DATA SECURITY

SafeGuard Cyber provides Telegram users with first and only security and compliance solutions.

prnewswire | November 12, 2020

Shield Cyber, the main SaaS stage committed to dealing with the full lifecycle of computerized hazard assurance, today declared it presently conveys mechanized network safety and consistence controls for Telegram, the quick, basic, and free cloud-based informing application supported by monetary administrations and cryptographic money firms for business interchanges.

More organizations are going to versatile applications to complete work in manners that offer the least grating, particularly since the start of the COVID pandemic. Among these, Telegram has been a top pick of problematic monetary administrations and cryptographic money firms for its effortlessness, speed, adaptability, and inherent encryption. The application additionally bolsters organizations with the capacity to have gatherings of up to 200,000 clients, with help for photographs, recordings, and documents of any kind. Accordingly, Telegram has arisen in these enterprises as a favored option in contrast to Facebook-claimed WhatsApp.

"We serve a number of innovative financial services firms around the world that have embraced apps like Telegram," said SafeGuard Cyber CEO and Co-founder Jim Zuffoletti. "They're disrupting the finance sector, including how agile and responsive they can be in business communications."

Be that as it may, even scrambled portable talk channels are dependent upon security and administrative consistence concerns. Business interchanges stay powerless against skewer phishing, ransomware, and digital surveillance assaults. Monetary firms are additionally searching for approaches to diminish consistence hazards and guarantee lawful preparation.

Shield Cyber's new arrangement tends to these worries by expanding the stage's honor winning security and information misfortune anticipation abilities to Telegram messages. Organizations will presently have the option to catch Telegram content progressively, apply strategies, and naturally isolate messages that present information misfortune or consistence hazards.

"We recently surveyed more than 600 IT and security professionals and found the biggest security and compliance challenge is the use of unsanctioned apps," noted Otavio Freire, CTO and Co-founder of SafeGuard Cyber. "We're proud to give security and compliance teams at digital currency and new financial services providers a scalable solution to enable Telegram as a sanctioned channel. This new capability continues our mission of securing human connections no matter what digital channel they're in."

About SafeGuard Cyber SafeGuard Cyber is a Charlottesville, Virginia-based company with a cloud-based platform that empowers organizations to use social media and digital channels securely, compliantly, and at the scale of global business. With coverage across more than 50 channels, SafeGuard Cyber helps security, compliance, and marketing teams work better together to drive business forward.

Spotlight

42Crunch is the #1 API Security Platform To Test and Secure Your APIs. Our tools provide API security testing and runtime protection for your APIs.

Spotlight

42Crunch is the #1 API Security Platform To Test and Secure Your APIs. Our tools provide API security testing and runtime protection for your APIs.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Palo Alto Networks Announces Medical IoT Security to Protect Connected Devices Critical to Patient Care

Palo Alto Networks | December 05, 2022

As healthcare providers use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function. Today, Palo Alto Networks (NASDAQ: PANW) announced Medical IoT Security — the most comprehensive Zero Trust security solution for medical devices — enabling healthcare organizations to deploy and manage new connected technologies quickly and securely. Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by continuously verifying every user and device. "The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organizations had known security gaps. "This makes security devices an attractive target for cyberattackers, potentially exposing patient data and ultimately putting patients at risk." Anand Oswal, senior vice president of products, network security at Palo Alto Networks While a Zero Trust approach is critical to help protect medical devices against today's innovative cyberthreats, it can be hard to implement in practice. Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a seamless, simplified manner. Medical IoT Security also provides best-in-class threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering. The new Palo Alto Networks Medical IoT Security uses machine learning (ML) to enable healthcare organizations to: Create device rules with automated security responses: Easily create rules that monitor devices for behavioral anomalies and automatically trigger appropriate responses. For example, if a medical device that typically only sends small amounts of data unexpectedly begins to use a lot of bandwidth, the device can be cut off from the internet and security teams can be alerted. Automate Zero Trust policy recommendations and enforcement: Enforce recommended least-privileged access policies for medical devices with one click using Palo Alto Networks Next-Generation Firewalls or supported network enforcement technologies. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices with the same profile. Understand device vulnerabilities and risk posture: Access each medical device's Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This mapping helps identify the software libraries used on medical devices and any associated vulnerabilities. Get immediate insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorized external website communication. Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations. Verify network segmentation: Visualize the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorized systems. Simplify operations: Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, helps automate workflows. Healthcare organizations are using Palo Alto Networks products to secure the devices that deliver cutting-edge care to millions of patients all over the world. "Establishing and maintaining acute situational awareness of the Internet of Medical Things (IoMT) environment is paramount to establishing an effective enterprise cybersecurity program. The ability to accurately detect, identify and respond to cyber threats is critical to ensuring minimal operational impact to clinical operations during a cyber event," said Tony Lakin, CISO, Moffitt Cancer Center. "Palo Alto Networks IoT capability seamlessly integrates with our continuous monitoring processes and threat-hunting operations. The platform consistently provides my teams with actionable information to allow them to proactively manage the threat surface of our medical device portfolio." "With thousands of devices to manage, healthcare environments are extremely complex and require intelligent security solutions capable of doing more. Palo Alto Networks understands this requirement and is leveraging machine learning (ML) for Medical IoT security. Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage," said Bob Laliberte, principal analyst, ESG. "Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases. The ability to defend against threats targeting critical care devices while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is quickly becoming a necessity for the protection of patient data and lives," said Ed Lee, research director, IoT and Intelligent Edge Security, IDC. About Palo Alto Networks Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

Read More

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Searchlight Security Launches New Ransomware Group Module With Threat Intelligence from the Dark Web

