Secure your organization’s critical data and increase your bottom line through Vertex’s Managed Security Operations Centre (SOC) Services

June 6, 2022 | 228 views

Secure your organization’s critical data and increase
Over the last two years, cybersecurity has seen a tectonic upheaval as digital transformation efforts have been accelerated, the workforce has become more diverse, and threats have continued to evolve. Security teams are under looming pressure to neutralize more threats with the same number of resources as firms across industries face new cybersecurity concerns.

Many security teams are stretched too thin to identify genuine threats quickly due to the never-ending deluge of warnings and vast volumes of log data to comb through daily. As a result, businesses must make updating their Security Operations Centers (SOC) a top priority.

Modernizing the SOC plan involves directing resources into boosting security maturity and cybersecurity, with the goal of lowering the organization’s total risk. The best plan must be scalable enough to handle the changing and broad spectrum of security risks while also being adapted to the company’s specific requirements. As a consequence, threat detection and response across the whole environment has improved, as has visibility and team silos.

Although each company’s route to SOC transformation is unique, there are a few critical aspects that all businesses should keep in mind when getting started. Let us look at a few of those in detail.

Aligning Security Measures with Business Objectives.

Beginning the process by aligning security priorities with corporate objectives. This stage is critical because it stops businesses from simply relying on technology. Budget, industry-specific rules and reporting requirements, and the company’s general risk tolerance are all factors to consider while developing these objectives.

Considering this isn’t a one-and-done procedure, the Chief Information Security Officer (CISO) must maintain direct contact with the CEO and other top management officials to guarantee ongoing alignment. CISOs must be realistic about the biggest possible dangers to the firm when engaging with leadership about what is needed for SOC modernization and why, without resorting to negative tactics like spreading fear of threats.

Team Vertex can help you align your corporate objectives with necessary security measures required to setup an SOC so your firm is prepared in the event of a cyber threat.

Establishing a Security Readiness Standard

Following the establishment of essential business goals with executive participation, the next stage in improving the overall security measure is to examine the SOC’s strengths and weaknesses. Security operations should be viewed as a crucial business function by companies. The operational efficacy of the SOC must be measured, just like any other critical business component, by examining which key performance indicators (KPIs) and service-level agreements (SLAs) are being satisfied.

This standard offers a clear image of the most critical use cases as well as any gaps in the cybersecurity strategy that need to be addressed. It might be difficult to figure out how to make this list at first. However, security teams will have a clearer view of where opportunities to develop their operations exist if they measure against metrics like mean time to detect (MTTD) and mean time to respond (MTTR) to cyber-attacks.

Team Vertex’s proficient team of analysts can help you analyze and identify the potential gaps in the system and examine the above-mentioned KPIs and SLAs.

Incorporating a Cybersecurity Framework

Now it is time to map an operating framework to connect your strategy with particular tactics, techniques, and procedures after you have clearly determined the most important gaps and set timescales and personnel needs. By employing these constantly developing libraries of threat actor tactics, security teams may pinpoint the business’s largest possible threats and assess their protection priorities carefully.

Another paradigm to consider is zero trust. Rather than focusing on the corporate perimeter, it stresses an identity-centric paradigm that focuses on safeguarding resources (such as data, identities, and services) regardless of where they are located.

Strengthen your defense by beefing up your SOC.

The SOC is at the heart of a company’s offensive and defensive strategies against possible attackers. Organizations that do not have the capability to allocate a function or form an in-house team to handle SOC must resort to third party outsourced solutions. Vertex can be that third-party SOC solutions provider by providing an outsourced security operations center, or managed SOC.

This permits your security logs to be aggregated into a separate location where our experienced team can examine them and identify the activities necessary to maintain your organization’s security infrastructure and remediate any incidents. Penetration testing, gap analysis, and better compliance are also available. Although no single solution can cure all your security issues, having all of the necessary components in place will help your firm weather the next digital storm, regardless of its source.

Spotlight

Infolob Solutions, Inc

Infolob Solutions is a leader in consulting, managed IT services, enterprise application software, IT staffing, and application portfolio management. An Oracle Platinum Partner, Cloud Standard Partner, and Texas HUB certified SBE/MBE, we are the subject matter experts in Oracle technologies and digital transformation, and currently employ 200+ ERP/BI/SOA/DBA/APPSDBA resources. Since being founded in March 2009, Infolob has experienced double digit growth and grown its client base by 200 percent.

