ENTERPRISE SECURITY

Coalfire announces HITRUST Accelerator with AWS Security Assurances Services (AWS SAS)

Coalfire | October 19, 2021

Coalfire, a leading cybersecurity firm, announced HITRUST Accelerator, a new program that allows customers to achieve HITRUST CSF Validation up to 50% faster when compared with conventional methods. This program combines deep technical knowledge of AWS Security Assurance Services, LLC (AWS SAS) with Coalfire, a HITRUST External Assessor Organization, to streamline the entirety of the HITRUST Validation lifecycle.

Organizations who attempt to prepare for HITRUST certification internally without the help of an experienced external assessor may have timelines in excess of 2 years  to achieve HITRUST Certification. The HITRUST Accelerator program uses a three-step process that provides end-to-end support of an organization's preparation, remediation, and HITRUST Validation. This integrated approach enables Coalfire and AWS SAS to quickly identify compliance gaps, assist with technical remediation, simplify document creation, and expedite the Validated Assessment. By accelerating HITRUST Validation, customers will be able to offer significant assurances over their security and privacy controls, which enables them to focus on innovation and driving adoption.

Coalfire and AWS SAS share an obsession in creating innovative solutions that maximize customer success,"  "This passion and collaboration resulted in a program that helps our mutual customers prepare, remediate, and validate against the HITRUST CSF. By taking industry leaders in cloud security and HITRUST, we aim to revolutionize the way that organizations approach and maintain compliance. This has been a long time coming and we are absolutely thrilled to be launching this program with the AWS SAS team.

Jeff Rector, Global Engagement at Coalfire

The customer journey is accelerated via three tailored workstreams that are designed to:

Prepare the customer for HITRUST Validation by thoroughly defining the technical systems and boundary, conducting a thorough gap assessment, and developing fully customized policies and procedures designed to be HITRUST compliant.
Reduce remediation efforts and time to 12 WEEKS in most instances, using automated compliance-as-code packages, 30 days of expert AWS technical guidance and security engineering services, and hands-on AWS support configuring AWS services., and to fast-track the collection of evidence ahead of the Validated Assessment to minimize burden and audit fatigue on compliance teams.
Validate the environment with confidence, including end-to-end support during HITRUST QA, Corrective Action Plan creation, and report finalization.

About Coalfire
Leading technology infrastructure providers, SaaS companies, and enterprises – including the top-five cloud service providers and eight of the top-10 SaaS organizations – rely on Coalfire to strengthen their security posture and secure their digital transformations. As one of the largest firms dedicated to cybersecurity, Coalfire delivers a comprehensive suite of advisory and managed services, spanning cyber strategy and risk, cloud security, threat and vulnerability management, application security, privacy, and compliance management. A proven leader in cybersecurity for the past 20 years, Coalfire combines extensive cloud expertise, advanced technology, and innovative approaches that fuel success.

Spotlight

Today, none of us are immune to the impact of botnets on Internet-connected organizations. There is ample validation that monitoring the communications patterns between command-and-control servers and their intended victims is vital. We believe that taking a proactive approach to tracking botnet behavior can yield threat intelligence that is truly actionable.

Spotlight

Today, none of us are immune to the impact of botnets on Internet-connected organizations. There is ample validation that monitoring the communications patterns between command-and-control servers and their intended victims is vital. We believe that taking a proactive approach to tracking botnet behavior can yield threat intelligence that is truly actionable.

Related News

DATA SECURITY

Aviation ISAC to Partner with Cyware for Expanding Automated Response Capabilities and Threat Intelligence Sharing

Cyware | June 28, 2021

Cyware, the well-known and the only Virtual Cyber Fusion Platform provider of the industry, has announced their strategic partnership with A-ISAC (Aviation Information and Analysis Center) to make them and its members timely respond to threat intelligence. This partnership will enable members of A-ISAC to run end-to-end security automation, incident response programs, and threat hunting more efficiently leveraging Cyware’s Cyber Fusion platform. A-ISAC, the global consortium for cybersecurity information, shares cybersecurity information across the aviation sector. It was founded by seven global aviation companies in 2014. It was established itself for the global aviation community as the trusted point of coordination related cyber threats. In the aviation industry, A-ISAC can get help from Cyware for collecting and sharing alerts on the changing threat intelligence and landscape around specific attacks. With Threat Intelligence Exchange (CTIX) and Situation Awareness Platform (CSAP) of Cyware, members of A-ISAC can automatically share threat intelligence such as malware alerts, indicators of compromise (IOCs), security incidents, phishing, vulnerability advisories, and spear phishing attacks among its global aviation community. About Cyware Cyware is a company that helps enterprise cybersecurity teams for building various platform-agnostic virtual cyber fusion centers. Security operations are transformed by Cyware is using the only Virtual Cyber Fusion Center Platform of cybersecurity industry with next-generation security orchestration, automation, and response (SOAR) technology. It help organizations increase accuracy and speed. About the Aviation ISAC The Aviation ISAC, a worldwide, non-profit membership association, was created to help the timely exchange of susceptibilities, best practices, and threat intelligence to decrease operational hazards and offer the resources for reliable sharing and qualified exchange. It has members on five continents. Vision of ISAC is an efficient, safe, secure, and resilient international air transportation system.

