DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

JupiterOne Recognized as a Sample Vendor for Cyber Asset Attack Surface Management (CAASM) in Gartner® Hype Cycle™ for Cyber Risk Management, 2022

JupiterOne | August 19, 2022 | Read time : 02:50 min

JupiterOne
JupiterOne, the industry's leading provider of cyber asset attack surface management (CAASM) technology, today announced that it was named as a Sample Vendor for CAASM in the latest release of the Gartner Hype Cycle for Cyber Risk Management,  2022.

According to Gartner, "In 2022, the global risk landscape continues to be impacted by the ongoing COVID-19 pandemic conditions, the Russian invasion of Ukraine, labor shortage, worsening climate change, and inflation. In particular, the increased inflation rate and labor market tightness mean that organizations must do more with fewer resources."

The Gartner report notes that security and risk management (SRM) leaders continue to struggle to:
  • "Position risk management as a decision-making practice. Either because of their rigid focus on framework-based controls or inability to scale their security and risk controls for individual projects
  • Inform cyber and technology decisions in an ever-expanding operating ecosystem
  • Gain sufficient transparency in evaluating environmental, social and governance risks and incidents, local and worldwide.
  • Mitigate global supply chain risks as these risks continue to form a web of complexity and volatility.
  • Look for ways to automate and inform risk assessment with data-driven insights."

One solution category that addresses these challenges is the cyber asset attack surface management (CAASM) space, where solutions aggregate and track assets such as endpoints, servers, devices, and applications. By consolidating internal and external cyber assets, users can use queries to find gaps in coverage for security tools such as vulnerability assessment and endpoint detection and response (EDR) tools. JupiterOne pioneered a graph-based approach to CAASM that allows customers to track and monitor IP addresses and analyze and map all intra-asset relationships.

As the Gartner analysts explained, "CAASM enables security teams to improve basic security hygiene by ensuring security controls, security posture, and asset exposure are understood and remediated. Organizations that deploy CAASM reduce dependencies on homegrown systems and manual collection processes, and remediate gaps either manually or via automated workflows. Organizations can visualize security tool coverage, support attack surface management (ASM) processes, and correct systems of record that may have stale or missing data."

The drivers of CAASM adoption, according to Gartner, include:
  • "Full visibility into all information technology (IT), Internet of Things (IoT) and operational technology (OT) assets under an organization's control, which improves understanding of the attack surface area and existing security control gaps or serves as part of a wider ASM process.
  • Quicker audit compliance reporting through more accurate, current and comprehensive asset and security control reports.
  • Consolidation of existing products that collect asset and exposure information into a single normalized view, which reduces the need for manual processes or dependencies on homegrown applications.
  • Access to consolidated asset views for multiple individuals and teams across an organization, such as enterprise architects, security operations teams and IT administrators, who can benefit from viewing and querying consolidated asset inventories with a view to achieving business objectives."

The recent Gartner report on Top Trends in Cybersecurity 2022 cited "Attack Surface Expansion" as one of the year's top security trends resulting from the expanding digital footprint of modern organizations. According to the report, "A dramatic increase in attack surface is emerging from changes in the use of digital systems, such as new hybrid work, accelerated use of public cloud, more tightly interconnected supply chains, expansion of public-facing digital assets and increased use of operational technology." In our opinion, security leaders who reinvent the cybersecurity function and technology architecture can better position their organizations to maintain and grow value in an increasingly agile, distributed, and decentralized environment.

JupiterOne was named a Sample Vendor for CAASM in the latest release of the Gartner Hype Cycle for Security Operations, 2022. The report is available for complimentary download from JupiterOne.

Additionally, Gartner recognized JupiterOne as a Representative Provider for CAASM in the Innovation Insights for Attack Surface Management and as a Sample Vendor in the Gartner Hype Cycle for Workload and Network Security, 2022 research reports.

"JupiterOne is honored to receive yet another recognition from Gartner. Right now, the world is full of uncertainty, making it challenging to conduct business. More than ever, businesses must prioritize effective security measures. Security leaders can get invaluable insights by tracking their assets and making efficient use of their resources. Overall, organizations can make better data-driven business decisions while keeping security risks in mind."

Erkang Zheng, Founder and CEO at JupiterOne

About JupiterOne
JupiterOne is a cyber asset attack surface management (CAASM) platform company providing visibility and security into your entire cyber asset universe. Using graphs and relationships, JupiterOne provides a contextual knowledge base for an organization's cyber asset operations. With JupiterOne, teams can discover, monitor, understand, and act on changes in their digital environments. Cloud resources, ephemeral devices, identities, access rights, code, pull requests, and much more are collected, graphed, and monitored automatically by JupiterOne.