OTHER ARTICLES
SOFTWARE SECURITY

Top 5 Tactics for Improving Cloud Security Hygiene for Businesses

Article | May 18, 2022

In the past couple of years, the world has gone through a rapid digital transformation, which has led to a deeper penetration of modern technologies such as cloud computing, artificial intelligence, data analytics, and others. As a result, smart businesses are shifting their digital resources to the cloud to benefit from features such as streamlined operations, centralized data storage, increased operational flexibility, and hassle-free data transition. As per a study conducted in 2022, nearly 94% of businesses around the world are using at least one cloud service. Every enterprise possesses large volumes of sensitive data, including financial statements, business designs, employees’ identity information, and others. As organizations worldwide migrate from on-premises working to a remote working model, more data is being stored in the cloud than ever before, making cloud security one of the most crucial aspects for businesses today. 5 Proven Tips to Strengthen Cloud Security Hygiene for Businesses With the advent of cloudification and the increasing use of cloud-based applications, the prevalence of cybercrime has increased significantly. For instance, in the wake of the COVID-19 outbreak, there has been a significant spike in cybercrime, with reports of a 600% increase in malicious emails. Furthermore, a report from the United Nations says that cybercrime will cost the world economy $10.5 trillion every year by 2025. Even though cloud networks, such as Google Cloud, Microsoft Azure, and Amazon Web Services, have their own data protection measures for securing the cloud services they provide, it does not mean that businesses utilizing these services should rely solely on their security measures and not consider adopting additional measures. So what are the tactics modern businesses should adopt to improve cloud security hygiene? Let’s see: Deploy Multi-Factor Authentication (MFA) When it comes to keeping hackers out of user accounts and protecting sensitive data and applications used to run a business online, the traditional username and password combination is often not enough. Leverage MFA to prevent hackers from accessing your cloud data and ensure only authorized personnel can log in to your cloud applications and critical data in your on- or off-premise environment. MFA is one of the most affordable yet highly effective controls to strengthen your business's cloud security. Manage Your User Access It is crucial for your business to ensure adequate permissions are in place to protect sensitive data stored on cloud platforms. Not all employees need access to certain applications and documents. To improve your cloud security and prevent unauthorized access, you need to establish access rights. This not only helps prevent unauthorized employees from accidentally editing sensitive company data but also protects your company from hackers who have stolen an employee's credentials. Monitor End User Activities Real-time analysis and monitoring of end-user activity can help you detect anomalies that depart from usual usage patterns, such as logging in from a previously unknown IP address or device. Identifying these out-of-the-ordinary events can stop hackers and allow you to rectify security before they cause mayhem. Create a Comprehensive Off-boarding Process After an employee leaves your firm, they should no longer have access to any company resources, including cloud storage, systems, data, customers, or intellectual property. Unfortunately, completing this vital security duty is sometimes put off until several days or weeks after an employee has left. Since every employee is likely to have access to a variety of cloud platforms and applications, a systemized deprovisioning procedure can assist you in ensuring that all access permissions for each departing employee are revoked and prevent information leaks. Provide Regular Anti-Phishing Training to Employees Hackers can acquire access to protected information by stealing employees' login credentials using social engineering techniques such as phishing, internet spoofing, and social media spying. As a result, cybersecurity has now become a collective responsibility, making comprehensive anti-phishing training necessary to educate your employees about these threats. As unscrupulous hackers frequently come up with new phishing scams by the day, regular anti-phishing training is essential for developing formidable cloud security. Bottom Line Cloud security hygiene no longer consists solely of strong passwords and security checks. Instead, it is a series of innovative procedures that organizations use nowadays to leverage cloud networks. With more businesses moving towards the cloud and cyberattacks on the rise, it is the responsibility of your organization to remain vigilant and protect itself from cyberattacks.

