ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Businesswire | April 03, 2023
AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) solutions, today announced the availability of AttackIQ Ready!, a fully managed breach and attack simulation service that leverages years of advanced content and actionable reporting to improve organizations’ security posture and security program performance. The service was designed to simplify the execution of a continuous security validation program, showing results in real-time and orchestrating faster remediation – all through one automated platform – for everyone who wants it.
Absent real data, teams lack clarity about their capabilities and performance and cannot confidently operate against the adversary. AttackIQ has found that security controls only stop the adversary 39% of the time in the real world due to misconfigurations and security control degradation. To solve this problem, AttackIQ Ready! delivers clear reporting and analysis so that security leaders know how well their controls perform against the adversary. AttackIQ Ready! provides weekly reports, monthly executive-focused reports, and insurance-focused reports that can be used to communicate to the executive team, the board, insurance companies, and regulators alike.
“We know that automated testing provides a path to better security and business outcomes. With this announcement, we are making AttackIQ’s advanced testing capabilities available to a much broader section of the market,” said Carl Wright, Chief Commercial Officer, AttackIQ. “Many organizations lack the resources to operationalize the MITRE ATT&CK framework or conduct red team assessments of their cyberdefenses. We are very excited to release AttackIQ Ready! to help teams of all sizes maximize return on investment and improve operational readiness.”
With AttackIQ Ready!, organizations can expect the following:
Easy and Immediate Use: From day one, AttackIQ Ready! provides an easy-to-use and immediate baseline understanding of your security coverage as well as continuous visibility into your security posture. It helps you to identify gaps and issues surrounding your overall cybersecurity hygiene.
Weekly and Monthly Reporting: Weekly and monthly reports about your security controls’ performance, including against specific adversaries curated by the AttackIQ Adversary Research Team (APT29, FIN6, etc.).
Monthly Adversary Curation: Every month, the AttackIQ Adversary Research Team introduces a new set of adversarial campaigns to test your security controls against that specific adversary.
Continuous Automated Testing: The AttackIQ Ready! team conducts weekly tests of your security controls using MITRE ATT&CK-aligned assessments drawn from the full AttackIQ research library.
Actionable Remediation Guidance: Generates tailored, easy-to-use remediation guidance so that you can close gaps and address issues quickly to improve performance.
Detection Engineering: AttackIQ Ready! introduces the option of detection testing for companies that have a security operations center or a SIEM structured to respond to alerts and attacks.
In-App Threat Intelligence and Analysis: Gain immediate in-app analysis about emerging and advanced threats and how to prepare your defenses to withstand attacks.
AttackIQ Ready! will help an even broader range of customers to achieve these results. A security operations center is not required to use AttackIQ Ready!. All that is needed are existing security controls to validate, either through cloud services like AWS or Azure or security providers.
What kind of results might companies expect? One security leader at a premier biosciences company recently used the AttackIQ platform to prove to an insurance company that his security controls were performing as intended and negotiate a peg to his insurance premium, saving his organization hundreds of thousands of dollars in fees. As he said, “When we can prove that our solutions and controls are not just adequate, but they're rock solid, there's much value there. The investments in our firewalls, endpoint controls, and network security controls help build the program's reputation and instill more confidence. Then when we go to the board for requesting a large sum of funding for maybe a new project, there are not as many questions.”
“AttackIQ has helped companies from the Fortune 10 to Global 2000 elevate their security effectiveness, including JetBlue, Bupa and the Department of Defense,” Wright continued. “This service will help companies hone security analyst and security operations team performance, find redundancies in security controls, validate security controls for insurers, decrease the impact of breaches, and much more. You can’t manage what you can't measure, and we look forward to helping organizations measure their defenses against the adversary.”
Pricing and Availability
AttackIQ Ready! is available now. More details are available at: www.attackiq.com/ready. For pricing or to schedule a demo, contact AttackIQ.
About AttackIQ
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free award-winning AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat-Informed Defense.
Read More
DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS
Globenewswire | April 04, 2023
CertiK, the leading provider of blockchain security solutions, is excited to announce the launch of Skynet for Community, an all-in-one security, due diligence, and insights platform for the Web3 ecosystem. Skynet for Community empowers users, investors, and community members to make informed decisions about Web3 projects by providing a comprehensive set of tools for research, analysis, and monitoring.
