61% of malicious ads target Windows users

CATALIN CIMPANU | December 2, 2019 | 145 views

Most malvertising campaigns (malicious ads) target Windows users, according to statistics shared last week by cyber-security firm Devcon. The company said that based on data gathered by its internal tools, 61% of the malicious ads they've observed from between July 11 and November 22, 2019 were aimed at Windows users. This included malicious ad campaigns "designed to redirect the user to malicious sites or to trick the user into downloading a piece of malware." Devcon said the reason for this was simple, and could be attributed to Windows' huge OS market share, which is no surprise, since most malware in the past 30 years has targeted Windows devices.

Spotlight

RightSignature LLC

RightSignature is the easiest, fastest way to get documents signed. With an elegant, intuitive user interface, RightSignature replicates the pen-and-paper signing experience in any web browser. Users review documents, fill in form fields, and create an actual, wet-like signature online with a mouse or on the iPhone/iPad/Android touchscreen. American Bar Association's GPSolo Magazine: "With RightSignature you can upload contracts and have them signed in a faster, cheaper, and more secure way than paper documents."

OTHER ARTICLES
PLATFORM SECURITY

Why Should Businesses Care About Identity Security?

Article | July 4, 2022

In recent years, several of the world's most technology-savvy businesses have experienced identity-related breaches. These occurrences have emphasized how digital identities have evolved to be both today's largest cybersecurity issue and the foundation of current organizational security. It has become evident that a comprehensive, all-hands-on-deck strategy is essential to keep ahead of attackers and make their success more difficult. Why Should Businesses Care About Identity Security? According to CrowdStrike Overwatch team analysis, eight out of ten (80%) breaches are identity-driven. These contemporary attacks often skip the conventional cyber kill chain by utilizing stolen credentials to perform lateral moves and launch larger, more devastating attacks. Identity-driven attacks, however, are particularly difficult to detect. When a genuine user's credentials have been hacked, and an adversary is posing as that user, traditional security processes and tools might make it impossible to distinguish between the user's regular activity and that of the hacker. Identity security is often seen as an organization's final line of defense. These technologies are designed to combat attackers who have escaped existing security measures like endpoint detection and response tools. Identity Security and Zero Trust: How Are They Related? Zero Trust is a security architecture that needs every user, both within and outside of an organization's network, to be verified, approved, and constantly checked for security configuration and posture before allowing or maintaining access to applications and data. Zero Trust implies that there is no conventional network edge; networks can be local, in the cloud, or a mix or hybrid of the two, with resources and employees located everywhere. Businesses that wish to implement the most robust security defenses should combine an identity security solution with a zero-trust security architecture. They must also make sure that their chosen solution complies with industry standards, such as those specified by NIST. Closing Lines Many changes are in store for 2022. Indeed, we cannot forecast all the critical challenges and subjects that will arise this year. Could you fill in some of the gaps? A robust identity security solution will provide the business with several benefits and expanded capabilities.

Read More
SOFTWARE SECURITY

The Reasons Why Cyberattack Surfaces Are Rising

Article | July 8, 2022

Increased cyber assets result in growing attack surfaces. So much so that, according to a recent Gartner analysis, the number one security and risk management trend today is attack surface growth. Businesses and security executives must update security policies and processes to prevent growing dangers when new technologies and cyber environments are adopted. Let's discuss the reasons for attack surface growth and how to rethink cyber asset protection in light of them. Reasons Behind Attack Surface Expansion The Multi-Cloud Trend Is Rapidly Expanding Modern businesses are using the cloud to stay up with digital innovation and meet market expectations. For organizations in many locations, a single public cloud provider is no longer appropriate. Choosing one that satisfies organizational demands is difficult. This simple problem-solution gave many organizations the multi-cloud trend. Gartner found that 81% of respondents use two or more cloud services. Multi-cloud is also used to maintain a vendor-agnostic approach and prevent vendor lock-in. To remain ahead of the competition, numerous vendors provide best-of-breed solutions. This is a huge benefit for multi-cloud adopters. For Ever-Growing SaaS Toolchains, Visibility Is an Issue More than 150 SaaS apps are used by companies with 1,000+ employees. Modern businesses embrace more SaaS apps to speed up their workflows. However, as SaaS adoption expands, so do businesses' attack surfaces. The following are the key reasons for SaaS security: Misconfigurations The absence of robust identity and access management system Inadequate disaster recovery planning Problems with data retention Breach of privacy and data security Inability to satisfy regulatory compliance To keep up with SaaS platforms, businesses must have scalable security and compliance policies. CAASM Automates Security Gap Identification According to Gartner, Cyber Asset Attack Surface Management (CAASM), Digital Risk Protection Services (DRPS), and External Attack Surface Management (EASM) will enable CISOs to safeguard environments against expanding attack surfaces. CAASM will help security teams in particular to: Gain insight over the cloud and SaaS cyber assets Automatically fill security loopholes. Accelerate incident reaction and clean-up Closing Lines As the attack surface rises, so does the amount of cybercrime that occurs. According to the FBI, cyberattacks have risen 400% since the pandemic began, making it essential to detect and minimize cyberthreats for business's health and future. To defend your company from rising dangers, you must detect gaps in time and adapt to the digital world. There are more targets for attackers to strike since organizational attack surfaces are constantly growing.

