DATA SECURITY

CompTIA ISAO Adds Real-time Cybersecurity Threat Analysis and Intelligence Resources from Sophos

CompTIA | August 05, 2021

Advanced cybersecurity threat analysis and intelligence capabilities are now available from the CompTIA Information Sharing and Analysis Organization (ISAO) through an expanded collaboration with global next-generation cybersecurity leader Sophos and it industry-leading and highly acclaimed threat research lab, SophosLabs.

The announcement of the new cyber capabilities was made today by CompTIA, the nonprofit association for the information technology (IT) industry and workforce.

CompTIA ISAO members can directly submit suspicious URLs and files through the ISAO's Cyber Forum to SophosLabs Intelix™ for rapid analysis to determine if they are known or zero-day cybersecurity threats. SophosLabs Intelix combines petabytes of threat intelligence derived from decades of SophosLabs threat research with Sophos AI tools and techniques, bringing a powerful new source of threat intelligence to the CompTIA ISAO and its managed services provider (MSP), vendor, distributor, and associate members.

"SophosLabs research illustrates how adversaries are constantly changing their tactics, techniques and procedures (TTPs) to breach targets, move laterally and carry out ransomware and other attacks," said Simon Reed, senior vice president, SophosLabs. "The only way to effectively fight modern cybercrime is if we do it together. That's why Sophos is committed to sharing actionable threat intelligence with the CompTIA community. This new integration gives member organizations advanced abilities to quickly investigate suspicious URLs and files to determine their risk and to understand what happens if they are opened or executed. Powered by machine learning, SophosLabs Intelix predictively convicts never-before-seen threats, and is constantly improving based on the collective input of community intelligence."

"This is a real differentiator for our members, who can access a powerful analysis resource to identify, classify and prevent threats, further protecting themselves and more importantly, their customers," said MJ Shoer, senior vice president and executive director of the CompTIA ISAO.

The new integration expands Sophos' support of the CompTIA ISAO. As a Silver Industry Partner, Sophos has been contributing detailed threat analysis from SophosLabs Uncut to the CompTIA ISAO.

"This is a significant addition to the resources available to our members," Shoer added. "It is the latest example of the support that industry partners such as Sophos have for the CompTIA ISAO, and the commitment we all have to make the industry more secure."

The CompTIA ISAO is a community of nearly 1,200 member companies that share best practices, cyber threat intelligence, educational content and more to help address ever-evolving cyber threats. Working closely with public and private cybersecurity agencies and organizations, the CompTIA ISAO is helping its members understand the threat landscape, defend against current and future attacks and raise cybersecurity awareness throughout the global tech industry.

About CompTIA
The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world's economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for advancing the tech industry and its workforce.

About Sophos
Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today's most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K.

Spotlight

Answer the Demand for Certified Professionals Prepping for an (ISC)² credential, like the CISSP, is a big commitment. Maybe you’ve started, but life got in the way of your goal… We get it. That’s why we created the (ISC)² Exam Action Plan to help keep you on track for success. Because we need talented, skilled people like you w

Spotlight

Answer the Demand for Certified Professionals Prepping for an (ISC)² credential, like the CISSP, is a big commitment. Maybe you’ve started, but life got in the way of your goal… We get it. That’s why we created the (ISC)² Exam Action Plan to help keep you on track for success. Because we need talented, skilled people like you w

