New York strengthens cyber-security and consumer privacy protections with new law broadening definition of “breach”

New York Daily News | July 25, 2019

New York strengthens cyber-security and consumer privacy protections with new law broadening definition of “breach”
Companies will have to be more forthcoming with New Yorkers about cyber-attacks that jeopardize private data under a pair of new laws signed Thursday by Gov. Cuomo. The Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, updates New York’s laws concerning notification requirements and consumer data protection obligations and broadens the state Attorney General’s oversight regarding data breaches impacting New Yorkers. “The SHIELD Act is now the law of the land and provides better protections for consumers’ private information,” Attorney General Letitia James said. “New Yorkers deserve the peace of mind that companies will be held accountable for securing their information."

Spotlight

Sophisticated attacks on corporate servers must be deflected with powerful security. The challenge is finding a solution that provides the right level of protection, but that can still be efficiently and cost-effectively deployed and managed. Application Whitelisting keeps advanced and unknown threats from reaching servers, but has been complex and costly to implement. Sophos brings the power of Application Whitelisting to enterprise environments, via the cloud, making it the solution of choice for protecting servers and the confidential data that they contain.

Spotlight

Sophisticated attacks on corporate servers must be deflected with powerful security. The challenge is finding a solution that provides the right level of protection, but that can still be efficiently and cost-effectively deployed and managed. Application Whitelisting keeps advanced and unknown threats from reaching servers, but has been complex and costly to implement. Sophos brings the power of Application Whitelisting to enterprise environments, via the cloud, making it the solution of choice for protecting servers and the confidential data that they contain.

Related News
DATA SECURITY

Area 1 Security and SolCyber Partner to Deliver the Only Managed Preemptive Cloud Email Security to the Midmarket

Area 1 Security has been selected as the primary cloud email security provider for all customers of SolCyber, the first modern MSSP for the midmarket. Area 1's industry-first preemptive cloud email security stops phishing campaigns 24 days (on average) before they launch — keeping inboxes clean of threats that cause 95% of cybersecurity incidents. The SolCyber and Area 1 partnership brings best-in-class email protection to midsize organizations, which are increasingly targeted by phishing attacks. According to a recent survey by RSM US LLP in partnership with the U.S. Chamber of Commerce, 45% of mid-market executives said that social engineering attacks were successful last year — despite 90% of their organizations providing security awareness training. Additionally, 33% of mid-market executives disclosed that they experienced a ransomware attack or demand in 2020. The implications for mid-market organizations — which typically have fewer in-house resources and specialty expertise compared to larger organizations —are significant and costly. In fact, of the mid-market businesses that have experienced a cyberattack, 63% are unable to resume normal business operations for over a month. In one 12-month period, Area 1 Security prevented more than half a billion dollars in direct losses for its customers, including some of the world's largest healthcare, financial services, retail and consumer goods brands. Its cloud-scale solution is one of the core components in SolCyber's Foundational offering, a simple-to-implement curated technology stack, which also includes endpoint with EDR capabilities, lateral movement detection, and active directory and admin exploitation prevention. We're very excited about our partnership with Area 1 Security. They have an amazing web crawling infrastructure that gives early warning protection that really matters to our customers. It's not often you can find a preemptive security technology that really works, and provides immediate value,Our customers want to stop ransomware and other cyber threats to their businesses. Period. But they typically don't have the time or resources to build a mature security posture on their own. Area 1 fits seamlessly into our Foundational Coverage, it deploys in minutes and is highly scalable, accelerating our customers' time to realize true value. SolCyber CEO Scott McCrady "We are thrilled to partner with a modern MSSP with an extremely user-friendly model. Like Area 1, SolCyber is committed to making it easy for organizations of all sizes to deploy best-in-class cloud-based security," said Steve Pataky, chief revenue officer of Area 1 Security. "We look forward to getting all of SolCyber's customers to INBOX.CLEAN™ — an inbox free of ever-evolving threats that defraud companies of data, dollars and brand confidence." About SolCyber SolCyber, a ForgePoint company, is the first modern MSSP to deliver a curated stack of enterprise strength security tools and services that are streamlined, accessible and affordable for any organization. SolCyber is disrupting the status quo, by providing a new standard of managed security services that work to reduce cyber risk, wastage and complexity. We believe in a secure environment for all. For more information about SolCyber, visit solcyber.com or follow us at @SolCyberMss or on LinkedIn. About Area 1 Security Area 1 Security is the only company that preemptively stops Business Email Compromise, malware, ransomware and targeted phishing attacks. By focusing on the earliest stages of an attack, Area 1 stops phish — the root cause of 95 percent of breaches — 24 days (on average) before they launch. Area 1 also offers the cybersecurity industry's first and only performance-based pricing model, Pay-per-Phish. Area 1 is trusted by government agencies and Fortune 500 enterprises across financial services, healthcare, critical infrastructure and other industries, to preempt targeted phishing attacks, improve their cybersecurity posture, and change outcomes.

