The Reasons Why Cyberattack Surfaces Are Rising

The Reasons Why Cyberattack Surfaces Are Rising
Increased cyber assets result in growing attack surfaces. So much so that, according to a recent Gartner analysis, the number one security and risk management trend today is attack surface growth.

Businesses and security executives must update security policies and processes to prevent growing dangers when new technologies and cyber environments are adopted. Let's discuss the reasons for attack surface growth and how to rethink cyber asset protection in light of them.


Reasons Behind Attack Surface Expansion


The Multi-Cloud Trend Is Rapidly Expanding

Modern businesses are using the cloud to stay up with digital innovation and meet market expectations. For organizations in many locations, a single public cloud provider is no longer appropriate.

Choosing one that satisfies organizational demands is difficult. This simple problem-solution gave many organizations the multi-cloud trend.

Gartner found that 81% of respondents use two or more cloud services.

Multi-cloud is also used to maintain a vendor-agnostic approach and prevent vendor lock-in. To remain ahead of the competition, numerous vendors provide best-of-breed solutions. This is a huge benefit for multi-cloud adopters.


For Ever-Growing SaaS Toolchains, Visibility Is an Issue

More than 150 SaaS apps are used by companies with 1,000+ employees.

Modern businesses embrace more SaaS apps to speed up their workflows. However, as SaaS adoption expands, so do businesses' attack surfaces. The following are the key reasons for SaaS security:

  • Misconfigurations
  • The absence of robust identity and access management system
  • Inadequate disaster recovery planning
  • Problems with data retention
  • Breach of privacy and data security
  • Inability to satisfy regulatory compliance

To keep up with SaaS platforms, businesses must have scalable security and compliance policies.


CAASM Automates Security Gap Identification

According to Gartner, Cyber Asset Attack Surface Management (CAASM), Digital Risk Protection Services (DRPS), and External Attack Surface Management (EASM) will enable CISOs to safeguard environments against expanding attack surfaces.

CAASM will help security teams in particular to:

  • Gain insight over the cloud and SaaS cyber assets
  • Automatically fill security loopholes.
  • Accelerate incident reaction and clean-up


Closing Lines

As the attack surface rises, so does the amount of cybercrime that occurs. According to the FBI, cyberattacks have risen 400% since the pandemic began, making it essential to detect and minimize cyberthreats for business's health and future. To defend your company from rising dangers, you must detect gaps in time and adapt to the digital world. There are more targets for attackers to strike since organizational attack surfaces are constantly growing.

Spotlight

Evident.io

Evident.io is the leader in cloud infrastructure security for Amazon Web Services (AWS). The Evident Security Platform (ESP) is a cloud-native Security-as-a-Service solution that automates key cloud security processes and enables consistent enforcement of policy requirements across an organization's entire AWS cloud. ESP was designed specifically to help modern IT and DevOps teams automate and maintain security within the AWS shared responsibility model. ESP combines automated detection of vulnerabilities and security mis-configurations with guided remediation, audit capabilities, and compliance requirements. It provides a continuous global view of security risk, with the actionable intelligence needed to rapidly remediate and secure an organization's entire AWS Infrastructure. Evident.io is a privately held company based in Dublin, CA and backed by Bain Capital Ventures and True Ventures.

OTHER ARTICLES
Network Threat Detection, Platform Security, Software Security

The NIS2 cyber security rules are coming – are you ready?

