Home > News > featured news > GuidePoint Security Adds Cequence Security as the Latest Technology Partner to Join the Company’s Federal Emerging Cyber Vendor Program

Enterprise Security, Platform Security, Software Security

GuidePoint Security Adds Cequence Security as the Latest Technology Partner to Join the Company’s Federal Emerging Cyber Vendor Program

Businesswire | May 03, 2023 | Read time : 05:00 min

GuidePoint Security Adds Cequence Security as the Latest Technology

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that Cequence Security, the leading provider of Unified API Protection (UAP), has joined its Emerging Cyber Vendor Program. Through this partnership, Cequence Security will leverage GuidePoint’s federal expertise across sales and marketing, operations, engineering and procurement to expand their federal footprint. As part of this program, the Cequence Unified API Protection solution will soon be available under GuidePoint’s GSA Multiple Award Schedule Contract #GS-35F-508CA.

“While APIs are critical to enabling business, they have become a primary attack surface that must be protected,” said Jim Quarantillo, Federal Partner, GuidePoint Security. “Simply putting API gateways and WAFs in place to manage known APIs and known threats does not solve the API security issues to keep Government Agency data safe. A Unified API Protection solution that discovers, detects and defends against all API vulnerabilities, risks and threats is required.”

“Cequence Security is the only solution that protects organizations from every type of attack on the OWASP API Security Top 10, OWASP Web Application Security Top 10 and OWASP Automated Threat list,” said Mark Azad, Chief Revenue Officer, Cequence Security. “Through our partnership with GuidePoint Security, government agencies will have a complete solution for addressing all API risks.”

With the Cequence Unified API Protection (UAP) solution, customers can address every phase of their API protection lifecycle to defend APIs from attackers and eliminate unknown and unmitigated API security risks that can lead to API breaches, data loss, fraud, and business disruption. Security teams deploying the UAP solution achieve continuous protection of their complete API risk surface, enabling their organizations to reap the competitive and business advantages of ubiquitous API connectivity securely while meeting regulatory compliance.

For more information on GuidePoint Security’s Emerging Cyber Vendor Program, go to https://www.guidepointsecurity.com/emerging-cyber-vendor-program/.

About GuidePoint Security

GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com.

About Cequence

Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory tracking, dynamic testing, risk analysis and native mitigation with proven, real-time threat protection against ever-evolving API attacks. Cequence Security secures more than 6 billion API calls a day and protects more than 2 billion user accounts across organizations in different verticals. Our customers trust us to protect their APIs and web applications with the most effective and adaptive defense against online fraud, business logic attacks, exploits and unintended data leakage, which enables them to remain resilient in today’s ever-changing business and threat landscape. Learn more at www.cequence.ai.

Spotlight

Zero Trust at Scale

In 2020, Cisco set out to move from a traditional networkbased perimeter and VPN model to a zero trust framework. Dubbed ‘borderless ’ internally, the core goal was to give users a secure, uniform experience accessing applications, wherever the user or application is located. Using the features of Duo Beyond, our team set out to

More featured news

Spotlight

Zero Trust at Scale

In 2020, Cisco set out to move from a traditional networkbased perimeter and VPN model to a zero trust framework. Dubbed ‘borderless ’ internally, the core goal was to give users a secure, uniform experience accessing applications, wherever the user or application is located. Using the features of Duo Beyond, our team set out to

Related News

Data Security, Certifications and Training

Node4 Acquires ThreeTwoFour to Strengthen its Cybersecurity Offering and Expand In the Finance and Banking Sector