With thousands of Web3 projects creating millions of points of data every day, it's easy to get lost in the noise. Skynet for Community’s rich data-driven insights help users to discover new projects, conduct due diligence on projects of interest, and keep up to date on the latest news and developments in the Web3 space. The platform aggregates a vast amount of data into Web3's most accessible due diligence tool.
Skynet for Community puts security front and center, with the Security Leaderboard ranking projects according to their Security Score and market performance. The Verified Teams (KYC) Leaderboard lists and ranks projects based on the status of their CertiK KYC Badge, which is awarded to project teams that undergo a rigorous background investigation.
Skynet for Community evaluates the security of Web3 projects through both manual and automated measures. The platform covers the majority of all Web3 projects using transparent metrics, regardless of their relationship with CertiK.
Manual Signal Scores are determined by CertiK’s research analysts and security experts, who evaluate factors such as the quality of whitepapers, documentation, and other fundamental aspects of the project. Automatic Signal Scores are calculated in real-time by the underlying software and monitoring systems, which evaluate website cybersecurity, security incidents, and other factors. The signals are weighted based on their severity or potential impact, and the aggregate of qualitative and quantitative insights makes up the project’s final Security Score.
Skynet for Community also includes tools such as Exchange Analyzer, which allows users to conduct due diligence on centralized exchanges by displaying their on-chain asset holdings; Skynet Alerts, a system that provides timely notifications on rugpulls and exploits in the cryptocurrency space; and Wallet Analyzer, which provides insights on wallet addresses and makes it easy to visualize and decipher on-chain transactions between wallets.
"Skynet for Community is a revolutionary product that leverages CertiK's expertise in blockchain security to provide an independent, transparent, and comprehensive evaluation of Web3 projects," said Professor Ronghui Gu, co-founder and CEO of CertiK. "We are excited to launch this product and offer the Web3 community a powerful tool that makes it easy to do your own research."
The launch of Skynet for Community marks a new era of transparency and accountability for the Web3 world as it provides a comprehensive evaluation of projects' security in real-time. With its uniquely comprehensive approach of combining manual and automated measures, CertiK's Security Score provides an independent lens through which all Web3 projects can be evaluated.
To learn more about Skynet Community and to try out the suite of due diligence tools, visit skynet.certik.com or follow along on Twitter at @CertiK and @CertiKCommunity.
About CertiK
CertiK is a pioneer in blockchain security, leveraging best-in-class AI technology and expert manual review to protect and monitor blockchain protocols and smart contracts. Founded in 2018 by professors from Yale University and Columbia University, CertiK secures the Web3 world, by applying cutting-edge innovations from academia to enterprise, enabling mission-critical applications to scale with safety and correctness. CertiK has audited more than 3,900 Web3 projects and secured hundreds of billions of dollars of market capitalization.
Read More
DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS
Businesswire | April 18, 2023
Imperva, Inc., (@Imperva) the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, and Fortanix, Inc. (@Fortanix), the Data Security company powered by Confidential Computing, announce that they have signed a partnership agreement, and have each joined the other’s strategic partner program.
This partnership brings together two of the most innovative and trusted cybersecurity companies focused on multicloud data protection. The joint offerings from Imperva and Fortanix will provide the ability to manage the entire data security workflow for customers ensuring data privacy and compliance.
Imperva now offers Fortanix Data Security Manager (DSM), a highly scalable data security platform that delivers unified cryptographic and privacy services such as encryption, tokenization, dynamic data masking (DDM), secrets management, and enterprise key management. The solution works across multiple cloud service providers (CSPs) and provides an “easy button” to secure over 100 services. Fortanix DSM is simple to deploy and is offered in two editions — on-premises and a cloud-based SaaS solution — providing data security controls with both backed by FIPS 140-2 Level 3 certification.
"We’re thrilled to partner with Imperva and take a best-in-class solution to the market together,” says Anand Kashyap, CEO of Fortanix. “With Imperva’s data discovery and classification capabilities and the Fortanix Data Security Manager SaaS and multicloud offering, customers have an end-to-end solution for securing workloads across the entire Data Lifecycle. This solution will help customers accelerate their data journey to the cloud while meeting the highest level of compliance.”
