DATA SECURITY

Argus partners with Microsoft to provide Microsoft Azure IoT end-to-end Cyber Security Cloud solution for car manufacturers.

Argus | March 30, 2021

Argus Cyber Security, a global pioneer in the field of cyber automotive security, cooperated with Microsoft Azure IoT to help car manufacturers to track, identify, and mitigate cloud attacks.

Argus Fleet Protection, an Automotive Security Operation Center (ASOC) solution, in-vehicle insights from Argus Connected ECU Protection, and update capability with Argus Software Updates Over-the-Air comprise the Argus cybersecurity package for automotive applications, which is combined with Azure IoT. (OTA). The complete end-to-end cloud solution is one of the first to provide car manufactures with on-board and off-board tracking for the cyber wellbeing of their fleet.

This automotive collaboration allows car manufacturers better access to security-related in-vehicle information as well as extensive coverage of security incidents. Argus Connected ECU Protection detects operating system irregularities and unusual behavior in the vehicle using customer-defined hazard models and is implemented on connected ECUs such as telematics, infotainment centers, and ADAS systems. Threat models may be built on UNECE R 155 (WP.29), the MITRE Attack structure, or some other model that is selected. Vehicle warnings are sent to Argus Fleet Protection, where they are paired with information from other sources in dedicated automotive hazard hunting and investigation modules. Vehicle manufacturers will create a more reliable, all-encompassing cyber intelligence picture by combining end-to-end automotive cyber protection with Microsoft Azure IoT.

Furthermore, using Argus Delta OTA update technologies, car manufactures will immediately incorporate security upgrades to minimize vulnerability to cyber threats while reducing vehicle downtimes and deployment costs.

"We are thrilled to be joining the world's leading businesses on Microsoft Azure. It represents a significant step forward for vehicle manufacturers looking to minimize their exposure to cyber risk while still adhering to applicable requirements and regulations such as UNR 155 (WP.29) "said Miki Hakak, Argus Cyber Security's VP Marketing, and Business Development. "By collaborating with a global leader like Microsoft, we're making it easier for vehicle manufacturers to cost-effectively incorporate cyber protection into their vehicles without disrupting manufacturing cycles or project risk."

"Cybersecurity is a critical component in the transition to connected and autonomous vehicles," said Avijit Sinha, Microsoft's general manager for Azure Mobility. "Argus offers robust and flexible tools to ensure security through a vehicle's diverse computing resources and networks, whether it's avoiding attacks on safety-critical functions or personal data theft. The partnership of Argus and Microsoft Azure IoT offers a roadmap for automakers aiming to achieve their target of stable connected and autonomous vehicles."

ABOUT ARGUS CYBER SECURITY
To secure connected cars and commercial vehicles from cyber-attacks, Argus, a world pioneer in automotive cyber protection, offers in-vehicle solutions, consulting services, and an automotive security operation center (ASOC). Customers include automakers, retailers, and fleet managers.

Argus products and services, which are currently in development, assist in the prevention, tracking, and reaction to cyber threats on in-vehicle components, networks, and post-production fleets. Via a suite of customized advisory services that help incorporate data security standards and procedures into the whole product lifecycle, Argus professional services assist its clients in complying with applicable guidelines and regulations, such as UNECE R 155 (WP. 29). Argus' groundbreaking approaches and solutions are based on decades of cybersecurity and automotive research, which has resulted in more than 70 awarded and pending patents.

Argus was founded in 2013 in Tel Aviv, Israel, and has offices in Michigan, Stuttgart, Tokyo, Shanghai, and Korea. Argus is a wholly-owned subsidiary of Elektrobit, a multinational supplier of automotive products and services.

Spotlight

Host, Sarah Rutan: Thanks to innovations in security technology, it’s now possible for home and business owners to control their security systems via their mobile phones. To learn more, we’re in Oakland with Mike Salk of Reed Brothers Security, speaking on behalf of Diamond Certified Expert Contributor Randy Reed. Mike Salk: I think we can all agree that the pace of life has increased significantly lately. I found an application here that adds to the quality of life and peace of mind. It’s a remote application to control your home or business alarm system from your phone.

Spotlight

Host, Sarah Rutan: Thanks to innovations in security technology, it’s now possible for home and business owners to control their security systems via their mobile phones. To learn more, we’re in Oakland with Mike Salk of Reed Brothers Security, speaking on behalf of Diamond Certified Expert Contributor Randy Reed. Mike Salk: I think we can all agree that the pace of life has increased significantly lately. I found an application here that adds to the quality of life and peace of mind. It’s a remote application to control your home or business alarm system from your phone.

