DATA SECURITY

Balbix Extends Cyber Security Posture Automation to AWS

Balbix | November 02, 2021

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the general availability of the Balbix Connector for AWS. As a result of the new offering, customers gain a comprehensive inventory of their assets spanning on-premises and cloud as well as the ability to discover, prioritize and mitigate unseen risks, including unpatched software vulnerabilities, weak credentials, missing or poor encryption, trust issues and cloud infrastructure misconfigurations.

A surge in cloud adoption has made modern IT environments more complex and increased the enterprise attack surface. While gains have been made in cloud security, visibility remains siloed. Proactive cybersecurity tools are typically split into on-premises and cloud silos, making it extremely difficult to get a consolidated view into both environments. In addition, the ability to identify and address the most pressing risks requires the assistance of automation to successfully scale.

Improved AWS Security Posture Management
The new Connector for AWS provides support for the most popular AWS Cloud services including core services like Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and AWS Identity and Access Management (IAM); database and container services like Amazon Relational Database Service (Amazon RDS), and Amazon Elastic Kubernetes Service (Amazon EKS); and analytics services like Amazon OpenSearch Service. As a result, teams overseeing security of their AWS environments can:
  • Get comprehensive visibility into cloud assets and accurately categorize them into compute, storage, network, and containers
  • Discover exposure to common cloud attack vectors, especially misconfigurations – the most exploited attack vector for the cloud
  • Measure risks in terms of the likelihood and monetary impact of them being exploited in order to prioritize risks for remediation and report on the overall security posture

Visibility Across the Entire Network
With the addition of the Connector for AWS, Balbix merges cloud and on-premises visibility in one view, eliminating the need for security practitioners to look through multiple dashboards and allowing them to work more productively.

"With a significant portion of our IT infrastructure already running in AWS alongside a longer-term cloud-first strategy to migrate most workloads to the cloud, the addition of the Balbix Connector for AWS enables us to drive down risk comprehensively across our enterprise," said Nate Miller, Senior IT Manager, Global Cyber Security and IT Compliance at Cooper-Standard. "However, we know some critical IT infrastructure will remain on-premises. The unified visibility provided by Balbix is key to enable our cyber security teams to make the best decisions for the business and most efficiently minimize the risk of breach."

Advanced Risk Analysis
AWS data is analyzed using purpose-built AI algorithms to produce a comprehensive view of cyber-risk for organizational cloud assets, along with relevant context and recommended action items. Risk is measured in dollars, which provides a common language that organizations can use to prioritize projects, spending and track the effectiveness of their overall cybersecurity program.

"Traditionally, cyber posture tools have been siloed, only offering views for cloud or on-premises, never both,We are excited to introduce the Balbix Connector for AWS to break down the siloed approach and offer AWS customers a holistic view of their overall corporate risk, along with new insights to manage security under the shared responsibility model."

Gaurav Banga, CEO at Balbix

About Balbix
Balbix is the world's leading platform for cybersecurity posture automation. Using Balbix, organizations can discover, prioritize and mitigate unseen risks and vulnerabilities at high velocity. With seamless data collection and petabyte-scale analysis capabilities, Balbix is deployed and operational within hours, and helps to decrease breach risk immediately. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a "Cool Vendor" by Gartner in 2018.

Spotlight

What’s in an internet minute? According to data from RiskIQ and threat researchers around the world, a lot of evil. 2018 COST OF CYBER CRIME. 2018 RISKIQ RESEARCH NUMBERS: NUMBER OF NEW BLACKLISTED MOBILE APPS. .17/minute10. NUMBER OF NEW PHISHING DOMAINS STOOD UP .21/minute11 .

Spotlight

What’s in an internet minute? According to data from RiskIQ and threat researchers around the world, a lot of evil. 2018 COST OF CYBER CRIME. 2018 RISKIQ RESEARCH NUMBERS: NUMBER OF NEW BLACKLISTED MOBILE APPS. .17/minute10. NUMBER OF NEW PHISHING DOMAINS STOOD UP .21/minute11 .

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Xage Recognized in 2022 Gartner® Innovation Insight for Cyber-Physical Systems Protection Platforms

