DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Saviynt | November 08, 2022
Saviynt, a leading provider of intelligent identity and access governance solutions, today announced it has successfully completed the Information Security Registered Assessor Program (IRAP) assessment. As an important validation for security vendors doing business with government agencies in Australia, the IRAP assessment confirms that Saviynt's Enterprise Identity Cloud (EIC) is assessed at the PROTECTED level. Validating the effectiveness of security controls offered by the Enterprise Identity Cloud for storing, processing, and communicating information up to the PROTECTED information classification level.
The IRAP program enables Australian government customers to validate that appropriate controls are in place for addressing the requirements of the Australian Government Information Security Manual (ISM) produced by the Australian Cyber Security Centre (ACSC). An independent IRAP assessor examined the Saviynt solution, including people, processes, and technology, against the requirements of the ISM.
"The IRAP assessment is the latest milestone in Saviynt’s rapid growth in the Asia Pacific region. "It allows us to provide our government and commercial Enterprise Identity Cloud customers in the APAC region with the confidence that their data is fully protected from unauthorized access when leveraging cloud services.”
Dan Mountstephen, Senior VP, Asia Pacific, Saviynt
Saviynt’s Enterprise Identity Cloud is the only converged identity platform that provides unmatched levels of visibility and security. By combining identity access management, cloud privileged access management, application access management for cross-application separation of duties, third-party access management, and data access governance in a converged platform, Saviynt helps modern enterprises scale cloud initiatives while also solving the toughest security and compliance challenges.
Saviynt's Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time. The company brings together identity governance (IGA), granular application access, cloud security, and privileged access to secure the entire business ecosystem and provide a frictionless user experience.
ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Swimlane | November 15, 2022
Swimlane, the low-code security automation company, today announced the formation of the first operational technology (OT) security automation solution ecosystem tailored to meet the combined OT and IT security requirements within critical infrastructure environments.
The Biden Administration designated November as Critical Infrastructure Security and Resilience Month, drawing attention to the need for “fortifying our information technology and cybersecurity across sectors.” As cyber threats grow in frequency and severity, security operations teams within industrial organizations are regularly targeted due to the importance of their systems and infrastructure.
Given the limited resources at their disposal, security teams within these organizations are struggling to keep up with rapidly evolving threats. The cybersecurity skills gap poses a particularly difficult challenge for organizations with OT environments due to the unique skill set required to navigate the convergence of OT and IT technologies. This is where modern Security Orchestration, Automation and Response (SOAR) plays an instrumental role.
“Our public utilities and critical infrastructure face unique cybersecurity challenges to detect and respond to the convergence of threats targeting their combined OT and IT environments, and cyber-physical systems. “Swimlane is bringing together the best of OT security with our extensible security automation platform to create a robust system of record and control for security operations teams to more quickly process large amounts of security telemetry without needing more resources to defend against breaches.”
Cody Cornell Co-founder and Chief Strategy Officer of Swimlane
Swimlane’s security automation ecosystem for OT environments currently includes the following:
Nozomi Networks for OT and IoT Security: Swimlane and Nozomi Networks, the leader in OT and IoT security, also announced today a technology integration that combines low-code security automation with OT and Internet of Things (IoT) security. The combined solution makes it possible for industrial and critical infrastructure security operations to maintain continuous asset compliance and mitigate the risks of attacks from combined OT and IT entry points.
Dataminr Tackles Physical Risk: Swimlane’s integration with Dataminr leverages automated processes to mitigate risks and warn at-risk employees as soon as possible to ensure their safety. The cyber-physical threat response solution saves organizations crucial minutes when connecting with staff members who might be affected by a natural disaster, accident, or social unrest, or other types of physical risk.
1898 & Co. for Managed Threat Detection: 1898 & Co., a preeminent industrial control system (ICS) cybersecurity solutions provider, has selected Swimlane as the core automation platform for their managed threat detection services. These services include the detection of both OT and IT-born threats, machine-speed threat validation and scoring, and rapid remediation of threats using OT response methods.
