Home > News > featured news > CyCraft Technology announced that CyCraft JP has officially joined the Nippon CSIRT Association .

SOFTWARE SECURITY

CyCraft Technology announced that CyCraft JP has officially joined the Nippon CSIRT Association .

prnewswire | November 03, 2020

CyCraft Technology, the quickest developing network safety firm in Asia, today declared that CyCraft JP has authoritatively joined the Nippon CSIRT Association (NCA).

CSIRT (Computer Security Incident Response Team, Computer Security Incident Response Team) alludes to a group of security investigators that not just arrangement with and react to network safety episodes, gather and examine occurrence related weakness knowledge, assault strategies, methods, and methodology (TTP) yet additionally plan playbooks and complete reactions to security occurrences.

Lately, Japanese associations have started building and building up their own personal inward CSIRTs; notwithstanding, cyberattacks in the 21st century are turning out to be increasingly complex and regular, making it increasingly more hard for one CSIRT to deal with independently. Nippon CSIRT Association (NCA) was set up to bring together the insight, assets, and ability of numerous CSIRTs with the goal that one CSIRT utilizing the knowledge, assets, and capacity of different CSIRTs could conquer security occurrences and increment Japan's general digital flexibility.

NCA isn't the principal CSIRT association CyCtaft has joined. Recently, CyCraft Taiwan joined the worldwide CSIRT association, FIRST (Forum of Incident Response and Security Teams). CyCraft Technology isn't simply dedicated to raising the strength of worldwide associations yet additionally dedicated to showing dependability, demonstrable skill, and precise and noteworthy danger insight, explicitly in the APAC market.

About CyCraft

CyCraft is a world-leading cybersecurity company and the fastest-growing cybersecurity company in Asia. They have developed multiple innovative AI-driven technologies to achieve security intelligent protection automation, such as threat intelligence gateway (TIG), network detection and response (NDR), endpoint protection(EPP), advanced and managed endpoint detection and response (EDR & MDR), and global cyber threat intelligence (CTI), all delivered via their information security monitoring platform, CyCraft AIR. They participated in the U.S. MITRE ATT&CK® Evaluations in 2019 and received top marks in automated detection capabilities with zero configuration changes.

CyCraft secures multiple government agencies, Fortune Global 500 firms, top banks and financial institutions, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs. In Q1 2020, CyCraft won multiple gold awards in Cybersecurity Excellence Awards. In Q2 2020, US venture capital Momentum Cyber included CyCraft in the Advanced MSS & MDR and EDR sectors of their 2020 CYBERscape, and CyCraft won Best Security Solution of Interop Tokyo 2020.

Spotlight

Dashlane’s Security Principles & Architecture

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

More featured news

Spotlight

Dashlane’s Security Principles & Architecture

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Secureworks Unifies Industrial Cybersecurity with the First Integrated MDR Solution for OT and IT

