How to Overcome Virtualization Security Risks

Bineesh Mathew | March 4, 2022 | 639 views

Virtualization Security Risks
Virtualization has gained popularity in recent years because of its ability to improve efficiency and scalability at lower costs. Server virtualization is used by over 90% of businesses, and many companies are looking into other virtualization alternatives, such as application, desktop, network, and storage virtualization.

With the increasing popularity of virtualization, security has become one of the most significant concerns. As a result, there is a need to pay close attention to virtualization security risks. When compared to traditional server infrastructure, virtualization provides certain obvious security advantages. Virtual machines (VMs) have a lot of benefits, including increased availability, isolation from the operating systems and actual hardware they run on, and enhanced security measures that come standard with most virtualization solutions.

Because so many firms use this technology, it's an attractive target for hackers and other cybercriminals. However, virtualization is no more or less of a security risk than any other component of your IT infrastructure. Its use necessitates a greater understanding of the problems that IT managers problems.

Virtualization security is an essential component of a larger security strategy. Virtualization security must be applied to all physical, virtual, and cloud layers in today's settings, where more than 80% of them are virtualized.

“Virtualization allows organizations to cut costs, improve efficiency and increase essential infrastructure agility, but it also brings complexities – including scale and management concerns that impact the surrounding IT infrastructure. We support HP’s cloud initiative of delivering highly scalable and adaptable global-class services to ensure optimized application delivery to users and continue to collaborate with HP to help enterprises maximize the value of their virtualization investments.”

- Karl Triebes, senior vice president, Development, and chief technology officer, HP

Read on to know more about the risks of virtualization and how to mitigate them efficiently.

Top Virtualization Security Risks

Virtualization security risks are known to affect businesses adversely. So, it is better to be aware of these potential risks and find ways to mitigate them. Some of the top virtualization security issues can be:

• Keeping snapshots on VMs
• External attacks
• Network configuration
• File sharing between VM and host
• Offline virtual machine security
• Viruses, ransomware, and other malware
• VM sprawl

Ways to Mitigate Virtualization Security Risks

Now that we've covered the potential risks associated with virtualization, let’s look at reducing these risks. Here are some things you may do to lessen the effects of security issues mentioned above:


Protect Your Data Centre by Securing Management Interface

Virtualization systems may improve data center efficiency and cost-effectiveness, but they also add complexity with a different administration interface to protect. As a result, agencies must ensure that their management interface is safe. Even if an attacker gains administrative access to a system, they cannot take over a large part of the data center and alter hardware resources.

The best defense is to restrict access to a minimum. In addition to needing a strong multifactor authentication, cybersecurity teams should guarantee that the interface is only available from a virtual local area network devoted to that purpose. For administrators to get access, they first need to connect to the dedicated VLAN by VPN or jump box. This significantly reduces the risk of a breach because it prevents attackers from accidentally coming across the interface during routine network scans.

Find Out Warning Signs, Carefully Monitoring Networks

Even the most meticulously constructed security safeguards can fail at times. Therefore, monitoring networks and systems for signs of compromise is one of the most critical tasks for agency cybersecurity teams. This necessitates a robust set of technologies and processes, such as intrusion detection and prevention systems, thorough logging and security data, and event management systems that correlate collected data. While developing monitoring techniques, another thing to keep in mind is to pay extra attention to monitoring virtualization platforms for signs of compromise, like unusual inter-VM network activity or administrative connections from unknown sources.


Protect Your Environment with Strong Virtualization Security Tools

Companies can deploy robust virtualization security tools to protect businesses from virtualization security risks. This will help safeguard against any potential threats and breaches. Some of the practical tools can be:
  • Antivirus and anti-malware software
  • Change auditing software
  • Backup and replication software


Have a Well-Designed Disaster Recovery (DR) Plan and Strong Backup

Whether you experience a cyberattack or a hurricane bringing down your production data center, a proper disaster recovery plan and backup are critical to guaranteeing business continuity. In addition, having a disaster recovery site in a remote data center or the cloud can help reduce the virtualization issues of extended downtime. You can consider three steps as you put together your disaster recovery plan:
  • Back up VMs and physical servers
  • Use the 3-2-1 backup rule
  • Consider replication

Summing Up

Modern businesses must protect their virtual environments from various virtualization security attacks. Keeping all software up to date, utilizing antivirus software, following configuration best practices, and providing frequent user training are essential tactics. However, some threats will get through even the finest defenses, so it's critical to invest in virtualization security solutions that can track changes and logons to help you maintain security at all levels, all the time.


Frequently Asked Questions


Does virtualization improve security?

Virtualization increases physical security by lowering physical hardware elements. In a virtualized environment, less hardware means fewer data centers. In addition, server virtualization allows servers to revert to their default state in an incursion.


What are the basics of virtualization security?

The basics of virtualization security are:
  • Secure all the parts of the infrastructure
  • Reduce the open ESXi firewall ports numbers
  • Have a robust backup and disaster recovery (DR) plan


What are some of the types of virtualization?

Some of the types of virtualization are:
  • Desktop Virtualization
  • Application Virtualization
  • Server Virtualization
  • Network Virtualization
  • Storage Virtualization

Spotlight

BankVault

Imagine owning a business – and have to temporarily shut your business to deal with a computer virus that’s wreaked havoc on your business simply because your antivirus, firewall, and off-site data backups failed. The pain is truly excruciating. Yet it's happening to more and more businesses every day. BankVault is simple yet powerful software which protect your most valuable assets - your computer, online credentials, and ultimately the money in your bank account. It is the best way to win new business and customer confidence in this digital age. DID YOU KNOW? * 1 in 5 Australians have been victims of identity crime with online banking, online shopping, and computer hacking to blame * 65% of Australian organisations experienced cybercrime in the last 24 months * Only 42 percent of Australian organisations have a fully operational incident response plan * It takes 31 days to resolve a cybercrime... Meanwhile, thousands of dollars are lost due to loss of reputation, lack of client confi

OTHER ARTICLES
Data Security, InfoSec Project Management

Transformative Cybersecurity Detection Reshapes the Battle Against Constantly Evolving Cyber Threats

