Good Contents Are Everywhere, But Here, We Deliver The Best of The Best.Please Hold on!
Your address will show here +12 34 56 78

Blue Cedar Enforce Launches on the Microsoft Azure Cloud Platform; Available through the VAR Channel

SAN FRANCISCO, Dec. 13, 2017 – Blue Cedar today introduced Enforce, a mobile app security solution that is tailor-made for the cloud. Blue Cedar Enforce enables customers to secure existing mobile apps automatically using in-app embedded controls that enforce a broad range of security policies, including those governing mobile access, data encryption, and attestation, among others. Additionally, users can now enjoy the benefits of greater modularity and the nimbleness of cloud-native architecture. The service will launch Dec. 13, initially on the Microsoft Azure Cloud.

“Corporate workloads are moving en masse to the cloud and—true to our philosophy of security following the app everywhere it is used and connected—we are now offering our core functionality as a native cloud service,” said Blue Cedar CEO John Aisien. “We’re very excited about this release, which serves as the foundation for deeper integration between Blue Cedar and the Microsoft cloud stack over time.”

Enforce comprises a subset of the functionality in Blue Cedar’s flagship Enterprise solution. Building upon Blue Cedar’s industry-leading code injection technology, the new cloud-based Enforce solution includes data-at-rest encryption, local app authentication, and integrity verification to ensure that its in-app security controls are not modified after deployment. The more modularized client also enables incremental Blue Cedar cloud services, such as dynamic policies, encryption key management, and codeless custom screen modification and does not require an SDK. “Think of Enforce as the iPod Nano of mobile app security solutions—with all the power of our incumbent solution but with more flexibility, agility, and elasticity,” said Aisien.

Healthcare is one of many industries where Enforce will be especially useful. The rapid proliferation of digital health mobile and IoT apps is critical to patient telehealth service delivery, management of medical devices for chronic conditions, managing the efficacy of patient clinical trials, personal health management, and numerous other use cases that improve healthcare outcomes and efficiency. Healthcare organizations are acutely aware of the risks that insecure apps can pose to patient and clinical data. 

“We look forward to working with Blue Cedar to deliver a unique service to Microsoft’s public cloud customers, especially in the healthcare space,” said Hector Rodriguez, Microsoft’s Worldwide Health CISO. “Enforce can play a key role in providing secure use of the processing power and data storage capacity of modern smartphones and tablets—which is essential to improving healthcare outcomes and aligns with Microsoft’s healthcare digital transformation pillars.”

The cloud-based Enforce solution will be sold primarily through value-added resellers (VARs). Blue Cedar plans to move more functionality to the cloud, in keeping with the larger industry trend that has seen everything from application, platform, and data services workloads migrate to public clouds. The company’s current offering, Blue Cedar Enterprise, will continue to be available through the company’s direct sales organization. Visit this page for more information about Enforce.




The following was posted by Julio Casal of 4iQ on December 8, 2017:

A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.

Now even unsophisticated and newbie hackers can access the largest trove ever of sensitive credentials in an underground community forum. Is the cyber crime epidemic about become an exponentially worse?

While scanning the deep and dark web for stolen, leaked or lost data, 4iQ discovered a single file with a database of 1.4 billion clear text credentials — the largest aggregate database found in the dark web to date.

None of the passwords are encrypted, and what’s scary is the we’ve tested a subset of these passwords and most of the have been verified to be true.

The breach is almost two times larger than the previous largest credential exposure, the combo list that exposed 797 million records. This dump aggregates 252 previous breaches, including known credential lists such as Anti Public and, decrypted passwords of known breaches like LinkedIn as well as smaller breaches like Bitcoin and Pastebin sites.

This is not just a list. It is an aggregated, interactive database that allows for fast (one second response) searches and new breach imports. Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover.

This database makes finding passwords faster and easier than ever before. As an example searching for “admin,” “administrator” and “root” returned 226,631 passwords of admin users in a few seconds.

The data is organized alphabetically, offering examples of trends in how people set passwords, reuse them and create repetitive patterns over time. The breach offers concrete insights into password trends, cementing the need for recommendations, such as the NIST Cybersecurity Framework.