Prnewswire | June 02, 2023

Secureworks® (NASDAQ: SCWX), a global leader in cybersecurity, today announced two new offerings to unify the way industrial organizations prevent, detect, and respond to threats across the OT and IT landscapes. Taegis XDR for OT – Secureworks award-winning XDR platform that combines intelligence from OT with security telemetry across the IT landscape into a single unified threat prevention, detection and response platform. The platform is for Managed Security Service Providers (MSSPs) who want to deliver Managed Detection and Response (MDR) solutions, and for organizations that manage their own SOCs. Taegis ManagedXDR for OT – Secureworks MDR offering that empowers industrial organizations, such as manufacturers, to secure both OT and IT environments with a team of security experts detecting, investigating, and responding to threats 24x7. The convergence of OT and IT in the industrial sector brings technological and economic benefits, but also increases risk. The more OT systems are digitally connected, the larger the overall attack surface becomes, making OT an increasingly attractive target for threat actors. This, combined with a global cybersecurity talent shortage numbering in the millions, has led to unprecedented levels of cyberattacks impacting the industrial sector. According to Gartner®1, manufacturing companies are now among the most targeted for cyberattacks, comprising 23% of all attacks. Secureworks Counter Threat Unit™ data shows that approximately 22% of Secureworks' emergency incident response engagements between April 2022 and April 2023 were in the manufacturing industry alone. Manufacturing made up 20% of all ransomware-based incident response engagements that Secureworks remediated in the same period. Gartner also predicts that by 2025, 70% of asset-intensive organizations will have converged their security functions across both enterprise and operational environments.2 Yet, in industrial environments overall, OT is often managed differently from IT with no centralized visibility across both. "As OT and IT systems infrastructure becomes more interdependent and connected, the risks from threats traversing these environments are rapidly escalating," said Dave Gruber, Principal Analyst with Enterprise Security Group. "Security operations teams need visibility into the combined OT/IT environment to detect, investigate, and respond to these complex threats. Secureworks' move to offer a specialized OT security solution by leveraging its own, proven Taegis XDR platform highlights the importance of this increasing threat." "Industrial organizations will continue to be challenged by an expanding attack surface and evolving threat landscape. Their risks include unplanned shutdowns, financial losses, and harm to human populations that rely on critical services," said Kyle Falkenhagen, Chief Product Officer, Secureworks. "And the potential costs are staggering. For example, manufacturers lose an average of $148 per second3 of unplanned downtime – almost $9,000 per minute. As a managed solution that unifies threat prevention, detection and response of OT and IT into a single platform, Secureworks helps organizations with OT environments reduce cyber risks and enhance their security postures as they complete their digital transformations," Falkenhagen concluded. Taegis ManagedXDR for OT Industrial organizations can reduce risk by bringing Taegis XDR's threat monitoring, detection, investigation and response capabilities across both OT and IT environments, eliminating the visibility challenges often associated with OT and IT systems. Taegis XDR is already used by five of the top 20 manufacturers in the world. Now, with the first integrated MDR solution for OT and IT, organizations can unify their security monitoring and visibility strategies under a single platform, while gaining the benefits of a fully managed security solution using Taegis ManagedXDR. The solution includes: 24x7 threat monitoring with unlimited access to security experts in 90 seconds or less, collaborative design of OT and IT response processes, customizable rules and playbooks, quarterly expert security reviews, monthly threat hunting, onboarding support, and access to proactive services (including incident response planning and adversarial testing). Taegis XDR platform, a SaaS security platform that processes more than 640 billion events daily across more than 2,000 customers to enable superior detection and response. The Taegis platform integrates feeds from third-party tools that are normalized and analyzed, along with Secureworks own proprietary data and global threat intelligence curated by the Counter Threat Unit. Secureworks Taegis endpoint agent and the Secureworks Taegis iSensor IDS/IPS device for monitoring IT and OT traffic. Integrations with leading OT solutions. Hundreds of out-of-the-box integrations across different technology solutions including Google, Mimecast, AWS, Microsoft, and Netskope among others. Access to a full suite of proactive security testing services to raise cyber resiliency across OT and IT environments. Secureworks brings the power of Taegis XDR to OT environments by delivering: Superior threat detection and unmatched response across OT and IT environments through the Taegis XDR platform. Taegis XDR uses advanced analytics and machine learning to discover stealthy threats while automatically prioritizing the most serious threats. The platform includes more than 700,000 curated threat indicators and 20,000 curated countermeasures. Designed as an open platform, Taegis continuously interprets telemetry from proprietary and third-party sources while providing the best support for environments with endpoint solutions from different providers. Vast insights into threats targeting industrial environments. The Secureworks Counter Threat Unit research team analyzes and uncovers new threats targeting industrial environments, from manufacturers to critical infrastructure services, using over 20 years of defending organizations all over the world. Threat insights are developed from elite threat researchers tracking over 175 active threat groups, findings from over 3,000 incident response and testing engagements each year, and a diversity of attack data from Taegis. About Secureworks Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers' ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Forum Systems Releases Next Generation of API Gateway

