Home > News > featured news > Security Tops Retailers’ Wish Lists this Holiday Season

Data Security

Security Tops Retailers’ Wish Lists this Holiday Season

Futurex | November 17, 2021

Security Tops Retailers
Record sales expected in 2021, along with hackers; Futurex recommends point-to-point encryption for retailers to protect cardholder data

BULVERDE, Texas, November 17, 2021 — As we enter the biggest retail season of the year, transactions are increasing, as are the numbers of hackers and skimmers — targeting shoppers’ cardholder data. The last thing retailers need to worry about is cyber threats that lead to ransomware or data breaches, as they welcome shoppers and juggle supply chain disruptions. Futurex, a leader in hardened, enterprise-class data security solutions, recommends retailers implement point-to-point encryption (P2PE) to encrypt cardholder data at the point of sale to keep it safe from malware that might be spying on network traffic and capturing credit card numbers. Futurex secures transactions for several of the nation’s largest retailers, protecting shoppers’ sensitive cardholder data and payment information.

U.S. retail sales now through December are expected to grow 10.5% to a record $859 billion, compared to 2020, according to the National Retail Federation. Meanwhile, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned about the increase of cyber threats, including ransomware, around the holidays.

“Behind every gift, every purchase, and every payment, retailers and consumers depend on secure transactions to protect payment information,” said Ryan Smith, vice president, global business development, at Futurex. “As the critical security backbone of the global financial ecosystem, we work with the world’s largest retailers and financial institutions to safeguard data in transit and at rest."

The use of hardware security modules (HSMs) in transaction processing is critical, as payment HSMs provide the cryptographic functions needed to support end-to-end data security, including encryption and cryptography key management. In a compliant P2PE environment, sensitive data is encrypted from the point of interaction and decrypted only within the secure boundary of a FIPS 140-2 Level 3 or PCI HSM-validated HSM. Learn more about point-to-point encryption.

About Futurex
For more than 40 years, Futurex has been a trusted provider of hardened, enterprise-class data security solutions. More than 15,000 organizations worldwide, including financial services providers and corporate enterprises, have used Futurex’s innovative hardware security modules, key management servers, and enterprise-class cloud solutions to address their mission-critical systems, data security, and cryptographic needs. This includes the secure encryption, storage, transmission, and certification of sensitive data. For more information, please visit futurex.com.

Spotlight

Cloud Pak for Security: Introduction to Cloud Pak for Security

This is an introductory video for Cloud Pak for Security. Cloud Pak for Security is based on Open Shift technology. This means that it can be installed on-prem as well as on any of the cloud solutions like IBM Cloud, AWS, Microsoft Azure, Google Cloud etc. QRadar XDR is SIEM of SIEM. Typically in huge environments, there are multiple SIEMs being used. To get a birds eye view of the complete environment, the data needs to be copied from one SIEM to another. Rather than this, CP4S can be leveraged in such a scenario. The data does not need to move from SIEM to CP4S and still CP4S is capable to understand the security posture of an organisation, understand risk valuation, create and manage incidents based on the rich data and threat intel sources.

More featured news

Spotlight

Cloud Pak for Security: Introduction to Cloud Pak for Security

This is an introductory video for Cloud Pak for Security. Cloud Pak for Security is based on Open Shift technology. This means that it can be installed on-prem as well as on any of the cloud solutions like IBM Cloud, AWS, Microsoft Azure, Google Cloud etc. QRadar XDR is SIEM of SIEM. Typically in huge environments, there are multiple SIEMs being used. To get a birds eye view of the complete environment, the data needs to be copied from one SIEM to another. Rather than this, CP4S can be leveraged in such a scenario. The data does not need to move from SIEM to CP4S and still CP4S is capable to understand the security posture of an organisation, understand risk valuation, create and manage incidents based on the rich data and threat intel sources.

