Home > News > featured news > California’s 'Other' Game-Changer: Complying with the New IoT Cybersecurity Law

California’s 'Other' Game-Changer: Complying with the New IoT Cybersecurity Law

securitymagazine | February 11, 2020

When California Governor Jerry Brown signed Senate Bill 327 on September 28, California became the first state to enact legislation expressly governing cybersecurity measures that must be employed by manufacturers of Internet-connected “smart” devices, collectively known as the Internet of Things (IoT). The law, to be codified at California Civil Code Sections 1798.91.04–06, became effective on January 1, 2020. The new law applies to any “manufacturer of a connected device,” which is defined as “the person who manufactures, or contracts with another person to manufacture on the person’s behalf, connected devices that are sold or offered for sale in California.” A “connected device” is “any device, or other physical object, that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address,” a definition that is broad enough to encompass most devices that are commonly considered part of the IoT.

Spotlight

Reveal Risk Whitepaper: Measuring And Managing Cyber Resilience

Cyber Resilience (according to NIST) is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.”

Resiliency in cybersecurity is not a new concept. It has long been postulated as a goal or used to convey that a business needs to be ready for the unpredictable that can and will arise in a volatile cyber-risk climate. However, we have seen that there is a disconnect between current practices for evaluating & leading cyber programs, and understanding, measuring, & building true cyber resiliency.

More featured news

Spotlight

Reveal Risk Whitepaper: Measuring And Managing Cyber Resilience

Cyber Resilience (according to NIST) is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.”

Resiliency in cybersecurity is not a new concept. It has long been postulated as a goal or used to convey that a business needs to be ready for the unpredictable that can and will arise in a volatile cyber-risk climate. However, we have seen that there is a disconnect between current practices for evaluating & leading cyber programs, and understanding, measuring, & building true cyber resiliency.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Immuta Announces the Release of Immuta Detect for Continuous Security Monitoring

Immuta | January 20, 2023

On January 19, 2023, Immuta, a leading data security firm, announced the launch of its latest product, Immuta Detect. Immuta Detect notifies data and security teams about unsafe data access behavior with its continuous data security monitoring capabilities, therby enabling faster and more accurate risk response and improved data security posture management across advanced and modern cloud data platforms. The product is the new vital component of Immuta's comprehensive Data Security Platform that offers security and access control, data activity monitoring and sensitive data discovery. The platform uniquely integrates with the leading cloud data platforms along with existing SIEM and Managed Detection and Response (MDR) tools. As data sources and users in modern cloud settings increase, monitoring data usage and responding to threats becomes more challenging. This is critical for safeguarding against insider threats and adhering to rules and regulations. Existing strategies to solve these problems include manual and time-consuming audits of millions of log data records housed in disparate data sources. To stay up with business demands, data and security teams need improved ways for monitoring data access, address issues precisely, and quickly adjust to shifting risk appetites. With Immuta Detect, customers can swiftly surface and prioritize data usage risks, decrease time to risk mitigation, and maintain data security by utilizing the following new features: Advanced access behavior analytics - Immuta Detect consolidates data access logs, allowing data and security teams to continuously monitor and evaluate changes in user behavior and data access entitlements by source, user activity or query, as well as get insight into changes in data classification and security configuration. Sensitive data views and indicators – The company offers a detailed analysis of each user and data activity in depth, summarizing activity across multiple criteria such as time frame, data access event categorization, sensitive data indicators, and most active data sources. Risk severity detection and scoring - It automatically scores data based on its sensitivity and security, thereby enabling data and security teams to prioritize risks and receive real-time notifications about potential security incidents. About Immuta Founded in 2015 and headquartered in Boston, MA, Immuta is a leading cloud data access control provider. It offers data engineering and operations teams a unified platform for controlling access to analytical data sets in the cloud. Additionally, it helps businesses extract value from their cloud data by securing it and giving secure access. It automates access control for any type of data on any cloud service and across any computing infrastructure. The company is now trusted for data security by Fortune 500 organizations and government agencies all around the world.