Prnewswire | April 17, 2023

Forum Systems Inc., a leader in API gateway technology, releases the next generation of its flagship product, Forum Sentry, Version 9.1. The company continues to redefine excellence in API integration, security, and identity management. "CIOs are often scrambling to manage the growing complexity of their business systems. A simple API integration service might be deployed. But then the traffic comes. These platforms can only scale by adding more vCores, which is unsustainable," warns Mamoon Yunus, CEO of Forum Systems. He continued, "integration is as much a part of our product now as security and identity. We're proud of how Sentry's low-code/no-code environment is saving our clients millions in computing costs by optimizing performance." To continue to serve its users well, Sentry v9.1 comes with several new features—each designed to be resource-efficient and performant. Sentry now supports: PostgreSQL, Cobol Copybooks, OpenAPI v3.0, JSON Web Tokens, direct JSON mapping, as well as running custom scripts. Caching in Sentry is now faster and more flexible. It can leverage Redis as a fast in-memory cache that is safer for runtime. And users have finer control over Sentry's caching behavior through Read and Store: Sentry can apply a task list before a cached response is returned, which allows, for example, distinct responses based on client-specific attributes. A typical organization manages hundreds of APIs—each with its own size, latency, and invocation schedule. Normally a human would set thresholds to monitor performance, but this becomes intractable as the number of APIs grows. A few rules cannot handle the complexity and the false positives drown out real anomalies. Sentry now leverages machine learning to automate performance monitoring: it captures baseline API characteristics and alerts on deviations from what is expected, which enables real-time proactive business monitoring. Forum Systems encourages all organizations to assess their current API strategy and identify pain points. For further information on Sentry v9.1, check out the release notes or schedule a product demo. About Forum Systems Forum Systems is a leader in intelligent API gateway technology, deep data analytics, and cloud technologies. Forum technology, used by some of the largest global companies for building intelligent business workflows, is certified and secure. Along with industry-leading performance, interoperability, and security, Forum Systems takes pride in its customer-driven innovation and simplified user experience.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

AdaCore Launches RecordFlux

Businesswire | March 28, 2023

AdaCore, a trusted provider of software development and verification tools, today announced the launch of its new RecordFlux technology, designed to ease the development and security of binary communication protocols. The technology comprises a Domain Specific Language (DSL) to precisely describe complex binary data formats and communication protocols, and a toolset to verify specifications and generate provable SPARK code that can be executed on a target CPU. Through RecordFlux, users can define and implement complex communication protocols and prove security properties, such as memory safety, at much less cost and effort than would be possible with a manual approach. The precision of the RecordFlux DSL ensures that the specifications are unambiguous, the high-level nature of the DSL makes the specifications easily understandable by domain experts, and the expressive power of the DSL can capture the most complex real-world protocols. And since the RecordFlux code generator produces source code in the formal methods-based SPARK language, users can obtain automated proofs of a wide range of security properties in the resulting software. The net effect is more secure and reliable code, at lower cost. “Interaction between software components is governed by protocol and format specifications. Unfortunately, most specification documents are complex texts written in English which need to be translated to software implementations manually, leaving room for human error,” said Alex Senier, AdaCore’s RecordFlux Team Lead. “Logic errors and critical flaws are often poorly mitigated by the widespread use of unsafe programming languages, resulting in severe security vulnerabilities. With RecordFlux, we aim to provide a solution that saves time and money by automating provable code generation while ensuring the absence of low-level vulnerabilities like buffer overflows that attackers could exploit.” About RecordFlux RecordFlux is a toolset for creating high-assurance implementations of binary data formats and communication protocols. The technology includes a Domain Specific Language, a comprehensive toolset, and customized expert support. By using SPARK Pro, developers can take the SPARK code generated from RecordFlux specifications and automatically prove that the code is free of run-time errors and respects the original specification. Code generated by RecordFlux is also compatible with GNAT Pro Assurance, AdaCore’s complete solution for projects with the most stringent requirements for reliability, long-term maintenance, or certification. The compiler-hardening options provided by GNAT Pro Assurance can be used to mitigate further attacks on network-facing protocol-handling code. About AdaCore Founded in 1994, AdaCore supplies software development and verification tools for mission-critical, safety-critical, and security-critical systems. Over the years, customers have used AdaCore products to field and maintain a wide range of critical applications in domains such as commercial and military avionics, defense systems, automotive, railway, space, air traffic management/control, medical devices, and financial services.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Secureworks Unifies Industrial Cybersecurity with the First Integrated MDR Solution for OT and IT

