DATA SECURITY

Combating industrial cyber threats with new security certifications and products, Rockwell Automation

businesswire | November 19, 2020

Organizations keep on requiring help making sure about their modern activities as they associate creation and IT frameworks and battle with cyberthreats focusing on mechanical control frameworks. To address this issue, Rockwell Automation keeps extending its cybersecurity accreditations and joining progressed security capacities into a greater amount of its items.

Rockwell Automation as of late got confirmation to the IEC (International Electrotechnical Commission) 62443-3-3 cybersecurity standard. The accreditation, performed by outsider TÜV Rheinland, implies Rockwell Automation has exhibited the capacity to introduce and arrange creation frameworks to meet security prerequisites to level 1 as characterized on the planet's driving worldwide norm.

Rockwell Automation offers reference designs for executing an ensured creation framework, for example, PlantPAx 5.0, the cutting edge disseminated control framework (DCS) for plantwide measure control. The structures were created to assist clients with guaranteeing creation frameworks while limiting the need to purchase new advancements as a component of the cycle. Until now, Rockwell Automation has gotten a few confirmations for the IEC 62443 arrangement of norms.

Rockwell Automation likewise as of late got confirmation for the ISO (International Organization for Standardization) 27001 norm, affirming that the organization's data security the board framework used to ensure information fulfills the guideline's prerequisites. This can give significant serenity to clients that Rockwell Automation is utilizing best practices to secure their licensed innovation, for example, when clients use administrations like distant help and observing.

“Companies are facing the dual challenge of digital transformation to stay competitive, while also keeping their people, operations and intellectual property secure,” said Sujeet Chand, senior vice president and chief technology officer, Rockwell Automation. “We continue to aggressively expand our cybersecurity skills, certifications, product capabilities and services in ways that help our customers stay ahead of new threats and focus on realizing new possibilities with digital transformation.”

Notwithstanding procuring the new confirmations, Rockwell Automation is additionally delivering new items with CIP Security to assist organizations with making sure about their correspondences. Created by the worldwide exchange and standard improvement association ODVA, CIP Security is the simply standard intended to make sure about correspondences between modern control frameworks and different gadgets on an EtherNet/IP organization.

New modern control items offering CIP Security include:

Allen-Bradley PowerFlex 755T AC drives

Kinetix 5300 servo drives

Other Rockwell Automation items that as of now uphold CIP Security include:

ControlLogix 5580 regulators

Kinetix 5700 servo drives

1756-EN4TR correspondence module

To help ensure the numerous gadgets being used today that don't uphold CIP Security, Rockwell Automation is additionally presenting the new CIP Security Proxy gadget. At the point when utilized in a truly made sure about area, the gadget gives CIP Security to a wide scope of modern control gadgets and make safer mechanical organizations.

About Rockwell Automation

Rockwell Automation, Inc. , is a global leader in industrial automation and digital transformation. We connect the imaginations of people with the potential of technology to expand what is humanly possible, making the world more productive and more sustainable. Headquartered in Milwaukee, Wisconsin, Rockwell Automation employs approximately 23,000 problem solvers dedicated to our customers in more than 100 countries. To learn more about how we are bringing The Connected Enterprise to life across industrial enterprises.

Spotlight

Secure access to your APIs by applying the API Key Authentication and CORS policies in API Connectivity Manager. API owners can configure the policy using the user interface or Admin API. Now API consumers can generate app credentials and test APIs using the developer portal.

Spotlight

Secure access to your APIs by applying the API Key Authentication and CORS policies in API Connectivity Manager. API owners can configure the policy using the user interface or Admin API. Now API consumers can generate app credentials and test APIs using the developer portal.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Legit Security Discovers New Class of Development Pipeline Vulnerabilities; Open-Source Rust Programming Language Found Vulnerable

Legit Security | December 12, 2022

Legit Security, a cyber security company with an enterprise platform that protects an organization's software supply chain from attack and ensures secure application delivery, today announced that it discovered a new class of software supply chain vulnerabilities that leverage artifact poisoning to attack underlying software development pipelines. The vulnerability was found in GitHub Actions, a platform for orchestrating and automating software development pipelines, and the vulnerability was identified in the highly popular programming language Rust. Many other GitHub Action projects remain potentially vulnerable and a technical disclosure blog including information to protect organizations from attack is available on Legit Security’s website. The discovered pipeline vulnerability could allow any GitHub user to replace legitimate development artifacts with malicious ones, enabling attackers to modify source code, steal secrets and create CodeCov-like wide-reaching software supply chain attacks. Rust, an extremely popular programming language used by millions of developers, acknowledged and fixed the vulnerability after initial disclosure by the Legit Security Research Team. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization’s software supply chains and used by software developers globally. The vulnerability affects the GitHub Actions artifacts storage mechanism, which is used to store and transfer build artifacts between software development build jobs. Due to a limitation in the cross-workflow artifact communication mechanism, vulnerable workflows cannot distinguish between legitimate project artifacts and artifacts that were created by the project’s forks or copies, allowing any user to create a fork, and then craft a malicious artifact that will be treated as a legitimate one. “This is a different class of vulnerability that can lead to attacks and modification of the development pipeline itself, not just modification of the code. “A simple analogy could be made to a car assembly line. This is an attack on the assembly line itself that could include stealing sensitive parts, turning off certain steps, or substituting any valid part for a malicious one. It’s a powerful attack vector that gives cyber criminals a lot of options to inflict damage. In this case, the vulnerable targets are software supply chains that use GitHub Action.” Liav Caspi, co-founder and CTO, Legit Security The Legit Security Research Team also disclosed the security issue to the GitHub security team. GitHub responded by simply updating their API to include information that could help prevent this vulnerability. It should be noted that GitHub didn’t address the root cause of the issue, thus leaving many other GitHub Action projects vulnerable to the aforementioned software supply chain attacks. Legit Security’s technical disclosure blog includes important information on how to protect organizations from this type of attack. More information about general GitHub security best practices can also be found here. Legit Security Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments, and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Application & Cloud Security Leader Chooses DTEX InTERCEPT to Manage Insider Risk and Prevent Data Loss

DTEX Systems | December 21, 2022

DTEX Systems, the Workforce Cyber Intelligence & Security Company™, today announced that one of the world’s leading application performance and cloud security vendors has selected DTEX InTERCEPT to secure patents, protect business process innovation, and prevent data loss. DTEX InTERCEPT™ is a first-of-its-kind Workforce Cyber Security solution that brings together the capabilities of Insider Threat Management, User and Entity Behavior Analytics, Digital Forensics, and Zero Trust DLP in an all-in-one lightweight, cloud-native platform. Only DTEX InTERCEPT delivers the behavioral context and activity intelligence that answers the Who, What, When, Where, Why, and How related to any potential insider threat situation, compromised account event or data loss scenario without invading personal privacy. In the face of changing global economic conditions, the increasing risk of corporate espionage, and a pending corporate reduction in force action, the application performance and cloud security vendor prioritized an immediate review of existing insider risk and data loss prevention technology. The vendor’s legal team was heavily involved in the RFP and vendor evaluation processes to ensure employee privacy would be protected as part of the adoption of any insider risk and data loss prevention solution in compliance with the European Union’s GDPR and California’s Privacy Rights Act (CPRA). After exhaustive review of DTEX InTERCEPT’s patented metadata collection model, the vendor’s legal, IT and, cyber security teams selected DTEX to replace its existing first-generation insider risk and data loss prevention solutions globally. DTEX InTERCEPT’s seamless integration with the application performance and cloud security vendor’s NGAV system, as well as its innovative Zero Trust approach to data loss prevention were also deciding factors in the enterprises choice to standardize on DTEX InTERCEPT across all enterprise workstations and servers. Upon selection, a senior cyber security executive said, “DTEX is a proven solution that won’t break our systems.” “It is incredibly gratifying to have our insider risk and data loss prevention technology chosen by a fellow cyber security vendor. In this case, it was again the uniqueness of our data set and ability to keep employee data private, while delivering dynamic, contextual human behavior visibility that was the deciding factor in the customer’s decision. “Likewise, a peer’s decision to adopt our technology makes a strong statement that traditional solutions focused on machine intelligence are insufficient to protect data in today’s distributed workforce reality. The difference is most definitely human.” Bahman Mahbod, CEO at DTEX Systems About DTEX Systems DTEX Systems helps hundreds of organizations worldwide better understand their workforce, protect their data, and make human-centric operational investments. Its Workforce Cyber Intelligence & Security platform brings together next-generation Zero Trust DLP, UEBA, digital forensics, user activity monitoring and insider threat management in one scalable, cloud-native platform. Through its patented and privacy-compliant meta-data collection and analytics engine, the DTEX platform surfaces abnormal behavioral “indicators of intent” to mitigate risk of data and IP loss, enabling SOC enrichment with human sensors and empowering enterprises to make smarter business decisions quickly.

Read More

ENTERPRISE IDENTITY,PLATFORM SECURITY,IDENTITY MANAGEMENT

Simeio and SailPoint Partner to Provide Enterprise Identity Security

Simeio | December 27, 2022

A business needs to manage and protect the digital identities of its employees, contractors, partners, and customers. Enabling the right individuals to access the right resources at the right times for the right reasons with secure access control is needed for organizations to keep their vital information safe and secure at all times. In this regard, Simeio provides identity and access management (IAM) solutions. Using intelligent solutions, enhanced cybersecurity measures are enforced on systems with cloud identity security services. Simeio, a leader in the cybersecurity industry when it comes to identity and access management (IAM) services, has announced a partnership with SailPoint, a leader in enterprise identity security. The goal of the partnership is to improve the security and protection of the companies' identities by using enterprise identity governance controls and best-in-class technologies. The partnership will also allow clients to simplify, automate, and enable their identity governance and administration (IGA) programs, providing continuous threat protection and improving the maturity of identity processes across enterprises. Simeio plans to bring over 50 SailPoint-certified identity experts to the partnership. The clients of both companies will benefit from the identity convergence capabilities of the Simeio IO platform, which brings together IGA, access management, and privilege identity functions to deliver cross-domain identity analytics. Through this partnership, organizations will also be able to update their identity security services in the cloud. "The global identity and access management (IAM) market is expected to grow from USD 14.82 billion in 2020 to USD 31.74 billion by 2025, at a CAGR of 16.7% during the forecast period, as per Marketsandmarkets." Companies are getting more and more identity security and access management solutions because cyber threats and data breaches are getting worse. Artificial intelligence, machine learning, IoT compatibility, decentralized identity systems, and the use of innovative biometric authentication mechanisms are all part of the future of identity security. About Simeio Simeio is a global managed services provider that offers identity and access management solutions as a service. Simeio's 700+ employees secure 160 million identities for businesses and governments. Simeio offers Customer Identity & Access Management, Privileged Access Management, Identity Proofing, Access Management & Federation, Identity Governance & Administration, and Application Onboarding. Gartner, Forrester, KuppingerCole, and Great Places to Work® have recognized the company's business and technical leadership. About SailPoint SailPoint is the market leader in enterprise identity security. SailPoint automates the management and control of access by leveraging the power of AI and machine learning, granting only the required access to the right identities and technology resources at the right time. Our advanced identity platform integrates seamlessly with existing systems and workflows, providing a unified view of all identities and their access. We meet customers where they are with an intelligent identity solution that satisfies the enterprise's scale, velocity, and environment requirements. SailPoint empowers the world's most complex businesses to establish a security foundation based on identity security.

Read More