DATA SECURITY

CyberMDX Joins the Microsoft Intelligent Security Association

CyberMDX | April 21, 2021

CyberMDX Joins the Microsoft Intelligent Security Association
CyberMDX, a leading healthcare cybersecurity provider that provides visibility and threat prevention for medical devices and clinical networks, announced today that it has joined the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed security service providers that have integrated their security solutions with Microsoft to better defend against a wide range of threats. CyberMDX's leading Healthcare Security Suite has been integrated with Microsoft Defender for Endpoint to provide robust visibility and incident management for medical devices and IoT.

The integration combines CyberMDX's unmanaged network visibility and identification capability with Microsoft Defender for Endpoints' single pane of glass view of the managed network to provide healthcare organizations with unrivaled cross-platform device visibility, classification, and incident response capabilities. The built-in automation allows security teams to go from warning to remediation in minutes and at scale.

Customers will benefit from CyberMDX's ability to automatically identify and label unmanaged clinical assets, such as medical equipment and IoMT, to establish an accurate inventory of all connected devices within the network, in addition to the visibility benefits and identification capabilities.

About CyberMDX

CyberMDX is a medical cybersecurity pioneer and the firm behind the leading IoMT visibility and security solution. CyberMDX identifies, categorizes, and defends wired medical equipment, preserving resiliency, patient protection, and data privacy. Risks are quickly mitigated and assets streamlined with CyberMDX's continuous endpoint discovery and mapping, comprehensive risk management, AI-powered containment & reaction, and operational analytics.CyberMDX is a medical cybersecurity pioneer and the firm behind the leading IoMT visibility and security solution. CyberMDX identifies, categorizes, and defends wired medical equipment, preserving resiliency, patient protection, and data privacy. Risks are quickly mitigated and assets streamlined with CyberMDX's continuous endpoint discovery and mapping, comprehensive risk management, AI-powered containment & reaction, and operational analytics.

Spotlight

The release of Windows 8.1 may have been more eagerly anticipated for the changes it makes to the Start Screen than for the security improvements it brings, but despite being 'just a point release' there are quite a few under-the-hood improvements, to Microsoft's flagship desktop operating system If you have not done so already, you may wish to review our earlier articles, Windows 8's Security Features and Six Months with Windows 8 to familiarize yourself with what was new in Windows 8.0.

Spotlight

The release of Windows 8.1 may have been more eagerly anticipated for the changes it makes to the Start Screen than for the security improvements it brings, but despite being 'just a point release' there are quite a few under-the-hood improvements, to Microsoft's flagship desktop operating system If you have not done so already, you may wish to review our earlier articles, Windows 8's Security Features and Six Months with Windows 8 to familiarize yourself with what was new in Windows 8.0.

Related News

DATA SECURITY

Owl Cyber Defense improves advanced network security capabilities with Trident Assured Collaboration Systems Acquisition

prnewswire | January 05, 2021

Owl Cyber Defense Solutions, LLC ("Owl"), a worldwide market pioneer in online protection arrangements and administrations for safeguarding network limits and empowering secure information sharing across areas, reported today the obtaining of the Trident Assured Collaboration Systems ("ACS") product offering. ACS has the solitary U.S. government-affirmed Voice over IP ("VoIP") and Video Teleconference ("VTC") Cross Domain Solution ("CDS") just as the business' most exceptional Full Motion Video ("FMV") sifting ability – usefulness basic to CDS activities in a time of robots and cameras. The obtaining gives Owl a more extensive scope of guaranteed network border guard arrangements than any rival on the lookout. Owl, upheld by private speculation firm DC Capital Partners, has been a main supplier of CDS to the U.S. Branch of Defense ("DoD") and Intelligence Community for over 20 years. Owl is likewise the worldwide pioneer in network safety assurance for basic framework, offering the solitary U.S. government tried and certify CDS accessible for organization inside and outside the U.S to both government and business customers. Owl's Cross Domain Solutions offer the most elevated level of organization edge security, far surpassing the capacities of firewalls and other ordinary organization protections. Owl's items are the decision for ensuring the country's most delicate organizations and frameworks against assault. Ongoing episodes have exhibited the failure of inheritance firewalls to forestall cyberattacks against basic business and working frameworks and cloud-based applications. The blend of Owl and ACS's innovation offers a full continuum of CDS items that give equipment upheld space partition and layers of information separating confirmation instead of a solitary organization line checkpoint with insignificant substance sifting. Arrangements like firewalls that worked 25 years back as an organization insurance approach are not, at this point compelling against country state quality assaults. As country state assaults increment, the methodologies utilized by state entertainers start to saturate the criminal side of cyberattacks. Powerful network safety presently requires a coordinated, multi-layered framework with information diode equipment parts in gatekeepers which perform escalated information assessment and confirmation. The up and coming age of insurance, coming out now and based on a mix of Owl and ACS innovation, installs CDS usefulness in incredibly low-inactivity, unmodifiable equipment. Thomas J. Campbell, Chairman of Owl and Founder and Managing Partner of DC Capital, said, "This is another step in executing our strategic vision. The acquisition of ACS not only places Owl ahead of other Cross Domain Solution providers, but it also plays a pivotal role in our larger strategy to offer true cybersecurity protection. The future requires solutions that are cost effective and easy to implement, use, and maintain." "The explosion of the Internet of Things ("IoT") demands cyber-secure devices, from those that control our critical infrastructure, to our homes and cars," said Campbell. "The technology Owl pioneered 20 years ago is now available in form factors small enough to be embedded inside devices. Owl has always been an early mover, the first to develop hardware-enforced network protection and now the first to offer a hardware-enforced CDS that can be embedded." "Owl has been rapidly moving towards this number one position for the last couple of years," commented Robert Stalick, President and CEO of Owl. "With the addition of ACS, the last piece has fallen into place. Owl is now the clear leader in accredited Cross Domain Solution offerings, with the widest range of capabilities and products – solving problems from tactical to enterprise in data, voice, and video; for government, critical infrastructure and commercial enterprises." Jerry B. Chernock, Partner at DC Capital, added, "Clearly we need to address the deficiency of firewalls. There is a motivation behind why our customers demand Cross Domain Solutions and not exclusively on firewalls. Late assaults, including a security break at an unmistakable U.S. based network protection firm and a few U.S. Government organizations, have accentuated the requirement for knowledge, military, basic framework and corporate customers to rapidly develop how they secure their organizations." "The sophistication of these technologies cannot be overstated," said Ken Walker, Chief Technology Officer at Owl. "The U.S. Government continues to set the standards for the most rigorous operational requirements and testing regimes globally, setting expectations that very few companies can meet. Owl is one of a handful of elite companies that satisfies the government-established 'Raise the Bar' requirements." About Owl Cyber Defense Solutions Owl has been serving the cybersecurity needs of the U.S. government since inception – providing hardware-enforced cybersecurity controls, industry leading expertise in operating system hardening, extensive device and network-based assessment services and thought-leadership in filtering/data processing disciplines. Owl Cross Domain Solutions are operating broadly in missions across both the DoD and the U.S. intelligence agencies. Globally Owl is the leader in perimeter protection for nuclear power plants, oil and gas operations, renewables and power generation and transmission, with aggressive growth occurring in the data center and cloud provider sectors. Owl continues to innovate and is bringing to market the world's first embeddable cybersecurity to serve the Internet of Things ("IoT").

Read More

SOFTWARE SECURITY

Green Hills Software Expands Leadership in Automotive Cybersecurity

prnewswire | October 28, 2020

Green Hills Software, the worldwide leader in embedded safety and security, announced today it has adopted the two new international security standards and regulations for automotive cybersecurity – ISO/SAE 21434 and UNECE WP.29 for the INTEGRITY real-time operating system (RTOS) and associated products and services. For decades, Green Hills has been an industry-recognized leader helping electronics manufacturers create and deploy embedded systems at the highest levels of safety and security. By offering compliant products and associated evidence reports for these new standards, Green Hills will build upon its proven pedigree as the foundational run-time software provider trusted by OEMs and their Tier 1 suppliers for automotive electronics. Utilizing these new security standards enables manufacturers to design and deploy purpose-built, secure, software-defined systems in connected vehicles, including highly automated driving, high performance compute clusters, domain controllers, vehicle gateways, telematics, keyless entry, diagnostic connections and electric vehicle charging stations, to name a few. As reliance on vehicle connectivity grows and demand for software-defined services rises, the risk of cyberattacks against connected vehicles continues to rise. With over 100 ECUs and hundreds of millions of lines of code, connected vehicles are a target-rich platform for cyberattacks. Multiple points of entry to modern connected vehicles provide opportunities for malicious vehicle control, fraud, and data-breaches that threaten companies, drivers, and road users. A single exploited security vulnerability could put an entire fleet of vehicles at risk, numbering in the millions. With nearly 80% of new cars connected1 to the internet, cybersecurity breaches have the potential to put billions of dollars in sales and lawsuits at risk – not to mention the damage to brand reputation. As a result, governmental bodies and independent regulators are drafting two related measures for managing cybersecurity threats throughout a connected vehicle's lifecycle. Green Hills is collaborating with its customers and adopting cybersecurity assessment policies for the following: The draft ISO/SAE 21434 "Road vehicles – Cybersecurity engineering" Standard was recently published by SAE International and ISO (Organization for Standardization). It is a baseline for vehicle manufacturers and suppliers to ensure cybersecurity risks are managed efficiently and effectively from both a product lifecycle and organizational perspective spanning concept, development, production, operation, maintenance, and decommissioning. The WP.29 regulations from the United Nations Economic Commission for Europe (UNECE) make OEMs responsible for cybersecurity mitigation in four cybersecurity areas spanning the entire vehicle lifecycle: managing cyber risks; securing vehicles by design; detecting and responding to security incidents; and providing safe and secure over-the-air (OTA) software updates. While WP.29 defines concrete examples of threats and mitigations, OEMs can choose how they show the threats are addressed, such as complying with ISO/SAE 21434. The regulation is expected to be finalized in early 2021 and applied initially to many member nations including European nations, South Korea, UK, and Japan, and will likely influence vehicle homologation polices in the US, Canada and China. WP.29 will be legally binding within adopting countries, and while the ISO/SAE 21434 standard is not a regulation, it is expected to be widely accepted in the global industry like ISO 26262 is today. "Connected cars bring significant risks and rewards to OEMs and their suppliers," said Chris Rommel, Executive Vice President, IoT & Industrial Technology at VDC Research. "Green Hills has earned a high stature in the industry for supplying security-critical foundational software to companies building life-critical systems like aircraft avionics, vehicle ADAS and medical equipment, and its support of these new cybersecurity standards is noteworthy." "ISO/SAE 21434 and WP.29 are valuable additional steps towards protecting connected vehicles from cybersecurity vulnerabilities," said Dan Mender, VP of Business Development at Green Hills Software. "Green Hills has decades of experience developing and delivering security-certified technologies at the highest levels. Adopting these standards expands our offerings to global automotive OEMs and their suppliers bringing the industry's leading secure software run-time environment to next-generation connected vehicle electronics." Reference (1) Source: VDC Research Group, Inc.: Automotive Cybersecurity Software & Services Market report, 2019 Strategic Insights Security & The Internet of Things Research Program. About Green Hills Software Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture integrated development solutions address deeply embedded, absolute security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom. Green Hills, the Green Hills logo and INTEGRITY are trademarks or registered trademarks of Green Hills Software in the U.S. and/or internationally. All other trademarks are the property of their respective owners.