Article | July 18, 2023

The EU NIS cyber security regulations are evolving for 2024 – and if you’re not currently aware of how they’ll apply to your organisation, now is the time to get up to speed with the likely requirements. Not only is the directive being tightened, but an extended range of healthcare and related organisations will be added to the list of ‘critical entities’ that must comply. These include certain medical device manufacturers, pharmaceutical companies, and organisations that carry out R&D. The Network and Information Systems (NIS) standards were set up in 2016 to protect essential services – such as water, energy, healthcare, transport and digital infrastructure – from online cyberattacks. The updated legislation, NIS2, will have stricter rules and reporting requirements, and higher penalties for non-compliance. They will apply to medium-sized and large businesses that operate within one or more EU countries. Those based only in the UK can’t sit back, however, as the original NIS regulations will still apply as part of British law. What’s more, a UK version of the rules is coming very soon, and it’s likely that the framework will closely resemble the EU’s. What will the requirements cover? There are a number of cyber risk management measures that all organisations that come under the scope of NIS2 will be required to put in place. For instance, they will need to conduct regular security assessments and risk analyses, adopt incident response and handling plans, and appoint a chief information security officer (CISO), among other obligations. The new directive will streamline and strengthen incident reporting requirements. Entities must notify regulators of any incident that has compromised data, or had a significant impact on the provision of their services, for instance by causing severe operational disruption or financial loss. Applying information system security policies and business continuity plans will form part of the obligations, as will conducting cyber security testing, and training for all staff. The use of multi-factor authentication (MFA) and encryption, where appropriate, will also be mandated. There is plenty of focus within the directive on the cornerstones of cyber security best practice – in particular the proper control of administrator-level account credentials, privileged access, and endpoints, all of which are prime targets for attackers. Under NIS2, organisations are being separated into ‘critical’ and ‘important’ entities. It’s important to determine which category yours will fall under, as requirements are different for each. The third party threat will also be addressed in NIS2 through the pulling in of managed service providers (MSPs) to the list of ‘critical entities’, with the aim of keeping digital supply chains secure. MSPs are often granted privileged access to clients’ corporate systems and networks, which creates security risks. What are the consequences of non-compliance? Organisations that come under the regulations’ purview will be subject to random checks, regular security audits, on-site inspections and off-site supervisions. For those found to be in breach, sanctions could include warnings, temporary suspension of certain activities, and temporary prohibition to exercise certain managerial functions. Financial penalties could be as high as 10 million Euros or 2% of an organisation’s global turnover – whichever is higher. What steps should healthcare organisations take now? Organisations should take action to establish whether the EU or UK NIS2 regulations will apply to them and what their responsibilities will be. Having identified any gaps in existing cyber security processes, policies and practices, they must determine what changes need making to address them. As a priority, they must review their incident response plans, and incident management and reporting procedures. It’s also a good idea to begin assessing the security posture of partners and third parties in the supply chain, and incorporating relevant security requirements into contracts. Given the framework’s focus on protecting privileged admin accounts, organisations should implement controls that will limit the number of staff members who hold these powerful credentials. Implementing privileged access management (PAM) will allow IT to control who is granted access to which systems, applications and services, for how long, and what they can do while they’re using them. Preparing for the introduction of the EU NIS2 regulations should be considered as more than just a compliance exercise. By meeting the strengthened requirements, healthcare organisations will be building a foundation of resilience that protects them, their customers, and the essential services they provide.

