Open Raven launched the Open Raven Cloud-Native Data Protection Platform to operationalize data security and privacy in the cloud. To prevent data breaches, it automates asset discovery and data classification, provides real-time mapping and policy-driven protection for Amazon Web Services and S3. The Open Raven Platform is generally available today.
The Open Raven Platform auto-discovers where data is located in the cloud, what type of data it is — personal, sensitive, or regulated, — as well as who has access to it and where it can flow for full visibility, control, and protection.
“Before COVID-19, security and cloud teams were already short-handed. The rapid shift to remote work driven by the pandemic only increased workload, further exacerbating the problem,” said Dave Cole, Co-founder and CEO of Open Raven.
“We created the Open Raven Platform to help these teams restore visibility and protection of their cloud data, removing pain driven from approaches that are manual, time intensive and expensive.”
With the Open Raven Cloud-Native Data Protection Platform, security and cloud teams now have a unified solution for the following actions:
- Discover all data and resources in a public cloud environment, including both native and non-native repositories. Real-time mapping highlights problem areas at a glance while search allows for pinpointing specific data and resources.
- Classify data assets by identifying personal, sensitive and regulated data on a scheduled, event-driven or continuous basis. Open Raven uses a variety of techniques from pattern matching to machine learning to describe data while providing live verification via APIs to further boost accuracy.
- Monitor using default or custom policies based on Open Policy Agent that combine both cloud asset and data context in rules that enable continuous or point in time monitoring for a full range of security, privacy and compliance use cases.
- Protect cloud data through proactive alerting on data risk events as they happen, harnessing a wide range of integrations (via firehose API, webhook), or generating reports.
Open Raven’s cloud native design is built to handle big data. Discovery and classification are performed using serverless functions – not agents or network scanners that are challenging to deploy and struggle to scale horizontally. Flexible configuration options allow for fine-tuning of performance, completeness and cost.
Being able to assess even large environments for compliance eliminates previously painstaking manual efforts to report on data inventory, data transfer and other risk factors. It can be used to create the foundation for compliance in accordance with laws and standards such as FFIEC, GDPR, CCPA, PCI-DSS, HIPAA, and SOC2.
“Open Raven is helping us transform how we approach data security. Legacy tools only look at cloud resources or privacy, but don’t tell us if data is safe,” said Justin Dolly, Chief Security Officer of Sauce Labs. “Open Raven is the first platform that gives us real-time visibility into the safety of our cloud data, helping us to close security gaps faster.”
Enterprise PKI Manager in DigiCert ONE from DigiCert supports security for today’s increasingly remote workforces via certificate automation to authenticate employees and their devices at scale, and encrypt data.
Working from home is here to stay, with Gartner reporting that 74% of CFOs are looking to shift some employees to permanent remote work. Digital certificates are a proven, widely adopted solution for strong authentication and are well supported by a variety of devices, platforms and operating systems.
Many organizations, including the world’s best brands, use private CA systems within their networks, relying on manual certificate management that often leads to errors or shutdowns and overworked teams.
Enterprise PKI Manager makes it easy for organizations to manage and use digital certificates to secure all employees, devices and data that connect to the network, and it can be deployed as a customer-managed on-premises or cloud solution, or managed by DigiCert.
“Enterprise PKI Manager offers the smart automation and integration capabilities enterprise organizations need to safely support workers wherever they choose to connect to the network,” said DigiCert SVP of Product Brian Trzupek.
“Customizable and compatible with a variety of mobile device management solutions, Enterprise PKI Manager enables our customers to manage their entire remote workforce and devices from one PKI system to better protect users and their devices, as well as the data, email and applications that they rely upon.”
Enterprise PKI Manager offers a flexible, unified approach to PKI management at scale. With Enterprise PKI Manager, organizations can enable digital signing for large volumes of users and devices quickly, utilizing a containerized, cloud-native architecture that rapidly deploys digital certificates on-demand.
Enterprise PKI Manager gives organizations the ability to:
- Enable API-based automated device and user enrollment with digital certificates.
- Integrate with leading MDM/UEM platforms for secure device enrollment and management.
- Secure emails with authentication and encryption via S/MIME certificates.
- Enable secure document signing across the organization’s physical and virtual network environments.
- Integrate with the other DigiCert ONE workflow managers for secure code signing for software and IoT device security.
DigiCert is continually innovating to develop comprehensive solutions for work-from-home and remote access use cases, and integration initiatives are in place with a variety of leading MDM, UEM and smart card partners.
Enterprise PKI Manager is built on DigiCert ONE, a PKI management platform developed with cloud-native architecture and technology to be the PKI infrastructure service to solve today’s security challenges.
Released in 2020, DigiCert ONE offers multiple management solutions and is designed for all PKI use cases. Its flexibility allows it to be deployed on-premises, in-country or in the cloud to meet stringent requirements, custom integrations and airgap needs.
It also deploys extremely high volumes of certificates quickly using a robust and highly scalable infrastructure. DigiCert ONE delivers end-to-end centralized user and device certificate management, a modern approach to PKI to provide trust across dynamic IT architectures.
Red River unveiled a fully managed software-defined wide area network (SD-WAN) solution. Red River Managed SD-WAN leverages the company’s award-winning Managed Services and Cisco SD-WAN technology to deliver advanced enterprise networking capabilities to the public sector and enterprise markets.
Managed SD-WAN provides organizations greater flexibility, control and management over their network. This solution enables wide area network management over dispersed geographical locations.
Through three 24x7x365 Network Operation Centers (NOCs), Red River’s Managed Services team delivers additional operational support and technical expertise to help maximize a customer’s return on investment.
With Managed SD-WAN, Red River takes the burden off internal IT staff so they can stay focused on strategic initiatives instead of day-to-day WAN management operations.
“SD-WAN is a core component in the future of networking, and organizations recognize the advantages of adopting it into their environment; however, without continued operational support, it’s difficult to realize its full value,” said Kevin Steeprow, Red River’s VP of Engineering.
“Our managed solution enables anyone to leverage software-defined technologies so that they can optimize productivity while reducing cost and complexity yet continue to address security needs; regardless of their IT capabilities.”
Red River has partnered with Cisco for the development and launch of Managed SD-WAN. By leveraging Cisco SD-WAN technology, Red River seeks to provide a comprehensive networking solution that focuses on advanced Cisco hardware and software with Red River managed services support.
Red River is one of an elite group of providers that can deliver a FedRAMP-accredited SD-WAN solution to the federal government.
Red River has been a Cisco Gold Partner since 2008, and last year was named Cisco’s U.S. Federal Partner of the Year and Federal Software and Services Partner of the Year.
Red River Managed SD-WAN can be integrated to support enterprise use cases such as government agencies, universities, hospitals, factories and more.
McAfee announced the MVISION Cloud Native Application Protection Platform (CNAPP) with several native Amazon Web Services (AWS) integrations to help customers more easily secure their applications and data in their Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments.
Architected to support multiple AWS services, MVISION CNAPP helps customers continuously identify and fix misconfigurations and software vulnerabilities in their AWS environment and securely accelerate their deployment of cloud-native applications.
Announced last month, MVISION CNAPP is a new McAfee security service that combines Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and application and data security into one solution.
The unified solution provides security teams deep insight into service configurations for AWS, industry benchmarks to better assess their data and application security risk, as well as integrated workload protection tools to improve security across their entire application lifecycle.
CNAPP integrates with several AWS deployment services such as AWS Systems Manager and AWS PrivateLink to make deployment easier and more secure, as well as security services like AWS Security Hub with broader workload and data context for enhanced security.
“AWS Security Hub is a great example of a security service built specifically for AWS customers,” said Anand Ramanathan, vice president of product management, McAfee.
“We’ve collaborated with AWS to add hybrid security use cases and broader workload and data context to enhance the value of this service, as well as to leverage AWS-native deployment services allowing customers to simply add our CNAPP capabilities to deployment pipelines already in use thus seamlessly enhancing the security of their cloud-native applications.”
MVISION CNAPP is available in AWS Marketplace providing customers a streamlined method for purchasing the new service as well as providing consolidated billing for consumption.
What’s more, MVISION CNAPP has purpose-built security audit policies for AWS container services Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), and AWS Fargate.
“In today’s digital enterprise, security is a critical priority across the organization,” said Dan Plastina, Vice President, Security Services, Amazon Web Services, Inc. “We are delighted to be working with McAfee to facilitate collaboration across developer and security teams so that customers can more effectively secure their workloads in the cloud.”
“EA’s business depends on the public cloud, and it’s my role to manage the security of that environment,” said Bob Fish, Enterprise Security Architect at Electronic Arts.
“MVISION CNAPP integrates with AWS deployment services such as AWS Systems Manager and AWS PrivateLink and also integrates with AWS security services like AWS Security Hub, enhancing AWS native security capabilities.
“We prefer a single unified security platform over implementing separate point products for each security capability required. The unified approach of MVISION CNAPP allows us to use fewer people to manage security risk across all our AWS resources.”
Entrust announced its Cryptographic Center of Excellence (CryptoCoE) solutions, providing the tools and resources enterprises need to take command of their crypto instances and PKI systems through best practices that bring together the visibility, expertise and compliance required for a strong crypto strategy.
Digital technologies are transforming the enterprise, from new DevOps practices, cloud and multi-cloud environments to the Internet of Things (IoT). And with this transformation comes new data security challenges.
While IT leaders are rapidly increasing use of cryptography-based solutions like public key infrastructure (PKI) to support identity, authentication and encryption, they are struggling to manage crypto across the enterprise.
Entrust’s 2020 Global PKI and IoT Trends Study found nearly 71 percent of IT leaders struggle to understand where sensitive data resides within their organizations.
“Organizations need to look at ‘encrypt everything’ strategies to protect their enterprises in a zero trust world. Crypto is critical infrastructure that requires expertise, dedicated resources and a set of standards to keep it under control and in compliance.
“Entrust has led the world in cryptographic security solutions for more than 25 years, and now, we’re proud to deliver that expertise to customers with the first Cryptographic Center of Excellence building block solutions,” said Jay Schiavo, Vice President of Entrust Digital Certificate & Signing Solutions.
“Weak crypto often leads to business disruption, which is why our CryptoCoE solutions help enterprises with the expertise, visibility and tools they need to bring hidden crypto and PKI to light and mitigate rising threats.”
Gartner predicts that “by 2021, organizations with crypto-agility plans in place will suffer 60 percent fewer cryptographically related security breaches and application failures than organizations without a plan.”
The Entrust CryptoCoE solution has five building blocks that help achieve crypto and PKI excellence:
- Crypto Health Check improves overall IT security posture by providing ongoing visibility into a complete cryptographic inventory, expertise and best practices. The Crypto Health Check team scans an organization’s environment to build a cryptographic inventory and scores it against cryptography standards and policies. The data analysis is then turned into an actionable plan with measurable results – arming security, compliance and risk teams with the insights needed to mitigate crypto-related threats and bring hidden crypto into view.
- Crypto Governance Consulting places an expert-by-your-side to walk your organization through the essential steps of establishing a governance platform.
- PKI Governance Health Check reviews an organization’s PKI policy documentation and the different roles, processes and policies that they outline. Comparing those policies against best practices, compliance requirements, and business needs, Entrust will deliver actionable recommendations to ensure there are no procedural gaps and that they demonstrate compliance standards for audits.
- PKI System Health Check assesses the status of the technology and software of an organizations PKI implementation(s). From looking at the equipment and algorithms in use, to documenting architecture and providing recommendations – Entrust experts will guide and assist organizations to ensure their PKI is able to meet their current and future business requirements.
- PKI Governance Consulting assists organizations setting up a new PKI and defines and documents the policies used to govern their PKI.
“The cryptographic center of excellence does not necessarily have to own and operate all tools,” said David Mahdi and Brian Lowans, Senior Research Directors for Gartner.
“Instead, it should be a central point of control that provides guidance and governance. It must establish an appropriate organizational framework for when central tools must be used and under what circumstances different business units can operate and manage their own systems.”
The lines between our personal and professional lives are blurring, and it’s becoming more difficult to maintain control over confidential information as the world searches for ways to maintain security in a remote work environment.