Related News

Enterprise Security, Platform Security, Software Security

SecurityScorecard Launches Managed Cyber Risk Services to Mitigate Zero-Day and Critical Supply Chain Vulnerabilities

Business Wire | August 08, 2023

SecurityScorecard today announced new partner-focused Managed Cyber Risk Services designed to help customers of all types and sizes operationalize third-party cyber risk management. With 98% of organizations having a relationship with at least one-third party that experienced a breach, SecurityScorecard combines its industry-leading platform and experts to solve the third-party cyber risk puzzle. “Many CISOs are challenged with manual third-party risk approaches that are inconsistent and focused on checkbox compliance. Customers consistently shared that they need a way to operationalize third- and fourth-party cyber risk management,” said Aleksandr Yampolskiy, CEO and Co-Founder, SecurityScorecard. “Today, SecurityScorecard is meeting that customer need. The next evolution of security ratings will focus on operationalizing cyber risk management and threat intelligence to directly impact our customers’ ability to deliver on their mission.” Industry-first integrated security ratings platform + third-party managed cyber risk services approach SecurityScorecard’s offering is unique in the market as the only solution of its kind to combine Managed Cyber Risk Services with a complete, battle-tested product suite of solutions. With over 3,000 customers across the globe, SecurityScorecard Managed Cyber Risk Services was developed with customers and will be delivered by partners to achieve strategic business and security outcomes, including: Identifies and mitigates third-party cyber risk: Dynamically discovers risk across a customer’s attack surface, including their third- and fourth-party ecosystem, to dramatically reduce the risk of a compromise. Verifies that vendors’ vulnerabilities or other security issues are remediated. Addresses cybersecurity skills gap: Improves the capacity of customers’ security teams. SecurityScorecard works hand-in-hand with customers or through partners to deliver the strategic and tactical capabilities needed to maximize the value of the SecurityScorecard platform. Manages third- and fourth-party risk portfolio: Continuous monitoring, investigation, and analysis of risk indicators with centralized threat intelligence. Proactively identifies cyber threats across a customer’s unique attack surface. Manages alerts for customers. Makes security ratings more actionable: Incorporates business context to drive decisions. Deploys best practices to improve security posture. Proven playbooks proactively protect customers and support incident response if an incident occurs. Verifies contract compliance: Streamlines contract security compliance through a defensible, traceable process. Proactively manages vendor communication, questionnaires, and escalation management. Tracks issues resolved: Measures results based on trusted analysis, timely delivery, and empowering guidance. Estimates time saved to demonstrate return on investment. Enhances board reporting: Effectively communicates third-party cyber risk and benchmarks against peers. Customers also have the flexibility to run their own research, reports, and investigations. Delivers peace of mind: Ensures customers’ third-party risk management program is handled by the best and brightest minds in the industry. SecurityScorecard solves complex customers’ challenges by evaluating, improving, and implementing their third-party cyber risk programs. SecurityScorecard Managed Cyber Risk Services are directly connected to the SecurityScorecard Platform, allowing drill down into specific portfolios, companies, findings, and issues. Built on an API-first architecture, data can be directly ingested into their own security stack and reporting tools or integrate into their preferred MSSP or services provider to achieve improved security and business outcomes. SecurityScorecard adds former Mandiant leader to the executive team With the acquisition of LIFARS in 2022, SecurityScorecard gained a team of elite cybersecurity risk experts. Then in July 2023, the company appointed cybersecurity veteran and former Mandiant leader Jeff Laskowski as Senior Vice President and General Manager of Professional Services. “Over the past year, SecurityScorecard has delivered several innovative solutions to the market: The world’s first third-party focused attack surface management solution. Automatic vendor detection to identify unknown third- and fourth parties connected to their business. Risk quantification technology that helps risk management teams understand their financial exposure,” said Jeff Laskowski, Senior Vice President & General Manager, Professional Services, SecurityScorecard. “As we consolidate adjacent solutions into our platform, combined with expert services, we not only help our customers build economic efficiencies but also effectively mitigate third-party risk.” Partner-focused approach closes third-party cyber risk gaps for customers SecurityScorecard’s partner-focused managed services approach enables customers to leverage SecurityScorecard experts and a broad ecosystem of service delivery partners. This approach amplifies the benefits of the SecurityScorecard platform, gaining the economic benefits of scale and further enhancing customer relationships with service providers. In addition, partners that leverage the “Powered by SecurityScorecard" brand will deliver the fastest time to value to their customers and ensure they are providing the gold standard of service based on SecurityScorecard’s decade of experience in third-party cyber risk management. “Operationalizing third-party cyber risk management requires a specialized and skilled workforce. Many organizations struggle with lack of visibility into their vendor landscape, questionnaires, threats, and financial impact of risks,” said Larry Slusser, Vice President, Global Head of Professional Services Delivery, SecurityScorecard. “By applying the principles of incident response to vendor risk management, customers can take charge with a turn-key, proactive, and comprehensive program designed to eliminate business disruption and drive cyber resilience.” About SecurityScorecard Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard makes the world safer by transforming how companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. SecurityScorecard is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.

Read More

Enterprise Security, Platform Security, Software Security

Contrast Security Releases Assess Feature for LLMs to Protect Against AI Security Threats

PR Newswire | August 07, 2023

Contrast Security (Contrast), the code security platform built for developers and trusted by security, today announced it will extend its market-leading application security testing (AST) platform to support testing of Large Language Models (LLMs) from OpenAI. In this first release, Contrast rules help teams that are developing software using the OpenAI application programming interface (API) set to identify and mitigate weaknesses that could expose an organization to prompt injection vulnerabilities: i.e., attacks involving injection of a prompt that deceives the application into executing unauthorized code. Prompt injection was identified as the top risk for LLM applications by the just-released OWASP 10 Top for Large Language Model Applications project. Contrast has continued to support OWASP's mission to improve Application Security (AppSec): In fact, Contrast's Chief Product Officer Steve Wilson led the 400-person volunteer team that created the OWASP Top 10 for LLMs. "As project lead for the new OWASP Top 10 for LLMs, I can say our group looked deeply at many attack vectors against LLMs. Prompt Injection repeatedly rose to the top of the list in our expert group voting for the most important vulnerability," said Wilson. "Contrast is the first security solution to respond to this new industry standard list by delivering this capability. Organizations can now identify susceptible data flows to their LLMs, providing security with the visibility needed to identify risks and prevent unintended exposure." According to the OWASP Top 10 for LLMs, a prompt injection vulnerability allows an attacker to craft inputs that can manipulate the operation of a trusted LLM. This results in the LLM acting as a "confused deputy" on behalf of the attacker. Given the high degree of trust usually associated with an LLM's output, the manipulated responses may go unnoticed and may even be trusted by the user, allowing the attack to potentially poison search results, deliver incorrect or malicious responses, produce malicious code, circumvent content filters, or to leak sensitive data. Prompt injections can be introduced via various avenues, including websites, emails, documents or any other data source that an LLM might rely on. Contrast is ideal for identifying all types of injection accurately, including this new form of AI prompt injection. Contrast uses runtime security to monitor actual application behavior and detect vulnerabilities, rather than scanning source code or simulating attacks. This approach is fast, easy and highly accurate, ensuring that developers are instantly notified of issues and provided all the information they need to correct problems. User input sent through OpenAI's official Python API to an LLM in a Python agent-instrumented application triggers the prompt injection rule. About Contrast Security Contrast is a world-leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete Software Development Life Cycle (SDLC) with Contrast to protect against today's targeted AppSec attacks. Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today's pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of Common Vulnerabilities and Exposures (CVEs). This allows security teams to avoid spending time focusing on false positives, leaving them more time to remediate true vulnerabilities faster. Contrast's platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance. Contrast protects against major cybersecurity attacks for its customer base, which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, Sompo Japan and the American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM, GuidePoint Security, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers. The growing demand for the world's only platform for code security has landed the company on some of the most prestigious lists, including the Inc. 5000 List of America's Fastest-Growing Companies and the Deloitte Technology Fast 500 List of fastest-growing companies.

