DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Red Sift Acquires Hardenize to Redefine Enterprise Attack Surface Protection

Red Sift | October 14, 2022 | Read time : 03:00 min

Red Sift
Red Sift today announced that it has acquired global Attack Surface Management (ASM) innovator, Hardenize. The strategic move enables Red Sift to enrich, extend, and improve its existing security solutions to also protect customers’ internet assets and infrastructure, offering a complete, best-in-class digital resilience solution. The integration of Hardenize’s unique ASM capabilities enables the Red Sift platform to gain a comprehensive view of an organization’s digital footprint, allowing customers to better understand and protect their entire critical attack surface area in the face of an ever-evolving threat environment.

While email security remains one of the greatest attack vectors for businesses on the internet, organizations understand that it is only one of many that hackers will look to exploit. From email and domains to web applications and the network perimeter, attackers will take advantage of any and all vulnerabilities across the ever-expanding attack surface. Rather than treating key email security risks individually, organizations must have a comprehensive understanding of and visibility into any and all assets, as well as the ability to secure these using best-in-class remediation based on globally recognized standards and protocols.

Recognizing that organizations often are left to fend for themselves once vulnerabilities have been identified, today’s acquisition goes beyond enhanced discovery to provide customers with the necessary tools to shut down phishing and ensure ongoing compliance with email and web security protocols. Hardenize’s deep and continuous knowledge of key security and network standards, protocols and configurations, paired with Red Sift’s sophisticated remediation capabilities, enables customers to gain complete control of their entire attack surface for the first time.

With today’s acquisition, Red Sift and Hardenize make this vision a reality for joint customers. Hardenize’s discovery capabilities will act as a magnifying glass into customers’ infrastructure, continuously identifying new and often unknown vulnerable assets across the attack surface. By enriching Red Sift’s discovery phase, customers can now uncover threats beyond email security, to discover lookalike domain abuse, and spot vulnerabilities across their network perimeter.

“This move gives us the purview to do more for cybersecurity than we ever have before, elevating the breed of solution available to enterprise businesses for full Attack Surface Management and resilience. “By acquiring Hardenize, an innovator in Attack Surface Management (ASM), we extend our leading security products beyond protecting email; enabling enterprise customers to see their full attack surface, solve the issues at hand, and secure their valuable assets in an ever-evolving threat continuum. Bringing Hardenize and Red Sift together presents an opportunity to redefine how we approach ASM, and in turn revolutionize how enterprises protect themselves comprehensively and effectively in the face of an ever-evolving attack landscape.”

Rahul Powar, CEO of Red Sift

“We’re excited to join Red Sift in bringing this best-in-class security solution to the market,” said Hardenize CEO and SSL Labs creator Ivan Ristic. “Hardenize’s ability to align organizations’ digital assets to recognized security frameworks and standards complements Red Sift’s advanced email security capabilities to provide a single solution that protects organizations from being vulnerable to attackers.”

“This is a significant moment in the fight against digital pollutants on the Internet. Modern cyber resilience is built on a foundation of good cyber hygiene. Hardenize adds best-in-class security to allow organisations to work out what they’re doing well and need to improve in some really critical areas of core protections. This adds to Red Sift's suite of gold-standard solutions,” said Ciaran Martin, NCSC founder and former Chief Executive, and Red Sift Special Advisor. “I’m excited to see how this improves the offerings available for enterprises looking to secure their infrastructure and digital ecosystem.”

“The combination of Red Sift and Hardenize makes a great deal of sense, given that organizations increasingly demand proactive approaches to security like Attack Surface Management,” said Rik Turner, Senior Principal Analyst at Omdia. “These proactive platforms seek to reduce an organization’s overall attack surface before threat actors discover issues like vulnerabilities or misconfigurations and launch an attack exploiting them. With Hardenize, Red Sift is approaching ASM holistically, to include external assets together with an organization’s infrastructure and the third-party landscape.”

“Having enjoyed a strong strategic partnership with Red Sift for some time now, it’s exciting to see them make the move towards greater attack surface protection,” said Chris Bailey, VP of Strategy and Business Development at Entrust. “The ways in which attackers look to infiltrate organizations are always multiplying, but the vectors they use remain largely the same. This solution offers enterprises a way to fight back, by detecting their most vulnerable assets in a widening threat landscape.”