That’s why FileCloud put security at the forefront of FileCloud 20.2, the latest version of its enterprise product. FileCloud offers new levels of privacy and productivity, bringing advanced digital rights management into the platform and eliminating the need for a separate DRM solution.
FileCloud builds in security for remote workers from the beginning. Files are protected with one of the highest encryption levels available, and access can be restricted at any time, even after the document has been shared. The FileCloud Secure Document Viewer prevents any unauthorized user from seeing, sharing or copying the data.
“The security features travel with the document at all times, even after distribution,” said Madhan Kanagavel, FileCloud’s founder and CEO. “With remote work putting a greater demand on security, you need confidence that your company’s trade secrets remain secret.”
Secure collaboration for remote teams
Secure collaboration for remote teams has become more important than ever. The shift to remote work has created new data security threats for businesses of every size. The 2020 State of Data Security Report published by software-recommendation company Getapp found that “limited security for remote workers is the single most common vulnerability businesses are facing today.”
Digital collaboration has brought new challenges to highly sensitive documents like contracts, customer lists or earnings reports. In the past, companies could bring people into a secure conference room and control the distribution of private information. But with companies meeting virtually, they’re struggling to bring that same level of physical security to a digital world.
FileCloud protects confidential files against unsolicited viewing with a restricted viewing mode. Users will only see the part of the document they are allowed to; all other sections will be restricted from view.
Additional document sections will be revealed as the user scrolls. Plus, to maximize your document security, the Screenshot Protection feature prevents recipients from taking screenshots of important documents.
Every detail of FileCloud was crafted to protect a company’s digital documents—reports, contracts, training materials, research—from illegal redistribution and copying. FileCloud creates an encrypted document container that supports multiple file formats, including Microsoft Office files, PDFs and images.
The single encrypted container can hold multiple types of files, eliminating the need to create multiple containers. Users can then share the container via email or FileCloud, and recipients then need to enter an access key to access it. FileCloud verifies the user access key to provide access to shared documents.
Group-IB launches Fraud Hunting Platform, a digital identity protection and fraud prevention solution
In H1 2020, Group-IB’s Fraud Hunting Platform shielded banking and eCommerce portals in Europe and Asia from bot activities, malware, and social engineering attacks and saved them roughly $140 million.
Malware attacks, social engineering and bot activity are the top 3 threats for users of eCommerce and banking portals, based on the analysis of dozens of millions of user sessions around the world over the same period.
To combat these 3 categories of threats, companies deploy a range of scattered security solutions that significantly degrade user experience. Fraud Hunting Platform becomes an integrated solution that will play a key role in protecting users. It is the successor to Group-IB’s Secure Bank/Secure Portal product line, which Group-IB has been developing since 2013.
During the presentation of Fraud Hunting Platform, streamed from the recently opened Europe HQ in Amsterdam, Group-IB also announced the launch of its new module called Preventive Proxy, designed to fight against bad bots disrupting eCommerce, online banking, and government portals. According to Group-IB’s estimates, malicious bots account for around 30% of Internet traffic.
Digital identity’s own ID
Group-IB’s Fraud Hunting Platform analyzes each session and examines user behavior (keystrokes, mouse movements, etc.) in web and in mobile channels in real-time. Based on user behavioral data and machine learning algorithms, the system creates a unique digital fingerprint for devices and identities.
Just like a facial recognition authentication, the system correlates and matches user behavior with their devices, which helps distinguish between legitimate actions and malicious activity even if the criminals have gained access to a user’s smartphone or payment information.
Using these unique data, the technology called “Global ID” marks devices across online resources globally where the Fraud Hunting Platform is running and allows to identify fraudsters at early stages.
Moreover, thanks to the company’s unified ecosystems of Group-IB products, Fraud Hunting Platform uses relevant Threat Intelligence data, which helps detect hidden threats and suspicious connections, speed up investigations, and identify specific individuals involved in incidents.
Unlike Secure Bank/Secure Portal, the Fraud Hunting Platform is used not only to simply detect and prevent fraud but also to investigate thefts and hunt criminals and their infrastructure.
“We are delighted to introduce Fraud Hunting Platform to market. The solution operates in a high-load mode, protecting 130 million users of web resources and mobile apps while blocking related malicious activity,” commented Dmitry Volkov, Group-IB CTO.
“The new system evolved from Group-IB’s range of online fraud protection products. It is high-performance and easy to integrate, and it uses patented technologies to detect attacks at early stages. Fraud Hunting Platform’s global mission is to protect user digital identity while hunting for threats and the adversaries behind them.”
Good bad bots
The newly released Preventive Proxy is designed specifically for eCommerce companies and financial organizations offering products and services online. As a module of Fraud Hunting Platform, Preventive Proxy distinguishes “good” bots (for automated web app testing for example) from “bad” bots leveraged by cybercriminals to attack company websites, web and mobile applications in a number of different ways.
Group-IB estimates that legitimate bots account for about 20% of all Internet traffic, while malicious ones make up 30%. The goal of Preventive Proxy is to protect websites, mobile apps, and their users against criminals hacking into personal accounts, collecting personal data, scraping website content protected by copyright law, and attacking mobile APIs and using them without authorization.
While there are automated bots that snatch best deals and win giveaways, there are also smart and dangerous ones that break into your online accounts, steal users’ payment and personal data, and abuse API while imitating human behavior.
The analysis of dozens of millions of user sessions in banks and eCommerce portals around the world revealed that Selenium, PhantomJS, and Headless Chrome are the three most frequently used tools in bot attacks that cybercriminals use to imitate user actions for credential stuffing or brute force purposes.
The fact all three are legitimate instruments makes it hard for traditional fraud detection solutions to spot them. Preventive Proxy offers smart protection against all types of bot attacks and can be either deployed in web or mobile app infrastructure or used through Group-IB’s cloud.
“Smart” bot protection also uses behavioral analysis algorithms to detect malicious bot activity. Preventive Proxy examines user behavior to assess whether a human being or a bot is performing a given action in the network. In addition, the solution collects browser, app, and device parameters, preventing the real user session from being re-used by malicious bots. Preventive Proxy does not block requests from trusted sources or legitimate bots.
