DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Sevco Security | December 14, 2022
Sevco Security, the cloud-native security asset intelligence platform for enterprises that want an accurate IT inventory, today introduced the industry’s first cybersecurity asset attack surface analytics dashboards. The new dashboards extend the Sevco platform to give CISO and IT leaders deep insights into the security coverage and state of their IT assets, enabling security teams to identify and eliminate security gaps in the enterprise cyberattack surface.
Enterprise environments increasingly include a wide range of hardware, software, mobile devices, cloud infrastructure, and other IT assets as the fundamental backbone for operating the business and engaging with customers. However, with management of assets often spread across departments and geographies, it has become increasingly difficult for executive leadership to understand the security state of all their assets and to maintain accuracy in a dynamic environment. Equally challenging is the inability to gain insights into abandoned or stale IT assets to effectively mitigate the security risks that they introduce.
Complex enterprise environments are increasingly experiencing incomplete security coverage with upwards of 19% of assets that have missing or stale security controls like endpoint protection and patch management. The new Sevco Security dashboards fill a critical gap in cybersecurity attack surface management by providing context-based analysis of enterprise-wide assets that surfaces risks associated with IT hygiene, compliance, and policy enforcement.
“As organizations innovate and expand their asset footprint, they must have seamless visibility into the security state of their assets because they cannot manage what they cannot measure. “Sevco Security delivers the critical data for CISOs to thoroughly understand their cybersecurity asset attack surface and confidently report their defensive security posture to the board.”
J.J. Guy, co-founder and CEO of Sevco Security
With the new expansion to its platform, Sevco Security provides customers with data rich and customizable dashboard reports, including:
Provides critical insights on asset security controls, allowing customers to identify gaps in coverage and proactively protect the previously unknown attack surface. This also empowers companies to manage internal governance and regulatory compliance requirements to monitor and validate that their security investments are fully deployed.
Captures the detailed attributes of the assets across the infrastructure, such as IP address, user, and operating system so customers can quickly see the state of any device at any point of time. With asset snapshots, incident response and IT team members can quickly identify when an asset change occurred and manage decisions on restoring an asset to a previous state.
Enterprise assets are tracked on a daily trendline empowering IT and security leaders to gain context of what’s typical for their environment and to readily view spikes and outlier activity. Out-of-the-box trending data is automatically captured for total devices, new devices, inactive devices in the last 15 days, total users, and new users.
Custom, interactive dashboards:
In addition to the pre-built dashboards, users can create and save unlimited queries on their asset telemetry to produce customized insights dashboards. This puts asset data analysis at users’ fingertips, providing an easy way to obtain tailored insights in a top-level dashboard. All dashboards are interactive, allowing users to ‘click’ and drill deeper into the data for pinpoint clarity on a particular area of interest.
Complex asset environments are a normal operating fabric for businesses. Sevco Security is dedicated to helping organizations capture a comprehensive view of their asset ecosystem and readily identify and address any security risks they pose. The new cybersecurity asset attack surface dashboards are now available to customers.
Sevco Security is the cloud-native security asset management platform for enterprises that require an accurate IT inventory. Its patented telemetry technology creates a unified inventory that is updated continuously to deliver real-time asset intelligence and help security and IT teams identify and close their previously unknown security gaps. Founded in 2020 and based in Austin, Texas, Sevco is backed by SYN Ventures, .406 Ventures, Accomplice and Bill Wood Ventures.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Palo Alto Networks | December 05, 2022
As healthcare providers use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function. Today, Palo Alto Networks (NASDAQ: PANW) announced Medical IoT Security — the most comprehensive Zero Trust security solution for medical devices — enabling healthcare organizations to deploy and manage new connected technologies quickly and securely. Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by continuously verifying every user and device.
"The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organizations had known security gaps. "This makes security devices an attractive target for cyberattackers, potentially exposing patient data and ultimately putting patients at risk."
Anand Oswal, senior vice president of products, network security at Palo Alto Networks
While a Zero Trust approach is critical to help protect medical devices against today's innovative cyberthreats, it can be hard to implement in practice. Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a seamless, simplified manner. Medical IoT Security also provides best-in-class threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering.
The new Palo Alto Networks Medical IoT Security uses machine learning (ML) to enable healthcare organizations to:
Create device rules with automated security responses: Easily create rules that monitor devices for behavioral anomalies and automatically trigger appropriate responses. For example, if a medical device that typically only sends small amounts of data unexpectedly begins to use a lot of bandwidth, the device can be cut off from the internet and security teams can be alerted.
Automate Zero Trust policy recommendations and enforcement: Enforce recommended least-privileged access policies for medical devices with one click using Palo Alto Networks Next-Generation Firewalls or supported network enforcement technologies. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices with the same profile.
Understand device vulnerabilities and risk posture: Access each medical device's Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This mapping helps identify the software libraries used on medical devices and any associated vulnerabilities. Get immediate insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorized external website communication.
Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations.
Verify network segmentation: Visualize the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorized systems.
Simplify operations: Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, helps automate workflows.
Healthcare organizations are using Palo Alto Networks products to secure the devices that deliver cutting-edge care to millions of patients all over the world.
"Establishing and maintaining acute situational awareness of the Internet of Medical Things (IoMT) environment is paramount to establishing an effective enterprise cybersecurity program. The ability to accurately detect, identify and respond to cyber threats is critical to ensuring minimal operational impact to clinical operations during a cyber event," said Tony Lakin, CISO, Moffitt Cancer Center. "Palo Alto Networks IoT capability seamlessly integrates with our continuous monitoring processes and threat-hunting operations. The platform consistently provides my teams with actionable information to allow them to proactively manage the threat surface of our medical device portfolio."
"With thousands of devices to manage, healthcare environments are extremely complex and require intelligent security solutions capable of doing more. Palo Alto Networks understands this requirement and is leveraging machine learning (ML) for Medical IoT security. Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage," said Bob Laliberte, principal analyst, ESG.
"Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases. The ability to defend against threats targeting critical care devices while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is quickly becoming a necessity for the protection of patient data and lives," said Ed Lee, research director, IoT and Intelligent Edge Security, IDC.
About Palo Alto Networks
Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.
PLATFORM SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS
Skyhigh Security | December 28, 2022
Skyhigh security, a leading data security solutions provider, recently announced receiving Amazon Web Services (AWS) Security Competency accreditation in the infrastructure security industry. This distinction recognizes Skyhigh Security's extensive technical expertise in AWS and proven success in its ability to assist customers in achieving their cloud security objectives.
Achieving AWS Security Competency distinguishes Skyhigh Security as a member of the AWS Partner Network (APN) that offers specialized software to assist organizations in adopting, developing, and deploying complex security projects on AWS. To achieve the distinction, APN Partners must have in-depth knowledge of AWS and provide solutions on AWS effortlessly.
AWS delivers scalable, versatile, and cost-effective solutions to startups and large-sized organizations. To enable the seamless integration and implementation of these solutions, AWS launched the AWS Competency Program to assist customers in identifying consulting and technology APN Partners with extensive industry knowledge and expertise.
AWS users can buy the entire Security Service Edge (SSE) portfolio of Skyhigh Security through the AWS Marketplace, which enhances the efficiency of the procurement process and provides flexible licensing options. The company's SSE portfolio is cloud-native, designed from the bottom up with Zero Trust principles, and includes a unified data loss prevention and policy engine.
Skyhigh SSE contains, Skyhigh Cloud Access Security Broker, Skyhigh Secure Web Gateway, and Skyhigh Private Access, among other products, offering one of the most extensive portfolios in the market.
About Skyhigh Security
Based in California, U.S., Skyhigh Security, a provider of a complete, market-leading data security platform built on a modern cloud stack, focuses on helping customers protect the world's data. It protects businesses with data-aware and user-friendly cloud-native security solutions. Its industry-leading Security Service Edge (SSE) portfolio extends beyond data access and focuses on data use, enabling enterprises to communicate from any device and location without compromising security.