businesswire | July 10, 2023

Node4, a cloud-led digital transformation Managed Services Provider (MSP), has today announced the acquisition of ThreeTwoFour, an award-winning information security and technology risk specialist. The acquisition is Node4’s third significant growth purchase in the last 18 months, having also bought risual, an IT managed services and solutions provider and Tisski, a leading UK-based independent Microsoft Business applications partner. ThreeTwoFour is renowned for its extensive suite of information security services, including programme delivery, cyber strategy, risk and control assessment and governance. It also brings strong experience across the financial services sector, broadening Node4’s reach. In addition, ThreeTwoFour’s expertise in M&A Cyber Due Diligence adds further capabilities to the Node4 solutions and services portfolio. The acquisition significantly enhances Node4’s security and transformation capabilities, particularly for enterprise-level clients. Drawing on ThreeTwoFour’s capabilities, Node4 will also be better equipped to meet the increasing requirements in the public sector and government frameworks for effective cyber security solutions. ThreeTwoFour’s founder, Alex Coburn, along with his leadership team, will remain with the business as it integrates with Node4. The strongly-positioned ThreeTwoFour brand will also function as the consultative arm of Node4’s security practice. With its core team based in the UK, ThreeTwoFour is also supported by specialists working remotely from all over the world. In the past two years, the company has deployed team members from three continents and eight different countries, enabling it to support clients around the clock. “The ThreeTwoFour team are highly experienced and skilled professionals with a strong leadership team and exceptional track record of success,” commented Andy Gilbert, CEO and Founder of Node4. “The organisations are also a great cultural fit and together, we anticipate driving strong growth across our shared customer base and beyond. We look forward to working closely with Alex and everyone at ThreeTwoFour.” “We are delighted to join forces with Node4, whose reputation for customer-focused excellence is second-to-none across the UK technology industry,” said Alex Coburn, Founder of ThreeTwoFour. “By integrating our expertise and Node4’s existing services portfolio, we are confident that we can deliver market-leading security and risk solutions for enterprises and SMEs alike.” Alongside its Cyber Essentials Certification, the firm provides expertise in Identity and Access Management, Privileged Access Control, Security Architecture, Data Loss Prevention, Security Operations, Vulnerability Management, NIST, ISO27001, SANS and other Risk Management Frameworks. About Node4 Node4 empowers private and public sector organisations across the UK to deliver positive outcomes, through technology and innovation. Thanks to a broad portfolio of fully managed services including Business Applications, Modern Workplace, Cloud, Network, Data and Security, clients are empowered to reach their strategic goals. Node4 fully owns its own a network of data centres, points of presence and operates best-in-class integrated tooling. Alongside strategic relationships with market-leading vendors such as Microsoft, Cisco and Fortinet, Node4 brings together the best options for infrastructure, platforms and applications, tailored to the needs of their clients.

Read More

Enterprise Security, Platform Security, Software Security

SonicWall Introduces Monthly Firewall Security Services Bundles for MSSPs, MSPs

Prnewswire | July 03, 2023

SonicWall, a 100% channel cybersecurity leader, today announced the availability of monthly firewall security services bundles for Managed Security Service Providers (MSSPs) and approved Managed Service Providers (MSPs). "Managed security services are critical for organizations of all sizes to protect against today's ever-evolving threat landscape," said SonicWall President and CEO Bob VanKirk. "Driven by our outside-in approach, our new monthly billing option makes it even easier for MSSPs and MSPs to offer their customers the best protection available, without the upfront investment required for an annual subscription." The bundles, which include SonicWall's currently available security offerings, empower MSSPs and approved MSPs to provide their customers with flexible, cost-effective cybersecurity solutions. "Given the current state of the market, offering a diverse range of billing options can help empower businesses to tailor their payment structures and align with business needs," said Logically CEO Joshua Skeens. "With SonicWall embracing this flexibility, it will not only enhance customer satisfaction but also cultivate long-term partnerships that fuel growth and success." SonicWall MSSPs and approved MSPs can now bill customers monthly for SonicWall's popular security services included in three cost-effective protection tiers for SonicWall Generation 7 appliances: Threat Protection Security Suite, Essential Protection Security Suite and Advanced Protection Security Suite. SonicWall protection suites bundle a range of critical firewall security services, including the Capture Advanced Threat Protection (ATP) sandbox service, patented Real-Time Deep Memory Inspection™ (RTDMI), as well as intrusion prevention and application control, content filtering and reporting capabilities. "We are committed to providing MSPs and MSSPs with the technology and support they need to succeed," said Chief Revenue Officer Jason Carter. "Our firewall security services with monthly billing will help our partners deliver advanced cybersecurity services to their customers, while also simplifying their own billing and administration processes." New monthly billing models align with how MSSPs and MSPs go to market and have the following benefits: Never miss a renewal. With bundled firewall security services conveniently billed monthly, MSSPs and approved MSPs never need to worry about missing a renewal from multi-year agreements. This equals a smoother customer experience and fewer service interruptions. Simplify the PO process. Offering a no-commit, in-arrears billing option for firewall services provides integrated billing and license provisioning — all while reducing upfront costs. Bring or buy the hardware. Choose to add monthly services to existing current-generation TZ and NSa firewalls, or provision licenses on new firewalls for customer deployments. Gain 24x7 support. Each firewall security services bundle includes 24x7 SonicWall support for end customers, including a world-class online support portal. Streamline billing processes. Simplify monthly customer billing via supported Professional Services Automation (PSA) tools, such as ConnectWise and Autotask. Leverage powerful reporting and analytics. When SonicWall Network Security Manager (NSM) licenses are added to firewall security services, partners can leverage additional management, reporting and analytics capabilities. Standardize service offerings. Leverage the convenience of SonicWall's new MySonicWall APIs to execute configuration scripts to provision standard security bundles for all customers. Accelerate workflow automation. Use new APIs to extend existing MSP workflow automations for end-to-end customer onboarding across Professional Service Automation (PSA) and Remote Monitoring & Management (RMM) tools. SonicWall's new monthly billing model is available now for SonicWall MSSPs and approved MSPs. SonicWall partners may apply for access via the SonicWall Partner Portal. The SecureFirst Partner Program demonstrates SonicWall's continuing commitment and investment in the channel, providing a multi-tiered approach with a broad range of benefits for partners. The program accelerates SonicWall partners' ability to provide the industry's best security efficacy with TCO that matches real-world expectations. About SonicWall SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide.