While we are still processing the data, below are the technical details of our initial findings, including:

  • Sources of the Data
  • Details about the Dump File
  • Data Freshness
  • Discoveries regarding Credential Stuffing and Password Reuse

Source of the Data

The dump includes a file called “imported.log” with 256 corpuses listed, including and with added data from all those in the and Anti Public dumps as well as 133 addition or new breaches. Some examples of the breaches listed the file we found:

Last breaches added to the database

About the Dump File

The 41GB dump was found on 5th December 2017 in an underground community forum. The database was recently updated with the last set of data inserted on 11/29/2017. The total amount of credentials (usernames/clear text password pairs) is 1,400,553,869.

There is not indication of the author of the database and tools, although Bitcoin and Dogecoin wallets are included for donation.

The data is structured in an alphabetic directory tree fragmented in 1,981 pieces to allow fast searches.

Data is fragmented and sorted in two and three level directories

The dump includes search tools and insert scripts explained in a README file.


We’ve found that although the majority of these breaches are known within the Breach and Hacker community, 14% of exposed username/passwords pairs had not previously been decrypted by the community and are now available in clear text.

We compared the data with the combination of two larger clear text exposures, aggregating the data from and Anti Public. This new breach adds 385 million new credential pairs318 million unique users, and 147 million passwords pertaining to those previous dumps. 

Data comparison with and Anti Public breaches

Credential Stuffing and Password Reuse

Since the data is alphabetically organized, the massive problem of password reuse — — same or very similar passwords for different accounts — — appears constantly and is easily detectable.

A couple of the constant examples of password reuse that can be found: 

password reuse examples discovered

And how password patterns changes over time:

password patterns discovered

Top Passwords

The list of top 40 Passwords and volume found:

More Analysis, Stay Tuned

This experience of searching and finding passwords within this database is as scary as it is shocking. Almost all of the users we’ve checked have verified the passwords we found were true. Most reactions were

but that’s an old password…

commonly followed by an

Oh my god! I still use that password in <this> site…

a few seconds later.

mission is to protect your digital identity in the new data breach era by scanning the surface, social and deep and dark web.

We will be following up with more information soon and will provide solutions to protect consumers and companies from this and other alarming exposures.

UPDATE — 12/12/2017

Some answers to a number of requests we’ve received:

Can you provide a link to the database?

Quite a few people have asked for a link to the database, but we cannot do that. Our policy, is not to share links or details open resources that can spread such sensitive information.

Password Verification

As several people pointed out, including Tony:

You can use Troy Hunt’s where you can type a password and verify if it is exposed in his compilation of 320M passwords.

We are happy to send exposed passwords (truncated) to you.

If you write us an email to with subject line: Password Exposure Check we will respond with the truncated list of found passwords for that email. Of course we will only report the passwords related to the specific email from which you write us. So if you want to verify different emails you will have to send an email from each of them.

We would appreciate help in verifying the authenticity of the data. 
Once you get our reply from, be sure to reset your passwords and for those that are no longer in use, let us know if the truncated password is correct — we will publish statistics on these findings.




The following was announced by Guy Yehiav, CEO of BGV II portfolio company Profitect, on December 7, 2017:

‘Profitect was voted #1 by customers in the “OSCARS” of retail tech – the RIS Software LeaderBoard. Profitect is singled out in the just published report as a Leader in 19 categories; #1 in 3 categories as top performer against some real technology giants. So proud of the Profitect team and appreciate the validation of our Patterns of behavior, Machine Learning & AI technology and kudos from our customers. Great start of the holiday season!’ Full report here:


The following was written by Garrett Gafke, CEO of BGV II portfolio company IdentityMind Global, for Forbes magazine, December 7 2017.

If the digital economy takes our analog products and services and transforms them for the digital channel, the shared economy takes our analog experiences and removes the burden and expense of ownership. Many have taken the shared economy’s taxi cab alternative and maybe even stayed in a hotel alternative. The shared economy is like a modern timeshare without the time requirement or the awkward marketing pitch. However, like all new areas, the transition into it is still built on analog models.

Just as web browser encryption in the early days of the web was treated as a munition by regulators until a more appropriate way to classify or treat it was created, the shared economy often relies on physical identification that represents only a single piece of the risk management puzzle — and one that can’t keep up with our multi-channel world. For instance, the terrorist who recently perpetrated a large scale act of violence in New York had a valid drivers license, which was enough identification for him to rent the van he used in the attack.


On a daily basis, this same type of information is used to identify the people who deliver the packages ordered through major online retailers, drive for ride-sharing services, run errands for on-demand task services and more. As it turns out, companies today are far too reliant on drivers licenses, passports, birth certificates and even a basic background check. These old methods can’t track relationships and are not very informative of a person’s trustworthiness or reputation. The old methods can’t keep pace with a new generation of criminal and fraudster and, typically, are not very secure.


A poor link in the security chain or a bad decision can open the door for personal information to be discovered. Then the floodgates to a wide variety of fraud types are open. And, while network security and personal security habits can be improved, hackers are savvy and can often gain access to most systems given enough time.

With all the recent data breaches, it is safe to assume that essentially all physical data has been stolen or generally compromised. While physical or static identity data has value, there is too much at risk to solely rely on it. Online activity provides a digital footprint — a footprint that can be analyzed to help better understand users and their relationships. It is this footprint, in combination with physical information, that becomes fundamental to assessing the risk of an individual.


Digital identities combine the digital and physical attributes of an individual. The resulting identity can be an evolving asset that enables better identity proofing and risk assessment. A digital identity can update at the speed of digital transactions to capture the dynamic nature of online behaviors, and those behaviors, in turn, can be used to assess the true identity and the intent of the individual. More importantly, a digital identity can ensure that we can distinguish between the real user behind an identity and a fraudster who has stolen it.

When we started building our platform and patented Electronic DNA (eDNA™) technology, it was the only commercial technology focused on and speaking about how to connect the digital and physical aspects of an identity to perform a better risk assessment. Fast forward a few years and digital identity is a term that the market is starting to accept as fundamental in identifying the risk of dealing with online users and in establishing trust online.

Ultimately, digital identities can become assets that can be monitored for changes in behaviors. That is how one can detect compromised accounts and identity theft. You definitely want to know that the person you originally vetted is really the person you continue to deal with, and you want to know that the data that is being presented to you by a user actually belongs to that user and hasn’t been stolen.

Back to shared economies, we would all certainly feel safer if we knew that the driver we were riding with, the guests in our shared house or our food delivery person had been properly vetted by the service we were using. The growing economy around these services could be severely damaged if it chooses to ignore the risks of dealing with poorly validated members — both as providers and consumers of these services. As pointed out earlier, it only takes a quick review of the New York incident or Colorado’s nearly $9 million dollar fine on Uber to begin seeing the risk these services face. The shared economy is not going away. Nor is the need to vet people at a digital identity level.


BGV General Partner Eric Buatois will serve on the panel “Crossing Border to Create World Leader” at the SuperVenture conference, part of the SuperReturn International series, on February 27, 2018 in Berlin.

Panelists will address the following questions:

  • Do startups need to make the jump to Silicon Valley early on to become a global leader?
  • At what point should companies access other growth markets such as China, India and Southeast Asia?

Eric Buatois will be joined by Dick Kramlich (New Enterprise Associates), Yinglan Tan (INSIGNIA Venture Partners), and Sudhir Sethi (IDG Ventures India), with moderator Martin Haemmig (CeTIM, GLORAD).  The panel is scheduled for the second day of the event, February 27th, from 11:10 to noon at the Hotel Palace Berlin.

Registration and more information about SuperVenture located here.

Webscale Delivers Blazing Fast Page Load Times and Unprecedented Scalability for its Customers, Enabling their Biggest Shopping Weekend in History

MOUNTAIN VIEW, CA – December 06, 2017 – Webscale, the E-Commerce Cloud Company, has announced the successful completion of another record-breaking holiday shopping weekend, with customers recording up to 97% increases in business year over year, while still maintaining fast, available and secure storefronts under the Webscale cloud hosting and management platform.

Over the course of the Cyber Weekend, Webscale served over 830 million page views and delivered 8127 scale out (and scale in) events across its 600+ managed storefronts, an increase of nearly 40% over the same period a month earlier, all while maintaining average response times of sub 1.1 seconds.

“This was another incredible Black Friday for Webscale and our customers. We more than doubled server allocations through our predictive auto-scaling technology, as some of our customers exceeded their own expectations of sales traffic. We continue to see that capacity planning for e-commerce today is almost impossible, and reactive server allocation brings downtime,” said Sonal Puri, CEO, Webscale. “Had these customers been in a static hosting environment without Webscale, they would almost certainly have experienced brand damage and costly downtime as a result.”

As well as ensuring its customers’ storefronts auto-scaled, and remained fast and available during the Cyber Weekend, Webscale also helped detect and defeat multiple security threats. More than 83 billion HTTP request decisions were made by Web Controls, Webscale’s simple rules-based engine for managing how an e-commerce application responds to web traffic. A significant portion of these HTTP decisions were security related, with Webscale effectively identifying and blocking massive threats over the weekend. These included DDoS attacks, as well as credit card laundering attacks, where hackers attempted to validate hundreds of thousands of credit cards using third-party payment gateways.

Holiday spending exceeded $14 billion over the holiday weekend, with $6.59 billion being spent on Cyber Monday alone, a 16.8% increase from a year ago. Research shows that more than half of those sales came from mobile devices.

Webscale’s customers’ promotions included:

  • Samuels Jewelers, kicked off their holiday sale offering savings up to 70%.
  • Rocky Mountain Oils, one of the leading direct-to-consumer essential oil companies in the world, ran a Black Friday doorbuster and hit record numbers.
  • Skinit, who sell customized cases for consumer devices, offered a 40% discount sitewide.
  • AMI Clubwear, leading LA-based provider of women’s fashions, ran their largest sale ever discounting thousands of items.
  • Slickwraps, provider of premium skins for consumer devices, offered 60% off everything.

For more information on Webscale’s E-Commerce Cloud management and hosting platform, please visit




SAN FRANCISCO–(BUSINESS WIRE)–Blue Cedar today announced support for Apple’s new Face ID—the revolutionary facial recognition technology that allows iPhone X users to unlock their phones with a quick glance at the screen. Blue Cedar’s innovative authentication code enables customers to use Face ID to securely log into a Blue Cedar-protected app or group of apps on iPhone X—including many popular apps that pre-date the iPhone X. This new capability extends an even greater level of convenience than Blue Cedar’s current biometric technology, which helps users securely access apps via fingerprint per the Touch ID technology introduced with Apple’s iPhone 6.

“We’re excited to offer the innovative capability of integrating Face ID authentication into any app secured by Blue Cedar’s technology, without the need for any code changes by developers,” said Kevin Fox, co-founder and CTO at Blue Cedar. “Our configurable Local App Authentication policy now allows any enterprise mobile app to be unlocked with the same ease and convenience that iPhone X owners use to access their phones. Blue Cedar’s technology allows us to intercept and encrypt network and data-at-rest operations, and when coupled with Face ID, is completely transparent to the user. We are proud to deliver such a critical feature that ultimately offers zero compromise between security and ease-of-use.”

Magic Under the Hood

While the user experience itself is seamless, there is nothing simple about the technological innovation under the hood to achieve this essential security feat. Just as Blue Cedar offered fingerprint access to apps via the APIs (application programming interfaces) in Apple’s mobile operating system, iOS, the company now also offers Face ID support via those APIs for any app on supported hardware through its revolutionary code injection technology.

Face ID uses a variety of sophisticated technologies, including facial mapping that analyzes more than 30,000 points on the user’s face, to create a detailed depth map that enables the iPhone to recognize the user even with glasses, facial hair, or a hat. Neural network technology safeguards against spoofing by masks or other techniques, and infrared sensors ensure that Face ID works in the dark. Blue Cedar customers benefit from these same technologies in accessing their protected apps.

Additionally, Blue Cedar’s new authentication code can be injected into older apps that were built before Face ID technology became available, allowing users to log into these apps with just their face and without requiring developers to go back to update the apps.


December 05, 2017 08:00 AM Eastern Standard Time


Virtual Instruments Extends Deep Infrastructure Visibility and Performance Insights to Key Business and Application Stakeholders Throughout the Enterprise with Breakthrough App-centric Version of VirtualWisdom

New Generation of Industry’s Most Comprehensive Infrastructure Performance Monitoring & Analytics Platform Signals the Beginning of the App-centric IPM Era

San Jose, Calif., December 5, 2017 – Virtual Instruments, the leader in application-centric infrastructure performance management (IPM), today announced a breakthrough new version of VirtualWisdom, the industry’s most comprehensive infrastructure performance monitoring and analytics platform. By visualizing the infrastructure in the context of the application, VirtualWisdom enables organizations to accelerate digital transformation, improve business agility and proactively manage the cost and performance of their enterprise data centers.

The modern enterprise data center offers the promise of improved business agility in addition to providing a scalable foundation for an enterprise’s business-critical applications. However, the reality is that the scale and complexity associated with these highly virtualized, multi-vendor environments is beyond human comprehension. Legacy silo-centric monitoring tools only provide limited visibility into the various components of the underlying infrastructure. These tools have no understanding of how applications relate to infrastructure or the relative business value of the applications running on the infrastructure. As a result, application owners and line-of-business (LOB) managers aren’t aligned with the infrastructure teams on how to proactively assure application performance, control costs and reduce risk within their constantly changing data centers.

The solution lies in managing infrastructure from an application-centric point of view. The landmark new release of VirtualWisdom achieves this by holistically monitoring, analyzing and optimizing the performance, utilization and health of IT infrastructure within the context of the application. By discovering and mapping applications to the infrastructure, associating their business critically and applying self-learning-based analytics, VirtualWisdom enables enterprises to guarantee performance-based service level agreements (SLAs) for key stakeholders within the organization, including application owners, LOB owners and IT operations teams.

The new VirtualWisdom app-centric IPM platform is comprised of three key capabilities: Application Service Assurance; Workload and Capacity Optimization; and Problem Resolution and Avoidance. These are enabled by Virtual Instruments’ highly scalable wire and machine data instrumentation and app-centric analytics. The integrated capabilities provide deep infrastructure insights to every team relying upon the performance and availability of business-critical applications. As a result, the new release of VirtualWisdom enables proactive performance management and signals the beginning of the app-centric IPM era by establishing it as the best approach to managing the next generation data center.

“The research we’ve conducted indicates increasing infrastructure complexity is the primary inhibitor to enabling comprehensive, application-focused IT service delivery,” noted Steve Brasen, Research Director with IT industry analyst firm Enterprise Management Associates. “To meet rapidly evolving requirements for highly available and optimally performing IT services, organizations require holistic visibility across their entire IT ecosystems that analytically maps application performance directly to the underlying infrastructure and enables the dynamic placement of workloads. This latest release of VirtualWisdom enhances the platform’s app-centric IPM approach to deliver what is, to date, the most comprehensive IT infrastructure visibility attainable from a single pane of glass.”

Features and benefits of the new version of VirtualWisdom include:

  • Application Service Assurance analytics align infrastructure performance with application requirements by:
    • Providing executive and LOB visibility through easy-to-use executive and application-level dashboards
    • Enabling Tiered Service Level policies to assure the performance of business-critical applications running on shared infrastructure
    • Discovering and mapping application usage of dynamic and virtualized infrastructure

  • Workload and Capacity Optimization analytics proactively manage workloads and capacity from the VM to the storage array by:
    • Optimizing end-to-end workload placement across VM, network and storage
    • Proactively detecting potential performance issues and optimization opportunities through seasonal behavior analytics

  • Problem Resolution and Avoidance analytics enable IT teams to proactively collaborate, troubleshoot and diagnose complex performance issues by:
    • Offering Investigation Runbooks that provide guided analytics to identify and resolve issues for every alarm type, while enabling chat-ops to improve cross-team collaboration
    • Detecting anomalies, and automatically comparing to performance baselines to detect and correlate potential root causes of issues

  • Scalable Instrumentation enables deep wire and machine data collection across the data center in real-time by:
    • Adding deeper visibility of software defined data centers and Hyper-converged infrastructure including VX:Rails, Nutanix, Simplivity, vSAN, ScaleIO and Netflow
    • Expanding high fidelity wire data support for NAS and SAN to include SMB and FCoE protocols, respectively

“As the leading provider of real-time monitoring solutions, we have an intimate understanding of the enormous challenges created when an enterprise lacks insight into the infrastructure supporting their business applications,” said Philippe Vincent, CEO of Virtual Instruments. “With the new release of VirtualWisdom, we’re able to remove the anxiety our customers felt by ‘flying blind’ with their business-critical applications. By leveraging VirtualWisdom to take an app-centric approach to the management of their infrastructures, IT operations and architecture teams can collaboratively work with their application owners and business unit executives to proactively optimize the performance and cost of the supporting infrastructure. This increases business agility and the overall value of the infrastructure to the business.”

VirtualWisdom 5.4 is available at the end of December, and to learn more about Virtual Instruments’ VirtualWisdom platform, please visit:     




The following was written by Paul Vachon for Stores magazine, December 2017.

As retailing continues to change and make use of ever more sophisticated technology, the number of statistical reports produced increases exponentially, which presents a problem: What exactly is a merchant supposed to do with all that information?

Making that data actionable — organizing, interpreting and acting on it — has proven to be a daunting task; Profitect just may have found the magic bullet.

Profitect’s software as a service platform of eight autonomous, fully integratable modules approaches the challenge with a singular goal — extract data from myriad sources and transform it into clearly stated prescriptives, instructing store management and associates on specific actions to take based on the system’s extrapolation.

“Profitect is a platform for retailers to change the paradigm of reporting to prescriptive analytics. The platform takes raw data from any number of [existing] systems and uses machine learning algorithms and patterns of behavior to identify opportunities to improve a retailer’s operations,” says CEO Guy Yehiav.

Profitect is set up based on the idea that people in different levels of an organization read, interpret and react to traditional statistical reports differently. To remove this obstacle, the prescriptive tasks are stated in plain language and STORES.ORG STORES December 2017 61 include enough background so that anyone performing the tasks will see how they fit into the larger whole.

Yehiav illustrates by offering an example of how Profitect’s inventory module works at a grocery store: The system notices at 5 p.m. that a regularly stocked bottle of water has not sold since 12:30 p.m., though the rate of sale should be one every five minutes. Through machine learning, Profitect reasons the probability of the water not being on the shelf as 98 percent since the system “thinks” there is inventory. Therefore, the system will send a text message to store employees asking that they check the stock level on the shelf.

If the shelf is empty, staffers are directed to the proper location where a stated amount of back stock should be. If the stock area is empty, instructions are provided to override and reset the inventory to zero, which will trigger an automatic replenishment order.

“The challenge for the user is minimal — all the complexity is on the back end,” Yehiav says.


The inventory module is also useful in loss prevention; Yehiav says the system can take traditional exception-based data to the level of an individual till.

“We can look to the data to see why an individual associate’s drawer came up short. Perhaps he is coupon stacking or ‘sweethearting.’ We can then offer directives to managers to take appropriate actions.”

The same module can also provide prescriptives to analyze inventory issues stemming from damage and waste, markdowns, inventory distortion and other factors.

Profitect client DSW has found that the inventory module alone has yielded substantial benefits. A customer since 2014 when Profitect rolled out the inventory module, DSW has seen improvements in loss prevention, inventory control and merchandise planning and analysis.

An especially useful feature of the system is its ability to be mastered by people with non-technical backgrounds.

“Profitect can take very detailed data and express it in layman’s terms for anybody to be able to interpret with those prescriptive actions,” says Jordan Rivchun, director of loss prevention at DSW.

“We’re bringing data from hundreds of sources that are not themselves related, but the system allows us to paint a picture if something is either good, bad or neutral that we need to take action on.”

“We’re triangulating the data to find patterns of behavior,” Yehiav says, “with the presumption that most products, people and vendors are well-intentioned and committed to doing the right thing.”


The total Profitect system includes seven additional modules, each of which monitors and provide guidance relative to specific areas of a retailer’s operation.

The sales module, which DSW implemented in May, connects directly to each individual till. Besides transmitting basic point-of-sale data, it also analyzes customer loyalty, traffic conversions and labor costs relative to volume and similar data.

The delivery and receiving module harnesses relevant data to flag opportunities for improvement stemming from in-store errors, delivery discrepancies or even driver fraud and/ or collusion, such as fraud detectable from GPS route discrepancies.

The logistics and warehouse module keeps tabs on internal warehouse practices, and can identify opportunities from operator error and noncompliance or stocking inaccuracies. In this setting, the module can link improper warehousing to inadequate associate training and suggest corrective measures.

The planning and buying module uses forecast, order and allocation data plus information from sales and inventory to identify opportunities for improving profit, sell-though, fill rate and inventory adjustments. For example, the module can identify inaccurate forecasting due to an inferior store allocation model.

The marketing module mines data from various sources to identify and recommend new strategies necessitated by changing customer behavior, response to promotions and the impact of existing marketing strategies on basket size. The module can, for example, identify customers with high promotional participation but low average basket size.

The omnichannel module takes data from various sources — sales, customer, logistics and vendor — to refine the merchant’s adaptation of new selling channels and create a seamless brand experience to enhance customer loyalty. The module can offer directives toward maximizing inventory to satisfy store pickup of orders placed online.

Each module can be used on its own or in conjunction with each other.

The mobile field application is perhaps the most impressive aspect of the Profitect platform; Yehiav calls it “the extension of our product for the person on the move.”

