DATA SECURITY

Deloitte to Acquire Digital Terbium Labs, Risk Protection Solution Provider, to Expand its Offerings towards Threat Intelligence

Deloitte | June 21, 2021

Deloitte has announced its acquisition of assets of Terbium Labs, a Baltimore-based digital risk protection company. Terbium Labs helps organizations detect and remediate data theft, exposure, or misuse across the digital landscape. All services and solutions of Terbium Labs will join the cyber practice of Deloitte in its Detect & Respond operation services. These services by Terbium Labs include a platform for digital risk protection for leveraging artificial intelligence and patented data fingerprinting technologies and machine learning for identifying illicit use of sensitive online data.

Including Terbium Labs, in 2021, it is the third cyber acquisition of Deloitte. It has previously acquired Root9B, LLC (R9B), a cyber-threat hunting provider, and CloudQuest, a cloud security posture management provider. Deloitte demonstrates its commitment to aiding global clients in managing all the cyber threats in running the businesses smoothly in all digital platforms through these acquisitions.


According to Deloitte & Touche LLP’s Deloitte Risk & Financial Advisory's infrastructure solution leader and principal, Kieran Norton, finding complex or exclusive data once it leaves an establishment's limit can be exceptionally challenging. Advanced online threat intelligence, paired with remediation of data risk disclosure, needs a balance of progressive technology, a keen understanding of monitoring compliance, and acceptable alteration with an establishment's commercial needs and risk outline.

Adding to it, Deborah Golden, Deloitte & Touche LLP’s Deloitte Financial and Risk Advisory Cyber and Strategic Risk leader and the principal said that their industry-leading cyber practice is dedicated to providing our customers with novel and ground-breaking ways to alter their cyber risk postures as they endeavor to reinforce their conviction equity, flexibility, and safety.

Spotlight

In the battle for Bandwidth on Internet access links, users consuming huge bandwidth for non-business related work can flood the capacity to the extent that the Business-Critical users cam remain completely undermined. Abundant data that swell to use any available bandwidth, network bottlenecks, and bandwidth hungry applications.... all seem to conspire against the network performance. This whitepaper discusses how Cyberoam delivers centralized bandwidth control, optimizes Network performance and increases productivity for the 0rganizations.

Spotlight

In the battle for Bandwidth on Internet access links, users consuming huge bandwidth for non-business related work can flood the capacity to the extent that the Business-Critical users cam remain completely undermined. Abundant data that swell to use any available bandwidth, network bottlenecks, and bandwidth hungry applications.... all seem to conspire against the network performance. This whitepaper discusses how Cyberoam delivers centralized bandwidth control, optimizes Network performance and increases productivity for the 0rganizations.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Veracode Launches Container Security Offering That Secures Cloud-Native Application Development

Veracode | October 07, 2022

Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform to include container security. This early access program for Veracode Container Security is now underway for existing customers. The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secrets management requirements for container images. “As developers embrace cloud-native computing practices, containers have become increasingly important for business efficiency. This launch helps close a substantial gap in the market for developer-friendly solutions that cover critical capabilities for container security. We are excited to bring this next enhancement of our platform to the market and empower customers to address security testing for more modern architectures and deployment styles.” Veracode Chief Product Officer, Brian Roche The Requirement for Container Security is Rapidly on the Rise Containers are increasingly used to simplify software deployment and runtime environment configuration management. They comprise small, fast, portable units of software in which code is packaged so that an application can be run quickly and reliably in different computing environments—from the desktop to the cloud. They provide an ecosystem of repositories, orchestration technologies, and capabilities that address related issues, such as service-to-service communication and configuration management. Instantiated in pipelines from code, containers have the benefit of immutability, meaning they are not updated, reconfigured or patched in production. Instead, the underlying image is updated with new capabilities and redeployed, helping to improve efficiency in the production environment. Despite the benefits of containers, they are affected by many of the same problems that traditionally plague physical production or virtual server hardware, such as vulnerabilities introduced through additional software, poorly managed secrets (like Amazon Web Services keys and credentials in Dockerfiles), and security misconfigurations. This has resulted in increased demand for products that address these issues and related problems, with the Global Container Security Market size expected to reach $3.9 billion by 2027*. Container security scanning analyzes container images against organizational or industry-specific standards to identify insecure processes, misconfigurations that could lead to a vulnerability, and inadequate authentication and access control. Veracode Container Security Integrates into the Developer Environment Many products already in the market are aimed at securing containers in runtime and offer limited support for developers, posing a major challenge for early remediation. Veracode’s solution instead integrates into the CI/CD (continuous integration and continuous delivery) pipeline and is available at the command line interface. Providing coverage for vulnerability detection and remediation, secrets management, and security configuration issues on the most popular operating systems, it delivers remediation advice to developers early in the software development life cycle so that insecure containers don’t ship to production. Veracode Container Security results are available in a variety of formats based on the user’s choice, including text, JSON (JavaScript Object Notation), and Software Bill of Materials (CycloneDX, SWID [Software Identification Tagging], or SPDX [Software Packaging Data Exchange]), making them easy to integrate with other tools. Providing developers and their teams with the tools to meet their specific needs means they can find and fix vulnerabilities early in the lifecycle, giving them confidence that their containerized application environment is secure. “Veracode Container Security will be instrumental for our developers to ensure that the workloads they deploy into our cloud are secure,” said the Director of Information Security at an automotive company. “Without this tool, it would take our team weeks to receive and action container results and these would only have been available in limited formats. Now, we’re excited to integrate findings into the pipeline before they even move into production, creating time and cost efficiencies for our business.” About Veracode Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BlueVoyant Recognized with Microsoft Verified Managed XDR Solution Status