Group-IB reports that up to 60% of bad bot activity is attributed to credential stuffing (attacks leveraging stolen credentials). The share of web scraping attacks (i.e. using bots to extract content and data from website pages) is 30%. The remaining 10% covers other types of fraud involving bots.
Saviynt announced the general availability of their latest platform release, named Saviynt 2020. Designed to support the modern enterprise IT landscape, Saviynt 2020 is already helping 1.6M users at major global organizations manage risk, scale cloud initiatives, and maintain regulatory compliance.
“Enterprise security challenges demand an intelligent, risk-based approach, especially with the drastic changes brought about by the global pandemic,” said Todd Soghier, Director, Identity & Access Management Governance at Marriott International.
“We are continually working to improve our identity posture and Saviynt 2020 has played a vital role in securing our growing identity perimeter, which consists of hundreds of thousands of users and hundreds of applications.”
The rapid acceleration of digital transformation and cloud adoption has created new challenges for today’s modern business. Organizations need cybersecurity support that will empower the reality of today’s work-from-anywhere enterprise and meet the continuous compliance needs for the most highly-regulated industries.
Built upon the principles of zero trust, Saviynt 2020 provides security and governance for complex multi-cloud and hybrid environments.
“The enterprise ecosystem is experiencing a seismic shift, causing businesses across the globe to significantly rethink the ways identity helps them manage risk and security,” said Amit Saha, CEO at Saviynt.
“The reality behind this shift is that identity is no longer just about people. Instead, identity spans workloads, data, bots, and connected devices. Last year, Saviynt introduced a new vision that would simplify the adoption of identity and access technologies.
“Today, we are proud to deliver on that promise through Saviynt 2020: a fully-featured, unified platform that brings together identity governance, privileged access management, application access governance and data access governance.”
Saviynt 2020 is designed to be adaptable and solve evolving business requirements. Eliminating the need for multiple products and vendors, the platform can govern and administer all access, privileged or standard, within hybrid applications such as Microsoft 365, Workday and Salesforce, to cloud infrastructure assets from Amazon Web Services, Microsoft Azure, Google Cloud Platform and more.
Customers will benefit from the following capabilities:
- Accelerated uniformity: To support rapidly growing human and machine identities, Saviynt 2020 offers enhanced capabilities around guest access management, BOT access governance, operational technology integration, application and privileged workload discovery, as well as a revamped application onboarding experience that includes an RPA Bot for last mile identity automation.
- Intelligent identity: Risk-based intelligent identity helps drive greater efficiency and productivity throughout the entire identity lifecycle. Saviynt 2020 simplifies a once-complicated journey with contextual risk insights and automated decision-making capabilities, all powered through AI and machine learning. These new capabilities reduce an organization’s risk profile by guiding better security decisions and automating or speeding-up many identity-related tasks.
- Continuous zero trust: Addressing the new identity perimeter evident in organizations, Saviynt 2020 improves security posture in the new age of work-from-anywhere. Offering the ability to simplify and streamline dynamic access management, customers will gain a 360-degree view of risk so that they can prevent data breaches and insider threats, all through a cloud-agnostic approach.
- Frictionless access: Productivity and simplicity in mind, Saviynt 2020 is designed to reduce friction with an all-new intuitive user experience. Saviynt now makes it easy to request access via ServiceNow, within a user’s browser, or via a mobile app to help drive the adoption necessary to maintain a modern, secure identity perimeter.
“Saviynt has emerged as one of the leading providers of intelligent identity management, innovating well beyond key legacy players with an already established position in the market,” said Richard Hill, analyst at KuppingerCole.
“Saviynt’s strength, however, comes as a result of its cloud-native, converged approach to enterprise identity. With the release of Saviynt 2020, enterprise organizations will continue to benefit from an integrated risk-based, intelligent approach to IGA and Access Governance, for both on-premises and cloud-based instances.”
Sysdig announced the global availability of Sysdig Secure embedded within IBM Cloud. IBM Cloud Monitoring with Sysdig, which uses Sysdig Monitor, is already the default monitoring solution used by IBM and offered to IBM Cloud customers when onboarding.
With this addition of Sysdig Secure, the Sysdig Secure DevOps Platform is tightly integrated with IBM Cloud to provide customers end-to-end monitoring and security capabilities.
The expansion of Sysdig Secure in IBM Cloud builds on the container, Kubernetes, and cloud monitoring capabilities of IBM Cloud Monitoring with Sysdig. Sysdig Secure adds image scanning, runtime security, compliance, incident response, and forensics.
Now, when operating in IBM Cloud, DevOps, cloud, and security teams can secure the build pipeline, detect and respond to runtime threats, and validate compliance using Sysdig Secure.
The Sysdig Secure DevOps Platform, which includes Sysdig Secure and Sysdig Monitor, closes the security and visibility gap for containers and Kubernetes.
With Sysdig, cloud teams can embed security, validate compliance, and scale monitoring to manage security risk and improve application availability. Granular data enriched with cloud and Kubernetes context gives teams the visibility they need to confidently run applications in production.
“Since announcing the IBM Cloud Monitoring with Sysdig initiative in 2018, we have gone through extensive testing with IBM and proved our ability to deliver security, compliance, and monitoring at scale,” said Knox Anderson, vice president of product at Sysdig.
“We deliver IBM Cloud Monitoring in six regions globally and adding Sysdig Secure to those regions will enable our joint customers to embed security, compliance, and performance into their DevOps workflow in just a few clicks.”
New capabilities added to IBM Cloud Monitoring with Sysdig
- Image scanning: Automate scanning within CI/CD pipelines and registries and implement registry scanning inline. Block vulnerabilities pre-production and monitor for new CVEs at runtime. Map a critical vulnerability back to an application and development team.
- Runtime security: Protects containers, Kubernetes, hosts, and IBM infrastructure with out-of-the-box policies based on open source Falco. Automatically trigger response actions and notify the right teams immediately.
- Compliance: Ensure regulatory compliance standards are met, such as PCI-DSS, GDPR, NIST 800-190, with compliance checks and file integrity monitoring (FIM). Continuously validate cloud compliance for environments built on containers and Kubernetes across the entire application lifecycle.
