DATA SECURITY

ISARA, Carillon and Crypto4A Partnership enables a world first Canadian fully integrated Quantum-Safe Now PKI solution

Crypto4A | October 23, 2021

Crypto4A Technologies Inc., ISARA Corp., and Carillon Information Security Inc. today announced their partnership agreement focused on providing organizations with a next generation Quantum Safe NowTM Public Key Infrastructure (PKI) solution.

The Quantum-Safe Now™ PKI solution integrates ISARA's Radiate Quantum-safe Toolkit and Catalyst Agile Digital Certificate Methodology, which provide hybrid crypto-agility, with Carillon's world class PKI CertServ ID Management Suite operating on Crypto4A's QxEDGE™ and QxCloud™ Hybrid Security Platform (HSP).  

By working together, the three Canadian organizations provide a world first quantum safe PKI solution running on purpose-built hybrid crypto-agile hardware.

As part of the partnership, the companies intend to develop and market seamless, easy to use quantum-safe PKI cryptographic solutions that ease digital transformations, enable cryptographic agility and simplify cryptographic management.

Today's connected economies, identity based digital transformations, DevSecOps teams and cloud-based deployments require new cryptographic capabilities based on quantum-safe software and hardware to provide enterprises with the forward agility, seamless access, security and controls required for cloud, edge, and end user environments.

"ISARA's suite of proven crypto-agile capabilities effectively complements the proven capabilities of both Carillon's PKI software and Crypto4A's hardware based crypto-agility resulting in a more robust and easier to use Quantum-Safe Now™ PKI solution. Our approach is to enable customers to discover and manage their cryptographic capabilities in an agile, quantum-safe and trusted way.  Our collective experiences, knowledge and integrated Quantum Safe Now™ PKI solution de-risks digital transformations and migrations to address the evolving security requirements for today and tomorrow," said Scott Totzke, CEO and Co-founder at ISARA.

Identity based digital environments, applications and relationships rely on cryptography for their trust, innovation, security and privacy. By working with ISARA and Carillon, we demonstrate the power of the Canadian cryptography industry to elevate the original PKI architecture as well as demonstrate the agile capabilities of our FPGA based QxTrust Architecture™(QxTA™). As progress is made in better cloud and edge security, privacy and data management, new requirements are emerging that place material stress on the foundations of today's cryptographic hardware. This new collaborative offering helps to remove some of these stresses and represents our approach to cooperation

John Scott, CEO of Crypto4A

"We are excited to be partnering with Crypto4A and ISARA on this common PKI initiative. The experience that they both bring from a cryptography and an engineering perspective, provides Carillon and its customers with an integrated approach to an agile Quantum Safe Now™ PKI solution. Quantum Safe Now™ demonstrates our ongoing commitment to meet the emerging needs of the connected enterprise for innovation with digital trust", said Patrick Patterson, President and Chief PKI Architect of Carillon.

About Radiate™ Quantum-safe Toolkit and Catalyst Agile Digital Certificate Methodology
The ISARA Radiate™ Quantum-safe Toolkit is a high-performance, lightweight, standards-based quantum-safe software development kit, built for developers who want to test and integrate next-generation post-quantum cryptography into their commercial products. ISARA Catalyst™ Agile Digital Certificate Methodology enables a seamless, cost-effective and simplified migration to quantum-safe security today to protect investments in durable connected devices and the Internet of Things (IoT) and complex public key infrastructures with no impact to end-users. Catalyst certificates support two cryptographic algorithms within a single certificate and can support both classic and quantum-safe public keys and signatures.

About CertServ ID Management Suite
CertServ ID Management Suite is the first, single technology PKI platform that is designed with the users in mind. It offers a simple, easy to use, easy to deploy series of components that facilitate all aspects of PKI credential management. From devices to people, hardware or software-based credentials are simple to issue, manage, and maintain.

About QxEDGETM and QxCloudTM
QxEDGETM and QxCloud™ HSP's provide a suite of next generation capabilities that are an alternative to traditional HSM capabilities. Architected to be native for quantum-safe crypto-agility in cloud, zero trust and remote working environments.  QxEDGETM and QxCloud™ enable the adoption of hybrid certificate techniques and post quantum cryptographic algorithms, ensuring cost and security effective crypto-agility for identity-based application environments.

About ISARA
ISARA, with its knowledge and experience in cybersecurity over the years, is a global leader in crypto-agile technologies and quantum-safe security solutions that can continue to protect current computing ecosystems into the quantum age. Capitalizing on know-how garnered in using agile methods to develop these cryptography implementation and public key authentication technologies, ISARA will target the development of crypto agility and quantum-safe security solutions compliant with the international standardization of quantum secure cloud technology.