Read More
Data Security, Platform Security, Software Security

Leading the Pack: Top 15 Network Security Providers for Businesses

Article | March 29, 2023

Uncover the network security leaders at the forefront of fortifying digital space against an array of cyber threats. Discover solutions tailored to ensure business's online safety and continuity. In the expanding digital space, where cyberattacks and data breaches are a constant threat, businesses of all sizes must prioritize network security to preserve customer confidence, safeguard sensitive data, and ensure uninterrupted operations. With this, selecting the right network security provider has become an integral element of a company's cybersecurity strategy. As businesses continue to navigate the technological landscape, working with a dependable and holistic network security provider is an investment that pays off in terms of protecting assets, maintaining trust, and ensuring continuous operations. Here are some of the leading network security providers for businesses: 360 SOC, Inc. 360 SOC, Inc., a cybersecurity corporation headquartered in Scottsdale, Arizona, is a model of innovation and efficiency. Together with its sister company, HTG 360, Inc., the company has earned a commendable reputation for providing cutting-edge security solutions to marginalized business communities at competitive prices. With a team of experienced security consultants, visionary business leaders, and adept engineers, 360 SOC employs its distinctive 'Reverse DNA' methodology, which leverages a unique combination of business acumen and technological expertise. Praetorian Praetorian is at the forefront of offensive security services, providing enterprises with unwavering assistance in navigating the digital domain. Utilizing profound cybersecurity expertise, the company's skilled professionals provide the necessary knowledge to fortify defenses against persistent and sophisticated attacks. Its managed services provide full protection against an exhaustive range of attack vectors, including external, internal, cloud, web applications, secrets, phishing, and supply chain and vendor risks. With Praetorians as their vigilant guardian, Chief Information Security Officers (CISOs) of the world's prominent businesses are confident in their ability to propel digital expansion without hindrance. SecqureOne For the past 17 years, SecqureOne (SQ1), a prominent Silicon Valley-based cybersecurity and compliance solution provider, has graciously served global businesses. SQ1 has emerged as a trustworthy security partner for companies across various industries, including healthcare, pharmaceuticals, financial services, manufacturing, retail, hospitality, insurance, government, legal, technology, oil, and energy. Its platform, SQ1Shield, combines 24x7 vigilant monitoring led by skilled cybersecurity analysts, Managed Detection and Response (MDR) services for endpoints and networks, and proficiency in Security Orchestration and Automated Response mechanisms. NordLayer NordLayer stands as a leading provider of flexible and easily deployable cybersecurity solutions for businesses of all sizes and operational models, developed using NordVPN's excellence as a benchmark. The company's mission is to facilitate network security for businesses, enabling a streamlined approach to fortification. By enhancing internet security and modernizing network and resource access, NordLayer offers technological enhancements that align with the most stringent regulatory compliance requirements. Following the Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG) principles, NordLayer focuses on the security service edge within cybersecurity services. Silver Spring Networks Silver Spring Networks is a pivotal enabler of the Internet of Important Things, consistently promoting the dependable and secure interconnection of important entities. Municipalities, utilities, and corporations across five continents leverage the company's cost-effective and high-performance IoT network and data platform to improve operational efficiency, embrace sustainability and indicate cutting-edge offerings poised to improve countless lives. With a track record of delivering over 27.3 million devices, Silver Spring Networks offers a battle-tested, standards-driven, and military-grade secure foundation. Absolute Software Absolute Software emerges as the sole provider of intelligent, self-renewing security solutions. The company distinguishes itself as the only platform orchestrating an enduring digital linkage that proficiently and dynamically imparts visibility, control, and self-healing characteristics on endpoints, applications, and network connections. This fortification enables clients to strengthen their cyber resilience against the rising tide of ransomware and malicious attacks. Absolute's eminence is highlighted by its lasting recognition as a Leader in G2's Summer 2023 Grid Report for Endpoint Management - a prestigious honor earned for the fourteenth consecutive quarter - and as a Leader for the fourth successive quarter in the grid for Zero Trust Networking. ARIA Cybersecurity Solutions ARIA Cybersecurity Solutions is a leading firm that provides multifaceted solutions with dual functions: increasing the efficacy of businesses' existing security infrastructure and helping the deployment of extensive AI-driven Security Operations Center (SOC) capabilities within a unified framework. The company's solutions introduce novel methods for monitoring internal traffic, in addition to cautious analytics directed at security tools such as SIEMs or its ARIA ADR application, through novel approaches. This synergy significantly amplifies threat detection and proactively thwarts cyberattacks and data intrusions. Diverse industries rely on ARIA Cybersecurity Solutions services to strengthen their security posture, regardless of their operational context. ES Cyber Solutions Headquartered in Willowbrook, IL, ES Cyber Solutions (formerly ESPO Systems) is a renowned cybersecurity company offering a vast array of services and solutions carefully designed to address complex security requirements. The company is proud to represent six prominent cybersecurity vendors and their respective partner networks, with a primary focus on managed security services provisioning (MSSP) and professional