Read More

Data Security

Oracle Attempts to Design New Open Network and Data Security Standard

Oracle | September 20, 2023

Oracle to participate in an industry-wide initiative to design a new open network and data security standard. Oracle and Applied Invention are assisting to developing and promoting a novel network and data-centric security standard to tackle distributed cloud deployment challenges. This standard will enable organizations to protect their data throughout its entire lifecycle without requiring modifications to their distributed cloud environments' underlying architecture. Oracle, one of the world's largest database management companies, announced that it will participate in an industry-wide initiative to design a new open network and data security standards that will assist organizations in protecting their data in distributed IT environments. Oracle will collaborate with Applied Invention, a significant technology provider, and other industry leaders, including Nomura Research Institute, Ltd. (NRI), a global leader in consulting and system solutions. This new standard will enable networks to enforce shared security policies collectively, thereby augmenting the security architecture organizations already employ without requiring modifications to existing applications and networks. Oracle plans to launch the Oracle Zero-Trust Packet Routing Platform, based on the new standard, to support this new initiative. This platform will assist organizations in preventing illegal access or use of their data without imposing additional obstacles on legitimate activities. Executive Vice President of Security and Developer Platforms at Oracle Cloud Infrastructure, Mahesh Thiagarajan, said, Over the last 20 years, the cybersecurity industry has produced many incremental changes, but we need a fundamentally novel approach to protect our data in the increasingly complex cloud era. Organizations require a way to describe their data security policies in one place where they can be easily understood and audited, and they need a way to make sure those policies are enforced across their entire computing infrastructure, including their clouds. [Source – Cision PR Newswire] As the adoption of cloud technology rises and IT landscapes become more intricate with distributed cloud deployments, organizations face escalating challenges in safeguarding their data using conventional methods and tools. For example, many existing systems necessitate security teams to orchestrate disparate solutions across various facets, including database, application, network, and identity security. This complexity is further compounded when applied across diverse environments. Ensuring seamless collaboration among these solutions becomes a formidable task due to the dynamic and independent changes in applications, environments, and user profiles. Additionally, current security systems demand extensive configurations to accurately distinguish between different user categories, such as full-time employees and contractors, without compromising security or restricting access. Research Vice President of Cloud and Edge Infrastructure Services at IDC, Dave McCarthy, said, The new standard Oracle develop has the potential to change all of that by adding a unified layer of security on top of existing solutions. Building data protection policies into the network itself will assist users get the access they require while ensuring the data remains secure behind the scenes. [Source – Cision PR Newswire] Oracle and Applied Invention are assisting in designing and promoting a novel security standard, focusing on network and data-centric security, which aims to tackle these challenges. This innovative standard will empower organizations to safeguard their data across its entire lifecycle, including distributed cloud environments. To accomplish this, the standard will implement an intent-based security policy that is designed to be understandable, auditable, and interpretable by humans. This intent-driven approach will be put into practice at the network layer, ensuring that every data transmission contains authenticated attributes concerning the sender, receiver, and the nature of the data in transit.

Read More

Enterprise Security, Platform Security, Software Security

SecurityScorecard Launches Managed Cyber Risk Services to Mitigate Zero-Day and Critical Supply Chain Vulnerabilities

