SOFTWARE SECURITY

Absolute Software Reveals Resilient Zero Trust Security Advances

Absolute Software | April 11, 2022

Absolute Software
Absolute Software, a leading provider of self-healing endpoint and secure access solutions, today announced enhancements to its Secure Access product portfolio (formerly NetMotion by Absolute), allowing customers to reduce risk and improve UX in today's borderless, and work-from-anywhere environments. Absolute is introducing a number of new product improvements with this version, including self-healing Zero Trust Network Access (ZTNA), a resilient deployment architecture, and increased network and ZTNA policy intelligence.

Absolute was recently named a Representative Vendor in Gartner's Zero Trust Network Access Market Guide for February 2022. Among the important findings in the report, Gartner states, “An increased focus by end-user organizations on zero trust strategies — and a desire to provide a more secure, flexible hybrid workforce connectivity — is driving increased interest in the ZTNA market.”

Joe Savarese, EVP of Secure Access Products at Absolute said that “This release is an important milestone in our mission to be the leading ZTNA solution for the perimeter-less workplace, differentiated by resilience and reliability. The results from our customer beta test – our largest and most successful to date – validate that these new capabilities meet urgent and significant customer needs. As seamless secure access has become imperative for the perimeter-less workplace, administrators need easy-to-implement ZTNA solutions that deliver both maximum security and an optimal user experience.”

IT and security professionals can now secure essential infrastructure, apps, devices, and data without sacrificing user productivity thanks to these product upgrades. The following are some of the advantages:

  • Truly resilient ZTNA:
Absolute's self-healing ZTNA client for Windows is capable of autonomously repairing or reinstalling itself if tampered with, unintentionally deleted, or otherwise ceased operating – guaranteeing that it stays healthy and provides the full intended value.

  • Resilient deployment architecture:
Absolute has introduced Resilience to its distributed network architecture utilizing active-active server technology, bringing the advantages of Software-as-a-Service (SaaS) to customer-managed settings, such as high availability, horizontal scale-out, and zero downtime updates. This ground-breaking solution allows individual system components to self-heal in the case of a breakdown and assures that other servers may take over if necessary, preventing interruption or denial-of-service to end users without the need for administrator involvement.

  • Dynamic re-authentication and secure access enforcement:
Customers may now more easily implement current cloud authentication solutions to reduce the risk exposure associated with compromised credentials via dynamic re-authentication and secure access enforcement. Enhancements include the ability to challenge a user's security credentials if circumstances or the environment change and compel them to re-authenticate using an existing mechanism, such as Multi-factor Authentication (MFA).

  • Foundational zero trust security:
New ZTNA policy actions improve the basis of zero trust security posture, boosting the capacity to safeguard workers from accessing harmful apps and network locations and restricting lateral movement.

  • Expanded diagnostics and monitoring capabilities:
Enhanced diagnoses and monitoring capabilities: With the introduction of Absolute Insights for Network, the firm has expanded its current diagnostics and monitoring capabilities (formerly NetMotion Mobile IQ). This includes ARM device support for MacOS and Windows, as well as improved intelligence for 5G networks (e.g., signal quality, network availability, network coverage, and network usage) and ZTNA policy enforcement (e.g., policy-blocked hosts/websites, addresses/ports, and web reputation) to reduce phishing, smishing, and other malicious activity.

Spotlight

The Deep and Dark Web (DDW) can be scary. A place where criminals can interact and buy and sell identities, passwords, source codes, malware, and even weapons, the DDW can pose serious risks for financial institutions. By gathering intelligence from the DDW, companies can pro-actively identify risks facing their operations and customers before they cause damage to the business. Reputation Risks and Public Embarrassment An often-ignored risk from an attack is the damage that can be done to a financial institution's brand. Bad press regarding an event can cause clients to take their business elsewhere.

