New infosec products of the week: October 16, 2020

Cyborg Security launches HUNTR platform to help orgs tackle cyber threats

Cyborg Security’s HUNTR platform provides advanced and contextualized threat hunting and detection packages containing behaviorally based threat hunting content, threat emulation, and detailed runbooks, supplying organizations what they need to evolve their security analysts into skilled hunters.

infosec products October 2020

Cloudflare One: A cloud-based network-as-a-service solution for the remote workforce

As more businesses rely on the internet to operate, Cloudflare One protects and accelerates the performance of devices, applications, and entire networks to keep workforces secure. Now businesses can protect their workforce in a flexible and scalable way, without compromising security as distributed teams work from multiple devices and personal networks.

infosec products October 2020

Booz Allen Hamilton unveils SnapAttack, bringing together red and blue security teams

By unifying the security lifecycle into a single solution, SnapAttack enables red and blue teams to work together, emulating attacks from intelligence data, sharing insights of malicious behavior, and developing vendor-agnostic behavioral detection analytics to stop advanced adversaries.

infosec products October 2020

BAE Systems unveils cyber-threat detection and mitigation solution for U.S. military platforms

The Fox Shield suite is designed to help platforms detect, respond, and recover from cyber attacks in real time. The system’s cyber resilience capabilities can be integrated into ground, air, and space vehicles to protect our warfighters and platforms from cyber attacks designed to access and degrade mission capabilities.

infosec products October 2020

Shujinko AuditX: Simplifying, automating and modernizing audit preparation and compliance

AuditX automates evidence collection, maps evidence across multiple controls and across different standards, streamlines audit workflow and clarifies communication across teams and with auditors. AuditX organizes evidence in a centralized library for final readiness review and provides a 360-degree dashboard to make the entire process highly visible and predictable.

infosec products October 2020

Masergy extends the value of Masergy SD-WAN Secure to home and mobile users

Masergy’s Work From Anywhere solutions include SD-WAN Secure Home for executives and power users requiring unwavering reliability from their home office connections and SD-WAN On the Go for mobile users needing secure access to corporate and cloud applications.

infosec products October 2020

C2A Security launches AutoSec, an automotive cybersecurity lifecycle management platform

C2A Security announced the launch of its flagship cybersecurity product, AutoSec, a cybersecurity lifecycle management platform. AutoSec meets the rapidly-evolving challenges of vehicle cybersecurity with an open platform that empowers industry stakeholders to identify and mitigate cyber attacks.

infosec products October 2020

Shujinko AuditX: Simplifying, automating and modernizing audit preparation and compliance

Shujinko launched AuditX, a SaaS platform that simplifies, automates and modernizes the enterprise cloud security compliance audit process to make it up to 3x faster and dramatically simpler.

Organizations can use AuditX to speed audits (PCI DSS, SOC 2, ISO 27001, NIST, etc.) across public cloud infrastructure (AWS and Azure) and hybrid environments.

Simultaneously, the company announced its Automated Evidence Collection Engine, the industry’s first platform for automatically orchestrating, collecting and transforming compliance evidence directly from public cloud platforms and other SaaS systems.

“Compliance audits are painful, manual, time-consuming – and happen again and again, year after year,” notes Scott Schwan, Shujinko CEO and co-founder.

“Research shows more than 70% of CISOs are facing multiple upcoming audits while struggling with poor tools, conflicting priorities, limited resources and now remote management. They all want an automated and more efficient process, something AuditX was purpose-built to deliver. It’s the exact tool I wish we had when I was responsible for information security and compliance at Starbucks.”

AuditX eliminates much of this compliance work by translating complex standards requirements and controls into easily understandable tasks for teams, allowing them to spend less time on audits and more on top company growth priorities.

AuditX automates evidence collection, maps evidence across multiple controls and across different standards, streamlines audit workflow and clarifies communication across teams and with auditors. AuditX organizes evidence in a centralized library for final readiness review and provides a 360-degree dashboard to make the entire process highly visible and predictable.

“Automation is key to our business, so naturally I’m a huge fan,” said Udo Waibel, CTO at Oomnitza. “I’ve done audits manually, and it’s a tremendous amount of labor. Automation eliminates that, while also grabbing the metadata that’s difficult – or impossible – for people to get on their own.”

“The audit became a process that all of us could track, and readily understand in terms of completion percentage,” said Krishna Bhat, co-founder and CEO at Kloudio. “That became particularly useful as I kept the board and investors apprised of our rapid progress, and how it was impacting our time to market.”

AuditX makes audit preparation and compliance:

  • Fast – automate collection of evidence directly from cloud infrastructure, distributed cloud services and settings. Automatically map evidence to all applicable controls within and across standards. Display prior audit preparation and narration for historical context.
  • Efficient – assign consolidated tasks, organize prep teams, manage collaborative workflow, review evidence and communications, and maintain a centralized library of audit-ready evidence.
  • Visible – share dashboard reporting (overall and by control), drill down to specific task level with detailed filter view and instantly view evidence without having to leave the tool.
  • Intuitive – onboard in an hour (not weeks or months); begin immediately with simple visual portal and task-based workflow; learn from suggested guidelines, best practice language and examples.
  • Extensible – designed for the future to support a broad range of standards frameworks, AuditX connects to all major cloud platforms and leverages API integration with other SaaS systems for evidence collection and task management.

AuditX and AuditX+ (with Automated Evidence Collection) are available immediately as a software subscription.

CISOs struggling to prep for security audits

Calendars for security and compliance audits are largely unchanged despite COVID-19, yet the pandemic is straining teams as they work remotely, according to Shujinko.

CISOs security audits

Moreover, CISOs are tasked with preparing for more than three audits on average in the next 6-12 months, but struggle with inadequate tools, limited budgets and personnel, and inefficient manual processes.

Furthermore, the results show that migration to the cloud is dramatically increasing the scope and complexity of audit preparation, obsoleting old methods and approaches.

“This survey clearly shows that CISOs at major companies are caught between a rock and hard place when it comes to security and compliance audits over the second half of 2020 and want automated tools to help dig them out. Unfortunately, they’re simply not able to find them,” said Scott Schwan, Shujinko CEO.

“Teams are cobbling together scripts, shared spreadsheets, ticketing systems and a hodgepodge of other applications to try to manage, resulting in inefficiency, lengthy preparation and limited visibility. More than two-thirds of CISOs are looking for something better.”

CISOs preparing for more than three audits

Despite changes in the economic climate due to COVID-19, CISOs are still tasked with preparing for more than three upcoming compliance audits across multiple security frameworks (e.g., PCI, SOC 2, NIST-CSF, ISO 27001, etc.).

Most common audits are for HITRUST, HIPAA and PCI DSS

51% of CISOs surveyed indicated they are preparing for a HITRUST audit in the next six to twelve months, 45% are preparing for HIPAA, 43% for PCI DSS, 41% for CCPA and 36% for an internal audit. In addition, 77% of companies preparing for SOC-2 audits were software companies.

CISOs are worried about doing more with less

COVID-19 has amplified CISOs’ concerns about doing more with less (both people and budget) with both teams and auditors working remotely. Worries over conflicting priorities, draining available resources and ensuring that evidence is complete round out their top five CISO concerns.

CISOs desperately want more automation

72% of security executives say they want to improve the automation of their audit preparation process, and automation was cited as the number one element most CISOs would change if they could. Team communication and collaboration rounded out the top three most desired improvements.

CISOs security audits

Two-thirds of CISOs dislike their current tool set

The survey found that CISOs are currently using a mix of home-grown scripts, spreadsheets, ticketing systems, shared documents, Sharepoint and e-mail to prepare for audits. No CISOs reported having a security audit preparation tool that they are completely satisfied with.

CISOs have poor visibility into the audit process

No CISOs rated visibility into key audit preparation steps a complete success and only one rated it a 4 out of 5 – suggesting poor executive line-of-sight into hitting audit deadlines.

Audit processes don’t fit a cloud development model

Only 1 percent of CISOs said that their audit preparation process completely aligns with the speed and agility that is needed for rapid cloud application development and frequent iteration.

