DATA SECURITY

ISARA, Carillon and Crypto4A Partnership enables a world first Canadian fully integrated Quantum-Safe Now PKI solution

Crypto4A | October 23, 2021

Crypto4A Technologies Inc., ISARA Corp., and Carillon Information Security Inc. today announced their partnership agreement focused on providing organizations with a next generation Quantum Safe NowTM Public Key Infrastructure (PKI) solution.

The Quantum-Safe Now™ PKI solution integrates ISARA's Radiate Quantum-safe Toolkit and Catalyst Agile Digital Certificate Methodology, which provide hybrid crypto-agility, with Carillon's world class PKI CertServ ID Management Suite operating on Crypto4A's QxEDGE™ and QxCloud™ Hybrid Security Platform (HSP).  

By working together, the three Canadian organizations provide a world first quantum safe PKI solution running on purpose-built hybrid crypto-agile hardware.

As part of the partnership, the companies intend to develop and market seamless, easy to use quantum-safe PKI cryptographic solutions that ease digital transformations, enable cryptographic agility and simplify cryptographic management.

Today's connected economies, identity based digital transformations, DevSecOps teams and cloud-based deployments require new cryptographic capabilities based on quantum-safe software and hardware to provide enterprises with the forward agility, seamless access, security and controls required for cloud, edge, and end user environments.

"ISARA's suite of proven crypto-agile capabilities effectively complements the proven capabilities of both Carillon's PKI software and Crypto4A's hardware based crypto-agility resulting in a more robust and easier to use Quantum-Safe Now™ PKI solution. Our approach is to enable customers to discover and manage their cryptographic capabilities in an agile, quantum-safe and trusted way.  Our collective experiences, knowledge and integrated Quantum Safe Now™ PKI solution de-risks digital transformations and migrations to address the evolving security requirements for today and tomorrow," said Scott Totzke, CEO and Co-founder at ISARA.

Identity based digital environments, applications and relationships rely on cryptography for their trust, innovation, security and privacy. By working with ISARA and Carillon, we demonstrate the power of the Canadian cryptography industry to elevate the original PKI architecture as well as demonstrate the agile capabilities of our FPGA based QxTrust Architecture™(QxTA™). As progress is made in better cloud and edge security, privacy and data management, new requirements are emerging that place material stress on the foundations of today's cryptographic hardware. This new collaborative offering helps to remove some of these stresses and represents our approach to cooperation

John Scott, CEO of Crypto4A

"We are excited to be partnering with Crypto4A and ISARA on this common PKI initiative. The experience that they both bring from a cryptography and an engineering perspective, provides Carillon and its customers with an integrated approach to an agile Quantum Safe Now™ PKI solution. Quantum Safe Now��� demonstrates our ongoing commitment to meet the emerging needs of the connected enterprise for innovation with digital trust", said Patrick Patterson, President and Chief PKI Architect of Carillon.

About Radiate™ Quantum-safe Toolkit and Catalyst Agile Digital Certificate Methodology
The ISARA Radiate™ Quantum-safe Toolkit is a high-performance, lightweight, standards-based quantum-safe software development kit, built for developers who want to test and integrate next-generation post-quantum cryptography into their commercial products. ISARA Catalyst™ Agile Digital Certificate Methodology enables a seamless, cost-effective and simplified migration to quantum-safe security today to protect investments in durable connected devices and the Internet of Things (IoT) and complex public key infrastructures with no impact to end-users. Catalyst certificates support two cryptographic algorithms within a single certificate and can support both classic and quantum-safe public keys and signatures.

About CertServ ID Management Suite
CertServ ID Management Suite is the first, single technology PKI platform that is designed with the users in mind. It offers a simple, easy to use, easy to deploy series of components that facilitate all aspects of PKI credential management. From devices to people, hardware or software-based credentials are simple to issue, manage, and maintain.

About QxEDGETM and QxCloudTM
QxEDGETM and QxCloud™ HSP's provide a suite of next generation capabilities that are an alternative to traditional HSM capabilities. Architected to be native for quantum-safe crypto-agility in cloud, zero trust and remote working environments.  QxEDGETM and QxCloud™ enable the adoption of hybrid certificate techniques and post quantum cryptographic algorithms, ensuring cost and security effective crypto-agility for identity-based application environments.

About ISARA
ISARA, with its knowledge and experience in cybersecurity over the years, is a global leader in crypto-agile technologies and quantum-safe security solutions that can continue to protect current computing ecosystems into the quantum age. Capitalizing on know-how garnered in using agile methods to develop these cryptography implementation and public key authentication technologies, ISARA will target the development of crypto agility and quantum-safe security solutions compliant with the international standardization of quantum secure cloud technology.