services. With a history dating back to 2009, ES Cyber Solutions has a proven track record of providing remote and on-site professional services to over 8000 clients worldwide. Supported by cutting-edge technology, the skilled team assures rapid and effective deployment, enabling immediate value realization for esteemed clients. Skybox Security Skybox Security, headquartered in San Jose, California, stands out as an unrivaled organization that provides an all-encompassing view of hybrid and multi-cloud networks and facilitates an in-depth understanding of the attack surface. The company streamlines the process of identifying, prioritizing, and resolving vulnerabilities by providing businesses with holistic visibility, sharp analytics, and effective automation. This transformative strategy optimizes security policies, actions, and change processes across all enterprise networks and cloud environments. By adopting Skybox Security, businesses enable their security teams to transfer their attention to strategic business initiatives, ensuring secure business enablement on a vast scale. Nexum, Inc. Nexum, Inc., founded in 2002 in Chicago and headquartered in Hammond, Indiana, develops custom solutions to meet businesses' specific needs, ranging from identifying and preventing network threats, intrusions, and disruptions to ensuring frictionless alignment with business objectives. The company excels in multiple domains, including security engineering and architecture services, managed security services, and level 1 and level 2 support programs for prestigious brands. Its unwavering dedication to protecting digital landscapes exemplifies its commitment to a diverse clientele, spanning from multinational corporations to smaller, regional, and local organizations. NextRay AI Detection & Response Inc. NextRay AI Detection & Response Inc. stands as a pioneering AI-driven cybersecurity enterprise. Using cutting-edge technology, NextRay AI provides sophisticated and proactive solutions that are meticulously designed to empower clients to combat complex threats, zero-day vulnerabilities, and cloud-based assaults with unmatched efficacy. The company's extensive capabilities include enhanced network and threat visibility, Early Stage Detection and Response, Advanced Network Forensics, and robust AI and cyber security capabilities. This strategic combination of innovation and experience positions NextRay AI at the forefront of protecting digital terrains and enables businesses to navigate the ever-changing cybersecurity space confidently. ReasonLabs ReasonLabs has emerged as a pioneering force in cybersecurity, delivering Fortune 500-caliber cyber protection to countless home users worldwide. Powered by AI prowess, its cutting-edge antivirus engine analyzes billions of files across the globe, preventing cyberattacks in real time and around the clock. RAV Endpoint Protection, the company's primary endpoint security solution, constitutes a multi-layered defense strategy that effectively protects home users from the dangers of next-generation threats and serves as the centerpiece of its comprehensive suite. ReasonLabs is unwavering in its dedication to safeguarding digital domains, providing residential users with a line of defense comparable to the level of security employed by multinational corporations. Safari Micro Safari Micro, founded in 1997, has become a reputable value-added reseller specializing in IT hardware, software, and a plethora of services, including network infrastructure, cloud computing, storage, security, endpoint solutions, and managed services. The company serves a diverse clientele in the US, including businesses, state municipalities, educational institutions, and government agencies. Safari Micro's strategic powers reside in its ability to forge strong partnerships with manufacturers and distributors of varying sizes, allowing its sales and IT services professionals to deliver precise solutions precisely when needed. SBS CyberSecurity, LLC SBS CyberSecurity, LLC (SBS) is a reputable cybersecurity consulting and auditing firm of the highest caliber. Since its founding in 2004, SBS has assisted numerous organizations in establishing robust risk management programs and mitigating cybersecurity vulnerabilities effectively. The company is distinguished by its ability to provide customized, all-inclusive solutions, including cybersecurity risk management software, network security tools, consulting services, IT audits, and educational initiatives. Through its multifaceted approach, SBS CyberSecurity enables clients to make well-informed security decisions, instilling confidence in the security and integrity of their most vital data assets. Cynet Security Cynet Security is a pioneer and market leader in advanced threat detection and response. The company's devotion to simplifying security is demonstrated by its rapid deployment of an exhaustive platform that includes detection, prevention, and automated response to sophisticated threats, all while maintaining an exceptionally low rate of false positives. This method effectively reduces the time between detection and resolution, thereby minimizing the potential for damage to organizations. The company expands its offerings by providing consumers with access to a team of expert threat analysts and investigators 24 hours a day, seven days a week. Security Leaders: Transforming Network Security for Businesses As organizations rely increasingly on digital infrastructure to conduct operations, communicate sensitive information, and interact with customers, the surface area for potential cyber threats increases proportionally. This necessitates that businesses have extensive network security in order to place a crucial barrier between valuable assets and malicious actors, protecting against a spectrum of threats ranging from data breaches and ransomware attacks to phishing attempts. Since businesses navigate the complexities of the contemporary cyber frontier, these distinguished network security providers emerge as more than just protection mechanisms; they represent the sentinels of trust, dependability, and innovation. These industry-leading network security providers serve as an impregnable shield, allowing businesses to exploit the complete potential of technology without making any concessions.

Read More
Network Threat Detection, Platform Security, Software Security

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | June 28, 2023

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | February 12, 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

Spotlight

Evident.io

Evident.io is the leader in cloud infrastructure security for Amazon Web Services (AWS). The Evident Security Platform (ESP) is a cloud-native Security-as-a-Service solution that automates key cloud security processes and enables consistent enforcement of policy requirements across an organization's entire AWS cloud. ESP was designed specifically to help modern IT and DevOps teams automate and maintain security within the AWS shared responsibility model. ESP combines automated detection of vulnerabilities and security mis-configurations with guided remediation, audit capabilities, and compliance requirements. It provides a continuous global view of security risk, with the actionable intelligence needed to rapidly remediate and secure an organization's entire AWS Infrastructure. Evident.io is a privately held company based in Dublin, CA and backed by Bain Capital Ventures and True Ventures.

Related News

Software Security

SCYTHE Latest Version 4.1 Introduces Enhanced Deployment Flexibility and AI-Driven Productivity Boost

Business Wire | November 02, 2023

SCYTHE, a leading provider of cybersecurity solutions, announces the release of SCYTHE 4.1, the latest evolution in its cutting-edge cyber resilience offering. This release brings new and enhanced features to empower organizations in their continuous efforts to strengthen their cybersecurity posture. SaaS Offering for Unparalleled Flexibility SCYTHE 4.1 introduces its initial Software as a Service (SaaS) offering, providing organizations with newfound deployment flexibility. This SaaS option offers the same robust capabilities as the on-premises version, ensuring that teams can choose the deployment model that best suits their needs without pricing changes. SCYTHE's commitment to flexibility ensures that organizations can secure their infrastructure on their terms. Advanced Agent Support with Scheduling for Continuous Testing To unlock even greater control over security testing, SCYTHE 4.1 introduces advanced agent support with scheduling. This feature allows organizations to perform continuous testing by automating the deployment and execution of security assessments at specified intervals. With the power of scheduling, teams can proactively identify threats, assess controls, and evaluate their readiness to respond to cyber threats. SCYTHE empowers organizations to maintain the highest level of cyber resilience without manual intervention. Cloppy - Your AI-Powered Security Analyst In a significant leap forward, SCYTHE unveils the early access beta release of "Cloppy," its supervised machine learning (ML)-based AI analyst chatbot. Cloppy enhances team productivity, job satisfaction, and cybersecurity capabilities by delivering instant insights and recommendations. This AI-driven assistant will leverage private knowledge base instances, ensuring sensitive information stays secure. Cloppy is poised to become a trusted companion for security professionals, providing real-time guidance and augmenting their decision-making processes. As cyber threats continue to evolve, so must our approach to cybersecurity. SCYTHE 4.1 represents our commitment to innovation and empowering organizations to stay ahead of cyber adversaries, said Marc Brown, Head of Product at SCYTHE. With our SaaS offering, advanced agent support, and the introduction of Cloppy, we're equipping organizations with the tools they need to enhance their cyber resilience while simplifying offensive security. SCYTHE 4.1 Platform is now available for both new and existing customers. For more information on SCYTHE's comprehensive cyber resilience solutions, please visit https://scythe.io. About SCYTHE SCYTHE represents a paradigm shift in cybersecurity risk management, empowering organizations to Attack, Detect, and Respond efficiently. The SCYTHE platform enables collaboration between red, blue, and purple teams to build and emulate real-world adversarial campaigns. SCYTHE's innovative dual-deployment options and comprehensive features ensure a proactive cybersecurity approach. Headquartered in Arlington, VA, SCYTHE is privately funded by distinguished partners dedicated to shaping a more resilient cybersecurity landscape.