Read More
PLATFORM SECURITY

Cloud Security Threats: 2022 Edition

Article | July 29, 2022

The worldwide cloud services industry is expanding as enterprises around the world continue to embrace cloud technologies. Cloud computing is estimated to reach 947.3 billion by 2026 (Yahoo), growing at a CAGR of 16.3%. But, for all of the advantages the cloud brings, there is a catch: cloud security risks. According to a survey by ISC2, 93% of businesses are concerned about the risks connected to cloud computing. Is this to say that the danger outweighs the reward? No, not at all. Let's look at some cloud security threats to watch out for in 2022, as well as how to develop a cybersecurity policy to safeguard your data while reaping the benefits of cloud computing safely. What Security Issues Can Organizations Deal in 2022? Cloud Strategy One of the most crucial security threats for companies is their ability to design and maintain a cloud strategy plan efficiently. Your business is likely to face fragmentation if cloud and security environments are not aligned with business strategy, which can have a detrimental impact on overall operations and business management. How to Mitigate This Risk: Create a cohesive strategy Concentrate on organizational outcomes Update your cloud security strategy periodically Unauthorized Access Access management is a major challenge to cloud security since it includes private data. Businesses of all sizes are concerned about employees openly sharing data with unauthorized personnel or external third parties, deliberately or accidentally. Additionally, some users with weak passwords or no authentication are more prone to having their data compromised. Ineffective passwords cause almost 80% of data breaches, according to Verizon. How to Mitigate This Risk: Create reasonable policies and processes Implementing multi-factor authentication (MFA) Developing a security model based on zero trust Making use of real-time access data Insecure APIs Many cyberattacks, particularly denial of service (DoS) cyberattacks, are done using application program interfaces (APIs). According to Gartner, API assaults will become the most common attack vector in 2022. How to Mitigate This Risk: Develop an API-specific security strategy Protect your API data using encryption Maintain consistent control over your APIs

Read More
PLATFORM SECURITY

How SD-WAN Can Help Businesses in Boosting ROI?

