Home > News > featured news > Nozomi Networks Raises the Bar on Delivering Prioritized Actionable Intelligence for OT/IoT Networks to Accelerate Responses to Security Threats

DATA SECURITY

Nozomi Networks Raises the Bar on Delivering Prioritized Actionable Intelligence for OT/IoT Networks to Accelerate Responses to Security Threats

Nozomi Networks | October 27, 2021

Nozomi Networks Inc., the leader in OT and IoT security, today announced new updates in Vantage™, the first cloud-based OT/IoT network security solution that equips security professionals and industrial operators with actionable, AI-driven insights to manage risk and speed precise remediation. The new enhancements help eliminate “alert fatigue” by narrowing down the hundreds of notifications security teams have to parse to determine the severity of vulnerabilities.

“With attacks on OT and IoT infrastructure occurring daily, we know that organizations are overwhelmed with prioritizing risk reduction efforts, responding to alerts, and accelerating the detection of malware,The latest release of Vantage is designed to not only detect threats in critical infrastructure but also help prioritize and guide remediation steps quickly and efficiently. Only Vantage can provide these capabilities at the scale of the largest OT and IoT networks in the world.”

Andrea Carcano, Co-Founder and Chief Product Officer at Nozomi Networks

According to Ponemon Research, 52% of organizations say they are at a disadvantage in responding to vulnerabilities because they use a manual process and 72% say difficulty in prioritizing vulnerabilities contributes to patch delays. ESG Research finds 34% of cyber security professionals reported their biggest vulnerability management challenge is prioritizing which vulnerabilities to remediate.

“Nozomi Networks has a proven reputation for continuous innovation and these latest updates only add to it,” said Frost & Sullivan Industry Analyst Danielle VanZandt. “With the explosive growth of IoT devices in industrial environments, now more than ever, security professionals need faster paths to actionable intelligence and tools that support the best possible response. Nozomi Networks has stepped up with a solution that fills the gap.”

In this latest upgrade, Nozomi Networks continues to expand vulnerability management automation and intelligence with new prioritization metrics for vulnerability assessments. New Vantage features include:

Prioritized Vulnerability Management

With the new vulnerability dashboard, operators can quickly visualize all the OT and IoT vulnerabilities in the network, prioritize which vulnerabilities pose the greatest risk, and assess the level of effort to address the issues network-wide. Vantage provides:

  • Actionable insights on remediation steps, patches, and upgrades.
  • Built-in analytics scores that highlight which corrections will have the biggest impact on risk reduction, as well as identify which may be more labor-intensive.

In addition to the Vantage vulnerability management process, Vantage leverages an AI-driven threat detection engine that analyzes endpoint and network configurations, traffic flows, and network packet contents to provide the deepest and most sophisticated insights for OT networks in the industry.

Customized Playbooks for Precise Response

In addition to customizing alerts for specific threats and vulnerabilities, now security professionals have the option to supplement these notifications with custom playbooks designed to guide response plans for each alert. These playbooks:

  • Precisely guide remediation steps for specific threats, simplifying and accelerating operational response.
  • Can be customized to specify workflows for each alert and to address individual customer environments and workflows.
  • Can be shared between organizations.

Streamlined Operations

With Vantage, security professionals can quickly manage multiple hundreds or thousands of sites with limited resources.

  • The SaaS-based solution is easy to deploy and runs in the cloud, providing near zero-cost setup and ongoing maintenance.
  • Automated analysis and playbooks simplify remediation steps and costs to enable smaller teams to have more visibility across more devices and more sites.
  • Vantage also makes it feasible to share security data with partners, vendors, and other applications from the centralized cloud repository without opening the network up to external users.

About Vantage
Vantage was designed to meet the rapidly evolving requirements of IoT-enabled infrastructures. The cloud-based OT and IoT network visibility and security solution delivers unmatched security and visibility with the unlimited scalability of SaaS. Vantage makes it possible to grow without limitations to consolidating data aggregation, analysis, and operations. With Vantage you can protect any number of OT, IoT, IT, edge, and cloud assets, located anywhere, with a single platform.

About Nozomi Networks
Nozomi Networks accelerates digital transformation by protecting the world’s critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments.

Spotlight

Dashlane’s Security Principles & Architecture

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

More featured news

Spotlight

Dashlane’s Security Principles & Architecture

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Launch of Virtru Private Keystore Enables Heightened Privacy and Secure Collaboration in the Cloud

Globenewswire | March 24, 2023

Virtru, the global leader in data-centric security and privacy, today announced the immediate availability of the Virtru Private Keystore, allowing organizations to leverage the power of industry-leading cloud collaboration platforms with the confidence that their data is completely private and shielded from their cloud provider. The Virtru Private Keystore gives businesses a simple way to encrypt their cloud data and store the keys in an environment separate from their cloud provider. It is available for Google Workspace, Google Cloud, and all of Virtru’s products. Privacy-preserving technology has become a top priority for businesses and individuals alike, as evidenced by Google’s rapid expansion of Client-Side Encryption for Google Workspace and customer-managed encryption keys for Google Cloud. Google has undertaken these efforts to win and retain privacy- and compliance-sensitive customers. Virtru is one of a select number of Google-recommended private encryption key management partners to support these initiatives. Paris-based HR tech firm, Maki People, uses Virtru as its key management solution provider for Google Cloud, and views the Virtru Private Keystore as a way to build trust with its customers. “The Virtru Private Keystore is super seamless,” said Benjamin Chino, CPO and Co-Founder, Maki People. “Everything is running smoothly. From a customer standpoint, it really makes a difference – they now feel that they're much more in control, and that Google will not be able to access their data.” “Safeguarding data privacy and control is our top priority, and the Virtru Private Keystore plays a crucial role in helping us achieve this objective,” said Ali Umana, Network Administrator, Kulite Semiconductor Products, Inc. Around the world, regulatory requirements continue to tighten. The Virtru Private Keystore helps organizations meet compliance and data sovereignty obligations such as the International Traffic in Arms Regulations (ITAR) and the EU’s General Data Protection Regulation (GDPR). “Our customers choose Virtru because our products are easy to use, and they integrate seamlessly with the apps they work in every day,” said Bill Bauman, Product Marketing, Virtru. “The Virtru Private Keystore does that, too. It simplifies key management for our customers and runs seamlessly in the background. It does more than just key exchanges, though: It adds policies to the keys and has audit capabilities. So, everyone can collaborate more confidently in the cloud and have final decision over who can access their data.” The Virtru Private Keystore supports the full suite of Virtru products, including Virtru for Microsoft Outlook 365, Virtru for Gmail, Virtru Secure Share, and Virtru Data Protection Gateway, and is a trusted solution for Google Workspace Client-Side Encryption (or CSE, including CSE for Gmail) and Google Cloud External Key Manager (EKM). It can be deployed in a public or private cloud, or a private or co-hosted data center, and supports hardware security modules (HSM), with additional support for HSM Proxy Connector. About Virtru Virtru is a global leader in data privacy and protection. At Virtru, we equip our customers to take control of their data—everywhere it’s shared—through end-to-end encryption for Google, Microsoft, and other data sharing platforms. Our team is creative, collaborative, and passionate about creating a brighter future for data privacy. Above all, we support our colleagues and empower each other to do our best work.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

ReasonLabs Unveils Dark Web Monitoring Feature As Part Of Its RAV Online Security Solution

Prnewswire | March 31, 2023

ReasonLabs, the cybersecurity pioneer equipping families and individuals worldwide with the same level of cyber protection utilized by Fortune 500 companies, today announced the addition of a Dark Web Monitoring feature to its RAV Online Security solution, a web extension that provides real-time, 24/7 protection against a range of malicious online activity. The Dark Web Monitoring feature scans tens of thousands of combination lists, leaked databases, and malware data hidden from the surface net—the publicly accessible internet—for mentions of users' personal data, and instantly notifies users when breaches occur. The dark web, a part of the internet that can only be accessed via an anonymizing browser and is invisible to search engines, is frequently used by cybercriminals to engage in illicit online activity. Malicious actors use the dark web to find, buy and sell user data. This can include usernames and passwords; financial information including traditional banking data, cryptocurrency wallets, and credit card numbers; and a range of personally identifiable information such as names, phone numbers, emails, social security numbers, locations, and more. "The dark net is a hotbed of cybercrime where cyberattackers regularly find people's important personal and financial data. It is critical that users be protected at all times, which calls for monitoring the dark web for data breaches and alerting users immediately as and when breaches occur," said Kobi Kalif, CEO of ReasonLabs. "ReasonLabs' Online Security tool, is fully integrated with RAV Endpoint Protection and is now equipped with the Dark Web Monitoring capability, The extension scans both the surface net and dark web around the clock to identify malicious activity impacting our users to ensure they are always protected." "As technology progresses, our digital presence becomes increasingly important as we store valuable information and financial assets online. Unfortunately, the risk of exposure also increases, making it crucial to promptly detect any leaks and take appropriate action to prevent negative consequences in the real world," said Omri Gabai, VP Security Products at ReasonLabs. "That's why we've made the decision to offer our users a critical tool for monitoring the dark web." RAV Online Security protects against threats on the surface net such as URLs, phishing, harmful extensions, suspicious downloads, intrusive cookies and trackers, unauthorized notifications, and pop-ups. Dark Web Monitoring scans keep users up-to-date on any data breaches they may be involved with, and users receive an alert once a new breach occurs. RAV Online Security has more than five million users worldwide and is available as a free download. About ReasonLabs ReasonLabs is a global pioneer in cybersecurity detection and prevention. Powered by machine learning, ReasonLabs' cutting-edge technology is revolutionizing consumer-focused cybersecurity, bringing enterprise-grade protection into the homes of tens of millions of users worldwide. Its innovative engine scans over 2 billion files in 180 countries a day, delivering fast, comprehensive data while providing 24/7 real-time threat detection. Founded in 2016, ReasonLabs is based in New York and Tel Aviv.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Veza introduces new solution to deliver SaaS access security and governance for the enterprise

Businesswire | May 03, 2023

Veza, the authorization platform for data security, today announced Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations. With this solution, Veza secures the attack surface associated with SaaS apps while enabling continuous compliance with frameworks like Sarbanes-Oxley, ISO 27001, SOC 2, and GDPR. Organizations today maintain an average of 125 different SaaS applications, costing $1,040 per employee annually, according to Gartner’s 2022 Market Guide for SaaS Management. As SaaS grows in popularity, security and identity teams are under pressure to manage security risks associated with the spread of data in these apps. “SaaS applications are everywhere, holding sensitive data like customer lists, financials, and employee data. This is a new attack surface for the threat actors who misuse identity,” said Tarun Thakur, CEO and co-founder of Veza. “Conventional IAM techniques like authentication are not enough to secure access to data in SaaS apps. We are excited to introduce Veza for SaaS Apps to help our customers protect sensitive data against credential theft, malicious attacks and accidental exposure, putting SaaS access security within reach.” The Veza solution includes integrations to 15 popular SaaS applications, including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. Because Veza uses an out-of-band approach to integrate with apps and systems, customers can integrate in less than a day, unlocking unprecedented visibility and control in just hours. “Using Veza, we have been able to achieve end-to-end visibility over access permissions across our enterprise app stack, including Salesforce,” said Brian Miller, Director, Security Governance, Risk and Compliance at Achieve. “As our customer base continues to expand, Veza helps us maintain least privilege over sensitive financial customer data, giving us the confidence to adopt new apps at lightspeed.” Capabilities of the Veza solution include: Privileged Access Monitoring. Veza alerts security teams when there are new grants of privileged access and privilege drift in SaaS apps, such as new local admins in Salesforce. Veza monitors both human identities and machine identities like service accounts and third-party integrations. User Access Reviews and Entitlement Certifications. Veza automates the identity governance and administration process of periodic access reviews, using workflow rules to route requests for certification and providing decision-makers with authorization context to choose the least-permissive role. Veza makes it possible to graduate from periodic batches to “continuous compliance.” SaaS Misconfigurations. Veza monitors SaaS apps for administrative misconfigurations and policy violations with over 100 pre-built queries to monitor and detect common misconfigurations in permissions and access controls. For example, Veza alerts the security team when users have access to sensitive data but do not have MFA (multi-factor authentication) enabled. SaaS applications contain sensitive data. Securing the access to this data in SaaS apps is complicated given the application-specific RBAC (role-based access control) that grants permissions to humans and services. Because security teams can’t see the reality of who can do what with data, SaaS apps are vulnerable to privilege sprawl and risky misconfigurations. The Veza Authorization Platform creates a comprehensive graph of identity-to-data by ingesting and organizing the authorization metadata (RBAC) from SaaS apps, cloud providers, data systems, and identity providers. About Veza Veza is the authorization platform for data security. Identity and security professionals use Veza to modernize access governance for the new data and SaaS apps landscape. By automating the work of finding and fixing excessive permissions on a continuous basis, Veza helps organizations achieve Least Privilege. Veza’s unique approach ingests metadata from any SaaS app or data system, organizes it as an authorization graph, and makes it searchable in real-time. Global enterprises like Blackstone, Wynn Resorts, and Expedia trust Veza to protect sensitive data and automate access reviews. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures. Visit us at veza.com and follow us on LinkedIn, Twitter, and YouTube.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Launch of Virtru Private Keystore Enables Heightened Privacy and Secure Collaboration in the Cloud