Business Wire | August 08, 2023

SecurityScorecard today announced new partner-focused Managed Cyber Risk Services designed to help customers of all types and sizes operationalize third-party cyber risk management. With 98% of organizations having a relationship with at least one-third party that experienced a breach, SecurityScorecard combines its industry-leading platform and experts to solve the third-party cyber risk puzzle. “Many CISOs are challenged with manual third-party risk approaches that are inconsistent and focused on checkbox compliance. Customers consistently shared that they need a way to operationalize third- and fourth-party cyber risk management,” said Aleksandr Yampolskiy, CEO and Co-Founder, SecurityScorecard. “Today, SecurityScorecard is meeting that customer need. The next evolution of security ratings will focus on operationalizing cyber risk management and threat intelligence to directly impact our customers’ ability to deliver on their mission.” Industry-first integrated security ratings platform + third-party managed cyber risk services approach SecurityScorecard’s offering is unique in the market as the only solution of its kind to combine Managed Cyber Risk Services with a complete, battle-tested product suite of solutions. With over 3,000 customers across the globe, SecurityScorecard Managed Cyber Risk Services was developed with customers and will be delivered by partners to achieve strategic business and security outcomes, including: Identifies and mitigates third-party cyber risk: Dynamically discovers risk across a customer’s attack surface, including their third- and fourth-party ecosystem, to dramatically reduce the risk of a compromise. Verifies that vendors’ vulnerabilities or other security issues are remediated. Addresses cybersecurity skills gap: Improves the capacity of customers’ security teams. SecurityScorecard works hand-in-hand with customers or through partners to deliver the strategic and tactical capabilities needed to maximize the value of the SecurityScorecard platform. Manages third- and fourth-party risk portfolio: Continuous monitoring, investigation, and analysis of risk indicators with centralized threat intelligence. Proactively identifies cyber threats across a customer’s unique attack surface. Manages alerts for customers. Makes security ratings more actionable: Incorporates business context to drive decisions. Deploys best practices to improve security posture. Proven playbooks proactively protect customers and support incident response if an incident occurs. Verifies contract compliance: Streamlines contract security compliance through a defensible, traceable process. Proactively manages vendor communication, questionnaires, and escalation management. Tracks issues resolved: Measures results based on trusted analysis, timely delivery, and empowering guidance. Estimates time saved to demonstrate return on investment. Enhances board reporting: Effectively communicates third-party cyber risk and benchmarks against peers. Customers also have the flexibility to run their own research, reports, and investigations. Delivers peace of mind: Ensures customers’ third-party risk management program is handled by the best and brightest minds in the industry. SecurityScorecard solves complex customers’ challenges by evaluating, improving, and implementing their third-party cyber risk programs. SecurityScorecard Managed Cyber Risk Services are directly connected to the SecurityScorecard Platform, allowing drill down into specific portfolios, companies, findings, and issues. Built on an API-first architecture, data can be directly ingested into their own security stack and reporting tools or integrate into their preferred MSSP or services provider to achieve improved security and business outcomes. SecurityScorecard adds former Mandiant leader to the executive team With the acquisition of LIFARS in 2022, SecurityScorecard gained a team of elite cybersecurity risk experts. Then in July 2023, the company appointed cybersecurity veteran and former Mandiant leader Jeff Laskowski as Senior Vice President and General Manager of Professional Services. “Over the past year, SecurityScorecard has delivered several innovative solutions to the market: The world’s first third-party focused attack surface management solution. Automatic vendor detection to identify unknown third- and fourth parties connected to their business. Risk quantification technology that helps risk management teams understand their financial exposure,” said Jeff Laskowski, Senior Vice President & General Manager, Professional Services, SecurityScorecard. “As we consolidate adjacent solutions into our platform, combined with expert services, we not only help our customers build economic efficiencies but also effectively mitigate third-party risk.” Partner-focused approach closes third-party cyber risk gaps for customers SecurityScorecard’s partner-focused managed services approach enables customers to leverage SecurityScorecard experts and a broad ecosystem of service delivery partners. This approach amplifies the benefits of the SecurityScorecard platform, gaining the economic benefits of scale and further enhancing customer relationships with service providers. In addition, partners that leverage the “Powered by SecurityScorecard" brand will deliver the fastest time to value to their customers and ensure they are providing the gold standard of service based on SecurityScorecard’s decade of experience in third-party cyber risk management. “Operationalizing third-party cyber risk management requires a specialized and skilled workforce. Many organizations struggle with lack of visibility into their vendor landscape, questionnaires, threats, and financial impact of risks,” said Larry Slusser, Vice President, Global Head of Professional Services Delivery, SecurityScorecard. “By applying the principles of incident response to vendor risk management, customers can take charge with a turn-key, proactive, and comprehensive program designed to eliminate business disruption and drive cyber resilience.” About SecurityScorecard Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard makes the world safer by transforming how companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. SecurityScorecard is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.

Read More

Enterprise Security, Platform Security, Software Security

Contrast Security Releases Assess Feature for LLMs to Protect Against AI Security Threats

PR Newswire | August 07, 2023

Contrast Security (Contrast), the code security platform built for developers and trusted by security, today announced it will extend its market-leading application security testing (AST) platform to support testing of Large Language Models (LLMs) from OpenAI. In this first release, Contrast rules help teams that are developing software using the OpenAI application programming interface (API) set to identify and mitigate weaknesses that could expose an organization to prompt injection vulnerabilities: i.e., attacks involving injection of a prompt that deceives the application into executing unauthorized code. Prompt injection was identified as the top risk for LLM applications by the just-released OWASP 10 Top for Large Language Model Applications project. Contrast has continued to support OWASP's mission to improve Application Security (AppSec): In fact, Contrast's Chief Product Officer Steve Wilson led the 400-person volunteer team that created the OWASP Top 10 for LLMs. "As project lead for the new OWASP Top 10 for LLMs, I can say our group looked deeply at many attack vectors against LLMs. Prompt Injection repeatedly rose to the top of the list in our expert group voting for the most important vulnerability," said Wilson. "Contrast is the first security solution to respond to this new industry standard list by delivering this capability. Organizations can now identify susceptible data flows to their LLMs, providing security with the visibility needed to identify risks and prevent unintended exposure." According to the OWASP Top 10 for LLMs, a prompt injection vulnerability allows an attacker to craft inputs that can manipulate the operation of a trusted LLM. This results in the LLM acting as a "confused deputy" on behalf of the attacker. Given the high degree of trust usually associated with an LLM's output, the manipulated responses may go unnoticed and may even be trusted by the user, allowing the attack to potentially poison search results, deliver incorrect or malicious responses, produce malicious code, circumvent content filters, or to leak sensitive data. Prompt injections can be introduced via various avenues, including websites, emails, documents or any other data source that an LLM might rely on. Contrast is ideal for identifying all types of injection accurately, including this new form of AI prompt injection. Contrast uses runtime security to monitor actual application behavior and detect vulnerabilities, rather than scanning source code or simulating attacks. This approach is fast, easy and highly accurate, ensuring that developers are instantly notified of issues and provided all the information they need to correct problems. User input sent through OpenAI's official Python API to an LLM in a Python agent-instrumented application triggers the prompt injection rule. About Contrast Security Contrast is a world-leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete Software Development Life Cycle (SDLC) with Contrast to protect against today's targeted AppSec attacks. Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today's pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of Common Vulnerabilities and Exposures (CVEs). This allows security teams to avoid spending time focusing on false positives, leaving them more time to remediate true vulnerabilities faster. Contrast's platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance. Contrast protects against major cybersecurity attacks for its customer base, which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, Sompo Japan and the American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM, GuidePoint Security, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers. The growing demand for the world's only platform for code security has landed the company on some of the most prestigious lists, including the Inc. 5000 List of America's Fastest-Growing Companies and the Deloitte Technology Fast 500 List of fastest-growing companies.

