DATA SECURITY

Radiflow's New Version of CIARA - OT Risk Platform Transforms Industrial Cybersecurity

Radiflow | May 31, 2021

Radiflow's New Version of CIARA - OT Risk Platform Transforms Industrial Cybersecurity
Radiflow has received extensive industry appreciation for its one-of-a-kind, fully IEC62443-compliant Cyber Industrial Automated Risk Analysis Platform (CIARA), enabling CISOs to optimize their cybersecurity expenditure non-intrusively simulating breach attempts in industrial automation networks and prioritizing the most effective mitigation measures.

In accordance with Radiflow's ongoing mission of "Taking the guesswork out of OT cybersecurity," the latest edition of CIARA allows users to further customize their cybersecurity optimization with additional operational and budgetary criteria.

Ilan Barda, CEO of Radiflow, announced the new features: "CIARA was warmly received in the market as the first-of-its-kind OT BAS solution (breach attack simulation). Since its release, we have seen an increase in demand for risk prioritization in the dynamic OT/ICS threat landscape. Our new edition responds to the critical need for data-driven decision-making. We are delighted to assist CISOs in developing the best budget-driven mitigation strategy."

Users of the updated version of CIARA can now:

Customize their OT-security optimization: Users can now choose from a wide range of factors to find a balance between security, compliance, and budget. CIARA prioritizes security requirements for mitigation measures (SRs) that match the chosen criterion to maximize their cybersecurity ROI. Among the current optimization criteria are:

• Zone impact: What is the financial impact of a disruption in that zone?

• Which zone has the lowest tolerated risk (as specified by the user)?

• Which zones have the highest disparity between real security measures and those prescribed by the IEC62443 standard?

New supply chain threats are included in attack simulations: Supply chain attacks, such as the SolarWinds breach, take advantage of vendor networks' vulnerabilities. In addition to the fundamental requirement control groups in IEC62443, CIARA users can now add a security control group for Supply Chain attacks (NIST 800-161) to CIARA's breach simulations, including such attack strategies prioritize the effectiveness of relevant mitigation measures.

Budget and Plan :

CIARA's new OT security project planner generates a complete quarterly mitigation plan based on the user's optimization preferences, balancing the estimated cost of mitigation controls against the quarterly budget constraints.

About Radiflow

These new features enhance Radiflow's objective to eliminate the guesswork from OT security. Radiflow is committed to assisting CISOs in prioritizing their activities by providing industrial threat detection and risk management solutions.

Spotlight

SQL injection is a form of attack that takes advantage of applications that generate SQL queries using user-supplied data without first checking or pre-processing it to verify that it is valid. The objective is to deceive the database system into running malicious code that will reveal sensitive information or otherwise compromise the server. By modifying the expected Web application parameters, an attacker can submit SQL queries and pass commands directly to the database. Many webpages take input from users, such as search terms, feedback comments or username and password and use them to build a SQL query which is passed to the database.

Spotlight

SQL injection is a form of attack that takes advantage of applications that generate SQL queries using user-supplied data without first checking or pre-processing it to verify that it is valid. The objective is to deceive the database system into running malicious code that will reveal sensitive information or otherwise compromise the server. By modifying the expected Web application parameters, an attacker can submit SQL queries and pass commands directly to the database. Many webpages take input from users, such as search terms, feedback comments or username and password and use them to build a SQL query which is passed to the database.

Related News
ENTERPRISE SECURITY

Coalfire announces HITRUST Accelerator with AWS Security Assurances Services (AWS SAS)

Coalfire, a leading cybersecurity firm, announced HITRUST Accelerator, a new program that allows customers to achieve HITRUST CSF Validation up to 50% faster when compared with conventional methods. This program combines deep technical knowledge of AWS Security Assurance Services, LLC (AWS SAS) with Coalfire, a HITRUST External Assessor Organization, to streamline the entirety of the HITRUST Validation lifecycle. Organizations who attempt to prepare for HITRUST certification internally without the help of an experienced external assessor may have timelines in excess of 2 years to achieve HITRUST Certification. The HITRUST Accelerator program uses a three-step process that provides end-to-end support of an organization's preparation, remediation, and HITRUST Validation. This integrated approach enables Coalfire and AWS SAS to quickly identify compliance gaps, assist with technical remediation, simplify document creation, and expedite the Validated Assessment. By accelerating HITRUST Validation, customers will be able to offer significant assurances over their security and privacy controls, which enables them to focus on innovation and driving adoption. Coalfire and AWS SAS share an obsession in creating innovative solutions that maximize customer success," "This passion and collaboration resulted in a program that helps our mutual customers prepare, remediate, and validate against the HITRUST CSF. By taking industry leaders in cloud security and HITRUST, we aim to revolutionize the way that organizations approach and maintain compliance. This has been a long time coming and we are absolutely thrilled to be launching this program with the AWS SAS team. Jeff Rector, Global Engagement at Coalfire The customer journey is accelerated via three tailored workstreams that are designed to: Prepare the customer for HITRUST Validation by thoroughly defining the technical systems and boundary, conducting a thorough gap assessment, and developing fully customized policies and procedures designed to be HITRUST compliant. Reduce remediation efforts and time to 12 WEEKS in most instances, using automated compliance-as-code packages, 30 days of expert AWS technical guidance and security engineering services, and hands-on AWS support configuring AWS services., and to fast-track the collection of evidence ahead of the Validated Assessment to minimize burden and audit fatigue on compliance teams. Validate the environment with confidence, including end-to-end support during HITRUST QA, Corrective Action Plan creation, and report finalization. About Coalfire Leading technology infrastructure providers, SaaS companies, and enterprises – including the top-five cloud service providers and eight of the top-10 SaaS organizations – rely on Coalfire to strengthen their security posture and secure their digital transformations. As one of the largest firms dedicated to cybersecurity, Coalfire delivers a comprehensive suite of advisory and managed services, spanning cyber strategy and risk, cloud security, threat and vulnerability management, application security, privacy, and compliance management. A proven leader in cybersecurity for the past 20 years, Coalfire combines extensive cloud expertise, advanced technology, and innovative approaches that fuel success.

Read More

PLATFORM SECURITY

BT launches transformational new security platform, Eagle-i, to predict and prevent cyber attacks

Relentless growth and ever-changing nature of the threat landscape dictates a new, proactive approach to cyber security Customers to benefit from advances in AI and automation, combined with BT's networking expertise, in transformational cyber defence platform Eagle-i builds on BT's recent security investment and partner ecosystem to address issues such as a more than 50 per cent increase in malware traffic over the last 6 months Business and public sector bodies continue to face an exponential growth in the volume and complexity of cyber attacks, with new research from BT identifying a more than 50 per cent increase in malware traffic over the last six months. Alongside a global shortage of skilled security professionals, organisations around the world are struggling to keep a lid on evolving cyber threats and maintain their defences. In response, BT is launching its most sophisticated cyber defence platform yet — Eagle-i. It combines BT's industry-leading network insight with advances in AI and automation to predict, detect and neutralise security threats before they get a chance to inflict damage. The platform has been designed to self-learn from the intelligence provided by each intervention, so that it constantly improves its threat knowledge and dynamically refines how it protects customers across a multi-cloud environment. Eagle-i will utilise an AI layer to provide real-time detection of issues and intelligent automated responses, enabling users to significantly speed up their reaction to security issues and outpace their cyber threats. It is also uniquely able to integrate with technologies from across the security ecosystem so that organisations can both optimise their capabilities and spot any holes in their defences without having to replace existing investments. The platform will underpin how BT protects its global operations and provide phased enhancements and increased functionalities for all BT's managed security services. Security is now at the top of the boardroom and government agenda yet many organisations are seeing their cyber risks increase to unmanageable levels. This situation demands a new, proactive approach. Eagle-i leverages the latest advances in AI and automation to continually monitor, learn and evolve so customers can stay a step ahead of cyber criminals. Kevin Brown, managing director, BT Security About BT BT Group is the UK's leading telecommunications and network provider and a leading provider of global communications services and solutions, serving customers in 180 countries. Its principal activities in the UK include the provision of fixed voice, mobile, broadband and TV (including Sport) and a range of products and services over converged fixed and mobile networks to consumer, business and public sector customers. For its global customers, BT provides managed services, security and network and IT infrastructure services to support their operations all over the world. BT consists of four customer-facing units: Consumer, Enterprise, Global and its wholly-owned subsidiary, Openreach, which provides access network services to over 650 communications provider customers who sell phone, broadband and Ethernet services to homes and businesses across the UK.

Read More

DATA SECURITY

Herjavec Group, a Global Cybersecurity Leader, Accelerates Growth with Acquisition of SEGMENTECH

Robert Herjavec, Founder & CEO of global cybersecurity firm Herjavec Group and a leading investor on the Emmy Award-winning show Shark Tank, proudly announces the strategic acquisition of SEGMENTECH, a North American cybersecurity services firm specializing in Identity and Access Management (IAM) & Privileged Access Management (PAM) solutions for enterprise customers. This acquisition further expands and accelerates Herjavec Group's leading IAM practice by adding world-class Privileged Access Management talent, specializing in implementations of CyberArk, a global leader in Identity Security. "As we have transitioned to a flexible workforce environment, businesses have been forced to accelerate and pivot their digital transformation," said, Robert Herjavec. "As a result, CIOS and CISOs are navigating a paradigm shift in cybersecurity, and the way their security environment needs to be set up. IAM and PAM have become foundational to all security programs, to ensure that the right people access the right data, at the right time, for the right reasons. As a result, we are experiencing a tremendous uptick in demand for services to implement comprehensive IAM and PAM programs." Founded in 2015 by Roy Levy and Boris Zaidfeld, SEGMENTECH is a leading provider of IAM & PAM services and is an expert advisor in DevSecOps and how to secure CI/CD processes. SEGMENTECH supports global enterprise customers through the implementation and expansion of IAM and PAM programs. Both Herjavec and SEGMENTECH are established partners of CyberArk. With this acquisition, Herjavec will further advance its privileged access management practice by putting CyberArk at the core, which enables a security-first approach to decreasing identity-led risk. This acquisition strengthens Herjavec Group's position as an Identity and Access Management leader and will benefit organizations seeking to fortify their cybersecurity defenses,CyberArk has strong relationships with both Herjavec and SEGMENTECH. Their commitment to investing in highly trained cybersecurity professionals, especially in the area of privileged access management, combined with expanded access to CyberArk-based Identity Security solutions, will dramatically improve security for our joint customers. Chris Moore, VP of Global Channel at CyberArk. Herjavec Group and SEGMENTECH customers will benefit from working with highly qualified professionals, including those who have achieved their Guardian certification, the highest level of CyberArk training and a proven track record of capabilities, ensuring enterprises can accelerate, improve, and manage their cybersecurity lifecycle. About Herjavec Group: Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world's most innovative cybersecurity operations leaders, and excel in complex, multi-vendor environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity and Access Management Services, Managed Security Services, Threat Management, and Incident Response. Herjavec Group operates across the United States, United Kingdom, India and Canada.

Read More