PLATFORM SECURITY

Deloitte Launches Expanded Cloud Security Management Platform

Deloitte | May 10, 2022

Deloitte
Deloitte has enhanced existing features to offer Cloud Security Management (CSM) by Deloitte to assist US executives worried about visibility into the security of their cloud workloads and apps. The platform of services and solutions involves cloud security policy orchestration (CSPO), cyber predictive analytics, attack surface management, and cyber cloud managed services (CCMS), all of which can be used independently or in multi-cloud environments on Google Cloud, Microsoft Azure, and other public clouds.

"We integrated newly acquired capabilities with our existing technologies and leading global security services to help our clients secure and enhance their cloud environments more efficiently and effectively. We worked to ensure our platform integrates and operates with the major cloud providers' security capabilities so that our clients can more easily scale their cloud security programs and apply security throughout the systems development lifecycle – even when non-standard security requirements are involved. Building upon the strength of the CSM by Deloitte platform, we plan to expand it over time as client demands change and the technology landscape evolves."

Vikram Kunchala, Deloitte Risk & Financial Advisory Cyber Cloud leader and principal, Deloitte & Touche LLP

Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP said that "While many are eager to accelerate cloud adoption in a secure, resilient and agile manner, that process is not always easy or simple – particularly when digital transformations occur at various stages, multiple cloud environments are involved, and regulatory compliance requires a variety of shared infrastructure situations, inclusive of third-party requirements. Whether organizations want to leverage our advanced technologies or large practice of highly skilled cyber specialists – or both – CSM by Deloitte acts as a potential change agent for organizations that want to operate confidently and securely in the cloud environment even as that threat landscape evolves."

Spotlight

As a cloud security provider we spend a lot of time answering questions about why organizations are attacked. Who is attacking them? And what’s at stake? What we’ve discovered is that there’s an entire DDoS ecosystem of criminals, arms dealers and victims. Our infographic shows how distributed denial-of-service (DDoS) attacks come in many forms depending on the cyber criminal’s end goal. It may be a brute force barrage or an application layer injection attack, slowing down your computer or making it difficult to complete your online purchase.

Spotlight

As a cloud security provider we spend a lot of time answering questions about why organizations are attacked. Who is attacking them? And what’s at stake? What we’ve discovered is that there’s an entire DDoS ecosystem of criminals, arms dealers and victims. Our infographic shows how distributed denial-of-service (DDoS) attacks come in many forms depending on the cyber criminal’s end goal. It may be a brute force barrage or an application layer injection attack, slowing down your computer or making it difficult to complete your online purchase.

Related News

PLATFORM SECURITY

Deloitte Launches Zero Trust Access, a New Managed Security Service

Deloitte | July 12, 2022

To help organizations adopt zero trust more quickly and efficiently, Deloitte is launching a new managed service – Zero Trust Access— that offers a cloud-native approach to securing communications between users, on any device, and enterprise applications, wherever they may reside. The Zero Trust concept commits to removing implicit trust within an information technology (IT) ecosystem and replacing it with a risk-based approach to accessing organizational resources across identities, workloads, data, networks and devices. This trend is gaining momentum, given legacy approaches to security architecture are no longer suitable to secure the ubiquitous nature of the modern enterprise. Part of the newly expanded Zero Trust by Deloitte, Zero Trust Access facilitates zero trust adoption and the evolving needs of organizations in protecting their applications, infrastructure, and data. Following the integration of recently acquired talent and technology into existing Deloitte services, the Zero Trust Access managed service connects users to applications through a frictionless cloud-native solution that is inherently scalable, resilient, agile, and secure. Further, the managed service is available standalone, integrated with other Deloitte offerings, or as part of a broader solution leveraging technologies from Deloitte's alliances ecosystem. "As perimeter-based approaches are no longer suitable to secure the modern enterprise, many organizations are working to enhance protection for their IT ecosystems via zero trust. "Zero Trust Access was built as a turnkey managed service helping ourselves and our clients accelerate adoption of this transformative security framework. Our goal was to create a cost-effective solution that can be delivered standalone or complementary to a broader ecosystem and ultimately help decrease the burden on IT and security teams who likely need to manage multiple heterogenous solutions to achieve similar outcomes." Andrew Rafla, Deloitte Risk & Financial Advisory's zero trust offering leader and principal, Deloitte & Touche LLP With innovative data protection leveraging device-level secure microcontainer technology, Zero Trust Access helps protect infrastructure while also enabling organizations to protect sensitive enterprise data and enforce least privilege through dynamic access control to enterprise assets. The managed service can replace remote access solutions inclusive of virtual private network (VPN), virtual desktop infrastructure (VDI), and desktop as a service (DaaS), all of which typically require significant capital expenditure for infrastructure, high operating costs, and technology management overhead. Zero Trust Access includes features such as ephemeral connectivity built upon secure peer-to-peer (P2P) communication, conditional access and continuous authorization, as well as robust data protection for data at-rest, in-use, and in-transit are consistently applied to each session, regardless of the type or location of the applications being accessed (e.g., legacy hosted applications, software as a service (SaaS), thick-client, web-based applications). Implementation of Zero Trust Access can help organizations leverage outcome-based solutions that improve business agility, enhance user productivity, and reduce cost and complexity of security operations. "Beginning zero trust adoption isn't simple, fast or easy for most organizations," Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP. "We're launching Zero Trust Access as the first in many adoption-enabling services and solutions to come, so that our clients are better able to modernize their security programs, enable agile operations and confidently advance with emerging technologies and transformative risk management principles that can build more resilient security practices." About Deloitte Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them.

