SOFTWARE SECURITY

Lookout and CipherCloud Together are Ready to Redefine Security from Endpoint to Cloud

Lookout | March 15, 2021

In the current event, Lookout, Inc announced that it had acquired CipherCloud. Lookout, Inc is a leading cybersecurity company. It is now joining hands with CipherCloud, a leading cloud-native security company, operates in the emerging Secure Access Service Edge (SASE) market. They both blaze a new path together to combine and create an integrated endpoint-to-cloud security solution. By this combination, Lookout will be in a unique position to deliver the industry's first end-to-end platform that will secure an organization's entire data path from an endpoint to the cloud. This will later empower customers with a single source of unified policies and provide end-to-end security to accelerate their digital transformation.

CipherCloud solutions are related to several developing SASE categories. This includes Secure Web Gateway (SWG), Zero-Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), and Data Loss Prevention (DLP). Together these solutions will deliver data security, comprehensive visibility, threat protection, and compliance for cloud-based applications. Familiar to this, CipherCloud has already been providing services to many of the world's largest global enterprises and government institutions seeking protection and security through cloud technology.

The purpose of this integrated endpoint-to-cloud security solution is accelerated by the adoption of cloud applications, proliferation of remote users, data transitioning of the corporate data center into the cloud, and more network traffic flowing to public cloud services. To tackle the security challenges caused by the above trends, businesses in this industry need a cohesive platform that can track activity and enforce policies from the endpoint device to cloud-based applications. And the need to stop zero-day attacks on data information across the entire end-to-end path, this integrated solution can fill the gaps immediately, keeping all information secured in one place.

Jim Dolce, CEO of Lookout, highlights this acquisition. Gartner forecasts that the SASE market will nurture at a CAGR of 42% over the next five years and would reach almost $11 billion by 2024. With the acquisition of CipherCloud, Lookout is head-on with the transformation to cloud infrastructure and is in a unique position to deliver value to its customers.

Besides all, the integration of CipherCloud and Lookout technologies will also remove friction, augment usability and convenience, enable user freedom and reduce operational costs compared to a collection of siloed point products. The integrated Lookout platform will authorize a growing number of businesses to deliver critical applications to users working anywhere securely.

Jim Dolce, CEO, Lookout, puts his words expressing his version about this acquisition. He says that "We couldn't be more excited to welcome the CipherCloud team to Lookout. Our two organizations share a common passion for accelerating cloud adoption with cloud-native solutions that secure critical data." Joining hands with CipherCloud is the next phase of our enterprise market expansion. By this, we will be extending our reach from endpoint into cloud, where the applications and data reside. Through this combination, we will deliver endpoint-to-cloud security by keeping elements of our solutions together into a single cloud-delivered offering."

Apart from this, Pravin Kothari, Founder, and CEO, CipherCloud, also speaks, "as a pioneer of the Cloud Access Security Broker market, CipherCloud has allowed organizations worldwide to achieve their digital transformation. Today, we take the exciting next step on the road to SASE by integrating our strengths with Lookout to deliver endpoint-to-cloud security for the modern workforce."

Spotlight

Organizations handling transactions involving credit or debit cards are facing increasing pressure to comply with the Payment Card Industry Data Security Standard (PCI DSS) version 3, which established various requirements for safeguarding an organization's relevant systems and networks, comprising the Cardholder Data Environment. With strong requirements, organizations are challenged with the tasks of implementing multi-factor authentication, access control and activity reporting tools or practices, particularly for privileged or administrative access to these systems.

Spotlight

Organizations handling transactions involving credit or debit cards are facing increasing pressure to comply with the Payment Card Industry Data Security Standard (PCI DSS) version 3, which established various requirements for safeguarding an organization's relevant systems and networks, comprising the Cardholder Data Environment. With strong requirements, organizations are challenged with the tasks of implementing multi-factor authentication, access control and activity reporting tools or practices, particularly for privileged or administrative access to these systems.

Related News

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Living Security Announces Partnership Agreement with GuidePoint Security

Living Security | January 02, 2023

Living Security, the pioneer in human risk management, announced entering into a strategic partnership with GuidePoint Security, a renowned value-added reseller (VAR) that enables enterprises to make more informed cybersecurity decisions and reduce their risk exposure. The partnership will combine GuidePoint Security's ecosystem with Living Security's industry-leading human risk management products and security awareness training. "According to the Computer Emergency Response, cyberattacks have been ranked as the fifth most significant danger for the year 2020 and have become the standard in both the public and private sectors." Each day, the number of cybersecurity events continues to rise, and the vast majority of these problems can be traced back to human action. Using a data-driven methodology, Living Security enables security directors to identify the most vulnerable elements of their workforce in order to decrease human risk exposure, control the contribution to overall risk over time, and alter organizational behavior. About Living Security Living Security's objective is to transform human risk in order to generate a dramatic increase in human behavior, organizational security culture, and information security program efficacy. With the company's Human Risk Management platform, Living Security connects each employee with creative and pertinent context and content while simultaneously enabling management to recognize, report on, and proactively mitigate the risk posed by human behavior. Living Security is trusted by security-conscious firms such as MasterCard, MassMutual, Verizon, Biogen, Hewlett Packard, AmerisourceBergen, and Target. About GuidePoint Security GuidePoint Security offers dependable cybersecurity insights, solutions, and services that enable businesses to make risk-averse decisions. The company's specialists serve as trusted advisors by evaluating the cybersecurity posture and ecosystem in order to identify risks, maximize resources, and deploy the most appropriate solutions. GuidePoint's unparalleled knowledge has enabled a third of Fortune 500 organizations and over half of U.S. cabinet-level agencies to enhance their security posture and decrease risk.

Read More

DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

Qualys Introduces TotalCloud with FlexScan Delivering Cloud-Native VMDR

Qualys | November 02, 2022

Qualys, Inc., a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, is announcing TotalCloud with FlexScan delivering cloud-native VMDR with Six Sigma Accuracy via agent and agent-less scanning for comprehensive coverage of cloud-native posture management and workload security across multi-cloud and hybrid environments. As business applications and on-premises infrastructure migrate to the cloud, security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Additionally, teams must deal with a plethora of industry acronym-driven point solutions that provide a fragmented view of risk without context. This approach increases security costs and complexity while leaving cloud applications vulnerable to attacks. "Qualys is enhancing its widely used platform to deliver visibility, context, speed, automation, and orchestration in a comprehensive solution to help organizations scale their security and compliance programs for modern software development. "Qualys TotalCloud incorporates security into development workflows, enabling them to release secure, reliable code while giving security teams the control and visibility they need to manage risk by reducing their attack exposure and rapidly responding to threats." Melinda Marks, senior analyst at ESG "As a finance organization, we need a continuous view of the security and compliance posture across our cloud applications, with clear insights into risk," said Prabhuram Rajarathinam, CISO at Cholamandalam Investment and Finance Company. "Qualys TotalCloud with FlexScan will enable our cloud security and DevOps teams to use the multiple assessments to further strengthen the security of our cloud applications." With more than 31 million workloads already secured by Qualys, Qualys TotalCloud extends the industry-leading accuracy of VMDR with cloud-native FlexScan assessments to unify Cloud Posture Management and Cloud Workload Security in a single view with risk insights. TotalCloud automates inventory, assessment, prioritization and risk remediation via an easy-to-use drag-and-drop workflow engine for continuous and zero-touch security from code to production cloud applications. Qualys FlexScan Qualys TotalCloud introduces FlexScan a comprehensive cloud-native assessment solution that allows organizations to combine multiple cloud scanning options for the most accurate security assessment of their cloud environment. Security teams will have multiple hybrid assessment capabilities to secure the entire cloud attack surface including: Zero-touch, agent-less, cloud service provider API-based scanning for fast analysis. Virtual appliance-based scanning to assess unknown workloads over the network for open ports and remotely exploitable vulnerability detection. Snapshot assessment that mounts the workload snapshot for periodic offline scanning including vulnerabilities and OSS scanning. Qualys Cloud Agents in the workload for comprehensive, real-time vulnerability, configuration and security assessment. Qualys TotalCloud provides security teams with: Immediate multi-cloud posture insights - The unified cloud posture dashboard provides inventory, security and compliance posture insights across multi-cloud environments in minutes. Teams can easily identify and prioritize the misconfigurations that cause the highest risk with additional context on workload vulnerability and security posture. Unified security view to prioritize cloud risk with TruRisk - A single view of cloud security insights across cloud workloads, services and resources is provided via the console. Additionally, Qualys TruRisk quantifies security risk by workload criticality and vulnerability detections and correlates it with ransomware, malware and exploitation threat intelligence to prioritize, trace and reduce risk. Fast remediation with no code, drag-and-drop workflows - The integration of QFlow technology into TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-profile threats, remediating misconfigurations, and quarantining high-risk assets. Shift-left security to catch issues early– TotalCloud provides shift-left security integrated into developers existing CI/CD tools to continuously assess cloud workloads, containers and Infrastructure as Code (IaC) artifacts. This allows for the rapid identification of security exposures and remediation steps during the development, build and pre-deployment stages while providing support for the major cloud providers including AWS, Azure and Google Cloud. "Cloud security is getting very fragmented with too many point solutions, which brings more complexity," said Sumedh Thakar, president and CEO of Qualys. "Our customers want seamless, comprehensive insight into cyber risk across their multi-cloud and non-cloud assets. With our innovative TotalCloud offering, we bring flexible, high-quality cloud-native risk assessment to our customer base as they look to expand into the cloud with Qualys." About Qualys Qualys, Inc. is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Keeper Security Announces StateRAMP Authorization

Keeper Security | December 08, 2022

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, today announced that the company has obtained StateRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC). The nationwide StateRAMP cybersecurity verification program promotes the adoption of secure cloud services across state and local governments by providing a standardized approach to security and risk assessment for cloud technologies. StateRAMP Authorization differentiates KSGC from its competitors as the best in class zero-trust and zero-knowledge security solution for state and local governments, as well as higher-educational institutions, to protect their passwords, data, and secrets. StateRAMP Authorization enables these governments and organizations to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations. It allows them to leverage Keeper's password management and cybersecurity platform on an institution-wide scale with confidence that the solution meets strict standardized security requirements. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent security and compliance requirements. Keeper's StateRAMP Authorization comes on the heels of KSGC achieving FedRAMP Authorization at the Moderate Impact Level in August 2022. While StateRAMP Authorization typically takes two years to complete, KSGC's existing FedRAMP Authorization accelerated the certification. To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. Now, KSGC is the first and only FedRAMP and StateRAMP Authorized password management platform in the industry. "We are proud to bring Keeper's password management and cybersecurity platform to StateRAMP Authorized status, and thrilled to be the first FedRAMP and StateRAMP Authorized password management platform. "KSGC's StateRAMP Authorization underscores our dedication to the highest standards of internal security controls and encryption. Keeper is eager to help state and local governments and higher-educational institutions protect their digital assets from ransomware, data breaches and other password-related cyberattacks." Darren Guccione, CEO and Co-Founder of Keeper Security Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC. KSGC's FedRAMP and StateRAMP Authorizations follow a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data. About Keeper Security Keeper Security is transforming the way organizations of all sizes secure their passwords, secrets and confidential information. Keeper's easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device, while meeting the most stringent government security and compliance requirements. Keeper is SOC 2 and ISO 27001 certified, FIPS 140-2 validated, FedRAMP and StateRAMP Authorized. Trusted by federal agencies including the Departments of Justice and Energy, Keeper is the leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More