About Carillon Information Security
Carillon Information Security Inc. provides a complete spectrum of identity management solutions that are designed to prevent identity theft, promote the migration from paper to electronic authentication, and avoid the loss of intellectual property. From consulting services, to credential issuance and validation software to managed identity services, Carillon can provide the skill sets and tools to help companies take control of their corporate digital credentials.

About Crypto4A
Crypto4A QxTrust Architecture™(QxTA™) helps enable crypto agility for Zero Trust environments. Developed by founders who created previous crypto key and HSM architectures, our patented QxTA™ helps secure and accelerate digital transformations, cloud migrations and crypto-agility by deploying, managing and protecting digital keys, workloads, data and applications from anywhere in the world.

Spotlight

Forrester Research offers unique insight into the rapidly growing DDoS Protection market with its Wave Report on DDoS Services Providers. The report investigates the rise in DDoS attacks and evaluates the top vendors. Read the report and learn why Imperva was positioned as a leader in the DDoS service providers space.

Spotlight

Forrester Research offers unique insight into the rapidly growing DDoS Protection market with its Wave Report on DDoS Services Providers. The report investigates the rise in DDoS attacks and evaluates the top vendors. Read the report and learn why Imperva was positioned as a leader in the DDoS service providers space.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

LogRhythm Partners with SentinelOne to Accelerate Prevention, Detection and Response for Enterprise Environments

LogRhythm | December 20, 2022

LogRhythm, the company empowering security teams to defend against an ever-evolving threat landscape today announced its partnership with SentinelOne, an autonomous cybersecurity platform company. Together, LogRhythm and SentinelOne provide an integrated enterprise security solution to prevent, detect, and respond to threats in your environment. The combined solution streamlines security operations and improves response workflow, helping overwhelmed security teams cut through the noise and gain precise insights into cybersecurity threats. Legacy solutions have been unable to keep up with the speed, sophistication, and scope of attacks, in which organizations lack the context and global visibility necessary to address these challenges, leaving them vulnerable to attacks. To remain on top of threats, it's essential for enterprises to understand what's occurring in their network and across their endpoints. However, without a centralized way to collect and action log data, that mission can be overwhelming for security teams. “We are thrilled to formally announce our integration with SentinelOne. This partnership brings together two remarkable platforms that will provide our customers with incomparable visibility for analysts, allowing them to cut through the noise, and recognize and respond to incidents more quickly and effectively. “LogRhythm is committed to helping customers defend themselves against cyberattacks and we will continue to do so by partnering with leading and innovative cybersecurity companies to expand our offerings.” Andrew Hollister, Chief Information Security Officer at LogRhythm LogRhythm’s security analytics automatically incorporate rich endpoint telemetry from SentinelOne, enabling real-time threat protection and providing in-depth analytics for comprehensive security monitoring. LogRhythm SmartResponse™ capability leverages the SentinelOne API to effect automated response to malicious activities, such as automatically blacklisting hash values, or disconnecting affected machines from the network, as well as providing capabilities to collect additional information during an investigation. SmartResponse actions may be triggered directly by an Analytic running in LogRhythm’s patented Analytics Engine, or manually launched by an Analyst from the Web Console. Key benefits of this integration include: Expanded Visibility: Centralize data collection with events from SentinelOne managed user endpoints and cloud workloads Focused automation: Initiate automatic endpoint mitigation with LogRhythm SmartResponse actions Reduced Complexity: Prebuilt integrations and dashboards streamline SOC operations and improve ROI “Our XDR strategy incorporates the integrations and technologies SentinelOne customers value. We’re excited about our partnership with LogRhythm,” said Yonni Shelmerdine, VP XDR Product Management at SentinelOne. “LogRhythm offers extensive support for - and integration across - the Singularity XDR platform, helping our customers from around the globe protect against modern cyberattacks and reduce risk.” This announcement marks yet another milestone in the company’s momentous year. In addition to the release of LogRhythm Axon earlier this Fall, a groundbreaking, cloud-native security operations platform, LogRhythm also recently announced its integration with Gigamon that provides customers with a comprehensive view of network traffic. About LogRhythm LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world. LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps. Together, LogRhythm and our customers are ready to defend. About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Neosec Introduces Automated Tokenization to Enable Full API Visibility Without Exposure of Sensitive Data

