Information Security Awareness Training Video: "TMI: Too Much Information"

N/A | 101 views

The Higher Education Information Security Council (HEISC), along with EDUCAUSE and Internet2, held its annual Information Security Awareness Video & Poster Contest, an event that allows college students to win prizes, gain experience, and earn recognition by creating a PSA about information security.
HEISC works to improve information security & privacy programs across the higher education sector

Spotlight

Getronics

Getronics is a global ICT service provider with an extensive history that extends over 130 years and is majority owned by Bottega InvestCo S.à r.l. With nearly 9,000 employees in 23 countries across Europe, Asia Pacific and North America, and in Latin America under the Connectis brand, Getronics brings a strong capability and expertise in Workspace, Applications, Unified Communications and Managed Cloud services to provide a pro-active, end-to-end portfolio to enable the digital user – business or consumer, in both public and private sector.

OTHER ARTICLES
PLATFORM SECURITY

Top 5 Tactics for Improving Cloud Security Hygiene for Businesses

Article | July 29, 2022

In the past couple of years, the world has gone through a rapid digital transformation, which has led to a deeper penetration of modern technologies such as cloud computing, artificial intelligence, data analytics, and others. As a result, smart businesses are shifting their digital resources to the cloud to benefit from features such as streamlined operations, centralized data storage, increased operational flexibility, and hassle-free data transition. As per a study conducted in 2022, nearly 94% of businesses around the world are using at least one cloud service. Every enterprise possesses large volumes of sensitive data, including financial statements, business designs, employees’ identity information, and others. As organizations worldwide migrate from on-premises working to a remote working model, more data is being stored in the cloud than ever before, making cloud security one of the most crucial aspects for businesses today. 5 Proven Tips to Strengthen Cloud Security Hygiene for Businesses With the advent of cloudification and the increasing use of cloud-based applications, the prevalence of cybercrime has increased significantly. For instance, in the wake of the COVID-19 outbreak, there has been a significant spike in cybercrime, with reports of a 600% increase in malicious emails. Furthermore, a report from the United Nations says that cybercrime will cost the world economy $10.5 trillion every year by 2025. Even though cloud networks, such as Google Cloud, Microsoft Azure, and Amazon Web Services, have their own data protection measures for securing the cloud services they provide, it does not mean that businesses utilizing these services should rely solely on their security measures and not consider adopting additional measures. So what are the tactics modern businesses should adopt to improve cloud security hygiene? Let’s see: Deploy Multi-Factor Authentication (MFA) When it comes to keeping hackers out of user accounts and protecting sensitive data and applications used to run a business online, the traditional username and password combination is often not enough. Leverage MFA to prevent hackers from accessing your cloud data and ensure only authorized personnel can log in to your cloud applications and critical data in your on- or off-premise environment. MFA is one of the most affordable yet highly effective controls to strengthen your business's cloud security. Manage Your User Access It is crucial for your business to ensure adequate permissions are in place to protect sensitive data stored on cloud platforms. Not all employees need access to certain applications and documents. To improve your cloud security and prevent unauthorized access, you need to establish access rights. This not only helps prevent unauthorized employees from accidentally editing sensitive company data but also protects your company from hackers who have stolen an employee's credentials. Monitor End User Activities Real-time analysis and monitoring of end-user activity can help you detect anomalies that depart from usual usage patterns, such as logging in from a previously unknown IP address or device. Identifying these out-of-the-ordinary events can stop hackers and allow you to rectify security before they cause mayhem. Create a Comprehensive Off-boarding Process After an employee leaves your firm, they should no longer have access to any company resources, including cloud storage, systems, data, customers, or intellectual property. Unfortunately, completing this vital security duty is sometimes put off until several days or weeks after an employee has left. Since every employee is likely to have access to a variety of cloud platforms and applications, a systemized deprovisioning procedure can assist you in ensuring that all access permissions for each departing employee are revoked and prevent information leaks. Provide Regular Anti-Phishing Training to Employees Hackers can acquire access to protected information by stealing employees' login credentials using social engineering techniques such as phishing, internet spoofing, and social media spying. As a result, cybersecurity has now become a collective responsibility, making comprehensive anti-phishing training necessary to educate your employees about these threats. As unscrupulous hackers frequently come up with new phishing scams by the day, regular anti-phishing training is essential for developing formidable cloud security. Bottom Line Cloud security hygiene no longer consists solely of strong passwords and security checks. Instead, it is a series of innovative procedures that organizations use nowadays to leverage cloud networks. With more businesses moving towards the cloud and cyberattacks on the rise, it is the responsibility of your organization to remain vigilant and protect itself from cyberattacks.

Read More
PLATFORM SECURITY

A Look at Cryptographic Use Case Trends Around the World

Article | July 11, 2022

Securing data, assets, and transactions is ever critical especially now with increased innovation, customer demand, and the need to navigate a complex regulatory landscape — not to mention staying ahead of evolving cyber threats. As a result, organizations of all sizes and in every country around the world require implementing cryptography solutions to help secure everyday business. This includes managing and securing transactions, managing encryption keys, authenticating identities, providing message integrity, and encrypting data and applications. From the largest global banks and payment processors that process thousands of transactions a second to the micro merchants that are newly accepting payments, cryptography works behind the scenes to ensure payments are secure and sensitive information is protected. Whenever and wherever cryptography is at work, organizations turn to either hardware or cloud options (or a combination of both) to ensure data and transactions are secure and compliant. Common cryptographic themes across industries and across countries: 1. Cloud adoption is happening across the board with payment processing taking the lead 2. Smaller FinTechs are innovating big time 3. Companies are continually seeking help to meet regulations, especially when it comes to data localization Since writing Cryptographic Management Trends Around the Globe, I talked again with Futurex team members from our offices around the world, including Ruchin Kumar, vice president, South Asia; Mark Howland, senior business development, EMEA; and Santos Campa, vice president, LAC, for more cryptographic insights and perspectives, including drilling down on cryptographic use cases to see what’s similar and what’s unique across regions. Let’s take a look at each region: South Asia, EMEA, and LAC. South Asia: Payment Ecosystem Thriving in South Asia Ruchin Kumar emphasized that the payment ecosystem in South Asia, particularly India, is thriving — indicating that financial services are the largest consumers of hardware security modules (HSMs) and cryptography in the entire region. HSMs play an important role in South Asia, securing the root of trust, keeping the private keys secure, managing Public Key Infrastructures (PKIs), and managing digital signing for non-repudiation and message integrity. In fact, he said, India represents almost 95% of HSM use cases in all of South Asia. Payment systems and securing payments go hand-in-hand with the standards and regulations required for payments/financial services. These include regulations set by Unique Identification of India (UIDAI), National Payments Corporation of India (NPCI), Payments Council of India (PCI), Information Technology Act of India, 2000 and its amendments 2008/2011/2016. Kumar sees organizations use general purpose HSMs for digital signing for non-repudiation and message integrity and payment HSMs used for acquiring, switching, card issuance, green PIN, and other payment application security needs (these types of HSMs are required by regulations). What’s on the horizon? From Kumar’s perspective, organizations are doing a lot of testing and evaluation for cryptography inclusion in their infrastructure and many organizations are looking into tokenization for security and agility, especially with Internet of Things (IoT), blockchain, and AI emerging. Additionally, remote key loading is becoming more sought after because every device in the field these days — ATMs, point-of-sale devices, handheld devices — requires key exchange with centralized servers. Companies in South Asia See Cryptography-as-a-Service and Local Data Centers Critical for Data Residency and Localization Over the past two years, most organizations in South Asia have adopted the cloud on a large scale, including using the cloud as a resource to host their critical applications. Security has played a big role in this cloud migration, with organizations wanting to retain ownership and control of their encryption keys. As a result, many organizations have turned to Futurex’s VirtuCrypt cloud HSM and key management service for both security and meeting regulatory compliance. Futurex’s data centers in India West and India Central help to power cryptographic automation, speed, latency, and data residency and data localization. “Local data centers provide customers a lot of assurance in terms of data residency, data localization, and key localization, which earlier was a barrier to move to the cloud. Now that Futurex’s cryptography services are hosted within Indian geography, we have seen a big difference in organizations migrating to HSM-as-a-service,” says Kumar. India is well-known as a FinTech hub for start-ups and innovation, with many unicorns emerging, according to Kumar. Progressive companies look to service-based, OpEx models for their applications as well as for cryptography. OpEx models offer flexibility, money savings, and serve as a resource for those needing help with cryptographic management. EMEA: Cloud and Payments Dominate HSM Use in Europe, Middle East, and Africa Cloud adoption is also rapidly increasing in EMEA, with many organizations looking to HSM virtualization technology, especially for payment applications. According to Mark Howland, “Customers are asking, ‘can we cut down our use of hardware, our reliance on hardware, and have the payment applications that we are heavily invested in, spun up and spun down seasonally?” Howland notes that smaller companies and VC-backed companies are more nimble and lean toward innovation by implementing such things as cryptography-as-a-service to meet PCI regulations. The early adopters are those organizations in the finance and payment industry, as consumer demand and pandemic adjustments have led to innovative payment processing including mobile payments and SoftPOS. Like South Asia, smaller companies including those in financial software and services, see the value of OpEx-based HSM cloud services, such as Futurex’s VirtuCrypt. Organizations across EMEA are deploying HSMs for POS key management, PIN management, and virtualization. What’s ahead? Howland sees that many organizations are, again, moving to a service-based model, looking at application encryption, encrypting data at rest, and the overall protection of data in all industry sectors, not just traditional high-security finance customers. LAC: Trends in Cryptography Use in Latin America and the Caribbean What’s trending in LAC? According to Santos Campa, he is seeing a mixture of both on-premises cryptographic architecture and cloud payment demands. Several banks already have a huge investment in their hardware infrastructure — their own data centers, racks, servers, etc. However, at least 35% of customers are converting from these on-premises architectures to cloud HSMs. Many are opening new branches or are creating new FinTechs inside their organizations. “We’re seeing the majority of organizations moving to the cloud, or at least moving part of their operations to the cloud,” says Campa. “It's very important for many organizations to keep control and management of the key lifecycle.” Again, much like other parts of the world, the financial sector is the big mover and shaker in terms of cryptographic implementations, using cryptography for PIN validation, key management, and tokenization. According to Campa, the cloud continues to be very important and beneficial, especially the ability to integrate cloud payment HSMs with the public cloud including AWS, Azure, and Google. As organizations are adding new models, such as transaction processing models, a must-have is a secure, compliant cryptographic solution — compliant with PCI and local and regional regulations throughout Latin America — that will allow them to scale. A nice-to-have is an OpEx option to give flexibility and cost savings. Pandemic trends have paved the way to make cryptographic management more streamlined — such as visualization and remote key management — and not needing to physically go to the data center. “Organizations are looking to a cryptographic platform that is future-proofed, one that is going to provide the best quality of service and support in the market,” says Campa. All around the globe, organizations are looking to innovate payments and embrace the cloud, keeping security, agility, and cryptography top of mind.

