Software Security

Camera Cyber Security Specification and Alliance Council for App Developers are announced by the Open Security & Safety Alliance.

The Open Security and Safety Alliance, an industry body contained partners from all aspects of the security, wellbeing and building mechanization space, today declared two significant advancements as a component of its main goal to clear the street towards dependable and imaginative security and wellbeing arrangements. Initial, another particular is currently accessible to individuals that centers around camera network protection measures. OSSA likewise presents another App Developer Council intended to pull in and include application designers in the Alliance's steadily developing environment of security and wellbeing industry players.

Executing Trustworthiness Thresholds

The most current specialized particular – the OSSA Camera Cyber Security Specification – contains definitions and rules in regards to obligatory and discretionary security judgments for cameras. It is to a great extent dependent on a current norm by the International Electrotechnical Commission (IEC), with an extra clear spotlight on the security market and OSSA reasoning by straightforwardly splitting the jobs and duties between camera producers, the working framework (OS) supplier and the framework on-chip (SoC) merchant, specifically. The determination additionally endorses duty changes in case of individual OS alterations by camera producers. The compulsory piece of these rules will be utilized as contribution for the impending OSSA certificate system.

The OSSA-coordinated environment is intended to improve trust, empower development past the constraints of a solitary association, and fuel opportunity for industry partners and clients.

Spotlight

Organizations are losing IT and security control Once upon a time, IT and security teams focused mostly on managing their organization’s on-prem environment. But as business requirements changed, customer bases became global, and remote work took root, these technology teams were handed responsibility across more domains: cloud

Spotlight

Organizations are losing IT and security control Once upon a time, IT and security teams focused mostly on managing their organization’s on-prem environment. But as business requirements changed, customer bases became global, and remote work took root, these technology teams were handed responsibility across more domains: cloud

Related News

Software Security

Picus Launches New MSSP Program to Make Starting Security Validation Simple

Picus Security | December 12, 2023

Picus Security, the pioneer of Breach and Attack Simulation (BAS), today announced the Picus Managed Security Services Provider (MSSP) Partner Program. Picus has a long-standing 100% channel approach and works closely with MSSPs to deliver security validation services that quantify risk and reduce threat exposure. Now, it's easier than ever for MSSPs and their customers to get started with security validation to measure the effectiveness of security controls with real-world attack simulations and then scale up testing programs to perform validation checks consistently. The new Picus MSSP Program provides the flexibility MSSPs need to introduce automated validation services and generate new recurring revenues quickly. Designed for customers of varying levels of cyber maturity, the program features interval-based and continuous licensing options. With interval-based licensing, MSSPs can purchase credits that allow an entry cadence for validation assessments. Then, once customers are ready to advance their security program maturity and increase the frequency of assessments they can easily switch to a continuous licensing model. The program means MSSPs can help customers to 'crawl,' 'walk,' and then 'run' with validation. "With this new MSSP program, it's never been simpler for managed service providers to get the consistent and accurate validation insights needed to improve security outcomes for clients," said Ryan Kunker, Picus Security, Senior Director of Channels and Alliances. "By shining a light on security effectiveness in areas such as security control validation, automated security validation presents an enormous opportunity for MSSPs to improve security outcomes for clients and identify new upsell opportunities." Security validation powered by BAS is a core pillar of Continuous Threat Exposure Management (CTEM). It helps security teams to understand if security controls provide the coverage needed to defend organizations against the latest threats, including ransomware and Advanced Persistent Threats. Gartner estimates that security services providers that adopt cybersecurity validation assessments will see an improvement of over 5% in their acquisition, retention and upsell rates.* "We are constantly looking for new ways to provide real actionable value to our clients," said Perry Schumacher, Chief Strategy Officer at Ridge IT. "We evaluated Picus in our cyber range against our best practice configurations and it showed us opportunities to improve beyond today's best tools and practices. The Picus platform helps us provide better security for our clients by increasing our effectiveness. Our clients who purchase Picus begin a continuous improvement journey for their cyber security and are always in a cyber-ready state." In addition to real-world threat simulation, the Picus platform also offers asset and vulnerability discovery, attack path mapping, detection engineering as code, and AI-based threat profiling - capabilities that help MSSPs to manage customers' threat exposure even more efficiently. To enable MSSPs to validate the security of multiple clients simultaneously, the platform also offers a multi-tenant portal. "Now more than ever, every dollar spent in the security budget must be carefully weighed on merit and returned value," said Darren Humphries, Acora Group CISO and MSSP Cyber Portfolio CTO. "For strengthening the security of our own company portfolio and that of our customers, Picus is a key tool that helps us measure the efficacy of the protective security tools we use as well as our detective SOC and SIEM capabilities. Picus is a true force multiplier." About Picus Security Picus Security helps security teams consistently and accurately validate their security posture. Our Security Validation Platform simulates real-world threats to evaluate the effectiveness of security controls, identify high-risk attack paths to critical assets, and optimize threat prevention and detection capabilities. As the pioneer of Breach and Attack Simulation, we specialize in delivering the actionable insights our customers need to be threat-centric and proactive. Picus has been named a 'Cool Vendor' by Gartner and is recognized by Frost & Sullivan as a leader in the Breach and Attack Simulation (BAS) market.

