Doble's Transient Cyber Asset Security Service a Hit among Top Electric Utilities, Demand Rises

Doble | July 01, 2020

Doble Engineering Company, a leader in power grid diagnostic solutions and subsidiary of ESCO Technologies Inc. (NYSE: ESE), today announced it has seen sustained growth in its Transient Cyber Asset (TCA) program. During the first half of 2020, the company achieved a record client renewal rate and strong customer acquisition growth, especially among the Fortune 500 and top electric utilities in the U.S. Doble's Transient Cyber Asset program is a comprehensive Managed Security Services (MSS) solution that supports electric utility field crews. As part of the offering, customers can choose from a range of rugged, special-purpose laptops or tablets, called Doble Universal Controllers (DUCs), or use their own transient devices. Doble's expert team hardens the devices to minimize cybersecurity risks and optimizes them for efficient field work. Doble's solution also includes remote management, 24/7 customer support, and compliance monitoring to ensure the devices remain secure and compliant to applicable regulations over their operational lifetime. Doble's Transient Cyber Asset program is growing due to the continuing evolution of the North American Electric Reliability Corporation's (NERC) critical infrastructure protection (CIP) cybersecurity standards. NERC CIP-003-8, which went into effect in January 2020, expanded transient cyber asset requirements to low impact substations, bringing many more power plants and utilities within scope of the security mandates.

Spotlight

Managing cyber risks has become more challenging and urgent as businesses expand their vendor ecosystems. It is difficult enough for organizations to manage their own internal vulnerabilities, but even more challenging to ensure that every vendor across their supply chain has strong security practices in place.

This white paper explores how :

  • Increased reliance on third party vendors and dependence on outsourcing means a broader attack surface and the spread of vulnerabilities & infections.
  • Existing vulnerabilities are an indication of poor cybersecurity hygiene.
  • An organization's limited visibility into its third parties' security policies, vulnerability & threats makes it difficult to assess risk.
  • Third-party risk management is now a requirement for organizations to protect their reputation, intellectual property, data, and competitive advantage.
  • Fill out the form to download the white paper, "Going Viral: The Challenges and Urgency of Managing Third-Party Risk".

Spotlight

Managing cyber risks has become more challenging and urgent as businesses expand their vendor ecosystems. It is difficult enough for organizations to manage their own internal vulnerabilities, but even more challenging to ensure that every vendor across their supply chain has strong security practices in place.

This white paper explores how :

  • Increased reliance on third party vendors and dependence on outsourcing means a broader attack surface and the spread of vulnerabilities & infections.
  • Existing vulnerabilities are an indication of poor cybersecurity hygiene.
  • An organization's limited visibility into its third parties' security policies, vulnerability & threats makes it difficult to assess risk.
  • Third-party risk management is now a requirement for organizations to protect their reputation, intellectual property, data, and competitive advantage.
  • Fill out the form to download the white paper, "Going Viral: The Challenges and Urgency of Managing Third-Party Risk".

Related News

PLATFORM SECURITY

Uptycs Unveils Advanced Container and Kubernetes Capabilities

Uptycs | May 27, 2022

Uptycs, the first cloud-native security analytics platform that enables both cloud and endpoint security from a single platform, today unveiled expanded container and Kubernetes security posture management (KSPM) features for its cloud workload protection platform (CWPP). These features enable real-time identification of containerized workloads, proactive scanning of container images in the CI/CD pipeline, constant compliance monitoring, and Kubernetes security policy audit and enforcement. According to Gartner, by 2026, over 90% of the world's enterprises will be operating containerized apps in production, up from less than 40% currently. Businesses, on the other hand, struggle to manage and maintain these transitory assets. Misconfigurations in the control plane and insecure policies at the single container layer are used by attackers to escalate permissions, conduct container escapes, and compromise nodes for executing code. "Organizations are rapidly scaling their Kubernetes environments and seeing tremendous gains in optimization, availability, and developer productivity, but too often Security teams are left playing catch up. With telemetry from Kubernetes systems supported by our analytics platform, Security teams know immediately what resources they have and the security posture of those resources—across public and private clouds, scaling to tens of thousands of pods. Combined with our industry-leading container security capabilities, this gives Security teams confidence that they have the proper controls in place to minimize risk while enabling innovation." Ganesh Pai, CEO and Co-founder of Uptycs Uptycs offers both fully managed (AWS EKS, Azure AKS, Google GKE) and self-managed Kubernetes environments, such as VMware Tanzu and Google Anthos. Uptycs contains a range of container runtimes (Docker, containerd, CRI-O). The latest KSPM capabilities offered by the Uptycs platform are now readily accessible and will be shown at the 2022 RSA Conference (booth #435) from June 6-9. Learn more about the Uptycs container and Kubernetes security service by visiting the Uptycs blog.