Read More
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | August 20, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | February 12, 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

Spotlight

Getronics

Getronics is a global ICT service provider with an extensive history that extends over 130 years and is majority owned by Bottega InvestCo S.à r.l. With nearly 9,000 employees in 23 countries across Europe, Asia Pacific and North America, and in Latin America under the Connectis brand, Getronics brings a strong capability and expertise in Workspace, Applications, Unified Communications and Managed Cloud services to provide a pro-active, end-to-end portfolio to enable the digital user – business or consumer, in both public and private sector.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Keeper Security Announces StateRAMP Authorization

Keeper Security | December 08, 2022

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, today announced that the company has obtained StateRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC). The nationwide StateRAMP cybersecurity verification program promotes the adoption of secure cloud services across state and local governments by providing a standardized approach to security and risk assessment for cloud technologies. StateRAMP Authorization differentiates KSGC from its competitors as the best in class zero-trust and zero-knowledge security solution for state and local governments, as well as higher-educational institutions, to protect their passwords, data, and secrets. StateRAMP Authorization enables these governments and organizations to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations. It allows them to leverage Keeper's password management and cybersecurity platform on an institution-wide scale with confidence that the solution meets strict standardized security requirements. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent security and compliance requirements. Keeper's StateRAMP Authorization comes on the heels of KSGC achieving FedRAMP Authorization at the Moderate Impact Level in August 2022. While StateRAMP Authorization typically takes two years to complete, KSGC's existing FedRAMP Authorization accelerated the certification. To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. Now, KSGC is the first and only FedRAMP and StateRAMP Authorized password management platform in the industry. "We are proud to bring Keeper's password management and cybersecurity platform to StateRAMP Authorized status, and thrilled to be the first FedRAMP and StateRAMP Authorized password management platform. "KSGC's StateRAMP Authorization underscores our dedication to the highest standards of internal security controls and encryption. Keeper is eager to help state and local governments and higher-educational institutions protect their digital assets from ransomware, data breaches and other password-related cyberattacks." Darren Guccione, CEO and Co-Founder of Keeper Security Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC. KSGC's FedRAMP and StateRAMP Authorizations follow a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data. About Keeper Security Keeper Security is transforming the way organizations of all sizes secure their passwords, secrets and confidential information. Keeper's easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device, while meeting the most stringent government security and compliance requirements. Keeper is SOC 2 and ISO 27001 certified, FIPS 140-2 validated, FedRAMP and StateRAMP Authorized. Trusted by federal agencies including the Departments of Justice and Energy, Keeper is the leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Cymulate Integrates with the Trend Micro Vision One XDR Platform

