still, the detection of the two ransomware families “shows that some ransomware operators are moving forward with Log4j as part of their deployment scheme,” Gallagher told VentureBeat.

In addition to ransomware operators, the vulnerability in the open source logging library has been exploited by brokers looking to sell their access to ransomware affiliates, according to researchers.

Ransomware attempts utilizing the Log4j vulnerability are far from widespread at this point, however. Researchers at Cisco Talos, for instance, have not observed any activity resulting in ransomware being deployed thus far, threat researcher Chris Neal told VentureBeat.

“After initial access, these attackers will commonly choose to gain persistence, and then minimize their footprint to prevent detection and perform reconnaissance,” Neal said in an email. “This type of behavior may account for the lack of ransomware campaigns utilizing this exploit being observed.”

Notably, Talos researchers have seen Log4j exploit attempts that led to connections back to previously known malicious Cobalt Strike servers — a common tactic both for ransomware operators and some state-sponsored actors, he said. Cobalt Strike is a popular tool used for malicious hacking, enabling activities such as remote reconnaissance and lateral movement.

Shifting from crypto mining

Even before the discovery of the widespread and trivial-to-exploit vulnerability in Log4j, Veeam chief technology officer Danny Allan expected that 2022 would see a greater shift from cryptocurrency mining to ransomware as the predominant activity for malicious actors.

Ransomware attacks, which by some estimates surged by 148% during the first three quarters of 2021, just offer “a much faster path to ROI for the threat actor” than crypto mining, Allan told VentureBeat.

And if that shift was likely even prior to the disclosure of Log4Shell, it’s definitely true now, he said. Allan expects that exploits for Log4j will be pre-built into “ransomware-as-a-service” packages, which threat actors are able to acquire in order to make it easier to carry out attacks.

Researchers say a significant amount of the Log4j exploitation activity so far has involved mining operations for cryptocurrencies such as Bitcoin. But that also doesn’t preclude the possibility of ransomware operators later using the crypto miners’ initial access to launch an attack.

“Some of these small things, like a crypto miner, can end up just being that first stage of attack,” said Roger Koehler, vice president of threat ops at Huntress. “Because they can go and sell that access on the black market. And somebody bigger and badder may buy that and do something more detrimental, like a ransomware attack.”

Ultimately, “those crypto miners can seem small, but that can escalate to something bigger,” Koehler told VentureBeat.

Access brokers

Along with attempted delivery of TellYouThePass and Khonsari, researchers at security firms including Microsoft and Sophos have seen activities by suspected “access brokers.” These threat actors work to establish a backdoor in corporate networks that can later be sold to ransomware operators. Log4j exploits by ransomware gang Conti have been observed, as well.

Microsoft and cyber firm Mandiant also said last week that they’ve observed activity from nation-state groups — tied to countries including China and Iran — seeking to exploit the Log4j vulnerability. Microsoft said that an Iranian group known as Phosphorus, which has previously deployed ransomware, has been seen “acquiring and making modifications of the Log4j exploit.”

At the time of this writing, there has been no public disclosure of a successful ransomware breach that exploited the vulnerability in Log4j.

Security firm Check Point reported Monday it has now observed attempted exploits of vulnerabilities in the Log4j logging library on more than 48% of corporate networks worldwide, up from 44% last Tuesday.

Widespread vulnerability

Many applications and services written in Java are potentially vulnerable due to the flaws in Log4j prior to version 2.17, which was released last Friday. The flaws can enable remote execution of code by unauthenticated users.

Version 2.17 of Log4j is the third patch for vulnerabilities in the software since the initial discovery of a remote code execution (RCE) vulnerability on December 9.

Along with enterprise products from major vendors including Cisco, VMware, and Red Hat, the vulnerabilities in Log4j affect many cloud services. Research from Wiz provided to VentureBeat suggests that 93% of all cloud environments were at risk from the vulnerabilities, though an estimated 45% of vulnerable cloud resources have been patched at this point.

Looking ahead, there’s an “extremely high” likelihood of ransomware attacks deriving from the vulnerability in the coming weeks and months, Wiz cofounder and CEO Assaf Rappaport told VentureBeat. “It’s only a matter of time, if it hasn’t started already,” he said.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

‘Vaccine’ against Log4Shell vulnerability has potential—and limitations

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

A “vaccine” against the Log4Shell vulnerability appears to offer a way to reduce risk from the widespread flaw affecting servers that run Apache Log4j. The script was developed by researchers at security vendor Cybereason and released for free on Friday evening, following the disclosure of the critical zero-day vulnerability late on Thursday.

The Log4Shell vulnerability affects Apache Log4j, an open source Java logging library deployed broadly in cloud services and enterprise software. The flaw is considered highly dangerous since it can enable remote code execution (RCE) — in which an attacker can remotely access and control devices — and is seen as fairly easy to exploit, as well. Log4Shell is “probably the most significant [vulnerability] in a decade” and may end up being the “most significant ever,” Tenable CEO Amit Yoran said Saturday on Twitter.

Widespread vulnerability

According to W3Techs, an estimated 31.5% of all websites run on Apache servers. The list of companies with vulnerable infrastructure reportedly includes Apple, Amazon, Twitter, and Cloudflare. Vendors including Cisco, VMware, and Red Hat have issued advisories about potentially vulnerable products.

“This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use,” said Jen Easterly, director of the federal Cybersecurity and Infrastructure Security Agency (CISA), in a statement posted Saturday.

The vulnerability has impacted version 2.0 through version 2.14.1 of Apache Log4j, and organizations are advised to update to version 2.15.0 as quickly as possible.

Buying some time

But patching can be a time-consuming process. To supplement patching efforts, Cybereason says its tool — which it calls “Logout4Shell” — has the potential to “immunize” vulnerable servers, providing protection against attacker exploits that target the flaw.

While updating to the latest version of Log4j is no doubt the best solution, patching is often complex, requiring a release cycle and testing cycle, said Yonatan Striem-Amit, cofounder and chief technology officer at Cybereason. “A lot of companies find it difficult to go and deploy emergency patches,” he said in an interview with VentureBeat.

The Logout4Shell “vaccine” essentially buys some time for security teams as they work to roll out patches, Striem-Amit said. The fix disables the vulnerability and allows organizations to stay protected while they update their servers, he said.

Cybereason has described the fix as a “vaccine” because it works by leveraging the Log4Shell vulnerability itself. “The fix uses the vulnerability itself to set the flag that turns it off,” Striem-Amit wrote in a blog post. “Because the vulnerability is so easy to exploit and so ubiquitous — it’s one of the very few ways to close it in certain scenarios.”

Additionally, the Cybereason fix is “relatively simple” because only basic Java skills are required to implement it, he wrote.

Potential to help

With the Logout4Shell tool, security teams can “take a server that you suspect is vulnerable, and feed the string into places that you think are potentially vulnerable. If your application is not vulnerable at all, nothing happens,” Striem-Amit told VentureBeat.

“However, if your server is vulnerable to this attack, the exploit will get triggered, which will download the code that we supply,” he said. “And what that source code does is go into the configuration and disable the vulnerable components. So the server continues running, none the wiser — but any future attempt to exploit this vulnerability now won’t do anything. The vulnerable component is now disabled, and you’re done.”

Casey Ellis, founder and chief technology officer at bug bounty platform Bugcrowd, told VentureBeat that the Cybereason fix appears to be effective and has the potential to assist security teams.

Ellis said that due to the complexity of regression testing Log4j, “I’ve already heard from a number of organizations that are pursuing the workarounds contained in the Cybereason tool as their primary approach.”

“It remains to be seen whether many enterprises choose to exploit the vulnerability itself in order to achieve this,” he said. “But I would expect at least some to use the tool selectively and situationally.”


There are some limitations for the Cybereason fix, however.

For one thing, the mitigation does not work prior to version 2.10 of Log4j. The exploit also must “fire properly” in order to be effective, Ellis said. “And even when it does run properly, it still leaves the vulnerable code in place,” he said.

Still, “this strikes me as a very clever ‘option of last resort,’” Ellis said. “Many organizations are currently struggling to inventory where Log4j exists in their environment, and updating a component like this necessitates a dependency analysis in order to avoid breaking a system in the pursuit of fixing a vulnerability.”

All of this “adds up to a lot of work. And having a ‘fire and forget’ tool to clean up anything that may have been missed at the end of it all seems like a scenario that many organizations will find themselves in, in the coming weeks,” he said.

Ultimately, Ellis said he sees the Cybereason fix as a supplementary tool rather than a cure-all.

“It’s a workaround with a number of limitations,” he said. “[But] it has intriguing potential as a tool in the toolbox as organizations reduce Log4j risk. And if it makes sense for them to use it, one of the primary reasons will be speed to risk reduction.”

Positive feedback

Striem-Amit told VentureBeat that he’s seen a large amount of positive feedback about Logout4Shell, on Twitter and other websites, but said that Cybereason is not tracking usage of it.

The company — which says that none of its own products are affected by the Log4Shell vulnerability — also plans to develop a version of the Logout4Shell tool that can support earlier versions of Log4j, so that all servers can be protected using this method, he said.

Importantly, no one should see the tool as a “permanent” solution to addressing the Log4Shell vulnerability, according to Striem-Amit.

“The idea isn’t that this is a long-term fix solution,” he said. “The idea is, you buy yourself time to now go and apply the best practices — patch your software, deploy a new version, and all the other things required for good IT hygiene.”


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Report: Cybersecurity recruitment, training misses the mark

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

As the massive shortage of security talent and skills continues, sub-par recruitment processes and outdated training for cybersecurity professionals are exacerbating the problem, according to a new survey. If hiring and training processes are adjusted, however, retention of workers and the availability of crucial cyber skills can both be improved, said Adi Dar, founder and CEO of security skills development platform provider Cyberbit, which conducted the survey.

In the U.S. alone, job tracker Cyber Seek estimates that there are currently about 460,000 openings in cybersecurity — and these positions take an average of 21% longer to fill than other IT roles.

The SOC Skills Survey from Cyberbit gathered responses from 100 cybersecurity professionals, in 17 countries, from organizations with a security operations center (SOC) team larger than five and an IT budget of more than $20 million.

Training shortcomings

The survey found that on-the-job training is the main technique used to get SOC team members up to speed, with 41% of respondents saying that was how they were taught. The main training technique for 26% of respondents was courses, while simulation-based training — such as cyber labs, cyber ranges, or red vs. blue training — is used by just 22%, according to the survey.

In the high-stakes realm of cybersecurity, “on-the-job training is really not the way to go,” Dar said. “On-the-job training means that the first time you see ransomware is when it hits you.” The Ra’anana, Israel-based company offers a cyber range that simulates attacks and cyber labs tools that help develop hands-on security skills.

Many cybersecurity professionals also reported that they don’t feel prepared for key aspects of incident response. In the area of intrusion detection, only 45% of respondents said they felt their team was adequately skilled, while in network monitoring, only 42% reported feeling their team was prepared.

Recruitment woes

Recruitment of security professionals is another weak spot, according to the survey. Just 33% of respondent reported that human resources recruiters for their company usually or always understand the requirements for working on a cybersecurity team. Additionally, 70% of respondents said that cybersecurity candidates are being assessed in the same way as other workers — through interviews — rather than using available tools to assess their practical skills.

“HR is following the traditional way of hiring,” Dar said. “But what the industry needs is to hire people based on their hands-on experience. You need to assess people based on their capabilities.”

Taking these issues together, many hires of cybersecurity workers end up being mis-hires, leading to low retainment and more open jobs, he said.

Ultimately, Dar said, “we must change the balance between the continuous investment in technologies and tools and the almost non-existent budgets that are invested in the cyber teams.”


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member