Home > News > featured news > Phosphorus Launches New xIoT Security Capabilities to Discover and Disable Risky Devices Prohibited by the U.S. Government

PLATFORM SECURITY,SOFTWARE SECURITY

Phosphorus Launches New xIoT Security Capabilities to Discover and Disable Risky Devices Prohibited by the U.S. Government

Phosphorus | December 13, 2022 | Read time : 03:00 min

Phosphorus Launches New xIoT Security Capabilities to Discover
Phosphorus, the leading provider of proactive and full-scope security for the extended Internet of Things (xIoT), today announced new security features that will enable organizations to discover and monitor their networks for the presence of xIoT devices that the U.S. government deems a significant security risk. The new features also include the capability to remotely disable and remove the devices from the network.

Phosphorus’s security update follows the FCC’s ban on the sale or importation of devices made by several Chinese manufacturers that it considers to pose “an unacceptable risk to national security of the United States or the security or safety of United States persons.” The Covered List includes video surveillance and telecommunications equipment produced by Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology (and their subsidiaries and affiliates).

“The Phosphorus xIoT Security Platform is the industry’s only solution that can discover the presence of these prohibited devices and remotely render them inert at scale. “These unique capabilities will empower enterprises and government organizations across the U.S. to discover, disable, and remove banned or potentially dangerous devices from their enterprise environments.”

John Vecchi, Chief Marketing Officer at Phosphorus

Advanced Discovery Capability

A recent study by Phosphorus’s global research division, Phosphorus Labs, found that organizations consistently struggle to identify all of their xIoT devices – this means many companies may not realize they have banned devices lurking inside their networks. According to its research, 80% of enterprise security teams can’t identify the majority of their xIoT devices and customer estimates of xIoT inventories are consistently off by 40-60%.

Phosphorus’s Enterprise xIoT Security Platform has unique capabilities for discovering xIoT assets, and it is the only technology platform able to communicate with these devices (ranging from security cameras to PLCs) in their native languages. This enables a high degree of accuracy, granularity, and speed when discovering and analyzing these devices to create comprehensive inventories of xIoT assets that include device type, brand, model, firmware version, credential status, default/enabled protocols, certificate status, and more.

Disabling and Isolating High-Risk Devices

Phosphorus empowers organizations by giving them direct control over every single device in their wide-ranging xIoT deployments. Through the platform’s Hardening and Remediation capabilities, organizations can update and rotate a device’s credentials, manage firmware, disable remote services, turn off unnecessary connectivity features, check for valid certificates, and reboot the device.

For organizations that have detected banned xIoT technologies in their networks, specific device-level actions such as changing passwords, disabling services and reducing connectivity will be critical for limiting the potential risks of these devices prior to their removal from the network.

World’s First and Only Proactive xIoT Security Platform

Phosphorus’s Enterprise xIoT Security Platform is the industry’s only consolidated xIoT security offering, delivering state-of-the-art Attack Surface Management, Hardening and Remediation, and Detection and Response across the full range of IoT, OT, and Network-connected devices – spanning both new and legacy devices.

For the first time in industry history, teams in IT, Facilities, and Security are able to collaborate on a single platform to safely discover, assess, remediate, and monitor their xIoT devices. Phosphorus is now the solution of choice for enterprises to secure devices that were previously unknown or overlooked, beginning with fundamental xIoT security hygiene.

The company’s Enterprise xIoT Security Platform is currently deployed in Fortune 100, Fortune 500, and government networks.

ABOUT PHOSPHORUS
Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things across the enterprise xIoT landscape. Our Enterprise xIoT Security Platform delivers Attack Surface Management, Hardening & Remediation, and Detection & Response to bring enterprise xIoT security to every cyber-physical Thing in your enterprise environment. With unrivaled xIoT discovery and posture assessment, Phosphorus automates the remediation of the biggest IoT, OT, and Network device vulnerabilities—including unknown and inaccurate asset inventory, out-of-date firmware, default credentials, risky configurations, and out-of-date certificates.

