SOFTWARE SECURITY

Noetic Cyber Delivers Platform Update to Bring Data Science into Cyber Asset Management

Noetic Cyber | June 06, 2022

Noetic Cyber
Noetic Cyber, an innovator in Cybersecurity Asset Attack Surface Management (CAASM), today announced the availability of a new version of its Continuous Cyber Asset Management and Controls platform. The latest version of the Noetic platform is focused on delivering immediate time to value for security teams by identifying high priority security gaps and exploitable vulnerabilities, using innovative data science techniques.

Since its public launch in July 2021, Noetic has been working with security leaders in the United States and the United Kingdom to help them reduce their growing attack surface and improve their cybersecurity posture. The challenge these cyber leaders often face is to understand cyber risk across complex environments, where assets can exist for a short period of time in public or private cloud platforms, as well as having to manage legacy on-premises workloads. To gain the insights needed to be effective, they need confidence in their data quality, full visibility across all assets and contextual intelligence to help prioritize decision making.

"The continued innovation we are delivering reflects the expanding use cases we see across our customer base. "Security teams are putting cyber asset intelligence at the heart of their security programs and our ability to continuously adapt and respond to changing environments is critical to their success."

Paul Ayers, CEO and co-founder, Noetic Cyber

Delivering Immediate Time to Value
Security teams need to know what assets they have, and understand which ones are creating the most cyber risk. Noetic is delivering innovative cyber asset intelligence to help customers assess their current cyber posture readiness and focus the security team's efforts on the highest priority activities. The Noetic platforms helps customers successfully do this with:

  • External Cyber Asset Intelligence – Mapping industry data including CISA's Known Exploited Vulnerabilities catalog, MITRE ATT&CK® mitigations and others to provide greater context on asset risk and exposure.
  • Coverage Gap dashboards –Helping security teams quickly identify common and easily resolved security coverage gaps.
  • Support for ad-hoc security data – Many organizations keep important information on critical applications or security risks in spreadsheets. Noetic's new data ingestion capability supports importing ad-hoc data into the model.

Simplifying and Extending Cyber Asset Management use cases

The Noetic platform uses Graph database technology to map cyber relationships between assets. This innovative technology approach enables Noetic to navigate deep hierarchies and find hidden connections, providing the context to help security teams to make more informed decisions. The latest release of the Noetic platform builds on native Graph capabilities to deliver additional value such as:

  • Understanding & improving data quality –Noetic's new data analytics feature automatically and continuously analyzes data for each different source for completeness and accuracy, providing a data quality score.
  • Simplifying Graph queries – Noetic has adopted openCypher, a widely used open query language. Noetic has developed a graphical point-and-click UI to guide security analysts through the steps of creating powerful relationship-based queries with little or no training.
  • Supporting Cloud and On-premises applications – Organizations need to protect assets across public and private clouds, as well as traditional on-premises networks. Noetic Outpost supports secure ingestion from behind the corporate firewall, and private clouds.

"The challenge of identifying and managing assets in the context of cybersecurity has grown considerably in recent years," said Dr. Ed Amoroso, CEO of TAG Cyber. "Noetic's innovations are important as their ability to prioritize and automate helps security teams to focus on critical areas of cyber risk."

About Noetic Cyber
Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, fix and improve their security posture and enterprise ecosystem. Our goal is to improve security tools and control efficacy by breaking down existing siloes and improving the entire security ecosystem. Founded in 2019, Noetic is based in Boston and London.

Spotlight

Those high profile data breaches led to a swift response from the Government with the penalties for serious or repeated privacy breaches increased from $2.22 million to a minimum of $50 million at the end of December. Since then, the Government has released the Privacy Act Review Report and the 2023-2030 Australian Cyber Security Strategy that signpost a significant shift for Australia’s cyber landscape. Critical infrastructure; personal information; cyber security; dealing with ransomware attacks – all are likely to be shaken up.

Spotlight

Those high profile data breaches led to a swift response from the Government with the penalties for serious or repeated privacy breaches increased from $2.22 million to a minimum of $50 million at the end of December. Since then, the Government has released the Privacy Act Review Report and the 2023-2030 Australian Cyber Security Strategy that signpost a significant shift for Australia’s cyber landscape. Critical infrastructure; personal information; cyber security; dealing with ransomware attacks – all are likely to be shaken up.

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Parablu to Deliver Microsoft Azure-Hosted Cybersecurity and Data Resiliency SaaS Solutions

Prnewswire | May 16, 2023

Parablu, a global provider of SaaS-based data protection and management solutions for endpoints, on-premises, and cloud environments, today announced a multi-year agreement with Microsoft that integrates engineering, go-to-market activities, and co-selling of Parablu's BluVault and the Ransomware Defense Suite Software-as-a-Service (SaaS) offerings. Parablu will leverage Microsoft Cloud infrastructure and services –– Microsoft Azure and Microsoft 365 to deliver scalable, secure, cost-efficient, and cyber-resilient data management and protection solutions. Parablu's patent-protected zero- and low-cost storage options will not only help businesses effectively address today's economic challenges, but also deliver proven data security for endpoints and Microsoft 365 –– backed by the global scale, durability, and security of the Microsoft cloud. Parablu's BluVault offering in combination with the Ransomware Defense Suite is designed to quickly detect and recover from cyber-attacks such as ransomware using early detection techniques, accelerated recovery options, file/device quarantining features, as well as e-Discovery, ­­making it easier for customers as well as AI tools to find and use this data effectively. "With more knowledge workers now working remotely, the number of endpoints has grown exponentially –– increasing the likelihood of ransomware and other malicious threats," said Parablu Chief Strategy Officer Randy De Meno. "This alliance empowers Microsoft and its ecosystem of partners to deliver proven heterogeneous data management, backup and data security solutions built for OneDrive for Business and Microsoft Azure, while giving customers a proactive defense against malicious actors. Today's announcement proves that innovation and cost efficiency in data security can be accomplished in collaborative fashion with Microsoft using their proven infrastructure." Allison West Hughes, Microsoft CVP of Digital Acquisition added, "Parablu's focus on delivering innovative, cyber-resilient, data management and protection SaaS capabilities using Microsoft Azure and Microsoft 365 instantly equips all of our customers with best-of-breed options to manage and protect their most used devices and applications –– their endpoints and Microsoft 365. We've been greatly impressed by Parablu's innovation and their "All-In" approach with the Microsoft cloud infrastructure while enabling customers to securely store and AI-leveraged functionality using protected copies of their data." "This collaboration with Microsoft enables Parablu to deliver best-of-breed solutions combining zero-trust security, zero-knowledge encryption, and zero-cost storage from the best data centers leveraging leading-edge, scalable, and highly secure infrastructure," said Anand Prahlad, CEO of Parablu. "We look forward to collaborating with Microsoft to innovate and expand our offering to cover more data sources, while continuing to leverage the Microsoft Azure cloud and the cutting-edge services it provides." This collaboration builds on Parablu's recent recognition by G2 as the best online solution compared to 158 other backup products in nearly all key categories and robust experience with storage, data management and security, while leveraging the capabilities of Azure and Microsoft 365. BluVault's cutting edge features such as platform independent granular restores, point-in-time recovery, cloud-cloud restores, rapid recovery, as well as new innovations that automatically tier data across OneDrive and Azure, will all be served out of the Microsoft cloud. The new agreement includes plans to enhance Parablu's SaaS offering with various Azure Services including Azure OpenAI Service. Brian Bellows, analyst at Piper Sandler said, "Frequently abrasive economic times often spark innovation and growth. Microsoft's partnering with Parablu while enabling robust technical and secure data capabilities may be another example of Microsoft sparking ecosystem success and growth within the tech sector." About Parablu Parablu is a leading provider of data security and resiliency solutions for the digital enterprise. These solutions protect enterprise data completely and provide total visibility into all data movement through centrally managed intuitive dashboards. Parablu's products include: BluVault, a suite of powerful and secure data backup solutions designed for the cloud; and BluSync™, a suite of solutions designed for secure managed file transfer, secure collaboration, and file services. Both solutions holistically address enterprise data protection needs and can be easily bridged with existing infrastructure to provide cost-effective data protection. To learn more about Parablu visit www.Parablu.com.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Legit Security Announces New Partnership with Snyk

Globenewswire | April 13, 2023

Legit Security, a cyber security company with an enterprise platform that protects software delivery from code to cloud, including the software supply chain, today announced a partnership with Snyk, the leader in developer security. Together, Legit Security and Snyk help bridge the gap between security and development teams by scaling-up security from code to cloud through the combination of secure code and secure application delivery. The partnership enables organizations to greatly improve productivity by contextualizing cybersecurity risks, consolidating vulnerability management in a unified view, and prioritizing remediation to the most critical risks and applications so their businesses can stay safe while releasing trusted software fast. Today’s digital business models depend on rapid innovation, but security teams struggle to keep pace with the development of modern applications, DevOps and changing CI/CD pipelines. Legit Security helps application security teams align with iterative, fast paced DevOps models by protecting applications from code-to-cloud with automated SDLC discovery and a unified application security control plane that provides visibility, security, and governance over rapidly changing environments. By providing real-time security posture management and deep security issue context, security and development teams can rapidly prioritize security issues and accelerate their productivity, effectiveness, and collaboration. “In most organizations today, software development pipelines are unchartered highways to cloud deployment,” said Roni Fuchs, CEO and co-founder, Legit Security. “To build applications securely at scale, you need to have visibility and security control over your development environments including traceability from cloud apps back to their CI/CD software pipelines and originating source code. We are thrilled to partner with Snyk to combine our code to cloud security capabilities with their developer-first approach to secure code and open source dependencies.” “We’re excited to further our relationship with Legit Security,” said Jill Wilkins, Senior Director Global Alliances, Snyk. “As the demand for developer security grows, we are always looking to expand our partner ecosystem and help businesses all over the world capitalize on that opportunity. Our partnership with Legit Security will help us continue our mission to empower developers all over the world with developer first security, and offer our mutual customers the ability to seamlessly integrate Snyk into existing workflows, tools, and processes to help accelerate development and security team adoption of DevSecOps.” For more information, please visit Legit Security at www.legitsecurity.com. About Legit Security Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

DirectDefense and Claroty Partner to Secure Customers’ Cyber-Physical Systems

Businesswire | April 13, 2023

DirectDefense, Inc., a leading information security services company, today announced its partnership with Claroty, the cyber-physical systems protection company. Claroty empowers organizations with unmatched visibility, protection, and threat detection to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. As digital transformation efforts have intensified over the last decade, a broad range of XIoT assets – including operational technology (OT), the Internet of Medical Things (IoMT), building management systems (BMS) and enterprise IoT – are now interconnected. While this drives innovation, resilience, sustainability and numerous other business benefits, the XIoT can also increase organizations’ attack surface area and risk exposure if not properly secured, and solutions intended solely for OT, IT, or any other specific use case are insufficient. Without holistic, comprehensive visibility and security, organizations may face costly downtime, as well as negative impacts on critical outcomes such as patient care and manufacturing process integrity. “By adding Claroty to our services offering, customers in the industrial, healthcare and commercial industries can better secure their XIoT environments,” said Jim Broome, President and CTO of DirectDefense. “Time and time again we hear the challenges these industries face with the proliferation of connected devices and the difficulty managing and securing them. The Claroty platform provides the required visibility and protection and with our 24x7 SOC managing those alerts in partnership with our Connected Systems team, customers will elevate their security posture and increase their cyber resiliency.” Claroty tackles the risks posed by the explosion of connectivity between the cyber and physical worlds with its flagship product, the Claroty Platform. This unified XIoT cybersecurity solution is tailored to the requirements of healthcare, industrial, and public sector environments, deployable via on-premise, hybrid, or cloud/SaaS options, and integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. “When it comes to securing cyber-physical systems, the number one priority is cyber and operational resilience,” said CJ Radford, Global Vice President of Channel & Alliances for Claroty. “With the strength of Claroty’s technology and the support of DirectDefense’s 24x7 managed services, customers are equipped to proactively secure assets and devices, quickly respond to and recover from incidents, and preserve operational continuity and safety within their XIoT environments.” About DirectDefense, Inc. DirectDefense provides enterprise risk assessments, penetration testing, ICS/SCADA security services, and 24/7 managed security services for companies of all sizes. Focused on building security resiliency, the firm offers comprehensive security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Its team of highly talented consultants has worked with the majority of the Fortune 100 companies, in industries such as power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and technology. More information can be found at www.directdefense.com. About Claroty Claroty empowers organizations to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. The company’s cyber-physical systems protection platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, network segmentation, threat detection, and secure remote access. Backed by the world’s largest investment firms and industrial automation vendors, Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America. To find out more about Claroty, visit claroty.com.

Read More