Article | July 13, 2023

Embrace cybersecurity as transformative detection techniques to revolutionize the fight against ever-changing cyber threats. In an interconnected world, cybersecurity poses a growing threat to businesses, capable of wreaking havoc on their operations, reputations, and financial standings. Cyber threats have reached alarming levels, affecting every industry. Successful attacks can lead to data theft, financial losses, reputational damage, and business disruption. These sophisticated attacks exploit vulnerabilities in digital infrastructure. Yet, the challenge of cybersecurity extends beyond the mere presence of threats. It lies in the relentless evolution and adaptability of these malevolent forces. Traditional security measures, once considered sufficient, are now rendered ineffective against their cunning tactics. The landscape of cybercrime is a perpetually shifting entity, leaving organizations in a constant state of vulnerability. At the onset of the COVID-19 pandemic, organizations witnessed a significant surge in cyber threats or alerts, with 61% reporting a substantial increase of 25% or more. With users accessing cloud applications and corporate networks remotely, hackers actively sought to exploit potential security gaps. Protecting Businesses: The Importance of Cybersecurity Detection Early threat detection is a fundamental aspect of effective cybersecurity. By closely monitoring network traffic, system logs, and user behavior, businesses can swiftly detect suspicious activities that may signal an ongoing or imminent cyber-attack. Such proactive detection enables organizations to respond promptly, mitigating potential financial losses from data breaches, system downtime, regulatory fines, legal battles, and reputational damage. For businesses entrusted with sensitive customer data, cybersecurity detection plays a vital role in maintaining trust and complying with data protection regulations. By monitoring data access, identifying unauthorized activities, and promptly detecting breaches or data exfiltration attempts, organizations can safeguard customer information and avoid legal complications. Moreover, cybersecurity detection protects a company's intellectual property, ensuring the integrity of trade secrets, proprietary algorithms, and other confidential information. By effectively identifying and preventing unauthorized access or theft attempts, businesses can maintain their competitive advantage. Compliance with industry regulations is an essential consideration for businesses. Cybersecurity detection helps companies demonstrate proactive measures in detecting security incidents and potential data breaches, ensuring adherence to data security and privacy requirements and avoiding penalties, legal liabilities, and reputational damage associated with non-compliance. Furthermore, effective cybersecurity detection enhances reputational trust. Businesses that invest in robust detection measures are committed to safeguarding sensitive information, thus fostering trust among customers, partners, and stakeholders. Guard Against Cyber Threats with onShore Security’s Panoptic Cyberdefense Panoptic Cyberdefense by onShore Security is a Managed Cybersecurity Detection solution that recognizes security as an ongoing process, not just a mere product. For effective cybersecurity operations, round-the-clock monitoring is required using Security Operations Center (SOC) offered by onShore’s cyberdefence solution. To maximize visibility, businesses need to immediately respond to security threats while also requiring to identify non-threatening data. Leveraging Panoptic Cyberdefense helps streamline identifying, monitoring, and detecting cyber threats. During a conversation with Media 7, Stel Valavanis, CEO, onShore Security highlighted the impact of cyber threats and talked about cybersecurity detection solutions. We have developed our detection platform, the Panoptic Sensor and the Panoptic SIEM over many battle-hardened years. And the process is well-oiled, as you can imagine, involving tiers and workflow communication for alerting, analysis, tuning, and threat-hunting. As cyber threats evolve in complexity and frequency, businesses must remain vigilant in safeguarding their digital assets. onShore Security's Panoptic Cyberdefense offers a comprehensive suite of solutions, including Panoptic Sensor and the Panoptic SIEM, to help organizations mitigate risk, protect sensitive data, elevate their security team, and meet compliance requirements. Through Panoptic Sensor, organizations gain proactive threat intelligence, enabling the early detection and prevention of potential security breaches. Complementing this, the Panoptic SIEM provides powerful analytics and monitoring capabilities, empowering businesses to swiftly identify, investigate, and respond to security incidents. To navigate complex data protection and privacy regulations, minimizing the risk of non-compliance penalties and legal ramifications is needed. Panoptic Cyberdefense offers three levels of cybersecurity detection. The levels of detection, response and analysis include managed detection and response (MDR), second level has both network detection response (NDR) + MDR, and the third level is security orchestration. Harness the Power of Detection By integrating detection capabilities into every layer of protection systems, including user involvement, businesses can establish a formidable defense against cyber threats. Consolidating data from various sources into a centralized platform for analysis becomes essential. Implementing a managed detection and response process enables continuous analysis of this data, empowering early detection of potential attackers and facilitating ongoing security enhancements. Collaborating with government and industry partners can further demonstrate a commitment to high-security standards and compliance requirements. Remaining prepared for potential attacks is crucial. In the event of an incident, prompt response becomes paramount. Equipped with comprehensive data providing attestation of methods and impact, organizations can swiftly and effectively address any cybersecurity breaches.

Read More
Data Security, Platform Security, Software Security

Identity-Based Authentication Sets New Industry Standards for Secure and Streamlined User Onboarding

Article | March 29, 2023

Embrace the transformative power of identity-based authentication to establish new industry standards for safe and seamless user onboarding processes, enhancing security, workflows & user experience. The increasing adoption of decentralized identity systems, including blockchain-based solutions, introduces intricate challenges in the verification and authorization of identities across distributed networks. During interoperability, the threat to privacy and security within these systems is emerging at an alarming rate that requires urgent attention. Additionally, combating synthetic identity fraud poses a significant hurdle as fraudsters adeptly combine genuine and false information, making it arduous to differentiate between authentic and fraudulent identities. Deepfakes are the rising concern, which generate remarkably realistic audio, video, or images, mimicking genuine individuals and heightening the difficulty of detecting and preventing impersonation attacks. Password fatigue stems from the constant need to create and remember multiple passwords, leading users to choose weak or reused ones. Reusing passwords increases the risk, as compromising one account grants access to others. Password theft is a concern, with attackers employing phishing attacks and malware. A study by Google found that passwordless authentication can reduce password-related help desk tickets by up to 60%. (Source: PYMNTS) Complex password requirements can be challenging, pushing users towards weaker options. Password resets are time-consuming and frustrating. Solutions should alleviate fatigue, promote secure practices, and offer robust protection against theft and unauthorized access. All service providers or product companies confront a common challenge in this novel era of vulnerabilities, the question of creating an optimal and seamless user onboarding cycle while adhering to the necessary standards. This keeps them up at night as they attempt to find the optimal balance between seamless and secured-data onboarding. In this digital age, identity-secure data is the most valuable asset and a transformative resource. Organizations with data stored in cloud storage and password-based authentication systems are vulnerable to cybercrime. These are susceptible to numerous security threats, including phishing, social engineering, and brute-force attacks. These hazards may result in security breaches and sensitive data loss. Additionally, password management becomes burdensome for users, resulting in password fatigue, weak practices, and IT department involvement for password resets. This impacts user experience and productivity. Identity-Based Authentication (IBA) comes into action while implementing this secure identity verification. To ensure widespread adoption of IBA, the industry must standardize two crucial aspects of identity: ‘Identification Verification’ and ‘Passwordless Authentication’. Automating identity verification fundamentally transforms the onboarding work processes by shifting administrative burden to user endpoints and automating data capture, credential validation, and document workflow. This leads to increased user satisfaction and faster access to required services, driving efficiency and reducing the time to generate revenue for customers. BlockID Verify by 1Kosmos prevents such fraudulent accounts through an identity proofing process that verifies identity anywhere, anytime, and on any device with over 99% accuracy, thereby preventing the use of stolen or synthetic identities during customer onboarding. During a conversation with Media 7, Michael Cichon, CMO, 1Kosmos stressed on the implementation of identity proofing and authorization. At 1Kosmos we bring our solutions to the market through three distinct products. One product focuses on workforce authentication, another caters to business-to-consumer use cases, and the third product revolves around self-service identity proofing. These give organizations the ability to remotely verify an identity on the web with a high level of assurance, and then verify that identity at every access attempt. Onboarding users with security and data protection is a critical activity. It is a one-time action that must be combined with an authentication mechanism for long-term identity to be genuinely effective. Organizations with data stored in cloud storage and password-based authentication systems are vulnerable to cybercrime. While these are susceptible to numerous security threats, including phishing, social engineering, and brute-force attacks, these hazards can result in security breaches and sensitive data loss. A recent report by Verizon demonstrated that 61% of all data breaches are caused by compromised credentials. (Source: 1Kosmos) The catch that robust identity verification alone does not guarantee future authentication, calls for FIDO (Fast Identity Online). It is backed by an industry-leading organization 1Kosmos, which provides solutions for Identity Based Authentication. FIDO uses cryptography in the form of a public and private key to authenticate a user. With FIDO2 authentication, employees can authenticate into corporate systems and applications using their personal devices. This eliminates the need for conventional passwords and reduces the likelihood of security vulnerabilities resulting due to password-related attacks. With FIDO2, the user's keys are stored on their devices and not the service provider's server and thus proves to be less vulnerable to identity theft and phishing attempts. This is where the password to cryptographic passkeys adoption comes into picture. BlockID Workforce by 1Kosmos implements password-less authentication using FIDO, and has thus become a necessity, adopting self-service identity verification serving as a credential service provider. The ‘Identity Proofing’ together with ‘Passwordless Authentication’ results in a seamless user experience addressing credential theft, eliminating unauthorized users logging in corporate IT network and thus preventing data breaches, financial fraud, and ransomware.

