INFOSEC PROJECT MANAGEMENT

CyberCube Partners With Kroll to Launch Response Service

CyberCube | May 31, 2022

CyberCube
CyberCube, a supplier of cyber risk analytics, has developed CAERS, a new cyber incident response service for customers of the company's SaaS products.

CyberCube will collaborate with Kroll, the premier supplier of data, technology, and insights linked to risk, governance, and growth, to offer CyberCube's customers information and assistance on important cyber aggregation events via the Cyber Aggregation Event Response Service (CAERS). Kroll will deliver frontline risk information derived from thousands of incident response cases handled each year.

Following a large cyber disaster, the CAERS team will provide the most recent information to CyberCube's customers, while CyberCube's SaaS tools, including Broker Manager, Account Manager, and Portfolio Manager, will aid in the reaction to any developing cyber calamity.

“With cyber events becoming increasingly common, the speed and accuracy with which organisations respond to them is critical. That’s why we’ve launched this response service, specifically tailored to CyberCube’s growing client base. The pressure on our clients during a major cyberattack can be extreme. With CAERS, our team—comprising data scientists, actuaries, engineers, economists and cyber security experts—will become an extension of our clients’ teams, providing the updates they need and sharing both our expertise and data.”

Darren Thomson, CyberCube’s Head of Cyber Intelligence Services

Benedetto Demonte, Chief Operating Officer for Kroll’s Cyber Risk practice, said: “We’re pleased to be contributing to CAERS because effective incident response depends on the most current and relevant threat intelligence available. In our most recent Threat Landscape Report, we saw a 356% growth in the number of attacks quarter-on-quarter where the infection vector was a zero-day or freshly announced software exploit. Ransomware groups have also been found to be leveraging newly announced vulnerabilities just days after release. It is only with access to frontline intelligence that firms can prioritize resources, mitigate the risk of a cyberattack and react appropriately if the worst happens.”

Spotlight

In 2015, Tso et al.'s demonstrated that the researchers password authentication scheme could not achieve the user anonymity property and do not allow changing password freely for the user. Then, they proposed a new method to remedy the weaknesses. However, this paper points out that Tso et al.'s scheme is still vulnerable to online password guessing attack and denial of service attack using stolen smart card unlike their claims. For this reason, Tso et al.'s scheme is insecure for practical application.

Spotlight

In 2015, Tso et al.'s demonstrated that the researchers password authentication scheme could not achieve the user anonymity property and do not allow changing password freely for the user. Then, they proposed a new method to remedy the weaknesses. However, this paper points out that Tso et al.'s scheme is still vulnerable to online password guessing attack and denial of service attack using stolen smart card unlike their claims. For this reason, Tso et al.'s scheme is insecure for practical application.

