DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Keeper Security | December 08, 2022
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, today announced that the company has obtained StateRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC).
The nationwide StateRAMP cybersecurity verification program promotes the adoption of secure cloud services across state and local governments by providing a standardized approach to security and risk assessment for cloud technologies. StateRAMP Authorization differentiates KSGC from its competitors as the best in class zero-trust and zero-knowledge security solution for state and local governments, as well as higher-educational institutions, to protect their passwords, data, and secrets.
StateRAMP Authorization enables these governments and organizations to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations. It allows them to leverage Keeper's password management and cybersecurity platform on an institution-wide scale with confidence that the solution meets strict standardized security requirements. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent security and compliance requirements.
Keeper's StateRAMP Authorization comes on the heels of KSGC achieving FedRAMP Authorization at the Moderate Impact Level in August 2022. While StateRAMP Authorization typically takes two years to complete, KSGC's existing FedRAMP Authorization accelerated the certification. To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. Now, KSGC is the first and only FedRAMP and StateRAMP Authorized password management platform in the industry.
"We are proud to bring Keeper's password management and cybersecurity platform to StateRAMP Authorized status, and thrilled to be the first FedRAMP and StateRAMP Authorized password management platform. "KSGC's StateRAMP Authorization underscores our dedication to the highest standards of internal security controls and encryption. Keeper is eager to help state and local governments and higher-educational institutions protect their digital assets from ransomware, data breaches and other password-related cyberattacks."
Darren Guccione, CEO and Co-Founder of Keeper Security
Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC.
KSGC's FedRAMP and StateRAMP Authorizations follow a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data.
About Keeper Security
Keeper Security is transforming the way organizations of all sizes secure their passwords, secrets and confidential information. Keeper's easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device, while meeting the most stringent government security and compliance requirements. Keeper is SOC 2 and ISO 27001 certified, FIPS 140-2 validated, FedRAMP and StateRAMP Authorized. Trusted by federal agencies including the Departments of Justice and Energy, Keeper is the leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging.
Read More
ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Swimlane | November 15, 2022
Swimlane, the low-code security automation company, today announced the formation of the first operational technology (OT) security automation solution ecosystem tailored to meet the combined OT and IT security requirements within critical infrastructure environments.
The Biden Administration designated November as Critical Infrastructure Security and Resilience Month, drawing attention to the need for “fortifying our information technology and cybersecurity across sectors.” As cyber threats grow in frequency and severity, security operations teams within industrial organizations are regularly targeted due to the importance of their systems and infrastructure.
Given the limited resources at their disposal, security teams within these organizations are struggling to keep up with rapidly evolving threats. The cybersecurity skills gap poses a particularly difficult challenge for organizations with OT environments due to the unique skill set required to navigate the convergence of OT and IT technologies. This is where modern Security Orchestration, Automation and Response (SOAR) plays an instrumental role.
“Our public utilities and critical infrastructure face unique cybersecurity challenges to detect and respond to the convergence of threats targeting their combined OT and IT environments, and cyber-physical systems. “Swimlane is bringing together the best of OT security with our extensible security automation platform to create a robust system of record and control for security operations teams to more quickly process large amounts of security telemetry without needing more resources to defend against breaches.”
Cody Cornell Co-founder and Chief Strategy Officer of Swimlane
Swimlane’s security automation ecosystem for OT environments currently includes the following:
Nozomi Networks for OT and IoT Security: Swimlane and Nozomi Networks, the leader in OT and IoT security, also announced today a technology integration that combines low-code security automation with OT and Internet of Things (IoT) security. The combined solution makes it possible for industrial and critical infrastructure security operations to maintain continuous asset compliance and mitigate the risks of attacks from combined OT and IT entry points.
Dataminr Tackles Physical Risk: Swimlane’s integration with Dataminr leverages automated processes to mitigate risks and warn at-risk employees as soon as possible to ensure their safety. The cyber-physical threat response solution saves organizations crucial minutes when connecting with staff members who might be affected by a natural disaster, accident, or social unrest, or other types of physical risk.