Searchlight Security | December 16, 2022

Searchlight Security, the dark web intelligence company, has today launched Ransomware Search and Insights, a new strategic enhancement to its Cerberus platform. Ransomware Search and Insights automatically collates data from active ransomware groups to help organizations and law enforcement agencies to investigate, track, and gather intelligence on live ransomware activity. This curated view of ransomware groups means that patterns in tactics, incidents, and victimology can be observed in real-time, helping analysts to bolster their threat intelligence, and gain the upper hand on ransomware groups. "Although ransomware has been one of the most pressing threats for several years, it still remains persistent because security teams and law enforcement agencies have been on the back foot, playing catch-up with the ever changing tactics and profiles of ransomware groups. “With visibility into the dark web presence of active ransomware threat actors, analysts can better understand how they are currently operating, therefore gaining a critical advantage over groups.” Dr. Gareth Owenson, Co-Founder and CTO of Searchlight Security Enabling Enterprises to Pre-empt Attacks Ransomware Search and Insights allows organizations to observe the victims of threat actors, posts on leak sites, and track known group members, all in one place - significantly reducing time and resources spent individually researching each threat group. With previously unseen insight into ransomware activity as it is happening, they can also identify which ransomware groups are targeting organizations that match their profile (e.g. industry, geography, business size) and tailor their defenses with a better understanding of which group is most likely to attack them. Empowering Law Enforcement Cerberus’ Ransomware Search and Insights provides investigators with the most up-to-date intelligence for their fight back against cybercrime. Ransomware groups pose a significant risk to national security through the persistent threat to critical infrastructure. As ransomware groups use the dark web to conduct their campaigns with impunity, tracking the activity of prolific threat actors on marketplaces and forums can help law enforcement agencies’ efforts to disrupt and take down these groups. “The Ransomware Search and Insights module was born from our work with national law enforcement agencies who require real-time insights to investigate and take down ransomware groups. We have listened to and collaborated with them to address these needs and bring the next evolution of threat hunting to life,” explained Dr. Gareth Owenson, Co-Founder and CTO of Searchlight Security. “Investigators can now work smarter, not harder, with live intelligence on ransomware operators collated and delivered to them.” Ransomware Intelligence for MSSPs Dark web monitoring is emerging as one of the fastest growing offerings amongst Managed Security Service Providers (MSSPs), driven in no small part by increased customer demand to stay one step ahead of attackers and prevent disruptive ransomware incidents. Ransomware Search and Insights provides MSSPs with a valuable tool that integrates into their existing offering, with the ability to deliver easy-to-digest overviews of ransomware activity to customers, or action intelligence internally to protect their client base from emerging threats. Ransomware Search and Insights is now available on Cerberus. For more information on the threat intelligence that can be gathered from Ransomware Search and Insights, download our free report: Dark Web Profiles: The Most Prolific Ransomware Groups of 2022. About Searchlight Security Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Neosec Introduces Automated Tokenization to Enable Full API Visibility Without Exposure of Sensitive Data

Neosec | November 16, 2022

Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to enable organizations to fully see and store API data, removing the possibility of keeping sensitive data at-rest. Today, many organizations are blind to the threats lurking within their API traffic. Even worse, organizations are forced to implement basic logging of its API traffic that doesn't contain the meaningful information about who accessed, what records were accessed or manipulated and how. There exists a justified fear of logging sensitive data or being out of compliance, and with the lack of technology that can perform it at scale, they prefer to log with low fidelity. Those logs tell you that "somebody modified or accessed a record" but typically don't disclose who accessed it, which record, or what action was performed. This decision also results in a downstream issue of "insufficient logging", which is noted by the Open Web Application Security Project as one of the top security problems in its 2021 OWASP API Top 10. "Insufficient logging" is poor for incident forensics and, in practice, means that you can't detect abuse or investigate a case, even if you know it happened. Tokenization is the process of substituting a sensitive data element, like a credit card number, for a non-sensitive equivalent that has no intrinsic or exploitable value or meaning. Neosec's automated tokenization is part of its 'privacy by design' philosophy and is already deployed successfully at customers around the world in financial services, insurance and hospitality companies among others. The process allows retaining tokenized API activity data for the purposes of performing true behavioral analytics over time, ensures that sensitive data is never stored at rest, and enables only the customer to de-tokenize, based on the strictest data privacy practices. "Solving API security starts with basic visibility and the ability to see how the APIs are used. The problem is that virtually every company logs API activity with low fidelity that doesn't enable this basic visibility. "In order to perform true behavioral analytics and investigate cases you must store and examine historical data. But if this analysis is performed on un-tokenized data you risk storing PII and creating compliance issues. Neosec successfully retains all API activity data, in the highest fidelity, and ensures it meets data privacy standards." Giora Engel, co-founder and chief executive officer, Neosec This focus on data and the visibility it brings is what previously defined the creation of the EDR (Endpoint Detection & Response) security space. "Trying to implement API security without enabling basic visibility of activity is like going back to the antivirus age before the advent of EDR. Visibility into API activity allows you to detect threats, understand behavior, investigate and remediate" said Engel. The Neosec API security solution discovers and maintains an up-to-date inventory of all APIs in use by an organization and then uses machine learning and behavioral analytics on tokenized data to find fraud and abuse by third parties and attackers. Neosec also enables proactive API threat hunting and investigations without storing any sensitive data. The automated API data tokenization is now a capability of the Neosec platform and is fully available. There is no extra cost for use of this unique capability. About Neosec Neosec is re-inventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities together with a team of expert threat hunters. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel.

Read More