Compatible with a variety of mobile devices, the app does not replicate the content of the full modules, but provides key ready reference information to managers, including side-by-side store metrics and the latest social media feeds.

The versatility of the Profitect system is demonstrated by the wide variety of retailers that it’s signed on as clients, including hardline merchants such as Auto Zone and Sunglass Hut, cosmetic stores Sally Beauty and Ulta Beauty and grocers Ahold Delhaize, Stop and Shop and Lowes Foods.

The system can also be efficiently implemented. “The system integrates data very quickly. DSW’s Inventory module was up and running in just three days,” Yehiav says.

Most new technologies and software packages increase the total amount of data generated, while Profitect works to synthesize, distill and interpret all those numbers — undoubtedly a great source of relief to any retail manager or senior executive.


Garret Gafke, President and CEO of IdentityMind Global, a BGV portfolio company, and member of the Forbes Finance Council, shared his insight to the current state of cybersecurity in Forbes magazine. The most recent Equifax data breach exposed the confidential and private information of some 143 million U.S. consumers to hackers and other nefarious users. This information includes consumer’s names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license and credit card numbers. Essentially, this means that practically every adult consumer in the United States had their information stolen. While identity theft monitoring and insurance services can help to identify when your identity is being abused, this doesn’t solve the actual problem. The information taken was more than enough for identity theft (someone to impersonate you), to create synthetic identities (fake identities made using pieces of your real information) and to enable account takeovers (where fraudsters have your credentials and take over your online accounts). Given the breadth of the breach and the attack vectors, a credit freeze offered by credit bureaus will not fully protect anyone whose information has been compromised in the breach. And, when combined with the still-unwinding Yahoo breach and the long line of others, our data is increasingly exposed. The real solution to this problem starts by not relying only on the static identity data held by credit bureaus and most other identity data sources as means for verification of an identity. Static information is the most frequently used method for identifying someone and ostensibly providing security. Most every financial company or merchant where you have an account uses static information to verify your identity. Static information was thought to provide security because that information was supposedly outside of the hands of criminals and not guessable. This information might be your social security number, driver’s license, mother’s maiden name or other special security questions, generally referred to as knowledge-based authentication (KBA). However, identity verification databases that use static data don’t update very often. And, the longer data is out there, the more likely it is to become compromised. All it requires is one slip up with one of the multitudes of companies that hold your data, and your information is compromised. For Equifax, this may have been as simple as not installing a security update. However, the bottom line is that static information by itself was never a fit for the digital world, where information is easily shareable and readily accessible through normal or nefarious means. There is another fundamental problem with identity databases. They store our identity information in ways that can be utilized for identity fraud when they are compromised. Most identity databases have an unfortunate dual purpose; they are used for identity verification, but mostly, and by far more lucrative, they are used for marketing. Marketing applications require these databases to store lots of searchable user data. The more data they store, the more valuable they are in the marketing world. However, identity verification doesn’t need to store users’ data in a way that can be reused. Cryptographic technologies provide several mechanisms to match and compare data without the need for storing the actual identity data. The digital world can be rough on the old way of doing things, and it demands stronger solutions than the old static credit bureaus can provide. Digital identities are a stronger and more relevant solution for our ever-growing digital world. Digital identities are dynamic in nature. They merge the physical and the online aspects of a user’s identity. While digital identities do include some static elements (e.g., name and address, mobile device number, national ID, biometrics, etc.), they also include dynamic elements. They are fueled by alternative data sources that represent an individual’s behavior in the digital world. A digital identity is constantly updated based on the information available from each digital transaction. In addition, digital identities require a trusted method of authentication to enable authoritative identity proofing. These methods can’t easily be spoofed or subverted. And, with the right analytics, digital identities can be scored to determine the risk that they pose to your business. This analysis looks at the correlations of the data inside and outside of the identity to establish whether the data goes together, whether it is connected with known risky people, whether there have been issues in the past and more. The use of digital identities solves two fundamental problems: static data and identity data storage. The adoption of digital identities results in a secure way of understanding who you are doing business with and the elimination of massive data repositories that put us all at risk. This breach has put the old way of understanding identity on notice. And, ultimately, it exposes us all to a better way that fits the needs of online users and online businesses. The consequences of identity fraud are frustrating, terrifying and costly to all. Stolen identities end up being used in the world financial system to fund terrorism, human trafficking, drug cartels and money laundering. This is no joke. It’s time to move beyond the credit bureau static information approach to digital identities.