SOFTWARE SECURITY

Legal Industry Leader HBR Managed Services Partners with Tanium to Enhance Security and IT Services Capabilities

HBR Consulting | August 16, 2022 | Read time : 03:00 min

HBR Consulting
HBR Managed Services (HBR), a comprehensive strategy, operations and technology consulting firm focused on the legal industry, today announced its partnership with Tanium, the industry's only provider of converged endpoint management (XEM) for complex security and technology environments.

Recognizing that law firms are attractive targets for cyber criminals, HBR is leveraging the Tanium platform to provide IT operations management, IT asset discovery, and security threat response to manage system updates at scale, thereby helping the firm's IT managed services and network operating center (NOC) clients reduce risk and operating costs.

"The Tanium platform allows us to automate patching of OS and applications on servers and workstations, whether those endpoints are attached to a firm's network or not," said Bill Elser, vice president of engineering services at HBR. "That's critical in today's hybrid environment, allowing us to quickly prevent or remediate security or other operational issues by deploying registry changes and executing scripts."

"The legal field faces unique challenges not only to protect the integrity and reputation of individual firms, but to safeguard the various constituencies they serve. "Tanium is keenly aware of the heightened risks the industry faces and we are proud to align with a leader like HBR as they work to secure the interests of their clients. We look forward to expanding this long-term partnership as they continue to grow."

Todd Palmer, SVP of partner sales of Tanium

"We're pleased to add Tanium to our roster of best-in-class vendor partners," added Chris Petrini-Poli, HBR's executive chairman. "HBR is committed to continually innovating services and partnering with best-in-class tool providers. Throughout the past year, we've been investing in relationships that will help us continue to provide exceptional, cost-effective service to our clients. We're proud to be on the leading edge of using top-of-the-line technology that ensures a continuously updated and monitored, safe and secure IT environment, while allowing HBR's team to operate as efficiently as possible."

About HBR Consulting
HBR Consulting (HBR) provides law firms and corporate law departments with strategic guidance, operational improvement, and technology solutions that drive innovation while managing cost and mitigating risk. HBR's proven combination of experience, relationships, and insights—spanning the legal ecosystem—delivers sustainable financial and competitive advantages for its clients. Visit www.hbrconsulting.com and follow HBR on LinkedIn and Twitter.

About Tanium
Tanium, the industry's only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, Compliance, Security, and Risk into a single platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium has been named to the Forbes Cloud 100 list for six consecutive years and ranks on Fortune's list of the Best Large Workplaces in Technology. In fact, more than half of the Fortune 100 and the U.S. armed forces trust Tanium to protect people; defend data; secure systems; and see and control every endpoint, team, and workflow everywhere. That's the power of certainty.

Spotlight

Kiosks offer consumers the ultimate convenience while driving significant self-service cost savings to deployers. To make customers’ lives easier, these devices may live beyond corporate network perimeters on the front lines of the new cyberattack environment.

Spotlight

Kiosks offer consumers the ultimate convenience while driving significant self-service cost savings to deployers. To make customers’ lives easier, these devices may live beyond corporate network perimeters on the front lines of the new cyberattack environment.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

JupiterOne Recognized as a Sample Vendor for Cyber Asset Attack Surface Management (CAASM) in Gartner® Hype Cycle™ for Cyber Risk Management, 2022