Read More

DATA SECURITY

RedMonocle Launches New Platform to Assist CISOs in Finding, Funding, and Fixing Cybersecurity Risk Blind Spots

RedMonocle | April 29, 2021

RedMonocle, a leader in SaaS-based cybersecurity risk quantification software, today announced new features to its platform aimed at helping chief information security officers (CISOs) and other security leaders anticipate threats in their Technology Security Stack by helping them find, fund, and fix cybersecurity risk blind spots that leave organizations vulnerable for a breach through their Tech Stack. The acceleration of digital transformation last year brought security into the spotlight as companies scrambled to shift their entire organization to remote operations practically overnight. According to the FBI Internet Crime Complaint Center, cybercrime is up 300% in the last 12 months. As a result, cyber risk blind spots, or unknown areas outside of a company’s field of vision, and other security gaps were created. One out of five cybersecurity leaders surveyed by RedMonocle named blind spots as the No. 1 risk keeping them up at night, followed closely by data loss protection and leadership commitment. “CISOs are feeling extra pressure this year to minimize security risks across the ever-growing Security Stack while maintaining compliance to security standards and fending off daily threats from well-funded attackers,” said Sean McDermott, CEO, and co-founder of RedMonocle. “Every day Security Leaders are playing a highly complex game of chess knowing there are parts of the board they can’t even see. CISOs know they have blind spots hidden in their Security Stack. Now, they want to know what to do next and we want to help them get there.” New features to the RedMonocle platform include the Security Stack Assessment and Always-On Risk Intelligence. Their newly released Security Stack Assessment helps CISOs and cybersecurity leaders find cyber risk blind spots by checking for gaps and overlaps in the current system that could risk compliance, increase costs and leave company and consumer data exposed to malicious activity. This assessment simplifies the way CISOs compare the security of their stack with their selected security standards. Their Always-On Risk Intelligence helps CISOs find blind spots before they become a problem and highlights how to fix them. This update also compares Stack to Standard and continuously tracks gaps in compliance to NIST-800-53 for companies to always be prepared for audits. About RedMonocle RedMonocle Inc. is a SaaS-based risk intelligence software designed to help CISOs and cybersecurity leaders find, fund, and fix their cybersecurity risk blind spots. Founded by Sean McDermott and Chris Schroeder, RedMonocle has spent the past 25 years working with Fortune 500 companies to evaluate, install, customize and optimize the IT Tech Stack.

Read More

DATA SECURITY

75% of IT Leaders are Unconvinced About the Security of their Web Applications

Cymatic | April 12, 2021

Today, Cymatic released new research on the state of web application security. While IT leaders tend to be somewhat confident in their existing solutions, relying on various products renders smooth adoption of emerging tools—and therefore overall cyber threat prevention—a major task. Pulse conducted a study of C-suite and VP-level executives in information technology and cybersecurity and discovered that the most common approaches to web application safety fail to engender the trust necessary for effective cyber attack protection. Among the key findings are: • While 91% of executives spend up to a third of their web app technology budget on security, privacy, and compliance activities, they continue to rely heavily on strong password standards to protect against cyber threats. • MFA, WAFs, and CAPTCHAs are the top technologies used to protect web apps, with 75%, 74%, and 63%, respectively. • Account takeovers are the threat scenarios that most concern 73% of respondents. “After spending twenty-five years spending time and money cleaning up after breaches and hackers whose creativity was still at least one step ahead of network protections, I was able to see where all the security holes are,” said Cymatic Founder and CEO Jason Hollander. “We created the CymaticONE platform to fill those holes and reduce the complexity of existing web application solutions, making it simpler and easier to defend against modern-day attack vectors.” The Cymatic platform provides universal in-session visibility and control to minimize risk across web applications, networks, and users, while also reducing network traffic loads and removing user friction. Unlike standard WAFs, which only defend against network-based threats, Cymatic employs advanced artificial intelligence and machine-learning algorithms to detect page mutations and user anomalies. The platform protects against user-generated and device-based risks such as poor credential hygiene, dark web vulnerabilities, and potentially risky devices. It is completely invisible to users, deploys in minutes, and has an absolute time-to-value. Although many respondents defined obstacles to change their existing web application firewall (WAF) installations, nearly 90% expect to reconsider their investments within the next six to 18 months. Cymatic provides the first web application firewall to combine client-side WAF protection with a proprietary vulnerability, awareness, detection, and response (VADRTM) AI engine to avoid user- and app-based threats in their tracks, making it simple for any company to bridge gaps in their installations. Unlike other products that make static decisions based on siloed threat signals, Cymatic correlates and evaluates thousands of signals around a dozen threat vectors in real-time to provide a higher level of security accuracy without compromising user experience or application efficiency. Only Cymatic provides full real-time visibility and protection against all code-injection attacks, user risk, and session fraud—all with a single line of javascript. About Cymatic Cymatic is the only company that provides a web application firewall (WAF) solution that combines client-side WAF protections with a proprietary vulnerability, awareness, detection, and response (VADRTM) engine to provide immediate and continuous in-session intelligence regarding devices, users, and locations. Cymatic's first-look, the first-strike capability is the first in the kill chain, reducing risk across applications, networks, and users while ensuring organizations comply with today's security-driven regulations. The solution is undetectable to users, deploys in minutes, and operationalizes in seconds. Cymatic is based in Raleigh, North Carolina, and has branches in California and New York.

Read More