Read More

DATA SECURITY

BlueVoyant Partners with SentinelOne to Accelerate & Scale Endpoint Defense Against Advanced Cyber Attacks

BlueVoyant, a cybersecurity company, today announced a strategic partnership with SentinelOne, an autonomous cybersecurity platform company. The partnership will see BlueVoyant unite its unrivaled cybersecurity expertise with the advanced, automated endpoint detection and response capabilities of SentinelOne's Singularity Complete Suite to deliver exceptional Managed Detection and Response (MDR) services to clients. The cyber threat environment continues to intensify as organizations implement long-term distributed working solutions, and the number of endpoints proliferates as a result. This expanded attack surface is attracting more sophisticated, well-resourced, and persistent adversaries, putting pressure on businesses of all sizes to mount effective, multi-layered defense programs – often with limited financial and technical resources that do not match the scale of threats they face. Our partnership with SentinelOne aligns with BlueVoyant's goal to make best-of-breed technologies and services accessible to companies of all sizes. The SentinelOne Singularity Complete Suite, deployed alongside our elite 24/7 security operations experts, will empower our MDR service to deliver proactive defense and threat eradication capabilities. This gives customers confidence that their systems are well defended against sophisticated attacks. Milan Patel, Global Head of Managed Security Services at BlueVoyant BlueVoyant's MDR service is designed for new and existing SentinelOne customers, who are looking for an elite security operations partner to strengthen their cybersecurity posture and prevent disruptive attacks. It supports clients by monitoring, investigating, responding to, and mitigating advanced attacks on endpoints. Offering initial setup, continuous policy management and tuning, implemented by the experts in BlueVoyant's elite 24/7 security operations center, BlueVoyant MDR provides full-spectrum protection throughout the security event cycle. SentinelOne's Singularity Complete Suite provides single-agent, enterprise-grade attack prevention, detection, response and handling across endpoints, cloud and IoT, coupled with critical automations that lift the burden from analysts. It automatically correlates telemetry and maps it into the MITRE ATT&CK® framework, reducing manual investigation times and the risk of alert fatigue for SOC and IT analysts. Nicholas Warner, COO of SentinelOne, added: "BlueVoyant's MDR service gives customers access to advanced expertise not typically available in-house. By complementing those skills with the visibility and automation at the heart of our Singularity Complete suite, we have formed a compelling partnership that extends the scope of effective cybersecurity." Jim Rosenthal, CEO of BlueVoyant, concluded: "Our partnership will enable BlueVoyant to similarly advance the speed, scale, and accuracy of our MDR services, bringing enterprise-level cybersecurity within the reach of small to mid-sized businesses." About BlueVoyant At BlueVoyant, we recognize that effective cybersecurity requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem.

Read More

DATA SECURITY

Synack launches an app store experience for more flexible, smarter cybersecurity solutions

Synack, the premier crowdsourced platform for on-demand security expertise, today is giving customers the easiest, most flexible and most innovative approach for deploying critical cybersecurity solutions to defend against today's digital threats. Synack Campaigns empowers organizations with on-demand access to a community of 1,500 skilled and trusted ethical hackers to perform a range of tasks, from targeted security checks to cloud configuration assessments. Customers can take advantage of Campaigns through the Synack Catalog, which provides customers with an app store-like experience, to deploy Security Operations activities. These additions complement Synack's market-leading approach to crowdsourced cybersecurity with unparalleled abilities to integrate penetration testing — and other key security tasks — into organizations' security operations. This expansion lets customers extract more value from the Synack Platform and the Synack Red Team (SRT), Synack's network of the world's most skilled and trusted ethical hackers. This is a game changer,Cybersecurity shouldn't ever be a one-size-fits-all solution. We're expanding our platform to make it truly customizable, on-demand and seamless. Some customers need vigorous penetration testing while others may want a hacker to perform an emergency assessment. Now, they can do all of that on one easy-to-use platform. Jay Kaplan, Synack CEO SYNACK CAMPAIGNS Synack Campaigns give customers on-demand access to the SRT to meet specific needs and solve unique security issues. Campaigns deliver actionable security intelligence for application security, compliance, vulnerability management and more. Each Campaign consists of a group of Missions, or security tasks, which researchers perform. These can range from checking for OWASP Top 10 vulnerabilities, to cloud configuration checks, to get a hacker's perspective on an asset. SYNACK CATALOG The Synack Catalog allows customers to browse, launch and track Campaigns directly in the Synack Portal. It also enables organizations to take full advantage of SRT talent through the Synack Platform and gain critical security insights and knowledge to improve security across the entire enterprise. SYNACK CREDITS With Synack Credits, customers will have more flexibility than ever to purchase Campaigns that best suit their testing needs and take advantage of new and existing offerings at any given time. The options built into this approach mean organizations can utilize Synack's integrated and controlled platform as needed to supplement their own teams and technologies. "It's a simple, smarter, more agile and manageable approach to security," said Peter Blanks, Chief Product Officer at Synack. "We looked at what customers needed, and we delivered. This is a better approach to cybersecurity that's the most adaptable and accessible. We'll continuously innovate at the scale and speed our clients require to accommodate the dynamic threat landscape. Ultimately, this will make organizations more secure and, as a result, improve cybersecurity for everyone." ABOUT SYNACK: Synack is the premier crowdsourced platform for on-demand security expertise. The Synack Platform delivers 24/7 penetration testing, vulnerability management, and vulnerability assessment from a global network of trusted researchers, enabled by smart technology, to accelerate global organizations' critical cybersecurity missions. Headquartered in Silicon Valley with regional teams around the world, Synack protects leading global banks, federal agencies, DoD classified assets, and more than $6 trillion in Fortune 500 and Global 2000 revenue. A 4-time CNBC Disruptor 50 company, Synack was founded in 2013 by former NSA security experts Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO.

Read More