Photos: RSA Conference 2020, part 4

RSA Conference 2020 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news.

Here are a few photos from the event, featured vendors and organizations include: Shujinko, Build38, Styra, TrueFort, Menlo Security, NETSCOUT | Arbor, SkySync, NIST Cybersecurity, Centrify, Teramind.

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

Other photos are available here, here and here.

10 hot industry newcomers to watch at RSA Conference 2020

The RSA Conference Early Stage Expo is an innovation space dedicated to promoting emerging talent in the industry. Here are some of the most exciting companies exhibiting innovative products and solutions, which you can see in person in the San Francisco Ballroom, Moscone South, Level 2.

Abnormal Security

Abnormal Security stops targeted email attacks. Abnormal Behavior Technology models the identity of both employees and external senders, profiles relationships and analyzes email content to stop attacks that lead to account takeover, financial damage and organizational mistrust. Abnormal sets up in minutes with Office 365 and G Suite, has no end-user friction, and does not disrupt email flow.

Early Stage Expo RSA Conference 2020

We talked with Evan Reiser, CEO of Abnormal Security, about how layering diverse defenses is crucial for stopping email attacks.

Armorblox

The Armorblox platform uses natural language understanding and deep learning to analyze content, context, and metadata on all business communications. Armorblox protects against targeted email attacks, prevents accidental or malicious data disclosure, and stops insider threats.

Early Stage Expo RSA Conference 2020

We interviewed Armorblox CEO Dhananjay Sampath about thwarting email-based social engineering attacks.

BluBracket

BluBracket is the first comprehensive security solution for code in the enterprise—so developers can innovate and collaborate, and security teams can sleep at night. Using BluBracket, companies can view, monitor and secure their code, without altering developer workflow.

Early Stage Expo RSA Conference 2020

Fuzzbuzz

Fuzzbuzz is a fuzzing platform and set of tools that enables dev & sec teams to effortlessly find severe bugs and vulnerabilities by integrating fuzzing into the SDLC. Fuzzbuzz saves developer time by eliminating false positives, ensuring bugs are never reintroduced, and automatically generating fuzz harnesses.

Early Stage Expo RSA Conference 2020

K2 Cyber Security

K2’s Next Generation Application Workload Protection Platform protects web and binary applications from attacks. K2’s deterministic approach eliminates false positives and provides runtime protection against OWASP top 10 attacks.

Using proprietary OCFI technology to create a DNA map of each application, K2 provides exact location of vulnerability saving significant time and effort.

Early Stage Expo RSA Conference 2020

Kindite

Kindite assembled a unique set of confidential computing technologies into a single data-protection platform, which ensures data is encrypted end-to-end, even while being processed. Kindite’s platform keeps the encryption keys within the organization’s trusted environment, creating a true zero-trust relationship with any infrastructure while maintaining full business continuity.

Early Stage Expo RSA Conference 2020

For more depth, read the following articles Kindite contributed to Help Net Security:

LevelOps

LevelOps is an application security platform that helps security teams manage the security lifecycle, across multiple products and from requirements to operations. LevelOps integrates with existing tools in your SDLC and provides a way for security teams to scale, without compromising engineering velocity.

Early Stage Expo RSA Conference 2020

Shujinko

Shujinko brings cloud compliance know-how together with automation to make compliance and audits fast and easy. Shujinko helps confidently prepare for an audit by automating most of the technical controls that are error-prone to set up in a compliant way, as well as the evidence collection and documentation that takes thousands of hours to complete.

Early Stage Expo RSA Conference 2020

vFeed

The vFeed correlation algorithm analyzes a large plethora of scattered vendors advisories and third party sources, then standardizes the content with the respect to industry security open standards.

Early Stage Expo RSA Conference 2020

Vulcan Cyber

Vulcan Cyber is a vulnerability remediation and orchestration platform that is modernizing the way enterprises reduce cyber risk. With its remediation-driven approach, Vulcan automates and orchestrates the vulnerability remediation lifecycle, enabling security, operational and business teams to effectively remediate cyber risks at scale.

Early Stage Expo RSA Conference 2020