Spotlight

Security breaches can lead to serious financial losses and damage your customers’ confidence in your brand. Do you know how vulnerable your network is to cyber-attacks? Security Professional Services from Windstream Enterprise assess your network security to pinpoint vulnerabilities and compliance gaps, enabling you to correct them before you fall victim to an attack. Vulnerability Assessment Audits – Quantify your company’s level of risk by providing a snapshot of network device and software vulnerabilities. Attack and Penetration Audit – Identify potential security weaknesses that might be exploited by using ethical hacking techniques to simulate a real-world cyber-attack.

Spotlight

Security breaches can lead to serious financial losses and damage your customers’ confidence in your brand. Do you know how vulnerable your network is to cyber-attacks? Security Professional Services from Windstream Enterprise assess your network security to pinpoint vulnerabilities and compliance gaps, enabling you to correct them before you fall victim to an attack. Vulnerability Assessment Audits – Quantify your company’s level of risk by providing a snapshot of network device and software vulnerabilities. Attack and Penetration Audit – Identify potential security weaknesses that might be exploited by using ethical hacking techniques to simulate a real-world cyber-attack.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Netskope Further Improves Risk Visibility on AWS, Strengthening Customers' Security Posture

Netskope | December 01, 2022

Netskope, a global leader in secure access service edge (SASE), is announcing new support of Amazon Web Services (AWS) to further improve visibility of risks and threats on AWS services, resulting in even stronger security postures for customers. Through this work, Netskope will support the launch of AWS Verified Access and Amazon Security Lake to drive innovation for enterprises running on AWS. As the cybersecurity landscape becomes more complex and multifaceted, organizations want to confidently know their data, employees, and resources are safe from potential attacks. Netskope has helped thousands of customers, including more than 25 of the Fortune 100, improve their security posture through integrated zero trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), cloud security posture management (CSPM), storage scanning with data loss prevention (DLP), cloud firewall, Borderless WAN, and more. By meeting the rigorous standards of supporting the launch of AWS Verified Access and Amazon Security Lake, Netskope and customers can have greater confidence in the company's deep technical expertise on AWS and its proven track record in securing even the most complex cloud journeys. "As organizations search for seamless support and unification of their cloud security services, our work with AWS will help customers achieve even better visibility and protection in a cloud-first, hybrid work environment. "Hybrid work today happens in the office, at home, or on the go, and with this new support of Amazon Security Lake and AWS Verified Access, we'll help customers navigate their cloud security journey by securing data from anywhere, on any device." Andy Horwitz, Vice President, Business Development and Technology Alliances at Netskope Netskope will support Amazon Security Lake and AWS Verified Access by providing visibility and real-time data and threat protection when accessing cloud services, applications, and data. Customers can expect broader and more granular data sharing to expose cloud threats and security gaps, better alert prioritization so security teams can remediate the highest threats first, and a stronger security posture with faster remediation strategies in place. "Netskope and AWS continue to help organizations with security capabilities they need to protect their users and data everywhere," said Chris Grusz, Director, ISV Partner and AWS Marketplace Business Development. "Netskope is a trusted security provider for many cloud-first organizations, and the expanded relationship with AWS will allow customers to better realize the full value of their AWS Security investments." About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Qumulo Helps Customers Avoid the Complexity of Protecting Unstructured Data with its Comprehensive Approach to Data Security

Qumulo, Inc. | November 11, 2022

Qumulo, the radically simple way to manage petabyte-scale data anywhere, today announced the launch of the company’s new corporate security initiative “Simply Secure,” a multi-layered approach designed to protect data across multiple points of vulnerability. Qumulo’s “Simply Secure” initiative is meant to help organizations minimize the risk of business disruption and protect their data from theft or loss with a complete suite of security features that continue to harden over time, all-inclusive with their Qumulo® subscription, without additional cost for future releases. The unprecedented rise in cyber threats in recent years is creating dire consequences for businesses: multi-million dollar ransom payments, days or weeks in disruption of operations, and potential loss of valuable data sets. Not only that, cyber attacks which become public often leave behind permanent reputational damage. While most organizations understand and respect the risk of poor security posture, many are strapped for cycles, time, and expertise to build adequate defenses around their unstructured data. Qumulo is meeting its customers anywhere – edge, core, and in the cloud – with a holistic approach to security, making it simple for customers to protect their data from ransomware attacks, data theft, and data destruction. Qumulo not only helps customers ensure lighting-fast recovery but also helps proactively detect and prevent anomalies, so organizations and end users can simply secure their sensitive data. Customers are granted access to each new security feature every two weeks, which is available through non-disruptive software upgrades, increasing the value of Qumulo clusters over time. “Qumulo’s focus on radical simplicity means it's taken an approach to security that makes it as easy as possible for customers to protect their data everywhere it’s stored.” Kiran Bhageshpur, Chief Technology Officer at Qumulo Qumulo is constantly developing new and enhancing existing features to provide the most robust security possible. The most recent releases add five new layers to storage security for greater data protection, including: Multi-tenancy VLAN Isolation: Organizations can now use virtual local area networks (VLANs) to isolate administrative interfaces from their file system clients, such that the general network population cannot reach the interfaces. This adds an additional guarantee of network protection, while helping consolidate multiple use cases on a single cluster, resulting in potential cost savings. Single sign-on & Access Tokens: Cluster administrators can now eliminate the need for sensitive user passwords when logging into the Qumulo administrator UI or API since user credentials are prime targets for theft by cyber attackers. NFSv4.1 Kerberos Authentication & Encryption: All data is encrypted before transmitting across networks, preventing any bad actor that intercepts the data from understanding it in plain text. Federal Information Processing Standards (FIPS) 140-2 certification of Qumulo encryption: Now, customers with FIPS requirements can maintain compliance and independently verify that Qumulo’s data-at-rest encryption meets the standards set by the National Institute of Standards and Technology (NIST). Customers who don’t require FIPS certification can rest assured their data is protected by the highest standards. OpenMetrics API provides telemetry data to 3rd party monitoring and alerting systems, so organizations can proactively detect and quickly respond to anomalies at risk of disrupting operations such as an attack-in-progress. “Trust is mission critical when it comes to security,” said Kathy Ahuja, VP of Information Security at Qumulo. “That’s why we’ve built a security posture with FIPS 140-2 accreditation and enhanced encryption that provides the greatest level of protection for our cryptographic modules. Our customers know they can trust Qumulo with their data. And as cybercriminals continue to advance their own breach strategies, we’re well prepared to continue to improve our security measures to match and defeat the complexities of these attacks.” About Qumulo, Inc. Qumulo is the radically simple way to manage petabyte-scale data anywhere – edge, core or cloud – on the platform of your choice. In a world with trillions of files and objects comprising 100+ Zettabytes worldwide, companies need a solution that combines the ability to run anywhere with simplicity. This is precisely what Qumulo was founded to accomplish.

Read More

DATA SECURITY,ENTERPRISE IDENTITY,PLATFORM SECURITY

Wipro Launches Cybersecurity Consulting Offering in Europe

Wipro | November 28, 2022

Wipro Limited, a leading technology services and consulting company, today announced that it is launching a strategic cybersecurity consulting offering in Europe. The announcement comes on the heels of a series of acquisitions in the consulting space—Edgile, Capco, and Ampion—and is part of the firm’s vision to build a global cybersecurity consulting offering to help clients stay ahead of a dynamic threat and regulatory environment. “Escalation of cyber threats, compounded by the rapidly changing regulatory environment, is creating brand new challenges for businesses across Europe. "Our extensive experience in cybersecurity, global network of cybersecurists, combined with our expanded consulting capabilities, will help clients stay ahead of emerging threats and adapt to a changing regulatory environment with speed and agility. We are thrilled to be bringing this offering to clients in this market at this critical juncture.” Tony Buffomante, Senior Vice President & Global Head of Cybersecurity and Risk Services (CRS) at Wipro Limited The new consulting capability, offered through Wipro CRS Europe, will expand on Wipro’s existing cybersecurity services and enable clients to tap into Wipro’s full set of capabilities—from strategy and implementation to managed services. Under this new offering, Wipro consultants located in Europe will work with clients to build tailored strategies and solutions that address the unique challenges in this market. Leveraging Wipro’s extensive global network of more than 9000 cybersecurists, Wipro CRS Europe will help clients realize enhanced scale and speed in implementations. “Our recent acquisitions in the cybersecurity space, as well as our recent strategic hires in Europe, have created an opportunity for us to rethink how we serve our clients in this market,” said John Hermans, Head of Wipro CRS Europe. “This launch will bring together our entire set of cyber capabilities under a single umbrella, allowing us to deliver clients a truly end-to-end offering that leads with strategy but delivers on every single aspect of their cybersecurity needs.” The new offering will bring all Wipro’s cyber consulting capabilities under one umbrella, CyberTransformSM, and deliver them to clients alongside the company’s managed services capabilities, CyberShieldSM. CyberTransform is Wipro’s business-aligned strategy-first approach to cybersecurity transformation. It enables business growth through a business-led approach to solve security, risk, cloud, identity, and compliance challenges on a global scale. CyberTransform brings together Wipro’s suite of cybersecurity consulting capabilities and delivers clients a truly holistic, 360 approach designed to help them manage cyber threats and build resilient, future-proof businesses. CyberShield is Wipro CRS’ industry-leading suite of managed services, which defends business operations through On-Demand cyber resilience management. About Wipro Limited Wipro Limited is a leading technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 250,000 employees and business partners across 66 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world.

Read More