Related News

DATA SECURITY

Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform

Netskope | August 03, 2022

Netskope, the leader in Security Service Edge (SSE) and Zero Trust, today announced it has acquired Infiot, a pioneer in enabling secure, reliable access with zero trust security, network and application optimization, and AI-driven operations. As Netskope Borderless WAN, the addition of Infiot's revolutionary technology will enable Netskope customers to apply uniform security and quality of experience (QoE) policies to the widest range of hybrid work needs, from employees at home or on-the-go, to branch offices, ad-hoc point-of-sale systems, and multi-cloud environments. For customers, all of these capabilities are delivered in a single architecture, using one policy framework, and one console, which dramatically simplifies operations, preserves network performance, and ensures SASE success. The Benefits of SASE Businesses and governments are rapidly adopting SASE to safeguard data wherever it moves, support digital transformation efforts, and realize better efficiency and return-on-investment from their technology. Netskope is a widely acknowledged leader in SSE, which describes the security services needed for a successful SASE architecture. Relevant to SASE growth, Gartner® notes: "By 2024, 80% of SD-WAN deployments will incorporate SSE requirements, up from less than 25% in 2022"[1] "By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services, and private application access from a single vendor's SSE platform"[2] Despite SASE's popularity, however, confusing vendor messaging often accompanies piecemeal product sets that are spuriously marketed as "SASE." Most of these products are not natively integrated, nor able to simplify technology environments, and lack critical network and infrastructure transformation capabilities—all of which risk higher levels of security incidents, network downtime, and poor ROI. Netskope Borderless WAN combines with Netskope Intelligent SSE in a fully converged SASE platform, uniquely addressing these challenges. Borderless WAN Unlocks Full SASE Potential Founded in 2018 by veterans of the SD-WAN market, Infiot was one of only four vendors recognized in the 2021 Gartner "Cool Vendors™ in Cloud Networking"[3] report, was twice named to The Futuriom Top 40[4], and has been successfully deployed by customers in healthcare, retail, education, energy, manufacturing, telecommunications, and other industries. Infiot technology leverages a cloud-based, zero-touch deployment and provisioning model with multiple physical and virtual appliance form factors. The solution includes built-in routing, a transport-agnostic approach that supports both wired and wireless networking, app-aware QoE enforcement combined with policy-based traffic steering, and other integrated network security functions critical for deployment at the edge. For customers, all of this capability is delivered in a single architecture, using one policy framework, and one console, which dramatically simplifies operations for thinly-stretched networking and infrastructure teams. As the foundation of the new Netskope Borderless WAN solution, Infiot technology will allow customers to embrace modern, cloud-first networking by leveraging Netskope SASE Gateways, creating secure, optimized connections between any enterprise location, including site-to-site, or the cloud. Netskope SASE Gateways also enable end-to-end optimization for improved app performance, provide increased network resilience through real-time link monitoring and dynamic path selection, and offer identity and per-app access policies to apply zero trust principles to the network. Netskope Borderless WAN critical use cases include: Easy access to industry-leading Netskope Intelligent SSE services powered by world-class Netskope NewEdge infrastructure All-in-one intelligent access, routing, wireless WAN, network security, app assurance, and edge compute as an effective way to modernize, simplify and implement SASE architecture The ability to offload MPLS and eliminate costs by sending more traffic direct-to-net, eliminate backhauling and leverage fixed/mobile connectivity options (such as 4G/5G) Better guaranteed WAN connectivity to ensure end-to-end performance, from the "last mile" to the cloud or legacy data center Simplified operational overhead associated with running custom third-party applications "Today, leaders across IT, security, and networking and the world's best-known analyst firms agree that the explosion of data and devices, along with the numerous ways that people connect, communicate, and collaborate, make the transformation of both networking and security a critical imperative for businesses and governments. It is in this transformation where Netskope is uniquely positioned to help customers with a fully converged SASE platform. "We're very excited to introduce Borderless WAN, and to welcome Infiot to our growing team." Sanjay Beri, Netskope CEO "Today, many-to-many secure optimized connectivity is required to address any user, device, and location, in combination with a zero trust approach that integrates seamlessly with Security Service Edge," said Parag Thakore, Infiot CEO. "Netskope Intelligent SSE is the industry's leading SSE, and the combination of Infiot and Netskope will deliver on the promise of SASE like no other technology vendor can." "As we continue to transform our patient care experience, we are excited to partner with Netskope,'' said Rick Lacy, Senior Enterprise Network Engineer, CHRISTUS Health. "Netskope Borderless WAN provides adaptive, identity-aware precision access for our medical workers to deliver care from the comfort of their homes, without compromising experience, all at a significantly lower cost to our business. In the future we see many applications for Netskope, including our medical IoT deployments." "Netskope Borderless WAN is a new mindset. It's a new way of thinking about how our users access our domain and critical applications," said Robert Boopsingh, CIO, The Beacon Insurance Company. "For us, it will replace VPN for our employees and branch offices across our seven countries. We have implemented a zero trust model while delivering superior network access with this modern, secure, cloud-first implementation." "This is a great move," said Frank Dickson, Group Vice President, Security & Trust, IDC. "What Netskope will now be able to offer, thanks to its compelling security platform and Infiot's technology, is fully secure hybrid-work in-a-box, solving for both networking challenges and security challenges at the same time. It's a self-provisioning network, with security that's automatic. That's not just an abstract framework or a good idea, it's a specific set of benefits and use cases for businesses." In addition to offering Borderless WAN capabilities, Netskope integrates with key SD-WAN partners, ensuring customers benefit from Netskope Intelligent SSE in mixed environments while maintaining flexibility and choice in vendor partners. Financial terms of the acquisition are undisclosed. Parag Thakore and the Infiot product team now comprise Netskope's Borderless WAN group, and Infiot's sales team has joined Netskope's sales organization. Read the Netskope blog for more on today's acquisition news. Visit Netskope.com for more on Borderless WAN and the Netskope SASE platform. Gartner Disclaimer Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER and COOL VENDORS are a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

SOFTWARE SECURITY

iboss Achieves FedRAMP Authorization for its Zero Trust Edge Cloud Security Solution