“Security teams chartered with protecting OT environments are struggling to keep pace with emerging threats given their limited resources,” said Joshua Magady, Practice Technical Lead at 1898 & Co. “As cyberattacks on critical infrastructure continue to rise and the cybersecurity skills shortage prevails, we are excited to be working with Swimlane to provide automation solutions that give these important organizations the tools to defend against rising cyber threats effectively.”
Working with each technology partner, Swimlane will develop a portfolio of pre-integrated solutions that customers can quickly deploy either through managed services or add to their existing environment.
Swimlane is the leader in cloud-scale, low-code security automation. Swimlane unifies security operations in-and-beyond the SOC into a single system of record that helps overcome process and data fatigue, chronic staffing shortages, and quantifying business value. The Swimlane Turbine platform combines human and machine data into actionable intelligence for security leaders.
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Security Compass | October 19, 2022
Security Compass, a leading cybersecurity solution provider, today announced the release of SD Elements 2022.3, which offers new capabilities that make it easier for software developers to identify software application security threats and exactly where to implement countermeasures to mitigate the risks. The latest version of SD Elements also includes new security content that allows software development organizations to demonstrate compliance with the latest threat modeling and secure development best practices from the National Institute of Standards and Technology (NIST) referenced in Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity.”
The new SD Elements capabilities help organizations comply with the latest NIST software threat modeling and secure development standards, even when security knowledge and availability of security experts is limited. Other benefits include improved collaboration among security, software development, hardware engineering, and DevOps teams, and reduced time and costs associated with software threat modeling and demonstrating compliance with multiple security standards and regulations such as EO 14028 as well as with more than 80 other secure development industry regulations and guidelines.
Key updates to SD Elements 2022.3 include:
Developer-centric threat modeling diagram enhancements: Surfacing threats is important, but knowing where threats are and how to prioritize and mitigate them is even more important. New threat modeling diagram enhancements help software development and application security teams better understand where the threat exists, which threats to prioritize for remediation first, and exactly where countermeasures should be applied.
New customizable dashboards in Advanced Reporting: New dashboards enable application security teams to identify the most prevalent threats and weaknesses across the organization’s software portfolio, as well as perform in-depth analyses of their software security and compliance posture on both a per-project basis, as well as across their entire software portfolio.
New security content: New security content helps organizations meet U.S. federal government security requirements in accordance with Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity;” new Ansible infrastructure as code (IaC) and automotive supply chain (UNECE WP.29 / R155) security content helps ensure software development teams have the guidance they need to ensure the code they write complies with secure development best practices.
New integrations: The extensive SD Elements integration ecosystem now includes a new integration for Micro Focus Fortify on Demand.
New just-in-time training content: 34 new Terraform Infrastructure as Code (IaC) and Payment Card Industry (PCI) Software Security Framework (SSF) just-in-time training micro-modules have been added to the existing library of over 800 just-in-time training micromodules already included in SD Elements.
New developer-centric eLearning courses: New eLearning courses for Terraform, PCI SSF, the OWASP top 10, and OAuth Security Fundamentals have been added to the existing library of more than 40 Security Compass eLearning courses focused on application security, operational security, compliance, and secure coding best practices.
“The importance of software threat modeling continues to grow. “NIST now recommends that software developers follow secure software development best practices and perform software threat modeling multiple times during development, especially when developing new capabilities. All companies that sell (or want to sell) software to the U.S. federal government, whether directly or through resellers or other channels, must comply with EO 14028 by September 15, 2023, and should therefore quickly begin assessing their compliance with the latest NIST guidance and develop action plans to address any gaps.”
Trevor Young, Chief Product Officer, Security Compass
For more details about the latest capabilities in SD Elements, click here, or register to attend the upcoming webinar, “How to Speed Up Software Threat Modeling, Threat Remediation, and NIST Software Supply Chain Security Compliance” on Nov. 16, 2022 at 1:00pm ET.
About Security Compass
Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries.