DATA SECURITY, PLATFORM SECURITY
Privacera | October 11, 2022
Privacera, the only open-standards based data security governance leader founded by the creators of Apache Ranger™, today announced native support for Dataproc. This integration allows users to define and enforce fine-grained level access control to Dataproc with Apache Hive, Apache Spark, and Presto. Privacera already natively integrates and supports a number of Google Cloud Platform (GCP) services such as BigQuery and Google Cloud Storage. Privacera helps enterprise data teams protect sensitive data and enable privacy across all on-premise, hybrid and multi-cloud data sources while reducing time to insights by automating outdated, manual governance processes.
With the availability of Privacera's native integration to Dataproc, organizations will be able to accelerate their migration to GCP by securely managing data access policies across diverse on-premise and GCP data sources. This will significantly reduce the efforts around data migrations to the cloud through increased automation and consistent policy management, and the ability to ensure compliance through an open, consistent and proven standard.
For users of Apache Ranger who are looking to build new secure data applications in the cloud, with Privacera, they can now leverage the same security and governance capabilities that they are familiar with to more sources, at enterprise scale, and greater functionality, since Privacera is based on Apache Ranger open standards.
"Expanding the sources that we support and contributing to the Apache Ranger community increases the ability for our customers to leverage their existing investments in secure and consistent data access policies. "Our customers, including a large consumer credit reporting agency that uses GCP and Privacera as part of their modern data stack, can now extend their capabilities to discover and secure sensitive data sets across numerous GCP data services while migrating safely to the cloud."
Privacera CEO Balaji Ganesan
Privacera offers Dataproc users the following extended privacy and governance capabilities:
Centralized management and enforcement of tag-based data access control policies across GCP and other cloud data services
Policies for fine-grained access controls for Apache Hive, Apache Spark,and Presto
Customizable, out-of-the-box compliance, audit, and governance reports for CCPA, GDPR, LGPD, HIPAA, RTBF, and more
Dynamic encryption, decryption, and masking (column masking and row filtering)
Broad integrations with identity management systems like corporate AD/LDAP, Okta, and SCIM
SOC 2 Type 2 compliant, enterprise-grade SaaS data access governance solution that can be configured in minutes
Hardened deployment of Apache Ranger with high-availability
About Privacera
Founded in 2016 by the creators of Apache Ranger™, Privacera's SaaS-based data security and access governance platform enables data and security teams to simplify data access, security, and privacy for data applications and analytical workloads. The Privacera platform supports compliance with regulations such as GDPR, CCPA, LGPD, and HIPAA. Privacera provides a unified view and control for securing sensitive data across multiple cloud services such as AWS, Azure, Databricks, GCP, Snowflake, and Starburst. The Privacera platform is utilized by Fortune 500 customers across finance, insurance, life sciences, retail, media, and consumer industries, as well as government agencies to automate sensitive data discovery, mask sensitive data, and manage high-fidelity policies at petabyte scale on-premises and in the cloud.
Read More
DATA SECURITY, ENTERPRISE IDENTITY
Illumio | September 29, 2022
Illumio, Inc., the Zero Trust Segmentation company, today announced Illumio Endpoint®, a reimagined way to prevent breaches from spreading to clouds and data centers from laptops. Hybrid work has expanded the attack surface, introducing new threats and making organizations more vulnerable, so it’s become increasingly important for employees to have secure access to applications and data wherever they are located. Unlike other Zero Trust Segmentation solutions, Illumio Endpoint lets your policy follow your teams’ laptops wherever they work, whether at home, in the office, or at a coffee shop. With Illumio Endpoint, the first device that gets infected will also be the last.
Organizations are more interconnected and vulnerable in hybrid workplaces, and the attack surface is growing increasingly complex. Additionally, attacks on hybrid work environments are more expensive, costing an average of about $600K more than the global average. Even with endpoint detection and response tools in place, endpoints still get breached – according to ESG, 76 percent of organizations experienced a ransomware attack in the past two years alone.
Illumio Endpoint includes:
Extended visibility and segmentation policy controls for macOS and Windows devices, allowing organizations to see risk and stop attacks from spreading from laptops, workstations, and VDIs.
A single, unified console to see and manage visibility and segmentation policy across endpoints, clouds, and data centers, making Zero Trust Segmentation easier, faster, and more efficient for security teams.
Work from anywhere support with segmentation policy that follows the device, so organizations have the confidence that their networks are secure, and their employees can remain productive while working from anywhere.
The ability to control application access so users can only reach the necessary applications from their device, not the entire data center and cloud, minimizing the organization's risk from vulnerable or compromised endpoints.
"Before Illumio, we had only a slim idea of what kind of communications were running across our network. But with Illumio, we clearly see exactly what's connecting to individual endpoints.
David Ault, VP of Information Security at Telhio Credit Union
“The hybrid workforce is here to stay, which exposes organizations to a more complex attack surface and more risk, particularly on the endpoint,” said Mario Espinoza, Chief Product Officer at Illumio. “It’s important to have tools that can detect and respond to an identified breach, but unidentified attacks can spread throughout the organization to access critical data and assets when Zero Trust Segmentation is not in place to proactively contain the breach. With Illumio Endpoint, security leaders will gain the comprehensive protection needed to build resilience to attacks throughout their hybrid IT and as employees work from anywhere.”
“Ransomware and other cyberattacks often involve end user devices somewhere in the attack chain, moving laterally on to other higher-value assets,” said Dave Gruber, Principal Analyst, ESG. “Because attackers continue to find ways in and move laterally fast, prevention, detection and response mechanisms can fall short stopping these fast-moving attacks. Containment strategies such as Zero Trust Segmentation across endpoint devices can proactively stop ransomware and other fast-moving attacks from spreading to critical infrastructure and assets, reducing risk.”
About Illumio
Illumio, the Zero Trust Segmentation company, stops breaches and ransomware from spreading across the hybrid attack surface. The Illumio ZTS Platform visualizes all traffic flows between workloads, devices and the internet, automatically sets granular segmentation policies to control communications, and isolates high-value assets and compromised systems proactively or in response to active attacks. Illumio protects organizations of all sizes, from Fortune 100 to small business, by stopping breaches and ransomware in minutes, saving millions of dollars in application downtime, and accelerating cloud and digital transformation projects.
Read More
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Synack | September 13, 2022
Synack, a premier platform for on-demand security expertise, announced that it has joined the Microsoft Intelligent Security Association (MISA) and is available through integration with Microsoft Sentinel, giving enterprises globally seamless access to a worldwide network of top security researchers working around the clock to protect their cloud assets.
Becoming part of MISA, an ecosystem of independent software vendors and managed security service providers, builds on a growing collaboration between Synack and Microsoft and is a testament to both organizations' commitment to providing easier, more flexible and scalable cybersecurity solutions.
Microsoft Sentinel is a cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution designed to reduce unnecessary friction in the vulnerability remediation process. It also provides early threat detection and rapid response to sophisticated attacks to facilitate shorter resolution times and lower the number of security incidents.
"Our integration with Microsoft Sentinel couldn't be more timely and important today as organizations everywhere are scrambling to find enough skilled practitioners to protect them against punishing cyberattacks. We help solve that talent gap with our platform that combines a powerful network of ethical hackers with the most advanced technology. "We look forward to building on this important relationship with Microsoft."
Jay Kaplan, Synack's CEO
Cyberattacks on cloud environments are expected to increase, putting enterprises and critical infrastructure providers at greater risk of supply chain, ransomware and nation-state attacks. As a result of these threats, the Biden administration has called on organizations to deploy third-party testing "to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors." The Synack integration with Microsoft Sentinel enables customers to respond to this challenge.
"Members of MISA integrate their security solutions with Microsoft's security technology to gain more signal, increase visibility and better protect against threats. By extending Microsoft's security capabilities across the ecosystem, we help our shared customers to succeed," said Maria Thomson, Microsoft Intelligent Security Association Lead. "This vibrant security ecosystem is valuable to our shared customer base because it reduces the cost and complexity of integrating disparate security tools."
Synack will deliver insights through its Microsoft Sentinel integration, enabling security teams to correlate these findings with Microsoft Sentinel data to gain end-to-end visibility, comprehensively investigate and take action on threats.
In addition to the Microsoft Sentinel integration and MISA membership, Synack also recently announced another integration with Microsoft's Security and Compliance for Cloud Infrastructure solution that will further enhance Microsoft Azure protections.
ABOUT SYNACK:
Synack's premier on-demand security testing platform harnesses a talented, vetted community of security researchers and smart technology to deliver continuous penetration testing and vulnerability management, with actionable results. We are committed to making the world more secure by closing the cybersecurity skills gap, giving organizations on-demand access to the most-trusted security researchers in the world. Headquartered in Silicon Valley with regional teams around the world, Synack protects global banks, federal agencies, DoD classified assets and more than $6 trillion in Fortune 500 and Global 2000 revenue.
Read More