Read More
Data Security

Urgent Redefinition of Data Loss Prevention to Address Increasing Global Data Threats

Article | April 11, 2022

Discover the significance of data protection in today's vulnerable world. Gain insights into the far-reaching impacts of data loss and the importance of proactive data security practices for businesses. Understanding Data Protection’s Significance in an Ever-Vulnerable World In today's highly competitive business landscape, organizations must recognize the immense value of their data resources and prioritize implementing robust data protection measures. Safeguarding data from external threats and internal vulnerabilities is paramount to ensuring businesses' smooth and secure operations. In an era of increasingly complex IT environments, data protection becomes an increasingly challenging endeavor, necessitating organizations to maintain a vigilant stance in safeguarding their critical information. According to Ponemon Institute statistics, 77% of companies are woefully ill-prepared and planned when it comes to thwarting an attack or a data breach. Protecting sensitive data, such as intellectual property, personally identifiable information, and financial records, poses a significant challenge for organizations. The modern workplace, characterized by extensive data collaboration across networks, devices, and applications, further amplifies the risk of data security incidents. Furthermore, limited resources often hinder organizations from keeping pace with the ever-growing array of data security risks. However, as data volumes continue to expand, the escalating concerns surrounding data protection highlight the severe consequences organizations face in terms of financial loss, reputational damage, and legal repercussions resulting from data breaches. To mitigate these risks, they must adopt a proactive approach to data protection. This encompasses the implementation of robust security protocols, using encryption technologies, conducting regular security audits, and providing ongoing employee training on data security best practices. This proactive approach enables businesses to operate with greater confidence, trust, and resilience. It is important to note that organizations must view data protection as an essential aspect of their overall business strategy and continually adapt and improve their data security practices. Only by protecting their data can organizations maintain a competitive edge, preserve customer trust, and uphold their reputation as reliable and secure entities in the marketplace. The Far-Reaching Impacts of Data Loss Data protection is a critical concern that applies to organizations of all sizes, and falling into the trap of thinking it only affects large enterprises can have devastating consequences. In fact, small businesses are often targeted by data theft attempts, as they may have fewer resources and can be more susceptible to attacks. Failing to keep up with data security measures and strategies results in severe repercussions for businesses. It damages their reputation, increase operational downtime, leave sensitive data unprotected, and even attract legal action. With organizations increasingly relying on cloud and online transactions, cyber threats now pose a significant risk to data integrity. Data breaches can lead to the theft of valuable information, which can be sold to other parties or used for fraudulent activities. The financial impact of these breaches and losses is substantial. When a company fails to protect its sensitive information and allows data breaches to occur, it not only incurs financial losses but also experiences a significant blow to its reputation. Dissatisfied customers may take their business elsewhere, resulting in decreased revenue. Communicating a data loss incident to customers, while essential, can also erode trust and lead to discontentment. This can further drive customer churn and harm the business's overall reputation, especially if customer data is compromised. Rebuilding customer relationships in the aftermath of a data loss incident requires significant time and resources, as the consequences can persist for years. Data Loss Prevention: An Essential Ingredient Data loss prevention (DLP) is an integral part of a comprehensive data protection strategy, aiming to prevent unauthorized access, use, or disclosure of sensitive data. A well-implemented DLP system can help organizations proactively safeguard their data, mitigate risks, and avoid the aftermath of data loss incidents. As Alexey Raevsky, CEO, Zecurion rightly stated in an interview with Media7, If any organization has a mature DLP in place, there is no need of combating the aftermath of data loss. A robust DLP system comprises advanced security protocols, encryption technologies, and continuous monitoring mechanisms. These components work together to identify vulnerabilities, prevent data breaches, and address potential threats. The other key advantage of an effective DLP system is establishing and enforcing stringent access controls. This ensures that only authorized individuals can access and manipulate sensitive data, reducing the risk of data breaches caused by internal or external factors. Encryption technologies employed by DLP systems further enhance data protection by securing data at rest and in transit, making it challenging for malicious actors to compromise sensitive information. Navigating Data Protection World with Enterprise DLP ‘Zecurion’ An enterprise DLP system offers a comprehensive solution designed to address organizations' complex data landscapes and security challenges. It provides centralized control and visibility over data across multiple systems, networks, and endpoints within the enterprise. Organizations can effectively manage and protect data throughout its lifecycle, regardless of location or format, by implementing a unified DLP framework. This is where Zecurion becomes essential. It is a next-gen DLP provider that specializes in researching, investigating, and monitoring activities to prevent data loss incidents. Its DLP solution offers various features to enhance data protection and incident response: User Behavior Analytics (UBA) with fast risk-based assessment: This feature provides visibility into employee activities and evaluates them based on parameters such as risk, productivity, policies, and emotional state. The Security Officer can closely monitor high-risk employees while allowing low-risk ones to operate with fewer limitations. Screen Photo Detector: This feature detects attempts to photograph a screen using a smartphone by utilizing webcams. It employs two neural networks to ensure reliable smartphone detection and quickly identifies cybersecurity incidents in a fraction of a second. Investigation Workflow Automation: This module simplifies investigations and streamlines the incident response cycle. It provides a comprehensive view of ongoing tasks, including their statuses, relevant data, assigned personnel, and deadlines. Cybersecurity team members can collaborate, leave comments, discuss progress, and attach supporting documents and incidents for efficient and effective incident resolution. Stand Out from Completion with the Next-Gen DLP Zecurion stands out from its competitors due to its ease of implementation and successful use cases demonstrating its instrumental value. One notable example is its pivotal role in a recent forensic investigation conducted for an oil refinery. The investigation uncovered fraudulent activities by intermediaries selling the refinery's products at inflated prices. Zecurion's DLP solution played a critical role in identifying the involvement of a group of managers, including a C-level executive, who had gone to the extent of forging documents to conceal their actions. A financial and legal audit conducted with the help of Zecurion revealed that the fraudsters' actions had resulted in a loss of over $25 million for the organization. The DLP solution proved invaluable in enabling the refinery to take legal action against the perpetrators and terminate the employment of the three key individuals involved in the scam. The success of Zecurion's DLP solution in this particular use case further establishes its reputation as a trusted and effective solution for safeguarding organizations against data loss and fraudulent behavior. Privacy and Protection: Balance is Crucial It is important to note that while organizations must prioritize data security, balancing security measures and respecting employee privacy and autonomy is equally important. While a robust data security framework is essential and ensures that sensitive information is adequately protected, employees must feel that their personal information is handled with care and that their privacy is respected. This can be achieved through clear and transparent data usage policies, consent-based data collection practices, and strict adherence to data protection regulations. Organizations can create a culture of trust and accountability by establishing these guidelines and practices, instilling confidence among employees that their privacy is valued and protected. Additionally, organizations can foster a culture of data security awareness and education among employees. Regular training and updates on data security best practices can turn employees into proactive participants in maintaining a secure work environment. This not only enhances data security but also cultivates a sense of shared responsibility and accountability among employees. When employees feel that their privacy is respected and they are given the autonomy to perform their duties effectively, they are more likely to adhere to data security protocols and actively contribute to the organization's overall security posture.

