SOFTWARE SECURITY

KLAS and Censinet Partner to Reduce Healthcare CISOs, CIOs and IT Vendor Community Cybersecurity Risk

businesswire | December 01, 2020

KLAS, a medical care exploration and bits of knowledge firm, and Censinet, the main astute danger network for medical care, today reported an association to help medical services IT sellers and administrations firms improve their general danger and security profile and give more noteworthy straightforwardness to a huge number of medical services suppliers. As a feature of the association, KLAS, which has led profound examination and investigation on in excess of 900 medical care IT items and administrations, will present another Cybersecurity Readiness Assessment.

The organization will likewise incorporate community oriented exploration, knowledge sharing, unique report access, and cybersecurity best works on, equipping medical care leaders with crucial data to improve their cybersecurity act and at last, cultivate a safer and beneficial medical care biological system.

While the enormous endeavor to execute electronic wellbeing records over the previous decade has prodded a period of advanced wellbeing development, it has likewise significantly extended the assault surface for digital crooks to target medical care associations. What's more, presently, the COVID-19 pandemic has both expanded dependence on computerized wellbeing and given aggressors considerably more motivating force to target suppliers, payers and others in the medical care industry.

Spotlight

In today's modern world with high tech technology everyone prefer to store their personal data in the cloud which may has account numbers, passwords and other important information that could be used and misused by a miscreant, an opponent, or a court of law. These data are retrieved, copied and archived by Cloud Service Providers (CSPs), often without users' permission and control. Self-destructing data plays a vital role in protecting the user data's privacy. All the data stored at servers and their copies become destructed after a user-specified time and also this data became unreadable for any user intervention. The decryption key is destructed after the user-specified time that is TTL (Time-To-Live) field. In proposed paper, the authors present self-destructing data system that meets this challenge through a novel integration of secure cryptography techniques with active storage techniques based on 'Hadoop'.

Spotlight

In today's modern world with high tech technology everyone prefer to store their personal data in the cloud which may has account numbers, passwords and other important information that could be used and misused by a miscreant, an opponent, or a court of law. These data are retrieved, copied and archived by Cloud Service Providers (CSPs), often without users' permission and control. Self-destructing data plays a vital role in protecting the user data's privacy. All the data stored at servers and their copies become destructed after a user-specified time and also this data became unreadable for any user intervention. The decryption key is destructed after the user-specified time that is TTL (Time-To-Live) field. In proposed paper, the authors present self-destructing data system that meets this challenge through a novel integration of secure cryptography techniques with active storage techniques based on 'Hadoop'.

Related News

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Swimlane Launches First Comprehensive Security Automation Ecosystem for OT Environments

Swimlane | November 15, 2022

Swimlane, the low-code security automation company, today announced the formation of the first operational technology (OT) security automation solution ecosystem tailored to meet the combined OT and IT security requirements within critical infrastructure environments. The Biden Administration designated November as Critical Infrastructure Security and Resilience Month, drawing attention to the need for “fortifying our information technology and cybersecurity across sectors.” As cyber threats grow in frequency and severity, security operations teams within industrial organizations are regularly targeted due to the importance of their systems and infrastructure. Given the limited resources at their disposal, security teams within these organizations are struggling to keep up with rapidly evolving threats. The cybersecurity skills gap poses a particularly difficult challenge for organizations with OT environments due to the unique skill set required to navigate the convergence of OT and IT technologies. This is where modern Security Orchestration, Automation and Response (SOAR) plays an instrumental role. “Our public utilities and critical infrastructure face unique cybersecurity challenges to detect and respond to the convergence of threats targeting their combined OT and IT environments, and cyber-physical systems. “Swimlane is bringing together the best of OT security with our extensible security automation platform to create a robust system of record and control for security operations teams to more quickly process large amounts of security telemetry without needing more resources to defend against breaches.” Cody Cornell Co-founder and Chief Strategy Officer of Swimlane Swimlane’s security automation ecosystem for OT environments currently includes the following: Nozomi Networks for OT and IoT Security: Swimlane and Nozomi Networks, the leader in OT and IoT security, also announced today a technology integration that combines low-code security automation with OT and Internet of Things (IoT) security. The combined solution makes it possible for industrial and critical infrastructure security operations to maintain continuous asset compliance and mitigate the risks of attacks from combined OT and IT entry points. Dataminr Tackles Physical Risk: Swimlane’s integration with Dataminr leverages automated processes to mitigate risks and warn at-risk employees as soon as possible to ensure their safety. The cyber-physical threat response solution saves organizations crucial minutes when connecting with staff members who might be affected by a natural disaster, accident, or social unrest, or other types of physical risk. 1898 & Co. for Managed Threat Detection: 1898 & Co., a preeminent industrial control system (ICS) cybersecurity solutions provider, has selected Swimlane as the core automation platform for their managed threat detection services. These services include the detection of both OT and IT-born threats, machine-speed threat validation and scoring, and rapid remediation of threats using OT response methods. “Security teams chartered with protecting OT environments are struggling to keep pace with emerging threats given their limited resources,” said Joshua Magady, Practice Technical Lead at 1898 & Co. “As cyberattacks on critical infrastructure continue to rise and the cybersecurity skills shortage prevails, we are excited to be working with Swimlane to provide automation solutions that give these important organizations the tools to defend against rising cyber threats effectively.” Working with each technology partner, Swimlane will develop a portfolio of pre-integrated solutions that customers can quickly deploy either through managed services or add to their existing environment. About Swimlane Swimlane is the leader in cloud-scale, low-code security automation. Swimlane unifies security operations in-and-beyond the SOC into a single system of record that helps overcome process and data fatigue, chronic staffing shortages, and quantifying business value. The Swimlane Turbine platform combines human and machine data into actionable intelligence for security leaders.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Netskope Further Improves Risk Visibility on AWS, Strengthening Customers' Security Posture

Netskope | December 01, 2022

Netskope, a global leader in secure access service edge (SASE), is announcing new support of Amazon Web Services (AWS) to further improve visibility of risks and threats on AWS services, resulting in even stronger security postures for customers. Through this work, Netskope will support the launch of AWS Verified Access and Amazon Security Lake to drive innovation for enterprises running on AWS. As the cybersecurity landscape becomes more complex and multifaceted, organizations want to confidently know their data, employees, and resources are safe from potential attacks. Netskope has helped thousands of customers, including more than 25 of the Fortune 100, improve their security posture through integrated zero trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), cloud security posture management (CSPM), storage scanning with data loss prevention (DLP), cloud firewall, Borderless WAN, and more. By meeting the rigorous standards of supporting the launch of AWS Verified Access and Amazon Security Lake, Netskope and customers can have greater confidence in the company's deep technical expertise on AWS and its proven track record in securing even the most complex cloud journeys. "As organizations search for seamless support and unification of their cloud security services, our work with AWS will help customers achieve even better visibility and protection in a cloud-first, hybrid work environment. "Hybrid work today happens in the office, at home, or on the go, and with this new support of Amazon Security Lake and AWS Verified Access, we'll help customers navigate their cloud security journey by securing data from anywhere, on any device." Andy Horwitz, Vice President, Business Development and Technology Alliances at Netskope Netskope will support Amazon Security Lake and AWS Verified Access by providing visibility and real-time data and threat protection when accessing cloud services, applications, and data. Customers can expect broader and more granular data sharing to expose cloud threats and security gaps, better alert prioritization so security teams can remediate the highest threats first, and a stronger security posture with faster remediation strategies in place. "Netskope and AWS continue to help organizations with security capabilities they need to protect their users and data everywhere," said Chris Grusz, Director, ISV Partner and AWS Marketplace Business Development. "Netskope is a trusted security provider for many cloud-first organizations, and the expanded relationship with AWS will allow customers to better realize the full value of their AWS Security investments." About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

INFOSEC PROJECT MANAGEMENT,PLATFORM SECURITY,SOFTWARE SECURITY

NowSecure Unveils Its Latest Offering, Mobile Pen Testing-as-a-Service (PTaaS)

NowSecure | January 03, 2023

NowSecure, the leader in standards-based mobile app security and privacy software, announced the introduction of its latest solution, NowSecure Mobile Pen Testing as a Service (PTaaS), which will bridge the gap between manual and automated mobile security assessments for continuous security. NowSecure PTaaS is designed to provide mobile developers and security teams with a more cost-effective and efficient pen testing solution. The solution combines periodic expert manual assessments with continuous automated testing to optimize comprehensive coverage at a higher frequency. With this combination, the all-inclusive portal and service can instantly discover concerns early in the developer pipeline, provide consulting help to repair security issues promptly, and accelerate the release of high-quality software into production. As organizations struggle with tightening budgets in conjunction with an increased threat of mobile cyber assaults, there is an industry demand for a cost-effective, higher-coverage, higher-frequency, mobile AppSec testing solution. "According to Coalfire and NowSecure's 4th Annual Penetration Risk Report, 99% of mobile applications pose security or privacy threats." By integrating NowSecure's latest offering, Mobile PTaaS, CISOs and security leaders can optimize their budget for penetration testing while prioritizing continuous, comprehensive security testing. The NowSecure Mobile PTaaS cloud-based platform, built on tens of thousands of pen tests and over 12 years of mobile application security experience, provides a comprehensive set of automatic, continuous, and manual assessments, including: Expert pen testing periodically depending on the specific demand and timeline On-demand and continuous security testing is built into the CD/CI and dev toolchains Automatic ticket generation with incorporated remedial resources Consultation with an experienced pen tester on remediation Optional industry standard(s) certifications and validations All-in-one SAST, IAST, DAST, APISec, and SBOM Simple-to-use dedicated SaaS platform About NowSecure A Chicago-based mobile security company, NowSecure safeguards the worldwide mobile app economy as the leading authority in standards-based mobile application privacy and security automation. The company is trusted by the most demanding enterprises for its comprehensive security testing solution package for DevSecOps, mobile app supply-chain monitoring, Pen Testing as a Service (PTaaS), professional mobile pen testing, and training courseware. NowSecure actively contributes to and supports the open-source mobile security community, industry standards, and certifications such as ADA MASA, OWASP MASVS, NIAP, ioXt, and others. The firm is SOC 2-certified and has been recognized by Gartner, IDC, TAG Cyber, and Deloitte Fast 500.

Read More