DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Fortinet | November 29, 2022
Fortinet®, a global leader in broad, integrated and automated cybersecurity solutions, today announced the availability of FortiGate Cloud-Native Firewall (FortiGate CNF) on Amazon Web Services (AWS), an enterprise-grade, managed next-generation firewall service specifically designed for AWS environments. FortiGate CNF incorporates FortiGuard artificial intelligence (AI)-powered Security Services for real-time detection of and protection against malicious external and internal threats, and is underpinned by FortiOS for a consistent network security experience across AWS and on-prem environments.
By shifting the management of network security infrastructure to Fortinet via FortiGate CNF, customers can focus more on their core competencies and deploying effective security policies to protect their business-critical applications and data. Natively supporting AWS and available now in AWS Marketplace, FortiGate CNF gives customers immediate access to FortiGuard AI-powered Security Services for enterprise-grade protection, including URL filtering, DNS filtering, IPS, application control and other FortiGuard security services, that organizations rely on.
FortiGate CNF enables customers to realize the following benefits:
Region-wide network protection at optimized costs: FortiGate CNF is designed to easily aggregate security across cloud networks, availability zones and virtual private clouds (VPCs) in a cloud region. It also natively supports AWS to help optimize cloud security spend and uses AWS Graviton instances to deliver better price performance than other offerings.
Simplified network security operations with cloud-native integrations: FortiGate CNF provides a simple, intuitive user interface (UI) that minimizes the need for security expertise and makes it easy to define and deploy robust security policies including dynamic meta-data based policies on AWS. This AWS support helps security teams move at the speed and scale of applications teams, while support of AWS Gateway Load Balancer eliminates do-it-yourself automation and helps secure Amazon Virtual Private Cloud (Amazon VPC) environments while improving high availability and scaling. Additionally, support of AWS Firewall Manager simplifies security management and automates security rollout.
Increased compliance with consistent enterprise-grade security across on-prem and cloud deployments: In a recent survey of more than 800 cybersecurity professionals, 78% of respondents indicated that a cloud security platform with a single dashboard could help them better protect data across their cloud footprint and strengthen their security posture. FortiGate CNF provides an intuitive dashboard to easily manage security policies across a customer’s AWS deployments. As part of the Fortinet Security Fabric platform, it also offers a single pane of glass through FortiManager to centralize policy management, increase visibility and automate policy enforcement on AWS and beyond. This capability helps teams effectively apply security controls seamlessly across hybrid cloud and on-premises deployments.
Enhanced with AI-powered global threat intelligence: FortiGate CNF includes a suite of trusted FortiGuard AI-powered security services, developed and continually improved by FortiGuard Labs. Using AI/machine learning (ML) models, FortiGate CNF with FortiGuard Security Services enables a proactive security posture and remediation of known and unknown threats based on real-time threat intelligence, behavior-based detection and automated prevention.
Fortinet and AWS – Better Together
FortiGate CNF is the latest example of Fortinet's commitment to delivering cloud-native services to support our customers. Fortinet’s work with AWS ensures that customers’ public cloud workloads are protected by best-in-class security solutions powered by comprehensive threat intelligence. Fortinet support of key AWS services simplifies security management, facilitating full visibility across environments and providing broad protection across your workloads and applications. Throughout any stage in a customer’s migration to the cloud, Fortinet Security Fabric, the industry’s highest performing cybersecurity mesh platform, delivers security-driven networking and adaptive cloud protection for the ultimate flexibility and control needed to build in the cloud.
“Fortinet was the clear choice for help when we decided to move our workloads from a data center to a public cloud environment on AWS. By leveraging Fortinet cloud security solutions to complement native AWS security groups, we were able to accelerate our cloud migration to just one month, a process that that would typically take one year. With the introduction of FortiGate CNF, Yedpay is looking forward to having the option of a managed firewall service powered by the collective cloud infrastructure expertise of Fortinet and AWS to further bolster our existing cloud security and enable us to securely grow our business.”
Simon Lau, CIO & CISO, Yedpay
“We know organizations are looking to further simplify and modernize security on the cloud, which is why we’re working with Fortinet to deliver adaptive cloud security solutions. With FortiGate CNF, customers can build confidently, boost agility, and take advantage of everything AWS has to offer. As a fully managed cloud-native service, FortiGate CNF provides the enterprise-level firewall services and network security that helps reduce risk and improve compliance, and optimizes customers’ security investments. We’re looking forward to continuing our work with Fortinet to help our mutual customers accelerate their cloud security goals.”
Dave Ward, GM, Application Networking, AWS
Fortinet makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 595,000 customers trust Fortinet to protect their businesses.
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
ISG | September 20, 2022
Information Services Group, a leading global technology research and advisory firm, said today it is has formed a partnership with cyberconIQ, a cybersecurity platform and advisory company, to address the human side of cybersecurity.
Under the new partnership, ISG Cybersecurity will be able to offer its clients the capabilities of cyberconIQ’s Human Defense Platform, a SaaS-based solution that helps mitigate the human factors that create cyber risk, while cyberconIQ will be able to offer its customers access to the full range of ISG Cybersecurity services.
“People are one of the biggest risks to enterprise cybersecurity,” said Doug Saylors, partner and co-leader of ISG Cybersecurity. “Some 85 percent of breaches today involve human error, with breaches caused by phishing attempts up 25 percent in the last year alone. To combat this problem, enterprises need to strengthen their cybersecurity culture and help people become their own—and their employers’—best protection against cyber threats.”
Saylors said the partnership with cyberconIQ will enable ISG Cybersecurity to offer its clients a platform-based approach to identify individual risk styles among employees, increase overall security awareness, and actively monitor, measure, model and manage people-related cyber risk.
“The solution set of cyberconIQ is a welcome addition to ISG Cybersecurity’s market-leading portfolio of advisory, benchmarking, sourcing, organizational change management and third-party risk management capabilities,” Saylors said.
CyberconIQ’s Human Defense Platform is proven to reduce people-related cyber risk by up to 95 percent, said the company’s CEO and Founder Dr. James Norrie.
“We are able to substantially reduce cyber risk by leveraging our CYBERology™ approach – the intersection of cybersecurity and psychology,” said Norrie. “We embed behavioral science methods targeting changes in on-the-job behavior into all of our cybersecurity solutions.”
The cyberconIQ offering includes the patented myQ Risk-Style Questionnaire, unIQue Security Awareness Education modules, cybermetrIQs Cyber Risk Dashboard, phishFixIQ Phishing Simulation and Remediation solution, and leaderIQ adaptive learning approach to creating a risk-aware and compliant culture.
“We are excited to be working with ISG and its blue-chip client roster to bring the benefits of our human-centered approach to cybersecurity to more organizations,” Norrie said. “Working together, our combination of technology and people-based approaches will help companies significantly improve their cyber defenses and risk awareness.”
ISG Cybersecurity is a unit of ISG that helps enterprise clients increase their cybersecurity maturity in line with their overall digital transformations. The unit helps clients assess and benchmark their cybersecurity programs, develop a cybersecurity strategy, design and implement their cybersecurity operating model, design overall solutions and select appropriate vendors, manage third-party risk and create and execute cybersecurity awareness and training programs.
Headquartered in York, Penn., cyberconIQ was founded with the knowledge that technical approaches to cybersecurity alone do not address the prevalent issues we face today. With years of research and development with financial industry leaders, Dr. James Norrie discovered that our foundational CYBERology™ approach – the intersection of cybersecurity and psychology – would improve security outcomes and would advance the risk and compliance culture within organizations world-wide. With proven results that are 8 - 10x more effective than generic training alternatives, cyberconIQ's platform measurably reduces the risk of a human-factors cybersecurity breach or data leak.
ISG is a leading global technology research and advisory firm. A trusted business partner to more than 800 clients, including more than 75 of the world’s top 100 enterprises, ISG is committed to helping corporations, public sector organizations, and service and technology providers achieve operational excellence and faster growth. The firm specializes in digital transformation services, including automation, cloud and data analytics; sourcing advisory; managed governance and risk services; network carrier services; strategy and operations design; change management; market intelligence and technology research and analysis. Founded in 2006, and based in Stamford, Conn., ISG employs more than 1,300 digital-ready professionals operating in more than 20 countries—a global team known for its innovative thinking, market influence, deep industry and technology expertise, and world-class research and analytical capabilities based on the industry’s most comprehensive marketplace data.
Picus Security | November 10, 2022
Picus Security, the pioneer of Breach and Attack Simulation (BAS), today announced the availability of its next-generation security validation technology. The new Picus Complete Security Validation Platform levels up the company's attack simulation capabilities to remove barriers of entry for security teams. It enables any size organization to automatically validate the performance of security controls, discover high-risk attack paths to critical assets and optimize SOC effectiveness.
"Picus helped create the attack simulation market, and now we're taking it to the next level, By pushing the boundaries of automated security validation and making it simpler to perform, our new platform enables organizations even without large in-house security teams to identify and address security gaps continuously."
-H. Alper Memis, Picus Security CEO and Co-Founder
The all-new-and-improved Picus platform extends Picus's capabilities beyond security control validation to provide a more holistic view of security risks inside and outside corporate networks. It consists of three individually licensable products:
Security Control Validation - simulates ransomware and other real-world cyber threats to help measure and optimize the effectiveness of security controls to prevent and detect attacks.
Attack Path Validation - assesses an organization's security posture from an 'assume breach' perspective by performing lateral movement and other evasive actions to identify high-risk attack paths to critical systems and users.
Detection Rule Validation - analyzes the health and performance of SIEM detection rules to ensure that SOC teams are reliably alerted to threats and can eliminate false positives.
A global cybersecurity workforce gap of 3.4 million professionals∗ means automated security validation is now essential to reduce manual workloads and help security teams respond to threats sooner. Recently, the US's Cybersecurity and Infrastructure Security Agency (CISA) and UK's National Cyber Security Centre (NCSC) published a joint advisory recommending organizations test their defenses continually and at scale against the latest techniques used by attackers.
Insights from point-in-time testing are quickly outdated and do not give security teams a complete view of their security posture, With the Picus platform, security teams benefit from actionable insights to optimize security effectiveness whenever new threats arise, not once a quarter. With our new capabilities, these insights are now deeper and cover even more aspects of organizations' controls and critical infrastructure,said Volkan Erturk, Picus Security CTO and Co-Founder.
About Picus Security
Picus Security is the pioneer of Breach and Attack Simulation (BAS). The Picus Complete Security Validation Platform is trusted by leading organizations worldwide to continuously validate security effectiveness and deliver actionable insights to strengthen resilience 24/7. Picus has offices in North America, Europe and APAC and is supported by a global network of channel and alliance partners. Picus has been named a 'Cool Vendor' by Gartner and is cited by Frost & Sullivan as one of the most innovative players in the BAS market.