Read More
Network Threat Detection

Software Supply Chain Attacks: How Can Code Signing Help?

Article | July 12, 2023

Software supply chain attacks, such as the recent one involving MOVEit Transfer, are a serious issue for modern enterprises. Their dependency on third-party software makes it difficult to successfully vet the security integrity of every product used by enterprises. Software is especially difficult to assess securely, as it can be modified through updates throughout its lifecycle. For threat actors, targeting popular enterprise software tools is a lucrative and time-efficient way to gain access to the systems of a large number of corporate users. Verifying the integrity of software, and using attestation services, is one way to minimize the threat surface. So how can these concepts be leveraged in software? Software integrity (also known as code integrity) refers to the quality of the source code and allows the determination of the safety, security, and reliability of the software. It can mean that the code is unaltered by unauthorized parties, or it can also provide protection against hacks and guarantee privacy. Integrity checking can be relatively complex, but includes, at a minimum (from a security perspective), security features and ensures that security vulnerabilities have been eliminated. It does what it should, can be tested, and is easy to understand and edit, without introducing new errors or flaws. There are code analysis tools that can enable this. Beyond that, the code can be signed through the application of a digital signature to seal that integrity check. This can happen several times during the lifetime of that software: at production, for upgrades and patching, etc. This provides assurance that the software came from the developer and that it has not been changed in an unauthorized manner. This proof of authenticity becomes important in supply chain scenarios, and can be an important tool for brand protection of the developers. Code signing makes use of digital certificates; the signature is cryptographically hashed and packaged in a certificate. This certificate can then be verified by the user of the software through a Public Key Infrastructure (PKI), with a certificate authority validating (or refuting) the applied signature. There are various types of code signing certificates: standard and extended. The latter involves a more complex process and stricter requirements for validation and key management. Software attestation is essentially the other side of that process. It’s a trust mechanism that allows the user to independently validate the integrity asserted by a provider. Attestation might require not just the vendors name, version of the software, and origins of the code, but also other software artifacts, such as statements to the effect that they have followed secure development practices, information on external dependencies used to build it, the build process itself, the test suites that were run, and any security checks passed. Together, these artifacts form the metadata of the software, which then can be independently signed. A PKI can then be leveraged to verify the applied digital signature. There are software attestation standards that can be leveraged, including open ones (in-tot and Binary Authorization being two popular ones). The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is working on a self-attestation form (Secure Software Development Attestation Common Form) for software producers serving the federal government. The form will require them to confirm implementation of specific security practices. This was following the White House’s 2021 Executive Order 14028 and the Office of Management and Budget’s (OMB) M-22-18, “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices.” Digital signatures for code integrity and software attestation will increasingly be in demand, especially as governments on both sides of the Atlantic (in the European Union and the United States) are pushing for policy and regulation on mandatory Software Bills of Materials (SBOMs). The goal is to make software developers and device manufacturers accountable for the components that make up their products. An SBOM will have to list known vulnerabilities associated with each component (open source and third party), pushing security rights to the forefront of product development. This visibility will allow for product development teams, DevOps, and implementers to address vulnerabilities and thereby strengthen security. SBOMs will likely form part of the software’s metadata, so signing will have a role to play here. In short, code signing and software attestation can both confer a level of security that can minimize the threat of a supply chain attack. It’s important to keep in mind, however, that they won’t address all issues, and will not be 100% fool-proof either. Of course, threat actors know this, and many are already targeting the code signing process in order to inject malicious code. This requires threat actors to compromise development platforms where code signing takes place. Ultimately, the use of digital signatures, from creation to management, is another aspect that will need to be secured from a developer perspective. DevSecOps will also have an important role to play here in order to avoid such malicious tactics, thereby providing a holistic security context for using digital signatures. But there is no doubt that digital signatures are a key technology for code integrity and software attestation, and will have a positive impact on thwarting the progress of supply chain attacks, if used widely. Sources: CISA WH EO 14028 OMB

Read More

Spotlight

BankVault

Imagine owning a business – and have to temporarily shut your business to deal with a computer virus that’s wreaked havoc on your business simply because your antivirus, firewall, and off-site data backups failed. The pain is truly excruciating. Yet it's happening to more and more businesses every day. BankVault is simple yet powerful software which protect your most valuable assets - your computer, online credentials, and ultimately the money in your bank account. It is the best way to win new business and customer confidence in this digital age. DID YOU KNOW? * 1 in 5 Australians have been victims of identity crime with online banking, online shopping, and computer hacking to blame * 65% of Australian organisations experienced cybercrime in the last 24 months * Only 42 percent of Australian organisations have a fully operational incident response plan * It takes 31 days to resolve a cybercrime... Meanwhile, thousands of dollars are lost due to loss of reputation, lack of client confi