Read More

Leveraging Greater Social Engagement for Improved Cyber Hygiene

Cisco | May 19, 2020

Social Cybersecurity is a new and emerging concept and paradigm that basically involves how better cybersecurity behaviors can be inclined positively using social influence. Practicing proper cyber hygiene in order to protect themselves and others, from the ill effects of cybercrime or cybersecurity issues. There exist any number of tasks and approaches that can be undertaken to protect our computer systems from cybersecurity risks. You don’t have to look too far around to find someone who may not be practicing proper cyber hygiene in order to protect themselves and others, from the ill effects of cybercrime or cybersecurity issues. For example, despite the fact that we may be aware that using the same user ID or email account and password, for different cloud services, is considered risky behavior, and could result in a potential account hack or data breach, yet we do not change this behavior. How often do you share your best practices for securing your devices, cloud service applications, mobile applications and home networking equipment for connecting to the Internet with those around you in a social situation or manner? Do you recommend the use of available security settings to those around you in your social circles? Do you show them how to quickly implement the security settings? In this article we discuss some ways for improving cyber hygiene. Social Cybersecurity is a new and emerging concept and paradigm that basically involves how better cybersecurity behaviors can be inclined positively using social influence. It’s worth to keep an eye out for the research going on regarding social cybersecurity, because it may have some answers to getting people and companies to better protect themselves. Learn more: CORONAVIRUS-THEMED CYBERATTACKS ON BUSINESSES RISE, EXPERTS RECOMMEND BEEFING UP NETWORK SECURITY “Even if this approach has a small positive effect on improving cyber hygiene, it is worth it, because something must change if we are going to help individuals better protects themselves.” ~ Stan Mierzwa, Director Even if this approach has a small positive effect on improving cyber hygiene, it is worth it, because something must change if we are going to help individuals better protects themselves. There exist any number of tasks and approaches that can be undertaken to protect our computer systems from cybersecurity risks. This ranges from ensuring you install and keep your anti-virus or endpoint protection system up to date, apply software security updates, encrypt sensitive data, backup our important data, and this list can continue to grow. “Social Cybersecurity brings a dimension with consideration for the individual, not the computer, and how with social psychology, usable and powerful social forces, such as social norms, can have outsized influences on people’s behaviors and perceptions of risk.” Social Cybersecurity brings a dimension with consideration for the individual, not the computer, and how with social psychology, usable and powerful social forces, such as social norms, can have outsized influences on people’s behaviors and perceptions of risk. The Human-Computer Interaction Institute at Carnegie Mellon University and other researchers are bringing focus to this new scientific area of cybersecurity. As their website (www.socialcybersecurity.org) mentions, this group is leveraging insights from social psychology and other fields to develop novel interventions and strategies for nudging adoption of expert-recommended tools and practices. Can we leverage social interactions or the influence of social situations to enhance our cyber hygiene or help thwart cyber threats? The research results from interviews done provided a theme that the observability of security feature usage was a key enabler of socially triggered behavior change and conversation – in encouraging the spread of positive behaviors, discouraging negative behaviors, and getting participants in the study to talk about security. The work presented is innovative and brings encouragement and opportunities in how systems can be designed to encourage better cybersecurity behaviors. One can also think of Social Cybersecurity in contrast and comparison to the criminological theory called “Social Learning Theory”. In Social Learning theory, delinquents are likely to engage in deviant or criminal behavior when those actions have been positively reinforced. Learn more: PHISHING ATTACKS DISGUISED AS FAKE CERT ERRORS ON CISCO WEBEX USED TO STEAL USER CREDENTIALS

Read More