Globenewswire | March 24, 2023

Virtru, the global leader in data-centric security and privacy, today announced the immediate availability of the Virtru Private Keystore, allowing organizations to leverage the power of industry-leading cloud collaboration platforms with the confidence that their data is completely private and shielded from their cloud provider. The Virtru Private Keystore gives businesses a simple way to encrypt their cloud data and store the keys in an environment separate from their cloud provider. It is available for Google Workspace, Google Cloud, and all of Virtru’s products. Privacy-preserving technology has become a top priority for businesses and individuals alike, as evidenced by Google’s rapid expansion of Client-Side Encryption for Google Workspace and customer-managed encryption keys for Google Cloud. Google has undertaken these efforts to win and retain privacy- and compliance-sensitive customers. Virtru is one of a select number of Google-recommended private encryption key management partners to support these initiatives. Paris-based HR tech firm, Maki People, uses Virtru as its key management solution provider for Google Cloud, and views the Virtru Private Keystore as a way to build trust with its customers. “The Virtru Private Keystore is super seamless,” said Benjamin Chino, CPO and Co-Founder, Maki People. “Everything is running smoothly. From a customer standpoint, it really makes a difference – they now feel that they're much more in control, and that Google will not be able to access their data.” “Safeguarding data privacy and control is our top priority, and the Virtru Private Keystore plays a crucial role in helping us achieve this objective,” said Ali Umana, Network Administrator, Kulite Semiconductor Products, Inc. Around the world, regulatory requirements continue to tighten. The Virtru Private Keystore helps organizations meet compliance and data sovereignty obligations such as the International Traffic in Arms Regulations (ITAR) and the EU’s General Data Protection Regulation (GDPR). “Our customers choose Virtru because our products are easy to use, and they integrate seamlessly with the apps they work in every day,” said Bill Bauman, Product Marketing, Virtru. “The Virtru Private Keystore does that, too. It simplifies key management for our customers and runs seamlessly in the background. It does more than just key exchanges, though: It adds policies to the keys and has audit capabilities. So, everyone can collaborate more confidently in the cloud and have final decision over who can access their data.” The Virtru Private Keystore supports the full suite of Virtru products, including Virtru for Microsoft Outlook 365, Virtru for Gmail, Virtru Secure Share, and Virtru Data Protection Gateway, and is a trusted solution for Google Workspace Client-Side Encryption (or CSE, including CSE for Gmail) and Google Cloud External Key Manager (EKM). It can be deployed in a public or private cloud, or a private or co-hosted data center, and supports hardware security modules (HSM), with additional support for HSM Proxy Connector. About Virtru Virtru is a global leader in data privacy and protection. At Virtru, we equip our customers to take control of their data—everywhere it’s shared—through end-to-end encryption for Google, Microsoft, and other data sharing platforms. Our team is creative, collaborative, and passionate about creating a brighter future for data privacy. Above all, we support our colleagues and empower each other to do our best work.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

ReasonLabs Unveils Dark Web Monitoring Feature As Part Of Its RAV Online Security Solution

Prnewswire | March 31, 2023

ReasonLabs, the cybersecurity pioneer equipping families and individuals worldwide with the same level of cyber protection utilized by Fortune 500 companies, today announced the addition of a Dark Web Monitoring feature to its RAV Online Security solution, a web extension that provides real-time, 24/7 protection against a range of malicious online activity. The Dark Web Monitoring feature scans tens of thousands of combination lists, leaked databases, and malware data hidden from the surface net—the publicly accessible internet—for mentions of users' personal data, and instantly notifies users when breaches occur. The dark web, a part of the internet that can only be accessed via an anonymizing browser and is invisible to search engines, is frequently used by cybercriminals to engage in illicit online activity. Malicious actors use the dark web to find, buy and sell user data. This can include usernames and passwords; financial information including traditional banking data, cryptocurrency wallets, and credit card numbers; and a range of personally identifiable information such as names, phone numbers, emails, social security numbers, locations, and more. "The dark net is a hotbed of cybercrime where cyberattackers regularly find people's important personal and financial data. It is critical that users be protected at all times, which calls for monitoring the dark web for data breaches and alerting users immediately as and when breaches occur," said Kobi Kalif, CEO of ReasonLabs. "ReasonLabs' Online Security tool, is fully integrated with RAV Endpoint Protection and is now equipped with the Dark Web Monitoring capability, The extension scans both the surface net and dark web around the clock to identify malicious activity impacting our users to ensure they are always protected." "As technology progresses, our digital presence becomes increasingly important as we store valuable information and financial assets online. Unfortunately, the risk of exposure also increases, making it crucial to promptly detect any leaks and take appropriate action to prevent negative consequences in the real world," said Omri Gabai, VP Security Products at ReasonLabs. "That's why we've made the decision to offer our users a critical tool for monitoring the dark web." RAV Online Security protects against threats on the surface net such as URLs, phishing, harmful extensions, suspicious downloads, intrusive cookies and trackers, unauthorized notifications, and pop-ups. Dark Web Monitoring scans keep users up-to-date on any data breaches they may be involved with, and users receive an alert once a new breach occurs. RAV Online Security has more than five million users worldwide and is available as a free download. About ReasonLabs ReasonLabs is a global pioneer in cybersecurity detection and prevention. Powered by machine learning, ReasonLabs' cutting-edge technology is revolutionizing consumer-focused cybersecurity, bringing enterprise-grade protection into the homes of tens of millions of users worldwide. Its innovative engine scans over 2 billion files in 180 countries a day, delivering fast, comprehensive data while providing 24/7 real-time threat detection. Founded in 2016, ReasonLabs is based in New York and Tel Aviv.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Veza introduces new solution to deliver SaaS access security and governance for the enterprise

Businesswire | May 03, 2023

Veza, the authorization platform for data security, today announced Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations. With this solution, Veza secures the attack surface associated with SaaS apps while enabling continuous compliance with frameworks like Sarbanes-Oxley, ISO 27001, SOC 2, and GDPR. Organizations today maintain an average of 125 different SaaS applications, costing $1,040 per employee annually, according to Gartner’s 2022 Market Guide for SaaS Management. As SaaS grows in popularity, security and identity teams are under pressure to manage security risks associated with the spread of data in these apps. “SaaS applications are everywhere, holding sensitive data like customer lists, financials, and employee data. This is a new attack surface for the threat actors who misuse identity,” said Tarun Thakur, CEO and co-founder of Veza. “Conventional IAM techniques like authentication are not enough to secure access to data in SaaS apps. We are excited to introduce Veza for SaaS Apps to help our customers protect sensitive data against credential theft, malicious attacks and accidental exposure, putting SaaS access security within reach.” The Veza solution includes integrations to 15 popular SaaS applications, including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. Because Veza uses an out-of-band approach to integrate with apps and systems, customers can integrate in less than a day, unlocking unprecedented visibility and control in just hours. “Using Veza, we have been able to achieve end-to-end visibility over access permissions across our enterprise app stack, including Salesforce,” said Brian Miller, Director, Security Governance, Risk and Compliance at Achieve. “As our customer base continues to expand, Veza helps us maintain least privilege over sensitive financial customer data, giving us the confidence to adopt new apps at lightspeed.” Capabilities of the Veza solution include: Privileged Access Monitoring. Veza alerts security teams when there are new grants of privileged access and privilege drift in SaaS apps, such as new local admins in Salesforce. Veza monitors both human identities and machine identities like service accounts and third-party integrations. User Access Reviews and Entitlement Certifications. Veza automates the identity governance and administration process of periodic access reviews, using workflow rules to route requests for certification and providing decision-makers with authorization context to choose the least-permissive role. Veza makes it possible to graduate from periodic batches to “continuous compliance.” SaaS Misconfigurations. Veza monitors SaaS apps for administrative misconfigurations and policy violations with over 100 pre-built queries to monitor and detect common misconfigurations in permissions and access controls. For example, Veza alerts the security team when users have access to sensitive data but do not have MFA (multi-factor authentication) enabled. SaaS applications contain sensitive data. Securing the access to this data in SaaS apps is complicated given the application-specific RBAC (role-based access control) that grants permissions to humans and services. Because security teams can’t see the reality of who can do what with data, SaaS apps are vulnerable to privilege sprawl and risky misconfigurations. The Veza Authorization Platform creates a comprehensive graph of identity-to-data by ingesting and organizing the authorization metadata (RBAC) from SaaS apps, cloud providers, data systems, and identity providers. About Veza Veza is the authorization platform for data security. Identity and security professionals use Veza to modernize access governance for the new data and SaaS apps landscape. By automating the work of finding and fixing excessive permissions on a continuous basis, Veza helps organizations achieve Least Privilege. Veza’s unique approach ingests metadata from any SaaS app or data system, organizes it as an authorization graph, and makes it searchable in real-time. Global enterprises like Blackstone, Wynn Resorts, and Expedia trust Veza to protect sensitive data and automate access reviews. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures. Visit us at veza.com and follow us on LinkedIn, Twitter, and YouTube.

Read More

More featured news