Read More

Enterprise Security, Platform Security, Software Security

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

Prnewswire | July 19, 2023

Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file. Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged. The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe. Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks. This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain. About Legit Security Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

Data Security, Certifications and Training

Node4 Acquires ThreeTwoFour to Strengthen its Cybersecurity Offering and Expand In the Finance and Banking Sector

businesswire | July 10, 2023

Node4, a cloud-led digital transformation Managed Services Provider (MSP), has today announced the acquisition of ThreeTwoFour, an award-winning information security and technology risk specialist. The acquisition is Node4’s third significant growth purchase in the last 18 months, having also bought risual, an IT managed services and solutions provider and Tisski, a leading UK-based independent Microsoft Business applications partner. ThreeTwoFour is renowned for its extensive suite of information security services, including programme delivery, cyber strategy, risk and control assessment and governance. It also brings strong experience across the financial services sector, broadening Node4’s reach. In addition, ThreeTwoFour’s expertise in M&A Cyber Due Diligence adds further capabilities to the Node4 solutions and services portfolio. The acquisition significantly enhances Node4’s security and transformation capabilities, particularly for enterprise-level clients. Drawing on ThreeTwoFour’s capabilities, Node4 will also be better equipped to meet the increasing requirements in the public sector and government frameworks for effective cyber security solutions. ThreeTwoFour’s founder, Alex Coburn, along with his leadership team, will remain with the business as it integrates with Node4. The strongly-positioned ThreeTwoFour brand will also function as the consultative arm of Node4’s security practice. With its core team based in the UK, ThreeTwoFour is also supported by specialists working remotely from all over the world. In the past two years, the company has deployed team members from three continents and eight different countries, enabling it to support clients around the clock. “The ThreeTwoFour team are highly experienced and skilled professionals with a strong leadership team and exceptional track record of success,” commented Andy Gilbert, CEO and Founder of Node4. “The organisations are also a great cultural fit and together, we anticipate driving strong growth across our shared customer base and beyond. We look forward to working closely with Alex and everyone at ThreeTwoFour.” “We are delighted to join forces with Node4, whose reputation for customer-focused excellence is second-to-none across the UK technology industry,” said Alex Coburn, Founder of ThreeTwoFour. “By integrating our expertise and Node4’s existing services portfolio, we are confident that we can deliver market-leading security and risk solutions for enterprises and SMEs alike.” Alongside its Cyber Essentials Certification, the firm provides expertise in Identity and Access Management, Privileged Access Control, Security Architecture, Data Loss Prevention, Security Operations, Vulnerability Management, NIST, ISO27001, SANS and other Risk Management Frameworks. About Node4 Node4 empowers private and public sector organisations across the UK to deliver positive outcomes, through technology and innovation. Thanks to a broad portfolio of fully managed services including Business Applications, Modern Workplace, Cloud, Network, Data and Security, clients are empowered to reach their strategic goals. Node4 fully owns its own a network of data centres, points of presence and operates best-in-class integrated tooling. Alongside strategic relationships with market-leading vendors such as Microsoft, Cisco and Fortinet, Node4 brings together the best options for infrastructure, platforms and applications, tailored to the needs of their clients.