Read More

Software Security

Malwarebytes Announces Consumer Identity Theft Protection Solution to Defend Against Online Fraud and Theft

PR Newswire | October 27, 2023

Malwarebytes, a global leader in real-time cyber protection, today launched an essential new consumer solution, Identity Theft Protection. The new service helps individuals secure their digital identities and defend against identity and online threats. Malwarebytes Identity Theft Protection includes real-time identity monitoring and alerts, robust credit protection and reporting and live agent-supported identity recovery and resolution services – backed by up to a $2 million identity theft insurance policy. The new service, paired with Malwarebytes' award-winning antivirus and VPN software, helps prevent criminals from stealing or using personal information to drain financial accounts, hack or impersonate social media accounts, damage a user's reputation or other online and identity-based attacks. Today's digital life is complex and sometimes deceptive. According to new research from Malwarebytes, identity theft ranks as people's third biggest concern when it comes to online security, just behind fear of financial accounts and personal data being breached – both of which play into identity theft. Of those surveyed 64% agree that identity theft protection is important, but only 13% have it. Consumers are also increasingly fearful of new technology. Malwarebytes gives consumers protection they can trust, alerting them when we see their information has been stolen and providing live agent support to restore their identity and replace lost items. Even as we spend more and more of our lives online, we all know that the internet today can't be trusted, said Mark Beare, GM of Consumer Business Unit, Malwarebytes. Consumers need a tool that not only blocks threats like malware and phishing, but that also monitors and protects their digital identity, be that social media profiles, bank accounts or email. With Malwarebytes Identity Theft Protection, we provide a robust and exhaustive suite of services so individuals and families can rest easy knowing that we are actively working to keep them safe and protect their digital identity. Malwarebytes Identity Theft Protection is available globally through a variety of tiered offerings that provide protection via computers and mobile devices across multiple operating systems including Windows, macOS, Android and iOS. Key features include: Identity Monitoring & Alerts: Continuously scours a multitude of websites and data sources, including the Dark Web, to alert if personal information is being illegally traded or sold. Recommends actions to take to protect yourself. Credit Monitoring and Protection: Ongoing tracking of credit for critical changes, such as new accounts or inquiries and applications for new lines of credit. A credit freeze also can be activated*. Breach IQ: Provides a safety score and alerts if personal information is part of a known breach*. Identity Recovery & Resolution: Assistance in the event of an identity theft incident, including guided steps to report the crime, dispute fraudulent charges, restore identity and recuperate financial losses incurred. Includes up to a $2 million insurance policy. About Malwarebytes Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes' award-winning endpoint protection, privacy and threat prevention solutions along with a world-class team of threat researchers protect millions of individuals and thousands of businesses across the globe daily. Malwarebytes solutions are consistently recognized by independent tests including AVLAB and AV-TEST. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.

Read More

Software Security

SAIC Announces New Zero Trust Edge Capability

Business Wire | November 03, 2023

Science Applications International Corp. (NYSE: SAIC) today announced new, purpose-built Zero Trust security capabilities, which provide a solution to answer the Zero Trust pillars addressing data, identity, devices, networks, applications and workloads. The new Zero Trust security capabilities have been tested and validated on an AWS Snowball Edge and AWS Snow Family device with on-board storage and compute power for select Amazon Web Services (AWS) capabilities. AWS Snowball Edge can support local processing and edge-computing workloads in addition to transferring data between a user’s local environment and AWS. SAIC has brought together the best-in-class tools to deliver a mission-ready Zero Trust Edge capabilities that provides multi-level secure data processing and analytics and prioritizes data in a DDIL environment to transport back to the cloud, said Lauren Knausenberger, chief innovation officer at SAIC. This provides warfighters with a critical capability to extend their enterprise OCONUS, with the ability to run disconnected ops and rapidly adopt technologies and capabilities needed for mission success. This capability has the potential to be a critical enabler for Combined Joint All-Domain Command and Control (JADC2), with the ability to deploy at forward operating bases, on air platforms and at sea. Through the combined efforts of AWS; SAIC; Koverse, an SAIC company; Okta; CrowdStrike; Zscaler and Splunk, ready-to-install cybersecurity and Zero Trust technologies combine data and provide multi-level security from the edge through the enterprise. This capability meets the challenges of Wide Area Network (WAN) or no WAN connectivity by enabling offline compute capabilities and replicates mission-critical data after connectivity is restored. These components of software and hardware allow the capabilities to address the five pillars of the Zero Trust Maturity Model and therefore help increase cybersecurity posture at the edge. SAIC is an industry leader in cloud and cybersecurity, addressing Zero Trust security capabilities, including the latest capabilities which have been validated and tested on an AWS Snowball Edge device.

