DATA SECURITY

Cloudflare Acquired Area 1 Security for Expanding its Zero Trust Platform

Cloudflare | February 24, 2022

Cloudflare
Cloudflare, Inc. a security, performance, and reliability firm striving to build a better Internet, has agreed to buy Area 1 Security. Area 1 Security's cloud-native software, which integrates with any email provider, prevents phishing assaults by detecting and deleting them before they can cause harm in the workplace. As a result, the organization stopped more than 40 million harmful phishing operations in 2021 alone, including business email compromise, malware, ransomware, and other advanced threats.

“Email is the largest cyber-attack vector on the Internet, which makes integrated email security-critical to any true Zero Trust network. That’s why today we’re welcoming Area 1 Security to help make Cloudflare’s platform the clear leader in Zero Trust, To us, the future of Zero Trust includes an integrated, one-click approach to securing all of an organization’s applications, including its most ubiquitous cloud application, email. Together, we expect we’ll be delivering the fastest, most effective, and most reliable email security on the market.”

Matthew Prince, co-founder, and CEO of Cloudflare

Malicious phishing attacks, especially business email intrusion, are the most costly, according to the FBI's Internet Crime Complaint Center 2020 Internet Crime Report, with U.S. businesses losing more than $1.8 billion. For example, the JPMorgan Chase breach, in which a phishing attack impacted 76 million households and 7 million small businesses; SolarWinds, in which phishing led to the compromise of 18,000 customers, including multiple government agencies; Sony Pictures, in which a phishing attack reportedly resulted in the theft of more than 100 terabytes of proprietary data; and the United States elections, in which phishing has been cited as the cause of damage inflicted "The biggest challenges with email are its ubiquity and our readiness to trust it," Forrester says. Everyone has an email account, and many of them have many accounts, making it an easy target for hackers." As a result, businesses of all sizes must explore how to incorporate email solutions into their broader security stack and strengthen it with global threat intelligence. As a result, email continues to be an attractive entry point for increasingly sophisticated cyberattacks.

Research Director for IDC’s Network Security Products and Strategies, Chris Rodriguez, notes, "Email is often the largest cloud application for any organization; and also represents the largest attack vector. Instead of viewing email security as a standalone issue, more businesses realize that it needs to be part of their holistic security strategy. The combination of Cloudflare and Area 1 Security offers customers a uniquely differentiated and comprehensive Zero Trust offering with coverage across the entire threat lifecycle."
“Today, email is a business’ most-used cloud application. It's unfortunately unprotected. We estimate that more than 90% of cyber security damages are the result of just one thing: phishing," said Patrick Sweeney, CEO, and President of Area 1 Security. "By combining our leading phishing protection and threat intelligence capabilities with Cloudflare’s global network, data capabilities, and Zero Trust platform, we truly believe that together we can help companies of any size better secure their entire network infrastructure and better protect against the most destructive cyber risks.”

In 2021, Cloudflare launched its Advanced Email Security Suite, which includes creating bespoke email names, managing incoming email routing, and preventing email spoofing and phishing on outgoing emails. Because Cloudflare's global network blocks an average of 86 billion cyber threats per day, it has unique threat intelligence data that can help it better filter out targeted phishing attacks (spear phishing) and other security threats that legacy email security solutions and API-only email security offerings may miss. Area 1 Security has long adopted a proactive approach to email security to halt phishing operations in their infancy. The two businesses will create a complete Zero Trust solution that clients may enable through Cloudflare's global edge by combining Area 1 Security's highly scalable technology and years of experience in email protection with Cloudflare's worldwide network.

Cloudflare will pay $162 million for Area 1 Security, subject to normal adjustments, with 40-50 percent of the amount paid in Cloudflare's Class A common stock and the rest paid in cash. The transaction is expected to close in the first half of 2022, subject to usual closing conditions.

Spotlight

"Managing certificates during a time of key size migration can be difficult. Website or production outages can be costly and have a negative impact to business. This guide aims to help educate and inform users of TLS/SSL certificates about the upcoming change in key lengths and tips on managing their transition to using stronger SSL certificates.

Until the recently, the RSA algorithm, first publically described in 1977 has been the only algorithm available for commercial digital signing certificates. It remains the de facto standard although now commercial certificates based on the DSA and ECC algorithms are now available."

Spotlight

"Managing certificates during a time of key size migration can be difficult. Website or production outages can be costly and have a negative impact to business. This guide aims to help educate and inform users of TLS/SSL certificates about the upcoming change in key lengths and tips on managing their transition to using stronger SSL certificates.

Until the recently, the RSA algorithm, first publically described in 1977 has been the only algorithm available for commercial digital signing certificates. It remains the de facto standard although now commercial certificates based on the DSA and ECC algorithms are now available."

Related News

SOFTWARE SECURITY

Vulcan Cyber Launches Remedy Cloud, providing thousands of vulnerability fixes with free access

prnewswire | November 04, 2020

Vulcan Cyber, the weakness remediation organization, today declared Vulcan Remedy Cloud, a free assistance based on the world's biggest information base of curated solutions for a huge number of security weaknesses. By sharing the Remedy Cloud library of fixes with the worldwide weakness the board network, Vulcan Cyber gives an amazing asset that smoothes out crafted by remediation by helping security and IT groups all the more viably organize remediation crusades. In related news, Vulcan Cyber today reported Vulcan remediation examination, which adds ground-breaking business insight abilities to its remediation arrangement stage. "Vulnerability management should be a means to an end, but due to process breakdowns there's never an end -- just a growing backlog of vulnerabilities that require remediation," says Yaniv Bar-Dayan, Vulcan Cyber co-founder and CEO. "We've identified a critical breakdown in the process when security teams hand off vulnerability remediation tasks to IT operations teams. Vulcan Remedy Cloud streamlines this workflow by providing both teams with remediation playbooks. This one function is extraordinarily effective at creating cross-team alignment and cooperation. We're proud to offer Remedy Cloud as a free service to our community to help enterprise organizations get fix done." Cure Cloud is an independent, free form of the Vulcan remediation knowledge abilities previously offered through the Vulcan remediation coordination stage. This remediation knowledge is the missing connection for any "found-to-fixed" remediation work process. Vulcan cures incorporate the correct patches, the best design contents, and even workarounds and repaying controls to support security and IT tasks groups rapidly tackle the most troublesome weaknesses. Vulcan remediation knowledge adds endeavor scale remediation arrangements intended to encourage more synergistic and productive remediation by coordinating cures with weakness filter, prioritization, fix and design the executives instruments. Security groups frequently distinguish and organize weaknesses yet the genuine work of remediation is finished by IT tasks, DevOps, and site dependability designing groups. Cure Cloud enables these groups to distinguish and adjust on the most ideally equipped solutions for the work, sparing time and exertion. This Vulcan Cyber freemium offering is important for a more extensive activity to help weakness the board programs become more compelling at driving remediation results. With Remedy Cloud, Vulcan Cyber opens a significant asset to whole infosec and IT people group to advance a "complete fix" outlook. Vulcan Cyber is assisting with quickening the business' move from uninvolved weakness the board to dynamic weakness remediation and robotized digital cleanliness. About Vulcan Cyber Vulcan Cyber has developed the industry's first vulnerability remediation orchestration platform, built to help cybersecurity and IT operations teams to collaborate and "get fix done." The Vulcan platform orchestrates the remediation lifecycle from found to fix by prioritizing vulnerabilities, curating and delivering the best remedies, and automating processes and fixes through the last mile of remediation. Vulcan transforms vulnerability management from find to fix by making it possible to remediate vulnerabilities at scale. The unique capability of the Vulcan Cyber platform has garnered Vulcan Cyber recognition as a 2019 Gartner Cool Vendor and as a 2020 RSA Conference Innovation Sandbox finalist.

Read More

DATA SECURITY

Celerium announces a partnership to bring cybersecurity and CMMC awareness to the Danish defense industry with CenSec

prnewswire | February 10, 2021

Celerium Inc. reported today another association with CenSec, the superb Danish bunch association for organizations work in innovative enterprises like safeguard, country security, space, aviation, and online protection. CenSec overcomes any issues between regular citizen organizations, the Armed Forces and other Governmental specialists with the target to build up a solid safeguard and security industry and to fortify those little and medium-sized Danish undertakings which are - or need to become - part of the business. CenSec is the world's just guard , space-, and security-group that holds the elite Gold Label affirmation, which is the most elevated positioning of bunch associations. CenSec will be an individual from Celerium's CMMC Academy International Alliance program with an end goal to carry CMMC attention to the Danish guard industry. The CMMC program, which represents Cybersecurity Maturity Model Certification, was created by the U.S. Branch of Defense related to Carnegie Mellon University with an end goal to improve network protection across the safeguard inventory network. It is intended to give versatile network safety prerequisites dependent on five unique degrees of consistence. Appropriately, prime project workers and their subcontractors might be needed to conform to CMMC to be qualified to be granted DoD contracts – and organizations inside different enterprises and worldwide nations might be affected.

Read More

PLATFORM SECURITY

Uptycs Unveils Advanced Container and Kubernetes Capabilities

Uptycs | May 27, 2022

Uptycs, the first cloud-native security analytics platform that enables both cloud and endpoint security from a single platform, today unveiled expanded container and Kubernetes security posture management (KSPM) features for its cloud workload protection platform (CWPP). These features enable real-time identification of containerized workloads, proactive scanning of container images in the CI/CD pipeline, constant compliance monitoring, and Kubernetes security policy audit and enforcement. According to Gartner, by 2026, over 90% of the world's enterprises will be operating containerized apps in production, up from less than 40% currently. Businesses, on the other hand, struggle to manage and maintain these transitory assets. Misconfigurations in the control plane and insecure policies at the single container layer are used by attackers to escalate permissions, conduct container escapes, and compromise nodes for executing code. "Organizations are rapidly scaling their Kubernetes environments and seeing tremendous gains in optimization, availability, and developer productivity, but too often Security teams are left playing catch up. With telemetry from Kubernetes systems supported by our analytics platform, Security teams know immediately what resources they have and the security posture of those resources—across public and private clouds, scaling to tens of thousands of pods. Combined with our industry-leading container security capabilities, this gives Security teams confidence that they have the proper controls in place to minimize risk while enabling innovation." Ganesh Pai, CEO and Co-founder of Uptycs Uptycs offers both fully managed (AWS EKS, Azure AKS, Google GKE) and self-managed Kubernetes environments, such as VMware Tanzu and Google Anthos. Uptycs contains a range of container runtimes (Docker, containerd, CRI-O). The latest KSPM capabilities offered by the Uptycs platform are now readily accessible and will be shown at the 2022 RSA Conference (booth #435) from June 6-9. Learn more about the Uptycs container and Kubernetes security service by visiting the Uptycs blog.

Read More