Cloud Security
Cisco | September 15, 2023
Cisco Secure Application, new to the Cisco Full-Stack Observability Platform, brings application and security teams together to secure cloud-native application development and deployment.
The platform integrates Cisco's industry-leading security products' security intelligence with application performance data to provide business context with security findings.
Cisco-exclusive business risk observability enables IT professionals to identify, assess, and prioritize risk and fix application security concerns based on potential business impact.
Cisco, a worldwide technology leader that offers innovative software-defined networking, cloud, and security solutions, has unveiled the availability of the Cisco Secure Application, formerly known as Security Insights for Cloud Native Application Observability, on the Cisco Full-Stack Observability platform. This integration empowers organizations to seamlessly unite their application and security teams, facilitating the secure development and deployment of modern applications. The latest release of Cisco Secure Application extends its capabilities to securely manage both cloud-native and hybrid applications.
In an effort to assist organizations in bolstering their cloud-native applications security, Cisco has introduced the new Cisco Secure Application offering, which is available on Cisco's recently introduced Full-Stack Observability platform. This solution equips customers with enhanced visibility and intelligent insights regarding business risk in various cloud environments.
As a result, businesses gain the ability to more effectively prioritize and respond to security risks that could impact revenue and reputation in real time, leading to a reduction in overall organizational risk profiles.
As organizations strive to provide smooth digital experiences, IT teams have faced growing demands to transition to modern, distributed applications.
According to a recent study by Cisco, 92% of global technologists acknowledge that the urgency to innovate and adapt to evolving customer needs has often resulted in compromised application security during software development.
As a consequence, organizations have become susceptible to security vulnerabilities and threats. They face broader attack surfaces and gaps in their application security layer due to the isolation of teams. These teams face challenges in obtaining adequate visibility and the necessary business context for prioritizing vulnerabilities. Consequently, organizations are witnessing a surge in security incidents within the modern environment, thereby jeopardizing customer data and the reputation of their businesses.
Mark Leary, Research Director, IDC, stated,
Cisco's extensive domain experience across multi-cloud and hybrid environments and comprehensive full tech stack oversight positions the company well to assist customers bring business risk observability, application observability, and security intelligence data together. Combined, they give customers access to the critical information they need to make smarter decisions about their application security
[Source – Cision PR Newswire]
Senior VP and General Manager of Cisco Full-Stack Observability and AppDynamics, Ronak Desai, said,
An organization's ability to swiftly assess risks based on potential business impact, align teams and triage threats is entirely dependent on understanding where vulnerabilities exist, the severity of those risks, the likelihood they’ll be exploited, and the risk to the business of each issue. This business risk observability can enable IT professionals understand and prioritize those risks and is uniquely delivered by Cisco. The availability of Cisco Secure Application on the Cisco Full-Stack Observability platform is a crucial next step in our commitment to providing customers with the tools they need to provide unmatched and secure digital experiences across multi-cloud and hybrid environments.
[Source – Cision PR Newswire]
Read More
Software Security
Palo Alto Networks | November 08, 2023
Palo Alto Networks plans to acquire Talon Cyber Security to enhance its Secure Access Service Edge (SASE) solution.
Talon's Enterprise Browser technology, when integrated with Prisma SASE, will provide secure access to business applications.
The acquisition reflects the importance of adapting SASE solutions to ensure consistent security for unmanaged devices.
Palo Alto Networks, a global cybersecurity leader, has announced its intent to acquire Talon Cyber Security, an enterprise browser technology pioneer, to enhance its Secure Access Service Edge (SASE) solution and provide comprehensive protection for managed and unmanaged devices. In today's digital landscape, unmanaged devices often connect to enterprise applications without adequate security measures, making them susceptible entry points for attackers seeking to access sensitive information.
Lee Klarich, Chief Product Officer of Palo Alto Networks, emphasized the importance of securing all work activity through an Enterprise Browser without compromising device privacy to protect users and applications effectively. He continued that the integration of Talon's technology with Prisma SASE aims to provide consistent security for all users and devices. Anand Oswal, SVP and GM at Palo Alto Networks highlighted the significance of securing unmanaged devices with the same robust security as managed devices, especially in today's dynamic threat landscape. HE further stated that the combination of Prisma SASE and Talon's Enterprise Browser is poised to revolutionize security measures in modern digital environments.
Talon Cyber Security's Enterprise Browser technology offers an innovative solution that, when integrated with Prisma SASE, will enable users to securely access business applications from any device, including non-corporate devices, while ensuring a seamless user experience. This strategic move by Palo Alto Networks addresses the evolving security challenges in a connected world.
