DATA SECURITY

Launching BlackBerry Jarvis 2.0, BlackBerry to Address Global Embedded Cybersecurity Landscape

BlackBerry | July 27, 2021

BlackBerry Limited (NYSE: BB; TSX: BB) has announced the release of the latest edition of the company's flagship software composition analysis tool, BlackBerry Jarvis 2.0.

A SaaS version of the original Jarvis capabilities is introduced in the BlackBerry Jarvis 2.0. This provides integrators and developers a more focused and user-friendly feature set around the three most important areas, which those building mission-critical applications want to authenticate to confirm the superiority of their multi-tiered software supply chain; Common Vulnerabilities and Exposures (CVE), Open-source Software (OSS), and Software Bill of Materials (SBOM) management. In addition, to empower teams to keep software protected from all known concerns based on the illegal intelligence BlackBerry Jarvis 2.0 provides, the online end-user dashboard of the tool has also been improved with detailed restraints and advisory flags.

Designed to address the growing cybersecurity threats and increasing complexity among multi-tiered software supply chains within the automotive, medical, and aerospace industries, BlackBerry Jarvis 2.0 permits OEMs to examine the attribution of their code and every single software quality that comes into their complete supply chains to confirm their products are both safe and modernized with the most modern security reinforcements.

BlackBerry Jarvis 2.0 addresses the need to identify and remediate vulnerabilities by identifying them, then providing deep, actionable insights in minutes – something that would otherwise involve manually scanning that would take large numbers of experts and an impractical amount of time.

About BlackBerry

BlackBerry offers intelligent security software and services to governments and enterprises globally. Including 195M vehicles, The Company secures more than 500M endpoints. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of safety and data privacy solutions, cybersecurity and is a leader in the areas of endpoint management, endpoint security, embedded systems, and encryption.

Spotlight

Phishing-Angriffe haben sich bereits seit einigen Jahren als häufigster Angriffsvektor etabliert. Begünstigt durch Faktoren wie die COVID-19-Pandemie, die Umstellung auf dezentrale Arbeitskonzepte und die kritische Log4j-Sicherheitslücke war 2021 eine weitere Zunahme um 29 % gegenüber dem Vorjahr zu verzeichnen. Phishing-Bedrohu

Spotlight

Phishing-Angriffe haben sich bereits seit einigen Jahren als häufigster Angriffsvektor etabliert. Begünstigt durch Faktoren wie die COVID-19-Pandemie, die Umstellung auf dezentrale Arbeitskonzepte und die kritische Log4j-Sicherheitslücke war 2021 eine weitere Zunahme um 29 % gegenüber dem Vorjahr zu verzeichnen. Phishing-Bedrohu

Related News

PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION

Wallarm Announces the Early Release of Its Enhanced API Security Technology

Wallarm | January 23, 2023

Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak. Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data. With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach: Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute. Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio. Control - Wallarm also continuously monitors and prevents the use of leaked API secrets. The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation. About Wallarm Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.

Read More

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

SteelCloud and Telos Corporation Collaborate to Enhance NIST RMF Compliance

Telos Corporation | January 09, 2023

SteelCloud LLC, a leading CIS and STIG compliance automation software developer and Telos Corporation, a renowned provider of cyber, enterprise, and cloud security solutions to the world's most security-conscious organizations, recently announced entering into a partnership to assist customers in reducing the complexity of NIST Risk Management Framework (RMF) compliance. Customers gain access to all seven RMF phases via a unified, automated solution. SteelCloud's ConfigOS capabilities take care of the identify/ categorize, select, and implement components of RMF for technical assets. ConfigOS examines an asset, determining whether Security Technical Implementation Guides (STIG) apply, scanning against the STIG standards, identifying compliance indicators, and automating the remediation of findings. Meanwhile, Xacta incorporates and uses this information during the RMF's assessment and authorization processes, as well as when the monitor step is initiated once authorization to operate (ATO) is obtained. Working together, ConfigOS and Xacta drive decisions to address identification and selection problems while reporting important indicator metrics required to achieve and sustain ATO. STIG and vulnerability data from ConfigOS are integrated into Xacta and mapped to appropriate requirements as part of Assessment and Authorization (A&A), providing customers with a streamlined approach to gaining necessary permissions. Xacta's workflow automation streamlines the whole NIST RMF workflow, managing validation, analysis, documentation, and accreditation processes from start to end. About Telos Corporation Telos Corporation provides solutions for continuous security assurance of personnel, systems, and information to the world's most security-conscious enterprises, empowering and protecting them. The company offers enterprise security solutions for identity and access management, organizational messaging, secure mobility, and network management and defense. Telos Corporation serves commercial organizations, regulated sectors, and government customers all around the world. About SteelCloud SteelCloud is a company that creates STIG and CIS compliance software for government and business clients. The company's product reduces the complexity, effort, and cost of implementing federal security standards by automating policy and security repair. SteelCloud has provided enterprise-wide security policy-compliant solutions, easing setup, and ongoing security and compliance support. SteelCloud goods are simple to obtain through our GSA Schedule 70 contract.

Read More

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Wiz Launches Free Cloud Framework to Drive Community-Backed Security

Wiz | December 15, 2022

Wiz, the leading cloud security platform that rapidly enables customers to find and remove critical cloud risks, today announced its newest project, The PEACH framework, a tenant isolation framework for cloud applications. This framework will enable industry-wide collaboration and provide cloud customers and cloud application developers with the necessary guidance to build cloud services securely and prevent critical risks in the implementation process. "Over the past year and a half, Wiz researchers and other members of the cloud security community discovered several cross-tenant vulnerabilities in various multi-tenant cloud applications. "Although these issues have been reported extensively and were dealt with appropriately by the relevant vendors, we've seen little public discussion on how to mitigate such vulnerabilities across the entire industry. This is where we see an opportunity to strengthen the collaboration between members of the security community." Wiz CEO Assaf Rappaport Beyond offering a guideline for organizations, PEACH is a starting point for empowering security teams to work together to establish standard transparency and common language when it comes to mitigating cloud threats. Serving as a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, PEACH manages the attack surface exposed by user interfaces and provides a clear standard for transparency on tenant isolation assurance. Wiz developed the following parameters based on lessons learned to address the rising cross-tenant vulnerabilities, lack of a standard for transparency, and missing common langue among vendors: Privilege hardening – ensure tenants and hosts have minimal permissions in the service environment. Encryption hardening – confirm the data belonging to each tenant is encrypted with a unique key, regardless of where the information is stored. Authentication hardening – validate that communication between each tenant and the control plane use authentication with a validated key unique to each tenant. Connectivity hardening – establish that all inter-host connectivity is blocked by default unless explicitly approved by the tenants involved. Hygiene – verify that unnecessary secrets, software and logs scattered throughout the environment are purged to avoid leaving clues or enabling quick wins for malicious actors. The second part of the security review process consists of remediation steps to manage the risk of cross-tenant vulnerabilities and improve isolation as necessary. These include reducing interface complexity, enhancing tenant separation, and increasing interface duplication -- all while accounting for operational context such as budget constraints, compliance requirements, and expected use-case characteristics of the service. This framework was reviewed and collaborated on with cloud security industry experts from AWS, Google, IBM, Netflix and Cisco. Instead of commercializing PEACH though, Wiz will be offering the framework for free. About Wiz Wiz secures everything organizations build and run in the cloud. Founded in 2020, Wiz is the fastest-growing software company in the world, scaling from $1M to $100M ARR in 18 months. Wiz enables hundreds of organizations worldwide, including 30 percent of the Fortune 100, to rapidly identify and remove critical risks in cloud environments. Its customers include Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline, Cushman & Wakefield, DocuSign, Plaid, and Agoda, among others. Wiz is backed by Sequoia, Index Ventures, Insight Partners, Salesforce, Blackstone, Advent, Greenoaks and Aglaé.

Read More