Platform Security, Software Security, Cloud Security
Globenewswire | July 28, 2023
Uptycs, provider of the first unified CNAPP and XDR platform, today announced it’s now part of the Amazon Web Services (AWS) Public Sector Partner (PSP) Program. The AWS PSP Program helps AWS Partners grow their public sector business through alignment with AWS public sector sales, marketing, funding, capture, and proposal terms.
“We are delighted to be working with AWS to solve customers’ cloud security challenges, increase security operations efficiency, and protect developer environments as they move code from their workspaces into AWS production environments,” said Ganesh Pai, CEO and co-founder of Uptycs.
Uptycs has built an integration with AWS Control Tower, which simplifies AWS experiences by orchestrating multiple AWS services on a customer’s behalf while maintaining the security and compliance needs of their organization. Leveraging the workflow with AWS Control Tower, Uptycs' deep integration with AWS Systems Manager allows organizations to achieve comprehensive security controls while reducing operational overhead in their Uptycs deployment.
“Many organizations, especially in the public sector, are looking for ways to cost-effectively scale their cloud security program. Our integration with AWS Control Tower and AWS Systems Manager, along with our more unified shift up approach, delivers a more efficient way to improve customers’ security posture across cloud environments,” Pai said.
Additionally, Uptycs also recently announced the achievement of AWS Security Competency Status, and an integration with the Amazon Security Lake.
“Our model is proven to better support cybersecurity teams thanks to what we’ve already achieved for our public sector customers, as well as enterprise and commercial organizations,” Pai said. “Now, we’re even better at helping our customers reduce operational burden, and strengthen their threat detection, remediation, and forensic capabilities.”
Uptycs, the first unified CNAPP and XDR platform, reduces risk by prioritizing responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across clouds, containers, servers, and endpoints—all from a single UI. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture. Get started with agentless coverage, then add runtime protection, and advanced remediation and forensics.
Enterprise Security, Platform Security, Software Security
Business Wire | August 08, 2023
SecurityScorecard today announced new partner-focused Managed Cyber Risk Services designed to help customers of all types and sizes operationalize third-party cyber risk management. With 98% of organizations having a relationship with at least one-third party that experienced a breach, SecurityScorecard combines its industry-leading platform and experts to solve the third-party cyber risk puzzle.
“Many CISOs are challenged with manual third-party risk approaches that are inconsistent and focused on checkbox compliance. Customers consistently shared that they need a way to operationalize third- and fourth-party cyber risk management,” said Aleksandr Yampolskiy, CEO and Co-Founder, SecurityScorecard. “Today, SecurityScorecard is meeting that customer need. The next evolution of security ratings will focus on operationalizing cyber risk management and threat intelligence to directly impact our customers’ ability to deliver on their mission.”
Industry-first integrated security ratings platform + third-party managed cyber risk services approach
SecurityScorecard’s offering is unique in the market as the only solution of its kind to combine Managed Cyber Risk Services with a complete, battle-tested product suite of solutions.
With over 3,000 customers across the globe, SecurityScorecard Managed Cyber Risk Services was developed with customers and will be delivered by partners to achieve strategic business and security outcomes, including:
Identifies and mitigates third-party cyber risk: Dynamically discovers risk across a customer’s attack surface, including their third- and fourth-party ecosystem, to dramatically reduce the risk of a compromise. Verifies that vendors’ vulnerabilities or other security issues are remediated.
Addresses cybersecurity skills gap: Improves the capacity of customers’ security teams. SecurityScorecard works hand-in-hand with customers or through partners to deliver the strategic and tactical capabilities needed to maximize the value of the SecurityScorecard platform.
Manages third- and fourth-party risk portfolio: Continuous monitoring, investigation, and analysis of risk indicators with centralized threat intelligence. Proactively identifies cyber threats across a customer’s unique attack surface. Manages alerts for customers.
Makes security ratings more actionable: Incorporates business context to drive decisions. Deploys best practices to improve security posture. Proven playbooks proactively protect customers and support incident response if an incident occurs.
Verifies contract compliance: Streamlines contract security compliance through a defensible, traceable process. Proactively manages vendor communication, questionnaires, and escalation management.
Tracks issues resolved: Measures results based on trusted analysis, timely delivery, and empowering guidance. Estimates time saved to demonstrate return on investment.
Enhances board reporting: Effectively communicates third-party cyber risk and benchmarks against peers. Customers also have the flexibility to run their own research, reports, and investigations.
Delivers peace of mind: Ensures customers’ third-party risk management program is handled by the best and brightest minds in the industry. SecurityScorecard solves complex customers’ challenges by evaluating, improving, and implementing their third-party cyber risk programs.
SecurityScorecard Managed Cyber Risk Services are directly connected to the SecurityScorecard Platform, allowing drill down into specific portfolios, companies, findings, and issues. Built on an API-first architecture, data can be directly ingested into their own security stack and reporting tools or integrate into their preferred MSSP or services provider to achieve improved security and business outcomes.
SecurityScorecard adds former Mandiant leader to the executive team
With the acquisition of LIFARS in 2022, SecurityScorecard gained a team of elite cybersecurity risk experts. Then in July 2023, the company appointed cybersecurity veteran and former Mandiant leader Jeff Laskowski as Senior Vice President and General Manager of Professional Services.