Prnewswire | June 02, 2023

Secureworks® (NASDAQ: SCWX), a global leader in cybersecurity, today announced two new offerings to unify the way industrial organizations prevent, detect, and respond to threats across the OT and IT landscapes. Taegis XDR for OT – Secureworks award-winning XDR platform that combines intelligence from OT with security telemetry across the IT landscape into a single unified threat prevention, detection and response platform. The platform is for Managed Security Service Providers (MSSPs) who want to deliver Managed Detection and Response (MDR) solutions, and for organizations that manage their own SOCs. Taegis ManagedXDR for OT – Secureworks MDR offering that empowers industrial organizations, such as manufacturers, to secure both OT and IT environments with a team of security experts detecting, investigating, and responding to threats 24x7. The convergence of OT and IT in the industrial sector brings technological and economic benefits, but also increases risk. The more OT systems are digitally connected, the larger the overall attack surface becomes, making OT an increasingly attractive target for threat actors. This, combined with a global cybersecurity talent shortage numbering in the millions, has led to unprecedented levels of cyberattacks impacting the industrial sector. According to Gartner®1, manufacturing companies are now among the most targeted for cyberattacks, comprising 23% of all attacks. Secureworks Counter Threat Unit™ data shows that approximately 22% of Secureworks' emergency incident response engagements between April 2022 and April 2023 were in the manufacturing industry alone. Manufacturing made up 20% of all ransomware-based incident response engagements that Secureworks remediated in the same period. Gartner also predicts that by 2025, 70% of asset-intensive organizations will have converged their security functions across both enterprise and operational environments.2 Yet, in industrial environments overall, OT is often managed differently from IT with no centralized visibility across both. "As OT and IT systems infrastructure becomes more interdependent and connected, the risks from threats traversing these environments are rapidly escalating," said Dave Gruber, Principal Analyst with Enterprise Security Group. "Security operations teams need visibility into the combined OT/IT environment to detect, investigate, and respond to these complex threats. Secureworks' move to offer a specialized OT security solution by leveraging its own, proven Taegis XDR platform highlights the importance of this increasing threat." "Industrial organizations will continue to be challenged by an expanding attack surface and evolving threat landscape. Their risks include unplanned shutdowns, financial losses, and harm to human populations that rely on critical services," said Kyle Falkenhagen, Chief Product Officer, Secureworks. "And the potential costs are staggering. For example, manufacturers lose an average of $148 per second3 of unplanned downtime – almost $9,000 per minute. As a managed solution that unifies threat prevention, detection and response of OT and IT into a single platform, Secureworks helps organizations with OT environments reduce cyber risks and enhance their security postures as they complete their digital transformations," Falkenhagen concluded. Taegis ManagedXDR for OT Industrial organizations can reduce risk by bringing Taegis XDR's threat monitoring, detection, investigation and response capabilities across both OT and IT environments, eliminating the visibility challenges often associated with OT and IT systems. Taegis XDR is already used by five of the top 20 manufacturers in the world. Now, with the first integrated MDR solution for OT and IT, organizations can unify their security monitoring and visibility strategies under a single platform, while gaining the benefits of a fully managed security solution using Taegis ManagedXDR. The solution includes: 24x7 threat monitoring with unlimited access to security experts in 90 seconds or less, collaborative design of OT and IT response processes, customizable rules and playbooks, quarterly expert security reviews, monthly threat hunting, onboarding support, and access to proactive services (including incident response planning and adversarial testing). Taegis XDR platform, a SaaS security platform that processes more than 640 billion events daily across more than 2,000 customers to enable superior detection and response. The Taegis platform integrates feeds from third-party tools that are normalized and analyzed, along with Secureworks own proprietary data and global threat intelligence curated by the Counter Threat Unit. Secureworks Taegis endpoint agent and the Secureworks Taegis iSensor IDS/IPS device for monitoring IT and OT traffic. Integrations with leading OT solutions. Hundreds of out-of-the-box integrations across different technology solutions including Google, Mimecast, AWS, Microsoft, and Netskope among others. Access to a full suite of proactive security testing services to raise cyber resiliency across OT and IT environments. Secureworks brings the power of Taegis XDR to OT environments by delivering: Superior threat detection and unmatched response across OT and IT environments through the Taegis XDR platform. Taegis XDR uses advanced analytics and machine learning to discover stealthy threats while automatically prioritizing the most serious threats. The platform includes more than 700,000 curated threat indicators and 20,000 curated countermeasures. Designed as an open platform, Taegis continuously interprets telemetry from proprietary and third-party sources while providing the best support for environments with endpoint solutions from different providers. Vast insights into threats targeting industrial environments. The Secureworks Counter Threat Unit research team analyzes and uncovers new threats targeting industrial environments, from manufacturers to critical infrastructure services, using over 20 years of defending organizations all over the world. Threat insights are developed from elite threat researchers tracking over 175 active threat groups, findings from over 3,000 incident response and testing engagements each year, and a diversity of attack data from Taegis. About Secureworks Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers' ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Forum Systems Releases Next Generation of API Gateway