Related News

DATA SECURITY

Datadog Launches Application Security Monitoring

Datadog | April 29, 2022

Datadog, Inc., a cloud application monitoring and security platform, today announced the official release of its Application Security Monitoring (ASM) solution. ASM utilizes distributed tracing to assist security, development, and operations teams in precisely detecting code-level vulnerabilities like server-side request forgeries (SSRFs), SQL injections, cross-site scripting (XSS) assaults, and others. Today, applications are a frequent cause of data breaches. According to Forrester's The State of Application Security, 2021, "applications continue to be a leading cause of external breaches, and the presence of open source, APIs, and containers further adds complexity to the security team." Security risks are increasingly focusing on gaining access to data via an organization's apps by detecting and exploiting code-level flaws. These attacks get through outdated, perimeter-based security systems, which can't tell the difference between a legitimate application request and one that presents a security risk. As software architectures become more sophisticated, there is an increasing need for application security solutions that break through barriers between security, development, and operations teams. Datadog ASM employs distributed tracing to give end-to-end context, allowing enterprises to identify threats more precisely and react more quickly. This comprehensive view, when combined with the Datadog Cloud Security Platform's additional features such as Cloud Security Posture Management (CSPM), Cloud Workload Security (CWS), and Cloud SIEM, offers teams with actionable insights that speed up remediation and increase collaboration. "Applications are frequent sources of data breaches because security solutions have not kept pace with modern attacks, which focus on exploiting software code vulnerabilities. Legacy, perimeter-based security solutions cannot adequately address the complexity of today's advanced software architectures, which greatly increase the number of applications, APIs and services that must be monitored. We believe the answer is to use distributed tracing to more accurately detect attacks that expose organizations to risk. This approach helps teams get visibility on authenticated attacks and those that trigger code-level anomalies, ultimately helping them collaborate and respond to threats more quickly." Pierre Betouin, VP of Product, Cloud Security Platform at Datadog Application Security Monitoring expands on Datadog's acquisition of Sqreen in April 2021, which has been completely integrated into the Datadog Cloud Security Platform to give a uniform user experience and expanded capabilities. Customers may get their hands on the goods right now.

Read More

DATA SECURITY

CFGI and SecurityScorecard Collaborate to Provide Security Rating Monitoring as a Service

CFGI | May 26, 2021

CFGI, a leading provider of Accounting Advisory, Cybersecurity and IT Risk Advisory solutions, and SecurityScorecard, the worldwide leader in cybersecurity ratings, today announced a new partnership to streamline and strengthen how organizations manage their cybersecurity and third-party risk through the use of Security Ratings. CFGI has partnered with SecurityScorecard to non-intrusively evaluate an organizations' cybersecurity using an 'outside-in methodology. This approach enables CFGI to monitor and update the cybersecurity ratings of our clients in a very continuous manner. With these cybersecurity ratings and the extensive information on which they are based, organizations are presented with valuable information for assessing compliance with industry-leading cybersecurity risk standards. As a SecurityScorecard managed security services provider (MSSP), CFGI will be delivering industry-leading cybersecurity ratings to clients to enhance their security posture, ensure adherence to regulatory requirements, and continuously monitor third-party risk. This partnership comes at a time when risk and compliance teams are experiencing unprecedented pressure to successfully manage their own and third-party risk, due to changing regulatory requirements, higher numbers of vendors, and more pressure from the board of directors. Heightened regulatory scrutiny has created the necessity for next-generation solutions to assist organizations in better manage the risk posed by their business partners. With the partnership between CFGI and SecurityScorecard, organizations can now be aware of cybersecurity gaps and advised on what is needed to fill them. What value do CFGI clients receive? • Technical dashboards and detailed reports with your most critical risk factors. • Easy-to-read board-level reports and workflow tools for cybersecurity assessments. • Risk remediation advisory services by CFGI, whose experts work closely with your technology teams or third parties. • Ability to view your historical vulnerabilities and threats for continued improvement. • Ability to quantify and demonstrate your return on security investments. • Ability to benchmark your cybersecurity current state against industry peers and competitors. About CFGI CFGI, a portfolio company of The Carlyle Group, is a highly specialized financial consulting company that supports the office of the CFO with all its accounting, finance, risk management, and digital transformation needs. As an extension of your SOX, internal audit, corporate finance, or cybersecurity team, CFGI can serve in a variety of capacities – from technical accounting or finance transformation advisor to IPO and M&A support to controller or CFO.

Read More

DATA SECURITY

Vectra AI Reveals Cybersecurity Blind Spots in PaaS and IaaS Environments with Security Survey

Vectra AI | August 06, 2021

Vectra AI, a leader in threat detection and response, today released the findings of the PaaS & IaaS Security Survey Report. The report compiled the answers of 317 IT executives all using AWS, 70% coming from organizations of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organizations. As digital transformation efforts continue, the survey found that AWS is becoming an even more critical component to organizations who are regularly deploying new workloads, leveraging deployments in multiple regions and are relying on more than one AWS service. The survey found: 64% of DevOps respondents are deploying new workload services weekly or even more frequently 78% of organizations are running AWS across multiple regions (40% in at least three) 71% of respondents say that they are using more than four AWS services (such as S3, EC2, IAM, etc.) The expansion of AWS services has naturally led to increased complexity and risk with 100% of companies surveyed having experienced at least one security incident in their public cloud environment. Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration. Some blind spots the Vectra report uncovered include: 30% of organizations surveyed have no formal sign-off before pushing to production 40% of respondents say they do not have a DevSecOps workflow 71% of organizations say that 10 or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers. Despite these blind spots, the survey showed that companies are taking security seriously. Over half of the companies reported having double-digit security operations center (SOC) headcounts, showing a significant investment in keeping their organizations secure. "Securing the cloud with confidence is nearly impossible due to its ever-changing nature," said Matt Pieklik, Senior Consulting Analyst at Vectra. "To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness." Vectra has answered this industry need through the creation of Detect for AWS which reduces risk of cloud services being exploited, detects threats against AWS services, and automatically responds to attacks against applications running in AWS. To learn more about the threats facing today's organizations you can download the full Paas & IaaS Security Survey Report or read our companion blog. About Vectra Vectra is the leader in threat detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using AI to enrich network metadata it collects and stores with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers four applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed. And Cognito Detect for Office 365 and Azure AD™ finds and stops attacks in enterprise SaaS applications and the Microsoft 365 ecosystem.

Read More