Talon's Co-Founder and CEO, Ofer Ben-Noon, acknowledged the shifting work models and user preferences and the need for powerful last-mile security solutions. Talon's Enterprise Browser is designed to offer familiar user experiences with enterprise-grade protection. Ben emphasized that partnership with Palo Alto Networks is seen as a catalyst to accelerate its mission of delivering superior outcomes for customers.
Talon, founded by Ofer Ben-Noon and Ohad Bobrov, secured the RSA Conference's Innovation Sandbox contest in 2022. The co-founders will continue to lead their teams within the Prisma SASE team at Palo Alto Networks upon the completion of the acquisition.
Anand Oswal, Senior Vice President and General Manager at Palo Alto Networks, highlighted the advantages and security risks associated with Bring Your Own Device (BYOD) policies. He noted that Talon's Enterprise Browser provided security teams enhanced visibility and control over work-related Software as a Service (SaaS) and web activity across all devices, including personal and unmanaged endpoints. Anand emphasized the need for Secure Access Service Edge (SASE) solutions to adapt in order to secure unmanaged devices with the same consistent security measures applied to managed devices. This would enable users to access business applications securely from any device and location.
Read More
Enterprise Security
VentureBeat | September 27, 2023
Microsoft announced a series of new enterprise security features today that use artificial intelligence (AI) to help defend Windows 11 against increasingly sophisticated cyberattacks. The tech giant claims its new AI capabilities will reduce security incidents by 60% and firmware attacks by 300% for businesses using the latest version of its software.
Microsoft’s vice president of enterprise and OS security, David Weston, explains in a company blog post that was published today specifically how AI is being used to fortify Windows 11 against sophisticated attacks, ranging from malware to firmware threats, and even nation-state attacks.
At the heart of this AI-focused security upgrade is the integration of Microsoft’s Pluton Security Processor and Secured-core PCs. Both systems leverage AI algorithms to isolate sensitive data and provide defense against potential threats. IT professionals should note that these Secured-core PCs are reported to be 60% more resilient to malware than non-Secured-core PCs, a significant improvement in system defenses.
Microsoft’s AI strategy also appears to be forward-thinking, with the company starting to adopt memory safe languages like Rust for traditional attack targets. Rust’s memory safety features without garbage collection make it an ideal language for building reliable and efficient systems, further multiplying the cybersecurity benefits.
The end of passwords? Microsoft’s groundbreaking move
Perhaps most notable among today’s announcements is Microsoft’s push towards a passwordless future, a move that could fundamentally alter the landscape of cybersecurity.
Microsoft’s AI will now be used to develop and implement passkeys — unique, unguessable cryptographic credentials securely stored on a user’s device, which have the potential to replace traditional multi-factor authentication. This is a substantial leap forward in phishing protection, making it considerably more difficult for hackers to exploit stolen passwords.
Microsoft says that its AI system analyzes more than 65 trillion security signals per day— with more than 4,000 password attacks every second — to identify suspicious login attempts and request additional identity verification when needed in the new system.
The company also revealed a new capability called Config Refresh that relies on AI to detect and revert unwanted changes to device policies in near real-time. This allows IT teams to lock down device settings while leveraging intelligence to accommodate legitimate policy updates.
Microsoft pioneers a new cybersecurity path with AI
The company’s commitment to AI solutions aligns with its longstanding strategy of positioning itself as a leader in enterprise computing. By weaving AI into the fabric of Windows 11, Microsoft is demonstrating its commitment to providing businesses with secure, reliable, and forward-thinking solutions.
Business analysts see this as a clear indicator of Microsoft’s strategy to leverage its AI prowess to drive growth and cement its position in the enterprise data and AI market. Given the increasing importance of cybersecurity in the modern business landscape, Microsoft’s investment in AI could pay significant dividends.
However, the real test of these new AI-powered features will be their effectiveness against real-world threats. As cyber threats continue to evolve, so too must our defenses. If Microsoft’s AI enhancements can live up to their promise, they will represent a significant advance in cybersecurity and a potent tool in the fight against cybercrime.
As AI continues to transform enterprise data and security, it’s clear that companies like Microsoft are leading the charge. By harnessing the power of AI, Microsoft is not just shaping its future but also the future of cybersecurity as a whole. Only time will tell how these developments play out, but one thing is certain: the era of AI-driven cybersecurity is here, and Microsoft is at its helm.
Read More