Article | July 4, 2022

We are surrounded by acronyms and buzzwords in technology. SD-WAN is one that is often used in the industry nowadays. Organizations embrace digital transformation to stay up with market developments, consumer needs, and competitiveness. Traditional network designs weren't meant to manage digital transformation workloads and complexity. Business-critical services are commonly spread over numerous clouds, compromising network performance, particularly at branch sites. Smart network operations teams opt for SD-WAN. SD-WAN reduces overhead and improves network performance. Routing and hardware expenses are saved through SD-WAN solutions while allowing multi-cloud access. SD-WAN also reduces overhead and supports new digital apps and services. This new technology streamlines WAN administration and operation and brings corporate advantages. Business Challenges that SD-WAN Addresses There has been a dramatic increase in the pressure on the network as a result of digitalization. Businesses must now rely on a stable and secure network, which conventional router-based network topologies are incapable of providing. An SD-WAN solution assists businesses in addressing use cases in order to expedite digital transformation efforts, lower cybersecurity risks, and increase revenue. Eases connectivity with far-flung factories and offices. Effectively deploys new sites and minimizes network equipment sprawl. Enhances the speed of file transfer and backups to disaster recovery facilities. Helps in moving applications to the cloud and protecting cloud app. data using Secure Access Service Edge (SASE). Safeguards IoT devices using a zero-trust network Helps in complying with the cybersecurity framework of the National Institute of Standards and Technology (NIST). Ways SD-WAN Can Help Businesses Boost their Bottom Line • Boosts Security Digital transformation is a double-edged sword. It can increase consumer satisfaction and market reach, but can pose security threats. According to the U.S. State of Cybercrime study, 41% of respondents stated more cybersecurity occurrences in 2017. The good news is that many SD-WAN solutions provide built-in security. Most SD-WAN systems only offer basic firewall and VPN functionalities, requiring IT teams to add security to elastic and dynamic SD-WAN connections after the fact. SD-WAN solutions with NGFW, IPS, encryption, AV, and sandboxing can avoid data loss, downtime, regulatory violations, and legal liability. • Enables Cloud Usage Cloud services are rapidly being used by businesses. The great news is that SD-WAN enables direct cloud access at the remote branch, removing backhauling traffic – which routes all cloud and branch office traffic through the data center – allowing workers to directly access cloud applications irrespective of location without burdening the core network with additional traffic to manage and secure. Furthermore, SD-WAN enhances cloud application performance by prioritizing vital business apps and allowing branches to interact directly with the Internet. • Reduces Costs As businesses deploy a growing number of cloud-based services, the volume of data traveling across a WAN rises dramatically, driving up operational expenses. SD-WAN, thankfully, can minimize this cost by utilizing low-cost local Internet connectivity, offering direct cloud access, and lowering traffic via the backbone WAN. According to an IDC poll (prediction), over a quarter of survey respondents anticipate SD-WAN cost reductions of up to 39%, with the other two-thirds anticipating more modest savings of 5–19%. • Improves performance Data transfer over a network isn't created equal. Fortunately, SD-WAN can be set up to prioritize business-critical traffic and real-time services such as Voice over Internet Protocol (VoIP) and then successfully guide it over the most efficient path. IT teams can help decrease packet loss and latency concerns by supporting important applications over dependable, high-performance connections, increasing employee productivity and morale. This is business-impacting performance. Closing Note Indeed, SD-WAN evolved and flourished in the data center over the first few years of development. However, the time has arrived to take it seriously as a tool for managing your wide area network. There are currently several vendors on the market, as well as several mature solutions to choose from. More significantly, the business cases for SD-WAN are expanding on a daily basis.

Read More

Spotlight

RightSignature LLC

RightSignature is the easiest, fastest way to get documents signed. With an elegant, intuitive user interface, RightSignature replicates the pen-and-paper signing experience in any web browser. Users review documents, fill in form fields, and create an actual, wet-like signature online with a mouse or on the iPhone/iPad/Android touchscreen. American Bar Association's GPSolo Magazine: "With RightSignature you can upload contracts and have them signed in a faster, cheaper, and more secure way than paper documents."

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Veristor Partners with SANS Security Awareness to Deliver Employee Security Awareness Training