- Incident response and forensics: Conduct forensics and incident response for containers and Kubernetes to understand security breaches, meet compliance requirements, and recover quickly. Sysdig provides a single source of truth for all activity in the container ecosystem before, during, and after an incident.
The challenge of securing containers and Kubernetes
Containers are black boxes that hide their internal activity, making it difficult to gain the visibility required to manage security risk. They are normally deployed using microservices, numbering in the tens of thousands, which dynamically connect to form applications.
Managing this complex environment requires visibility into container activity, context to understand how the microservices interact, and a detailed audit record for investigating incidents and alerts.
The Sysdig platform provides granular visibility enriched with Kubernetes and cloud context, along with a detailed audit trail, that allows teams to confidently run applications in production.
Through the agreement, Alert Logic’s cloud-based solution will provide 24/7 security monitoring against hacker threats, malware, and other cyberattacks. When a credible threat is detected, Anexinet’s trained response team will immediately quarantine impacted devices and rebuild systems if necessary.
“The Alert Logic partnership broadens Anexinet’s cybersecurity portfolio with cutting-edge-threat intelligence to protect our customers against increasingly sophisticated and frequent cyberattacks,” said Ryan Benner, VP Infrastructure Services, Anexinet.
“Coupled with our deep security expertise, the partnership will bring a turnkey solution for organizations that lack the in-house staff to monitor and administer a security operations center.”
Anexinet’s enhanced solution is an ideal complement for organizations that have some cybersecurity elements in place but need to increase protection without the cost and burden of additional staff, training, or software/hardware upgrades.
With this new partnership, customers will receive world-renowned cloud-based threat detection and the proven talent to engage and thwart attacks—without the exorbitant costs of building a solution in-house.
“Through a combination of technology, threat intelligence, and round-the-clock security experts, Alert Logic will help drive new levels of digital asset protection for every Anexinet customer, creating visibility throughout the technology stack, across public clouds, hybrid and on-prem environments,” said Dan Webb, VP of Partner Sales and Alliances at Alert Logic.
“We are thrilled to partner with Anexinet to elevate its security offerings and deliver MDR to many more organizations.”
Spin Technology announced the next generation of SpinOne, an AI-powered ransomware and backup solution for Google Workspace and Office 365. In the last year alone, 51 percent of organizations were targeted by ransomware, and cybersecurity continues to be a top concern for business leaders.
Including advanced new security features, a completely redesigned user interface, and improved platform functionality, the latest version of SpinOne will help organizations better protect against ransomware attacks in the cloud.
Over the last seven months, cloud adoption has accelerated as the number of remote workers spiked dramatically due to the COVID-19 pandemic. This increased reliance on the cloud has resulted in more ransomware attacks on public cloud and SaaS services. In fact, according to a recent report, six in ten successful attacks include data in the public cloud.
SpinOne offers industry-leading ransomware protection for G Suite and Microsoft 365, backup capabilities, and application management.
“As organizations add additional cloud services, they need solutions that are simple to deploy and manage. These updates make it even easier for IT and security professionals to protect their employees from the risks associated with ransomware, all while allowing them to scale the SpinOne platform over time,” said Dmitry Dontov, Chief Executive Officer.
“As G Suite shifts to Google Workspace, SpinOne continues to protect your organization’s data against ransomware and now includes additional summaries that explain the levels of risk and required action. In addition, we’ve enhanced our cloud monitoring capabilities and introduced advanced auditing.”
Comprehensive new security summaries
- From the dashboard view, an admin can now quickly scan their Google Workspace environment, including what security incidents have occurred to their data.
- Each data feed is summarized in a widget outlining security incidents, incident history, account summary, and more.
- Google Workspace has various ongoing activities operating within it, and SpinOne Cloud Monitor now provides a comprehensive overview of all actions, including Data Sharing, Application Installed, and Drive File Deleted.
- SpinOne now includes six additional cloud monitoring capabilities, detailing the admin activities within the SpinOne platform.
- The Cloud Monitor Incident Report details actions from users that exceed the rules set by Admins in their policies.
- SpinOne now expands its monitoring of OAuth access, including Android, Native, iOS.
- Historical risk scoring reviews are now expanded, and organizations can review an add-on’s risk over time.
Enhancements to backup and recovery
- Users and Groups are now separated in the new SpinOne.
APIs are now available for major third-party applications.
StorMagic announced that StorMagic SvSAN has been validated with Hewlett Packard Enterprise (HPE) Edgeline Converged Edge Systems. The joint edge hyperconverged (HCI) solution meets all of the unique compute, storage and networking requirements found at the edge, including simplicity, high density and the ability to deliver 100 percent uptime.
“StorMagic SvSAN provides an easy to use, reliable and affordable HCI solution for HPE Edgeline customers at their edge locations,” said Shelly Anello, General Manager of Converged Edge Systems at HPE.
“Size, weight and power optimized Edgeline systems are purpose-built for the far edge, and with SvSAN can deliver a portable, rugged and highly-available HCI solution for distributed deployments.”
StorMagic SvSAN runs on any hypervisor as a guest virtual machine to enable complete, highly-available shared storage and virtualization with only two Edgeline servers per site. Its shared storage executes active-active synchronous mirroring to create a copy of data on both servers, eliminating downtime.
The compact bladed architecture and integrated networking of the Edgeline EL4000 and EL8000 series allow multi-server SvSAN clusters to be built within tight space constraints of the edge. These clusters can also run without degradation in harsh operating environment of remote locations without a need for a separate protective enclosure.
“HPE is one of few server vendors that is designing servers specifically for the edge, and has incorporated the same high-performance technologies and security found in their datacenter-class systems,” said Brian Grainger, CRO and board member, StorMagic.
“Paired with SvSAN, the clusters are small, easy to manage and deliver 100 percent uptime. Our joint solution is ideal for edge environments, which can be found in a multitude of locations, like small datacenters, factories, distribution centers or remote and branch offices.”
Flashpoint announced it has acquired CRFT, a security automation provider that empowers teams of all sizes and skill levels to streamline daily security tasks through a seamless, no-code design and delivery engine.
This acquisition augments the value of Flashpoint’s intelligence by empowering security and threat teams to streamline workflows and trigger actions that mitigate threats automatically.
