DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Qumulo, Inc. | November 11, 2022
Qumulo, the radically simple way to manage petabyte-scale data anywhere, today announced the launch of the company’s new corporate security initiative “Simply Secure,” a multi-layered approach designed to protect data across multiple points of vulnerability. Qumulo’s “Simply Secure” initiative is meant to help organizations minimize the risk of business disruption and protect their data from theft or loss with a complete suite of security features that continue to harden over time, all-inclusive with their Qumulo® subscription, without additional cost for future releases.
The unprecedented rise in cyber threats in recent years is creating dire consequences for businesses: multi-million dollar ransom payments, days or weeks in disruption of operations, and potential loss of valuable data sets. Not only that, cyber attacks which become public often leave behind permanent reputational damage. While most organizations understand and respect the risk of poor security posture, many are strapped for cycles, time, and expertise to build adequate defenses around their unstructured data.
Qumulo is meeting its customers anywhere – edge, core, and in the cloud – with a holistic approach to security, making it simple for customers to protect their data from ransomware attacks, data theft, and data destruction. Qumulo not only helps customers ensure lighting-fast recovery but also helps proactively detect and prevent anomalies, so organizations and end users can simply secure their sensitive data. Customers are granted access to each new security feature every two weeks, which is available through non-disruptive software upgrades, increasing the value of Qumulo clusters over time.
“Qumulo’s focus on radical simplicity means it's taken an approach to security that makes it as easy as possible for customers to protect their data everywhere it’s stored.”
Kiran Bhageshpur, Chief Technology Officer at Qumulo
Qumulo is constantly developing new and enhancing existing features to provide the most robust security possible. The most recent releases add five new layers to storage security for greater data protection, including:
Multi-tenancy VLAN Isolation: Organizations can now use virtual local area networks (VLANs) to isolate administrative interfaces from their file system clients, such that the general network population cannot reach the interfaces. This adds an additional guarantee of network protection, while helping consolidate multiple use cases on a single cluster, resulting in potential cost savings.
Single sign-on & Access Tokens: Cluster administrators can now eliminate the need for sensitive user passwords when logging into the Qumulo administrator UI or API since user credentials are prime targets for theft by cyber attackers.
NFSv4.1 Kerberos Authentication & Encryption: All data is encrypted before transmitting across networks, preventing any bad actor that intercepts the data from understanding it in plain text.
Federal Information Processing Standards (FIPS) 140-2 certification of Qumulo encryption: Now, customers with FIPS requirements can maintain compliance and independently verify that Qumulo’s data-at-rest encryption meets the standards set by the National Institute of Standards and Technology (NIST). Customers who don’t require FIPS certification can rest assured their data is protected by the highest standards.
OpenMetrics API provides telemetry data to 3rd party monitoring and alerting systems, so organizations can proactively detect and quickly respond to anomalies at risk of disrupting operations such as an attack-in-progress.
“Trust is mission critical when it comes to security,” said Kathy Ahuja, VP of Information Security at Qumulo. “That’s why we’ve built a security posture with FIPS 140-2 accreditation and enhanced encryption that provides the greatest level of protection for our cryptographic modules. Our customers know they can trust Qumulo with their data. And as cybercriminals continue to advance their own breach strategies, we’re well prepared to continue to improve our security measures to match and defeat the complexities of these attacks.”
About Qumulo, Inc.
Qumulo is the radically simple way to manage petabyte-scale data anywhere – edge, core or cloud – on the platform of your choice. In a world with trillions of files and objects comprising 100+ Zettabytes worldwide, companies need a solution that combines the ability to run anywhere with simplicity. This is precisely what Qumulo was founded to accomplish.
DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS
Qualys | November 02, 2022
Qualys, Inc., a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, is announcing TotalCloud with FlexScan delivering cloud-native VMDR with Six Sigma Accuracy via agent and agent-less scanning for comprehensive coverage of cloud-native posture management and workload security across multi-cloud and hybrid environments.
As business applications and on-premises infrastructure migrate to the cloud, security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Additionally, teams must deal with a plethora of industry acronym-driven point solutions that provide a fragmented view of risk without context. This approach increases security costs and complexity while leaving cloud applications vulnerable to attacks.
"Qualys is enhancing its widely used platform to deliver visibility, context, speed, automation, and orchestration in a comprehensive solution to help organizations scale their security and compliance programs for modern software development. "Qualys TotalCloud incorporates security into development workflows, enabling them to release secure, reliable code while giving security teams the control and visibility they need to manage risk by reducing their attack exposure and rapidly responding to threats."
Melinda Marks, senior analyst at ESG
"As a finance organization, we need a continuous view of the security and compliance posture across our cloud applications, with clear insights into risk," said Prabhuram Rajarathinam, CISO at Cholamandalam Investment and Finance Company. "Qualys TotalCloud with FlexScan will enable our cloud security and DevOps teams to use the multiple assessments to further strengthen the security of our cloud applications."
With more than 31 million workloads already secured by Qualys, Qualys TotalCloud extends the industry-leading accuracy of VMDR with cloud-native FlexScan assessments to unify Cloud Posture Management and Cloud Workload Security in a single view with risk insights. TotalCloud automates inventory, assessment, prioritization and risk remediation via an easy-to-use drag-and-drop workflow engine for continuous and zero-touch security from code to production cloud applications.
Qualys TotalCloud introduces FlexScan a comprehensive cloud-native assessment solution that allows organizations to combine multiple cloud scanning options for the most accurate security assessment of their cloud environment.
Security teams will have multiple hybrid assessment capabilities to secure the entire cloud attack surface including:
Zero-touch, agent-less, cloud service provider API-based scanning for fast analysis.
Virtual appliance-based scanning to assess unknown workloads over the network for open ports and remotely exploitable vulnerability detection.
Snapshot assessment that mounts the workload snapshot for periodic offline scanning including vulnerabilities and OSS scanning.
Qualys Cloud Agents in the workload for comprehensive, real-time vulnerability, configuration and security assessment.
Qualys TotalCloud provides security teams with:
Immediate multi-cloud posture insights - The unified cloud posture dashboard provides inventory, security and compliance posture insights across multi-cloud environments in minutes. Teams can easily identify and prioritize the misconfigurations that cause the highest risk with additional context on workload vulnerability and security posture.
Unified security view to prioritize cloud risk with TruRisk - A single view of cloud security insights across cloud workloads, services and resources is provided via the console. Additionally, Qualys TruRisk quantifies security risk by workload criticality and vulnerability detections and correlates it with ransomware, malware and exploitation threat intelligence to prioritize, trace and reduce risk.
Fast remediation with no code, drag-and-drop workflows - The integration of QFlow technology into TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-profile threats, remediating misconfigurations, and quarantining high-risk assets.
Shift-left security to catch issues early– TotalCloud provides shift-left security integrated into developers existing CI/CD tools to continuously assess cloud workloads, containers and Infrastructure as Code (IaC) artifacts. This allows for the rapid identification of security exposures and remediation steps during the development, build and pre-deployment stages while providing support for the major cloud providers including AWS, Azure and Google Cloud.
"Cloud security is getting very fragmented with too many point solutions, which brings more complexity," said Sumedh Thakar, president and CEO of Qualys. "Our customers want seamless, comprehensive insight into cyber risk across their multi-cloud and non-cloud assets. With our innovative TotalCloud offering, we bring flexible, high-quality cloud-native risk assessment to our customer base as they look to expand into the cloud with Qualys."
Qualys, Inc. is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Fortinet | November 29, 2022
Fortinet®, a global leader in broad, integrated and automated cybersecurity solutions, today announced the availability of FortiGate Cloud-Native Firewall (FortiGate CNF) on Amazon Web Services (AWS), an enterprise-grade, managed next-generation firewall service specifically designed for AWS environments. FortiGate CNF incorporates FortiGuard artificial intelligence (AI)-powered Security Services for real-time detection of and protection against malicious external and internal threats, and is underpinned by FortiOS for a consistent network security experience across AWS and on-prem environments.
By shifting the management of network security infrastructure to Fortinet via FortiGate CNF, customers can focus more on their core competencies and deploying effective security policies to protect their business-critical applications and data. Natively supporting AWS and available now in AWS Marketplace, FortiGate CNF gives customers immediate access to FortiGuard AI-powered Security Services for enterprise-grade protection, including URL filtering, DNS filtering, IPS, application control and other FortiGuard security services, that organizations rely on.
FortiGate CNF enables customers to realize the following benefits:
Region-wide network protection at optimized costs: FortiGate CNF is designed to easily aggregate security across cloud networks, availability zones and virtual private clouds (VPCs) in a cloud region. It also natively supports AWS to help optimize cloud security spend and uses AWS Graviton instances to deliver better price performance than other offerings.
Simplified network security operations with cloud-native integrations: FortiGate CNF provides a simple, intuitive user interface (UI) that minimizes the need for security expertise and makes it easy to define and deploy robust security policies including dynamic meta-data based policies on AWS. This AWS support helps security teams move at the speed and scale of applications teams, while support of AWS Gateway Load Balancer eliminates do-it-yourself automation and helps secure Amazon Virtual Private Cloud (Amazon VPC) environments while improving high availability and scaling. Additionally, support of AWS Firewall Manager simplifies security management and automates security rollout.
Increased compliance with consistent enterprise-grade security across on-prem and cloud deployments: In a recent survey of more than 800 cybersecurity professionals, 78% of respondents indicated that a cloud security platform with a single dashboard could help them better protect data across their cloud footprint and strengthen their security posture. FortiGate CNF provides an intuitive dashboard to easily manage security policies across a customer’s AWS deployments. As part of the Fortinet Security Fabric platform, it also offers a single pane of glass through FortiManager to centralize policy management, increase visibility and automate policy enforcement on AWS and beyond. This capability helps teams effectively apply security controls seamlessly across hybrid cloud and on-premises deployments.
Enhanced with AI-powered global threat intelligence: FortiGate CNF includes a suite of trusted FortiGuard AI-powered security services, developed and continually improved by FortiGuard Labs. Using AI/machine learning (ML) models, FortiGate CNF with FortiGuard Security Services enables a proactive security posture and remediation of known and unknown threats based on real-time threat intelligence, behavior-based detection and automated prevention.
Fortinet and AWS – Better Together
FortiGate CNF is the latest example of Fortinet's commitment to delivering cloud-native services to support our customers. Fortinet’s work with AWS ensures that customers’ public cloud workloads are protected by best-in-class security solutions powered by comprehensive threat intelligence. Fortinet support of key AWS services simplifies security management, facilitating full visibility across environments and providing broad protection across your workloads and applications. Throughout any stage in a customer’s migration to the cloud, Fortinet Security Fabric, the industry’s highest performing cybersecurity mesh platform, delivers security-driven networking and adaptive cloud protection for the ultimate flexibility and control needed to build in the cloud.
“Fortinet was the clear choice for help when we decided to move our workloads from a data center to a public cloud environment on AWS. By leveraging Fortinet cloud security solutions to complement native AWS security groups, we were able to accelerate our cloud migration to just one month, a process that that would typically take one year. With the introduction of FortiGate CNF, Yedpay is looking forward to having the option of a managed firewall service powered by the collective cloud infrastructure expertise of Fortinet and AWS to further bolster our existing cloud security and enable us to securely grow our business.”
Simon Lau, CIO & CISO, Yedpay
“We know organizations are looking to further simplify and modernize security on the cloud, which is why we’re working with Fortinet to deliver adaptive cloud security solutions. With FortiGate CNF, customers can build confidently, boost agility, and take advantage of everything AWS has to offer. As a fully managed cloud-native service, FortiGate CNF provides the enterprise-level firewall services and network security that helps reduce risk and improve compliance, and optimizes customers’ security investments. We’re looking forward to continuing our work with Fortinet to help our mutual customers accelerate their cloud security goals.”
Dave Ward, GM, Application Networking, AWS
Fortinet makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 595,000 customers trust Fortinet to protect their businesses.