Crossword Cybersecurity Partners with Satisnet for Rizikon Assurance

CISOMAG | April 07, 2020

Security firm Crossword Cybersecurity announced its collaboration with managed security services provider Satisnet Ltd., as part of the expansion of Crossword’s partner program. The new partnership allows Satisnet to help its customers take control of third-party risks by using Crossword’s Rizikon Assurance third-party risk management platform. Crossword Cybersecurity develops university research-based cybersecurity and risk management related software and consulting services. Satisnet focuses on leveraging technologies that enable cybersecurity to evaluate and keep pace with evolving threats. The company delivers security services including SIEM, threat hunting, incident response, detection & response, vulnerability and patch management from its Security Operations Centers. Sean Arrowsmith, Group Sales Director at Crossword Cybersecurity, said, “Rizikon Assurance compliments Satisnet’s existing portfolio and will allow their clients to really take control of their supply chain assurance programs.”

Spotlight

"With enterprise users having nearly ubiquitous access to corporate email and attachments on mobile devices, they are becoming an increasingly attractive access point for attackers. It only takes a few minutes to penetrate the standard protections on most mobile devices, and doing so can expose both sensitive corporate data as well as credentials to access a company's entire information system."

Spotlight

"With enterprise users having nearly ubiquitous access to corporate email and attachments on mobile devices, they are becoming an increasingly attractive access point for attackers. It only takes a few minutes to penetrate the standard protections on most mobile devices, and doing so can expose both sensitive corporate data as well as credentials to access a company's entire information system."

Related News

PLATFORM SECURITY

SilverSky and NRTC Announce Cybersecurity Partnership

SilverSky | June 03, 2022

SilverSky, a cybersecurity innovation that provides advanced managed detection and response (MDR) services, and NRTC, a member-driven and technology-focused organization located in Herndon, Virginia, announced today an agreement to provide cybersecurity services to NRTC members. NRTC, which already offers a wide range of managed services to its energy and telecom members will now add SilverSky's award-winning MDR services to its portfolio, allowing the cooperative to offer its members the most up-to-date managed cybersecurity services. Managed endpoint protection, multi-factor authentication, and security awareness training are among the services provided, as are vulnerability assessments, penetration testing, and email security. "Accompanying our ongoing emphasis on serving frequently underserved healthcare organizations and educational institutions, this partnership with NRTC helps expand that effort with a distinct focus on the needs of our nation's rural communities. SilverSky's MDR services are powerful, yet easy to deploy and affordable – offering an appealing mix for NRTC's members. We look forward to working with the NRTC Managed Services team to provide these valuable services." Jason McGinnis, President and COO at SilverSky Jon Bartleson, President of NRTC's Managed Services division said that "Our members provide essential electric and telecommunications services to rural America and thus are obvious targets for hackers. It is vital we arm them with comprehensive cybersecurity tools and resources. Cybersecurity is a top priority for our members and staffing for these types of roles is a major challenge. We chose to partner with SilverSky to make sure we could offer comprehensive, affordable managed cybersecurity to our members." On June 7 at 2 p.m. Eastern, SilverSky and NRTC will offer a webinar for NRTC members. On the NRTC website, members can subscribe for Managed Cybersecurity Made Simple, Affordable, and Accessible for Telcos and Electric Cooperatives.

Read More

DATA SECURITY

Imperva Extends its Data Security Fabric to Include Enterprise Data Lakes Built on AWS

Imperva | July 27, 2022

Imperva, Inc., a comprehensive digital security leader, announces that its award-winning Imperva Data Security Fabric (DSF) now provides data-centric protection and compliance for enterprise data lakes built on Amazon Web Services (AWS). Imperva reinforces its commitment to securing data and all paths to it by allowing AWS customers to secure their data with one comprehensive platform, leveraging a unified security model across Amazon Aurora, Amazon Redshift, Amazon Relational Database Service (Amazon RDS), Amazon DynamoDB, Amazon Athena, and AWS CloudFormation without requiring any changes to their existing data infrastructure. Many security teams have gaps in their resources and domain expertise required to ensure their data lake meets organizational compliance and security policies. In particular, organizations must be able to simultaneously identify when a compromised user accesses sensitive data, while also preventing data from being stolen by malicious insiders. These gaps can mean that organizations must choose between limiting the data they store in a data lake, and putting themselves at risk of non-compliance, or in the worst-case scenario, a data breach. Many security teams have gaps in their resources and domain expertise required to ensure their data lake meets organizational compliance and security policies. In particular, organizations must be able to simultaneously identify when a compromised user accesses sensitive data, while also preventing data from being stolen by malicious insiders. These gaps can mean that organizations must choose between limiting the data they store in a data lake, and putting themselves at risk of non-compliance, or in the worst-case scenario, a data breach. Imperva DSF includes User Entity Behavior Analytics (UEBA) models that can identify suspicious data access patterns, such as excessive access to sensitive records, the use of privileged service accounts by interactive users, and suspicious network connections. This helps organizations automatically identify and detect potential data breaches without the need for specialized data security analysts. Finally, with Imperva DSF, security operations teams can create playbooks to automatically mitigate threats using native AWS features like security groups or revoking user access using AWS IAM. This ensures organizations stay in compliance while also helping to prevent data breaches. Comprehensive Data Security From one holistic dashboard, Imperva DSF delivers a broad range of data security capabilities – including data discovery, classification, monitoring, access control, risk analytics, compliance management, security automation, threat detection, and audit reporting. This makes it easier for customers to protect the migration of sensitive data, including Personally Identifiable Information (PII) like customer names, email addresses, phone numbers, and gender, and adhere to privacy regulations, such as the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI-DSS), and the Health Insurance Portability and Accountability Act (HIPAA). Tens of thousands of organizations build data lakes on AWS and configure AWS Lake Formation, AWS Identity and Access Management (IAM), and Amazon Simple Storage Service (Amazon S3) policies to secure access to them. Imperva DSF leverages services like AWS Lake Formation and AWS Glue to discover data lakes, monitor how users query and access stored data, and detect and prevent malicious user access and data leakage incidents. Imperva DSF also safeguards critical data workloads across all of their databases, file repositories, data warehouses, multicloud, and data lake environments. Imperva Data Security Fabric can be deployed directly in any AWS Regions using pre-built AWS CloudFormation templates. Once deployed, Imperva DSF will begin discovering and monitoring data lakes. More than 400 pre-defined vulnerability assessment tests are available for cloud databases on AWS. Also, Imperva DSF takes the complexity out of deciding which baselines to establish by including policies based on Center for Internet Security (CIS) and Defense Information System Agency’s (DISA) Security Technical Implementation Guide (STIG) benchmarks that are adapted for the cloud. "AWS allows organizations to quickly and securely build solutions that help them to reach new markets and deliver new services to end users,” says Dan Neault, SVP and GM, Data Security, Imperva. “Imperva Data Security Fabric gives organizations building data lakes on AWS a streamlined experience for securing data, and confidence that their data lakes are in compliance.” About Imperva DSF on AWS The support of data lakes is the latest milestone in Imperva’s work with AWS. Imperva is an AWS Partner with the AWS Security Independent Software Vendor (ISV) Competency and Amazon RDS Ready Product validation. Imperva also participates in AWS Marketplace and AWS ISV Accelerate Program. About Imperva Imperva is the cybersecurity leader whose mission is to help organizations protect their data and all paths to it. Customers around the world trust Imperva to protect their applications, data and websites from cyber attacks. With an integrated approach combining edge, application security and data security, Imperva protects companies through all stages of their digital journey. Imperva Research Labs and our global intelligence community enable Imperva to stay ahead of the threat landscape and seamlessly integrate the latest security, privacy and compliance expertise into our solutions.

Read More

SOFTWARE SECURITY

RangeForce introduces cloud-based security team threat exercises

RangeForce | June 29, 2022

RangeForce, a provider of team cyber defense readiness at scale, announced that it has improved its platform for team threat exercises with new features that make it simpler for organizations to hasten the development of their security teams' skills through multi-user detection and response drills involving simulated attacks. Through the use of RangeForce team threat exercises, security teams can set up the security stack to be defended, select an attack scenario, carry out the threat exercise, analyze the post-exercise data, and create a customized training program. RangeForce threat exercises produce realistic digital artifacts of both signal and noise that demand teams to demonstrate their cyber preparedness. They use high-intensity, real-world assault scenarios that call security experts to work in teams to discover and neutralize cyber threats. "RangeForce threat exercises are based on years of running hundreds of live cyber events and deliver the most realistic experience for teams using headline making attack scenarios and the same security tools they use every day. They provide participants the opportunity to acquire hands-on skills so they build the muscle memory to meet threat actors head on." Ben Langrill, Senior Director of Product Engineering for RangeForce RangeForce exercises take place in a cyber-environment that goes beyond the standard tabletop exercise, forcing participants to use well-known security tools like Splunk and Fortigate to identify and address threats. Instead, events follow the NIST cybersecurity architecture and combine threat intelligence, threat hunting, digital forensics, and system hardening expertise to reduce threats depending on current malware patterns.

Read More