Picus Security | December 12, 2023
Picus Security, the pioneer of Breach and Attack Simulation (BAS), today announced the Picus Managed Security Services Provider (MSSP) Partner Program. Picus has a long-standing 100% channel approach and works closely with MSSPs to deliver security validation services that quantify risk and reduce threat exposure. Now, it's easier than ever for MSSPs and their customers to get started with security validation to measure the effectiveness of security controls with real-world attack simulations and then scale up testing programs to perform validation checks consistently.
The new Picus MSSP Program provides the flexibility MSSPs need to introduce automated validation services and generate new recurring revenues quickly. Designed for customers of varying levels of cyber maturity, the program features interval-based and continuous licensing options. With interval-based licensing, MSSPs can purchase credits that allow an entry cadence for validation assessments. Then, once customers are ready to advance their security program maturity and increase the frequency of assessments they can easily switch to a continuous licensing model. The program means MSSPs can help customers to 'crawl,' 'walk,' and then 'run' with validation.
"With this new MSSP program, it's never been simpler for managed service providers to get the consistent and accurate validation insights needed to improve security outcomes for clients," said Ryan Kunker, Picus Security, Senior Director of Channels and Alliances. "By shining a light on security effectiveness in areas such as security control validation, automated security validation presents an enormous opportunity for MSSPs to improve security outcomes for clients and identify new upsell opportunities."
Security validation powered by BAS is a core pillar of Continuous Threat Exposure Management (CTEM). It helps security teams to understand if security controls provide the coverage needed to defend organizations against the latest threats, including ransomware and Advanced Persistent Threats. Gartner estimates that security services providers that adopt cybersecurity validation assessments will see an improvement of over 5% in their acquisition, retention and upsell rates.*
"We are constantly looking for new ways to provide real actionable value to our clients," said Perry Schumacher, Chief Strategy Officer at Ridge IT. "We evaluated Picus in our cyber range against our best practice configurations and it showed us opportunities to improve beyond today's best tools and practices. The Picus platform helps us provide better security for our clients by increasing our effectiveness. Our clients who purchase Picus begin a continuous improvement journey for their cyber security and are always in a cyber-ready state."
In addition to real-world threat simulation, the Picus platform also offers asset and vulnerability discovery, attack path mapping, detection engineering as code, and AI-based threat profiling - capabilities that help MSSPs to manage customers' threat exposure even more efficiently. To enable MSSPs to validate the security of multiple clients simultaneously, the platform also offers a multi-tenant portal.
"Now more than ever, every dollar spent in the security budget must be carefully weighed on merit and returned value," said Darren Humphries, Acora Group CISO and MSSP Cyber Portfolio CTO. "For strengthening the security of our own company portfolio and that of our customers, Picus is a key tool that helps us measure the efficacy of the protective security tools we use as well as our detective SOC and SIEM capabilities. Picus is a true force multiplier."
About Picus Security
Picus Security helps security teams consistently and accurately validate their security posture. Our Security Validation Platform simulates real-world threats to evaluate the effectiveness of security controls, identify high-risk attack paths to critical assets, and optimize threat prevention and detection capabilities.
As the pioneer of Breach and Attack Simulation, we specialize in delivering the actionable insights our customers need to be threat-centric and proactive.
Picus has been named a 'Cool Vendor' by Gartner and is recognized by Frost & Sullivan as a leader in the Breach and Attack Simulation (BAS) market.
Boomi | January 12, 2024
Boomi™, the intelligent connectivity and automation leader, today announced that the Boomi platform has achieved StateRAMP Authorization. This achievement reflects Boomi’s unwavering commitment to data security and compliance, and to delivering a secure and reliable solution that government agencies can rely on to safeguard their data and operations.
“At Boomi, we are committed to democratizing modernization. Securing StateRAMP authorization for our platform was paramount, enabling public sector organizations to seamlessly and securely integrate and leverage cloud applications,” said Sean Wechter, Chief Information Officer at Boomi. “Through a strategic alliance with StateRAMP, Boomi actively collaborates with its leadership board, facilitating streamlined documentation and audit processes to expedite digital transformation within the public sector."
According to the U.S. Government Accountability Office, government agencies plan to spend billions of dollars each year to support their IT and cybersecurity efforts, including transitioning IT resources to secure, cost-effective commercial cloud services.1 However, agencies are challenged to select secure cloud-based solutions, making it difficult for these organizations to modernize and improve constituent experiences.
StateRAMP, a nationally recognized risk authorization management program that provides a standardized approach to assessing cloud products, improves security and simplifies procurement by building a pool of pre-authorized Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) solutions for public sector entities.
As organizations more frequently implement cloud-based solutions, they also require validated access to integration platform as a service (iPaaS) to streamline application and resource integration. iPaaS integrates cloud-to-cloud, cloud-to-on premises, and on-premises-to-on-premises platforms, helping public sector organizations break down data silos to enhance information flow, improve citizen services, and increase operational effectiveness.
Boomi aims to make the world a better place by connecting everyone to everything, anywhere. The pioneer of cloud-based integration platform as a service (iPaaS), and now a category-leading, global software as a service (SaaS) company, Boomi touts the largest customer base among integration platform vendors and a worldwide network of approximately 800 partners – including Accenture, Capgemini, SAP, and Snowflake. Global organizations turn to Boomi’s award-winning platform to discover, manage, and orchestrate data, while connecting applications, processes, and people for better, faster outcomes. For more information, visit boomi.com.
Rubrik | January 10, 2024
Rubrik, the Zero Trust Data Security™ company, today announced that America’s premium workwear brand Carhartt has consolidated multiple legacy backup tools with Rubrik Security Cloud to achieve cyber resilience. After moving to Rubrik, Carhartt realized more than 50 percent in monthly cost savings, while significantly improving its data security capabilities.
“Data resilience is key to the continued security and success of our business. We work hard to ward off intruders but we have to operate on the assumption that they will find a way in,” said Michael Karasienski, cloud platforms manager at Carhartt. “Rubrik Security Cloud restores data fast and without fail for both our cloud and on-premises environments. Rubrik plays a key role in building trust in our system with secure protocols and access controls; it isn’t just a data security solution, it’s peace of mind for our brand.”
Established in 1889, Carhartt has a rich heritage of developing rugged products for workers on and off the job. The company honors hard work, approaching its business with the same honesty, dependability, and trust that its consumers display day-in and day-out.
Prior to Rubrik, Carhartt used a variety of different backup solutions across its operations. After an upgrade of a critical application failed, Carhartt’s administrators discovered that that application data hadn’t been backed up, forcing the team to reconstruct more than two-weeks’ worth of data manually. Furthermore, the Carhartt team discovered malware in backups from its legacy tools, resulting in weeks of searching data sets to manually complete the investigation.
With Rubrik Security Cloud, Carhartt’s IT team can now devote more time to other priorities — like business requests, incidents, and reducing technical debt — while saving more than 50 percent in operational costs each month. The company’s IT and Security teams are also collaborating to reduce risk to the organization, zeroing in on malware and tying investigations into its security operations center.
“A highly interconnected business like Carhartt is responsible for mountains of sensitive data. Protecting that data is paramount to maintain customer trust and minimize business disruption,” said Anneka Gupta, Chief Product Officer at Rubrik. “Outdated legacy technology was never built with security in mind, so organizations must turn to modernized platforms and zero-trust methodologies to defend their data. With a holistic solution like Rubrik Security Cloud, organizations like Carhartt know their business will be resilient in the face of any cyber threat.”
Carhartt utilizes numerous Rubrik products, including Anomaly Detection, Sensitive Data Monitoring, Threat Hunting, as well as its integration with Microsoft Sentinel.
Rubrik is on a mission to secure the world’s data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.