Cymulate | December 07, 2022

Cymulate, the market leader in Threat Exposure Assessment and Cybersecurity Controls Validation, today announced a new technology integration with Trend Micro, a global cybersecurity leader, which reduces risk related to cyber threats. In addition to joining the Trend Micro Vision One ecosystem partner program, the company has completed the technology integration of its cybersecurity risk validation and exposure management solution with the Trend Micro Vision One XDR platform. The collaboration will correlate simulated attacks with ongoing events and alerts, enhancing the security control environment and management against malicious behavior and real and simulated malware. Today's malicious actors are becoming increasingly sophisticated in their execution of attacks. As a result, organizations must have measures in place to protect their network and ensure they are constantly monitoring their environment for new threats. Together, the integrated Cymulate and Trend Micro Vision One XDR solution provides comprehensive protection against cyber threats and strengthens an organization's security posture with the following benefits: Automated and continuous security validation across the entire attack kill-chain Ongoing simulation that operationalizes the MITRE ATT&CK framework Creating auto remediation playbooks to new threats and attack vectors Configuration of Trend Micro's XDR policies to Cymulate's actionable remediation guidance "Cyberattacks are not showing any signs of slowing down and need a united front from security providers to combat them. "We are delighted to be partnering with Trend Micro so that businesses can better understand any weaknesses in their security posture and optimize their existing security infrastructure to better protect their organizations." Carolyn Crandall, chief security advocate at Cymulate "Security validation is an essential step for organizations to take towards cyber resilience," said Jon Clay, vice president of threat intelligence at Trend Micro. "Integrating our solutions with Cymulate is an exciting milestone for us. This new offering will significantly strengthen the risk assessment capability and provide enhanced seamless protection for mission-critical environments through ongoing simulated attacks deployed alongside events and alerts coming from Trend Micro." Cymulate's platform is recognized for its ability to continuously test a business's security posture against immediate threats and to validate whether security controls are functioning properly to stop in-network activities tied to execution methods, OS manipulation, data manipulation, lateral movement, data exfiltration, and other actions that inform on how bad the incursion or breach might be. The breadth and depth of this platform have earned it recognition as the gold standard for continuous threat exposure management (CTEM) programs, an emerging security program that was coined by Gartner, Inc. About Cymulate Cymulate's continuous risk validation and exposure management platform provides security professionals with the ability to continuously challenge, validate and optimize their on-premises and cloud cyber-security posture with visualization end-to-end across the MITRE ATT&CK® framework. The platform provides automated, expert and threat intelligence led risk assessments that are simple to deploy and use for organizations of all cybersecurity maturity levels. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies. About Trend Micro Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Palo Alto Networks Announces Medical IoT Security to Protect Connected Devices Critical to Patient Care

Palo Alto Networks | December 05, 2022

As healthcare providers use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function. Today, Palo Alto Networks (NASDAQ: PANW) announced Medical IoT Security — the most comprehensive Zero Trust security solution for medical devices — enabling healthcare organizations to deploy and manage new connected technologies quickly and securely. Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by continuously verifying every user and device. "The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organizations had known security gaps. "This makes security devices an attractive target for cyberattackers, potentially exposing patient data and ultimately putting patients at risk." Anand Oswal, senior vice president of products, network security at Palo Alto Networks While a Zero Trust approach is critical to help protect medical devices against today's innovative cyberthreats, it can be hard to implement in practice. Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a seamless, simplified manner. Medical IoT Security also provides best-in-class threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering. The new Palo Alto Networks Medical IoT Security uses machine learning (ML) to enable healthcare organizations to: Create device rules with automated security responses: Easily create rules that monitor devices for behavioral anomalies and automatically trigger appropriate responses. For example, if a medical device that typically only sends small amounts of data unexpectedly begins to use a lot of bandwidth, the device can be cut off from the internet and security teams can be alerted. Automate Zero Trust policy recommendations and enforcement: Enforce recommended least-privileged access policies for medical devices with one click using Palo Alto Networks Next-Generation Firewalls or supported network enforcement technologies. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices with the same profile. Understand device vulnerabilities and risk posture: Access each medical device's Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This mapping helps identify the software libraries used on medical devices and any associated vulnerabilities. Get immediate insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorized external website communication. Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations. Verify network segmentation: Visualize the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorized systems. Simplify operations: Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, helps automate workflows. Healthcare organizations are using Palo Alto Networks products to secure the devices that deliver cutting-edge care to millions of patients all over the world. "Establishing and maintaining acute situational awareness of the Internet of Medical Things (IoMT) environment is paramount to establishing an effective enterprise cybersecurity program. The ability to accurately detect, identify and respond to cyber threats is critical to ensuring minimal operational impact to clinical operations during a cyber event," said Tony Lakin, CISO, Moffitt Cancer Center. "Palo Alto Networks IoT capability seamlessly integrates with our continuous monitoring processes and threat-hunting operations. The platform consistently provides my teams with actionable information to allow them to proactively manage the threat surface of our medical device portfolio." "With thousands of devices to manage, healthcare environments are extremely complex and require intelligent security solutions capable of doing more. Palo Alto Networks understands this requirement and is leveraging machine learning (ML) for Medical IoT security. Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage," said Bob Laliberte, principal analyst, ESG. "Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases. The ability to defend against threats targeting critical care devices while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is quickly becoming a necessity for the protection of patient data and lives," said Ed Lee, research director, IoT and Intelligent Edge Security, IDC. About Palo Alto Networks Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Keeper Security Announces StateRAMP Authorization

Keeper Security | December 08, 2022

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, today announced that the company has obtained StateRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC). The nationwide StateRAMP cybersecurity verification program promotes the adoption of secure cloud services across state and local governments by providing a standardized approach to security and risk assessment for cloud technologies. StateRAMP Authorization differentiates KSGC from its competitors as the best in class zero-trust and zero-knowledge security solution for state and local governments, as well as higher-educational institutions, to protect their passwords, data, and secrets. StateRAMP Authorization enables these governments and organizations to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations. It allows them to leverage Keeper's password management and cybersecurity platform on an institution-wide scale with confidence that the solution meets strict standardized security requirements. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent security and compliance requirements. Keeper's StateRAMP Authorization comes on the heels of KSGC achieving FedRAMP Authorization at the Moderate Impact Level in August 2022. While StateRAMP Authorization typically takes two years to complete, KSGC's existing FedRAMP Authorization accelerated the certification. To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. Now, KSGC is the first and only FedRAMP and StateRAMP Authorized password management platform in the industry. "We are proud to bring Keeper's password management and cybersecurity platform to StateRAMP Authorized status, and thrilled to be the first FedRAMP and StateRAMP Authorized password management platform. "KSGC's StateRAMP Authorization underscores our dedication to the highest standards of internal security controls and encryption. Keeper is eager to help state and local governments and higher-educational institutions protect their digital assets from ransomware, data breaches and other password-related cyberattacks." Darren Guccione, CEO and Co-Founder of Keeper Security Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC. KSGC's FedRAMP and StateRAMP Authorizations follow a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data. About Keeper Security Keeper Security is transforming the way organizations of all sizes secure their passwords, secrets and confidential information. Keeper's easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device, while meeting the most stringent government security and compliance requirements. Keeper is SOC 2 and ISO 27001 certified, FIPS 140-2 validated, FedRAMP and StateRAMP Authorized. Trusted by federal agencies including the Departments of Justice and Energy, Keeper is the leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Cymulate Integrates with the Trend Micro Vision One XDR Platform