About Carillon Information Security
Carillon Information Security Inc. provides a complete spectrum of identity management solutions that are designed to prevent identity theft, promote the migration from paper to electronic authentication, and avoid the loss of intellectual property. From consulting services, to credential issuance and validation software to managed identity services, Carillon can provide the skill sets and tools to help companies take control of their corporate digital credentials.

About Crypto4A
Crypto4A QxTrust Architecture™(QxTA™) helps enable crypto agility for Zero Trust environments. Developed by founders who created previous crypto key and HSM architectures, our patented QxTA™ helps secure and accelerate digital transformations, cloud migrations and crypto-agility by deploying, managing and protecting digital keys, workloads, data and applications from anywhere in the world.

Spotlight

Hybrid work changes the way people use applications. In this video, learn about how Netskope Cloud Firewall delivers the protection you need everywhere your business operates.

Spotlight

Hybrid work changes the way people use applications. In this video, learn about how Netskope Cloud Firewall delivers the protection you need everywhere your business operates.

Related News

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Veza introduces new solution to deliver SaaS access security and governance for the enterprise

Businesswire | May 03, 2023

Veza, the authorization platform for data security, today announced Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations. With this solution, Veza secures the attack surface associated with SaaS apps while enabling continuous compliance with frameworks like Sarbanes-Oxley, ISO 27001, SOC 2, and GDPR. Organizations today maintain an average of 125 different SaaS applications, costing $1,040 per employee annually, according to Gartner’s 2022 Market Guide for SaaS Management. As SaaS grows in popularity, security and identity teams are under pressure to manage security risks associated with the spread of data in these apps. “SaaS applications are everywhere, holding sensitive data like customer lists, financials, and employee data. This is a new attack surface for the threat actors who misuse identity,” said Tarun Thakur, CEO and co-founder of Veza. “Conventional IAM techniques like authentication are not enough to secure access to data in SaaS apps. We are excited to introduce Veza for SaaS Apps to help our customers protect sensitive data against credential theft, malicious attacks and accidental exposure, putting SaaS access security within reach.” The Veza solution includes integrations to 15 popular SaaS applications, including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. Because Veza uses an out-of-band approach to integrate with apps and systems, customers can integrate in less than a day, unlocking unprecedented visibility and control in just hours. “Using Veza, we have been able to achieve end-to-end visibility over access permissions across our enterprise app stack, including Salesforce,” said Brian Miller, Director, Security Governance, Risk and Compliance at Achieve. “As our customer base continues to expand, Veza helps us maintain least privilege over sensitive financial customer data, giving us the confidence to adopt new apps at lightspeed.” Capabilities of the Veza solution include: Privileged Access Monitoring. Veza alerts security teams when there are new grants of privileged access and privilege drift in SaaS apps, such as new local admins in Salesforce. Veza monitors both human identities and machine identities like service accounts and third-party integrations. User Access Reviews and Entitlement Certifications. Veza automates the identity governance and administration process of periodic access reviews, using workflow rules to route requests for certification and providing decision-makers with authorization context to choose the least-permissive role. Veza makes it possible to graduate from periodic batches to “continuous compliance.” SaaS Misconfigurations. Veza monitors SaaS apps for administrative misconfigurations and policy violations with over 100 pre-built queries to monitor and detect common misconfigurations in permissions and access controls. For example, Veza alerts the security team when users have access to sensitive data but do not have MFA (multi-factor authentication) enabled. SaaS applications contain sensitive data. Securing the access to this data in SaaS apps is complicated given the application-specific RBAC (role-based access control) that grants permissions to humans and services. Because security teams can’t see the reality of who can do what with data, SaaS apps are vulnerable to privilege sprawl and risky misconfigurations. The Veza Authorization Platform creates a comprehensive graph of identity-to-data by ingesting and organizing the authorization metadata (RBAC) from SaaS apps, cloud providers, data systems, and identity providers. About Veza Veza is the authorization platform for data security. Identity and security professionals use Veza to modernize access governance for the new data and SaaS apps landscape. By automating the work of finding and fixing excessive permissions on a continuous basis, Veza helps organizations achieve Least Privilege. Veza’s unique approach ingests metadata from any SaaS app or data system, organizes it as an authorization graph, and makes it searchable in real-time. Global enterprises like Blackstone, Wynn Resorts, and Expedia trust Veza to protect sensitive data and automate access reviews. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures. Visit us at veza.com and follow us on LinkedIn, Twitter, and YouTube.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tessian Launches Advanced Email Threat Response Capabilities for Security Teams

Prnewswire | April 26, 2023

Tessian, a leading Integrated Cloud Email Security company, today announced the general availability of Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions. Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls, and spend too much investigating and remediating individual emails. Tessian Respond enables security teams to quickly identify and respond to all email threats by offering proactive threat hunting capabilities and enabling response and remediation for end-user reported emails. Security admins can now use powerful search queries that leverage intelligence and threat indicators from across the entire Tessian platform. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform which offers the industry's most complete set of capabilities required for cloud email security: Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach, in a simple to deploy model. "At Tessian, we are focused on helping our customers eliminate email based threats," said Allen Lieberman, Chief Product Officer of Tessian. "As customers pivot to cloud based email platforms, they are reconsidering their email security stack to prevent more threats and simplify operations. With the introduction of Tessian Respond, combined with our existing Defend, Protect, and Coach capabilities, Tessian has established a platform that can be deployed in minutes, dramatically reducing email based risk and greatly simplifying operations." "Tessian stops email threats, including Phishing, Business Email Compromise and attacks that could lead to Ransomware or Credential theft on a daily basis," said Jason Patterson, Senior Director of InfoSec, Compliance and Risk Management at Nasuni. "Without Tessian, these threats would have reached our end users. The platform is easy to use for both administrators and end users. However, Investigating the larger impact of an email threat used to take 20 minutes or longer, due to pivoting between multiple tools and powershell scripts. With Tessian Respond, we can now pivot directly from a security event to an investigation in the Tessian platform that allows us to quickly understand the broader risk and remediate the full attack campaign in just a few clicks." About Tessian Tessian's mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error - like data exfiltration, accidental data loss, business email compromise and phishing attacks - with minimal disruption to employees' workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Forcepoint Launches Global Managed Security Service Provider Program for Forcepoint ONE SSE

Businesswire | April 19, 2023

Global security leader Forcepoint today introduced its best-in-class Managed Security Service Provider (MSSP) program for service providers, distribution partners and other resellers. With managed services based on the Forcepoint ONE Security Service Edge (SSE) platform, Forcepoint partners can simplify Zero Trust security and gain predictable, repeatable revenue streams through cloud-first, hybrid-ready security. Forcepoint ONE also allows partners to quickly differentiate their security offerings with Data-first SASE, integrating SSE with connectivity through FlexEdge Secure SD-WAN solutions. Forcepoint MSSP partners can help enterprises and government agencies turn security into a competitive advantage by increasing productivity, streamlining costs and simplifying regulatory compliance. “As more and more organizations look to MSSPs for their cybersecurity solutions, the opportunity for partners is absolutely massive with market growth to $53.22B expected in the next several years. And every customer we speak to is on a path to SASE, with many looking to MSSPs for pay-as-you-go solutions that stop threats and data loss while letting users access information and apps securely on any device,” said Myles Bray, Chief Revenue Officer at Forcepoint. “Forcepoint ONE allows MSSP partners to fast forward their journey to Data-first SASE through the delivery of security convergence, subscription model and business tools that enable partners to reduce complexity for mutual customers, drive recurring revenue, and quickly scale their service offerings.” “Forcepoint’s data-centric focus on security aligns with our vision for proactive protection, detection and remediation,” said Raluca Saceanu, CEO of Smarttech247, a Forcepoint partner. “Smarttech247’s hosted and managed services centered on Forcepoint ONE SSE cloud-native and Forcepoint enterprise data security solutions allow today’s enterprises to manage risk holistically and simplify security operations. This is a game-changer when adversaries are constantly finding new ways to steal confidential data.” As a channel-first company, Forcepoint will help partners quickly incorporate SASE into their services through its MSSP program. Using the Forcepoint management portal, partners can update customer configurations and offer multi-tenant services with a few clicks. Subscriptions with simple billing help providers scale their profitability when end-user licensing needs change. With no significant up-front expenses, partners can offer Forcepoint ONE and Secure SD-WAN solutions quickly over the internet and customers can add more services anytime. Forcepoint also provides enablement and training support, including channel managers dedicated to building business plans with MSSPs and distribution partners. Additional Forcepoint MSSP benefits to partners include: Unified Management: the Forcepoint ONE all-in-one console offers a single set of policies for securing remote, hybrid, and office workers. Modern: strong Zero Trust data security delivered with a cloud-native SASE architecture. Global: available everywhere, with 300+ points of presence for managed devices and agentless support for BYOD. Reliable: 99.99% uptime since 2015. Profitable: cost competitive, higher margin services. About Forcepoint Forcepoint simplifies security for global businesses and governments. Forcepoint’s all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft or loss of sensitive data and intellectual property no matter where people are working. Based in Austin, Texas, Forcepoint creates safe, trusted environments for customers and their employees in more than 150 countries. Engage with Forcepoint on www.forcepoint.com, Twitter and LinkedIn. About Smarttech247 Smarttech247 is a multi-award-winning cybersecurity company that helps organizations reduce their risk. Trusted by global customers, our platform provides threat intelligence with managed detection and response to provide actionable insights, 24/7 threat detection, investigation, and response. Our service is geared towards proactive prevention and we do this by utilizing the latest in cloud, big data analytics and machine learning, along with our industry leading governance, risk and compliance team.

Read More