Flashpoint already produces the industry’s highest-quality threat intelligence from online illicit communities. By integrating CRFT’s no-code security automation into Flashpoint’s product suite, the company is now positioned to empower Cyber Threat Intelligence (CTI), Fraud, and Security teams to take rapid, automated action from inbound intelligence and event-based alerts.
Understaffed and overwhelmed teams will be able to easily activate multi-step and multi-system workflows based on Flashpoint’s multilingual playbook library ensuring efficient, timely, and decisive action to stop threats in their tracks, automatically.
Automation is the next critical step in the evolution of threat intelligence to ensure organizations drive meaningful, security-based action. Nearly half of all respondents in the 2020 SANS CTI Survey reported a lack of automation as inhibiting organizations from implementing intelligence effectively.
“Flashpoint is poised to lead the industry in making threat intelligence easily actionable regardless of a team’s maturity,” said Josh Lefkowitz, CEO of Flashpoint.
“The acquisition of CRFT enables us to bridge that gap for security teams with no-code automation and packaged expert playbooks to support critical workflows, whether detecting and remediating malware, discovering and combating account takeover, or identifying and mitigating a physical threat.”
To help execute on Flashpoint’s vision of building automation around actionable threat intelligence, we are excited to also welcome CRFT CTO and co-founder Austin McDaniel to Flashpoint as Chief Automation Architect.
Austin brings a wealth of experience in the security software industry, including prior roles in key architecture and product development roles at JASK, Swimlane, and Google.
With a return on investment of 482% over three years (according to a recent commissioned Forrester Consulting TEI study), Flashpoint pays for itself in less than three months. Now with no-code automation from CRFT, Flashpoint customers can achieve even greater efficiency and avoid the hassle of complex integrations and customizations.
Flashpoint customers can expect to see new capabilities from the CRFT acquisition rolled out quickly as integration efforts to bring CRFT functionality into our industry-leading Flashpoint Platform are already underway.
Amazon Web Services announced the general availability of AWS Network Firewall, a new managed security service that makes it easier for customers to enable network protections across all of their AWS workloads. Customers can enable AWS Network Firewall in their desired Amazon Virtual Private Cloud (VPC) environments with just a few clicks in the AWS Console, and the service automatically scales with network traffic to provide high availability protections without the need to set up … More
The post AWS Network Firewall: Network protection across all AWS workloads appeared first on Help Net Security.
Sysdig announced the launch of zero trust network security for Kubernetes. This launch expands Sysdig’s runtime security to add network visibility and segmentation. With total network visibility and automated rule creation, Sysdig reduces the time to implement network security from weeks to hours.
Sysdig also announced the expansion of IBM Cloud Monitoring with Sysdig to include Sysdig Secure.
The best strategy for network security is to use native controls, such as Kubernetes network policies, to enforce zero trust network segmentation. With this approach, DevOps teams have confidence that their policies are being implemented accurately. The modern software development stack is moving to open standards and security is no exception.
New zero trust network security with Sysdig
Quickly understand network communications with new topology maps: DevOps teams are often blind to how containerized apps are communicating. This understanding is critical in creating effective policies.
Sysdig adds dynamic network topology maps to visualize all communication into and out of a particular pod, service, and application. This detailed visibility allows DevOps teams to spot malicious attempts that take advantage of permissive network policies before it’s too late.
Save time with low-touch Kubernetes-native network segmentation: Kubernetes network policies are hard for teams to implement. A lot of time is wasted going back-and-forth between developers and DevOps teams to agree on the right network policy. With this announcement, Sysdig saves time by automating least privilege policies based on observed traffic enriched with application and Kubernetes metadata.
Teams can easily implement accurate network policies that are not too permissive, but also do not break application functionality. It also helps organizations meet compliance requirements, such as NIST and PCI, which require network segmentation.
Conduct thorough investigations with process-level visibility: Being able to investigate all connections, either accepted or failed, is critical to responding to below-the-radar attempts before it’s too late.
With Sysdig Audit Tap, DevOps teams can fingerprint every process connection, giving full process-level visibility into the entire environment, including every network connection attempt.
Teams can monitor every connection made by a process, even if a connection is unsuccessful. Teams can also plug into existing incident response workflows by forwarding events to SIEM tools like Splunk.
Simplify the path to zero trust network security
Zero trust is centered on the belief that organizations should never automatically trust anything inside or outside its perimeters and instead must verify before granting access.
As cloud and Kubernetes matures, so does interest in applying Zero Trust principles, but DevOps and security teams are inexperienced at applying a zero trust network security model to these new environments.
“There are several approaches to zero trust that forward-looking security teams can take advantage of. We believe using a Kubernetes-native approach that goes beyond traditional firewalling to enforce segmentation at the namespace and service level is the strongest approach,” said Omer Azaria, vice president of engineering, security at Sysdig.
“For developers and DevOps teams, we provide an easy button for implementing Kubernetes network policies. From the cloud security architect’s opinion, Kubernetes network policies provide guardrails that keep security and compliance in check as developers move quickly in the cloud.”
The Sysdig Secure DevOps Platform allows cloud teams to confidently secure containers, Kubernetes, and cloud services. With Sysdig, cloud teams secure the build pipeline, detect and respond to runtime threats, continuously validate compliance, and monitor and troubleshoot cloud infrastructure and services.
D-Link unveiled four new Wi-Fi 6 access points across its Nuclias Connect and Nuclias Cloud network management solutions.
These access points incorporate the latest Wi-Fi 6 standard and are designed to solve connectivity issues better than ever before for key business sectors such as education, hospitality, and retail/SMBs that are experiencing a growing number of users and devices.
D-Link’s new AX3600 Wi-Fi 6 access points (DAP-X2850, and DBA-X2830P) and AX1800 Wi-Fi 6 access points (DAP-X2810 and DBA-X1230P) provide new technological enhancements that allow for all businesses and users to optimize their performance, especially in high density network environments such as supermarkets, schools, busy offices, and factories where multiple users use multiple devices simultaneously.
Designed for operation in both the 2.4 GHz and 5 GHz spectrums, these access points provide more reliable, consistent connections over a longer range. MU-MIMO, OFDMA, and 1024-QAM dramatically reduce latency as well as increase data rate throughput and network capacity.