JupiterOne | August 19, 2022

JupiterOne, the industry's leading provider of cyber asset attack surface management (CAASM) technology, today announced that it was named as a Sample Vendor for CAASM in the latest release of the Gartner Hype Cycle for Cyber Risk Management, 2022. According to Gartner, "In 2022, the global risk landscape continues to be impacted by the ongoing COVID-19 pandemic conditions, the Russian invasion of Ukraine, labor shortage, worsening climate change, and inflation. In particular, the increased inflation rate and labor market tightness mean that organizations must do more with fewer resources." The Gartner report notes that security and risk management (SRM) leaders continue to struggle to: "Position risk management as a decision-making practice. Either because of their rigid focus on framework-based controls or inability to scale their security and risk controls for individual projects Inform cyber and technology decisions in an ever-expanding operating ecosystem Gain sufficient transparency in evaluating environmental, social and governance risks and incidents, local and worldwide. Mitigate global supply chain risks as these risks continue to form a web of complexity and volatility. Look for ways to automate and inform risk assessment with data-driven insights." One solution category that addresses these challenges is the cyber asset attack surface management (CAASM) space, where solutions aggregate and track assets such as endpoints, servers, devices, and applications. By consolidating internal and external cyber assets, users can use queries to find gaps in coverage for security tools such as vulnerability assessment and endpoint detection and response (EDR) tools. JupiterOne pioneered a graph-based approach to CAASM that allows customers to track and monitor IP addresses and analyze and map all intra-asset relationships. As the Gartner analysts explained, "CAASM enables security teams to improve basic security hygiene by ensuring security controls, security posture, and asset exposure are understood and remediated. Organizations that deploy CAASM reduce dependencies on homegrown systems and manual collection processes, and remediate gaps either manually or via automated workflows. Organizations can visualize security tool coverage, support attack surface management (ASM) processes, and correct systems of record that may have stale or missing data." The drivers of CAASM adoption, according to Gartner, include: "Full visibility into all information technology (IT), Internet of Things (IoT) and operational technology (OT) assets under an organization's control, which improves understanding of the attack surface area and existing security control gaps or serves as part of a wider ASM process. Quicker audit compliance reporting through more accurate, current and comprehensive asset and security control reports. Consolidation of existing products that collect asset and exposure information into a single normalized view, which reduces the need for manual processes or dependencies on homegrown applications. Access to consolidated asset views for multiple individuals and teams across an organization, such as enterprise architects, security operations teams and IT administrators, who can benefit from viewing and querying consolidated asset inventories with a view to achieving business objectives." The recent Gartner report on Top Trends in Cybersecurity 2022 cited "Attack Surface Expansion" as one of the year's top security trends resulting from the expanding digital footprint of modern organizations. According to the report, "A dramatic increase in attack surface is emerging from changes in the use of digital systems, such as new hybrid work, accelerated use of public cloud, more tightly interconnected supply chains, expansion of public-facing digital assets and increased use of operational technology." In our opinion, security leaders who reinvent the cybersecurity function and technology architecture can better position their organizations to maintain and grow value in an increasingly agile, distributed, and decentralized environment. JupiterOne was named a Sample Vendor for CAASM in the latest release of the Gartner Hype Cycle for Security Operations, 2022. The report is available for complimentary download from JupiterOne. Additionally, Gartner recognized JupiterOne as a Representative Provider for CAASM in the Innovation Insights for Attack Surface Management and as a Sample Vendor in the Gartner Hype Cycle for Workload and Network Security, 2022 research reports. "JupiterOne is honored to receive yet another recognition from Gartner. Right now, the world is full of uncertainty, making it challenging to conduct business. More than ever, businesses must prioritize effective security measures. Security leaders can get invaluable insights by tracking their assets and making efficient use of their resources. Overall, organizations can make better data-driven business decisions while keeping security risks in mind." Erkang Zheng, Founder and CEO at JupiterOne About JupiterOne JupiterOne is a cyber asset attack surface management (CAASM) platform company providing visibility and security into your entire cyber asset universe. Using graphs and relationships, JupiterOne provides a contextual knowledge base for an organization's cyber asset operations. With JupiterOne, teams can discover, monitor, understand, and act on changes in their digital environments. Cloud resources, ephemeral devices, identities, access rights, code, pull requests, and much more are collected, graphed, and monitored automatically by JupiterOne.