Prnewswire | April 17, 2023

Forum Systems Inc., a leader in API gateway technology, releases the next generation of its flagship product, Forum Sentry, Version 9.1. The company continues to redefine excellence in API integration, security, and identity management. "CIOs are often scrambling to manage the growing complexity of their business systems. A simple API integration service might be deployed. But then the traffic comes. These platforms can only scale by adding more vCores, which is unsustainable," warns Mamoon Yunus, CEO of Forum Systems. He continued, "integration is as much a part of our product now as security and identity. We're proud of how Sentry's low-code/no-code environment is saving our clients millions in computing costs by optimizing performance." To continue to serve its users well, Sentry v9.1 comes with several new features—each designed to be resource-efficient and performant. Sentry now supports: PostgreSQL, Cobol Copybooks, OpenAPI v3.0, JSON Web Tokens, direct JSON mapping, as well as running custom scripts. Caching in Sentry is now faster and more flexible. It can leverage Redis as a fast in-memory cache that is safer for runtime. And users have finer control over Sentry's caching behavior through Read and Store: Sentry can apply a task list before a cached response is returned, which allows, for example, distinct responses based on client-specific attributes. A typical organization manages hundreds of APIs—each with its own size, latency, and invocation schedule. Normally a human would set thresholds to monitor performance, but this becomes intractable as the number of APIs grows. A few rules cannot handle the complexity and the false positives drown out real anomalies. Sentry now leverages machine learning to automate performance monitoring: it captures baseline API characteristics and alerts on deviations from what is expected, which enables real-time proactive business monitoring. Forum Systems encourages all organizations to assess their current API strategy and identify pain points. For further information on Sentry v9.1, check out the release notes or schedule a product demo. About Forum Systems Forum Systems is a leader in intelligent API gateway technology, deep data analytics, and cloud technologies. Forum technology, used by some of the largest global companies for building intelligent business workflows, is certified and secure. Along with industry-leading performance, interoperability, and security, Forum Systems takes pride in its customer-driven innovation and simplified user experience.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

AdaCore Launches RecordFlux

Businesswire | March 28, 2023

AdaCore, a trusted provider of software development and verification tools, today announced the launch of its new RecordFlux technology, designed to ease the development and security of binary communication protocols. The technology comprises a Domain Specific Language (DSL) to precisely describe complex binary data formats and communication protocols, and a toolset to verify specifications and generate provable SPARK code that can be executed on a target CPU. Through RecordFlux, users can define and implement complex communication protocols and prove security properties, such as memory safety, at much less cost and effort than would be possible with a manual approach. The precision of the RecordFlux DSL ensures that the specifications are unambiguous, the high-level nature of the DSL makes the specifications easily understandable by domain experts, and the expressive power of the DSL can capture the most complex real-world protocols. And since the RecordFlux code generator produces source code in the formal methods-based SPARK language, users can obtain automated proofs of a wide range of security properties in the resulting software. The net effect is more secure and reliable code, at lower cost. “Interaction between software components is governed by protocol and format specifications. Unfortunately, most specification documents are complex texts written in English which need to be translated to software implementations manually, leaving room for human error,” said Alex Senier, AdaCore’s RecordFlux Team Lead. “Logic errors and critical flaws are often poorly mitigated by the widespread use of unsafe programming languages, resulting in severe security vulnerabilities. With RecordFlux, we aim to provide a solution that saves time and money by automating provable code generation while ensuring the absence of low-level vulnerabilities like buffer overflows that attackers could exploit.” About RecordFlux RecordFlux is a toolset for creating high-assurance implementations of binary data formats and communication protocols. The technology includes a Domain Specific Language, a comprehensive toolset, and customized expert support. By using SPARK Pro, developers can take the SPARK code generated from RecordFlux specifications and automatically prove that the code is free of run-time errors and respects the original specification. Code generated by RecordFlux is also compatible with GNAT Pro Assurance, AdaCore’s complete solution for projects with the most stringent requirements for reliability, long-term maintenance, or certification. The compiler-hardening options provided by GNAT Pro Assurance can be used to mitigate further attacks on network-facing protocol-handling code. About AdaCore Founded in 1994, AdaCore supplies software development and verification tools for mission-critical, safety-critical, and security-critical systems. Over the years, customers have used AdaCore products to field and maintain a wide range of critical applications in domains such as commercial and military avionics, defense systems, automotive, railway, space, air traffic management/control, medical devices, and financial services.

Read More

More featured news