Related News

Platform Security

Fortinet Announces Formation of Veterans Program Advisory Council to Narrow the Cybersecurity Skills Gap with Military Veteran Talent

GlobeNewswire | September 29, 2023

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced it has formed the Veterans Program Advisory Council, made up of a global board of esteemed members from organizations that support the military veterans community across the Five Eyes countries: United States, United Kingdom, New Zealand, Canada, and Australia. Members will provide counsel on how Fortinet can continue meeting the needs of military veterans looking to transition into the cybersecurity field. Military veterans have many complementary skillsets that make them ideal candidates for cybersecurity roles, including discipline, problem-solving under immense pressure, situational awareness, and an understanding of the importance of maintaining a strong defense posture. With the industry facing a talent shortage with an estimated 3.4 million security roles needing to be filled worldwide, the veteran community can play a key role in filling critical cyber roles with access to training, mentorship, and employment opportunities. Yet, the Fortinet 2023 Cybersecurity Skills Gap Global Research Report found that 43% of organizations indicated difficulty in recruiting qualified veterans for cybersecurity roles. At the same time, veteran turnover is high in the industry, with one key reason being the shortage of staff, leading to overwork and burnout. To further address these hurdles veterans face, the esteemed members of the Veterans Program Advisory Council with extensive backgrounds working with the military veteran community and as veterans themselves will help Fortinet strengthen its Veterans Program offerings by providing guidance on how to continue reskilling and upskilling veterans so they can start and stay in various cyber career pathways. Veterans Program Advisory Council members (listed in alphabetical order) include: Chris Barlow, Managing Director at Cerco IT Ltd (U.K.) Marty Donoghue, Chief Executive of the RNZRSA (New Zealand) Colin Grimes, Training Coordinator of TechVets Programme, The Forces Employment Charity (U.K.) Tom Marsland, Board Chairman and CEO at VetSec, Inc. (U.S.) Heath Moodie, Director of Vets in Cyber (Australia) James Murphy, Director of TechVets Programme, The Forces Employment Charity (U.K.) Bryan Radliff, CyberVets Program Manager at Onward to Opportunity, D’Aniello Institute for Veterans and Military Families (U.S.) Patrick Shaw, Founder of Cyber Catalyst (Canada) Mark Wilcox, Head of Cyber Training, Permanent Opportunities and Partnership at Cerco IT Ltd (U.K.) Fortinet’s Commitment to Supporting Veterans to Close the Cyber Skills Gap The Veterans Program Advisory Council will help build on the Veterans Program's success in providing more cybersecurity training pathways for military veterans with both existing technical background or no IT experience. Fortinet provides Veterans Program members access to its Network Security Experts (NSE) Certification Program curriculum to help them transition into the cybersecurity field and advance in their security careers through access to cyber training, professional development resources, and employment opportunities. This year, the Veterans Program is celebrating five years of helping military service members, veterans, and military spouses receive the fundamental resources they need to transition into cyber roles. Fortinet has also been recognized as a 2023 VETS Indexes Recognized Employer, further underscoring the company’s commitment to supporting the veteran community throughout their careers. Veterans Program Advisory Council Members Biographies Chris Barlow, Managing Director at Cerco IT Ltd (U.K.) Chris Barlow joined Cerco in 2003, and has since established a recruitment division for graduates through Cerco Training, a large proportion of which were British forces veterans. Chris acquired the entire business in 2017, and the company has continued to grow, prosper, and develop further. The vision for Cerco is to become a market leader in taking novice talent and guiding them to the highest levels of IT support and cybersecurity. Chris has made employment connections for new engineers with global IT companies such as Fujitsu, Hewlett-Packard, and IBM. Marty Donoghue, Chief Executive of the RNZRSA (New Zealand) Marty Donoghue has been chief executive of the RNZRSA since October 2020. Marty has a 35-year track record of transformational leadership, successfully building and managing teams and mobilizing volunteers in New Zealand and internationally across defense, sport, science, and in the not-for-profit sector. Marty served in the New Zealand Army for 25 years and is a veteran of Bosnia, Angola, Bougainville, and Iraq. Colin Grimes, Training Coordinator of TechVets Programme, The Forces Employment Charity (U.K.) Colin Grimes joined TechVets from the education sphere, where he worked as a primary school teacher with particular responsibility for computing across the curriculum. During his time in education, he also worked as a consultant to schools for the National Centre of Computing Education, delivering training to schools in computing and remote learning, leaning on lessons learned during the COVID-19 pandemic. Before this, he enjoyed a 24-year career as an air battle management specialist in the Royal Air Force. He also served as an instructor within the U.K. School of Air Battle Management, where he was responsible for training the next generation of air surveillance specialists. Tom Marsland, Board Chairman and CEO at VetSec, Inc (U.S.) Tom Marsland is a cybersecurity professional with over 21 years of experience in the information technology and nuclear power industry. He has also served over 21 years in the U.S. Navy and has a BS in IT security and an MS in cybersecurity. He is the board chairman of VetSec and the VP of technology and technical services at Cloud Range. Heath Moodie, Director of Vets in Cyber (Australia) Heath is the director of Vets in Cyber, where he is helping to build a mentoring program, running community events, and partnering with industry-leading training providers to offer employment assistance to veterans. As a five-year Australian Army infantry veteran, Heath transitioned into cybersecurity and was immediately confronted with the different cultures between the military community and civilian life. Wanting to be the change that he needed, Heath created a grassroots organization, Vets in Cyber, which is focused on helping to build a community around veterans to offer them the support they need within the cybersecurity industry. James Murphy, Director of TechVets Programme, The Forces Employment Charity (U.K.) James Murphy joined TechVets from Government Digital Services in the Cabinet Office, where he was employed as the head of threat intelligence, providing strategic cyber threat intelligence advice to key decision makers within central government with specific focus on protecting national infrastructure. Prior to this, James served for 19 years in the British military, deploying to Northern Ireland, East Africa, and Afghanistan with the infantry, receiving lifelong injuries as a result of enemy action. James then served the remainder of his service in intelligence, developing the army’s exploitation capability, providing support to U.K. Defence Engagement in East Asia before delivering strategic support to global joint military operations.​ Bryan Radliff, CyberVets Program Manager at Onward to Opportunity (O2O) (U.S.) Bryan Radliff serves as the CyberVets program manager in the Onward to Opportunity Program for the D’Aniello Institute for Veterans and Military Families (IVMF) at Syracuse University. CyberVets is a skills-to-job pathway that aims to fast-track veterans into high-demand cyber careers by providing no-cost employment training, industry certifications, and career services to transitioning service members, veterans, and military spouses. Bryan is a 31-year veteran of the U.S. Army, serving as an enlisted medical supply specialist, infantryman, and an armor/cavalry officer before retiring as a lieutenant colonel. Patrick Shaw, Founder of Cyber Catalyst and Tech Vets (Canada) Founder of Cyber Catalyst and co-founder of Coding For Veterans (CFV), Pat initiated Cyber Catalyst Talent Solutions to assist veterans achieve meaningful and rewarding careers using the skills developed through their upskilling or reskilling studies. Pat curated the CFV secure software development and the cybersecurity curriculum and established the learning approach aligning widely recognized industry certification exams to meet the cyber talent needs of employers. Cyber Catalyst Talent Solutions offers job-focused microcredentialing and certifications in support of job placement. Tech Vets Canada engages veterans and military family members with career mentorship and learning support. Mark Wilcox, Cyber Training, Opportunities and Partnership at Cerco IT Ltd (U.K.) Mark has over 30 years of commercial software development experience, the majority of which has involved web technologies. Throughout his career, Mark has developed and supported complex systems for a range of clients, including the London Stock Exchange, Lloyds Bank, Ryman stationers, Debenhams, and Woolworths. In January 2022, Mark joined Cerco IT to head up the cybersecurity training and employment division. As a key architect of Cerco's Cradle to Cyber training program, an initiative to provide advanced network security skills to Cerco’s trained graduates (many of whom are ex-armed forces), Mark continues to forge relationships with internationally renowned tech and training partners, such as Fortinet and CompTIA. About Fortinet Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

Read More

Platform Security

BeyondID Introduces Identity-First Model for Zero Trust Maturity

PR Newswire | October 04, 2023

BeyondID, a leading managed identity solutions provider, today announced the industry's first solution that accurately conveys the true nature of identity within the zero trust security framework. BeyondID's Identity Fabric Model for Zero Trust promises optimal threat detection, investigation, and round-the-clock remediation via the BeyondID Security Operations Center (SOC). The Zero Trust Maturity Model by CISA has gained widespread acceptance and acknowledges the importance of identity as a pillar in modern security, but it undervalues the critical role of identity in ensuring security, stated Arun Shrestha, co-founder and CEO of BeyondID. The effectiveness of your security posture depends on how quickly and accurately you can detect behavioral discrepancies, as recent high-profile security breaches demonstrate. Zero trust cannot be achieved without identity as the fabric. BeyondID is the first managed identity services provider delivering a holistic approach to zero trust. Its Identity Fabric Model supports seamless user experience outcomes by implementing a strong digital identity strategy across the board from devices to network, to apps and workload, to data. This holistic approach ensures optimal threat detection, continuous compliance, risk mitigation, and a high return on IT and security investments. The company also announced that it can provide organizations with the breach protection they need, including a service that can identity, isolate and remediate threats in as little as seven days. Utilizing BeyondID's SOC enables companies to get their zero trust solution up and running quickly, offering 24x7 protection from the persistent threat of cybersecurity attacks. As an esteemed Okta Apex Partner and Okta's most trusted implementation ally, BeyondID is committed to modernizing identity management and digital transformation. BeyondID is launching its next-gen zero trust services at Oktane23. Oktane23 attendees will be offered an exclusive, complimentary Zero Trust Assessment. About BeyondID BeyondID is a leading managed identity services provider that the most successful brands trust to bring their digital identity strategies to life. BeyondID helps organizations streamline their adoption process and ensure their implementations are secure, agile, and future proof. A few of the valued customers that trust BeyondID to keep their organizations secure include ATN International, Discount Tire, Johnson Financial Group, Major League Baseball, Mayo Clinic, Northern Trust, TDECU, and VF Corp. More information about BeyondID can be found at www.BeyondID.com.

Read More

Data Security, Platform Security

Laminar Expands Data Security Platform with Support for Microsoft OneDrive and Google Drive

GlobeNewswire | August 31, 2023

Laminar, the leading data security posture management (DSPM) company, recently acquired by Rubrik, the Zero Trust Data Security™ Company, today announced that it has added support for Microsoft OneDrive and Google Drive. Customers can now use Laminar to continually discover overexposed and unprotected sensitive data in OneDrive and Google Drive, enabling proactive risk remediation and data leak detection. With this expanded support, organizations can safeguard sensitive data across their entire digital landscape, including major cloud service providers Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure as well as Snowflake, BigQuery, and other SaaS applications. As organizations increasingly leverage cloud file-sharing services like Google Drive and OneDrive for seamless data sharing and storage, the potential risks associated with data breaches, unauthorized access, and compliance violations have grown significantly. Data security and governance teams’ limited visibility into the contents of these files can lead to unprotected sensitive data. Additionally, unintentional file sharing and incorrect permissions can lead to oversharing internally and externally. To address these challenges, the Laminar Data Security Platform takes an agnostic approach to data security; discovering, classifying, and securing sensitive data as it moves across an organization’s digital environment, including collaborative cloud-based services. Laminar provides secure scanning, ensuring data is not removed from the customer environment. With the platform, data security and governance teams can see and secure enterprise data consistently across the entire digital landscape. "Today’s businesses are powered by cloud file-sharing services, which enable easy and rapid collaboration. This is why it is so critical to have a comprehensive approach to data security, so as to not leave these important files unprotected. With the integration of Microsoft OneDrive and Google Drive support into the Laminar Data Security Platform, we believe this is a giant step towards solving this sensitive data security challenge," said Amit Shaked, CEO and co-founder at Laminar. "We recognize that data security is a collective responsibility, encompassing every individual within an organization. Laminar is now positioned to provide an agile platform that safeguards sensitive information, no matter where it resides or whether it's utilized by developers, data scientists, or any employee across an organization." The news follows the acquisition of Laminar by Rubrik, the Zero Trust Data Security Company™. Together, Rubrik and Laminar create the industry’s first complete cyber resilience offering of its kind bringing together cyber recovery and posture across enterprise, cloud, and SaaS. About Laminar Laminar, a Rubrik company, combines cloud-native design with deep security expertise to provide the visibility and control organizations need to protect their most sensitive data. The Laminar Data Security Platform continuously discovers and classifies cloud data, structured and unstructured, across managed and self-hosted data stores, including unknown shadow data, without the data ever leaving your environment. It analyzes access, usage patterns, and security posture, and provides actionable, guided remediation for data security risk. Together, Rubrik and Laminar enable organizations to be even more proactive in the fight against cyberattacks and provide businesses with a complete cyber resilience solution. About Rubrik Rubrik is a cybersecurity company. We are the pioneer in Zero Trust Data Security™. Companies around the world rely on Rubrik for business resilience against cyber attacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine intelligence, enables our customers to secure data across their enterprise, cloud, and SaaS applications. We automatically protect data from cyber attacks, continuously monitor data risks, and quickly recover data and applications.

