Home > News > featured news > Conceal Announces Strategic Partnership with White Rock Cybersecurity

Platform Security, Software Security, Cloud Security

Conceal Announces Strategic Partnership with White Rock Cybersecurity

Businesswire | May 23, 2023 | Read time : 05:00 min

Conceal Announces Strategic Partnership with White Rock Cybersecurity

Conceal, a global leader in Zero Trust browser isolation technology, has announced a new strategic partnership with White Rock Cybersecurity, an industry-recognized Value Added Reseller specializing in comprehensive IT and network security solutions.

"White Rock Cybersecurity is committed to delivering innovative, scalable, and manageable solutions in information technology," said James Range, CEO of White Rock Cybersecurity. "With the inclusion of Conceal's Zero Trust isolation technology in our offerings, we are significantly boosting the defense capabilities of our customers against both existing and emerging cyber threats at the edge."

ConcealBrowse, Conceal's flagship product, is a lightweight browser extension that turns any existing browser into a Zero Trust, secure browser. By monitoring and detecting new and potentially malicious URLs, ConcealBrowse can accurately determine if the activity at the edge is safe to continue via the organization's network. This layer of protection effectively blocks potentially malicious activity, minimizing the success of credential theft and ransomware that bypass other cybersecurity controls.

In cases where the safety of a URL cannot be immediately determined, ConcealBrowse isolates the session, protecting the user's identity and the organization's network from potential threats.

"White Rock Cybersecurity has a proven track record of delivering top-tier IT and cybersecurity solutions to their customers," said Gordon Lawson, CEO of Conceal. "We are excited to work closely with them to enhance their capabilities further and ensure their clients benefit from our innovative Zero Trust isolation technology."

The partnership presents a tremendous opportunity for the security partner community. With ConcealBrowse, partners can now provide their customers with a comprehensive malware protection solution for any browser, enhancing the overall cyber resilience of organizations and protecting their digital assets at the edge.

About Conceal

Conceal enables organizations of all sizes globally to protect users from credential theft, malware, and ransomware at the edge. The ConcealBrowse Platform uses Zero Trust isolation technology to defend against sophisticated cyber threats, ensuring users and IT operations remain secure and isolated from attacks. For more information, visit https://conceal.io/.

Spotlight

Getting Started with DMARC Secure your email. Stop phishing. Protect your brand.

The reality of email is that cybercriminals can use almost any brand or email domain to send spam, phishing emails, and malware installs, inflicting direct losses to customers and eroding the brand equity companies have spent years building up. The solution is DMARC, which allows companies to understand all the different mail st

More featured news

Spotlight

Getting Started with DMARC Secure your email. Stop phishing. Protect your brand.

The reality of email is that cybercriminals can use almost any brand or email domain to send spam, phishing emails, and malware installs, inflicting direct losses to customers and eroding the brand equity companies have spent years building up. The solution is DMARC, which allows companies to understand all the different mail st

Related News

Platform Security, Software Security, Cloud Security

Stellar Cyber’s Open XDR Platform Now Secures OT Environments

Businesswire | July 25, 2023

Stellar Cyber, the innovator of Open XDR technology, announced today that all Stellar Cyber Open XDR Platform users can now secure their OT environments on the same platform with the same license they use to secure their IT environments. Combining IT and OT security in a single platform gives security teams a permanent advantage over attackers who frequently attempt to exploit weaknesses and vulnerabilities identified in an IT environment to move laterally into an OT environment to carry out an attack, and vice versa. Recent studies found that in 2021, over 90% of manufacturers had their production or energy supply impacted by a cyberattack. “With attacks so prevalent, you would think most security vendors would attempt to provide an easy-to-implement OT security solution, but that is not the case,” said Sam Jones, VP of Product Management at Stellar Cyber. “We found that with our open data architecture and built-in network security (NDR) capabilities, we can detect the most common OT environment cyber-attacks without burdening the security team to create OT-specific detection content.” OT environments require different deployment models based on their OT architecture. Stellar Cyber’s agentless deployment and its partnership with Garland Technology (a leading provider of network visibility products), make it easy for customers to incorporate their OT environment assets into the Stellar Cyber platform. With Stellar Cyber, security teams can now automatically detect the following: Many flavors of SCADA protocols SCADA network segmentation violations Network attacks Malicious or suspicious file transfers Anomalous communication IT-to-OT breaches Several existing Stellar Cyber customers are already incorporating their OT environment assets into the Stellar Cyber Platform and gaining never-before-seen insights into the attacks targeting their OT environments. “Securing my OT environment seemed unrealistic given my resources and budget, but now that I can use the Stellar Cyber Platform for both my IT and OT environments, my security team is delivering better security outcomes across the entire organization, protecting our bottom line,” said a SOC manager for a mid-sized manufacturing organization. “Securing an OT environment should not be exclusively available to organizations that have embedded OT expertise in their security teams,” said Sam Jones, VP of Product Management of Stellar Cyber. “With our platform, all customers can now reduce the risk of a widespread breach that might bring the shop floor, a utility turbine, or a critical manufactory line offline.” About Stellar Cyber Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR.

Read More

Enterprise Security, Platform Security, Software Security

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

Prnewswire | July 19, 2023

Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file. Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged. The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe. Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks. This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain. About Legit Security Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

Data Security, Certifications and Training

Node4 Acquires ThreeTwoFour to Strengthen its Cybersecurity Offering and Expand In the Finance and Banking Sector

businesswire | July 10, 2023

Node4, a cloud-led digital transformation Managed Services Provider (MSP), has today announced the acquisition of ThreeTwoFour, an award-winning information security and technology risk specialist. The acquisition is Node4’s third significant growth purchase in the last 18 months, having also bought risual, an IT managed services and solutions provider and Tisski, a leading UK-based independent Microsoft Business applications partner. ThreeTwoFour is renowned for its extensive suite of information security services, including programme delivery, cyber strategy, risk and control assessment and governance. It also brings strong experience across the financial services sector, broadening Node4’s reach. In addition, ThreeTwoFour’s expertise in M&A Cyber Due Diligence adds further capabilities to the Node4 solutions and services portfolio. The acquisition significantly enhances Node4’s security and transformation capabilities, particularly for enterprise-level clients. Drawing on ThreeTwoFour’s capabilities, Node4 will also be better equipped to meet the increasing requirements in the public sector and government frameworks for effective cyber security solutions. ThreeTwoFour’s founder, Alex Coburn, along with his leadership team, will remain with the business as it integrates with Node4. The strongly-positioned ThreeTwoFour brand will also function as the consultative arm of Node4’s security practice. With its core team based in the UK, ThreeTwoFour is also supported by specialists working remotely from all over the world. In the past two years, the company has deployed team members from three continents and eight different countries, enabling it to support clients around the clock. “The ThreeTwoFour team are highly experienced and skilled professionals with a strong leadership team and exceptional track record of success,” commented Andy Gilbert, CEO and Founder of Node4. “The organisations are also a great cultural fit and together, we anticipate driving strong growth across our shared customer base and beyond. We look forward to working closely with Alex and everyone at ThreeTwoFour.” “We are delighted to join forces with Node4, whose reputation for customer-focused excellence is second-to-none across the UK technology industry,” said Alex Coburn, Founder of ThreeTwoFour. “By integrating our expertise and Node4’s existing services portfolio, we are confident that we can deliver market-leading security and risk solutions for enterprises and SMEs alike.” Alongside its Cyber Essentials Certification, the firm provides expertise in Identity and Access Management, Privileged Access Control, Security Architecture, Data Loss Prevention, Security Operations, Vulnerability Management, NIST, ISO27001, SANS and other Risk Management Frameworks. About Node4 Node4 empowers private and public sector organisations across the UK to deliver positive outcomes, through technology and innovation. Thanks to a broad portfolio of fully managed services including Business Applications, Modern Workplace, Cloud, Network, Data and Security, clients are empowered to reach their strategic goals. Node4 fully owns its own a network of data centres, points of presence and operates best-in-class integrated tooling. Alongside strategic relationships with market-leading vendors such as Microsoft, Cisco and Fortinet, Node4 brings together the best options for infrastructure, platforms and applications, tailored to the needs of their clients.

Read More

Platform Security, Software Security, Cloud Security

Stellar Cyber’s Open XDR Platform Now Secures OT Environments

Businesswire | July 25, 2023

Stellar Cyber, the innovator of Open XDR technology, announced today that all Stellar Cyber Open XDR Platform users can now secure their OT environments on the same platform with the same license they use to secure their IT environments. Combining IT and OT security in a single platform gives security teams a permanent advantage over attackers who frequently attempt to exploit weaknesses and vulnerabilities identified in an IT environment to move laterally into an OT environment to carry out an attack, and vice versa. Recent studies found that in 2021, over 90% of manufacturers had their production or energy supply impacted by a cyberattack. “With attacks so prevalent, you would think most security vendors would attempt to provide an easy-to-implement OT security solution, but that is not the case,” said Sam Jones, VP of Product Management at Stellar Cyber. “We found that with our open data architecture and built-in network security (NDR) capabilities, we can detect the most common OT environment cyber-attacks without burdening the security team to create OT-specific detection content.” OT environments require different deployment models based on their OT architecture. Stellar Cyber’s agentless deployment and its partnership with Garland Technology (a leading provider of network visibility products), make it easy for customers to incorporate their OT environment assets into the Stellar Cyber platform. With Stellar Cyber, security teams can now automatically detect the following: Many flavors of SCADA protocols SCADA network segmentation violations Network attacks Malicious or suspicious file transfers Anomalous communication IT-to-OT breaches Several existing Stellar Cyber customers are already incorporating their OT environment assets into the Stellar Cyber Platform and gaining never-before-seen insights into the attacks targeting their OT environments. “Securing my OT environment seemed unrealistic given my resources and budget, but now that I can use the Stellar Cyber Platform for both my IT and OT environments, my security team is delivering better security outcomes across the entire organization, protecting our bottom line,” said a SOC manager for a mid-sized manufacturing organization. “Securing an OT environment should not be exclusively available to organizations that have embedded OT expertise in their security teams,” said Sam Jones, VP of Product Management of Stellar Cyber. “With our platform, all customers can now reduce the risk of a widespread breach that might bring the shop floor, a utility turbine, or a critical manufactory line offline.” About Stellar Cyber Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR.

Read More

Enterprise Security, Platform Security, Software Security

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

Prnewswire | July 19, 2023

Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file. Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged. The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe. Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks. This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain. About Legit Security Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

Data Security, Certifications and Training

Node4 Acquires ThreeTwoFour to Strengthen its Cybersecurity Offering and Expand In the Finance and Banking Sector

businesswire | July 10, 2023

Node4, a cloud-led digital transformation Managed Services Provider (MSP), has today announced the acquisition of ThreeTwoFour, an award-winning information security and technology risk specialist. The acquisition is Node4’s third significant growth purchase in the last 18 months, having also bought risual, an IT managed services and solutions provider and Tisski, a leading UK-based independent Microsoft Business applications partner. ThreeTwoFour is renowned for its extensive suite of information security services, including programme delivery, cyber strategy, risk and control assessment and governance. It also brings strong experience across the financial services sector, broadening Node4’s reach. In addition, ThreeTwoFour’s expertise in M&A Cyber Due Diligence adds further capabilities to the Node4 solutions and services portfolio. The acquisition significantly enhances Node4’s security and transformation capabilities, particularly for enterprise-level clients. Drawing on ThreeTwoFour’s capabilities, Node4 will also be better equipped to meet the increasing requirements in the public sector and government frameworks for effective cyber security solutions. ThreeTwoFour’s founder, Alex Coburn, along with his leadership team, will remain with the business as it integrates with Node4. The strongly-positioned ThreeTwoFour brand will also function as the consultative arm of Node4’s security practice. With its core team based in the UK, ThreeTwoFour is also supported by specialists working remotely from all over the world. In the past two years, the company has deployed team members from three continents and eight different countries, enabling it to support clients around the clock. “The ThreeTwoFour team are highly experienced and skilled professionals with a strong leadership team and exceptional track record of success,” commented Andy Gilbert, CEO and Founder of Node4. “The organisations are also a great cultural fit and together, we anticipate driving strong growth across our shared customer base and beyond. We look forward to working closely with Alex and everyone at ThreeTwoFour.” “We are delighted to join forces with Node4, whose reputation for customer-focused excellence is second-to-none across the UK technology industry,” said Alex Coburn, Founder of ThreeTwoFour. “By integrating our expertise and Node4’s existing services portfolio, we are confident that we can deliver market-leading security and risk solutions for enterprises and SMEs alike.” Alongside its Cyber Essentials Certification, the firm provides expertise in Identity and Access Management, Privileged Access Control, Security Architecture, Data Loss Prevention, Security Operations, Vulnerability Management, NIST, ISO27001, SANS and other Risk Management Frameworks. About Node4 Node4 empowers private and public sector organisations across the UK to deliver positive outcomes, through technology and innovation. Thanks to a broad portfolio of fully managed services including Business Applications, Modern Workplace, Cloud, Network, Data and Security, clients are empowered to reach their strategic goals. Node4 fully owns its own a network of data centres, points of presence and operates best-in-class integrated tooling. Alongside strategic relationships with market-leading vendors such as Microsoft, Cisco and Fortinet, Node4 brings together the best options for infrastructure, platforms and applications, tailored to the needs of their clients.

Read More

More featured news