Read More
SOFTWARE SECURITY

A Look at Cryptographic Use Case Trends Around the World

Article | July 6, 2022

Securing data, assets, and transactions is ever critical especially now with increased innovation, customer demand, and the need to navigate a complex regulatory landscape — not to mention staying ahead of evolving cyber threats. As a result, organizations of all sizes and in every country around the world require implementing cryptography solutions to help secure everyday business. This includes managing and securing transactions, managing encryption keys, authenticating identities, providing message integrity, and encrypting data and applications. From the largest global banks and payment processors that process thousands of transactions a second to the micro merchants that are newly accepting payments, cryptography works behind the scenes to ensure payments are secure and sensitive information is protected. Whenever and wherever cryptography is at work, organizations turn to either hardware or cloud options (or a combination of both) to ensure data and transactions are secure and compliant. Common cryptographic themes across industries and across countries: 1. Cloud adoption is happening across the board with payment processing taking the lead 2. Smaller FinTechs are innovating big time 3. Companies are continually seeking help to meet regulations, especially when it comes to data localization Since writing Cryptographic Management Trends Around the Globe, I talked again with Futurex team members from our offices around the world, including Ruchin Kumar, vice president, South Asia; Mark Howland, senior business development, EMEA; and Santos Campa, vice president, LAC, for more cryptographic insights and perspectives, including drilling down on cryptographic use cases to see what’s similar and what’s unique across regions. Let’s take a look at each region: South Asia, EMEA, and LAC. South Asia: Payment Ecosystem Thriving in South Asia Ruchin Kumar emphasized that the payment ecosystem in South Asia, particularly India, is thriving — indicating that financial services are the largest consumers of hardware security modules (HSMs) and cryptography in the entire region. HSMs play an important role in South Asia, securing the root of trust, keeping the private keys secure, managing Public Key Infrastructures (PKIs), and managing digital signing for non-repudiation and message integrity. In fact, he said, India represents almost 95% of HSM use cases in all of South Asia. Payment systems and securing payments go hand-in-hand with the standards and regulations required for payments/financial services. These include regulations set by Unique Identification of India (UIDAI), National Payments Corporation of India (NPCI), Payments Council of India (PCI), Information Technology Act of India, 2000 and its amendments 2008/2011/2016. Kumar sees organizations use general purpose HSMs for digital signing for non-repudiation and message integrity and payment HSMs used for acquiring, switching, card issuance, green PIN, and other payment application security needs (these types of HSMs are required by regulations). What’s on the horizon? From Kumar’s perspective, organizations are doing a lot of testing and evaluation for cryptography inclusion in their infrastructure and many organizations are looking into tokenization for security and agility, especially with Internet of Things (IoT), blockchain, and AI emerging. Additionally, remote key loading is becoming more sought after because every device in the field these days — ATMs, point-of-sale devices, handheld devices — requires key exchange with centralized servers. Companies in South Asia See Cryptography-as-a-Service and Local Data Centers Critical for Data Residency and Localization Over the past two years, most organizations in South Asia have adopted the cloud on a large scale, including using the cloud as a resource to host their critical applications. Security has played a big role in this cloud migration, with organizations wanting to retain ownership and control of their encryption keys. As a result, many organizations have turned to Futurex’s VirtuCrypt cloud HSM and key management service for both security and meeting regulatory compliance. Futurex’s data centers in India West and India Central help to power cryptographic automation, speed, latency, and data residency and data localization. “Local data centers provide customers a lot of assurance in terms of data residency, data localization, and key localization, which earlier was a barrier to move to the cloud. Now that Futurex’s cryptography services are hosted within Indian geography, we have seen a big difference in organizations migrating to HSM-as-a-service,” says Kumar. India is well-known as a FinTech hub for start-ups and innovation, with many unicorns emerging, according to Kumar. Progressive companies look to service-based, OpEx models for their applications as well as for cryptography. OpEx models offer flexibility, money savings, and serve as a resource for those needing help with cryptographic management. EMEA: Cloud and Payments Dominate HSM Use in Europe, Middle East, and Africa Cloud adoption is also rapidly increasing in EMEA, with many organizations looking to HSM virtualization technology, especially for payment applications. According to Mark Howland, “Customers are asking, ‘can we cut down our use of hardware, our reliance on hardware, and have the payment applications that we are heavily invested in, spun up and spun down seasonally?” Howland notes that smaller companies and VC-backed companies are more nimble and lean toward innovation by implementing such things as cryptography-as-a-service to meet PCI regulations. The early adopters are those organizations in the finance and payment industry, as consumer demand and pandemic adjustments have led to innovative payment processing including mobile payments and SoftPOS. Like South Asia, smaller companies including those in financial software and services, see the value of OpEx-based HSM cloud services, such as Futurex’s VirtuCrypt. Organizations across EMEA are deploying HSMs for POS key management, PIN management, and virtualization. What’s ahead? Howland sees that many organizations are, again, moving to a service-based model, looking at application encryption, encrypting data at rest, and the overall protection of data in all industry sectors, not just traditional high-security finance customers. LAC: Trends in Cryptography Use in Latin America and the Caribbean What’s trending in LAC? According to Santos Campa, he is seeing a mixture of both on-premises cryptographic architecture and cloud payment demands. Several banks already have a huge investment in their hardware infrastructure — their own data centers, racks, servers, etc. However, at least 35% of customers are converting from these on-premises architectures to cloud HSMs. Many are opening new branches or are creating new FinTechs inside their organizations. “We’re seeing the majority of organizations moving to the cloud, or at least moving part of their operations to the cloud,” says Campa. “It's very important for many organizations to keep control and management of the key lifecycle.” Again, much like other parts of the world, the financial sector is the big mover and shaker in terms of cryptographic implementations, using cryptography for PIN validation, key management, and tokenization. According to Campa, the cloud continues to be very important and beneficial, especially the ability to integrate cloud payment HSMs with the public cloud including AWS, Azure, and Google. As organizations are adding new models, such as transaction processing models, a must-have is a secure, compliant cryptographic solution — compliant with PCI and local and regional regulations throughout Latin America — that will allow them to scale. A nice-to-have is an OpEx option to give flexibility and cost savings. Pandemic trends have paved the way to make cryptographic management more streamlined — such as visualization and remote key management — and not needing to physically go to the data center. “Organizations are looking to a cryptographic platform that is future-proofed, one that is going to provide the best quality of service and support in the market,” says Campa. All around the globe, organizations are looking to innovate payments and embrace the cloud, keeping security, agility, and cryptography top of mind.