Read More

Data Security

Oracle Attempts to Design New Open Network and Data Security Standard

Oracle | September 20, 2023

Oracle to participate in an industry-wide initiative to design a new open network and data security standard. Oracle and Applied Invention are assisting to developing and promoting a novel network and data-centric security standard to tackle distributed cloud deployment challenges. This standard will enable organizations to protect their data throughout its entire lifecycle without requiring modifications to their distributed cloud environments' underlying architecture. Oracle, one of the world's largest database management companies, announced that it will participate in an industry-wide initiative to design a new open network and data security standards that will assist organizations in protecting their data in distributed IT environments. Oracle will collaborate with Applied Invention, a significant technology provider, and other industry leaders, including Nomura Research Institute, Ltd. (NRI), a global leader in consulting and system solutions. This new standard will enable networks to enforce shared security policies collectively, thereby augmenting the security architecture organizations already employ without requiring modifications to existing applications and networks. Oracle plans to launch the Oracle Zero-Trust Packet Routing Platform, based on the new standard, to support this new initiative. This platform will assist organizations in preventing illegal access or use of their data without imposing additional obstacles on legitimate activities. Executive Vice President of Security and Developer Platforms at Oracle Cloud Infrastructure, Mahesh Thiagarajan, said, Over the last 20 years, the cybersecurity industry has produced many incremental changes, but we need a fundamentally novel approach to protect our data in the increasingly complex cloud era. Organizations require a way to describe their data security policies in one place where they can be easily understood and audited, and they need a way to make sure those policies are enforced across their entire computing infrastructure, including their clouds. [Source – Cision PR Newswire] As the adoption of cloud technology rises and IT landscapes become more intricate with distributed cloud deployments, organizations face escalating challenges in safeguarding their data using conventional methods and tools. For example, many existing systems necessitate security teams to orchestrate disparate solutions across various facets, including database, application, network, and identity security. This complexity is further compounded when applied across diverse environments. Ensuring seamless collaboration among these solutions becomes a formidable task due to the dynamic and independent changes in applications, environments, and user profiles. Additionally, current security systems demand extensive configurations to accurately distinguish between different user categories, such as full-time employees and contractors, without compromising security or restricting access. Research Vice President of Cloud and Edge Infrastructure Services at IDC, Dave McCarthy, said, The new standard Oracle develop has the potential to change all of that by adding a unified layer of security on top of existing solutions. Building data protection policies into the network itself will assist users get the access they require while ensuring the data remains secure behind the scenes. [Source – Cision PR Newswire] Oracle and Applied Invention are assisting in designing and promoting a novel security standard, focusing on network and data-centric security, which aims to tackle these challenges. This innovative standard will empower organizations to safeguard their data across its entire lifecycle, including distributed cloud environments. To accomplish this, the standard will implement an intent-based security policy that is designed to be understandable, auditable, and interpretable by humans. This intent-driven approach will be put into practice at the network layer, ensuring that every data transmission contains authenticated attributes concerning the sender, receiver, and the nature of the data in transit.

Read More

More featured news