PLATFORM SECURITY,SOFTWARE SECURITY
Phosphorus | December 13, 2022
Phosphorus, the leading provider of proactive and full-scope security for the extended Internet of Things (xIoT), today announced new security features that will enable organizations to discover and monitor their networks for the presence of xIoT devices that the U.S. government deems a significant security risk. The new features also include the capability to remotely disable and remove the devices from the network.
Phosphorus’s security update follows the FCC’s ban on the sale or importation of devices made by several Chinese manufacturers that it considers to pose “an unacceptable risk to national security of the United States or the security or safety of United States persons.” The Covered List includes video surveillance and telecommunications equipment produced by Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology (and their subsidiaries and affiliates).
“The Phosphorus xIoT Security Platform is the industry’s only solution that can discover the presence of these prohibited devices and remotely render them inert at scale. “These unique capabilities will empower enterprises and government organizations across the U.S. to discover, disable, and remove banned or potentially dangerous devices from their enterprise environments.”
John Vecchi, Chief Marketing Officer at Phosphorus
Advanced Discovery Capability
A recent study by Phosphorus’s global research division, Phosphorus Labs, found that organizations consistently struggle to identify all of their xIoT devices – this means many companies may not realize they have banned devices lurking inside their networks. According to its research, 80% of enterprise security teams can’t identify the majority of their xIoT devices and customer estimates of xIoT inventories are consistently off by 40-60%.
Phosphorus’s Enterprise xIoT Security Platform has unique capabilities for discovering xIoT assets, and it is the only technology platform able to communicate with these devices (ranging from security cameras to PLCs) in their native languages. This enables a high degree of accuracy, granularity, and speed when discovering and analyzing these devices to create comprehensive inventories of xIoT assets that include device type, brand, model, firmware version, credential status, default/enabled protocols, certificate status, and more.
Disabling and Isolating High-Risk Devices
Phosphorus empowers organizations by giving them direct control over every single device in their wide-ranging xIoT deployments. Through the platform’s Hardening and Remediation capabilities, organizations can update and rotate a device’s credentials, manage firmware, disable remote services, turn off unnecessary connectivity features, check for valid certificates, and reboot the device.
For organizations that have detected banned xIoT technologies in their networks, specific device-level actions such as changing passwords, disabling services and reducing connectivity will be critical for limiting the potential risks of these devices prior to their removal from the network.
World’s First and Only Proactive xIoT Security Platform
Phosphorus’s Enterprise xIoT Security Platform is the industry’s only consolidated xIoT security offering, delivering state-of-the-art Attack Surface Management, Hardening and Remediation, and Detection and Response across the full range of IoT, OT, and Network-connected devices – spanning both new and legacy devices.
For the first time in industry history, teams in IT, Facilities, and Security are able to collaborate on a single platform to safely discover, assess, remediate, and monitor their xIoT devices. Phosphorus is now the solution of choice for enterprises to secure devices that were previously unknown or overlooked, beginning with fundamental xIoT security hygiene.
The company’s Enterprise xIoT Security Platform is currently deployed in Fortune 100, Fortune 500, and government networks.
Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things across the enterprise xIoT landscape. Our Enterprise xIoT Security Platform delivers Attack Surface Management, Hardening & Remediation, and Detection & Response to bring enterprise xIoT security to every cyber-physical Thing in your enterprise environment. With unrivaled xIoT discovery and posture assessment, Phosphorus automates the remediation of the biggest IoT, OT, and Network device vulnerabilities—including unknown and inaccurate asset inventory, out-of-date firmware, default credentials, risky configurations, and out-of-date certificates.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Qumulo, Inc. | November 11, 2022
Qumulo, the radically simple way to manage petabyte-scale data anywhere, today announced the launch of the company’s new corporate security initiative “Simply Secure,” a multi-layered approach designed to protect data across multiple points of vulnerability. Qumulo’s “Simply Secure” initiative is meant to help organizations minimize the risk of business disruption and protect their data from theft or loss with a complete suite of security features that continue to harden over time, all-inclusive with their Qumulo® subscription, without additional cost for future releases.
The unprecedented rise in cyber threats in recent years is creating dire consequences for businesses: multi-million dollar ransom payments, days or weeks in disruption of operations, and potential loss of valuable data sets. Not only that, cyber attacks which become public often leave behind permanent reputational damage. While most organizations understand and respect the risk of poor security posture, many are strapped for cycles, time, and expertise to build adequate defenses around their unstructured data.