Read More

API Security

Cequence and Vercara Partner to Combat Cyber Threats and Revolutionize API Security

Cequence Security | January 25, 2024

Cequence Security is proud to announce a new partnership with Vercara, a leading provider of cloud-based services that secure the online experience. This collaboration aims to fortify the cybersecurity landscape by pairing Vercara’s network and application protections with Cequence Security's innovative Unified API Protection (UAP) platform. Security teams encounter substantial hurdles in safeguarding API applications from cyber-attacks, including the rapid development and deployment of API applications across diverse cloud providers. The unmanaged and unprotected nature of these APIs can harbor critical vulnerabilities, making them susceptible to exploitation. Moreover, the lack of a clear and consistent security posture across the application footprint introduces further complexities. To address these challenges, Cequence Security's UAP platform provides a comprehensive discovery of the entire API attack surface, encompassing both external and internal APIs. It ensures compliance with security and governance best practices, eliminating unknown and unmitigated API security risks. Furthermore, the solution offers native real-time inline protection, blocking API attacks before they reach applications. "The absence of API protection puts you at risk of potential theft, fraud, non-compliance, and business disruptions,” said Carlos Morales, SVP Solutions at Vercara. “Our partnership with Cequence combines our collective best-in-class services to address the evolving demands of the cybersecurity landscape, ensuring that businesses can confidently deploy needed applications and successfully navigate the complexities of API security with advanced, holistic protection.” Arun Gowda, VP, Business Development at Cequence Security, said, “In the evolving landscape of cybersecurity, the extensive risk of data compromise in API breaches goes beyond external APIs to internal ones. These often-overlooked internal APIs can access sensitive data not intended for public exposure. APIs have changed the game for attackers, making it imperative to prioritize the security of all assets accessible through APIs, including those not expected to be publicly exposed.” He added, “We are pleased to combine our innovative API security solutions with Vercara's innovative WAF and DDoS services to deliver advanced, holistic API protection. This collaboration reinforces our commitment to provide unparalleled security measures for businesses reliant on APIs.” Cequence Security's UAP platform is unparalleled in addressing all phases of the API security lifecycle. It provides: Discovery: A continuous API attack surface discovery management product that assesses your application footprint, offering a complete inventory of external APIs. Compliance: A security posture management product that identifies security risks in APIs, ensuring compliance with specifications, security test requirements, and governance best practices. Protection: Detects and prevents sophisticated automated API attacks and business logic abuse using advanced machine learning rules, providing real-time protection without relying on third-party components. About Cequence Security Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection across all internal and external APIs to defend against attacks, targeted abuse, and fraud. Requiring less than 15 minutes to onboard an API without requiring any instrumentation, SDK, or JavaScript integration, the flexible deployment model supports SaaS, on-premises, and hybrid installations. Cequence solutions scale to handle the most demanding Fortune and Global 2000 organizations, securing more than 8 billion daily API calls and protecting more than 3 billion user accounts across these customers. To learn more, visit www.cequence.ai. About Vercara Vercara is a purpose-built, global, cloud-based security platform that provides layers of protection to safeguard businesses’ online presence, no matter where attacks originate or where they are aimed. Delivering the industry’s highest-performing solutions and supported by unparalleled 24/7 human expertise and hands-on guidance, top global brands depend on Vercara to protect their networks and applications against threats and downtime. Vercara’s suite of cloud-based services is secure, reliable, and available, delivering peace of mind and ensuring that businesses and their customers experience exceptional interactions all day, every day. Pressure-tested in the world’s most tightly regulated and high-traffic verticals, Vercara’s mission-critical security portfolio provides best-in-class DNS and application and network security (including DDoS and WAF) services to its Global 5000 customers and beyond. For more information, visit vercara.com.

Read More

End Point Protection

Malwarebytes Unveils New K-12 ThreatDown Bundle to Defend Schools and Districts from Cyberattacks

Malwarebytes | January 24, 2024

Malwarebytes, a global leader in real-time cyber protection, today announced the availability of ThreatDown K-12 Bundle, combining the cybersecurity technologies and services that K-12 education institutions need into a streamlined, cost-effective bundle. Purpose-built to reduce risk, complexity and costs for districts and schools, the ThreatDown K-12 Bundle delivers unified protection with an intuitive, easy-to-manage design. The ThreatDown K-12 Bundle allows schools to optimize device uptime and improve productivity, while protecting students and staff, devices and data from the latest cyber threats. "Schools are increasingly facing cyber threats with limited IT resources, leading to a rise in ransomware attacks that affect staff, teaching, and student well-being," said Marcin Kleczynski, Founder and CEO of Malwarebytes. "Historically, cost barriers prevented schools from adopting cybersecurity managed services. Our K-12 Bundle packages together everything districts need to reduce risk and comply with regulations within a manageable budget. We're committed to making powerful protection and managed services accessible to vulnerable schools and students." Bridging the Cybersecurity Gap for Resource-constrained K-12 IT Teams Modern K-12 educational institutions have a wide range of school-, staff- and student-owned devices – from traditional laptops, desktops and servers to Chromebooks, iPadOS, iOS, and Android devices. While these devices greatly enrich the student learning experience and streamline operations for staff, they also introduce new risks. Key features of the ThreatDown K-12 Bundle include: Award-winning endpoint security: K-12 Bundle is built on ThreatDown's strongest AI/ML-driven prevention, detection and response technologies fortified by built-in innovations to reduce the attack surface. These technologies simplify the process of finding and patching software vulnerabilities and prevent unauthorized programs from executing. 24x7x365 managed services: The K-12 Bundle combines ThreatDown advanced technologies with Managed Detection and Response (MDR) service of ThreatDown cybersecurity experts to manage security and resolve alerts around the clock, delivered as an affordable, hassle-free bundle. Unified endpoint management: ThreatDown extends powerful endpoint protection across workstations, servers and mobile device to substantially strengthen schools' cybersecurity postures in compliance with new and pending regulations. Quick and easy to deploy, the K-12 Bundle saves time and resources with unified endpoint management for both traditional and mobile devices – all from a single, cloud-native console. Centralized, real-time visibility: K-12 IT teams can easily view activity across all devices in real time. With a unified platform and visibility for traditional and mobile endpoints, teams can monitor and protect devices from a single pane of glass. Teams can understand the threats to devices in their environments and mitigate potential risks. Advanced mobile protection: ThreatDown K-12 Bundle provides effective protection for Chromebooks, iPadOS, iOS, and Android devices, guarding against the latest mobile threats such as ransomware, malicious apps, and potentially unwanted programs (PUPs). With real-time protection, schools can also prevent accidental access to harmful websites, safeguard against malicious apps, block unwanted in-app ads, and enable a secure mobile experience for students. About Malwarebytes Malwarebytes is a global cybersecurity leader delivering award-winning endpoint protection, privacy and threat prevention solutions worldwide. Built on decades of experience as the last resort to find and eradicate the latest malware, Malwarebytes is now trusted by millions of individuals and organizations to stop threats at each stage of the attack lifecycle, secure digital identities and safeguard data and privacy. A world class team of threat researchers and proprietary AI-powered engines provide unmatched threat intelligence to detect and prevent known and unknown threats. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.

Read More