In addition to enhanced security with support for WPA3 Enterprise wireless encryption, the new access points also provide PoE support, Airtime Fairness to efficiently share coverage among clients, and Band Steering for efficient traffic management.
“Wi-Fi 6 is an exciting technology, offering previously unseen connectivity and even more opportunities for businesses than ever before,” affirmed Mark Chen, President, D-Link.
“At D-Link, we’re committed to being at the forefront of technology. By creating the tools and products that integrate the latest enhancements like Wi-Fi 6 and making them highly accessible for all businesses, we’re developing stronger connections for better business.”
D-Link’s centralized network management solutions allow businesses to manage the new access points and optimize operations and productivity. Nuclias Connect is a free, intuitive software-based platform designed for on-premise network management, offering cost-effective scalability and privacy for SMBs.
Designed for smaller organizations with limited IT knowledge/budget, Nuclias Cloud is a 100% cloud-based network management platform that features effortless deployment, easy management, and unlimited scalability. With two different systems, D-Link has the enterprise Wi-Fi 6 solution for every industry and every business scenario.
DAP-X2850 (Nuclias Connect), and DBA-X2830P (Nuclias Cloud)
- Dual-band AX3600 with up to 3.6 Gbps combined wireless speeds
- 4 x 4 MU-MIMO omnidirectional antenna
- 1 x 2.5G Ethernet + 1 Gigabit Ethernet
- Supports Link Aggregation
DAP-X2810 (Nuclias Connect) and DBA-X1230P (Nuclias Cloud)
- Dual-band AX1800 with up to 1.8 Gbps combined wireless speeds
- 2 x 2 MU-MIMO omnidirectional antenna
- 1 x Gigabit Ethernet
Magnite announces its support of the open-source, interoperable identity solution, Unified ID 2.0, in collaboration with The Trade Desk and other companies across the digital advertising industry.
Magnite will adopt Unified ID 2.0, an open source framework for hashing and encrypting email addresses, in order to create a common transaction fabric for digital advertising. Magnite’s endorsement will also further promote publisher adoption of the solution.
“Magnite and The Trade Desk share the common belief that the next generation of identity needs to be open and ubiquitous, with consumer privacy, transparency and control at its core,” said Tom Kershaw, Chief Technology Officer, Magnite.
“We are firm supporters of Unified ID 2.0 as an identity solution that can work across all digital ecosystems. It’s key that industry partners coalesce around an identity solution that’s an upgrade to cookies and enables publishers of all sizes to build and maintain trust with their viewers.”
Unified ID 2.0 also provides an opportunity for Magnite, The Trade Desk and other industry leaders, to further prove the value exchange of the open internet. Ad requests made utilizing Unified ID 2.0 will create more relevant advertising opportunities, which has shown to yield higher CPMs.
Benefits for publishers include:
- Independence: An open identifier built on hashed email address means that publisher monetization will be less reliant on the whims of browsers and OEMs in the future.
- Control: The ID will enable a suite of options for participation that help publishers of all sizes maintain control of their data. This includes integration with existing publisher logins, as well as an open single sign-on and alternate SSO solutions.
- Trust: These standards will make it easy for publishers to build and maintain trust with their users. This includes aligning on a common approach for consent messaging and offering a reliable framework for user transparency and control.
- Openness: Unified ID 2.0 is based on an open source framework and will be consistent with, and work seamlessly with, prebid.js and prebid.server.
“We’re seeing tremendous momentum around Unified ID 2.0 across all corners of the digital advertising industry, as we work together on a better, upgraded alternative to cookies,” said Dave Pickles, Chief Technology Officer, The Trade Desk.
“Together with Magnite and other industry leaders, we can create a better model for identity, one that gives more controls and transparency to both publishers and consumers, while preserving the value exchange of relevant advertising on the internet.”
Unified ID 2.0 is being built in collaboration with leading industry associations and partners, and will be managed by an independent governing body.
Farsight Security announced that Farsight DNSDB, a DNS intelligence database, is now integrated with Palo Alto Networks Cortex XSOAR, an extended security orchestration, automation and response platform that empowers security teams by simplifying and harmonizing security operations across their enterprise.
Through this integration, Farsight DNSDB and Cortex XSOAR enable security analysts to uncover and gain context for all connected DNS-related digital artifacts, from domain names and IP addresses to nameservers and MX records, in seconds.
Farsight Security is offering a free content pack entitled “DNSDB” in the Cortex XSOAR integrations marketplace. The DNSDB content pack contains three playbooks that integrate into existing automation processes to automatically contextualize and correlate all DNS-related assets.
For example, while responding to a reported malicious domain, users can uncover the associated domains and IP addresses to reveal the attacker’s infrastructure which may have already been used or may be used in the future for an attack.
Using the playbooks, security practitioners can retrieve:
- All hostnames seen for a given IP around the time of observation.
- All IPs seen for a given hostname around the time of observation.
- A limited number of other hostnames seen on the same IPs as the target hostname.
“A broad and open ecosystem is vital to the successful adoption of any XSOAR platform,” said Rishi Bhargava, vice president of product strategy, Cortex XSOAR at Palo Alto Networks.
“We are proud to welcome Farsight Security to the Cortex XSOAR ecosystem, which has partner-owned integrations that enable customers to streamline security processes, connect disparate security tools and technologies, and maintain the right balance of machine-powered security automation and human intervention.”
“Every online transaction, good or bad, begins with a DNS lookup. Yet domain names and IP addresses can be used and discarded by criminals in minutes or even seconds. Farsight DNSDB enables users to map malicious infrastructure – even when the website has disappeared or the IP address or nameserver for the suspicious DNS asset has changed.
“Farsight Security is proud to be part of the Cortex XSOAR marketplace and these playbooks will measurably improve the speed and accuracy of our joint customer investigations,” said Farsight Security CEO Dr. Paul Vixie.
Cortex XSOAR is an extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intel management to transform every stage of the incident lifecycle.
Teams can manage alerts across all sources, standardize processes with playbooks, take action on threat intel and automate response for any security use case — resulting in significantly faster responses that require less manual review.
Armor Anywhere with Cloud Security Posture Management (CSPM) lets clients continuously inventory and assess the security and compliance of their public cloud services as per industry standard benchmarks and regulatory mandates (e.g. NIST, FEDRAMP, CIS).
The Qualys CloudView app extends Qualys’ relationship with Armor. Qualys Cloud Agents are already embedded and fully integrated with the Armor platform to deliver asset discovery and inventory, plus vulnerability assessment, including configuration controls, threat prioritization and patch detection. This integration now provides compliance and monitoring of public cloud workloads to Armor customers.
“The Qualys Cloud Platform is highly scalable and easily integrates with Armor’s security and compliance platform,” said Mark Woodward, CEO of Armor. The addition of Qualys CloudView allows us to further accelerate compliance outcomes and protect customers from intentional and accidental risks in their public clouds.”
“As a leading security provider, Armor is a trusted advisor helping companies to secure their hybrid cloud environments,” said Philippe Courtot, chairman and CEO of Qualys. “This expanded partnership enables Armor to further extend visibility into public cloud services to easily manage continuous compliance and risk for their customers.”
Netskope announced the expansion of the Netskope NewEdge network with a new data center in Seoul, South Korea. Serving millions of enterprise users around the world, Netskope NewEdge is a carrier-grade, security private cloud network that is reserved exclusively for Netskope customers.
With South Korea representing a ‘top five’ economy in Asia and ‘top 15’ globally, the addition of the Seoul data center enhances the NewEdge infrastructure and demonstrates an increased investment in the region.
This translates into improved coverage for Netskope services with high performance and lower latency, especially important for companies headquartered in the region or multinationals with a presence in Northern Asia.
“Our customers are rapidly moving away from legacy backhaul architectures, embracing the cloud, and looking to acquire security technology that controls data movement, guards against threats and secures users both inside and outside the enterprise network,” said Jay Kwon, CTO at VicCns Co., Ltd.
“With Netskope launching a new data center in Seoul paired with the NewEdge network’s local peering for the fastest access to web, cloud and SaaS in region, we expect increased adoption of Netskope cloud security across Korea in the coming months.”
As organizations continue to balance the remote or hybrid-office workforce, they are relying on cloud-based solutions to seamlessly bridge the gap from office to home for their employees.
With 20% of users moving sensitive data among multiple cloud apps and services, businesses must continue to prioritize security during this era of rapid digital transformation.
“We’re excited to continue our expansion across Asia-Pacific with the launch of the NewEdge data center in Seoul,” said Jason Hofmann, VP Platform Architecture and Services at Netskope.
“With just 5% to 10% of the latency compared to other vendors based on 3rd-party tests, Netskope is now unequivocally the highest-performing cloud security provider in South Korea, with the fastest on-ramps for user traffic and best round trip times for web, cloud and SaaS access.”
The decades-long efforts to digitally transform enterprises have pushed the capabilities of the public internet to its maximum. Inherently unpredictable and unsecure, the public internet is strained by users who demand great web, cloud, and private application performance and enterprises that demand more security.
Compounding this challenge, legacy security tools often introduce delays to accessing these critical services. As a result, industry analysts have scrutinized the reliance on the public internet for security of these services, giving rise to new architectural frameworks like Gartner’s “secure access service edge” (SASE) that enterprise security leaders are moving to adopt.
Netskope NewEdge is built by industry veterans representing the largest and most performant networks ever built. Like no other network, NewEdge delivers inline security services through a carrier-grade, next-generation global infrastructure based on advanced application and network optimization technologies and processes.
As a private cloud network, NewEdge optimizes connectivity with its resilient global architecture, which is directly peered with major providers, mitigating the challenge of the public internet. This enhances the overall user experience, resulting in a better web, cloud, and private application performance for most Netskope customers.
The Netskope Security Cloud, delivered on NewEdge, provides unrivaled visibility and real-time data and threat protection for cloud services, websites, and private apps accessed from anywhere, on any device.
No other company in the market has addressed shifting demands by combining Next-Generation SWG capabilities, the world’s leading CASB, Cloud Security Posture Management, Zero Trust Network Access, and advanced machine learning to detect unauthorized data exfiltration and advanced threat protection.
Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
To accelerate deployment and simplify administration for network teams, Netskope supports the most flexible options of any vendor for steering traffic to the NewEdge network. This includes Netskope’s lightweight client for managed devices or a traditional proxy auto-config (PAC) file-based approach.
NewEdge also works seamlessly with a customer’s existing router, firewall, and proxy investments utilizing IPSec/GRE tunnels or proxy chaining, as well as plug-and-play integrations with SD-WAN solutions.
To extend security and data protection to unmanaged users and devices, Netskope also supports an extensive set of clientless options to enable any web-based, SaaS application.
The new integration allows security and DevOps teams to set up automated security scans of container artifacts in Artifact Registry, now generally available. Qualys Container Security scanning will assess all images for software inventory, vulnerabilities and misconfigurations, and provide a unified view across multiple Google Cloud regions.
Customers can then leverage the Qualys security posture API of these container images for automation of security workflows like container deployments in Google Cloud Build or integrating with DevOps ticketing systems.
“Google Cloud’s Artifact Registry provides a convenient fully-managed service that allows customers to have a central repository for all their software artifacts,” said Philippe Courtot, CEO, Qualys.
“Now, with our new integration, customers can quickly adopt this artifact management offering from Google Cloud in their DevOps pipeline with seamless container security built-in from Qualys.”
“It’s important that DevOps and IT teams are able to deliver software quickly and securely, and we’re excited that Qualys is integrating its container security capabilities with Google Cloud’s Artifact Registry,” said Juan Sebastian Oviedo, Product Manager at Google Cloud.
Qualys Container Security
Built on the Qualys Cloud Platform, Qualys Container Security discovers, tracks and secures containers from build to runtime. Container Security continuously flags and responds to security and compliance issues in containers across your hybrid IT environment.
The addition of runtime protection extends these capabilities, delivering full, granular visibility into running containers and the ability to enforce policies that govern containers’ behavior.
As a result, you can immediately detect and act upon containers drifting from their parent images and potentially creating a security risk due to vulnerabilities or misconfigurations.