Read More

Platform Security

Fortinet Announces Formation of Veterans Program Advisory Council to Narrow the Cybersecurity Skills Gap with Military Veteran Talent

GlobeNewswire | September 29, 2023

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced it has formed the Veterans Program Advisory Council, made up of a global board of esteemed members from organizations that support the military veterans community across the Five Eyes countries: United States, United Kingdom, New Zealand, Canada, and Australia. Members will provide counsel on how Fortinet can continue meeting the needs of military veterans looking to transition into the cybersecurity field. Military veterans have many complementary skillsets that make them ideal candidates for cybersecurity roles, including discipline, problem-solving under immense pressure, situational awareness, and an understanding of the importance of maintaining a strong defense posture. With the industry facing a talent shortage with an estimated 3.4 million security roles needing to be filled worldwide, the veteran community can play a key role in filling critical cyber roles with access to training, mentorship, and employment opportunities. Yet, the Fortinet 2023 Cybersecurity Skills Gap Global Research Report found that 43% of organizations indicated difficulty in recruiting qualified veterans for cybersecurity roles. At the same time, veteran turnover is high in the industry, with one key reason being the shortage of staff, leading to overwork and burnout. To further address these hurdles veterans face, the esteemed members of the Veterans Program Advisory Council with extensive backgrounds working with the military veteran community and as veterans themselves will help Fortinet strengthen its Veterans Program offerings by providing guidance on how to continue reskilling and upskilling veterans so they can start and stay in various cyber career pathways. Veterans Program Advisory Council members (listed in alphabetical order) include: Chris Barlow, Managing Director at Cerco IT Ltd (U.K.) Marty Donoghue, Chief Executive of the RNZRSA (New Zealand) Colin Grimes, Training Coordinator of TechVets Programme, The Forces Employment Charity (U.K.) Tom Marsland, Board Chairman and CEO at VetSec, Inc. (U.S.) Heath Moodie, Director of Vets in Cyber (Australia) James Murphy, Director of TechVets Programme, The Forces Employment Charity (U.K.) Bryan Radliff, CyberVets Program Manager at Onward to Opportunity, D’Aniello Institute for Veterans and Military Families (U.S.) Patrick Shaw, Founder of Cyber Catalyst (Canada) Mark Wilcox, Head of Cyber Training, Permanent Opportunities and Partnership at Cerco IT Ltd (U.K.) Fortinet’s Commitment to Supporting Veterans to Close the Cyber Skills Gap The Veterans Program Advisory Council will help build on the Veterans Program's success in providing more cybersecurity training pathways for military veterans with both existing technical background or no IT experience. Fortinet provides Veterans Program members access to its Network Security Experts (NSE) Certification Program curriculum to help them transition into the cybersecurity field and advance in their security careers through access to cyber training, professional development resources, and employment opportunities. This year, the Veterans Program is celebrating five years of helping military service members, veterans, and military spouses receive the fundamental resources they need to transition into cyber roles. Fortinet has also been recognized as a 2023 VETS Indexes Recognized Employer, further underscoring the company’s commitment to supporting the veteran community throughout their careers. Veterans Program Advisory Council Members Biographies Chris Barlow, Managing Director at Cerco IT Ltd (U.K.) Chris Barlow joined Cerco in 2003, and has since established a recruitment division for graduates through Cerco Training, a large proportion of which were British forces veterans. Chris acquired the entire business in 2017, and the company has continued to grow, prosper, and develop further. The vision for Cerco is to become a market leader in taking novice talent and guiding them to the highest levels of IT support and cybersecurity. Chris has made employment connections for new engineers with global IT companies such as Fujitsu, Hewlett-Packard, and IBM. Marty Donoghue, Chief Executive of the RNZRSA (New Zealand) Marty Donoghue has been chief executive of the RNZRSA since October 2020. Marty has a 35-year track record of transformational leadership, successfully building and managing teams and mobilizing volunteers in New Zealand and internationally across defense, sport, science, and in the not-for-profit sector. Marty served in the New Zealand Army for 25 years and is a veteran of Bosnia, Angola, Bougainville, and Iraq. Colin Grimes, Training Coordinator of TechVets Programme, The Forces Employment Charity (U.K.) Colin Grimes joined TechVets from the education sphere, where he worked as a primary school teacher with particular responsibility for computing across the curriculum. During his time in education, he also worked as a consultant to schools for the National Centre of Computing Education, delivering training to schools in computing and remote learning, leaning on lessons learned during the COVID-19 pandemic. Before this, he enjoyed a 24-year career as an air battle management specialist in the Royal Air Force. He also served as an instructor within the U.K. School of Air Battle Management, where he was responsible for training the next generation of air surveillance specialists. Tom Marsland, Board Chairman and CEO at VetSec, Inc (U.S.) Tom Marsland is a cybersecurity professional with over 21 years of experience in the information technology and nuclear power industry. He has also served over 21 years in the U.S. Navy and has a BS in IT security and an MS in cybersecurity. He is the board chairman of VetSec and the VP of technology and technical services at Cloud Range. Heath Moodie, Director of Vets in Cyber (Australia) Heath is the director of Vets in Cyber, where he is helping to build a mentoring program, running community events, and partnering with industry-leading training providers to offer employment assistance to veterans. As a five-year Australian Army infantry veteran, Heath transitioned into cybersecurity and was immediately confronted with the different cultures between the military community and civilian life. Wanting to be the change that he needed, Heath created a grassroots organization, Vets in Cyber, which is focused on helping to build a community around veterans to offer them the support they need within the cybersecurity industry. James Murphy, Director of TechVets Programme, The Forces Employment Charity (U.K.) James Murphy joined TechVets from Government Digital Services in the Cabinet Office, where he was employed as the head of threat intelligence, providing strategic cyber threat intelligence advice to key decision makers within central government with specific focus on protecting national infrastructure. Prior to this, James served for 19 years in the British military, deploying to Northern Ireland, East Africa, and Afghanistan with the infantry, receiving lifelong injuries as a result of enemy action. James then served the remainder of his service in intelligence, developing the army’s exploitation capability, providing support to U.K. Defence Engagement in East Asia before delivering strategic support to global joint military operations.​ Bryan Radliff, CyberVets Program Manager at Onward to Opportunity (O2O) (U.S.) Bryan Radliff serves as the CyberVets program manager in the Onward to Opportunity Program for the D’Aniello Institute for Veterans and Military Families (IVMF) at Syracuse University. CyberVets is a skills-to-job pathway that aims to fast-track veterans into high-demand cyber careers by providing no-cost employment training, industry certifications, and career services to transitioning service members, veterans, and military spouses. Bryan is a 31-year veteran of the U.S. Army, serving as an enlisted medical supply specialist, infantryman, and an armor/cavalry officer before retiring as a lieutenant colonel. Patrick Shaw, Founder of Cyber Catalyst and Tech Vets (Canada) Founder of Cyber Catalyst and co-founder of Coding For Veterans (CFV), Pat initiated Cyber Catalyst Talent Solutions to assist veterans achieve meaningful and rewarding careers using the skills developed through their upskilling or reskilling studies. Pat curated the CFV secure software development and the cybersecurity curriculum and established the learning approach aligning widely recognized industry certification exams to meet the cyber talent needs of employers. Cyber Catalyst Talent Solutions offers job-focused microcredentialing and certifications in support of job placement. Tech Vets Canada engages veterans and military family members with career mentorship and learning support. Mark Wilcox, Cyber Training, Opportunities and Partnership at Cerco IT Ltd (U.K.) Mark has over 30 years of commercial software development experience, the majority of which has involved web technologies. Throughout his career, Mark has developed and supported complex systems for a range of clients, including the London Stock Exchange, Lloyds Bank, Ryman stationers, Debenhams, and Woolworths. In January 2022, Mark joined Cerco IT to head up the cybersecurity training and employment division. As a key architect of Cerco's Cradle to Cyber training program, an initiative to provide advanced network security skills to Cerco’s trained graduates (many of whom are ex-armed forces), Mark continues to forge relationships with internationally renowned tech and training partners, such as Fortinet and CompTIA. About Fortinet Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

Read More

Platform Security

BeyondID Introduces Identity-First Model for Zero Trust Maturity

PR Newswire | October 04, 2023

BeyondID, a leading managed identity solutions provider, today announced the industry's first solution that accurately conveys the true nature of identity within the zero trust security framework. BeyondID's Identity Fabric Model for Zero Trust promises optimal threat detection, investigation, and round-the-clock remediation via the BeyondID Security Operations Center (SOC). The Zero Trust Maturity Model by CISA has gained widespread acceptance and acknowledges the importance of identity as a pillar in modern security, but it undervalues the critical role of identity in ensuring security, stated Arun Shrestha, co-founder and CEO of BeyondID. The effectiveness of your security posture depends on how quickly and accurately you can detect behavioral discrepancies, as recent high-profile security breaches demonstrate. Zero trust cannot be achieved without identity as the fabric. BeyondID is the first managed identity services provider delivering a holistic approach to zero trust. Its Identity Fabric Model supports seamless user experience outcomes by implementing a strong digital identity strategy across the board from devices to network, to apps and workload, to data. This holistic approach ensures optimal threat detection, continuous compliance, risk mitigation, and a high return on IT and security investments. The company also announced that it can provide organizations with the breach protection they need, including a service that can identity, isolate and remediate threats in as little as seven days. Utilizing BeyondID's SOC enables companies to get their zero trust solution up and running quickly, offering 24x7 protection from the persistent threat of cybersecurity attacks. As an esteemed Okta Apex Partner and Okta's most trusted implementation ally, BeyondID is committed to modernizing identity management and digital transformation. BeyondID is launching its next-gen zero trust services at Oktane23. Oktane23 attendees will be offered an exclusive, complimentary Zero Trust Assessment. About BeyondID BeyondID is a leading managed identity services provider that the most successful brands trust to bring their digital identity strategies to life. BeyondID helps organizations streamline their adoption process and ensure their implementations are secure, agile, and future proof. A few of the valued customers that trust BeyondID to keep their organizations secure include ATN International, Discount Tire, Johnson Financial Group, Major League Baseball, Mayo Clinic, Northern Trust, TDECU, and VF Corp. More information about BeyondID can be found at www.BeyondID.com.

Read More

Data Security, Platform Security

Laminar Expands Data Security Platform with Support for Microsoft OneDrive and Google Drive

GlobeNewswire | August 31, 2023

Laminar, the leading data security posture management (DSPM) company, recently acquired by Rubrik, the Zero Trust Data Security™ Company, today announced that it has added support for Microsoft OneDrive and Google Drive. Customers can now use Laminar to continually discover overexposed and unprotected sensitive data in OneDrive and Google Drive, enabling proactive risk remediation and data leak detection. With this expanded support, organizations can safeguard sensitive data across their entire digital landscape, including major cloud service providers Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure as well as Snowflake, BigQuery, and other SaaS applications. As organizations increasingly leverage cloud file-sharing services like Google Drive and OneDrive for seamless data sharing and storage, the potential risks associated with data breaches, unauthorized access, and compliance violations have grown significantly. Data security and governance teams’ limited visibility into the contents of these files can lead to unprotected sensitive data. Additionally, unintentional file sharing and incorrect permissions can lead to oversharing internally and externally. To address these challenges, the Laminar Data Security Platform takes an agnostic approach to data security; discovering, classifying, and securing sensitive data as it moves across an organization’s digital environment, including collaborative cloud-based services. Laminar provides secure scanning, ensuring data is not removed from the customer environment. With the platform, data security and governance teams can see and secure enterprise data consistently across the entire digital landscape. "Today’s businesses are powered by cloud file-sharing services, which enable easy and rapid collaboration. This is why it is so critical to have a comprehensive approach to data security, so as to not leave these important files unprotected. With the integration of Microsoft OneDrive and Google Drive support into the Laminar Data Security Platform, we believe this is a giant step towards solving this sensitive data security challenge," said Amit Shaked, CEO and co-founder at Laminar. "We recognize that data security is a collective responsibility, encompassing every individual within an organization. Laminar is now positioned to provide an agile platform that safeguards sensitive information, no matter where it resides or whether it's utilized by developers, data scientists, or any employee across an organization." The news follows the acquisition of Laminar by Rubrik, the Zero Trust Data Security Company™. Together, Rubrik and Laminar create the industry’s first complete cyber resilience offering of its kind bringing together cyber recovery and posture across enterprise, cloud, and SaaS. About Laminar Laminar, a Rubrik company, combines cloud-native design with deep security expertise to provide the visibility and control organizations need to protect their most sensitive data. The Laminar Data Security Platform continuously discovers and classifies cloud data, structured and unstructured, across managed and self-hosted data stores, including unknown shadow data, without the data ever leaving your environment. It analyzes access, usage patterns, and security posture, and provides actionable, guided remediation for data security risk. Together, Rubrik and Laminar enable organizations to be even more proactive in the fight against cyberattacks and provide businesses with a complete cyber resilience solution. About Rubrik Rubrik is a cybersecurity company. We are the pioneer in Zero Trust Data Security™. Companies around the world rely on Rubrik for business resilience against cyber attacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine intelligence, enables our customers to secure data across their enterprise, cloud, and SaaS applications. We automatically protect data from cyber attacks, continuously monitor data risks, and quickly recover data and applications.

Read More

Events