Xage | August 20, 2022

Xage, the zero trust real-world security company, was recently cited as a Representative Vendor among CPS Protection Platforms in Gartner 2022 Innovation Insight for Cyber-Physical Systems Protection Platforms report. The company was also named in Gartner 2022 Market Guide for Operational Technology Security. “As organizations connect operational or mission-critical systems, or deploy automation and digital transformation technology, they create cyber-physical systems (CPS) that security and risk management leaders must accommodate. Enter cyber-physical systems protection platforms — new solutions for a new security reality,” said Gartner analysts Katell Thielemann. “The changing technology and threat landscape is forcing security and risk management leaders to think about security differently when it comes to CPS. A new discipline of CPS asset-centric security is evolving, anchored by a new set of CPS protection platform vendors.” Asset-centric security allows operators to move beyond the old network-centric security model – aiming to keep hackers off the network – to a modern security architecture that protects access to each asset individually regardless of who has network-level presence. In fact, Gartner predicts that through 2025, 70% of companies will deploy CPS protection platforms as the first step in their asset-centric journey. “An asset-centric approach to access management – implementing strong credentials, password rotation, multi-factor authentication (MFA) and asset-by-asset access control – is critical to protect assets from attack. “Xage has seen in our customer deployments how an asset-centric security approach enables strong zero trust protection which can be achieved without ripping and replacing existing systems and infrastructure.” Duncan Greatwood, CEO of Xage Xage helps operators protect their assets using an identity-centric, asset-centric zero trust architecture. Xage’s capabilities include identity-based access management and privilege enforcement, zero trust remote access, multi-layer multi-factor authentication (MFA), and dynamic data security that protects sensitive operational data. About Xage Xage is the first and only zero trust real-world security company. The Xage Fabric accelerates and simplifies the way enterprises secure, manage and transform digital operations across OT, IT, and cloud. Xage solutions include Identity & Access Management (IAM), remote access, and dynamic data security, all powered by the Xage Fabric. To explore how the Xage Fabric can secure and transform your organization, visit Xage.com. Xage is currently offering a free trial for secure remote access to qualified critical infrastructure operators.

Read More

PLATFORM SECURITY

Deloitte Launches Zero Trust Access, a New Managed Security Service

Deloitte | July 12, 2022

To help organizations adopt zero trust more quickly and efficiently, Deloitte is launching a new managed service – Zero Trust Access— that offers a cloud-native approach to securing communications between users, on any device, and enterprise applications, wherever they may reside. The Zero Trust concept commits to removing implicit trust within an information technology (IT) ecosystem and replacing it with a risk-based approach to accessing organizational resources across identities, workloads, data, networks and devices. This trend is gaining momentum, given legacy approaches to security architecture are no longer suitable to secure the ubiquitous nature of the modern enterprise. Part of the newly expanded Zero Trust by Deloitte, Zero Trust Access facilitates zero trust adoption and the evolving needs of organizations in protecting their applications, infrastructure, and data. Following the integration of recently acquired talent and technology into existing Deloitte services, the Zero Trust Access managed service connects users to applications through a frictionless cloud-native solution that is inherently scalable, resilient, agile, and secure. Further, the managed service is available standalone, integrated with other Deloitte offerings, or as part of a broader solution leveraging technologies from Deloitte's alliances ecosystem. "As perimeter-based approaches are no longer suitable to secure the modern enterprise, many organizations are working to enhance protection for their IT ecosystems via zero trust. "Zero Trust Access was built as a turnkey managed service helping ourselves and our clients accelerate adoption of this transformative security framework. Our goal was to create a cost-effective solution that can be delivered standalone or complementary to a broader ecosystem and ultimately help decrease the burden on IT and security teams who likely need to manage multiple heterogenous solutions to achieve similar outcomes." Andrew Rafla, Deloitte Risk & Financial Advisory's zero trust offering leader and principal, Deloitte & Touche LLP With innovative data protection leveraging device-level secure microcontainer technology, Zero Trust Access helps protect infrastructure while also enabling organizations to protect sensitive enterprise data and enforce least privilege through dynamic access control to enterprise assets. The managed service can replace remote access solutions inclusive of virtual private network (VPN), virtual desktop infrastructure (VDI), and desktop as a service (DaaS), all of which typically require significant capital expenditure for infrastructure, high operating costs, and technology management overhead. Zero Trust Access includes features such as ephemeral connectivity built upon secure peer-to-peer (P2P) communication, conditional access and continuous authorization, as well as robust data protection for data at-rest, in-use, and in-transit are consistently applied to each session, regardless of the type or location of the applications being accessed (e.g., legacy hosted applications, software as a service (SaaS), thick-client, web-based applications). Implementation of Zero Trust Access can help organizations leverage outcome-based solutions that improve business agility, enhance user productivity, and reduce cost and complexity of security operations. "Beginning zero trust adoption isn't simple, fast or easy for most organizations," Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP. "We're launching Zero Trust Access as the first in many adoption-enabling services and solutions to come, so that our clients are better able to modernize their security programs, enable agile operations and confidently advance with emerging technologies and transformative risk management principles that can build more resilient security practices." About Deloitte Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Apiiro to Sponsor Cloud Native SecurityCon and KubeCon + CloudNativeCon North America

Apiiro | September 12, 2022

Apiiro, the leader in Cloud-Native Application Security, today announced it is a platinum sponsor of Cloud Native SecurityCon, an event designed to foster collaboration, discussion and knowledge sharing of cloud native security projects to address security challenges and opportunities. The in-person event takes place October 24-25, 2022 in Detroit, MI and will showcase breakthrough technology and advances in modern cybersecurity approaches including secure software development and supply chain security. Cloud Native SecurityCon is co-located at KubeCon + CloudNativeCon, the Cloud Native Computing Foundation's flagship conference. Apiiro executives including VP of Security Research Moshe Zioni will be in attendance to discuss how Apiiro is accelerating secure software delivery by addressing critical risks in cloud-native applications. KubeCon attendees can also meet with Apiiro executives to learn more about the code risk platform by visiting booth SU63. About Apiiro Apiiro helps security and development teams proactively remediate risk before releasing to the cloud. Backed by Greylock and Kleiner Perkins.

Read More