Read More

Enterprise Security, Platform Security, Software Security

SonicWall Introduces Monthly Firewall Security Services Bundles for MSSPs, MSPs

Prnewswire | July 03, 2023

SonicWall, a 100% channel cybersecurity leader, today announced the availability of monthly firewall security services bundles for Managed Security Service Providers (MSSPs) and approved Managed Service Providers (MSPs). "Managed security services are critical for organizations of all sizes to protect against today's ever-evolving threat landscape," said SonicWall President and CEO Bob VanKirk. "Driven by our outside-in approach, our new monthly billing option makes it even easier for MSSPs and MSPs to offer their customers the best protection available, without the upfront investment required for an annual subscription." The bundles, which include SonicWall's currently available security offerings, empower MSSPs and approved MSPs to provide their customers with flexible, cost-effective cybersecurity solutions. "Given the current state of the market, offering a diverse range of billing options can help empower businesses to tailor their payment structures and align with business needs," said Logically CEO Joshua Skeens. "With SonicWall embracing this flexibility, it will not only enhance customer satisfaction but also cultivate long-term partnerships that fuel growth and success." SonicWall MSSPs and approved MSPs can now bill customers monthly for SonicWall's popular security services included in three cost-effective protection tiers for SonicWall Generation 7 appliances: Threat Protection Security Suite, Essential Protection Security Suite and Advanced Protection Security Suite. SonicWall protection suites bundle a range of critical firewall security services, including the Capture Advanced Threat Protection (ATP) sandbox service, patented Real-Time Deep Memory Inspection™ (RTDMI), as well as intrusion prevention and application control, content filtering and reporting capabilities. "We are committed to providing MSPs and MSSPs with the technology and support they need to succeed," said Chief Revenue Officer Jason Carter. "Our firewall security services with monthly billing will help our partners deliver advanced cybersecurity services to their customers, while also simplifying their own billing and administration processes." New monthly billing models align with how MSSPs and MSPs go to market and have the following benefits: Never miss a renewal. With bundled firewall security services conveniently billed monthly, MSSPs and approved MSPs never need to worry about missing a renewal from multi-year agreements. This equals a smoother customer experience and fewer service interruptions. Simplify the PO process. Offering a no-commit, in-arrears billing option for firewall services provides integrated billing and license provisioning — all while reducing upfront costs. Bring or buy the hardware. Choose to add monthly services to existing current-generation TZ and NSa firewalls, or provision licenses on new firewalls for customer deployments. Gain 24x7 support. Each firewall security services bundle includes 24x7 SonicWall support for end customers, including a world-class online support portal. Streamline billing processes. Simplify monthly customer billing via supported Professional Services Automation (PSA) tools, such as ConnectWise and Autotask. Leverage powerful reporting and analytics. When SonicWall Network Security Manager (NSM) licenses are added to firewall security services, partners can leverage additional management, reporting and analytics capabilities. Standardize service offerings. Leverage the convenience of SonicWall's new MySonicWall APIs to execute configuration scripts to provision standard security bundles for all customers. Accelerate workflow automation. Use new APIs to extend existing MSP workflow automations for end-to-end customer onboarding across Professional Service Automation (PSA) and Remote Monitoring & Management (RMM) tools. SonicWall's new monthly billing model is available now for SonicWall MSSPs and approved MSPs. SonicWall partners may apply for access via the SonicWall Partner Portal. The SecureFirst Partner Program demonstrates SonicWall's continuing commitment and investment in the channel, providing a multi-tiered approach with a broad range of benefits for partners. The program accelerates SonicWall partners' ability to provide the industry's best security efficacy with TCO that matches real-world expectations. About SonicWall SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide.

Read More

Enterprise Security, Platform Security, Software Security

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

Prnewswire | July 19, 2023

Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file. Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged. The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe. Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks. This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain. About Legit Security Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

More featured news