Imperva Data Security Fabric (DSF) is a robust and scalable hybrid, multicloud platform for data discovery and classification, activity monitoring, access controls, security analytics, threat detection, and compliance reporting. Imperva DSF provides protection for unstructured, semi-, and structured data — both on-premises and in the cloud.
Organizations continue to seek the most efficient and effective data security solutions to address multiple use cases such as sensitive data protection, insider threat detection, and data risk management. They must also meet compliance and privacy requirements while operating diverse ecosystems at scale and consolidating legacy tools, all without impacting the speed and agility of the application development team to achieve the highest level of ROI.
With the combined strength of Imperva DSF and Fortanix DSM, this data security partnership will benefit organizations that find their traditional controls are no longer sufficient as they move data workloads and applications to the cloud. These data security solutions address data security and privacy regulations such as GDPR, CCPA, PCI DSS, and HIPAA by employing methods to help protect and control data confidentiality, data integrity, and data access across the hybrid multicloud environment.
“With the unprecedented explosion of data over recent decades and every day, unknown sensitive data might be anywhere — potentially exposed, and unsecured. But with this new partnership between Imperva and Fortanix, companies can now discover, classify, and secure their data using encryption and tokenization wherever it resides,” says Dan Neault, SVP and GM of Data Security at Imperva. “Using the intelligence and flexibility of Imperva DSF combined with the power of the Fortanix DSM, finding sensitive data and taking the right steps to secure it is now easier than ever.”
Additionally, Imperva is now able to provide customers with Fortanix DSM via the Imperva End-User License Agreement (EULA) providing streamlined procurement via a single vendor for sales, implementation, training, support, and services.
Building a complete cybersecurity technology ecosystem dedicated to data security and compliance
The Imperva Technology Alliance Program (TAP) enables technology companies, security vendors, and cloud service providers to co-market, sell, and integrate their products and platforms with the award-winning Imperva cybersecurity portfolio to create solutions that deliver added value for customers and generate revenue growth for TAP partners.
Imperva DSF continues to deliver more value to customers through these alliances. Additionally, Fortanix also supports the Imperva Web Application Firewall (WAF) by being able to store WAF encryption keys.
Meet with us at RSA Conference
Join Imperva and Fortanix at RSA Conference 2023 on April 24-27 in San Francisco, CA. Imperva will be exhibiting at booth #5180, North Hall, and Fortanix will be exhibiting at booth #449, South Hall. There will be representatives from both companies at both booths throughout the conference including;
Terry Ray, SVP, Data Security GTM and Field CTO at Imperva, will be speaking at the Fortanix booth at 3:00 pm on Tuesday, April 25: “Why organizations need monitoring AND encryption for data security, not monitoring OR encryption.”
Sumanth Kakaraparthi, VP of Data Security Product Management at Imperva, will be speaking at the Fortanix booth at 3:00 pm on Wednesday, April 26: “You can’t protect your sensitive data unless you know where it is and what it is.”
Additional Information
Learn more about the Imperva Data Security Fabric (DSF)
Learn more about the Fortanix Data Security Manager (DSM)
Learn about Imperva joining the Fortanix Partner program here
Learn about Fortanix joining the Imperva Technology Alliance Partner program here
Check out the Imperva Blog for the latest products and solutions news and threat intelligence from Imperva Research Labs
About Imperva
Imperva is the cybersecurity leader that helps organizations protect critical applications, APIs, and data, anywhere, at scale, and with the highest ROI. With an integrated approach combining edge, application security, and data security, Imperva protects companies through all stages of their digital journey. Imperva Research Labs and our global intelligence community enable Imperva to stay ahead of the threat landscape and seamlessly integrate the latest security, privacy, and compliance expertise into our solutions.
About Fortanix
Fortanix secures data, wherever it is. The company’s data-first approach to security powered by Confidential Computing complements traditional infrastructure-centric solutions and allows businesses of all sizes to modernize their data security posture on-premises, in the cloud, or everywhere in between. Rated highly by customers, and with 100-plus tech integrations, the company’s award-winning flagship Data Security Manager (DSM) platform delivers a unified approach to the data security and privacy lifecycle while reducing risk and increasing compliance. Fortanix customers include global banks and financial services institutions, technology companies, retailers, government agencies, healthcare institutions as well as cloud service providers.
Read More