BlueVoyant | October 21, 2022

BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today announced it has achieved Microsoft verified Managed Extended Detection and Response (MXDR) solution status. By achieving this status, BlueVoyant has proven its robust MXDR services, which include a Security Operations Center (SOC) with 24x7 year-round proactive hunting, monitoring, and response capabilities, are all built on tight integrations with the Microsoft Security platform. This solution combines expert-trained technology with human-led services and has been verified by Microsoft engineers. "BlueVoyant and Microsoft both recognize that the best cyber defense is advanced technology backed by human-led expertise. "We are honored to be teaming with Microsoft to deliver a Microsoft verified Managed XDR Solution. Earning verified MXDR solution status is among other recent accolades BlueVoyant received from Microsoft. Both companies recognize that cybersecurity is a team sport, and we look forward to continuing to work closely with Microsoft to deliver the very best in cybersecurity to our joint customers." Milan Patel, global head of managed security services (MSS) at BlueVoyant Said Rob Lefferts, corporate vice president, modern protection and SOC, for Microsoft: "With malicious attacks on the rise, we understand security is front and center for our customers. That is why I am excited to congratulate BlueVoyant on achieving Microsoft Verified: Managed Extended Detection and Response solution status. [Its] solution closely integrates with Microsoft 365 Defender and Microsoft Sentinel and has been verified by Microsoft Security engineering to ensure that it provides comprehensive service coverage across the Microsoft Security portfolio." BlueVoyant is a managed security service provider (MSSP) member of the Microsoft Intelligent Security Association (MISA). The company was a finalist in the Microsoft Security Excellence Awards, given by MISA, for Security MSSP of the Year. "The Microsoft Intelligent Security Association is comprised of some of the most reliable and trusted security companies across the globe," said Maria Thomson, Microsoft Intelligent Security Association lead. "Our members share Microsoft's commitment to collaboration within the cybersecurity community to improve our customers' ability to predict, detect, and respond to security threats faster. We're thrilled to recognize and welcome BlueVoyant's MXDR solution to the MISA portfolio." Earning verified MXDR solution status is among a long list of recognition BlueVoyant has received from Microsoft. Earlier this year, BlueVoyant was named the Microsoft Security U.S. Partner of the Year, a finalist in the Microsoft Canada Impact Awards in two categories — Healthcare Impact Award and Security Impact Award — and one of Microsoft's top 150 managed security partners. In 2021, BlueVoyant was named a Microsoft Security 20/20 Partner Awards Winner for Top MDR (Managed Detection and Response) Team. About BlueVoyant BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

GuidePoint Security Launches Industrial Control Systems (ICS) Security Service Offerings

GuidePoint Security | September 28, 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the availability of its ICS Security Services. These service offerings include a Security Program Review, Security Architecture Review and ICS Penetration Testing that collectively are designed to provide an organization with a holistic view of their entire ICS security posture. Traditionally, Operational Technology (OT) environments were kept separate and isolated from the traditional IT infrastructure. Today, ICS environments have emerged from the combination of IT and OT (Industry 4.0), introducing new features and easier management, but also creating new vulnerabilities and attack vectors. For example, an OT environment can be breached by an attack that comes through the IT environment. With GuidePoint’s ICS Security Services, organizations can ensure they have visibility across not only their OT environment, but also their broader organization. “The convergence of OT and traditional IT infrastructure into ICS environments has led to easier operational oversight, but it also introduces new avenues for attackers to exploit,” said Pascal Ackerman, Sr. Security Consultant - Operational Technology. “Through the combined expertise of our Governance, Risk and Compliance, Security Architecture, and ICS penetration testing practices, we can provide customers with an assessment of their entire ICS security posture, evaluating every angle of their environment.” GuidePoint’s ICS Security Service offerings include: Security Program Review (SPR): The SPR evaluates and measures an organization’s security program maturity and is based on the framework chosen by the customer, including, but not limited to: NIST Cybersecurity Framework (CSF), NIST 800 82, CIS Controls, ISO/IEC 62443, ISO 27001, C2M2, FERC/NERC-CIP, CISA TSS and ITU CIIP. With GuidePoint’s SPR offering, organizations can better assess their security program and its maturity level, and build or enhance their existing program to ensure it is right-sized to their unique requirements. ICS Security Architecture Review (SAR): The SAR evaluates an organization’s security capabilities to ensure deployed technologies are aligned with relevant compliance requirements. GuidePoint’s team of experts provides industry-recommended enhancements to an organization’s existing solutions as well as recommendations for new controls to augment and further mature security practices. ICS Penetration Testing: This service goes beyond a typical OT pentest by combining best-in-class IT and OT pentesting methodologies to form a holistic offering that will assess all security aspects of the production environment. Organizations gain real-life, actionable results based on proven ICS (IT and OT) penetration testing methods and techniques. These ICS Security Services round out a complete portfolio of cyber-focused Governance, Risk and Compliance offerings, Security Architecture Reviews, as well as Threat and Attack Simulation Services, to ensure the security of customers’ environments. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk.

Read More