Neosec | November 16, 2022

Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to enable organizations to fully see and store API data, removing the possibility of keeping sensitive data at-rest. Today, many organizations are blind to the threats lurking within their API traffic. Even worse, organizations are forced to implement basic logging of its API traffic that doesn't contain the meaningful information about who accessed, what records were accessed or manipulated and how. There exists a justified fear of logging sensitive data or being out of compliance, and with the lack of technology that can perform it at scale, they prefer to log with low fidelity. Those logs tell you that "somebody modified or accessed a record" but typically don't disclose who accessed it, which record, or what action was performed. This decision also results in a downstream issue of "insufficient logging", which is noted by the Open Web Application Security Project as one of the top security problems in its 2021 OWASP API Top 10. "Insufficient logging" is poor for incident forensics and, in practice, means that you can't detect abuse or investigate a case, even if you know it happened. Tokenization is the process of substituting a sensitive data element, like a credit card number, for a non-sensitive equivalent that has no intrinsic or exploitable value or meaning. Neosec's automated tokenization is part of its 'privacy by design' philosophy and is already deployed successfully at customers around the world in financial services, insurance and hospitality companies among others. The process allows retaining tokenized API activity data for the purposes of performing true behavioral analytics over time, ensures that sensitive data is never stored at rest, and enables only the customer to de-tokenize, based on the strictest data privacy practices. "Solving API security starts with basic visibility and the ability to see how the APIs are used. The problem is that virtually every company logs API activity with low fidelity that doesn't enable this basic visibility. "In order to perform true behavioral analytics and investigate cases you must store and examine historical data. But if this analysis is performed on un-tokenized data you risk storing PII and creating compliance issues. Neosec successfully retains all API activity data, in the highest fidelity, and ensures it meets data privacy standards." Giora Engel, co-founder and chief executive officer, Neosec This focus on data and the visibility it brings is what previously defined the creation of the EDR (Endpoint Detection & Response) security space. "Trying to implement API security without enabling basic visibility of activity is like going back to the antivirus age before the advent of EDR. Visibility into API activity allows you to detect threats, understand behavior, investigate and remediate" said Engel. The Neosec API security solution discovers and maintains an up-to-date inventory of all APIs in use by an organization and then uses machine learning and behavioral analytics on tokenized data to find fraud and abuse by third parties and attackers. Neosec also enables proactive API threat hunting and investigations without storing any sensitive data. The automated API data tokenization is now a capability of the Neosec platform and is fully available. There is no extra cost for use of this unique capability. About Neosec Neosec is re-inventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities together with a team of expert threat hunters. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Bitdefender Launches Industry’s First Chat Protection Feature for Mobile-Based Instant Messaging Applications

Bitdefender | November 03, 2022

Bitdefender, a global cybersecurity leader, today unveiled the first real-time chat protection capabilities for mobile-based instant messaging applications. Bitdefender Chat Protection immediately alerts users if malicious links are received or sent during live sessions over the world’s most popular chat applications including WhatsApp, Facebook Messenger, Telegram and Discord. A true industry innovation, the new capabilities help protect users from increased cybercriminal activities targeting mobile devices. Chat Protection is incorporated into Bitdefender Mobile Security for Android through Bitdefender Scam Alert technology, used by consumers worldwide for monitoring, detecting and stopping link-based attacks delivered via messaging applications, notifications, and SMS text messages. Chat Protection continuously monitors chat sessions alerting users of suspicious links that might attempt to steal financial data, credentials and other sensitive information. When malicious links are detected during chat sessions, the user receives a warning along with information about associated risks and a suggested course of action. If warnings are ignored, built-in web protection technologies prevents the user from navigating to the malicious webpage. More than two billion people use WhatsApp and more than one billion use Facebook Messenger globally. At the same time, malware and scams sent via instant messaging apps and SMS text message remain one of the top threats to mobile users in 2022. According to the 2021 Bitdefender Consumer Threat Landscape Report, spam and untrusted domains account for a combined 85% of detected malicious URLs. “Mobile threats continue to increase, and cybercriminals have evolved beyond email-based phishing attacks to include SMS text messages (smishing) and popular instant messaging applications. “With the new capabilities in Bitdefender Mobile Security for Android, users can rest easy and chat safely knowing they have strong, real-time protection against malware, malicious links and scams across their Android devices.” Ciprian Istrate, senior vice president of operations, Consumer Solutions Group at Bitdefender Key Features and Benefits Bitdefender Mobile Security for Android with Chat Protection customers benefit from: Preemptive alerting for financial and data loss risks -- When users receive a suspicious link in messaging applications, notifications or text messages they are notified to prevent accessing or sharing the link. Enhanced protection for friends and family -- If a potentially dangerous link is inadvertently shared, users have the options to recall or delete the message. Detection of sophisticated social engineering -- Phishing attempts that rely on human curiosity, urgency, and impersonation are recognized and flagged by Bitdefender offering users an additional layer of protection. About Bitdefender Bitdefender provides cybersecurity solutions with leading security efficacy, performance, and ease of use to enterprise organizations and consumers. Guided by a vision to be the world’s most trusted cybersecurity solutions provider, Bitdefender is committed to defending organizations and individuals around the globe against cyberattacks to transform and improve their digital experience.

Read More