DATA SECURITY

BD to Advance Leadership in Cybersecurity Transparency and Preparedness

BD | June 07, 2021

A leading global medical technology company, BD (Becton, Dickinson and Company), today announced that it has become the first medical technology company authorized as a Common Vulnerability and Exposures (CVE®) Numbering Authority by the CVE Program, further demonstrating the company's leadership in health care cybersecurity.

As a CVE Numbering Authority (CNA), BD is authorized to assign CVE identification numbers to newly discovered vulnerabilities in its software-enabled products. This includes using the Common Weakness Enumeration (CWE™) system to classify vulnerability types and applying the Common Vulnerability Scoring System (CVSS) to communicate vulnerability characteristics and severity. The purpose of the CVE Program is to bolster international cybersecurity defense by cataloguing publicly disclosed cybersecurity vulnerabilities. The CVE Program is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE Corporation.

BD was among the first medical technology companies to develop a mature Coordinated Vulnerability Disclosure program, enabling customers to manage cybersecurity risks through awareness and guidance. In 2020, the company launched the BD Cybersecurity Trust Center, increasing transparency and collaboration with its customers, and issued its inaugural cybersecurity annual report. In becoming a CNA, BD further demonstrates its commitment to cybersecurity in medical devices, making it easier for customers to manage vulnerabilities affecting BD products.

About the CVE Program

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each of the vulnerabilities in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

About BD

BD is one of the largest global medical technology companies in the world and is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. BD and its 70,000 employees have a passion and commitment to help enhance the safety and efficiency of clinicians' care delivery process, enable laboratory scientists to accurately detect disease and advance researchers' capabilities to develop the next generation of diagnostics and therapeutics. By working in close collaboration with customers, BD can help enhance outcomes, lower costs, increase efficiencies, improve safety and expand access to health care.

Spotlight

The boundaries between working "in the office," "on the road," or "at home" have been blurred by the untethered power of smartphones, tablets, and other portable devices. Employees expect the flexibility to work on the devices they choose, and employers have come to expect always-on availability.

Spotlight

The boundaries between working "in the office," "on the road," or "at home" have been blurred by the untethered power of smartphones, tablets, and other portable devices. Employees expect the flexibility to work on the devices they choose, and employers have come to expect always-on availability.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Xage Recognized in 2022 Gartner® Innovation Insight for Cyber-Physical Systems Protection Platforms

Xage | August 20, 2022

Xage, the zero trust real-world security company, was recently cited as a Representative Vendor among CPS Protection Platforms in Gartner 2022 Innovation Insight for Cyber-Physical Systems Protection Platforms report. The company was also named in Gartner 2022 Market Guide for Operational Technology Security. “As organizations connect operational or mission-critical systems, or deploy automation and digital transformation technology, they create cyber-physical systems (CPS) that security and risk management leaders must accommodate. Enter cyber-physical systems protection platforms — new solutions for a new security reality,” said Gartner analysts Katell Thielemann. “The changing technology and threat landscape is forcing security and risk management leaders to think about security differently when it comes to CPS. A new discipline of CPS asset-centric security is evolving, anchored by a new set of CPS protection platform vendors.” Asset-centric security allows operators to move beyond the old network-centric security model – aiming to keep hackers off the network – to a modern security architecture that protects access to each asset individually regardless of who has network-level presence. In fact, Gartner predicts that through 2025, 70% of companies will deploy CPS protection platforms as the first step in their asset-centric journey. “An asset-centric approach to access management – implementing strong credentials, password rotation, multi-factor authentication (MFA) and asset-by-asset access control – is critical to protect assets from attack. “Xage has seen in our customer deployments how an asset-centric security approach enables strong zero trust protection which can be achieved without ripping and replacing existing systems and infrastructure.” Duncan Greatwood, CEO of Xage Xage helps operators protect their assets using an identity-centric, asset-centric zero trust architecture. Xage’s capabilities include identity-based access management and privilege enforcement, zero trust remote access, multi-layer multi-factor authentication (MFA), and dynamic data security that protects sensitive operational data. About Xage Xage is the first and only zero trust real-world security company. The Xage Fabric accelerates and simplifies the way enterprises secure, manage and transform digital operations across OT, IT, and cloud. Xage solutions include Identity & Access Management (IAM), remote access, and dynamic data security, all powered by the Xage Fabric. To explore how the Xage Fabric can secure and transform your organization, visit Xage.com. Xage is currently offering a free trial for secure remote access to qualified critical infrastructure operators.

Read More

SOFTWARE SECURITY

MERIPLEX acquires Louisiana-based MSP, Verma Systems

Meriplex | July 18, 2022

Meriplex, a nationwide leader in managed cybersecurity and IT solutions, is pleased to announce the asset acquisition of Louisiana-based managed service provider, Verma Systems. For over 31 years, Verma Systems has been a leading and trusted IT and consulting partner for businesses in Baton Rouge and across Louisiana. They provide personalized solutions to their clients allowing them to leverage IT and technology to enhance business efficiency. "Verma Systems is an excellent addition to the Meriplex organization. "With their talented team and longstanding reputation in the Louisiana market, we will be able to provide more innovative technology and service offerings to their clients and work towards our goal of being the number one MSP/MSSP in the nation." David Henley, CEO of Meriplex "For me, it has always been about the customer and our employees," said Mitch Verma, President of Verma Systems. "Joining forces with Meriplex means we have more resources at our fingertips including additional IT experts, new product lines, and the capability to offer more well-rounded technical solutions. I know the people behind Meriplex, and we share the same core values and work ethic. With their expertise, size and seasoned approach, I am confident we can provide more for our clients and our employees." As a fast-growing managed services provider, Meriplex focuses on strategically acquiring businesses in leading markets in order to establish a regional presence and acquire talent to support their increasing large organic and inorganic growth. If you are interested in learning more about our M&A process, please reach out to us here. About Meriplex Meriplex is a managed cybersecurity, IT, and SD-WAN solutions provider that enables transformation by combining secure, innovative technology with advanced expertise. As a trusted partner, we deliver business-driven solutions that provide the scalability and support needed to power growth for organizations. About Verma Systems Established in 1991, Verma Systems is a Baton Rouge IT services company specializing in business technology tailored towards the SMB market. With our highly talented and experienced team, we know how to meet business needs by incorporating the right technology solutions to help your company be successful. Our mission is focused on hard work, smart work, and superior customer service.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Information Management Leader Archive360 Launches Developer Program to Extend Business Users’ Access to Archived Data with Zero-Trust APIs

Archive360 | August 29, 2022

Archive360™, the archiving and information management leader trusted by enterprises and government agencies worldwide, today announced its Archive360 Extend developer program, giving customers and partners access to the company’s unique APIs (application programming interfaces) so they can leverage the market-leading information governance capabilities of the Archive360 Open Archiving Platform, extending capabilities of customer in-house developed applications as well as third party applications. As the only true Platform-as-a-Service (PaaS) solution provider, Archive360 enables organizations to migrate and onboard massive volumes of data to the cloud, with full control over data security, privacy, access, and compliance. With Archive360 Extend, users can now benefit from one search to directly access, manage and extract relevant data from the Archive360 archive in the comfort and familiarity of their preferred applications, while professionals in the legal, IT and compliance units are assured that all data is being appropriately managed. “Companies offering vital services such as eDiscovery, internal and external audits and core business applications are not in the business of archiving and managing information - that’s our specialty,” said Robert DeSteno, co-founder and CEO of Archive360. “In today’s operating environment, skilled professionals prioritize working from the applications they access daily. Archive360 now makes it possible for these users to access and leverage data in Archive360’s repository from those apps with one search - in most cases, they won’t even know where the data is, only that their access is fully authorized and secure. More than a dozen partners have already joined this program, and over the next few weeks we’ll be announcing key partnerships with specific companies. Archive360 Extend represents a new advance in archiving and information management, and we’re just getting started.” The new program enables a seamless, secure and compliant connection between two complementary forces: the Archive360 information management platform’s ability to onboard, manage and store massive volumes of business data - including files, videos, audio, CRM, ERP, emails/electronic communication, social media and more - and companies specializing in complex disciplines such as eDiscovery and data analytics, serving business users who need immediate, authorized, and secure access to all relevant data resources without having to switch between applications. Archive360 enables participating companies to promote their offerings to a much broader market, including large and heavily regulated enterprises with massive amounts of data that need to be retained and managed securely in compliance with internal and external mandates. One Search User Access Archive360 APIs enable end users, with one search, to quickly, easily, and cost-effectively access, review and act on data from any system across their organization. And while the company leads the market with a unified platform - massive data volumes offering enhanced flexibility for easy and secure access - its APIs also come with major advantages. The collective benefits include: One Search: Greater visibility into any data source connected to the Archive360 archive, and greater control over that data: how it’s processed, stored, protected and managed, with performance tailored to meet specific business needs Scalability: Process and manage petabytes of data, rapidly, cost-effectively and dynamically scale horizontally and vertically to meet any workload Security: True Zero Trust data security with unparalleled PII protection - even system administrators can’t access the data without explicit approval Defensible Compliance: Ensuring data accuracy, compliance and reliability through immutable storage, data localization, and an audit trail to capture the complete chain of custody. Separate micro-APIs run in the right place across on-premises, in-country or overseas cloud infrastructures ensuring compliance with data localization requirements Risk Management: eliminating redundant, obsolete and trivial (ROT) information; replacing legacy systems; and optimizing storage Comprehensive Functionality: There’s one front-end API for ingestion, operations, monitoring, admin, records, discovery, machine learning and analytics, along with micro-APIs Open Framework: The APIs are extensible - for example, Archive360’s archive functionality can be seamlessly embedded into independent software vendors’ applications and customer portals Archive360 APIs are managed with a Zero-Trust framework that encompasses data threat surfaces, lifecycles, governance and more - a critical advantage in today’s operating environment. The company also adheres to an API-first philosophy: The APIs are consistent and reusable across the Archive360 platform and applications or portals accessing the data. Customers and partners can learn more about the Archive360 Extend developer program by speaking with their account representative or registering to become an Archive360 partner. About Archive360 Archive360 is the enterprise information archiving company that businesses and government agencies worldwide trust to securely migrate their digital data to the cloud, and responsibly manage it for today’s regulatory, legal and business intelligence obligations. This is accomplished by applying context around the search, classification, security, retention, disposition and indexing of data including files, videos, and emails—all while allowing organizations to maintain full control over privacy, access, and compliance. Archive360 is a global organization that delivers its solutions both directly and through a worldwide network of partners. Archive360 is a Microsoft Cloud Solution Provider, and the Archive2AzureTM solution is Microsoft Azure Certified.

Read More