ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Living Security | January 02, 2023
Living Security, the pioneer in human risk management, announced entering into a strategic partnership with GuidePoint Security, a renowned value-added reseller (VAR) that enables enterprises to make more informed cybersecurity decisions and reduce their risk exposure.
The partnership will combine GuidePoint Security's ecosystem with Living Security's industry-leading human risk management products and security awareness training.
"According to the Computer Emergency Response, cyberattacks have been ranked as the fifth most significant danger for the year 2020 and have become the standard in both the public and private sectors."
Each day, the number of cybersecurity events continues to rise, and the vast majority of these problems can be traced back to human action. Using a data-driven methodology, Living Security enables security directors to identify the most vulnerable elements of their workforce in order to decrease human risk exposure, control the contribution to overall risk over time, and alter organizational behavior.
About Living Security
Living Security's objective is to transform human risk in order to generate a dramatic increase in human behavior, organizational security culture, and information security program efficacy.
With the company's Human Risk Management platform, Living Security connects each employee with creative and pertinent context and content while simultaneously enabling management to recognize, report on, and proactively mitigate the risk posed by human behavior. Living Security is trusted by security-conscious firms such as MasterCard, MassMutual, Verizon, Biogen, Hewlett Packard, AmerisourceBergen, and Target.
About GuidePoint Security
GuidePoint Security offers dependable cybersecurity insights, solutions, and services that enable businesses to make risk-averse decisions. The company's specialists serve as trusted advisors by evaluating the cybersecurity posture and ecosystem in order to identify risks, maximize resources, and deploy the most appropriate solutions. GuidePoint's unparalleled knowledge has enabled a third of Fortune 500 organizations and over half of U.S. cabinet-level agencies to enhance their security posture and decrease risk.
DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS
Qualys | November 02, 2022
Qualys, Inc., a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, is announcing TotalCloud with FlexScan delivering cloud-native VMDR with Six Sigma Accuracy via agent and agent-less scanning for comprehensive coverage of cloud-native posture management and workload security across multi-cloud and hybrid environments.
As business applications and on-premises infrastructure migrate to the cloud, security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Additionally, teams must deal with a plethora of industry acronym-driven point solutions that provide a fragmented view of risk without context. This approach increases security costs and complexity while leaving cloud applications vulnerable to attacks.
"Qualys is enhancing its widely used platform to deliver visibility, context, speed, automation, and orchestration in a comprehensive solution to help organizations scale their security and compliance programs for modern software development. "Qualys TotalCloud incorporates security into development workflows, enabling them to release secure, reliable code while giving security teams the control and visibility they need to manage risk by reducing their attack exposure and rapidly responding to threats."
Melinda Marks, senior analyst at ESG
"As a finance organization, we need a continuous view of the security and compliance posture across our cloud applications, with clear insights into risk," said Prabhuram Rajarathinam, CISO at Cholamandalam Investment and Finance Company. "Qualys TotalCloud with FlexScan will enable our cloud security and DevOps teams to use the multiple assessments to further strengthen the security of our cloud applications."
With more than 31 million workloads already secured by Qualys, Qualys TotalCloud extends the industry-leading accuracy of VMDR with cloud-native FlexScan assessments to unify Cloud Posture Management and Cloud Workload Security in a single view with risk insights. TotalCloud automates inventory, assessment, prioritization and risk remediation via an easy-to-use drag-and-drop workflow engine for continuous and zero-touch security from code to production cloud applications.
Qualys TotalCloud introduces FlexScan a comprehensive cloud-native assessment solution that allows organizations to combine multiple cloud scanning options for the most accurate security assessment of their cloud environment.
Security teams will have multiple hybrid assessment capabilities to secure the entire cloud attack surface including:
Zero-touch, agent-less, cloud service provider API-based scanning for fast analysis.
Virtual appliance-based scanning to assess unknown workloads over the network for open ports and remotely exploitable vulnerability detection.
Snapshot assessment that mounts the workload snapshot for periodic offline scanning including vulnerabilities and OSS scanning.
Qualys Cloud Agents in the workload for comprehensive, real-time vulnerability, configuration and security assessment.
Qualys TotalCloud provides security teams with:
Immediate multi-cloud posture insights - The unified cloud posture dashboard provides inventory, security and compliance posture insights across multi-cloud environments in minutes. Teams can easily identify and prioritize the misconfigurations that cause the highest risk with additional context on workload vulnerability and security posture.
Unified security view to prioritize cloud risk with TruRisk - A single view of cloud security insights across cloud workloads, services and resources is provided via the console. Additionally, Qualys TruRisk quantifies security risk by workload criticality and vulnerability detections and correlates it with ransomware, malware and exploitation threat intelligence to prioritize, trace and reduce risk.
Fast remediation with no code, drag-and-drop workflows - The integration of QFlow technology into TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-profile threats, remediating misconfigurations, and quarantining high-risk assets.
Shift-left security to catch issues early– TotalCloud provides shift-left security integrated into developers existing CI/CD tools to continuously assess cloud workloads, containers and Infrastructure as Code (IaC) artifacts. This allows for the rapid identification of security exposures and remediation steps during the development, build and pre-deployment stages while providing support for the major cloud providers including AWS, Azure and Google Cloud.
"Cloud security is getting very fragmented with too many point solutions, which brings more complexity," said Sumedh Thakar, president and CEO of Qualys. "Our customers want seamless, comprehensive insight into cyber risk across their multi-cloud and non-cloud assets. With our innovative TotalCloud offering, we bring flexible, high-quality cloud-native risk assessment to our customer base as they look to expand into the cloud with Qualys."
Qualys, Inc. is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Keeper Security | December 08, 2022
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, today announced that the company has obtained StateRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC).
The nationwide StateRAMP cybersecurity verification program promotes the adoption of secure cloud services across state and local governments by providing a standardized approach to security and risk assessment for cloud technologies. StateRAMP Authorization differentiates KSGC from its competitors as the best in class zero-trust and zero-knowledge security solution for state and local governments, as well as higher-educational institutions, to protect their passwords, data, and secrets.
StateRAMP Authorization enables these governments and organizations to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations. It allows them to leverage Keeper's password management and cybersecurity platform on an institution-wide scale with confidence that the solution meets strict standardized security requirements. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent security and compliance requirements.
Keeper's StateRAMP Authorization comes on the heels of KSGC achieving FedRAMP Authorization at the Moderate Impact Level in August 2022. While StateRAMP Authorization typically takes two years to complete, KSGC's existing FedRAMP Authorization accelerated the certification. To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. Now, KSGC is the first and only FedRAMP and StateRAMP Authorized password management platform in the industry.
"We are proud to bring Keeper's password management and cybersecurity platform to StateRAMP Authorized status, and thrilled to be the first FedRAMP and StateRAMP Authorized password management platform. "KSGC's StateRAMP Authorization underscores our dedication to the highest standards of internal security controls and encryption. Keeper is eager to help state and local governments and higher-educational institutions protect their digital assets from ransomware, data breaches and other password-related cyberattacks."
Darren Guccione, CEO and Co-Founder of Keeper Security
Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC.
KSGC's FedRAMP and StateRAMP Authorizations follow a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data.
About Keeper Security
Keeper Security is transforming the way organizations of all sizes secure their passwords, secrets and confidential information. Keeper's easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device, while meeting the most stringent government security and compliance requirements. Keeper is SOC 2 and ISO 27001 certified, FIPS 140-2 validated, FedRAMP and StateRAMP Authorized. Trusted by federal agencies including the Departments of Justice and Energy, Keeper is the leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging.