Crossword Cybersecurity Partners with Satisnet for Rizikon Assurance

CISOMAG | April 07, 2020

Security firm Crossword Cybersecurity announced its collaboration with managed security services provider Satisnet Ltd., as part of the expansion of Crossword’s partner program. The new partnership allows Satisnet to help its customers take control of third-party risks by using Crossword’s Rizikon Assurance third-party risk management platform. Crossword Cybersecurity develops university research-based cybersecurity and risk management related software and consulting services. Satisnet focuses on leveraging technologies that enable cybersecurity to evaluate and keep pace with evolving threats. The company delivers security services including SIEM, threat hunting, incident response, detection & response, vulnerability and patch management from its Security Operations Centers. Sean Arrowsmith, Group Sales Director at Crossword Cybersecurity, said, “Rizikon Assurance compliments Satisnet’s existing portfolio and will allow their clients to really take control of their supply chain assurance programs.”

Spotlight

Balancing digital transformation efforts with staying compliant and applying relevant privacy policies requires a real survival guide. In this set of Best Practices you’ll find actionable steps to implement in your organisation to:

  • Prepare for digital transformation
  • Explore new privacy regulations
  • Develop strategies to merge the two going forward

Download your copy and become one of the success stories in accelerating your business in the digital world whilst staying within the lines of emerging privacy regulations.

Spotlight

Balancing digital transformation efforts with staying compliant and applying relevant privacy policies requires a real survival guide. In this set of Best Practices you’ll find actionable steps to implement in your organisation to:

  • Prepare for digital transformation
  • Explore new privacy regulations
  • Develop strategies to merge the two going forward

Download your copy and become one of the success stories in accelerating your business in the digital world whilst staying within the lines of emerging privacy regulations.

Related News

PLATFORM SECURITY

Picus Security brings automated security validation to businesses of all sizes

Picus Security | November 10, 2022

Picus Security, the pioneer of Breach and Attack Simulation (BAS), today announced the availability of its next-generation security validation technology. The new Picus Complete Security Validation Platform levels up the company's attack simulation capabilities to remove barriers of entry for security teams. It enables any size organization to automatically validate the performance of security controls, discover high-risk attack paths to critical assets and optimize SOC effectiveness. "Picus helped create the attack simulation market, and now we're taking it to the next level, By pushing the boundaries of automated security validation and making it simpler to perform, our new platform enables organizations even without large in-house security teams to identify and address security gaps continuously." -H. Alper Memis, Picus Security CEO and Co-Founder The all-new-and-improved Picus platform extends Picus's capabilities beyond security control validation to provide a more holistic view of security risks inside and outside corporate networks. It consists of three individually licensable products: Security Control Validation - simulates ransomware and other real-world cyber threats to help measure and optimize the effectiveness of security controls to prevent and detect attacks. Attack Path Validation - assesses an organization's security posture from an 'assume breach' perspective by performing lateral movement and other evasive actions to identify high-risk attack paths to critical systems and users. Detection Rule Validation - analyzes the health and performance of SIEM detection rules to ensure that SOC teams are reliably alerted to threats and can eliminate false positives. A global cybersecurity workforce gap of 3.4 million professionals∗ means automated security validation is now essential to reduce manual workloads and help security teams respond to threats sooner. Recently, the US's Cybersecurity and Infrastructure Security Agency (CISA) and UK's National Cyber Security Centre (NCSC) published a joint advisory recommending organizations test their defenses continually and at scale against the latest techniques used by attackers. Insights from point-in-time testing are quickly outdated and do not give security teams a complete view of their security posture, With the Picus platform, security teams benefit from actionable insights to optimize security effectiveness whenever new threats arise, not once a quarter. With our new capabilities, these insights are now deeper and cover even more aspects of organizations' controls and critical infrastructure,said Volkan Erturk, Picus Security CTO and Co-Founder. About Picus Security Picus Security is the pioneer of Breach and Attack Simulation (BAS). The Picus Complete Security Validation Platform is trusted by leading organizations worldwide to continuously validate security effectiveness and deliver actionable insights to strengthen resilience 24/7. Picus has offices in North America, Europe and APAC and is supported by a global network of channel and alliance partners. Picus has been named a 'Cool Vendor' by Gartner and is cited by Frost & Sullivan as one of the most innovative players in the BAS market.

Read More

DATA SECURITY, SOFTWARE SECURITY

Appgate Launches Technology Alliance Partnership Program to Help Customers Simplify and Accelerate Zero Trust Advancement

Appgate | September 08, 2022

Appgate (OTC: APGT), the secure access company, today announced the launch of its Technology Alliance Partnership program and four of the program’s featured partners: Illumio, Menlo Security, CrowdStrike and Amazon Web Services (AWS). Appgate’s Technology Alliance Partnership program is designed to help organizations unlock greater performance from their cybersecurity investments and accelerate Zero Trust security adoption. This growing ecosystem of partners demonstrates Appgate’s vision and commitment to build purposeful product integrations that enable its customers to automate cybersecurity processes, optimize operations, reduce risk and improve the user experience. “While many organizations have embraced the principles of Zero Trust security, the reality is their goals cannot be met with any single product, vendor or platform. Our Technology Alliance Partnership program is designed to make it easier for our customers to navigate this complex landscape, simplify deployments and get the most out of their cybersecurity investments. “We’re thrilled to bring more value to our customers through our partnerships with Illumio, Menlo Security, CrowdStrike and AWS.” Barry Field, CEO, Appgate Zero Trust requires all users, devices and workloads—whether inside or outside an organization’s network—to be authenticated, authorized and continuously validated before receiving access to applications and data. Appgate’s Technology Alliance Partnership program enables partners to integrate with the company’s industry-leading Zero Trust Network Access (ZTNA) solution, Appgate SDP, through robust API integrations, clear documentation and dedicated support. Together, Appgate and its technology partners offer comprehensive offerings that help their customers reach Zero Trust goals with ease and speed: Illumio The combination of Appgate SDP and Illumio Core, a leading micro-segmentation solution, enables joint customers to achieve full-compass dynamic Zero Trust segmentation. Appgate SDP ensures secure access to workloads via the network perimeter (north-south traffic) by creating user-to-workload access controls that are cloaked, fine-grained and dynamic. Illumio Core micro-segments workloads within the interior (east-west traffic) to eliminate excess workload-to-workload interconnectivity. When co-deployed and integrated together, these solutions immediately improve any organization’s Zero Trust posture. “Security teams are turning to Zero Trust strategies to build resilience throughout their hybrid IT environments but find that no single vendor or solution can achieve their goals alone—an ecosystem-based approach is required,” said John Skinner, Vice President of Business Development at Illumio. “Both Zero Trust segmentation and ZTNA are important pillars of any Zero Trust strategy. Illumio is delighted to join forces with Appgate to deliver best-of-breed Zero Trust solutions in both categories to our customers to ensure minor breaches can’t grow to become disasters.” Menlo Security The combination of Appgate SDP and the Menlo Security Cloud Platform delivers a comprehensive secure access solution that safeguards all internet traffic, Software-as-a-Service (SaaS) applications and private networked resources. With this integration, enterprises can shift to a seamless, high-security Zero Trust framework with industry-leading data and threat protection, enabling users to browse the internet and access SaaS apps and private enterprise resources safely and securely. “The evolution toward hybrid workforces and public and private cloud infrastructures requires organizations to deploy a new approach to ensure secure access to web and SaaS applications and confidential enterprise data without affecting the user experience or productivity,” said Sanjit Shah, Head of Strategic Alliances, Menlo Security. “Teaming with Appgate enables our joint customers to adopt a comprehensive and scalable ZTNA-based approach that improves deployment and management flexibility, while providing secure web access to application workloads across public and private clouds using Menlo’s Cloud Security Platform with Isolation Core and Zero Trust private access to hybrid resources and IT infrastructure via Appgate SDP.” CrowdStrike Appgate’s integration with CrowdStrike helps organizations reduce their attack surface and mitigate lateral movement. Appgate SDP gathers intelligence provided through CrowdStrike Falcon Zero Trust Assessment (ZTA) to assess user, device and workload risk postures at the time of authentication and on an ongoing basis. This dynamic functionality makes it possible to leverage device health or behavioral changes provided by the CrowdStrike Falcon platform to build policy controls that restrict or deny access, preventing lateral movement across the network. AWS Enterprises that utilize the strong security foundations provided by AWS can augment the network security of their environments with Appgate SDP, which leverages AWS-native capabilities like tagging and auto scaling to provide fine-grained access and enterprise-grade scale. Appgate SDP ensures that only authorized users connect to AWS and hybrid architectures with multiple encrypted tunnels. Appgate SDP is available in the AWS Marketplace. About Appgate Appgate is the secure access company. We empower how people work and connect by providing solutions purpose-built on Zero Trust security principles. This people-defined security approach enables fast, simple and secure connections from any device and location to workloads across any IT infrastructure in cloud, on-premises and hybrid environments. Appgate helps organizations and government agencies worldwide start where they are, accelerate their Zero Trust journey and plan for their future.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Security Compass Releases New Developer-Centric Threat Modeling Capabilities in SD Elements in Support of New Secure Software Development Guidelines

Security Compass | October 19, 2022

Security Compass, a leading cybersecurity solution provider, today announced the release of SD Elements 2022.3, which offers new capabilities that make it easier for software developers to identify software application security threats and exactly where to implement countermeasures to mitigate the risks. The latest version of SD Elements also includes new security content that allows software development organizations to demonstrate compliance with the latest threat modeling and secure development best practices from the National Institute of Standards and Technology (NIST) referenced in Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity.” The new SD Elements capabilities help organizations comply with the latest NIST software threat modeling and secure development standards, even when security knowledge and availability of security experts is limited. Other benefits include improved collaboration among security, software development, hardware engineering, and DevOps teams, and reduced time and costs associated with software threat modeling and demonstrating compliance with multiple security standards and regulations such as EO 14028 as well as with more than 80 other secure development industry regulations and guidelines. Key updates to SD Elements 2022.3 include: Developer-centric threat modeling diagram enhancements: Surfacing threats is important, but knowing where threats are and how to prioritize and mitigate them is even more important. New threat modeling diagram enhancements help software development and application security teams better understand where the threat exists, which threats to prioritize for remediation first, and exactly where countermeasures should be applied. New customizable dashboards in Advanced Reporting: New dashboards enable application security teams to identify the most prevalent threats and weaknesses across the organization’s software portfolio, as well as perform in-depth analyses of their software security and compliance posture on both a per-project basis, as well as across their entire software portfolio. New security content: New security content helps organizations meet U.S. federal government security requirements in accordance with Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity;” new Ansible infrastructure as code (IaC) and automotive supply chain (UNECE WP.29 / R155) security content helps ensure software development teams have the guidance they need to ensure the code they write complies with secure development best practices. New integrations: The extensive SD Elements integration ecosystem now includes a new integration for Micro Focus Fortify on Demand. New just-in-time training content: 34 new Terraform Infrastructure as Code (IaC) and Payment Card Industry (PCI) Software Security Framework (SSF) just-in-time training micro-modules have been added to the existing library of over 800 just-in-time training micromodules already included in SD Elements. New developer-centric eLearning courses: New eLearning courses for Terraform, PCI SSF, the OWASP top 10, and OAuth Security Fundamentals have been added to the existing library of more than 40 Security Compass eLearning courses focused on application security, operational security, compliance, and secure coding best practices. “The importance of software threat modeling continues to grow. “NIST now recommends that software developers follow secure software development best practices and perform software threat modeling multiple times during development, especially when developing new capabilities. All companies that sell (or want to sell) software to the U.S. federal government, whether directly or through resellers or other channels, must comply with EO 14028 by September 15, 2023, and should therefore quickly begin assessing their compliance with the latest NIST guidance and develop action plans to address any gaps.” Trevor Young, Chief Product Officer, Security Compass For more details about the latest capabilities in SD Elements, click here, or register to attend the upcoming webinar, “How to Speed Up Software Threat Modeling, Threat Remediation, and NIST Software Supply Chain Security Compliance” on Nov. 16, 2022 at 1:00pm ET. About Security Compass Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries.

Read More