DATA SECURITY

Celerium announces a partnership to bring cybersecurity and CMMC awareness to the Danish defense industry with CenSec

prnewswire | February 10, 2021

Celerium Inc. reported today another association with CenSec, the superb Danish bunch association for organizations work in innovative enterprises like safeguard, country security, space, aviation, and online protection. CenSec overcomes any issues between regular citizen organizations, the Armed Forces and other Governmental specialists with the target to build up a solid safeguard and security industry and to fortify those little and medium-sized Danish undertakings which are - or need to become - part of the business. CenSec is the world's just guard , space-, and security-group that holds the elite Gold Label affirmation, which is the most elevated positioning of bunch associations.

CenSec will be an individual from Celerium's CMMC Academy International Alliance program with an end goal to carry CMMC attention to the Danish guard industry.

The CMMC program, which represents Cybersecurity Maturity Model Certification, was created by the U.S. Branch of Defense related to Carnegie Mellon University with an end goal to improve network protection across the safeguard inventory network. It is intended to give versatile network safety prerequisites dependent on five unique degrees of consistence. Appropriately, prime project workers and their subcontractors might be needed to conform to CMMC to be qualified to be granted DoD contracts – and organizations inside different enterprises and worldwide nations might be affected.

Spotlight

This week Unit 42 released its first Threat Landscape Review, looking at how malware trends affect key industries, from healthcare to high tech, around the world, and the particular persistence of the Kuluoz, or Asprox, campaign.
This infographic represents some of the key data from the full report, which you can download from the Unit 42 page. Does anything shown here surprise you?

Spotlight

This week Unit 42 released its first Threat Landscape Review, looking at how malware trends affect key industries, from healthcare to high tech, around the world, and the particular persistence of the Kuluoz, or Asprox, campaign.
This infographic represents some of the key data from the full report, which you can download from the Unit 42 page. Does anything shown here surprise you?

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Red Sift Acquires Hardenize to Redefine Enterprise Attack Surface Protection

Red Sift | October 14, 2022

Red Sift today announced that it has acquired global Attack Surface Management (ASM) innovator, Hardenize. The strategic move enables Red Sift to enrich, extend, and improve its existing security solutions to also protect customers’ internet assets and infrastructure, offering a complete, best-in-class digital resilience solution. The integration of Hardenize’s unique ASM capabilities enables the Red Sift platform to gain a comprehensive view of an organization’s digital footprint, allowing customers to better understand and protect their entire critical attack surface area in the face of an ever-evolving threat environment. While email security remains one of the greatest attack vectors for businesses on the internet, organizations understand that it is only one of many that hackers will look to exploit. From email and domains to web applications and the network perimeter, attackers will take advantage of any and all vulnerabilities across the ever-expanding attack surface. Rather than treating key email security risks individually, organizations must have a comprehensive understanding of and visibility into any and all assets, as well as the ability to secure these using best-in-class remediation based on globally recognized standards and protocols. Recognizing that organizations often are left to fend for themselves once vulnerabilities have been identified, today’s acquisition goes beyond enhanced discovery to provide customers with the necessary tools to shut down phishing and ensure ongoing compliance with email and web security protocols. Hardenize’s deep and continuous knowledge of key security and network standards, protocols and configurations, paired with Red Sift’s sophisticated remediation capabilities, enables customers to gain complete control of their entire attack surface for the first time. With today’s acquisition, Red Sift and Hardenize make this vision a reality for joint customers. Hardenize’s discovery capabilities will act as a magnifying glass into customers’ infrastructure, continuously identifying new and often unknown vulnerable assets across the attack surface. By enriching Red Sift’s discovery phase, customers can now uncover threats beyond email security, to discover lookalike domain abuse, and spot vulnerabilities across their network perimeter. “This move gives us the purview to do more for cybersecurity than we ever have before, elevating the breed of solution available to enterprise businesses for full Attack Surface Management and resilience. “By acquiring Hardenize, an innovator in Attack Surface Management (ASM), we extend our leading security products beyond protecting email; enabling enterprise customers to see their full attack surface, solve the issues at hand, and secure their valuable assets in an ever-evolving threat continuum. Bringing Hardenize and Red Sift together presents an opportunity to redefine how we approach ASM, and in turn revolutionize how enterprises protect themselves comprehensively and effectively in the face of an ever-evolving attack landscape.” Rahul Powar, CEO of Red Sift “We’re excited to join Red Sift in bringing this best-in-class security solution to the market,” said Hardenize CEO and SSL Labs creator Ivan Ristic. “Hardenize’s ability to align organizations’ digital assets to recognized security frameworks and standards complements Red Sift’s advanced email security capabilities to provide a single solution that protects organizations from being vulnerable to attackers.” “This is a significant moment in the fight against digital pollutants on the Internet. Modern cyber resilience is built on a foundation of good cyber hygiene. Hardenize adds best-in-class security to allow organisations to work out what they’re doing well and need to improve in some really critical areas of core protections. This adds to Red Sift's suite of gold-standard solutions,” said Ciaran Martin, NCSC founder and former Chief Executive, and Red Sift Special Advisor. “I’m excited to see how this improves the offerings available for enterprises looking to secure their infrastructure and digital ecosystem.” “The combination of Red Sift and Hardenize makes a great deal of sense, given that organizations increasingly demand proactive approaches to security like Attack Surface Management,” said Rik Turner, Senior Principal Analyst at Omdia. “These proactive platforms seek to reduce an organization’s overall attack surface before threat actors discover issues like vulnerabilities or misconfigurations and launch an attack exploiting them. With Hardenize, Red Sift is approaching ASM holistically, to include external assets together with an organization’s infrastructure and the third-party landscape.” “Having enjoyed a strong strategic partnership with Red Sift for some time now, it’s exciting to see them make the move towards greater attack surface protection,” said Chris Bailey, VP of Strategy and Business Development at Entrust. “The ways in which attackers look to infiltrate organizations are always multiplying, but the vectors they use remain largely the same. This solution offers enterprises a way to fight back, by detecting their most vulnerable assets in a widening threat landscape.” About Red Sift Red Sift's Digital Resilience Platform solves for the greatest vulnerabilities across the complete attack surface. By providing comprehensive coverage of an organization’s digital footprint through best-in-class discovery and monitoring, Red Sift enables users to proactively uncover threats within email, domains, brand, and the network perimeter. Paired with sophisticated remediation capabilities, Red Sift provides organizations with the tools to shut down phishing and ensure ongoing compliance with email and web security protocols.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BlackBerry Strengthens Cybersecurity Platform to Provide Customers with Greater Threat Identification, Remediation Capabilities, and Endpoint Support