Read More

PLATFORM SECURITY

Axonius Adds Key Integrations with AWS

Axonius | July 25, 2022

Axonius, a cybersecurity asset management provider, today announced integrations with Amazon Macie, Amazon GuardDuty, and AWS SecurityHub while extending its Amazon Inspector functionality. These new integrations will help customers to better understand and manage vulnerabilities across their Amazon Web Services (AWS) infrastructure. By connecting to both AWS first-party and ISV-third party security solutions, Axonius provides comprehensive visibility and management of assets across AWS cloud, multi-cloud, and on-premises. The latest integrations provide the following capabilities: Identify Exposed Amazon S3 Buckets: Axonius fetches findings from Amazon Macie to help customers identify exposed Amazon S3 buckets to maintain data integrity and compliance. Detecting Malicious Activity & Compromised Security Controls: By integrating with Amazon GuardDuty, Axonius helps customers detect malicious activity to protect AWS accounts, workloads, and data and help them understand which assets have compensating security controls. Helping Meet Security Best Practices: With insights from AWS SecurityHub, customers can compare against correlated data to verify whether assets that don't meet best practice standards have a compensating security control. Comprehensive View of Cloud Security Posture: Axonius delivers a complete inventory of assets from more than 450 correlated data sources giving customers a comprehensive view of their cloud security, including vulnerability data from Amazon Inspector. "As companies continue to shift workloads to the cloud, they're also increasingly leveraging cloud provider-native security service offerings. "Yet customers are still exhausted by the highly-manual, slow, and error-prone processes that negatively impact their risk mitigation, threat management, and compliance. With Axonius and AWS, customers finally have a unified view of their assets while dramatically strengthening their security posture." Mark Daggett, Vice President of Worldwide Channels and Alliances at Axonius About Axonius Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers gaps, and automatically validates and enforces policies. Deployed in minutes, the Axonius cyber asset attack surface management (CAASM) solution integrates with hundreds of data sources to give customers the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, automating response actions, and informing business-level strategy. Cited as one of the fastest growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of devices for customers around the world.

Read More

SOFTWARE SECURITY

WhiteSource Rebrands as Mend

Mend | May 30, 2022

WhiteSource, a pioneer in application security, has rebranded to Mend. Within the Mend Application Security Platform, the business is also delivering the industry's first automatic remediation for custom code security concerns, as well as integrating Mend Supply Chain Defender (previously WhiteSource Diffend) in its JFrog Artifactory plugin. Mend protects all parts of your program by automating repair, prevention, and protection from issue to solution, rather than just detection and proposed solutions. With revenue increasing by 800% in the previous three years and enterprise net retention reaching 127% in 2021, the firm recruited 350 new clients in the last year. Mend has over 1,000 clients, including more than 25% of the Fortune 100, and is committed to spending its most recent investment ($75 million series D announced in April 2021) on general development as it extends outside the Software Composition Analysis (SCA) industry. This includes the purchase of Diffend in April 2021, as well as the acquisitions of SAST companies Xanitizer and DefenseCode in February of this year. The Mend Application Security Platform is the result of strategic acquisitions and the company's unique automated remediation capabilities. The platform is the first to automatically detect and correct application security gaps including both open source and bespoke code, combining automated remediation for static application security testing (SAST) with Mend's current capacity to do so for software composition analysis (SCA). "Attackers are increasingly targeting applications as the weakest link to go after organizations, and at the same time, pressure to deliver software faster has never been higher. Organizations face undeniable tension to do both, better. Mend breaks the tradeoff between security and development delivery timelines by providing a solution that automates the reduction of the software attack surface while removing most of the burden of application security, allowing development teams to deliver quality, secure code, faster." Rami Sass, Co-founder and CEO of Mend Josh Johnson, Manager of Solutions Architecture, Defy Security said that "Whether open-source or proprietary code, the application security industry has mostly focused on vulnerability detection and management. Mend has an interesting approach of automating the remediation of code vulnerabilities. While the company is announcing this new name, as a partner of Mend, we are excited for it to further its commitment to solving code-based security challenges with automated-remediation. Defy Security looks forward to seeing Mend extend automation for closing security gaps."

Read More