Veristor Systems, Inc. | September 28, 2022

Veristor Systems, Inc., a trusted provider of transformative business technology solutions, and SANS Security Awareness, the global leader in providing security awareness training, today announce that Veristor has become a certified provider of SANS Security Awareness' comprehensive suite of products to enable a data-driven approach to cybersecurity training for an organization's end users. "Researchers from Stanford University found that as much as 88% of all data breaches are caused by an employee mistake. "This shows that end users are the most critical vulnerability gap in today's enterprise. Yet if properly trained, they can also be the most resilient security defense – a human firewall. Together with the experts from SANS Security Awareness we are helping customers guard their environments with an army of well-trained employees. With proven training to spot and act when suspicious activity arises, users can take an active role in preventing the growing wave of cyberattacks." Daniel Martin, Principal Security Consultant, vCISO, Veristor The SANS Security Awareness suite of dynamic multilingual computer-based training, games, phishing simulations, and engagement materials teach vital security behaviors to effectively manage human cyber risk. With different training styles to match different corporate cultures, employee comprehension levels, and learning preferences, SANS Security Awareness training equips workforces to recognize and prevent current cyberattacks, including work-from-home threats. The platform delivers valuable metrics to measure the effectiveness of each program, and customization features to tailor training to meet specific organizational needs." With some groups requiring even greater specialized training, in addition to addressing core human behavior risk topics, SANS Security Awareness also offers secure development and coding techniques, understanding NERC CIP compliance requirements, and handling Industrial Control Systems (ICS) incidents. "We are very pleased to be partnering with the cybersecurity experts at Veristor to provide the SANS Security Awareness program to their customers," said Brad Stilling, Director of Global Sales for SANS Security Awareness. "Regular awareness training is an essential activity for organizations looking to ensure security and compliance. When employees feel informed and empowered to recognize and address cyber risks, they can protect the organization. With SANS Security Awareness, Veristor customers are now better positioned to detect and prevent cyber-attacks." For organizations starting their awareness training journey, Veristor delivers a SANS Human Risk Insight assessment to identify program cost reductions, eliminate unneeded staff training, and create risk metrics to baseline and benchmark an organization's human cyber risk. The SANS Security Awareness training solutions are now offered as a part of Veristor's suite of security solutions that are designed to solve business challenges through the intelligent application of next-generation security technology. About Veristor Systems, Inc. Veristor, which recently announced a merger with Anexinet, is a leading provider of transformative business technology solutions that helps its customers accelerate the time-to-value for the software, infrastructure and systems they deploy. We do this by harnessing deep expertise in today's most advanced data center, security, networking, hybrid cloud, and big data technologies and guiding businesses to the right solutions for their most pressing challenges. And with a full suite of design, deployment, support, and managed service offerings, we work shoulder-to-shoulder with our customers at every step of their technology journey to make technology truly work for them. About SANS Security Awareness SANS Security Awareness provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their human cybersecurity risk. SANS Security Awareness has worked with over 1,300 organizations and trained over 6.5 million people around the world. The SANS Security Awareness program offers globally relevant, expert authored tools and training to enable individuals to shield their organization from attacks and a fleet of savvy guides and resources to work with you every step of the way.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

GuidePoint Security Launches Industrial Control Systems (ICS) Security Service Offerings

GuidePoint Security | September 28, 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the availability of its ICS Security Services. These service offerings include a Security Program Review, Security Architecture Review and ICS Penetration Testing that collectively are designed to provide an organization with a holistic view of their entire ICS security posture. Traditionally, Operational Technology (OT) environments were kept separate and isolated from the traditional IT infrastructure. Today, ICS environments have emerged from the combination of IT and OT (Industry 4.0), introducing new features and easier management, but also creating new vulnerabilities and attack vectors. For example, an OT environment can be breached by an attack that comes through the IT environment. With GuidePoint’s ICS Security Services, organizations can ensure they have visibility across not only their OT environment, but also their broader organization. “The convergence of OT and traditional IT infrastructure into ICS environments has led to easier operational oversight, but it also introduces new avenues for attackers to exploit,” said Pascal Ackerman, Sr. Security Consultant - Operational Technology. “Through the combined expertise of our Governance, Risk and Compliance, Security Architecture, and ICS penetration testing practices, we can provide customers with an assessment of their entire ICS security posture, evaluating every angle of their environment.” GuidePoint’s ICS Security Service offerings include: Security Program Review (SPR): The SPR evaluates and measures an organization’s security program maturity and is based on the framework chosen by the customer, including, but not limited to: NIST Cybersecurity Framework (CSF), NIST 800 82, CIS Controls, ISO/IEC 62443, ISO 27001, C2M2, FERC/NERC-CIP, CISA TSS and ITU CIIP. With GuidePoint’s SPR offering, organizations can better assess their security program and its maturity level, and build or enhance their existing program to ensure it is right-sized to their unique requirements. ICS Security Architecture Review (SAR): The SAR evaluates an organization’s security capabilities to ensure deployed technologies are aligned with relevant compliance requirements. GuidePoint’s team of experts provides industry-recommended enhancements to an organization’s existing solutions as well as recommendations for new controls to augment and further mature security practices. ICS Penetration Testing: This service goes beyond a typical OT pentest by combining best-in-class IT and OT pentesting methodologies to form a holistic offering that will assess all security aspects of the production environment. Organizations gain real-life, actionable results based on proven ICS (IT and OT) penetration testing methods and techniques. These ICS Security Services round out a complete portfolio of cyber-focused Governance, Risk and Compliance offerings, Security Architecture Reviews, as well as Threat and Attack Simulation Services, to ensure the security of customers’ environments. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk.

Read More

DATA SECURITY,PLATFORM SECURITY

Orange and Netskope Partner on Carrier-class Connectivity and SSE Services for a Secure, Cloud-smart Platform

Orange Cyberdefense | September 23, 2022

Orange Business Services, a global network-native digital services company, Orange Cyberdefense, a leading cybersecurity services provider, and Netskope, a leader in secure access service edge (SASE), are partnering to deliver a new SSE (Security Service Edge) solution embedded into the Orange Telco Cloud Platform. The enhanced solution is designed to deliver optimal performance with maximized security, meaning enterprises will no longer need to find a compromise between the two. A decade of shifting to cloud and mobile computing, along with the ever-present demands of hybrid work environments, have put security and networking requirements on a collision course. While SSE addresses the security challenges, enterprises need to incorporate them into overarching connectivity strategies to realize the full benefits of SASE. The partnership will leverage Orange Cyberdefense’s security expertise and Netskope’s global security private cloud footprint and SSE leadership, enabling Orange Business Services to deliver consistent internet security on and off the network. This will help protect enterprise customers from data loss and the growing volume of sophisticated threats across cloud, web and private applications, with the full attributes of a cloud-native platform. The co-managed solution will reduce complexity for enterprises, providing continuously updated cloud security via the Orange Business Services Telco Cloud Platform. Telco Cloud Platform is a revolution in the way networks are built, run, and managed with enhanced performance. The software-defined approach optimized for telco workloads allows for greater agility and cost reduction. Securing an enterprise’s most important assets: people and data This innovative hybrid architecture embeds Netskope’s points-of-presence (POPs) within the Orange network, strengthening the Orange customer value proposition by delivering the benefits of the Orange network, including speed and agility, while enabling customers to tap into the power of Netskope Intelligent SSE. Netskope Intelligent SSE provides granular visibility and real-time data and threat protection for cloud services, websites, and private apps accessed from anywhere, on any device. “Cloud transformation and hybrid work models mean that traditional security architectures are no longer effective or efficient. Plugging our market leading platform into Orange’s network will enable Orange to significantly increase its offering to enterprises looking to secure data without limiting business productivity.” Sanjay Beri, CEO, Netskope “Increasingly enterprises are using the internet as their only WAN transport, even in a growing threat landscape. Working together we are delivering Orange customers a SASE-ready WAN edge while upgrading the security of the enterprise’s network without downgrading the user experience.” says Hugues Foulon, CEO, Orange Cyberdefense. “This innovative partnership is an important part of our Evolution Platform concept designed to simplify connectivity, cloud, and security and support business outcomes from end-to-end, providing real-time protection for our users, their applications, and data, wherever they are. It underscores our position as a trailblazer in SSE and managed services, providing the right balance of performance, speed, and protection to our customers,” adds Aliette Mousnier-Lompré, CEO, Orange Business Services. About Orange Business Services Orange Business Services is a network-native digital services company and the global enterprise division of the Orange Group. It connects, protects, and innovates for enterprises worldwide to support sustainable business growth. Leveraging its connectivity and system integration expertise throughout the digital value chain, Orange Business Services is well placed to support global businesses in areas such as software-defined networks, multi-cloud services, Data and AI, smart mobility services, and cybersecurity. It securely accompanies enterprises across every stage of the data lifecycle end-to-end, from collection, transport, storage and processing to analysis and sharing. About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Veristor Partners with SANS Security Awareness to Deliver Employee Security Awareness Training

Veristor Systems, Inc. | September 28, 2022

Veristor Systems, Inc., a trusted provider of transformative business technology solutions, and SANS Security Awareness, the global leader in providing security awareness training, today announce that Veristor has become a certified provider of SANS Security Awareness' comprehensive suite of products to enable a data-driven approach to cybersecurity training for an organization's end users. "Researchers from Stanford University found that as much as 88% of all data breaches are caused by an employee mistake. "This shows that end users are the most critical vulnerability gap in today's enterprise. Yet if properly trained, they can also be the most resilient security defense – a human firewall. Together with the experts from SANS Security Awareness we are helping customers guard their environments with an army of well-trained employees. With proven training to spot and act when suspicious activity arises, users can take an active role in preventing the growing wave of cyberattacks." Daniel Martin, Principal Security Consultant, vCISO, Veristor The SANS Security Awareness suite of dynamic multilingual computer-based training, games, phishing simulations, and engagement materials teach vital security behaviors to effectively manage human cyber risk. With different training styles to match different corporate cultures, employee comprehension levels, and learning preferences, SANS Security Awareness training equips workforces to recognize and prevent current cyberattacks, including work-from-home threats. The platform delivers valuable metrics to measure the effectiveness of each program, and customization features to tailor training to meet specific organizational needs." With some groups requiring even greater specialized training, in addition to addressing core human behavior risk topics, SANS Security Awareness also offers secure development and coding techniques, understanding NERC CIP compliance requirements, and handling Industrial Control Systems (ICS) incidents. "We are very pleased to be partnering with the cybersecurity experts at Veristor to provide the SANS Security Awareness program to their customers," said Brad Stilling, Director of Global Sales for SANS Security Awareness. "Regular awareness training is an essential activity for organizations looking to ensure security and compliance. When employees feel informed and empowered to recognize and address cyber risks, they can protect the organization. With SANS Security Awareness, Veristor customers are now better positioned to detect and prevent cyber-attacks." For organizations starting their awareness training journey, Veristor delivers a SANS Human Risk Insight assessment to identify program cost reductions, eliminate unneeded staff training, and create risk metrics to baseline and benchmark an organization's human cyber risk. The SANS Security Awareness training solutions are now offered as a part of Veristor's suite of security solutions that are designed to solve business challenges through the intelligent application of next-generation security technology. About Veristor Systems, Inc. Veristor, which recently announced a merger with Anexinet, is a leading provider of transformative business technology solutions that helps its customers accelerate the time-to-value for the software, infrastructure and systems they deploy. We do this by harnessing deep expertise in today's most advanced data center, security, networking, hybrid cloud, and big data technologies and guiding businesses to the right solutions for their most pressing challenges. And with a full suite of design, deployment, support, and managed service offerings, we work shoulder-to-shoulder with our customers at every step of their technology journey to make technology truly work for them. About SANS Security Awareness SANS Security Awareness provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their human cybersecurity risk. SANS Security Awareness has worked with over 1,300 organizations and trained over 6.5 million people around the world. The SANS Security Awareness program offers globally relevant, expert authored tools and training to enable individuals to shield their organization from attacks and a fleet of savvy guides and resources to work with you every step of the way.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

GuidePoint Security Launches Industrial Control Systems (ICS) Security Service Offerings

GuidePoint Security | September 28, 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the availability of its ICS Security Services. These service offerings include a Security Program Review, Security Architecture Review and ICS Penetration Testing that collectively are designed to provide an organization with a holistic view of their entire ICS security posture. Traditionally, Operational Technology (OT) environments were kept separate and isolated from the traditional IT infrastructure. Today, ICS environments have emerged from the combination of IT and OT (Industry 4.0), introducing new features and easier management, but also creating new vulnerabilities and attack vectors. For example, an OT environment can be breached by an attack that comes through the IT environment. With GuidePoint’s ICS Security Services, organizations can ensure they have visibility across not only their OT environment, but also their broader organization. “The convergence of OT and traditional IT infrastructure into ICS environments has led to easier operational oversight, but it also introduces new avenues for attackers to exploit,” said Pascal Ackerman, Sr. Security Consultant - Operational Technology. “Through the combined expertise of our Governance, Risk and Compliance, Security Architecture, and ICS penetration testing practices, we can provide customers with an assessment of their entire ICS security posture, evaluating every angle of their environment.” GuidePoint’s ICS Security Service offerings include: Security Program Review (SPR): The SPR evaluates and measures an organization’s security program maturity and is based on the framework chosen by the customer, including, but not limited to: NIST Cybersecurity Framework (CSF), NIST 800 82, CIS Controls, ISO/IEC 62443, ISO 27001, C2M2, FERC/NERC-CIP, CISA TSS and ITU CIIP. With GuidePoint’s SPR offering, organizations can better assess their security program and its maturity level, and build or enhance their existing program to ensure it is right-sized to their unique requirements. ICS Security Architecture Review (SAR): The SAR evaluates an organization’s security capabilities to ensure deployed technologies are aligned with relevant compliance requirements. GuidePoint’s team of experts provides industry-recommended enhancements to an organization’s existing solutions as well as recommendations for new controls to augment and further mature security practices. ICS Penetration Testing: This service goes beyond a typical OT pentest by combining best-in-class IT and OT pentesting methodologies to form a holistic offering that will assess all security aspects of the production environment. Organizations gain real-life, actionable results based on proven ICS (IT and OT) penetration testing methods and techniques. These ICS Security Services round out a complete portfolio of cyber-focused Governance, Risk and Compliance offerings, Security Architecture Reviews, as well as Threat and Attack Simulation Services, to ensure the security of customers’ environments. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk.

Read More

DATA SECURITY,PLATFORM SECURITY

Orange and Netskope Partner on Carrier-class Connectivity and SSE Services for a Secure, Cloud-smart Platform

Orange Cyberdefense | September 23, 2022

Orange Business Services, a global network-native digital services company, Orange Cyberdefense, a leading cybersecurity services provider, and Netskope, a leader in secure access service edge (SASE), are partnering to deliver a new SSE (Security Service Edge) solution embedded into the Orange Telco Cloud Platform. The enhanced solution is designed to deliver optimal performance with maximized security, meaning enterprises will no longer need to find a compromise between the two. A decade of shifting to cloud and mobile computing, along with the ever-present demands of hybrid work environments, have put security and networking requirements on a collision course. While SSE addresses the security challenges, enterprises need to incorporate them into overarching connectivity strategies to realize the full benefits of SASE. The partnership will leverage Orange Cyberdefense’s security expertise and Netskope’s global security private cloud footprint and SSE leadership, enabling Orange Business Services to deliver consistent internet security on and off the network. This will help protect enterprise customers from data loss and the growing volume of sophisticated threats across cloud, web and private applications, with the full attributes of a cloud-native platform. The co-managed solution will reduce complexity for enterprises, providing continuously updated cloud security via the Orange Business Services Telco Cloud Platform. Telco Cloud Platform is a revolution in the way networks are built, run, and managed with enhanced performance. The software-defined approach optimized for telco workloads allows for greater agility and cost reduction. Securing an enterprise’s most important assets: people and data This innovative hybrid architecture embeds Netskope’s points-of-presence (POPs) within the Orange network, strengthening the Orange customer value proposition by delivering the benefits of the Orange network, including speed and agility, while enabling customers to tap into the power of Netskope Intelligent SSE. Netskope Intelligent SSE provides granular visibility and real-time data and threat protection for cloud services, websites, and private apps accessed from anywhere, on any device. “Cloud transformation and hybrid work models mean that traditional security architectures are no longer effective or efficient. Plugging our market leading platform into Orange’s network will enable Orange to significantly increase its offering to enterprises looking to secure data without limiting business productivity.” Sanjay Beri, CEO, Netskope “Increasingly enterprises are using the internet as their only WAN transport, even in a growing threat landscape. Working together we are delivering Orange customers a SASE-ready WAN edge while upgrading the security of the enterprise’s network without downgrading the user experience.” says Hugues Foulon, CEO, Orange Cyberdefense. “This innovative partnership is an important part of our Evolution Platform concept designed to simplify connectivity, cloud, and security and support business outcomes from end-to-end, providing real-time protection for our users, their applications, and data, wherever they are. It underscores our position as a trailblazer in SSE and managed services, providing the right balance of performance, speed, and protection to our customers,” adds Aliette Mousnier-Lompré, CEO, Orange Business Services. About Orange Business Services Orange Business Services is a network-native digital services company and the global enterprise division of the Orange Group. It connects, protects, and innovates for enterprises worldwide to support sustainable business growth. Leveraging its connectivity and system integration expertise throughout the digital value chain, Orange Business Services is well placed to support global businesses in areas such as software-defined networks, multi-cloud services, Data and AI, smart mobility services, and cybersecurity. It securely accompanies enterprises across every stage of the data lifecycle end-to-end, from collection, transport, storage and processing to analysis and sharing. About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

Events