DATA SECURITY

Palo Alto Networks and PwC Join Forces to Boost Cybersecurity Defenses

prnewswire | October 29, 2020

Palo Alto Networks, the global cybersecurity leader, and PwC today announced an expanded partnership to deliver managed detection and response (MDR) services to joint customers. The offering combines MDR services delivered by PwC — Managed Cyber Defence — and Cortex XDR™ by Palo Alto Networks. Together, customers can take advantage of a state-of-the-art managed threat hunting, protection, detection and response service from anywhere, globally.
The Managed Cyber Defence service fuses the power of PwC's global threat intelligence, thousands of hours of incident response expertise, and advisory services with Cortex XDR, the industry's first fully integrated detection and response platform, to provide a unique level of protection with unrivaled visibility and detection capabilities. As a result, security teams can significantly reduce attack dwell time, down to minutes, and manual day-to-day security operations workloads by up to 90%, elevating organizations to a mature security posture.
According to Christina Richmond, vice president of Worldwide Security Services research at IDC, "The evolving threat landscape has forced organizations to mature their security capabilities, creating opportunities for PwC to elevate their offerings and provide a blending of managed security/MDR and professional security capabilities."  
Built to cater to organizations of any size, in any industry, PwC's Managed Cyber Defense reduces response times from what typically takes days to minutes, minimizing the likelihood of an emerging threat manifesting as a breach. Detection of emerging attacker behaviors and pivoted attack scenarios put organizations on a path to proactive defense against "the unknown," while extending protection across on-premises, cloud, virtualized and IoT environments.
Cortex XDR is the industry's first extended detection and response platform that runs on integrated endpoint, network, cloud and third-party data to reduce noise and focus on real threats. By combining Cortex XDR with MDR services, customers can relieve the day-to-day burden of security operations and achieve 24/7 coverage, from alert management and investigation to incident response.
Colin Slater, cyber security partner at PwC UK, had this to say:
"Our unique market insight and trusted relationships with our clients makes us best placed to advise on their cyber challenges. Using this in-depth knowledge, we have meticulously created a service offering to address our clients' pain points. We are excited to work with Palo Alto Networks as the market demands new ways to do detection and response. COVID-19 has spurred a move to remote work at a scale that has left many businesses more vulnerable than ever to cyberattacks because they are less able to respond and recover remotely. PwC's cybersecurity team has responded to several major incursions from nation-state threat groups and mitigated cyber breaches caused by vulnerabilities introduced through transitions to remote work at scale. Preventing these attacks is a core element of the PwC and Palo Alto Networks approach."
Shailesh Rao, senior vice president for Cortex at Palo Alto Networks, offered:
"We are thrilled to expand our partnership with PwC through the delivery of best-in-class managed detection and response (MDR) services powered by Cortex XDR to our joint customers. More and more enterprise customers have validated PwC's service over the last year in detecting and responding to cyberattacks. The combination of advisory services, analytics, and modern, AI-driven detection and response capabilities and metrics, with visibility across an enterprise's entire infrastructure, is made possible by our unmatched joint Cortex XDR and MDR service offering."
About PwC
At PwC, our purpose is to build trust in society and solve important problems. We're a network of firms in 157 countries with over 276,000 people who are committed to delivering quality in assurance, advisory and tax services.
About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.
Palo Alto Networks, Cortex, and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

Spotlight

All organizations with an on-line presence need to quickly and efficiently detect hackers and fraudsters. However, to avoid frustrating the very people you want to feel welcome, it's critical that authentication processes be as simple as possible.

Spotlight

All organizations with an on-line presence need to quickly and efficiently detect hackers and fraudsters. However, to avoid frustrating the very people you want to feel welcome, it's critical that authentication processes be as simple as possible.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Sevco Security Introduces First Cybersecurity Asset Attack Surface Dashboards

Sevco Security | December 14, 2022

Sevco Security, the cloud-native security asset intelligence platform for enterprises that want an accurate IT inventory, today introduced the industry’s first cybersecurity asset attack surface analytics dashboards. The new dashboards extend the Sevco platform to give CISO and IT leaders deep insights into the security coverage and state of their IT assets, enabling security teams to identify and eliminate security gaps in the enterprise cyberattack surface. Enterprise environments increasingly include a wide range of hardware, software, mobile devices, cloud infrastructure, and other IT assets as the fundamental backbone for operating the business and engaging with customers. However, with management of assets often spread across departments and geographies, it has become increasingly difficult for executive leadership to understand the security state of all their assets and to maintain accuracy in a dynamic environment. Equally challenging is the inability to gain insights into abandoned or stale IT assets to effectively mitigate the security risks that they introduce. Complex enterprise environments are increasingly experiencing incomplete security coverage with upwards of 19% of assets that have missing or stale security controls like endpoint protection and patch management. The new Sevco Security dashboards fill a critical gap in cybersecurity attack surface management by providing context-based analysis of enterprise-wide assets that surfaces risks associated with IT hygiene, compliance, and policy enforcement. “As organizations innovate and expand their asset footprint, they must have seamless visibility into the security state of their assets because they cannot manage what they cannot measure. “Sevco Security delivers the critical data for CISOs to thoroughly understand their cybersecurity asset attack surface and confidently report their defensive security posture to the board.” J.J. Guy, co-founder and CEO of Sevco Security With the new expansion to its platform, Sevco Security provides customers with data rich and customizable dashboard reports, including: Security coverage: Provides critical insights on asset security controls, allowing customers to identify gaps in coverage and proactively protect the previously unknown attack surface. This also empowers companies to manage internal governance and regulatory compliance requirements to monitor and validate that their security investments are fully deployed. Asset snapshots: Captures the detailed attributes of the assets across the infrastructure, such as IP address, user, and operating system so customers can quickly see the state of any device at any point of time. With asset snapshots, incident response and IT team members can quickly identify when an asset change occurred and manage decisions on restoring an asset to a previous state. Timeline trending: Enterprise assets are tracked on a daily trendline empowering IT and security leaders to gain context of what’s typical for their environment and to readily view spikes and outlier activity. Out-of-the-box trending data is automatically captured for total devices, new devices, inactive devices in the last 15 days, total users, and new users. Custom, interactive dashboards: In addition to the pre-built dashboards, users can create and save unlimited queries on their asset telemetry to produce customized insights dashboards. This puts asset data analysis at users’ fingertips, providing an easy way to obtain tailored insights in a top-level dashboard. All dashboards are interactive, allowing users to ‘click’ and drill deeper into the data for pinpoint clarity on a particular area of interest. Complex asset environments are a normal operating fabric for businesses. Sevco Security is dedicated to helping organizations capture a comprehensive view of their asset ecosystem and readily identify and address any security risks they pose. The new cybersecurity asset attack surface dashboards are now available to customers. About Sevco Sevco Security is the cloud-native security asset management platform for enterprises that require an accurate IT inventory. Its patented telemetry technology creates a unified inventory that is updated continuously to deliver real-time asset intelligence and help security and IT teams identify and close their previously unknown security gaps. Founded in 2020 and based in Austin, Texas, Sevco is backed by SYN Ventures, .406 Ventures, Accomplice and Bill Wood Ventures.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY

Phosphorus Launches New xIoT Security Capabilities to Discover and Disable Risky Devices Prohibited by the U.S. Government

Phosphorus | December 13, 2022

Phosphorus, the leading provider of proactive and full-scope security for the extended Internet of Things (xIoT), today announced new security features that will enable organizations to discover and monitor their networks for the presence of xIoT devices that the U.S. government deems a significant security risk. The new features also include the capability to remotely disable and remove the devices from the network. Phosphorus’s security update follows the FCC’s ban on the sale or importation of devices made by several Chinese manufacturers that it considers to pose “an unacceptable risk to national security of the United States or the security or safety of United States persons.” The Covered List includes video surveillance and telecommunications equipment produced by Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology (and their subsidiaries and affiliates). “The Phosphorus xIoT Security Platform is the industry’s only solution that can discover the presence of these prohibited devices and remotely render them inert at scale. “These unique capabilities will empower enterprises and government organizations across the U.S. to discover, disable, and remove banned or potentially dangerous devices from their enterprise environments.” John Vecchi, Chief Marketing Officer at Phosphorus Advanced Discovery Capability A recent study by Phosphorus’s global research division, Phosphorus Labs, found that organizations consistently struggle to identify all of their xIoT devices – this means many companies may not realize they have banned devices lurking inside their networks. According to its research, 80% of enterprise security teams can’t identify the majority of their xIoT devices and customer estimates of xIoT inventories are consistently off by 40-60%. Phosphorus’s Enterprise xIoT Security Platform has unique capabilities for discovering xIoT assets, and it is the only technology platform able to communicate with these devices (ranging from security cameras to PLCs) in their native languages. This enables a high degree of accuracy, granularity, and speed when discovering and analyzing these devices to create comprehensive inventories of xIoT assets that include device type, brand, model, firmware version, credential status, default/enabled protocols, certificate status, and more. Disabling and Isolating High-Risk Devices Phosphorus empowers organizations by giving them direct control over every single device in their wide-ranging xIoT deployments. Through the platform’s Hardening and Remediation capabilities, organizations can update and rotate a device’s credentials, manage firmware, disable remote services, turn off unnecessary connectivity features, check for valid certificates, and reboot the device. For organizations that have detected banned xIoT technologies in their networks, specific device-level actions such as changing passwords, disabling services and reducing connectivity will be critical for limiting the potential risks of these devices prior to their removal from the network. World’s First and Only Proactive xIoT Security Platform Phosphorus’s Enterprise xIoT Security Platform is the industry’s only consolidated xIoT security offering, delivering state-of-the-art Attack Surface Management, Hardening and Remediation, and Detection and Response across the full range of IoT, OT, and Network-connected devices – spanning both new and legacy devices. For the first time in industry history, teams in IT, Facilities, and Security are able to collaborate on a single platform to safely discover, assess, remediate, and monitor their xIoT devices. Phosphorus is now the solution of choice for enterprises to secure devices that were previously unknown or overlooked, beginning with fundamental xIoT security hygiene. The company’s Enterprise xIoT Security Platform is currently deployed in Fortune 100, Fortune 500, and government networks. ABOUT PHOSPHORUS Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things across the enterprise xIoT landscape. Our Enterprise xIoT Security Platform delivers Attack Surface Management, Hardening & Remediation, and Detection & Response to bring enterprise xIoT security to every cyber-physical Thing in your enterprise environment. With unrivaled xIoT discovery and posture assessment, Phosphorus automates the remediation of the biggest IoT, OT, and Network device vulnerabilities—including unknown and inaccurate asset inventory, out-of-date firmware, default credentials, risky configurations, and out-of-date certificates.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

BlueVoyant Research Reveals Defending Digital Supply Chains Remains a Business Challenge

BlueVoyant | November 14, 2022

BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released the findings of its third annual global survey into supply chain cyber risk management. The study reveals that 98% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain. This is up slightly from 97% of respondents last year. Digital supply chains are made of the external vendors and suppliers who have network access that could be compromised. "The survey shows that supply chain cybersecurity risk has not decreased and, in fact, more enterprises than ever have reported being negatively impacted by a cybersecurity disturbance in their supply chain," said Adam Bixler, BlueVoyant's global head of supply chain defense. "The good news is that across industries and regions, organizations are making supply chain defense a priority, but these organizations need to better monitor suppliers and work with them to remediate issues to reduce their supply chain risk." Other key survey findings include: 40% of respondents rely on the third-party vendor or supplier to ensure adequate security. In 2021, 53% of companies said they audited or reported on supplier security more than twice per year; that number has improved to 67% in 2022. These numbers include enterprises monitoring in real time. Budgets from supply chain defense are increasing, with 84% of respondents saying their budget has increased in the past 12 months. The top pain points reported are internal understanding across the enterprise that suppliers are part of their cybersecurity posture, meeting regulatory requirements, and working with suppliers to improve their security. "While supply chain defense is a challenge, there are solutions for enterprises to better defend against this risk," said James Rosenthal, BlueVoyant's CEO and co-founder. "Enterprises should continuously monitor their supply chain to be able to quickly remediate threats. As companies are being negatively impacted by supply chain disturbances, they must prioritize this risk with the appropriate budget." The study was conducted by independent research organization, Opinion Matters, and recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief info security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organizations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense. It covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore. The 2021 research was also conducted by Opinion Matters and recorded the views and experiences of 1,200 CTOs/CSOs/COOs/CIOs/CISOs/CPOs in similar enterprises and the same industries. It covered six countries: U.S., Canada, Germany, the Netherlands, the U.K., and Singapore. Analysis of the responses from different commercial sectors revealed considerable variations in their experiences of supply chain risk: While healthcare and pharmaceutical was the third-highest vertical in terms of experiencing greater board scrutiny for supply chain risk at 42%, the sector also indicates the lowest likelihood to increase budget for external resources to bolster supply chain cybersecurity, by a margin of 7% below the next closest vertical. This sector is also the least likely of any vertical (34%) to have no way of knowing if an issue arises with a third party's environment. The energy sector was most likely to report negative impact from at least one supply chain breach in the last year (99%) but 49% are monitoring supply chain cyber risk regularly or in real time, and 44% are updating senior leadership monthly or more frequently. In addition, energy companies say they are increasing their budget for supply chain cyber risk by an average of 60%. In manufacturing, 64% of respondents say that supply chain cyber risk is on their radar and 44% say they have established an integrated enterprise risk management program. About BlueVoyant BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.

Read More