Read More

DATA SECURITY, ENTERPRISE IDENTITY, NETWORK THREAT DETECTION

ForgeRock is the First Identity Platform to Fully Eliminate Passwords

ForgeRock | March 21, 2023

ForgeRock®, a global digital identity leader, today announced ForgeRock Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations. Enterprise Connect Passwordless is the latest addition to ForgeRock’s industry-leading, passwordless authentication portfolio for consumer and workforce use cases. Developed through ForgeRock’s strategic partnership with Secret Double Octopus, the new solution, integrated into ForgeRock Identity Platform, protects the most commonly used and vulnerable enterprise resources such as servers, workstations, remote desktops, and VPNs. It helps large enterprises proactively defend against costly cyber-attacks and unauthorized access by providing a passwordless experience to legacy applications, systems and services. In turn, organizations can deliver an employee experience that empowers people to access their information without needing to know a password. “The move to passwordless authentication will fundamentally change every digital experience on the planet, starting with the most common experience of all - logging in,” said Peter Barker, Chief Product Officer, ForgeRock. “With the addition of Enterprise Connect Passwordless, ForgeRock is the only solution to offer a full spectrum of passwordless capabilities that help employees and consumers say goodbye to remembering their passwords.” Organizations deploying ForgeRock Enterprise Connect Passwordless become a more secure enterprise by removing employee interaction with passwords, and reducing the risk of compromise. Benefits include eliminating employee account lockouts and reducing the volume of IT tickets, which can lower operational costs from help desk interactions, increase workforce productivity and enhance the user experience. Removing Passwordless Orchestration and Deployment Complexities ForgeRock Enterprise Connect Passwordless uses next generation identity orchestration capabilities that allow enterprises to easily design and implement passwordless login and access journeys tailored to their unique security and experience needs. With ForgeRock, organizations now have the freedom to move to passwordless at their own pace – without it being an “all or nothing” experience. “When an organization decides it wants to go passwordless to improve user experiences, that can be a heavy lift, made lighter when accompanied by user journey orchestration technology,” said Jay Bretzmann, Research Vice President, Security Products, IDC. “The ability to rapidly create login experiences tailored to groups of diverse individuals is an imperative for modern enterprises. Orchestration not only provides the tools to do this, but also the ability to ‘fine-tune’ journeys in real-time. What used to take programmers and developers weeks or months can now be accomplished by non-technical IT or identity staff for a fraction of the time and cost.” Available in Q2, Enterprise Connect Passwordless augments the company’s existing passwordless capabilities, adding to the ongoing work ForgeRock has been doing to eliminate consumer passwords for more than a decade. A History of Paving the Passwordless Path for Enterprises The ForgeRock Identity Platform has an extensive history of providing organizations several options to help deploy passwordless authentication for mobile and web applications to reduce fraud and improve the user experience. ForgeRock can accelerate passwordless deployment with integration for applications, support for identity standards, easy to use workflows to enable workforce and CIAM passwordless user journeys, and web-based passwordless authentication through a browser using passkeys in their mobile devices. ForgeRock already supports passwordless authentication capabilities through FIDO2 WebAuthn standards and passkeys within the ForgeRock Identity Cloud, low-code, no-code access orchestration with ForgeRock Intelligent Access and AI-driven threat protection within ForgeRock Autonomous Access. ForgeRock also has alliances with partners that have developed curated FIDO solutions for many different types of applications. About ForgeRock ForgeRock® is a global digital identity leader helping people simply and safely access the connected world. The ForgeRock Identity Platform delivers enterprise-grade identity solutions at scale for customers, employees, and connected devices. More than 1,300 organizations depend on ForgeRock’s comprehensive platform to manage and secure identities with identity orchestration, dynamic access controls, governance, and APIs in any cloud or hybrid environment.

Read More

ENTERPRISE SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

Ambient.ai Launches AI-driven Forensics Tool to Improve Security

Ambient.ai | March 06, 2023

Ambient.ai, the company evolving physical security with computer vision intelligence, recently introduced its AI-Powered Forensics solution to power incident investigations in near real-time. New event-based and entity search capabilities enable teams to search by objects, complex actions, and non-biometric person descriptors such as shirt color, thereby reducing investigation times by over 90%. Security investigations require operators to analyze individual camera streams with search options limited to basic motion or person/object search, log into multiple applications, and wait for time-consuming video processing, which can take hours or days. Ambient's AI-Powered Forensics is wholly integrated with the camera system, enabling near-instantaneous search across camera networks when an incident occurs – eliminating lengthy wait times and processing, thereby reducing security investigations from hours to minutes. Entity Search builds upon Ambient.ai's first-of-its-kind event-based search and filtering capabilities, utilizing non-biometric identifiers for objects and people to locate key footage and sophisticated event signatures. Additionally, Conjunction Search enables users to filter footage by two or more entities, events, or attributes, thereby expanding the search parameter's scope. One-click sharing and archiving allow teams to instantly share footage to build detailed reports on incident timelines, speed up internal and external investigations and responses, and ensure security protocol compliance. With streamlined investigations, security teams can analyze footage to determine security efficacy, threat incidence, and vulnerabilities. The Ambient.ai Context GraphTM uses computer vision to identify entities, objects, and their connections across surveillance feeds and PACS alarms in the new AI-Powered Forensics. The platform uses the extensible graph for threat detection, signals intelligence, and response. In addition, the company continuously adds event and entity recognition signatures and uses human-in-the-loop feedback to improve performance. Ambient's AI-Powered Forensics capabilities have been tested in high-security environments, such as world-renowned museums and Fortune 500 companies. Today, innovative companies such as Adobe, Impossible Foods, and VMware rely on the company to improve their physical security. About Ambient.ai Ambient.ai offers cutting-edge computer vision intelligence solutions to transform enterprise security operations. Its platform utilizes AI to enable continuous physical security monitoring and automate the immediate dispatch of human resources, preventing security incidents before they occur. Ambient.ai is trusted by large enterprises, schools, and organizations worldwide and is the first platform to go beyond basic motion detection and image recognition, achieving near-human perception with automated situational context. Based in Palo Alto, California, Ambient.ai is leading the way in advancing physical security solutions.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Immuta Announces the Release of Immuta Detect for Continuous Security Monitoring

Immuta | January 20, 2023

On January 19, 2023, Immuta, a leading data security firm, announced the launch of its latest product, Immuta Detect. Immuta Detect notifies data and security teams about unsafe data access behavior with its continuous data security monitoring capabilities, therby enabling faster and more accurate risk response and improved data security posture management across advanced and modern cloud data platforms. The product is the new vital component of Immuta's comprehensive Data Security Platform that offers security and access control, data activity monitoring and sensitive data discovery. The platform uniquely integrates with the leading cloud data platforms along with existing SIEM and Managed Detection and Response (MDR) tools. As data sources and users in modern cloud settings increase, monitoring data usage and responding to threats becomes more challenging. This is critical for safeguarding against insider threats and adhering to rules and regulations. Existing strategies to solve these problems include manual and time-consuming audits of millions of log data records housed in disparate data sources. To stay up with business demands, data and security teams need improved ways for monitoring data access, address issues precisely, and quickly adjust to shifting risk appetites. With Immuta Detect, customers can swiftly surface and prioritize data usage risks, decrease time to risk mitigation, and maintain data security by utilizing the following new features: Advanced access behavior analytics - Immuta Detect consolidates data access logs, allowing data and security teams to continuously monitor and evaluate changes in user behavior and data access entitlements by source, user activity or query, as well as get insight into changes in data classification and security configuration. Sensitive data views and indicators – The company offers a detailed analysis of each user and data activity in depth, summarizing activity across multiple criteria such as time frame, data access event categorization, sensitive data indicators, and most active data sources. Risk severity detection and scoring - It automatically scores data based on its sensitivity and security, thereby enabling data and security teams to prioritize risks and receive real-time notifications about potential security incidents. About Immuta Founded in 2015 and headquartered in Boston, MA, Immuta is a leading cloud data access control provider. It offers data engineering and operations teams a unified platform for controlling access to analytical data sets in the cloud. Additionally, it helps businesses extract value from their cloud data by securing it and giving secure access. It automates access control for any type of data on any cloud service and across any computing infrastructure. The company is now trusted for data security by Fortune 500 organizations and government agencies all around the world.

Read More

DATA SECURITY, ENTERPRISE IDENTITY, NETWORK THREAT DETECTION

ForgeRock is the First Identity Platform to Fully Eliminate Passwords

ForgeRock | March 21, 2023

ForgeRock®, a global digital identity leader, today announced ForgeRock Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations. Enterprise Connect Passwordless is the latest addition to ForgeRock’s industry-leading, passwordless authentication portfolio for consumer and workforce use cases. Developed through ForgeRock’s strategic partnership with Secret Double Octopus, the new solution, integrated into ForgeRock Identity Platform, protects the most commonly used and vulnerable enterprise resources such as servers, workstations, remote desktops, and VPNs. It helps large enterprises proactively defend against costly cyber-attacks and unauthorized access by providing a passwordless experience to legacy applications, systems and services. In turn, organizations can deliver an employee experience that empowers people to access their information without needing to know a password. “The move to passwordless authentication will fundamentally change every digital experience on the planet, starting with the most common experience of all - logging in,” said Peter Barker, Chief Product Officer, ForgeRock. “With the addition of Enterprise Connect Passwordless, ForgeRock is the only solution to offer a full spectrum of passwordless capabilities that help employees and consumers say goodbye to remembering their passwords.” Organizations deploying ForgeRock Enterprise Connect Passwordless become a more secure enterprise by removing employee interaction with passwords, and reducing the risk of compromise. Benefits include eliminating employee account lockouts and reducing the volume of IT tickets, which can lower operational costs from help desk interactions, increase workforce productivity and enhance the user experience. Removing Passwordless Orchestration and Deployment Complexities ForgeRock Enterprise Connect Passwordless uses next generation identity orchestration capabilities that allow enterprises to easily design and implement passwordless login and access journeys tailored to their unique security and experience needs. With ForgeRock, organizations now have the freedom to move to passwordless at their own pace – without it being an “all or nothing” experience. “When an organization decides it wants to go passwordless to improve user experiences, that can be a heavy lift, made lighter when accompanied by user journey orchestration technology,” said Jay Bretzmann, Research Vice President, Security Products, IDC. “The ability to rapidly create login experiences tailored to groups of diverse individuals is an imperative for modern enterprises. Orchestration not only provides the tools to do this, but also the ability to ‘fine-tune’ journeys in real-time. What used to take programmers and developers weeks or months can now be accomplished by non-technical IT or identity staff for a fraction of the time and cost.” Available in Q2, Enterprise Connect Passwordless augments the company’s existing passwordless capabilities, adding to the ongoing work ForgeRock has been doing to eliminate consumer passwords for more than a decade. A History of Paving the Passwordless Path for Enterprises The ForgeRock Identity Platform has an extensive history of providing organizations several options to help deploy passwordless authentication for mobile and web applications to reduce fraud and improve the user experience. ForgeRock can accelerate passwordless deployment with integration for applications, support for identity standards, easy to use workflows to enable workforce and CIAM passwordless user journeys, and web-based passwordless authentication through a browser using passkeys in their mobile devices. ForgeRock already supports passwordless authentication capabilities through FIDO2 WebAuthn standards and passkeys within the ForgeRock Identity Cloud, low-code, no-code access orchestration with ForgeRock Intelligent Access and AI-driven threat protection within ForgeRock Autonomous Access. ForgeRock also has alliances with partners that have developed curated FIDO solutions for many different types of applications. About ForgeRock ForgeRock® is a global digital identity leader helping people simply and safely access the connected world. The ForgeRock Identity Platform delivers enterprise-grade identity solutions at scale for customers, employees, and connected devices. More than 1,300 organizations depend on ForgeRock’s comprehensive platform to manage and secure identities with identity orchestration, dynamic access controls, governance, and APIs in any cloud or hybrid environment.

Read More

ENTERPRISE SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

Ambient.ai Launches AI-driven Forensics Tool to Improve Security

Ambient.ai | March 06, 2023

Ambient.ai, the company evolving physical security with computer vision intelligence, recently introduced its AI-Powered Forensics solution to power incident investigations in near real-time. New event-based and entity search capabilities enable teams to search by objects, complex actions, and non-biometric person descriptors such as shirt color, thereby reducing investigation times by over 90%. Security investigations require operators to analyze individual camera streams with search options limited to basic motion or person/object search, log into multiple applications, and wait for time-consuming video processing, which can take hours or days. Ambient's AI-Powered Forensics is wholly integrated with the camera system, enabling near-instantaneous search across camera networks when an incident occurs – eliminating lengthy wait times and processing, thereby reducing security investigations from hours to minutes. Entity Search builds upon Ambient.ai's first-of-its-kind event-based search and filtering capabilities, utilizing non-biometric identifiers for objects and people to locate key footage and sophisticated event signatures. Additionally, Conjunction Search enables users to filter footage by two or more entities, events, or attributes, thereby expanding the search parameter's scope. One-click sharing and archiving allow teams to instantly share footage to build detailed reports on incident timelines, speed up internal and external investigations and responses, and ensure security protocol compliance. With streamlined investigations, security teams can analyze footage to determine security efficacy, threat incidence, and vulnerabilities. The Ambient.ai Context GraphTM uses computer vision to identify entities, objects, and their connections across surveillance feeds and PACS alarms in the new AI-Powered Forensics. The platform uses the extensible graph for threat detection, signals intelligence, and response. In addition, the company continuously adds event and entity recognition signatures and uses human-in-the-loop feedback to improve performance. Ambient's AI-Powered Forensics capabilities have been tested in high-security environments, such as world-renowned museums and Fortune 500 companies. Today, innovative companies such as Adobe, Impossible Foods, and VMware rely on the company to improve their physical security. About Ambient.ai Ambient.ai offers cutting-edge computer vision intelligence solutions to transform enterprise security operations. Its platform utilizes AI to enable continuous physical security monitoring and automate the immediate dispatch of human resources, preventing security incidents before they occur. Ambient.ai is trusted by large enterprises, schools, and organizations worldwide and is the first platform to go beyond basic motion detection and image recognition, achieving near-human perception with automated situational context. Based in Palo Alto, California, Ambient.ai is leading the way in advancing physical security solutions.

Read More

More featured news