Qumulo is meeting its customers anywhere – edge, core, and in the cloud – with a holistic approach to security, making it simple for customers to protect their data from ransomware attacks, data theft, and data destruction. Qumulo not only helps customers ensure lighting-fast recovery but also helps proactively detect and prevent anomalies, so organizations and end users can simply secure their sensitive data. Customers are granted access to each new security feature every two weeks, which is available through non-disruptive software upgrades, increasing the value of Qumulo clusters over time.
“Qumulo’s focus on radical simplicity means it's taken an approach to security that makes it as easy as possible for customers to protect their data everywhere it’s stored.”
Kiran Bhageshpur, Chief Technology Officer at Qumulo
Qumulo is constantly developing new and enhancing existing features to provide the most robust security possible. The most recent releases add five new layers to storage security for greater data protection, including:
Multi-tenancy VLAN Isolation: Organizations can now use virtual local area networks (VLANs) to isolate administrative interfaces from their file system clients, such that the general network population cannot reach the interfaces. This adds an additional guarantee of network protection, while helping consolidate multiple use cases on a single cluster, resulting in potential cost savings.
Single sign-on & Access Tokens: Cluster administrators can now eliminate the need for sensitive user passwords when logging into the Qumulo administrator UI or API since user credentials are prime targets for theft by cyber attackers.
NFSv4.1 Kerberos Authentication & Encryption: All data is encrypted before transmitting across networks, preventing any bad actor that intercepts the data from understanding it in plain text.
Federal Information Processing Standards (FIPS) 140-2 certification of Qumulo encryption: Now, customers with FIPS requirements can maintain compliance and independently verify that Qumulo’s data-at-rest encryption meets the standards set by the National Institute of Standards and Technology (NIST). Customers who don’t require FIPS certification can rest assured their data is protected by the highest standards.
OpenMetrics API provides telemetry data to 3rd party monitoring and alerting systems, so organizations can proactively detect and quickly respond to anomalies at risk of disrupting operations such as an attack-in-progress.
“Trust is mission critical when it comes to security,” said Kathy Ahuja, VP of Information Security at Qumulo. “That’s why we’ve built a security posture with FIPS 140-2 accreditation and enhanced encryption that provides the greatest level of protection for our cryptographic modules. Our customers know they can trust Qumulo with their data. And as cybercriminals continue to advance their own breach strategies, we’re well prepared to continue to improve our security measures to match and defeat the complexities of these attacks.”
About Qumulo, Inc.
Qumulo is the radically simple way to manage petabyte-scale data anywhere – edge, core or cloud – on the platform of your choice. In a world with trillions of files and objects comprising 100+ Zettabytes worldwide, companies need a solution that combines the ability to run anywhere with simplicity. This is precisely what Qumulo was founded to accomplish.
ENTERPRISE SECURITY,SOFTWARE SECURITY,IDENTITY MANAGEMENT
SailPoint | January 13, 2023
On January 12, 2023, SailPoint Technologies, Inc., a leading identity security enterprise, announced the acquisition of SecZetta, a prominent third-party identity risk solutions provider. With around half of today's firms comprising non-employees, organizations need to factor this rising group of identities into their identity security strategies.
By incorporating SecZetta, SailPoint will be able to expand its capabilities to assist businesses in gaining greater visibility into all types of identities, including both employee and non-employee identities, ranging from third-party contractors to temporary workers, and all this from a single, market-leading identity security platform. This acquisition will provide businesses with the centralized approach needed as well as the required identity verification to thoroughly validate non-employee identities across their organizations.
SailPoint and SecZetta have a long-established partnership, and once SecZetta's solutions get fully integrated into SailPoint's Identity Security Cloud platform, SailPoint will deliver a unified platform to its customers, providing context-rich identity information with an appropriate level of intelligence answering the "who should have access to what," "why," and "when" questions for this unique, often under-secured set of identities.
The addition of SecZetta will allow SailPoint to assist businesses with identity consolidation efforts, combining and arranging workforce data across authoritative sources into a consolidated identity repository. This identity intelligence will then be made available as a packaged offering within the identity security cloud platform in order to provide a more extensive identity security that provides the critical layer of risk management and governance required across employee and non-employee identities from a single platform.
SailPoint is a leading identity security provider for modern enterprises. Through automating the administration and control of access by using the power of machine learning and AI, it delivers just the required to the right identities and technology resources at the appropriate time, matching the velocity, scale and environmental needs of today's cloud-oriented enterprise. SailPoint's sophisticated identification platform integrates seamlessly with existing systems and workflows, offering a unified view into all identities and their access. It strives to empower the most complex enterprises globally to build a secure foundation grounded in identity security.