Read More

PLATFORM SECURITY

Zscaler Achieves Zero Trust Security-as-a-Service FedRAMP High Authorization

Zscaler | August 02, 2022

Zscaler, Inc., the leader in cloud security, today announced that Zscaler Internet Access™ (ZIA™) achieved Federal Risk and Authorization Management Program (FedRAMP) High Authority to Operate from the FedRAMP Joint Authorization Board (JAB). This federal government certification enables ZIA to meet civilian agencies’ high security requirements, as well as those of the Department of Defense (DoD) and other intelligence organizations. ZIA is currently the only Secure Access Service Edge (SASE) Trusted Internet Connections (TIC) 3.0 solution that has achieved FedRAMP’s highest authorization. FedRAMP High authorization indicates to federal decision-makers that ZIA and ZPA have undergone rigorous audits of critical security controls to protect the government’s most sensitive unclassified data in remote cloud computing environments. The company’s Zscaler Private Access™ (ZPA™), the other key component of the Zscaler Zero Trust Exchange platform, is also JAB High authorized, and along with ZIA, comprise the JAB High authorized Zscaler Zero Trust Exchange™ for federal customers. The certification confirms that ZIA can securely connect government users to external applications, including SaaS applications and internet destinations, regardless of device, location, or network, providing superior cyber and data protection for mission-critical government information. With both ZIA and ZPA now JAB-High authorized, agencies can resolve ongoing user experience and cost challenges associated with securing the explosive use of cloud-based applications. These challenges include continued poor user experience through VPNs, security risks from users who bypass VPNs leading to a lack of visibility and protection, and increased network usage costs associated with backhauling the growing volume of internet traffic flowing through the government's TIC. Since achieving FedRAMP Moderate certification in 2018, Zscaler, a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge (SSE) – a security-specific component in the SASE framework – has completed SSE deployments for more than 100 US federal government and federal systems integrator customers at the Moderate impact level. Many of these deployments supported the requirements of the Executive Order 14028, including zero trust, as well as met TIC 3.0 use cases. "This FedRAMP High authorization elevates Zscaler and our support of the US government as currently the only cloud security company with two FedRAMP High JAB authorizations in the market," said Drew Schnabel, Vice President of Federal at Zscaler. Federal agencies, DoD commands, and federal contractors can now take full advantage of the Zero Trust Exchange at the JAB High or Moderate level. Customers can align their security posture with their workload requirements and meet Executive Order 14028 zero trust goals at all levels available under the FedRAMP program. “Delivering zero trust and SASE through FedRAMP authorized platforms at the highest impact levels is crucial for the security of our nation's future. “Zscaler committed to our customers that we would deliver a comprehensive zero trust and SASE platform at the High and Moderate baseline levels. Today, we are proud to announce we have met that commitment. The Zscaler team continues to follow the guidance of Executive Order 14028, CISA’s TIC 3.0 and zero trust use cases, DOD/DISA’s National Defense Authorization Act, and our customers and partners. We are delivering FedRAMP High authorized cloud platforms, while helping agencies modernize and transform their legacy cybersecurity environments to cloud-based SASE and zero trust solutions.” Stephen Kovac, Chief Compliance Officer at Zscaler “FedRAMP High is a must-have for many federal agency deployments,” said Zeus Kerravala, Founder and Principal Analyst at ZK Research. “We see more and more CISOs and CIOs across state and local government, education, and the private sector recognizing the value of a third-party validated security assessment.” The Zero Trust Exchange is a cloud-native security platform that securely connects any user, device, and application, regardless of location. Following the principle of least-privileged access, the platform establishes trust through user identity and context – including location, device, application, and content – and then creates secure, direct connections based on policy enforcement. The platform supports IT federal mission transformation by reducing costs, eliminating the internet attack surface, and preventing lateral movement of threats while providing an excellent user experience. The Zscaler Zero Trust Exchange is powered by the world’s largest security cloud, with more than 10 years of operational excellence enabling the processing of more than 240 billion daily transactions and stopping over seven billion threats and policy violations per day for the largest, most demanding organizations around the globe. Today’s news builds on recent announcements including: Zscaler Private Access Achieves DoD Impact Level 5 (IL5) Zscaler is chosen to run a pilot program in support of Executive Order 14028 by the National Institute of Standards and Technology (NIST) Zscaler is First Zero Trust Remote Access Cloud Service to Achieve FedRAMP-High JAB Authorization ZIA™ receives Authorization to Operate (ATO) at the Moderate Impact level Zscaler is a Leader in the 2022 Gartner Magic Quadrant for Security Service Edge (SSE), following up 10 consecutive years as a Leader in the Gartner Magic Quadrant for Secure Web Gateway About FedRAMP FedRAMP is a government-wide program with input from numerous departments, agencies, and government groups. The program’s primary decision-making body is the Joint Authorization Board (JAB), comprised of the CIOs from DOD, DHS, and GSA. In addition to the JAB, other organizations such as OMB, the Federal CIO Council, NIST, DHS, and the FedRAMP Program Management Office (PMO) also play key roles in effectively running FedRAMP. Using a “do once, use many times” framework, the program ensures information systems/services used government-wide have adequate information security; eliminates duplication of effort and reduces risk management costs; and enables rapid and cost-effective procurement of information systems/services for federal agencies. About Zscaler Zscaler accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Xage Recognized in 2022 Gartner® Innovation Insight for Cyber-Physical Systems Protection Platforms

Xage | August 20, 2022

Xage, the zero trust real-world security company, was recently cited as a Representative Vendor among CPS Protection Platforms in Gartner 2022 Innovation Insight for Cyber-Physical Systems Protection Platforms report. The company was also named in Gartner 2022 Market Guide for Operational Technology Security. “As organizations connect operational or mission-critical systems, or deploy automation and digital transformation technology, they create cyber-physical systems (CPS) that security and risk management leaders must accommodate. Enter cyber-physical systems protection platforms — new solutions for a new security reality,” said Gartner analysts Katell Thielemann. “The changing technology and threat landscape is forcing security and risk management leaders to think about security differently when it comes to CPS. A new discipline of CPS asset-centric security is evolving, anchored by a new set of CPS protection platform vendors.” Asset-centric security allows operators to move beyond the old network-centric security model – aiming to keep hackers off the network – to a modern security architecture that protects access to each asset individually regardless of who has network-level presence. In fact, Gartner predicts that through 2025, 70% of companies will deploy CPS protection platforms as the first step in their asset-centric journey. “An asset-centric approach to access management – implementing strong credentials, password rotation, multi-factor authentication (MFA) and asset-by-asset access control – is critical to protect assets from attack. “Xage has seen in our customer deployments how an asset-centric security approach enables strong zero trust protection which can be achieved without ripping and replacing existing systems and infrastructure.” Duncan Greatwood, CEO of Xage Xage helps operators protect their assets using an identity-centric, asset-centric zero trust architecture. Xage’s capabilities include identity-based access management and privilege enforcement, zero trust remote access, multi-layer multi-factor authentication (MFA), and dynamic data security that protects sensitive operational data. About Xage Xage is the first and only zero trust real-world security company. The Xage Fabric accelerates and simplifies the way enterprises secure, manage and transform digital operations across OT, IT, and cloud. Xage solutions include Identity & Access Management (IAM), remote access, and dynamic data security, all powered by the Xage Fabric. To explore how the Xage Fabric can secure and transform your organization, visit Xage.com. Xage is currently offering a free trial for secure remote access to qualified critical infrastructure operators.

Read More