Data Security

Launching BlackBerry Jarvis 2.0, BlackBerry to Address Global Embedded Cybersecurity Landscape

BlackBerry | July 27, 2021

BlackBerry Limited (NYSE: BB; TSX: BB) has announced the release of the latest edition of the company's flagship software composition analysis tool, BlackBerry Jarvis 2.0.

A SaaS version of the original Jarvis capabilities is introduced in the BlackBerry Jarvis 2.0. This provides integrators and developers a more focused and user-friendly feature set around the three most important areas, which those building mission-critical applications want to authenticate to confirm the superiority of their multi-tiered software supply chain; Common Vulnerabilities and Exposures (CVE), Open-source Software (OSS), and Software Bill of Materials (SBOM) management. In addition, to empower teams to keep software protected from all known concerns based on the illegal intelligence BlackBerry Jarvis 2.0 provides, the online end-user dashboard of the tool has also been improved with detailed restraints and advisory flags.

Designed to address the growing cybersecurity threats and increasing complexity among multi-tiered software supply chains within the automotive, medical, and aerospace industries, BlackBerry Jarvis 2.0 permits OEMs to examine the attribution of their code and every single software quality that comes into their complete supply chains to confirm their products are both safe and modernized with the most modern security reinforcements.

BlackBerry Jarvis 2.0 addresses the need to identify and remediate vulnerabilities by identifying them, then providing deep, actionable insights in minutes – something that would otherwise involve manually scanning that would take large numbers of experts and an impractical amount of time.

About BlackBerry

BlackBerry offers intelligent security software and services to governments and enterprises globally. Including 195M vehicles, The Company secures more than 500M endpoints. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of safety and data privacy solutions, cybersecurity and is a leader in the areas of endpoint management, endpoint security, embedded systems, and encryption.

Spotlight

Threat actors are using social media to target enterprises and their customers with fraudulent accounts. The nature of instant sharing on social media means organizations can face swift reputation damage or financial loss if they fall victim to one of the many threat types used on these platforms. In order to effectively protect

Spotlight

Threat actors are using social media to target enterprises and their customers with fraudulent accounts. The nature of instant sharing on social media means organizations can face swift reputation damage or financial loss if they fall victim to one of the many threat types used on these platforms. In order to effectively protect

Related News

Web Security Tools, Cloud Security

Tenable Unveils Comprehensive Web Application and API Scanning Capabilities for Nessus Expert

GlobeNewswire | September 01, 2023

Tenable®, the Exposure Management company, today announced web application and API scanning in Tenable Nessus Expert, new features that provide simple and comprehensive vulnerability scanning for modern web applications and APIs. Web application and API scanning in Nessus Expert are dynamic application security testing (DAST) features that enable security practitioners to proactively identify and assess web applications and APIs for known vulnerabilities. This includes OWASP Top 10 vulnerabilities in custom application code and known vulnerabilities found in third-party components. Backed by Tenable Research, Nessus provides broad and accurate vulnerability coverage for web applications and APIs – spanning web application servers, content management systems, web frameworks, programming languages and JavaScript libraries. The result is fewer false positives and negatives, ensuring security practitioners know the true risks in their applications. “Web applications are under siege and the security practitioners in charge of protecting them face numerous challenges,” said Glen Pendley, chief technology officer, Tenable. “With Nessus Expert – the gold standard in vulnerability assessment – we’re tackling the crux of these challenges head on by widening visibility into web applications and APIs. Whether the apps are running on-prem or in the public cloud, Nessus Expert assesses their exposures and provides security practitioners, consultants and pentesters with actionable results quickly.” Nessus Expert is the industry’s first vulnerability assessment solution that spans traditional IT assets and the dynamic modern attack surface, including the external attack surface, cloud infrastructure and now, web applications and APIs. This new feature and functionality enables security practitioners to: Set-up new web app and API scans and easily generate comprehensive results Rapidly discover known vulnerabilities and cyber hygiene issues using predefined scan templates for SSL/TLS certificates and HTTP header misconfigurations Identify all web applications, APIs and underlying components owned by a given organization Confidently and safely scan environments without disruptions or delays About Tenable Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

Read More

Enterprise Security

Menlo Security and Carahsoft Partner to Provide Leading Cloud Security Solutions to Public Sector Markets

Yahoo Finance | July 12, 2023

Menlo Security, a leader in cloud security, and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced its partnership. Under the agreement, Carahsoft will serve as Menlo Security’s Public Sector distributor, making its products available to the Public Sector through Carahsoft’s reseller partners and GSA Schedule, NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), National Cooperative Purchasing Alliance (NCPA) and OMNIA Partners contracts. “We selected Carahsoft as our partner because of their extensive experience in the Federal Government and Public Sector markets,” said Darrin Curtis, Vice President, Public Sector, Menlo Security. “Providing the products that prevent attacks before they can happen is Menlo’s priority. By working with Carahsoft and its reseller partners, we can help ensure our Federal, State, and Local Governments and agencies are secure from attack.” Earlier this year, Menlo Security received Authorization to Operate (ATO) at the moderate level under the Federal Risk and Authorization Management Program (FedRAMP). Instead of a detect and response approach, Menlo’s FedRAMP-authorized, Isolation Platform, powered by a patented Isolation Core™ stops threats before they can happen. This means safe browsing of all content from anywhere, all the time. According to DISA’s Requirement and Analysis office, Cloud-Based Internet Isolation (CBII) will improve cybersecurity and avoid $300 million in future spending across the Defense Department. Menlo Security’s isolation-powered platform securely connects users to websites and applications from anywhere, while scaling elastically to meet user demand without sacrificing the user experience. Today, Menlo Security cloud security solutions are deployed by more than 100 Government agencies, including the United States Department of Defense (DoD), mission partners, international Governments, State and Local Governments, and educational institutions across the United States. Menlo Security products are designed with a Zero Trust focus. The company’s Cloud Security platform eliminates malware threats, including ransomware. In addition to these threats, Menlo Security has identified a surge in cyberthreats termed Highly Evasive Adaptive Threats (HEAT) that bypass traditional security defenses. HEAT attacks are a very common class of cyber threats targeting the web browser as a highly vulnerable web attack vector used for 75% of the working day. HEAT attacks employ techniques to evade detection by multiple layers in the current security stack including firewalls, Secure Web Gateways, sandboxing, URL Reputation and phishing detection. “We are pleased to add Menlo Security’s products to our solutions portfolio and offer our customers a modernized, cloud-based approach to cybersecurity,” said Troy Meraw, who leads the Menlo Security Team at Carahsoft. “Together with Menlo Security and our reseller partners, we are committed to helping the Public Sector stay ahead of evolving threats in today’s digital landscape.” Menlo Security’s cloud-based cybersecurity offerings are now available through Carahsoft’s GSA Schedule No. 47QSWA18D008F, SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042, NCPA Contract NCPA01-86, and OMNIA Partners Contract #R191902. The dedicated Cybersecurity team at Carahsoft specializes in providing Federal, State and Local Government agencies and Education and Healthcare organizations with security solutions to safeguard their cyber ecosystem. About Menlo Security Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s patented Isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. The company is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase.

Read More

Enterprise Security, Platform Security, Software Security

ZeroFox Contributes to Open Source Amass Project to Help Businesses Manage Their External Attack Surface

Globenewswire | July 21, 2023

ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, highlights its recent contributions to the OWASP Amass Project in an ongoing effort to give businesses and government entities better visibility to their full external attack surface asset ecosystem. The recent additions to the project from the ZeroFox team provide more advanced tool sets for analysts to discover and catalog their internet-facing assets and exposures. The contributions create a new standard framework to lead the industry in a more cohesive approach to attack surface management. As organizations face increasingly sophisticated cyber threats, understanding and managing their external attack surface has become paramount. By leveraging its expertise in external cybersecurity, ZeroFox identified a critical gap in the attack surface management landscape and responded by spearheading the development of the Open Asset Model and Asset Database within the OWASP Amass Project. The Open Asset Model and Asset Database contributions offer security analysts a unified and structured approach to identifying and managing potential vulnerabilities outside the perimeter. The Open Asset Model provides a new standard for asset definitions, representing a comprehensive framework for describing and categorizing diverse internet-facing assets. The Amass community can quickly adapt the model to include new types of assets exposed on the Internet, and their relationships to each other, for more accurate discovery, tracking, monitoring, and management. The Asset Database implements this model, offering the database interaction layer to store discovered assets in the popular sqlite3 and PostgreSQL database management systems. The Asset Database will foster the development of an ecosystem of scanning and analysis tools, allowing them to store and analyze assets from the Open Asset Model and their relationships. These contributions directly benefit both existing Amass users and the broader attack surface management community in an effort to standardize asset definitions. The new standards now provide the information security community with a consistent and predictable format when transferring data describing external attack surfaces. "We are thrilled to contribute to the OWASP Amass Project and provide the security community with cutting-edge tools for Attack Surface Management," said Jeff Foley, VP of Research at ZeroFox. "By leveraging the power of open source, we aim to expand access to advanced cybersecurity capabilities, helping organizations proactively defend against emerging threats." These engineering contributions represent a continued commitment by ZeroFox to the open source community, OWASP, and the Amass Project. ZeroFox will continue to contribute to the Amass Project in an effort to enable the discovery, management, and protection of the external attack surface. By sharing its expertise and resources, ZeroFox aims to foster collaboration and innovation within the information security community, ultimately making the digital landscape safer for all users. About ZeroFox ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit www.zerofox.com for more information.

Read More