Read More

Software Security

SCYTHE Latest Version 4.1 Introduces Enhanced Deployment Flexibility and AI-Driven Productivity Boost

Business Wire | November 02, 2023

SCYTHE, a leading provider of cybersecurity solutions, announces the release of SCYTHE 4.1, the latest evolution in its cutting-edge cyber resilience offering. This release brings new and enhanced features to empower organizations in their continuous efforts to strengthen their cybersecurity posture. SaaS Offering for Unparalleled Flexibility SCYTHE 4.1 introduces its initial Software as a Service (SaaS) offering, providing organizations with newfound deployment flexibility. This SaaS option offers the same robust capabilities as the on-premises version, ensuring that teams can choose the deployment model that best suits their needs without pricing changes. SCYTHE's commitment to flexibility ensures that organizations can secure their infrastructure on their terms. Advanced Agent Support with Scheduling for Continuous Testing To unlock even greater control over security testing, SCYTHE 4.1 introduces advanced agent support with scheduling. This feature allows organizations to perform continuous testing by automating the deployment and execution of security assessments at specified intervals. With the power of scheduling, teams can proactively identify threats, assess controls, and evaluate their readiness to respond to cyber threats. SCYTHE empowers organizations to maintain the highest level of cyber resilience without manual intervention. Cloppy - Your AI-Powered Security Analyst In a significant leap forward, SCYTHE unveils the early access beta release of "Cloppy," its supervised machine learning (ML)-based AI analyst chatbot. Cloppy enhances team productivity, job satisfaction, and cybersecurity capabilities by delivering instant insights and recommendations. This AI-driven assistant will leverage private knowledge base instances, ensuring sensitive information stays secure. Cloppy is poised to become a trusted companion for security professionals, providing real-time guidance and augmenting their decision-making processes. As cyber threats continue to evolve, so must our approach to cybersecurity. SCYTHE 4.1 represents our commitment to innovation and empowering organizations to stay ahead of cyber adversaries, said Marc Brown, Head of Product at SCYTHE. With our SaaS offering, advanced agent support, and the introduction of Cloppy, we're equipping organizations with the tools they need to enhance their cyber resilience while simplifying offensive security. SCYTHE 4.1 Platform is now available for both new and existing customers. For more information on SCYTHE's comprehensive cyber resilience solutions, please visit https://scythe.io. About SCYTHE SCYTHE represents a paradigm shift in cybersecurity risk management, empowering organizations to Attack, Detect, and Respond efficiently. The SCYTHE platform enables collaboration between red, blue, and purple teams to build and emulate real-world adversarial campaigns. SCYTHE's innovative dual-deployment options and comprehensive features ensure a proactive cybersecurity approach. Headquartered in Arlington, VA, SCYTHE is privately funded by distinguished partners dedicated to shaping a more resilient cybersecurity landscape.

Read More

Software Security

Malwarebytes Announces Consumer Identity Theft Protection Solution to Defend Against Online Fraud and Theft

PR Newswire | October 27, 2023

Malwarebytes, a global leader in real-time cyber protection, today launched an essential new consumer solution, Identity Theft Protection. The new service helps individuals secure their digital identities and defend against identity and online threats. Malwarebytes Identity Theft Protection includes real-time identity monitoring and alerts, robust credit protection and reporting and live agent-supported identity recovery and resolution services – backed by up to a $2 million identity theft insurance policy. The new service, paired with Malwarebytes' award-winning antivirus and VPN software, helps prevent criminals from stealing or using personal information to drain financial accounts, hack or impersonate social media accounts, damage a user's reputation or other online and identity-based attacks. Today's digital life is complex and sometimes deceptive. According to new research from Malwarebytes, identity theft ranks as people's third biggest concern when it comes to online security, just behind fear of financial accounts and personal data being breached – both of which play into identity theft. Of those surveyed 64% agree that identity theft protection is important, but only 13% have it. Consumers are also increasingly fearful of new technology. Malwarebytes gives consumers protection they can trust, alerting them when we see their information has been stolen and providing live agent support to restore their identity and replace lost items. Even as we spend more and more of our lives online, we all know that the internet today can't be trusted, said Mark Beare, GM of Consumer Business Unit, Malwarebytes. Consumers need a tool that not only blocks threats like malware and phishing, but that also monitors and protects their digital identity, be that social media profiles, bank accounts or email. With Malwarebytes Identity Theft Protection, we provide a robust and exhaustive suite of services so individuals and families can rest easy knowing that we are actively working to keep them safe and protect their digital identity. Malwarebytes Identity Theft Protection is available globally through a variety of tiered offerings that provide protection via computers and mobile devices across multiple operating systems including Windows, macOS, Android and iOS. Key features include: Identity Monitoring & Alerts: Continuously scours a multitude of websites and data sources, including the Dark Web, to alert if personal information is being illegally traded or sold. Recommends actions to take to protect yourself. Credit Monitoring and Protection: Ongoing tracking of credit for critical changes, such as new accounts or inquiries and applications for new lines of credit. A credit freeze also can be activated*. Breach IQ: Provides a safety score and alerts if personal information is part of a known breach*. Identity Recovery & Resolution: Assistance in the event of an identity theft incident, including guided steps to report the crime, dispute fraudulent charges, restore identity and recuperate financial losses incurred. Includes up to a $2 million insurance policy. About Malwarebytes Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes' award-winning endpoint protection, privacy and threat prevention solutions along with a world-class team of threat researchers protect millions of individuals and thousands of businesses across the globe daily. Malwarebytes solutions are consistently recognized by independent tests including AVLAB and AV-TEST. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.

Read More

Software Security

SAIC Announces New Zero Trust Edge Capability

Business Wire | November 03, 2023

Science Applications International Corp. (NYSE: SAIC) today announced new, purpose-built Zero Trust security capabilities, which provide a solution to answer the Zero Trust pillars addressing data, identity, devices, networks, applications and workloads. The new Zero Trust security capabilities have been tested and validated on an AWS Snowball Edge and AWS Snow Family device with on-board storage and compute power for select Amazon Web Services (AWS) capabilities. AWS Snowball Edge can support local processing and edge-computing workloads in addition to transferring data between a user’s local environment and AWS. SAIC has brought together the best-in-class tools to deliver a mission-ready Zero Trust Edge capabilities that provides multi-level secure data processing and analytics and prioritizes data in a DDIL environment to transport back to the cloud, said Lauren Knausenberger, chief innovation officer at SAIC. This provides warfighters with a critical capability to extend their enterprise OCONUS, with the ability to run disconnected ops and rapidly adopt technologies and capabilities needed for mission success. This capability has the potential to be a critical enabler for Combined Joint All-Domain Command and Control (JADC2), with the ability to deploy at forward operating bases, on air platforms and at sea. Through the combined efforts of AWS; SAIC; Koverse, an SAIC company; Okta; CrowdStrike; Zscaler and Splunk, ready-to-install cybersecurity and Zero Trust technologies combine data and provide multi-level security from the edge through the enterprise. This capability meets the challenges of Wide Area Network (WAN) or no WAN connectivity by enabling offline compute capabilities and replicates mission-critical data after connectivity is restored. These components of software and hardware allow the capabilities to address the five pillars of the Zero Trust Maturity Model and therefore help increase cybersecurity posture at the edge. SAIC is an industry leader in cloud and cybersecurity, addressing Zero Trust security capabilities, including the latest capabilities which have been validated and tested on an AWS Snowball Edge device.

Read More

Events