Cymulate | December 07, 2022

Cymulate, the market leader in Threat Exposure Assessment and Cybersecurity Controls Validation, today announced a new technology integration with Trend Micro, a global cybersecurity leader, which reduces risk related to cyber threats. In addition to joining the Trend Micro Vision One ecosystem partner program, the company has completed the technology integration of its cybersecurity risk validation and exposure management solution with the Trend Micro Vision One XDR platform. The collaboration will correlate simulated attacks with ongoing events and alerts, enhancing the security control environment and management against malicious behavior and real and simulated malware. Today's malicious actors are becoming increasingly sophisticated in their execution of attacks. As a result, organizations must have measures in place to protect their network and ensure they are constantly monitoring their environment for new threats. Together, the integrated Cymulate and Trend Micro Vision One XDR solution provides comprehensive protection against cyber threats and strengthens an organization's security posture with the following benefits: Automated and continuous security validation across the entire attack kill-chain Ongoing simulation that operationalizes the MITRE ATT&CK framework Creating auto remediation playbooks to new threats and attack vectors Configuration of Trend Micro's XDR policies to Cymulate's actionable remediation guidance "Cyberattacks are not showing any signs of slowing down and need a united front from security providers to combat them. "We are delighted to be partnering with Trend Micro so that businesses can better understand any weaknesses in their security posture and optimize their existing security infrastructure to better protect their organizations." Carolyn Crandall, chief security advocate at Cymulate "Security validation is an essential step for organizations to take towards cyber resilience," said Jon Clay, vice president of threat intelligence at Trend Micro. "Integrating our solutions with Cymulate is an exciting milestone for us. This new offering will significantly strengthen the risk assessment capability and provide enhanced seamless protection for mission-critical environments through ongoing simulated attacks deployed alongside events and alerts coming from Trend Micro." Cymulate's platform is recognized for its ability to continuously test a business's security posture against immediate threats and to validate whether security controls are functioning properly to stop in-network activities tied to execution methods, OS manipulation, data manipulation, lateral movement, data exfiltration, and other actions that inform on how bad the incursion or breach might be. The breadth and depth of this platform have earned it recognition as the gold standard for continuous threat exposure management (CTEM) programs, an emerging security program that was coined by Gartner, Inc. About Cymulate Cymulate's continuous risk validation and exposure management platform provides security professionals with the ability to continuously challenge, validate and optimize their on-premises and cloud cyber-security posture with visualization end-to-end across the MITRE ATT&CK® framework. The platform provides automated, expert and threat intelligence led risk assessments that are simple to deploy and use for organizations of all cybersecurity maturity levels. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies. About Trend Micro Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Palo Alto Networks Announces Medical IoT Security to Protect Connected Devices Critical to Patient Care

Palo Alto Networks | December 05, 2022

As healthcare providers use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function. Today, Palo Alto Networks (NASDAQ: PANW) announced Medical IoT Security — the most comprehensive Zero Trust security solution for medical devices — enabling healthcare organizations to deploy and manage new connected technologies quickly and securely. Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by continuously verifying every user and device. "The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organizations had known security gaps. "This makes security devices an attractive target for cyberattackers, potentially exposing patient data and ultimately putting patients at risk." Anand Oswal, senior vice president of products, network security at Palo Alto Networks While a Zero Trust approach is critical to help protect medical devices against today's innovative cyberthreats, it can be hard to implement in practice. Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a seamless, simplified manner. Medical IoT Security also provides best-in-class threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering. The new Palo Alto Networks Medical IoT Security uses machine learning (ML) to enable healthcare organizations to: Create device rules with automated security responses: Easily create rules that monitor devices for behavioral anomalies and automatically trigger appropriate responses. For example, if a medical device that typically only sends small amounts of data unexpectedly begins to use a lot of bandwidth, the device can be cut off from the internet and security teams can be alerted. Automate Zero Trust policy recommendations and enforcement: Enforce recommended least-privileged access policies for medical devices with one click using Palo Alto Networks Next-Generation Firewalls or supported network enforcement technologies. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices with the same profile. Understand device vulnerabilities and risk posture: Access each medical device's Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This mapping helps identify the software libraries used on medical devices and any associated vulnerabilities. Get immediate insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorized external website communication. Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations. Verify network segmentation: Visualize the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorized systems. Simplify operations: Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, helps automate workflows. Healthcare organizations are using Palo Alto Networks products to secure the devices that deliver cutting-edge care to millions of patients all over the world. "Establishing and maintaining acute situational awareness of the Internet of Medical Things (IoMT) environment is paramount to establishing an effective enterprise cybersecurity program. The ability to accurately detect, identify and respond to cyber threats is critical to ensuring minimal operational impact to clinical operations during a cyber event," said Tony Lakin, CISO, Moffitt Cancer Center. "Palo Alto Networks IoT capability seamlessly integrates with our continuous monitoring processes and threat-hunting operations. The platform consistently provides my teams with actionable information to allow them to proactively manage the threat surface of our medical device portfolio." "With thousands of devices to manage, healthcare environments are extremely complex and require intelligent security solutions capable of doing more. Palo Alto Networks understands this requirement and is leveraging machine learning (ML) for Medical IoT security. Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage," said Bob Laliberte, principal analyst, ESG. "Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases. The ability to defend against threats targeting critical care devices while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is quickly becoming a necessity for the protection of patient data and lives," said Ed Lee, research director, IoT and Intelligent Edge Security, IDC. About Palo Alto Networks Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

Read More

Events