“Over the past year, SecurityScorecard has delivered several innovative solutions to the market: The world’s first third-party focused attack surface management solution. Automatic vendor detection to identify unknown third- and fourth parties connected to their business. Risk quantification technology that helps risk management teams understand their financial exposure,” said Jeff Laskowski, Senior Vice President & General Manager, Professional Services, SecurityScorecard. “As we consolidate adjacent solutions into our platform, combined with expert services, we not only help our customers build economic efficiencies but also effectively mitigate third-party risk.”
Partner-focused approach closes third-party cyber risk gaps for customers
SecurityScorecard’s partner-focused managed services approach enables customers to leverage SecurityScorecard experts and a broad ecosystem of service delivery partners. This approach amplifies the benefits of the SecurityScorecard platform, gaining the economic benefits of scale and further enhancing customer relationships with service providers.
In addition, partners that leverage the “Powered by SecurityScorecard" brand will deliver the fastest time to value to their customers and ensure they are providing the gold standard of service based on SecurityScorecard’s decade of experience in third-party cyber risk management.
“Operationalizing third-party cyber risk management requires a specialized and skilled workforce. Many organizations struggle with lack of visibility into their vendor landscape, questionnaires, threats, and financial impact of risks,” said Larry Slusser, Vice President, Global Head of Professional Services Delivery, SecurityScorecard. “By applying the principles of incident response to vendor risk management, customers can take charge with a turn-key, proactive, and comprehensive program designed to eliminate business disruption and drive cyber resilience.”
Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.
Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard makes the world safer by transforming how companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. SecurityScorecard is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
Platform Security, Software Security, Cloud Security
Businesswire | July 26, 2023
Lookout, Inc., the endpoint-to-cloud security company, today announced new Windows and macOS endpoint agents for its Zero Trust Network Access (ZTNA) solution, Lookout Secure Private Access, that facilitate the full replacement of overextended virtual private networks (VPNs) with cloud-delivered security. Businesses can now fully realize the benefits of a zero trust architecture while dramatically simplifying network design. According to Gartner, at least 70% of new remote access deployments will be served mainly by ZTNA instead of VPN services by 2025 – up from less than 10% at the end of 2021.1
Early ZTNA products offer only limited traffic forwarding capabilities. Legacy VPN solutions, on the other hand, support an expansive set of protocols and complex use cases, making full VPN replacement impractical in many enterprise environments. IT security teams are often forced to run both ZTNA and VPN architectures simultaneously in support of certain legacy applications, such as VoIP phones. This constraint leads to a complex network design that's costly to operate and maintain.
Lookout's new endpoint agents for Windows and macOS facilitate the full transition to zero trust architecture with support for traffic steering at both the network and application levels. When deployed in conjunction with cloud-delivered Lookout Secure Private Access, IT security teams can now fully replace the myriad of use cases supported by legacy VPNs, taking full advantage of the benefits a Zero Trust Architecture offers.
The core principle behind Zero Trust is “never trust, always verify.” All users and devices are considered potential threats and must be continuously verified and restricted to only the resources needed to complete a required task. VPNs, on the other hand, take an all-or-nothing approach to connectivity by allowing users to authenticate only once and roam freely throughout the network thereafter. This full network-level access sets the stage for lateral attacks. If a bad actor, or malware, can make it past the VPN, they have full access to all applications and sensitive data on the corporate network.
Lookout Secure Private Access with Windows and macOS endpoint agents provide important security benefits, including:
Unparalleled visibility into private application traffic: IT security teams can better understand how their users interact with private applications, with visibility up and including actual data accessed.
Advanced Data security: The agent helps facilitate the use of advanced data security controls for private enterprise apps, including our data loss prevention (DLP) and enterprise digital rights management (EDRM).
Granular traffic steering to meet heterogeneous environments: The agent can be configured to steer traffic to specific destinations, based on user, device, and location. This helps to ensure only authorized users have access to sensitive data.
Enhanced user experience with multi-tunnel traffic steering: The agent steers traffic to one of Lookout's many cloud-edge locations distributed worldwide, providing the shortest path between the user and the enterprise.
Highly available redundant multi-path routing: The agent leverages our globally distributed Cloud Security Platform to offer end users a highly available security service edge (SSE) experience by leveraging advanced path selection and routing algorithms.
Consistent zero-trust enforcement with integrated endpoint security: The agent continuously monitors endpoint posture when integrated with endpoint protection platforms (EPPs), OS security centers and other endpoint security products.
“For more than two decades, VPNs have been the go-to technology for enterprise remote access. While their effectiveness has declined as applications have shifted to the cloud, the alternatives have been limited because of the myriad of complex use cases they support," said Sundaram Lakshmanan, Chief Technology Officer, Lookout. "Now, with the introduction of Windows and macOS endpoint agents on our Cloud Security Platform, Lookout facilitates full VPN replacement while filling inherent security gaps in these legacy architectures."
Lookout, Inc. is the endpoint-to-cloud cybersecurity company that delivers zero trust security by reducing risk and protecting data wherever it goes, without boundaries or limits. Our unified, cloud-native platform safeguards digital information across devices, apps, networks and clouds and is as fluid and flexible as the modern digital world. Lookout is trusted by enterprises and government agencies of all sizes to protect the sensitive data they care about most, enabling them to work and connect freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter.