California’s 'Other' Game-Changer: Complying with the New IoT Cybersecurity Law

securitymagazine | February 11, 2020

When California Governor Jerry Brown signed Senate Bill 327 on September 28, California became the first state to enact legislation expressly governing cybersecurity measures that must be employed by manufacturers of Internet-connected “smart” devices, collectively known as the Internet of Things (IoT). The law, to be codified at California Civil Code Sections 1798.91.04–06, became effective on January 1, 2020. The new law applies to any “manufacturer of a connected device,” which is defined as “the person who manufactures, or contracts with another person to manufacture on the person’s behalf, connected devices that are sold or offered for sale in California.” A “connected device” is “any device, or other physical object, that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address,” a definition that is broad enough to encompass most devices that are commonly considered part of the IoT.

Spotlight

Download The New E-Book To Learn The Latest Trends In IT Security, And How You Can Be Prepared.

How confident are you about facing a cyber-attack through email? Have you been hit in the past and feel ready to take on whatever comes? Or are you completely inexperienced and don’t feel prepared? Two-thirds of respondents in a recent Mimecast survey don’t feel up-do-date or equipped to handle such threats.

Download the new E-book, Email Security Uncovered: The Five Faces of IT Preparedness, to learn the latest trends in email security and tips on how you can boost your security confidence.

Spotlight

Download The New E-Book To Learn The Latest Trends In IT Security, And How You Can Be Prepared.

How confident are you about facing a cyber-attack through email? Have you been hit in the past and feel ready to take on whatever comes? Or are you completely inexperienced and don’t feel prepared? Two-thirds of respondents in a recent Mimecast survey don’t feel up-do-date or equipped to handle such threats.

Download the new E-book, Email Security Uncovered: The Five Faces of IT Preparedness, to learn the latest trends in email security and tips on how you can boost your security confidence.

Related News

DATA SECURITY

RevBits to Become a Member in Forbes Technology Council

RevBits | January 25, 2022

Forbes Technology Council, an invitation-only club for world-class CEOs, CIOs, CTOs, and technology leaders, has approved RevBits, a developer of innovative cybersecurity solutions. Through its multiple cyber solutions, all available in this fully integrated platform, RevBits award-winning and patent-protected Cyber Intelligence Platform (CIP) delivers new levels of security IQ. A screening team examined and chose RevBits CEO David Schiffer based on the breadth and diversity of his experience. Acceptance criteria include a track record of positively influencing corporate growth indicators, as well as personal and professional accomplishments and distinctions. "We are honored to welcome RevBits and Mr. Schiffer into the community," said Scott Gerber, founder of Forbes Councils, the collective that includes Forbes Technology Council. "Our mission with Forbes Councils is to bring together proven leaders from every industry, creating a curated, social capital-driven network that helps every member grow professionally and make an even greater impact on the business world." David has access to a range of exclusive options as a Council member, all of which are designed to help him achieve peak professional influence. In a private forum, he will connect and collaborate with other notable local leaders. David will also be invited to collaborate with a professional editorial team to contribute to published Q&A panels alongside other experts and provide his expert ideas in unique business stories on Forbes.com. Finally, the Forbes Councils member concierge staff will provide RevBits with unique access to approved business service partners, membership-branded marketing collateral, and high-touch assistance. "I am excited to join Forbes Technology Council, The name Forbes means something important in the business community and to be associated with Forbes is an honor." The opportunity to have RevBits, and our innovative suite of cybersecurity solutions, have access to the Forbes Technology Council community is a great thing." David Schiffer, CEO at RevBits

Read More

DATA SECURITY

Cynalytica Delivers New Solution to Help Combat Cyber Threats to Maritime Navigation and Communication Systems

Cynalytica | September 20, 2021

Cynalytica Inc. announces its SerialGuard AnalytICS Platform now offers monitoring, deep packet inspection (DPI) support, and intrusion detection for legacy NMEA protocols. Its latest extension provides enhanced situational awareness and security to vulnerable maritime Industrial Control Systems (ICS) through NMEA-specific packet evaluations, analysis, and intrusion detection capabilities. "In addition to the serious threats posed to their OT network, one of the maritime industry's biggest security challenges today is the protection of their navigation and communications systems from persistent cyber threats. Vessels are increasingly vulnerable to cyber attacks that can cause GPS interference and spoofing, AIS spoofing, bridge-to-bridge communications spoofing, and other communications jamming which can have catastrophic kinetic consequences," explains Richard Robinson, CEO of Cynalytica. "Distressingly, many of these navigation and communication instruments rely on NMEA 0183 serial protocols, which do not have authentication, encryption, or validation capabilities. They also lack a sufficient level of real-time visibility and data validation capabilities that would help detect such attacks. These security limitations make the NMEA-connected devices exceptionally susceptible to hackers, and the consequences could prove adverse." With the SerialGuard® AnalytICS Platform, the maritime industry can now help address critical vulnerabilities within their NMEA-connected instruments and other serial-connected control systems simultaneously. The extended capabilities will provide maritime operators with an unprecedented level of visibility into NMEA-connected devices while empowering them to baseline communications, accurately monitor behavioral patterns, and create alert rulesets to detect cyber attacks and misconfigurations quickly." Designed to protect serial-connected ICS, the SerialGuard® AnalytICS Platform is a fully-passive and fail-safe monitoring and intrusion detection system (IDS) that brings real-time visibility to high-risk assets. The platform consists of the SerialGuard® sensor that passively taps serial communications, combined with Cynalytica's AnalytICS Engine – a monitoring and intrusion detection system, and data validation tool that enables operators to baseline normal operations and create alert rulesets to detect anomalous behavior. The SerialGuard AnalytICS Platform is easily deployed across most maritime industries including naval vessels, passenger ships, container ships, tankers, bulk carriers, ports, and many more. About Cynalytica Cynalytica, Inc. combines a diverse set of industry expertise with decades of applied research and development experience to deliver pioneering cybersecurity and machine analytics technologies that help protect critical national infrastructure, securely enable Industry 4.0 and help industries accelerate their digital transformation objectives.

Read More

DATA SECURITY

Cybersecurity Startup ActZero Announces MDR for Cloud Services

ActZero | October 06, 2021

ActZero, the cybersecurity startup making best-in-class security accessible for businesses of all sizes, today announced the launch of its managed detection and response for cloud-based services. I'm thrilled to debut our MDR for Cloud Services solution to deliver more comprehensive threat detection to our customers,The reality is most cybersecurity solutions haven't kept pace with the dynamic nature of how we live and work. Businesses are being impacted by attacks that not only shut down and compromise physical devices and networks, but also affect their cloud environments — cloud applications and infrastructures are often vulnerable due to low security maturity. Our MDR service offers the industry's most impactful set of detections and response actions for Cloud software-as-a-Service (SaaS) and infrastructure-as-a-service (IaaS) solutions, and plays to our particular strengths as a comprehensive, integrated data analysis and threat hunting solution. We believe this is the future of cybersecurity and the key to business continuity in the virtual era. Chris Finan, Chief Operating Officer of ActZero An estimated 90 percent of businesses use some type of cloud-based service, the strongest signal yet that the virtual era has officially arrived. At the same time, the very flexibility that makes cloud offerings appealing also makes them vulnerable to cyberthreats, such as unauthorized access and insecure APIs. Cloud-based services are often a blind spot in a company's security posture — especially because threat actors can easily take advantage of over-privileged accounts and misconfigured controls to access broad corporate data sets and critical business systems. ActZero's data-driven MDR platform provides businesses with holistic, broad threat detection and comprehensive response across endpoints, network, and a wide range of cloud SaaS and IaaS solutions. ActZero's continuously-tuned machine learning models can unravel an entire attack more quickly than traditional detection and response solutions, precisely detecting threats earlier, wherever they may appear in a customer's environment. ActZero's out-of-the-box MDR offering includes support for Microsoft 365, Microsoft Azure, AWS, and Google Workspace, with more coverage in development. The new offering not only detects threats and alerts customers, but also provides rapid response to contain and remediate immediate cloud threats at machine speed. ActZero's MDR service is powered by both supervised and unsupervised machine-learning models and expert threat hunters. 'In-environment' models learn from all customers' data, unlocking powerful network effects, but are tailored for each customer. These models also take advantage of 'human-in-the-loop' feedback to learn continuously. ABOUT ACTZERO ActZero is a cybersecurity startup that makes small- and mid-size businesses more secure by empowering teams to cover more ground with fewer internal resources. Our intelligent managed detection and response service provides 24/7 monitoring, protection and response support that goes well beyond other third-party software solutions. Our teams of data scientists leverage cutting-edge technologies like AI and ML to scale resources, identify vulnerabilities and eliminate more threats in less time. We actively partner with our customers to drive security engineering, increase internal efficiencies and effectiveness and, ultimately, build a mature cybersecurity posture. Whether shoring up an existing security strategy or serving as the primary line of defense, ActZero enables business growth by empowering customers to cover more ground.

Read More