Read More
SOFTWARE SECURITY

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | July 8, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | February 12, 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

Spotlight

Infolob Solutions, Inc

Infolob Solutions is a leader in consulting, managed IT services, enterprise application software, IT staffing, and application portfolio management. An Oracle Platinum Partner, Cloud Standard Partner, and Texas HUB certified SBE/MBE, we are the subject matter experts in Oracle technologies and digital transformation, and currently employ 200+ ERP/BI/SOA/DBA/APPSDBA resources. Since being founded in March 2009, Infolob has experienced double digit growth and grown its client base by 200 percent.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Netskope Further Improves Risk Visibility on AWS, Strengthening Customers' Security Posture

Netskope | December 01, 2022

Netskope, a global leader in secure access service edge (SASE), is announcing new support of Amazon Web Services (AWS) to further improve visibility of risks and threats on AWS services, resulting in even stronger security postures for customers. Through this work, Netskope will support the launch of AWS Verified Access and Amazon Security Lake to drive innovation for enterprises running on AWS. As the cybersecurity landscape becomes more complex and multifaceted, organizations want to confidently know their data, employees, and resources are safe from potential attacks. Netskope has helped thousands of customers, including more than 25 of the Fortune 100, improve their security posture through integrated zero trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), cloud security posture management (CSPM), storage scanning with data loss prevention (DLP), cloud firewall, Borderless WAN, and more. By meeting the rigorous standards of supporting the launch of AWS Verified Access and Amazon Security Lake, Netskope and customers can have greater confidence in the company's deep technical expertise on AWS and its proven track record in securing even the most complex cloud journeys. "As organizations search for seamless support and unification of their cloud security services, our work with AWS will help customers achieve even better visibility and protection in a cloud-first, hybrid work environment. "Hybrid work today happens in the office, at home, or on the go, and with this new support of Amazon Security Lake and AWS Verified Access, we'll help customers navigate their cloud security journey by securing data from anywhere, on any device." Andy Horwitz, Vice President, Business Development and Technology Alliances at Netskope Netskope will support Amazon Security Lake and AWS Verified Access by providing visibility and real-time data and threat protection when accessing cloud services, applications, and data. Customers can expect broader and more granular data sharing to expose cloud threats and security gaps, better alert prioritization so security teams can remediate the highest threats first, and a stronger security posture with faster remediation strategies in place. "Netskope and AWS continue to help organizations with security capabilities they need to protect their users and data everywhere," said Chris Grusz, Director, ISV Partner and AWS Marketplace Business Development. "Netskope is a trusted security provider for many cloud-first organizations, and the expanded relationship with AWS will allow customers to better realize the full value of their AWS Security investments." About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Absolute Software Unveils New Product Innovations for Resilient Zero Trust

Absolute | December 01, 2022

Absolute Software™ , the only provider of self-healing, intelligent security solutions, today announced new product innovations, empowering customers with deeper visibility and intelligence, expanded software integrations, and a refreshed user experience through its latest updates to Absolute Secure Endpoint and Absolute Secure Access. These product releases continue the company’s investment in bringing together the combined power of Absolute Secure Endpoint and Absolute Secure Access with our unique, firmware-embedded self-healing capability, enabling customers to achieve truly resilient Zero Trust environments and deliver an optimal user experience. This announcement builds on the launch of Absolute ZTNA – the industry’s first self-healing Zero Trust Network Access (ZTNA) solution – and Absolute Insights™ for Endpoints and Network, providing unparalleled intelligence into device, application, and network performance. Embedded in more than 600 million devices, Absolute is the only intelligent security solutions provider capable of delivering visibility, control, and resiliency across endpoints, applications, and network connections. The Absolute Platform enables IT and security teams to ensure their endpoints remain compliant and mission-critical applications remain operational, and empowers them to transition from traditional VPNs to a resilient Zero Trust approach without hindering security or user productivity. A recent 451 Research report validates Absolute’s differentiated platform approach and capabilities, saying: Too often, organizations don’t fully consider the resilience of the deployed zero-trust environment, and network access and device security are handled independently. It’s a situation that complicates security operations and one that can impact employee productivity. “Our common platform addresses a wide range of market needs, as we have the unique ability to apply self-healing capabilities to devices, applications, and network access. “Organizations are acknowledging that they need resilience-focused Zero Trust approaches, capable of integrating endpoint and access assessments at every step. By providing the critical components needed to achieve that resiliency - deep visibility, intelligence, and firmware-embedded Persistence - we are enabling them to not only protect devices, data, and users but also ensure critical controls are operating at maximum efficacy.” John Herrema, EVP of Products and Strategy at Absolute New capabilities available to Absolute Secure Endpoint customers in the latest product release include: Public API Expansion: The latest Absolute Secure Endpoint release adds new Public APIs to our existing library, allowing customers and partners to integrate our device actions into their existing workflows - significantly improving the efficiency of their existing workflows and enhancing automation capabilities. Absolute Connector for ServiceNow™: The Absolute Connector for ServiceNow enables joint customers to access Absolute’s comprehensive asset intelligence and single source of truth within their ServiceNow platform environment – enabling them to efficiently respond to service requests, supplement their ServiceNow workflows, and rapidly demonstrate compliance. Expanded Application Resilience™ Catalog: The Absolute Application Resilience catalog now includes support for more than 60 critical security applications that IT and security administrators can self-heal across their endpoints. Recent additions include WinMagic® MagicEndpoint™, Dell™ Trusted Device, Deep Instinct™, Norton 360™, OPSWAT™, UNOWHY™, Aranda Software™, and Pixart® MDM. The company also announced upcoming server and client enhancements to Absolute Secure Access, including: New Look and Feel: The names, status icons, fonts, and colors have been updated to reflect new product names and refreshed corporate brand; the core functionality and upgrade experience remain smooth and easy. SaaS Enhancements: The SaaS offering adds native NAT capabilities and enhanced alerting. Enhanced 5G Telemetry and Detection: Insights for Network dashboards that display cellular coverage, signal quality, and usage now include the 5G mid-band spectrum, and reflect improved 5G sensitivity. Deeper Visibility: The Secure Access/webService API has been enhanced, offering programmatic access to key pool performance metrics, including status information for our Active/Active server infrastructure. Faster NAC Checks: NAC capabilities are optimized, significantly reducing the time it takes for the VPN to connect and begin tunneling traffic. Android Client Enhancements: Collecting network telemetry on Android devices can now be done with the screen off to improve battery life, ensuring that administrators have actionable device and network information even if a device is in sleep mode. The Android cryptographic libraries providing FIPS 140-2 cryptography are also updated. The features included in the latest Absolute Secure Endpoint release are available now. For additional details, including which are available to Control, Visibility, or Resilience tier customers, visit here. The company expects to make Absolute Secure Access updates available to customers in January 2023. About Absolute Software Absolute Software is the only provider of self-healing, intelligent security solutions. Embedded in more than 600 million devices, Absolute is the only platform offering a permanent digital connection that intelligently and dynamically applies visibility, control and self-healing capabilities to endpoints, applications, and network connections - helping customers to strengthen cyber resilience against the escalating threat of ransomware and malicious attacks. Trusted by 18,000 customers, G2 recognized Absolute as a leader for the eleventh consecutive quarter in the Fall 2022 Grid® Report for Endpoint Management and as a high performer in the Grid Report for Zero Trust Networking.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Veza Announces Open Authorization API to Extend Identity-First Security Across the Enterprise Data Landscape

Veza | December 02, 2022

Veza today announced that its Open Authorization API (OAA) is now public on GitHub for community collaboration, extending the reach of identity-first security across the enterprise. Developers can now create and share connectors to extend the Veza Authorization Graph to all sensitive data, wherever it lives, including cloud providers, SaaS apps, and custom-built internal apps, accelerating their company’s path to zero trust security. Security professionals espouse the principle of ‘Least Privilege’ to secure enterprise data, but the rush to a multi-cloud, multi-app environment has exploded the complexity and layers of interconnection for which access must be understood, monitored, and constantly remediated to achieve and maintain least privilege. Recent attacks on Okta and Twilio demonstrate that companies are allowing overly-broad access to data via constructs of groups, roles, policies, and system specific permissions. Veza connects the dots of effective permissions across cloud providers, SaaS apps and identity platforms, making it easy to visualize who can view or delete sensitive data. OAA allows organizations and the broader community to create their own integrations with Veza, extending visibility to any resource, including SaaS apps like GitLab and Jira as well as custom-built internal apps. “The vast majority of cybersecurity failures are rooted in issues with the gap that exists between identity, access to data, and permissions,” said Tarun Thakur, co-founder and CEO, Veza. “Since our founding, we have been committed to protecting our customers from threats like ransomware, privilege abuse, and data breaches. With Veza Open Authorization API, we are extending our identity-first security approach broadly in the market and arming organizations with the tools they need to remediate undesirable and unnecessary data access at a granular level, and meet the requirements of access governance for enterprise systems, both on-premises and in the cloud." With Veza's Open Authorization API, customers can translate and visualize authorization metadata from any SaaS app, custom and in-house applications. Users can explore identity-to-data relationships through the Authorization Graph, monitor for least privilege misconfigurations and violations, and conduct comprehensive entitlement reviews for all of their sensitive data. “We specifically chose Veza because their Open Authorization API allowed us to connect to our custom internal applications. We follow the principle of least privilege, but with so many systems to review, we valued Veza’s unique ability to give us a comprehensive view quickly. They made it faster and easier for our team to review all permissions with confidence.” -Riaz Lakhani, CISO of Barracuda Networks. As an open-source project on GitHub, Veza’s Open Authorization API allows customers and partners to learn from, and build upon, each other’s work to create a control plane that reaches all data. By bringing OAA SDK and connectors available on GitHub Community, Veza empowers customers to ingest authorization metadata previously isolated in internal systems and SaaS applications. The OAA community has already created integrations for critical SaaS apps including GitHub, GitLab, Bitbucket, Jira, Zendesk, Slack, Coupa Software, Pagerduty, and Looker. These integrations are available now to all Veza customers. “Veza solves the problem of aligning identities to data,” said Craig Rosen, Chief Security & Trust Officer at ASAPP. “Veza’s Open Authorization Platform helped us extend that visibility to all the apps and data that matter most to us, like GitHub and Jira. Now it is easy for our security professionals to understand (and remediate) who has access to our important intellectual property.” About Veza Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to visualize, remediate, and control who can and should take what action on what data. We empower customers to take an identity-first approach to secure data by addressing critical business needs of streamlining identity and access governance, implementing data lake security, managing cloud entitlements, and modernizing privileged access. Our Authorization Graph connects identities to data across enterprise systems, enabling analysis, monitoring, and certification of end-to-end access. Global enterprises like Blackstone, ASAPP, Barracuda Networks, Choice Hotels, and a number of Fortune 500 and emerging organizations trust Veza to secure their enterprise data. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Netskope Further Improves Risk Visibility on AWS, Strengthening Customers' Security Posture

Netskope | December 01, 2022

Netskope, a global leader in secure access service edge (SASE), is announcing new support of Amazon Web Services (AWS) to further improve visibility of risks and threats on AWS services, resulting in even stronger security postures for customers. Through this work, Netskope will support the launch of AWS Verified Access and Amazon Security Lake to drive innovation for enterprises running on AWS. As the cybersecurity landscape becomes more complex and multifaceted, organizations want to confidently know their data, employees, and resources are safe from potential attacks. Netskope has helped thousands of customers, including more than 25 of the Fortune 100, improve their security posture through integrated zero trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), cloud security posture management (CSPM), storage scanning with data loss prevention (DLP), cloud firewall, Borderless WAN, and more. By meeting the rigorous standards of supporting the launch of AWS Verified Access and Amazon Security Lake, Netskope and customers can have greater confidence in the company's deep technical expertise on AWS and its proven track record in securing even the most complex cloud journeys. "As organizations search for seamless support and unification of their cloud security services, our work with AWS will help customers achieve even better visibility and protection in a cloud-first, hybrid work environment. "Hybrid work today happens in the office, at home, or on the go, and with this new support of Amazon Security Lake and AWS Verified Access, we'll help customers navigate their cloud security journey by securing data from anywhere, on any device." Andy Horwitz, Vice President, Business Development and Technology Alliances at Netskope Netskope will support Amazon Security Lake and AWS Verified Access by providing visibility and real-time data and threat protection when accessing cloud services, applications, and data. Customers can expect broader and more granular data sharing to expose cloud threats and security gaps, better alert prioritization so security teams can remediate the highest threats first, and a stronger security posture with faster remediation strategies in place. "Netskope and AWS continue to help organizations with security capabilities they need to protect their users and data everywhere," said Chris Grusz, Director, ISV Partner and AWS Marketplace Business Development. "Netskope is a trusted security provider for many cloud-first organizations, and the expanded relationship with AWS will allow customers to better realize the full value of their AWS Security investments." About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Absolute Software Unveils New Product Innovations for Resilient Zero Trust

Absolute | December 01, 2022

Absolute Software™ , the only provider of self-healing, intelligent security solutions, today announced new product innovations, empowering customers with deeper visibility and intelligence, expanded software integrations, and a refreshed user experience through its latest updates to Absolute Secure Endpoint and Absolute Secure Access. These product releases continue the company’s investment in bringing together the combined power of Absolute Secure Endpoint and Absolute Secure Access with our unique, firmware-embedded self-healing capability, enabling customers to achieve truly resilient Zero Trust environments and deliver an optimal user experience. This announcement builds on the launch of Absolute ZTNA – the industry’s first self-healing Zero Trust Network Access (ZTNA) solution – and Absolute Insights™ for Endpoints and Network, providing unparalleled intelligence into device, application, and network performance. Embedded in more than 600 million devices, Absolute is the only intelligent security solutions provider capable of delivering visibility, control, and resiliency across endpoints, applications, and network connections. The Absolute Platform enables IT and security teams to ensure their endpoints remain compliant and mission-critical applications remain operational, and empowers them to transition from traditional VPNs to a resilient Zero Trust approach without hindering security or user productivity. A recent 451 Research report validates Absolute’s differentiated platform approach and capabilities, saying: Too often, organizations don’t fully consider the resilience of the deployed zero-trust environment, and network access and device security are handled independently. It’s a situation that complicates security operations and one that can impact employee productivity. “Our common platform addresses a wide range of market needs, as we have the unique ability to apply self-healing capabilities to devices, applications, and network access. “Organizations are acknowledging that they need resilience-focused Zero Trust approaches, capable of integrating endpoint and access assessments at every step. By providing the critical components needed to achieve that resiliency - deep visibility, intelligence, and firmware-embedded Persistence - we are enabling them to not only protect devices, data, and users but also ensure critical controls are operating at maximum efficacy.” John Herrema, EVP of Products and Strategy at Absolute New capabilities available to Absolute Secure Endpoint customers in the latest product release include: Public API Expansion: The latest Absolute Secure Endpoint release adds new Public APIs to our existing library, allowing customers and partners to integrate our device actions into their existing workflows - significantly improving the efficiency of their existing workflows and enhancing automation capabilities. Absolute Connector for ServiceNow™: The Absolute Connector for ServiceNow enables joint customers to access Absolute’s comprehensive asset intelligence and single source of truth within their ServiceNow platform environment – enabling them to efficiently respond to service requests, supplement their ServiceNow workflows, and rapidly demonstrate compliance. Expanded Application Resilience™ Catalog: The Absolute Application Resilience catalog now includes support for more than 60 critical security applications that IT and security administrators can self-heal across their endpoints. Recent additions include WinMagic® MagicEndpoint™, Dell™ Trusted Device, Deep Instinct™, Norton 360™, OPSWAT™, UNOWHY™, Aranda Software™, and Pixart® MDM. The company also announced upcoming server and client enhancements to Absolute Secure Access, including: New Look and Feel: The names, status icons, fonts, and colors have been updated to reflect new product names and refreshed corporate brand; the core functionality and upgrade experience remain smooth and easy. SaaS Enhancements: The SaaS offering adds native NAT capabilities and enhanced alerting. Enhanced 5G Telemetry and Detection: Insights for Network dashboards that display cellular coverage, signal quality, and usage now include the 5G mid-band spectrum, and reflect improved 5G sensitivity. Deeper Visibility: The Secure Access/webService API has been enhanced, offering programmatic access to key pool performance metrics, including status information for our Active/Active server infrastructure. Faster NAC Checks: NAC capabilities are optimized, significantly reducing the time it takes for the VPN to connect and begin tunneling traffic. Android Client Enhancements: Collecting network telemetry on Android devices can now be done with the screen off to improve battery life, ensuring that administrators have actionable device and network information even if a device is in sleep mode. The Android cryptographic libraries providing FIPS 140-2 cryptography are also updated. The features included in the latest Absolute Secure Endpoint release are available now. For additional details, including which are available to Control, Visibility, or Resilience tier customers, visit here. The company expects to make Absolute Secure Access updates available to customers in January 2023. About Absolute Software Absolute Software is the only provider of self-healing, intelligent security solutions. Embedded in more than 600 million devices, Absolute is the only platform offering a permanent digital connection that intelligently and dynamically applies visibility, control and self-healing capabilities to endpoints, applications, and network connections - helping customers to strengthen cyber resilience against the escalating threat of ransomware and malicious attacks. Trusted by 18,000 customers, G2 recognized Absolute as a leader for the eleventh consecutive quarter in the Fall 2022 Grid® Report for Endpoint Management and as a high performer in the Grid Report for Zero Trust Networking.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Veza Announces Open Authorization API to Extend Identity-First Security Across the Enterprise Data Landscape

Veza | December 02, 2022

Veza today announced that its Open Authorization API (OAA) is now public on GitHub for community collaboration, extending the reach of identity-first security across the enterprise. Developers can now create and share connectors to extend the Veza Authorization Graph to all sensitive data, wherever it lives, including cloud providers, SaaS apps, and custom-built internal apps, accelerating their company’s path to zero trust security. Security professionals espouse the principle of ‘Least Privilege’ to secure enterprise data, but the rush to a multi-cloud, multi-app environment has exploded the complexity and layers of interconnection for which access must be understood, monitored, and constantly remediated to achieve and maintain least privilege. Recent attacks on Okta and Twilio demonstrate that companies are allowing overly-broad access to data via constructs of groups, roles, policies, and system specific permissions. Veza connects the dots of effective permissions across cloud providers, SaaS apps and identity platforms, making it easy to visualize who can view or delete sensitive data. OAA allows organizations and the broader community to create their own integrations with Veza, extending visibility to any resource, including SaaS apps like GitLab and Jira as well as custom-built internal apps. “The vast majority of cybersecurity failures are rooted in issues with the gap that exists between identity, access to data, and permissions,” said Tarun Thakur, co-founder and CEO, Veza. “Since our founding, we have been committed to protecting our customers from threats like ransomware, privilege abuse, and data breaches. With Veza Open Authorization API, we are extending our identity-first security approach broadly in the market and arming organizations with the tools they need to remediate undesirable and unnecessary data access at a granular level, and meet the requirements of access governance for enterprise systems, both on-premises and in the cloud." With Veza's Open Authorization API, customers can translate and visualize authorization metadata from any SaaS app, custom and in-house applications. Users can explore identity-to-data relationships through the Authorization Graph, monitor for least privilege misconfigurations and violations, and conduct comprehensive entitlement reviews for all of their sensitive data. “We specifically chose Veza because their Open Authorization API allowed us to connect to our custom internal applications. We follow the principle of least privilege, but with so many systems to review, we valued Veza’s unique ability to give us a comprehensive view quickly. They made it faster and easier for our team to review all permissions with confidence.” -Riaz Lakhani, CISO of Barracuda Networks. As an open-source project on GitHub, Veza’s Open Authorization API allows customers and partners to learn from, and build upon, each other’s work to create a control plane that reaches all data. By bringing OAA SDK and connectors available on GitHub Community, Veza empowers customers to ingest authorization metadata previously isolated in internal systems and SaaS applications. The OAA community has already created integrations for critical SaaS apps including GitHub, GitLab, Bitbucket, Jira, Zendesk, Slack, Coupa Software, Pagerduty, and Looker. These integrations are available now to all Veza customers. “Veza solves the problem of aligning identities to data,” said Craig Rosen, Chief Security & Trust Officer at ASAPP. “Veza’s Open Authorization Platform helped us extend that visibility to all the apps and data that matter most to us, like GitHub and Jira. Now it is easy for our security professionals to understand (and remediate) who has access to our important intellectual property.” About Veza Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to visualize, remediate, and control who can and should take what action on what data. We empower customers to take an identity-first approach to secure data by addressing critical business needs of streamlining identity and access governance, implementing data lake security, managing cloud entitlements, and modernizing privileged access. Our Authorization Graph connects identities to data across enterprise systems, enabling analysis, monitoring, and certification of end-to-end access. Global enterprises like Blackstone, ASAPP, Barracuda Networks, Choice Hotels, and a number of Fortune 500 and emerging organizations trust Veza to secure their enterprise data. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures.

Read More

Events