About Red Sift
Red Sift's Digital Resilience Platform solves for the greatest vulnerabilities across the complete attack surface. By providing comprehensive coverage of an organization’s digital footprint through best-in-class discovery and monitoring, Red Sift enables users to proactively uncover threats within email, domains, brand, and the network perimeter. Paired with sophisticated remediation capabilities, Red Sift provides organizations with the tools to shut down phishing and ensure ongoing compliance with email and web security protocols.

Spotlight

Businesses make up the core of an economy. And cyberattacks are among the topmost risks faced by any business organization irrespective of its size and domain of operation. Therefore, it is well established that cyber-attacks have a significant economic impact. Most of the attacks and breaches are financially motivated.

Spotlight

Businesses make up the core of an economy. And cyberattacks are among the topmost risks faced by any business organization irrespective of its size and domain of operation. Therefore, it is well established that cyber-attacks have a significant economic impact. Most of the attacks and breaches are financially motivated.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Neosec Introduces Automated Tokenization to Enable Full API Visibility Without Exposure of Sensitive Data

Neosec | November 16, 2022

Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to enable organizations to fully see and store API data, removing the possibility of keeping sensitive data at-rest. Today, many organizations are blind to the threats lurking within their API traffic. Even worse, organizations are forced to implement basic logging of its API traffic that doesn't contain the meaningful information about who accessed, what records were accessed or manipulated and how. There exists a justified fear of logging sensitive data or being out of compliance, and with the lack of technology that can perform it at scale, they prefer to log with low fidelity. Those logs tell you that "somebody modified or accessed a record" but typically don't disclose who accessed it, which record, or what action was performed. This decision also results in a downstream issue of "insufficient logging", which is noted by the Open Web Application Security Project as one of the top security problems in its 2021 OWASP API Top 10. "Insufficient logging" is poor for incident forensics and, in practice, means that you can't detect abuse or investigate a case, even if you know it happened. Tokenization is the process of substituting a sensitive data element, like a credit card number, for a non-sensitive equivalent that has no intrinsic or exploitable value or meaning. Neosec's automated tokenization is part of its 'privacy by design' philosophy and is already deployed successfully at customers around the world in financial services, insurance and hospitality companies among others. The process allows retaining tokenized API activity data for the purposes of performing true behavioral analytics over time, ensures that sensitive data is never stored at rest, and enables only the customer to de-tokenize, based on the strictest data privacy practices. "Solving API security starts with basic visibility and the ability to see how the APIs are used. The problem is that virtually every company logs API activity with low fidelity that doesn't enable this basic visibility. "In order to perform true behavioral analytics and investigate cases you must store and examine historical data. But if this analysis is performed on un-tokenized data you risk storing PII and creating compliance issues. Neosec successfully retains all API activity data, in the highest fidelity, and ensures it meets data privacy standards." Giora Engel, co-founder and chief executive officer, Neosec This focus on data and the visibility it brings is what previously defined the creation of the EDR (Endpoint Detection & Response) security space. "Trying to implement API security without enabling basic visibility of activity is like going back to the antivirus age before the advent of EDR. Visibility into API activity allows you to detect threats, understand behavior, investigate and remediate" said Engel. The Neosec API security solution discovers and maintains an up-to-date inventory of all APIs in use by an organization and then uses machine learning and behavioral analytics on tokenized data to find fraud and abuse by third parties and attackers. Neosec also enables proactive API threat hunting and investigations without storing any sensitive data. The automated API data tokenization is now a capability of the Neosec platform and is fully available. There is no extra cost for use of this unique capability. About Neosec Neosec is re-inventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities together with a team of expert threat hunters. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY

Omega Systems Fuels Growth in Northeast Region with Acquisition of the TNS Group

Omega Systems | January 10, 2023

On January 09, 2023, Omega Systems, a Pfingsten Partners portfolio company, announced the acquisition of The TNS Group, a leading IT services provider based in Stamford, CT. The acquisition strengthens and further expands Omega's footprint in the Northeast and key target industries, such as healthcare, fintech and non-profit. The TNS Group has been delivering the offices in Stamford, Fairhaven, MA, New York City, and with technology, IT consulting, and cybersecurity services for over 25 years. In contrast, Omega has over 700 mid-market and enterprise customers in financial services, manufacturing, healthcare, nonprofit, and state/local government across the United States. Bill Kiritsis, Omega Systems Founder & CEO, said, "The TNS Group is a valuable extension to our growing presence in the Northeast, and we're thrilled to welcome them to the Omega family." He further stated, "There are great synergies between our organizations – both in our corporate cultures and our commitment to customers – and we're eager to unite and accelerate our efforts to delivering the world-class IT, security and compliance services today's enterprises require." (Source – PR Web) TNS demonstrates Omega's third strategic acquisition in the past 12 months. Omega previously acquired PICS ITech and ACE IT Solutions, both in 2022. The company now employs over 185 total employees and a growing diverse managed services portfolio that includes managed IT compliance, managed cybersecurity, cloud hosting services, backup and disaster recovery, NOC and SOC services and strategic IT consulting. About Omega Systems Omega Systems is a major managed service provider (MSP) and managed security service provider (MSSP) for mid-sized businesses in the financial services, government, manufacturing, healthcare, and professional services industries. Omega's customer-first solutions are based on its approach to personalized service, designed to address the growing regulatory, compliance and data processing needs of the current highly regulated and security-conscious businesses. About The TNS Group The TNS Group, a Managed Service Provider (MSP), offers cloud solutions, managed security, business continuity, and IT consulting. Its portfolio of solutions helps develop business strategies through technology. It aims to bring value to its clients by simplifying innovative technologies and offering layers of expertise and flexibility to achieve overall goals. TNS serves clients in the fintech, healthcare, nonprofit and shipping/distribution industries.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Cloudflare Announces New Suite of Email Security and Data Protection Solutions

Cloudflare | January 12, 2023

On 11 Jan 2023, Cloudflare, Inc., a leading cybersecurity solutions provider focused on building a better internet, announced multiple new Zero Trust email security tools, compatible with any email provider. The solution prevents sensitive data exfiltration via email, guard employees against multichannel phishing attacks, and help businesses simplify and accelerate deployments. Cloudflare offers organizations simple and reliable phishing and malware protection that is deeply incorporated with its Zero Trust platform, helping organizations secure all their data and applications. “You can’t have a complete Zero Trust solution without securing email, given that a huge proportion of all cyberattacks begin with phishing,” stated the Co-Founder and CEO of Cloudflare, Matthew Prince. “In 2022, Cloudflare Area 1 identified and kept almost 2.3 billion unwanted messages out of customer inboxes. Today we’re filling a void in the marketplace that has been underinvested in for the last ten years, with the first set of deeply integrated solutions that bring together Cloudflare Area 1 email security and our Zero Trust platform,” he added. (Source: Businesswire) Email is one of the most pervasive and exploited tools used by businesses daily. According to the FBI’s most recent Internet Crime Report, email account compromise and business email compromise led to U.S. companies losing nearly US$ 2.4 billion. In addition, email is one of the most complex tools for businesses to secure, involving a massive drain on IT team resources, multiple vendors, and complex deployments. Cloudflare’s Zero Trust SASE platform will allow customers to deploy email security and data protection tools that are comprehensively linked with their current security stack and compatible with any email service provider. Cloudflare One offers a comprehensive Zero Trust SASE platform that is built into Cloudflare’s global network, which spans over 275 cities in over 100 countries. This deeply embedded approach makes it easy to set up in just a few clicks without switching email providers. With Cloudflare Area 1’s new solutions, companies can automatically isolate questionable email attachments and links, identify and prevent data leaks, and rapidly onboard new Microsoft 365 domains. About Cloudflare Headquartered in San Francisco, California, Cloudflare safeguards and speed up any Internet-based application without installing software, adding hardware, or modifying a single line of code. As a result, the company’s clients experience significant improvement in performance and a reduction in spam and other attacks. Founded in 2009, the organization ranks amongst the 50 most innovative companies worldwide by Fast Company, is acknowledged by the World Economic Forum as a Technology Pioneer, and has been named the Most Innovative Network & Internet Technology Company for two consecutive years by the Wall Street Journal.

Read More