BlackBerry | October 27, 2022

Today at the BlackBerry Security Summit, BlackBerry Limited announced powerful enhancements to its AI-based cybersecurity portfolio that will help customers strengthen their overall security posture, improve workflows, and ensure business resilience. Capabilities include enhanced data context for zero-trust network access, and faster, more efficient operations to stay one step ahead of today's and tomorrow's threats. "BlackBerry is focused on delivering solutions that help businesses safeguard their sensitive data, solve challenges and stay on top of a rapidly evolving cyber threat landscape. "These new capabilities further strengthen our end-to-end approach to cybersecurity that's deeply rooted in the advanced intelligence of our Cylance® platform, which time and again has been proven to identify and stop attacks before they can even start." Billy Ho, Executive Vice President, Security Products at BlackBerry Key enhancements include: BlackBerry® UEM BlackBerry UEM's unrivalled maturity allows customers to benefit from new APIs that offer significantly reduced administrative overhead. This is in addition to stronger integration of all Google services from ChromeOS to Android, offering unified administration and an improved user experience. BlackBerry UEM will also offer greater eSIM integration to enhance a user's digital SIM experience. CylancePROTECT®, CylanceOPTICS®, CylanceGUARD® Threat hunters now have access to a single-pane view of the most critical issues with the ability to act quickly. Significant updates across triage and analysis workflows provide a dramatically improved user experience that reduces operational burden, improves investigation speed, and lowers the total cost of ownership; critical for analysts as they investigate and respond to endpoint threats. CylanceGATEWAY™ In addition to endpoint, network, and user telemetry, BlackBerry's ZTNA offering, CylanceGATEWAY, now provides data access and leakage visibility via a newly launched data loss detection module, CylanceAVERT™. CylanceGATEWAY also receives enhanced network anomaly detection to identify threats, broadened support for cloud workspaces and more granular access control. By constantly monitoring data and application access patterns across endpoints, email, and SaaS applications, organizations are now better equipped to detect and prevent malicious activity, including compromised accounts and insider threats, which Gartner estimates are responsible for 50 to 70 percent of all security incidents and 75 percent of all security breaches. "The cybersecurity workforce shortage has elevated the need for efficiency to be as important as efficacy as security professionals aim to stay ahead of a constant barrage of complex, competing and evolving threats," said Frank Dickson, Group Vice President, Security and Trust at IDC. "Added controls, workflow improvements and contextual nuance provide organizations with the ability to act quickly in detecting and responding to endpoint threats and are in desperate need by an industry facing a critical talent gap." The UX workflow improvements and data context additions will be available later this year and early next year through CylancePROTECT, CylanceOPTICS, CylanceGUARD, CylanceGATEWAY, and BlackBerryUEM offerings. About BlackBerry BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including 215M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety, and data privacy solutions, and is a leader in the areas of endpoint security, endpoint management, encryption, and embedded systems. BlackBerry's vision is clear - to secure a connected future you can trust.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Traceable AI Announces API Security Testing

Traceable AI | September 02, 2022

Traceable AI, the industry's leading API security and observability company, today announced the general availability of its API Security Testing (xAST) solution in its API Security Platform. This comprehensive and seamless testing ability enables any API in pre-production to be tested for vulnerabilities, accuracy, reliability, and overall security — ensuring organizations are aligned with the highest API security standards before releasing APIs into production.This announcement reinforces Traceable's commitment to helping organizations ensure the highest level of API security throughout the entire software development lifecycle (SDLC). Traceable's API Security Testing offering is built to make the testing of APIs fast, easy, and a seamless experience for both development and security teams. It supports organizations' shift left initiatives, including providing remediation insights from runtime back to development, so developers can further harden their APIs. It is API focused providing complete vulnerability analysis that leverages functional testing, as well as API DNA and user attribution for improved detection and coverage. It offers extensive coverage for the OWASP API top 10, top CVEs (such as Java, Go, Node JS, AuthN, AuthZ, and many more), business logic vulnerabilities, and sensitive data exposure. Uniform API testing is based on dynamic payloads for standard tests, and dynamic Traceable payloads for business logic vulnerabilities such as BOLA – all with virtually zero false positives. Its DevSecOps focus enables companies to identify API security gaps between prod and pre-prod, perform fast scans for actionable results in CI/CD pipelines, scan at a granularity from every pull request with API spec changes, and utilize integrations with application security tools, including SCA, SAST, DAST and IAST. "Because of our comprehensive approach to API security, the testing component was the logical evolution. It is key to enable development teams to identify security weaknesses and vulnerabilities in the build itself, in addition to the capability of providing runtime insights back to development teams, so they can further harden their APIs. "It's an important step to enable teams to seamlessly fit API security testing into their development cycles. It is based on a simple logic: prevent breaches by eliminating the flaws at the very beginning." CTO of Traceable AI, Sanjay Nagaraj Traceable's API security testing is built to both reduce the risk of vulnerable APIs early in the SDLC, and enable development teams to move fast. Additional benefits include: Eliminating the Risk of Vulnerable APIs: Find and fix API vulnerabilities early in the SDLC. Cost Reduction: Reduce costs associated with finding vulnerabilities in APIs in production. Rapid Scans that Maintain the Speed of Innovation: With Traceable, development teams can perform fast scans with virtually no change in dev-release cadences – eliminating friction for both dev and security teams. Comprehensive Reporting: Traceable produces a "scan summary" report of vulnerabilities found while testing the APIs. This includes the OWASP API top 10 vulnerabilities, language and library vulnerabilities like Log4shell, misconfigurations, data exposure, and broken authentication/authorization. The information, including CVSS/CWE scores for overall risk assessment and recommendations for remediation is provided to development and security teams, so they can correct the security issues in APIs before those APIs are pushed to production. Operational Effectiveness: Traceable's API security testing is easy to deploy and reduces complexity, with numerous CI/CD and appsec tooling integrations that allow for operational effectiveness. It also enables targeted API security testing which takes actual payloads from real time traffic into account for a concise set of actionable findings. Extensive and Effortless Integrations: Traceable allows for numerous integrations with CI/CD pipelines, notifications, ticketing and application security testing solutions. "Whether an API is in the development cycle or is in production, being accessed by thousands of users, Traceable's API Security Platform protects companies' most vulnerable attack vector from threats at every juncture" added Nagaraj. About Traceable AI Traceable is the industry's leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire development lifecycle. Visual depictions provide insight into user and API behaviors to understand anomalies and block API attacks, enabling organizations to be more secure and resilient.

Read More