1898 & Co. for Managed Threat Detection: 1898 & Co., a preeminent industrial control system (ICS) cybersecurity solutions provider, has selected Swimlane as the core automation platform for their managed threat detection services. These services include the detection of both OT and IT-born threats, machine-speed threat validation and scoring, and rapid remediation of threats using OT response methods.
“Security teams chartered with protecting OT environments are struggling to keep pace with emerging threats given their limited resources,” said Joshua Magady, Practice Technical Lead at 1898 & Co. “As cyberattacks on critical infrastructure continue to rise and the cybersecurity skills shortage prevails, we are excited to be working with Swimlane to provide automation solutions that give these important organizations the tools to defend against rising cyber threats effectively.”
Working with each technology partner, Swimlane will develop a portfolio of pre-integrated solutions that customers can quickly deploy either through managed services or add to their existing environment.
About Swimlane
Swimlane is the leader in cloud-scale, low-code security automation. Swimlane unifies security operations in-and-beyond the SOC into a single system of record that helps overcome process and data fatigue, chronic staffing shortages, and quantifying business value. The Swimlane Turbine platform combines human and machine data into actionable intelligence for security leaders.
Read More
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Palo Alto Networks | December 05, 2022
As healthcare providers use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function. Today, Palo Alto Networks (NASDAQ: PANW) announced Medical IoT Security — the most comprehensive Zero Trust security solution for medical devices — enabling healthcare organizations to deploy and manage new connected technologies quickly and securely. Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by continuously verifying every user and device.
"The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organizations had known security gaps. "This makes security devices an attractive target for cyberattackers, potentially exposing patient data and ultimately putting patients at risk."
Anand Oswal, senior vice president of products, network security at Palo Alto Networks
While a Zero Trust approach is critical to help protect medical devices against today's innovative cyberthreats, it can be hard to implement in practice. Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a seamless, simplified manner. Medical IoT Security also provides best-in-class threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering.
The new Palo Alto Networks Medical IoT Security uses machine learning (ML) to enable healthcare organizations to:
Create device rules with automated security responses: Easily create rules that monitor devices for behavioral anomalies and automatically trigger appropriate responses. For example, if a medical device that typically only sends small amounts of data unexpectedly begins to use a lot of bandwidth, the device can be cut off from the internet and security teams can be alerted.
Automate Zero Trust policy recommendations and enforcement: Enforce recommended least-privileged access policies for medical devices with one click using Palo Alto Networks Next-Generation Firewalls or supported network enforcement technologies. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices with the same profile.
Understand device vulnerabilities and risk posture: Access each medical device's Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This mapping helps identify the software libraries used on medical devices and any associated vulnerabilities. Get immediate insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorized external website communication.
Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations.
Verify network segmentation: Visualize the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorized systems.
Simplify operations: Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, helps automate workflows.
Healthcare organizations are using Palo Alto Networks products to secure the devices that deliver cutting-edge care to millions of patients all over the world.
"Establishing and maintaining acute situational awareness of the Internet of Medical Things (IoMT) environment is paramount to establishing an effective enterprise cybersecurity program. The ability to accurately detect, identify and respond to cyber threats is critical to ensuring minimal operational impact to clinical operations during a cyber event," said Tony Lakin, CISO, Moffitt Cancer Center. "Palo Alto Networks IoT capability seamlessly integrates with our continuous monitoring processes and threat-hunting operations. The platform consistently provides my teams with actionable information to allow them to proactively manage the threat surface of our medical device portfolio."
"With thousands of devices to manage, healthcare environments are extremely complex and require intelligent security solutions capable of doing more. Palo Alto Networks understands this requirement and is leveraging machine learning (ML) for Medical IoT security. Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage," said Bob Laliberte, principal analyst, ESG.
"Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases. The ability to defend against threats targeting critical care devices while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is quickly becoming a necessity for the protection of patient data and lives," said Ed Lee, research director, IoT and Intelligent Edge Security, IDC.
About Palo Alto Networks
Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.
Read More