Spotlight

The Deep and Dark Web (DDW) can be scary. A place where criminals can interact and buy and sell identities, passwords, source codes, malware, and even weapons, the DDW can pose serious risks for financial institutions. By gathering intelligence from the DDW, companies can pro-actively identify risks facing their operations and customers before they cause damage to the business. Reputation Risks and Public Embarrassment An often-ignored risk from an attack is the damage that can be done to a financial institution's brand. Bad press regarding an event can cause clients to take their business elsewhere.

Related News

NETWORK THREAT DETECTION

JMP Securities Recognizes Contrast Security as an Elite 80 Cybersecurity Company

Contrast Security | June 20, 2022

Contrast Security announced that it has been recognized for the fourth year to the JMP Securities Elite 80, a list of the hottest, most fascinating, most strategically positioned privately-owned cybersecurity and IT infrastructure firms. The eighth annual JMP Securities Elite 80 study includes not just technological industry leaders but also the future giants of the cybersecurity and IT infrastructure industries. Contrast was recognized as an Elite 80 company for its Contrast Secure Code Platform, accelerating innovation speed. It moves secure code across the application development pipeline and constantly safeguards applications throughout the entire software lifecycle. As a result, Contrast is relied upon by many of the world's foremost corporate and public companies to secure their apps in development and extend protection to the cloud and on-premises applications in production. "Being named a JMP Elite 80 company for the fourth consecutive year is validation that our technology is very unique and in high demand. Our platform provides actionable findings that developers can use to find code vulnerabilities, remediate them quickly and then ship business critical software that is safe from ongoing cyber attacks." Alan Naumann, Chief Executive Officer at Contrast Security The JMP Elite 80 report states, "One clear data point validating our thesis that now is the time for new vendors to emerge is the funding environment, as venture capital and private equity investors dramatically stepped up their investing in 2021. More specifically, the companies in our Elite 80 report raised almost $7 billion in 2021, whereas the Elite 80 raised $3 billion in 2020, which was the prior record. Those vendors that are astute enough to recognize the opportunity at hand and that can capitalize on differentiated technologies not only position themselves to survive the pandemic but are in position to become dominant market leaders." It is time to cease distributing software with significant security flaws. The Contrast Protect Code Platform provides 10x quicker scan times, 3x more accurate results, and 45x faster defect resolution, enabling developers to secure their code as they write it.

Read More

SOFTWARE SECURITY

Palo Alto Networks Unit 42 Helps Customers Better Address Cybersecurity Threats Through New Managed Detection and Response Service

Palo Alto Networks | August 05, 2022

The need for managed detection and response (MDR) is soaring as attack surfaces grow, cloud usage skyrockets and the cybersecurity skills gap widens. Palo Alto Networks, the global cybersecurity leader, today introduced Unit 42 Managed Detection and Response (Unit 42 MDR) to address this need with a new service that can offer continuous 24/7 threat detection, investigation and response. This offering brings together Palo Alto Networks acclaimed Cortex XDR with Unit 42's industry-leading threat intelligence, which includes insights from incident response cases. Because Unit 42 MDR is built on Cortex XDR, it is optimized to not just prioritize alerts but also to massively reduce the number of alerts customers receive. This helps customers detect more suspicious activity than they would have otherwise. "As cyberattacks continue to rise, many organizations are being asked to handle advanced threats with limited resources and without the right expertise. This will not lead to good results. "Palo Alto Networks Unit 42 brings a unique combination of innovative cybersecurity technologies and a world-class threat intelligence team which allows us to provide customers with rapid detection and response to critical cyberthreats." Wendi Whitmore, senior vice president, Palo Alto Networks Unit 42 The new Unit 42 MDR service offers customers cybersecurity experts to help identify and respond to security alerts and potential threats in real time, enabling businesses to focus security operations (SecOps) personnel on other organizational security priorities. The service provides organizations with monitoring, threat hunting and response/remediation capabilities, including: Continuous Monitoring & Response: Security experts monitor alerts, events and indicators 24x7x365. The Unit 42 MDR team uses a mix of proprietary processes, infrastructure and enrichment to accelerate detection, response and threat hunting to help quickly stop malicious activity most likely to impact your organization. Proactive Threat Hunting: World-class threat hunters search environments for complex attacks using deep knowledge of XDR data sources and the latest threat intelligence from Palo Alto Networks. This helps organizations stay ahead of emerging attack campaigns, malware and vulnerabilities. Security Posture Optimization: Experts provide periodic health checks of an organization's posture and detailed recommendations on policy changes to help facilitate addressing risks before they become issues. "Cyberattacks are emerging and evolving faster than ever," said Tom Osteen, CIO, Enloe Medical Center. "Intervening and addressing threats at the earliest stage is crucial. With Unit 42 MDR we have confidence that we can quickly identify and stop malicious activity to help keep our organization safe and secure." In a recent report, IDC said, "It is not a surprise to state that organizations continue to struggle with persistent security talent shortages and the rising costs to retain these scarce security resources. Security teams with already limited resources are overwhelmed by the heavy workload and responsibility." The report also stated, "Organizations are analyzing their current risks and accelerating their security services investments to ease pressure on their teams and strengthen their overall security posture to meet the growing cyberthreats."* About Cortex XDR Cortex XDR® is the world's first detection and response solution that natively integrates network, endpoint and cloud data to stop sophisticated attacks. It is designed to stop attacks with the power of AI and comprehensive data. XDR is critical to effective security. The latest Palo Alto Networks 2022 Unit 42 Incident Response Report highlights that when a breach occurs, 44% of the cases involved a business that did not have or did not fully deploy an endpoint detection and response or XDR security solution. About Palo Alto Networks Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

Read More

SOFTWARE SECURITY

Bugcrowd Launches Reseller Partnership with SocialProof Security

Bugcrowd | June 27, 2022

Bugcrowd, the market leader in crowdsourced cybersecurity, announced today a strategic reseller collaboration with SocialProof Security, advancing the organization's objective to keep clients ahead of growing cyber threats. As part of the cooperation, Bugcrowd will resell SocialProof Security's services, including social engineering prevention training, protocol and practitioner seminars, and penetration testing. In addition to reselling social engineering services, Bugcrowd continues to innovate and invest in its award-winning Security Knowledge Platform, which provides the most comprehensive suite of security solutions such as bug bounty, vulnerability disclosure programs, attack surface management, and pen testing as a service. Bugcrowd, for example, allows consumers to buy pen tests from a single supplier for any sort of use case, from basic assurance of simple web apps and networks to continuous testing of cloud services and APIs, and now, social engineering. Due to their friendly hacker approach to boosting customer defenses against human-based assaults, SocialProof Security and CEO Rachel Tobac, the market leader in social engineering prevention services, have gained prominence. Twitter, PayPal, Uber, Prudential Insurance, Cisco Systems, WhatsApp, NATO, and the US Air Force are among the noteworthy clients of SocialProof Security. "We are excited to work with Bugcrowd on this reseller partnership as we move forward with our aligned mission to arm organizations with a proactive means to reduce social engineering risk through education, identity verification protocol improvements, technical tools, and measuring those updates with social engineering penetration testing. The majority of cyber attacks now start with some element of social engineering—manipulating people to take actions that could harm organizations. This partnership illustrates the priority Bugcrowd places on actionable and measurable social engineering risk mitigation in a well-rounded security program," said Tobac. "Even with current elevated threat levels, many organizations are surprisingly unprepared for the threats from social engineering attacks, as we repeatedly find low awareness across organizations, outdated or inconsistent identity verification, and limited practitioner skill sets. Fortunately, taking a multidimensional approach that combines prevention training and tools, human-based protocol updates, and pen testing can dramatically reduce the risk of social engineering attacks. We look forward to bringing this innovative solution to market as a part of our services." Ashish Gupta, CEO of Bugcrowd SocialProof specializes in defending against social engineering attacks, in which attackers deceive workers in order to get personally identifiable information (PII), passwords, and unauthorized access to accounts, money, or other sensitive information. Common attack vectors like phishing, impersonation, and pretexting can be used to carry out such manipulation. In fact, respondents to ISACA's 2021 State of Cybersecurity Survey rated social engineering as the #1 cyber threat.

Read More