iboss, Inc. | July 29, 2022

iboss, the leading Zero Trust Edge cloud security provider, announces that it has obtained Federal Risk and Authorization Management Program (FedRAMP) Authorization. The achievement is reflective of the company’s commitment to work alongside federal agencies to protect government entities and civilians from growing and increasingly sophisticated cyberthreats. Earlier this year, the United States Office of Management and Budget unveiled a strategy designed to prevent damaging hacks and breaches by moving federal agencies toward a zero trust cybersecurity approach. The announcement followed a 2021 Biden Administration executive order aimed at protecting federal networks by modernizing government cybersecurity, including through the implementation of zero trust security architecture as defined in the National Institute of Standards and Technology (NIST). The iboss platform is a purpose-built, patented, cloud delivered security solution that has been trusted by organizations worldwide to implement Zero Trust architecture as laid out specifically in the NIST 800-207 Special Publication. The company’s containerized cloud architecture makes it the only platform that can control what NIST refers to as the “Implicit Trust Zone” to ensure that all data and resources are completely private. The FedRAMP authorization now extends iboss’s leading platform to all U.S. government customers. “Our Zero Trust Edge platform prevents breaches by making applications and data inaccessible to attackers while allowing trusted users to securely and directly connect to resources from anywhere. “In today’s work-from-anywhere world, protecting sensitive information, regardless of who is accessing it or where, is critical. We look forward to continuing to extend our platform and expertise to U.S. government agencies.” iboss CEO Paul Martini A Zero Trust Architecture built on iboss consolidates network security technologies (SWG, CASB, DLP, IPS, malware defense, browser isolation, firewall) into a single unified cloud platform and eliminates the need for a VPN while securing any device, regardless of location. By making all applications private, iboss eliminates the top three initial ransomware infection vectors as identified by the Cybersecurity and Infrastructure Security Agency (CISA). With applications, data and services made accessible only through the iboss Zero Trust Edge, cyber risk is greatly reduced, breaches and data loss are prevented, and visibility and security are delivered consistently throughout an organization. FedRAMP is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. About iboss, Inc. iboss is a cloud security company that enables organizations to reduce cyber risk by delivering a Zero Trust service designed to protect resources and users in the modern distributed world. Applications, data and services have moved to the cloud and are located everywhere while users needing access to those resources are working from anywhere. Built on a containerized cloud architecture, iboss delivers security capabilities such as SWG, malware defense, browser isolation, CASB and data loss prevention to protect all resources, via the cloud, instantaneously and at scale. This shifts the focus from protecting buildings to protecting people and resources wherever they are located. Leveraging a purpose-built cloud architecture backed by 230+ issued and pending patents and more than 100 points of presence globally, iboss processes over 150 billion transactions daily, blocking 4 billion threats per day. More than 4,000 global enterprises trust the iboss Cloud Platform to support their modern workforces, including a large number of Fortune 50 companies. iboss was named one of the Top 25 Cybersecurity Companies by The Software Report, one of the 25 highest-rated Private Cloud Computing Companies to work for by Battery Ventures, and CRN’s Top 20 Coolest Cloud Security Companies of 2022.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Tanium Expands Collaboration with Microsoft as It Joins the Microsoft Intelligent Security Association (MISA)

Tanium | August 17, 2022

Tanium, the industry’s first provider of converged endpoint management (XEM), today announced that it has been nominated to join the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed security service providers (MSSPs) that have integrated their solutions with Microsoft security technology to help customers better defend themselves against increasingly sophisticated cyber threats. “I believe that Microsoft and Tanium's partnership is going to transform the future of IT security and operations for my organization,” said Mark Wantling, CIO at the University of Salford. “By combining Tanium's real-time visibility and control with Microsoft's advanced threat intelligence, orchestration, and analytics services, I can quickly and easily identify and address vulnerabilities, remediate threats, and manage my estate across a multitude of platforms — and I don't need dozens of point solutions to do it.” As hybrid work and other digital transformations expand organizations’ IT assets and attack surfaces, customers benefit by consolidating security platforms to more seamlessly deliver security, performance, and automation, without needless complexity and alert fatigue. “I am excited to see that Tanium and Microsoft are working together,” said Andy Lawrence, cyber security improvements manager, Willis Towers Watson. “Combining Tanium’s real-time data and control with Microsoft’s services will allow my team to more effectively manage and secure my entire IT estate.” Tanium was nominated for MISA membership in part as a result of an integration with Microsoft Sentinel, soon to be available via the Sentinel Content Hub. Currently, Tanium is available in the Microsoft Commercial Marketplace, an online store providing applications and services for use on Azure. Customers can purchase and provision Tanium directly from the marketplace and apply the purchase to their Microsoft Azure Consumption Commitments (MACC). Every day, Tanium customers around the world take advantage of the Azure cloud platform, including streamlined deployment and provisioning, to accelerate their security strategies. “The largest and most sophisticated organizations trust Tanium to manage and secure their digital estates. “Combining Microsoft's security solutions with Tanium's real-time data, distribution, and control not only enables effective automation and resilient security, but it also creates accelerated savings for customers converging multiple point solutions into fewer, more comprehensive, and robust solutions.” Rob Jenks, senior vice president of corporate strategy at Tanium Together, Tanium’s integrations with Microsoft’s technology deliver the capabilities customers need to manage and secure IT estate from cloud to the edge, including active threat hunting, faster remediation, real-time patching, and the automated delivery of detailed real-time data. “Members of the Microsoft Intelligent Security Association – like Tanium – integrate their security solutions with Microsoft’s technology to gain more signal, increase visibility and better protect against threats. By extending Microsoft’s security capabilities across the ecosystem, we help our shared customers to succeed.” – Maria Thomson, Microsoft Intelligent Security Association Lead. About Tanium Tanium, the industry’s only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, Compliance, Security, and Risk into a single platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium has been named to the Forbes Cloud 100 list for six consecutive years and ranks on Fortune’s list of the Best Large Workplaces in Technology. In fact, more than half of the Fortune 100 and the U.S. armed forces trust Tanium to protect people; defend data; secure systems; and see and control every endpoint, team, and workflow everywhere.

Read More