Read More

SOFTWARE SECURITY

One Identity Announces Innovations to Security Platform

One Identity | June 06, 2022

Following the purchase of One Login last year, One Identity, a pioneer in unified identity security, today announced additional advancements to its Unified Identity Security Platform. In addition to One Identity's best-in-class offerings in Identity Governance and Administration (IGA), Identity and Access Management (IAM), Privileged Access Management (PAM), and Active Directory Management and Security (ADMS), the incorporation of OneLogin to the platform allows organizations to transition from a factionalized to a holistic approach to identity security. The inclusion of Safeguard Alchemy, a seamless on-boarding for PAM through One Identity's Starling platform, as well as device-level MFA, which offers the capability of secure MFA login access to devices, to the Unified Identity Security Platform. These new capabilities complement the platform's comprehensive analytics, as does a new passwordless auto-login function in One Identity's Safeguard product. Organizations can enable Zero Trust enforcement of access rights by ensuring the proper access permissions are provided throughout the company using a new entitlement right-sizing function. “The acquisition of OneLogin last year was a critical step for us to be able to deliver a complete and unified security strategy to our customers. Traditional identity and access management tools manage environments in a disjointed manner, leading to identity sprawl — a fragmented and inefficient approach to identity security. One Identity is transforming the way its customers are able to manage and protect access to their most valuable assets — people, identities and data — with a now complete powerful suite of identity security solutions that help simplify access management, reduce IT costs, improve security, and enhance user experience.” Bhagwat Swaroop, President and General Manager at One Identity Customers can now safeguard Windows workstations with industry-standard multi-factor authentication (MFA), leverage system-level checks to improve cybersecurity, and close security gaps in a distributed workforce and infrastructure by utilizing a combination of two powerful MFA solutions from OneLogin and One Identity. This desktop level multi-factor authentication is one of the core characteristics that distinguishes One Identity from other identity and access management suppliers, allowing enterprises to expedite cloud migration and easily scale, protect, and manage identities. The integration of OneLogin and One Identity Manager also provides customers with a centralized and mature IAM and IGA on-boarding and full identity lifecycle solution, including SSO and MFA that addresses enterprise provisioning, user self-service, approval workflows, user access attestation, user access termination, time-based access, and compliance reporting. As security breaches become more common and cybersecurity requirements get more stringent, One Identity assists clients in their transition to a Zero Trust security approach. With the integration of OneLogin into One Identity's Single Identity Security Platform, the firm provides enterprises with an united picture of users, accounts, machine identities, and accounts, transforming businesses from fragmented to unified. This platform uses identity intelligence and analytics to provide cybersecurity professionals with a clear picture of their risk profile and the ability to take remedial steps as required.

Read More

PLATFORM SECURITY

XM Cyber Acquires Cyber Observer

XM Cyber | June 28, 2022

XM Cyber, a hybrid cloud security provider, announced the acquisition of Cyber Observer, a pioneer in Continuous Controls Monitoring (CCM) and Cloud Security Posture Management (CSPM). This is XM Cyber's latest growth milestone in a year in which the organization has considerably increased its lead position in the cybersecurity market. Companies are changing faster than ever before, owing to growing regulation, competition, and consumer expectations. Traditional risk management techniques are no longer cost-effective and are incapable of providing the coverage or speed necessary in a dynamic digital environment. By incorporating XM Cyber's market-leading attack path management with Cyber Observer's continuous control monitoring, security teams will be able to see both their cyber exposures as well as how their existing security controls and identification and response tools can react to these threats at any given time, accurately representing the true risk to the business. The Cyber Observer platform will be incorporated into XM Cyber's, providing a unified, continuous picture of the vulnerabilities and exposures that put vital assets at risk, as well as the security control gaps that fail to prevent assaults. It will also automate compliance validation and reporting for important standards such as ISO, NIST, GDPR, SWIFT, and PCI. "Even as awareness of cybersecurity risk continues to grow, attackers are thriving and routinely exploiting attack paths that can be used to move laterally through an enterprise network. Our goal is to give security teams the ability to easily understand and correct their security posture on a continuous basis, including weaknesses, exposures and compensating security controls across the full internal and external attack surface covering on-prem, cloud and SaaS systems. This acquisition is not an isolated event, but just the latest step in our strategy to provide the most comprehensive and proactive security posture management platform on the market." Noam Erez, co-founder and CEO, XM Cyber Schwarz Group is the world's fourth largest retailer and a major player in cloud computing. With the establishment of a European cloud, the corporation has expanded fast in the digital area in recent years. Schwarz bought XM Cyber as its cyber branch in November 2021. Since then, XM Cyber has expanded its product offering, increased its worldwide staff, and enlarged its customer base. Schwarz's strong financial stability and wide digital vision are a driving force for development and innovation. "Cyber Observer's patented continuous control monitoring capabilities are a perfect complement to XM Cyber's award-winning hybrid cloud security platform. We are excited about this opportunity and look forward to working with the XM Cyber team to deliver the first end-to-end continuous cyber security posture management solution supporting both cloud and on-premises coverage," said Shimon Becker, co-founder and CEO, Cyber Observer.

Read More