Spotlight

MXDR by Deloitte - Embed 24/7 cybersecurity vigilance and run with confidence

Managed Extended Detection & Response (MXDR) by Deloitte is a fully managed cybersecurity solution designed to protect an organization’s entire extended enterprise from internal and external cyber threats by operating 24x7x365 cyber threat hunting, detection, response, and remediation capabilities

More featured news

Spotlight

MXDR by Deloitte - Embed 24/7 cybersecurity vigilance and run with confidence

Managed Extended Detection & Response (MXDR) by Deloitte is a fully managed cybersecurity solution designed to protect an organization’s entire extended enterprise from internal and external cyber threats by operating 24x7x365 cyber threat hunting, detection, response, and remediation capabilities

Related News

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

DoControl Releases Its SaaS Security Platform on AWS Marketplace

DoControl | February 03, 2023

On February 2, 2023, DoControl, a leading automated software-as-a-service (SaaS) security provider, announced the release of its no-code SaaS security platform on AWS Marketplace, an online catalog that simplifies the provisioning, procurement, and governance of third-party data, software and services. The platform enables joint customers to better protect their business-critical assets by setting up a foundational layer of preventative data access security controls directly through the AWS Marketplace. Individual SaaS applications' native security features are usually poor and do not provide a consistent way to apply data access controls across all SaaS application types. DoControl provides a single security strategy that centralizes the enforcement of least privilege - beyond the network, identity, and device levels - across the entire estate of an enterprise's SaaS applications. Customers with AWS deployments may now use DoControl solutions to safeguard all shared data and files accessed by every identity or entity, including internal employees, third-party collaborators, and third-party OAuth applications. On average, an enterprise has approximately 200 applications in use, with hundreds or thousands of internal and external collaborators. Therefore, data security is of utmost importance across these applications (file-sharing, file storage, messaging, and so on), as breaches can result in lost revenue, severe brand damage, regulatory fines and other financial consequences. DoControl offers SaaS asset management, continuous monitoring, and automated security workflows to security and IT teams to prevent data breaches. In addition, DoControl lowers the physical toil and complexity that security and IT professionals face on a daily basis by replacing manual effort with automation. About DoControl Founded in 2020, DoControl is a No-Code SaaS Security Platform that provides organizations with automated, self-service tools needed for SaaS applications data access monitoring, orchestration, and remediation. It takes a distinctive, customer-focused approach to the labor-intensive challenge of security risk management and data exfiltration prevention in popular SaaS applications. DoControl helps lower the work overload and complexity that Security and IT teams face on a daily basis by replacing manual work with automation. The company is backed by investors, including StageOne Ventures, Insight Partners, RTP Global, Cardumen Capital, and CrowdStrike's CrowdStrike Falcon Fund.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Privacera Announces Integration with Databricks Unity Catalog

Privacera | February 23, 2023

On February 22, 2023, Privacera, a leading SaaS-based data security and access governance platform, announced its integration with Databricks Unity Catalog. Through this integration, users of both Privacera and Databricks can now facilitate data discovery and access across the Databricks Lakehouse Platform, including seamless migration of existing Privacera policies. Privacera increases the ability of its users to provide a holistic unified data security platform, protecting all data assets, including modern cloud-native data warehouses, on-premise legacy data sources, modern data lakehouses, and data mesh architectures. Users can trial these capabilities and spin up Privacera and Databricks together through pre-configured integration settings on Databricks Partner Connect, simplifying the process of testing a secure, well-governed data lakehouse with minimal administrative effort. The Unity Catalog integration supports table/view level access control, dynamic column-level data masking, dynamic row-level filtering, attribute-based access control, tag-based policies, and file/object level access control. Privacera enables enterprise data teams to protect sensitive data and promote privacy by securely managing data access policies across multiple on-premise, hybrid, and multi-cloud data sources, automating manual governance processes to reduce time to insights. It is the only open-standards-based data security governance firm, natively integrating with the most popular data and analytic sources. Its scalable and data query performance architecture has made it the solution of choice for many Fortune 500 organizations worldwide. Privacera's CEO Balaji Ganesan commented, "Securing and governing the modern data lakehouse is a non-trivial challenge for its users and that's why we've invested in extending our modern data security governance capabilities to the Unity Catalog-powered data lakehouse." He further emphasized, "Our users can seamlessly apply the security and governance controls to Unity Catalog and other sources with ease and at scale, and through a proven, open security standard." About Privacera Privacera is a SaaS-based data security and access governance platform established in 2016 by the founders of Apache Ranger™ and Apache Atlas™. The platform enables data and security teams to simplify data security, access and privacy for data applications and analytical workloads. Its centralized data access governance platform extends beyond traditional Big Data environments to cloud-native services and analytics platforms such as AWS, GCP, Azure and Databricks and enables data democratization without compromising on compliance with data access control, data discovery, and encryption. In addition, the platform ensures compliance with regulations such as GDPR, LGPD, CCPA, and HIPAA while maximizing usability for data science and analytics teams.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Arkose Labs™ Introduces Arkose Email Intelligence™

Arkose Labs | January 30, 2023

Arkose Labs™, one of the worldwide leaders in bot management and account security, announced the launch of Arkose Email Intelligence™. This new tool prevents bots and bad actors from using fraudulent or dangerous email addresses to target online services and apps. Legacy email intelligence systems are not optimized and are too costly to utilize in high-volume applications such as new account registration that are targets of bot-driven assaults. Arkose Email Intelligence combines email risk discovery with the industry-leading Arkose Protect, a bot detection and challenge platform, to create the first email intelligence solution. This solution prevents bots and bad actors from using fake, throw-away, and other high-risk email addresses to develop synthetic online accounts and launch volumetric account takeover (ATO) attacks. In the second half of 2022, the creation of bogus accounts increased by 81% compared to the first half. Additionally, 11% of all attack attempt sessions were ATOs in 2022 and were of the same severity. Extremely high market demand exists for an email intelligence service that is both highly effective and reasonably priced. Existing services are exorbitantly costly, often compelling CISOs and product teams to use email intelligence at restricted locations more profoundly in the user flow of an application, such as during the payment transaction. This trade-off leaves important occasions, such as the creation of a new account, exposed to assault and misuse by email addresses that are fake or high-risk. Arkose Email Intelligence is meant to provide robust abuse protection at a much lower cost than previous industry solutions. This allows businesses to afford email intelligence beyond standard transactions. In addition to combating automated and fraud farm attacks, Arkose Email Intelligence offers organizations over forty relevant data insights. These extensive data points and signals give a multidimensional perspective of the risk connected with the email address, allowing for additional threat assessment and decision-making. About Arkose Labs Arkose Labs is one of the industry leaders in bot management. Its novel method identifies genuine user intent and mitigates threats in real time. In addition, risk assessments and interactive authentication difficulties degrade the return on investment (ROI) behind attacks, ensuring long-term security and enhancing consumer throughput. The firm, headquartered in San Mateo, California, with operations in Brisbane and Sydney, Australia, San Jose, Costa Rica, and London, United Kingdom, placed 106th on the North American Deloitte Fast 500 list for 2022.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

DoControl Releases Its SaaS Security Platform on AWS Marketplace

DoControl | February 03, 2023

On February 2, 2023, DoControl, a leading automated software-as-a-service (SaaS) security provider, announced the release of its no-code SaaS security platform on AWS Marketplace, an online catalog that simplifies the provisioning, procurement, and governance of third-party data, software and services. The platform enables joint customers to better protect their business-critical assets by setting up a foundational layer of preventative data access security controls directly through the AWS Marketplace. Individual SaaS applications' native security features are usually poor and do not provide a consistent way to apply data access controls across all SaaS application types. DoControl provides a single security strategy that centralizes the enforcement of least privilege - beyond the network, identity, and device levels - across the entire estate of an enterprise's SaaS applications. Customers with AWS deployments may now use DoControl solutions to safeguard all shared data and files accessed by every identity or entity, including internal employees, third-party collaborators, and third-party OAuth applications. On average, an enterprise has approximately 200 applications in use, with hundreds or thousands of internal and external collaborators. Therefore, data security is of utmost importance across these applications (file-sharing, file storage, messaging, and so on), as breaches can result in lost revenue, severe brand damage, regulatory fines and other financial consequences. DoControl offers SaaS asset management, continuous monitoring, and automated security workflows to security and IT teams to prevent data breaches. In addition, DoControl lowers the physical toil and complexity that security and IT professionals face on a daily basis by replacing manual effort with automation. About DoControl Founded in 2020, DoControl is a No-Code SaaS Security Platform that provides organizations with automated, self-service tools needed for SaaS applications data access monitoring, orchestration, and remediation. It takes a distinctive, customer-focused approach to the labor-intensive challenge of security risk management and data exfiltration prevention in popular SaaS applications. DoControl helps lower the work overload and complexity that Security and IT teams face on a daily basis by replacing manual work with automation. The company is backed by investors, including StageOne Ventures, Insight Partners, RTP Global, Cardumen Capital, and CrowdStrike's CrowdStrike Falcon Fund.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Privacera Announces Integration with Databricks Unity Catalog

Privacera | February 23, 2023

On February 22, 2023, Privacera, a leading SaaS-based data security and access governance platform, announced its integration with Databricks Unity Catalog. Through this integration, users of both Privacera and Databricks can now facilitate data discovery and access across the Databricks Lakehouse Platform, including seamless migration of existing Privacera policies. Privacera increases the ability of its users to provide a holistic unified data security platform, protecting all data assets, including modern cloud-native data warehouses, on-premise legacy data sources, modern data lakehouses, and data mesh architectures. Users can trial these capabilities and spin up Privacera and Databricks together through pre-configured integration settings on Databricks Partner Connect, simplifying the process of testing a secure, well-governed data lakehouse with minimal administrative effort. The Unity Catalog integration supports table/view level access control, dynamic column-level data masking, dynamic row-level filtering, attribute-based access control, tag-based policies, and file/object level access control. Privacera enables enterprise data teams to protect sensitive data and promote privacy by securely managing data access policies across multiple on-premise, hybrid, and multi-cloud data sources, automating manual governance processes to reduce time to insights. It is the only open-standards-based data security governance firm, natively integrating with the most popular data and analytic sources. Its scalable and data query performance architecture has made it the solution of choice for many Fortune 500 organizations worldwide. Privacera's CEO Balaji Ganesan commented, "Securing and governing the modern data lakehouse is a non-trivial challenge for its users and that's why we've invested in extending our modern data security governance capabilities to the Unity Catalog-powered data lakehouse." He further emphasized, "Our users can seamlessly apply the security and governance controls to Unity Catalog and other sources with ease and at scale, and through a proven, open security standard." About Privacera Privacera is a SaaS-based data security and access governance platform established in 2016 by the founders of Apache Ranger™ and Apache Atlas™. The platform enables data and security teams to simplify data security, access and privacy for data applications and analytical workloads. Its centralized data access governance platform extends beyond traditional Big Data environments to cloud-native services and analytics platforms such as AWS, GCP, Azure and Databricks and enables data democratization without compromising on compliance with data access control, data discovery, and encryption. In addition, the platform ensures compliance with regulations such as GDPR, LGPD, CCPA, and HIPAA while maximizing usability for data science and analytics teams.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Arkose Labs™ Introduces Arkose Email Intelligence™

Arkose Labs | January 30, 2023

Arkose Labs™, one of the worldwide leaders in bot management and account security, announced the launch of Arkose Email Intelligence™. This new tool prevents bots and bad actors from using fraudulent or dangerous email addresses to target online services and apps. Legacy email intelligence systems are not optimized and are too costly to utilize in high-volume applications such as new account registration that are targets of bot-driven assaults. Arkose Email Intelligence combines email risk discovery with the industry-leading Arkose Protect, a bot detection and challenge platform, to create the first email intelligence solution. This solution prevents bots and bad actors from using fake, throw-away, and other high-risk email addresses to develop synthetic online accounts and launch volumetric account takeover (ATO) attacks. In the second half of 2022, the creation of bogus accounts increased by 81% compared to the first half. Additionally, 11% of all attack attempt sessions were ATOs in 2022 and were of the same severity. Extremely high market demand exists for an email intelligence service that is both highly effective and reasonably priced. Existing services are exorbitantly costly, often compelling CISOs and product teams to use email intelligence at restricted locations more profoundly in the user flow of an application, such as during the payment transaction. This trade-off leaves important occasions, such as the creation of a new account, exposed to assault and misuse by email addresses that are fake or high-risk. Arkose Email Intelligence is meant to provide robust abuse protection at a much lower cost than previous industry solutions. This allows businesses to afford email intelligence beyond standard transactions. In addition to combating automated and fraud farm attacks, Arkose Email Intelligence offers organizations over forty relevant data insights. These extensive data points and signals give a multidimensional perspective of the risk connected with the email address, allowing for additional threat assessment and decision-making. About Arkose Labs Arkose Labs is one of the industry leaders in bot management. Its novel method identifies genuine user intent and mitigates threats in real time. In addition, risk assessments and interactive authentication difficulties degrade the return on investment (ROI) behind attacks, ensuring long-term security and enhancing consumer throughput. The firm, headquartered in San Mateo, California, with operations in Brisbane and Sydney, Australia, San Jose, Costa Rica, and London, United Kingdom, placed 106th on the North American Deloitte Fast 500 list for 2022.

Read More

More featured news