McAfee Report Demonstrates That Data Is Widely Dispersed in the Cloud Beyond Most Enterprise Control

mcafee | February 12, 2020

McAfee, the device-to-cloud cybersecurity company, today released a new research study titled Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report . The results describe the broad distribution of data across devices and the cloud, highlighting critical gaps for enterprise security. Seventy-nine percent of companies surveyed store sensitive data in the public cloud. While these companies approve an average of 41 cloud services each, up 33 percent from last year, thousands of other services are used ad-hoc without vetting. In addition, 52 percent of companies use cloud services that have had user data stolen in a breach. By leaving significant gaps into the visibility of their data, organizations leave themselves open to loss of sensitive data and to regulatory non-compliance.

Spotlight

David Dwyer Cyber Compliance Adviser with Cyber Risk International outlines who benefits in an organisation by having a structured ISMS (Information Security Management System).

Spotlight

David Dwyer Cyber Compliance Adviser with Cyber Risk International outlines who benefits in an organisation by having a structured ISMS (Information Security Management System).

Related News

Backed by Clearlake Capital and TA Associates, Ivanti announces MobileIron to further automate and safe endpoints

prnewswire | September 28, 2020

Ivanti, Inc. , which automates IT and Security Operations to discover, manage, secure and service from cloud to edge, and is backed by affiliates of Clearlake Capital Group, L.P. (together with its affiliates, "Clearlake") and TA Associates, today announced it has signed definitive agreements to acquire MobileIron Inc. ("MobileIron"), a leading provider of mobile-centric unified endpoint management solutions, and Pulse Secure LLC ("Pulse Secure"), a leading provider of secure access and mobile security solutions.

Read More

NETWORK THREAT DETECTION

Solvo ReInvents Cloud Identity and Access Management with IAMagnifier

Solvo | November 30, 2021

Solvo, a security automation enabler for cloud development and production environments", announced today the availability of its "IAMagnifier" – a cloud SaaS security platform, enabling developers, DevOps and cybersecurity stakeholders working in cloud development environments to reduce potential cybersecurity threats caused by misconfigured access permissions to cloud assets. To truly enable a secured, yet productive development environment, a "least-privileged" permission mechanism should be employed – by using this methodology, the access level for each asset is defined by answering the question "How can I prevent access to that asset from anyone or anything other than anyone or anything that is supposed to access it to perform their intended task?". Today, security-minded developers and security stakeholders within the organization had to manually inspect security permissions configurations for each asset, compare the permission levels found within the specific asset's configuration to the permission level stated by the relevant organizational policies, and if the actual permission level is too lenient – rectify the situation by updating the asset's permission configuration. In addition to the need to perform these set of activities for each individual asset, a task which might entail an enormous waste of time and effort, the permission level to which the "wrong" configuration should be updated to may not be the best one according to the specific characteristics of each individual asset. "Solvo's IAMagnifier turns this cumbersome, lengthy, inefficient, and error-prone process of managing cloud assets' access permissions, into an automated, centralized, fast and decision-assisted experience,It does so by constantly inspecting the assets' access permissions configurations, analyzing gaps between the current and desired permission level, suggests the needed changes to the configuration, and performs these changes if approved by the user." Solvo's Co-founder and CEO, Shira Shamban To present the most relevant and updated data about permission levels and potential risks derived from permission level gaps, Solvo's IAMagnifier offers visual experience, which turns boring tables and records into easy to comprehend mapping of connections and dependencies between Roles, Policies, assets and users. The IAMagnifier also highlights what its analyzer has declared as "excessive permissions", and suggests an alternative, least-privileged permission policy, which can then be enforced by the user just by approving the suggestion. Unlike traditional infrastructure default definitions or human-set definitions, the "excessive" permission status definition and the alternative permission suggestion the IAMagnifier highlights and suggests are derived from analyzing actual real behaviour of the application and finding the balance between preventing unrequired access by irrelevant stakeholders, and keeping an uninterrupted workflow for relevant stakeholders (i.e least-privileged). Sylvie Veilluex, Solvo's advisor and former CIO of Dropbox, added: "The team has been offering early access to the IAM Magnifier to selected customers, and the feedback has been nothing short of amazing. One of the CEO whose company was using the IAMagnifier went on to declare the ability to easily see the company's security posture, and effortlessly enhance it, made scaling the company's cloud and business infrastructure frictionless and even enjoyable." Solvo's team will present IAM Magnifier during AWS' Re:Invent conference, which takes place in Las Vegas, NV, between November 29th and December 3rd, 2021. Solvo will also be providing a free AWS S3 Bucket policy auditing during the conference, and visitors can schedule a meeting with the team for a chance to get back from Vegas with a win. About Solvo Solvo allows security teams to empower software developers and accelerate their cloud delivery. The developer-centric security platform creates and maintains a least-privilege security policy for cloud native applications. It adapts the security configuration to every environment, creates it from scratch and monitors for changes, integrating with existing workflows seamlessly and automatically.

Read More

DATA SECURITY

EclecticIQ, CyberSecurity Malaysia, and Syntx Signed MOU to Improve Malaysia's Cybersecurity Posture

EclecticIQ | January 27, 2022

At a virtual ceremony, the government agency providing specialized cybersecurity services, CyberSecurity Malaysia (CSM), a leading global threat intelligence, hunting, and response technology provider, EclecticIQ, and a Malaysian cybersecurity company, Syntx, signed a Memorandum of Understanding (MOU). The three organizations have committed to engaging in various activities targeted at enhancing Malaysia's and Southeast Asia's cybersecurity postures to address escalating threats. Expanding the use of cyber threat intelligence (CTI), a type of cybersecurity that focuses on gathering and evaluating information about current and possible attacks, is one of the main objectives. Chief executive officer for CyberSecurity Malaysia, Dato' Ts. Dr. Haji Amirudin Bin Abdul Wahab FASc, said, "CSM is pleased to work with an international industry player and partner with a local SME that have the same shared core beliefs to empower prudent cybersecurity practices. It is timely to forge this strategic collaboration that will drive higher awareness and adoption of cyber threat intelligence in Malaysia." The three organizations plan to collaborate on a joint research publication on a CTI topic relevant to the region, support the creation of a centralized CTI knowledge base, and provide practical guidance on the use of CTI methods through case studies, including lessons learned from CSM's deployment of the EclecticIQ Threat Intelligence Platform. All actions will align with the Malaysia Cyber Security Strategy 2020-2024 and will support it. "As a global leader in threat intelligence technology, we advocate for a safer world through collaboration. Building strong partnerships in the fight against cyber threats is an important part of that advocacy. This memorandum will further strengthen collaboration and represent an important milestone in our efforts to empower Malaysia and the entire Southeast Asia region with tools and technologies to enhance cyber situational awareness. In addition, we are honored by the confidence placed in EclecticIQ by the Malaysian government and our partner Syntx." CEO and founder of EclecticIQ, Joep Gommers Chief executive officer for Syntx Sdn Bhd, Fadzril Azhar, stated"Syntx is honored to be a part of this collaboration, which manifests the trust placed in us by both parties and provides significant encouragement for us to work harder. We are committed to grow more local capabilities and capacities in cybersecurity, especially around cyber threat intelligence."

Read More