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

NEXTGEN Group Inks Distribution Agreement with Stellar Cyber in Philippines

Businesswire | April 17, 2023

NEXTGEN Group Philippines today announced a strategic partnership with Stellar Cyber, an innovator of Open XDR. The Philippines is home to a growing number of businesses that are increasingly vulnerable to cyber-attacks. In response to this growing threat, NEXTGEN Group has partnered with Stellar Cyber to offer a suite of cybersecurity solutions that will sit alongside NEXTGEN’s diverse and complementary best-of-breed vendor portfolio leveraging their Open XDR platform. “Partnering with Stellar Cyber allows us to provide our channel partners with a cybersecurity solution that combines the best technologies with expertise, capability and an advanced channel services model from NEXTGEN," said Jenny Diamzon, Managing Director, Cyber Security and Data Resiliency, NEXTGEN Philippines. “Stellar Cyber will be supported by our go-to-market teams and our in-house cybersecurity professionals and proprietary CyberLab platform. We are confident that this collaboration will allow us to help our partners and customers navigate the challenges they face with ransomware and cyber-attacks.” Stellar Cyber's Open XDR platform combines multiple security technologies into a single, unified platform, providing organizations with a complete view of their security posture. With advanced threat detection and response capabilities, the platform helps organizations stay ahead of the curve and proactively defend against cyber-attacks. “We are excited to partner with NEXTGEN Group to bring our advanced cybersecurity solutions to the Philippines market,” said Jim O'Hara, CRO of Stellar Cyber. “Our partnership will enable organizations in the region to enhance their cybersecurity posture and better protect their sensitive data leveraging our Open XDR platform.” The partnership is effective immediately, and interested parties can contact NEXTGEN Group to learn more about the advanced cybersecurity solutions that are available. About NEXTGEN Group The NEXTGEN Group is a pioneering technology services group that supports the channel ecosystem. We do this through the active management of a portfolio of established and emerging technology vendors, coupled with innovative and unique services across cybersecurity, cloud, enterprise software, and data management solutions. This model is the next generation of IT solutions, knowledge, service, and delivery. The business is a hub of collaboration within the channel that makes it easy for technology partners to do business with international vendors on complex and ever-changing product suites. Our unique and award-winning combination of specialist knowledge, innovative technology platforms and complementary services enables our partners and vendors to stay relevant and remain ahead in this dynamic IT environment. About NEXTGEN CyberLab NEXTGEN CyberLAB is a completely browser based virtual realization platform built on AWS that demonstrates and integrates the world's most innovative cybersecurity solutions. It was created for vendors and channel partners to help them cost-effectively showcase varied technologies in safe and controlled environments, customized for a specific use case. About Stellar Cyber The Stellar Cyber Open XDR platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8x improvement in MTTD and a 20x improvement in MTTR. The company is based in Silicon Valley. For more information, visit stellarcyber.ai.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BreachLock Releases API Penetration Testing Service to Improve API Security Testing for Companies

Prnewswire | March 29, 2023

BreachLock officially launched its API Penetration Testing Service today, making API security testing faster, more scalable, and more affordable compared to alternative pentesting providers. The company is best known for its human-led, AI-enabled Pen Testing as a Service (PTaaS) solution delivered via its award-winning client portal. API penetration testing will help organizations prevent cybercriminals from exploiting unpatched API vulnerabilities to perpetrate cybercrimes. BreachLock is known for its innovative pentesting approach as a leader in the emerging PTaaS market. With a global reputation for delivering enterprise-grade penetration testing services, Breachlock leverages automation to ensure affordability and speed for clients held back by alternative pentesting options. With integrated remediation, companies can decrease their window of exposure to critical API vulnerabilities fast. Clients receive evidence-backed pentest reports with guided remediation on critical vulnerabilities, along with 12 months of access to retest, generate reports, and run scans inside the client portal. Regarding its new security testing offering, BreachLock's Founder & CEO, Seemant Sehgal, comments, "With the rise in security breaches involving insecure APIs, it's our responsibility to enable clients to prevent similar incidents." Sehgal adds, "Staying ahead of cyber adversaries is the name of the game. With today's threat landscape, agile pentesting is the key to combatting security breaches, especially when done regularly." BreachLock's API pentesting service is conducted by 100% in-house, certified expert pentesters (e.g., CREST, OSCE, OSCP, CISSP, CEH) that leverage AI and automation to accelerate the process and deliver more accurate results that closely correlate with OWASP best practices. Its security experts apply maximum business logic to every API pentest during a manual deep dive and ensure zero false positives by validating automated findings. About BreachLock BreachLock® is a global leader in cybersecurity and Penetration Testing services combining the power of human hackers, artificial intelligence, and automation. Engineered for agility and scalability for digital environments of any scale, on its cloud-native platform, BreachLock delivers full-stack, Human-led, AI-enabled, Pen Testing as a Service (PTaaS), enabling organizations to accelerate pentesting by 50% and reduce TCO by 50% in comparison to alternative penetration testing companies. BreachLock helps clients accelerate their security maturity, meet compliance requirements (i.e., PCI DSS, ISO 27001, HIPAA, GDPR, SOC 2), and conduct third party security vendor assessments.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tenable Delivers Cloud Security Posture Management for Multi-cloud and Hybrid Environments

GlobeNewswire | March 23, 2023

Tenable®, the Exposure Management company, today announced significant advancements to Tenable Cloud Security, a unified and scalable Cloud Security Posture Management (CSPM) and vulnerability management solution delivered on the Tenable One exposure management platform, and expanded availability of Tenable Agentless Assessment for Microsoft Azure. Hybrid and multi-cloud strategies enable organizations to satisfy unique business requirements and accelerate innovation. But managing highly complex and distributed cloud environments – each with its own security tools, processes and specialized skill requirements – is neither easy nor straightforward. As a result, security issues such as simple misconfigurations and excessive privileges – the root cause of the majority of cloud breaches – can go unseen. Tenable Cloud Security enables organizations to achieve consistent cloud security and compliance by bringing all cloud vulnerabilities, misconfigurations and drift across multi-cloud and cloud-native environments to the forefront, providing organizations with a unified cloud security solution that simplifies and scales cloud security posture management. Tenable Cloud Security’s built-in best practices consistently enforce security posture and compliance across environments, detecting and preventing risky configurations from ever reaching cloud runtimes. When deployed as part of Tenable One, customers gain advanced vulnerability prioritization capabilities and automated remediation workflows, enabling security and DevOps teams to prioritize remediation efforts where they can have the biggest impact on security and compliance posture. “Cloud environments are in a constant state of change, meaning that security, compliance and governance is a ‘never-done’ job,” said Nico Popp, chief product officer, Tenable. “With more than half of data breaches occurring in the cloud, organizations are racing against the clock and cannot afford for weak code to go into runtime. To effectively scale security at the speed and scale of the cloud, the pendulum must swing from reactive threat detection and response to exposure management and preventive cloud security posture management.” Additional new and enhanced CSPM features include: Continuous Discovery and Assessment - Improved cloud account onboarding enables organizations to continuously discover and assess both managed and unmanaged cloud accounts, limiting blind spots and minimizing risks. Most Comprehensive Policy Portal, Views and Content - New policy portal makes it easy to view and customize over 1,500 out-of-the-box policies spanning 20 industry benchmarks and regulations. Enriched by the expertise and speed of Tenable Research, including the industry’s most comprehensive library of 71,000 known vulnerabilities, Tenable Cloud Security has 2.6 times more cloud Center for Internet Security (CIS) certifications than any other cloud security vendor. Organizations can visualize misconfiguration details, impacted resources and all the context needed to quickly remediate issues. With the new low code policy group editor, organizations can create custom policy groups enabling security teams to build custom policy groups leveraging existing policies. Automated Cloud-to-Cloud Drift Detection - New drift detection enables organizations to maintain compliance by detecting configuration drift in runtime and between Infrastructure-as-Code (IaC), automating pull requests including corrected code or step-by-step instructions to the right owner, or applying remediation code automatically to significantly reduce mean-time-to-remediation. Enhanced Reporting and Collaboration: Enhanced reporting capabilities enable security teams to accurately report on key metrics to executive leadership while increasing cross functional collaboration between security operations and compliance teams. Report and share security posture findings by role, function or by industry benchmarks and regulatory frameworks – such as CIS, SOC 2 and 20+ others. About Tenable Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies.

Read More