NETWORK THREAT DETECTION

Solvo ReInvents Cloud Identity and Access Management with IAMagnifier

Solvo | November 30, 2021

Solvo ReInvents Cloud Identity and Access Management with IAMagnifier
Solvo, a security automation enabler for cloud development and production environments", announced today the availability of its "IAMagnifier" – a cloud SaaS security platform, enabling developers, DevOps and cybersecurity stakeholders working in cloud development environments to reduce potential cybersecurity threats caused by misconfigured access permissions to cloud assets.

To truly enable a secured, yet productive development environment, a "least-privileged" permission mechanism should be employed – by using this methodology, the access level for each asset is defined by answering the question "How can I prevent access to that asset from anyone or anything other than anyone or anything that is supposed to access it to perform their intended task?".

Today, security-minded developers and security stakeholders within the organization had to manually inspect security permissions configurations for each asset, compare the permission levels found within the specific asset's configuration to the permission level stated by the relevant organizational policies, and if the actual permission level is too lenient – rectify the situation by updating the asset's permission configuration.

In addition to the need to perform these set of activities for each individual asset, a task which might entail an enormous waste of time and effort, the permission level to which the "wrong" configuration should be updated to may not be the best one according to the specific characteristics of each individual asset.

"Solvo's IAMagnifier turns this cumbersome, lengthy, inefficient, and error-prone process of managing cloud assets' access permissions, into an automated, centralized, fast and decision-assisted experience,It does so by constantly inspecting the assets' access permissions configurations, analyzing gaps between the current and desired permission level, suggests the needed changes to the configuration, and performs these changes if approved by the user."

Solvo's Co-founder and CEO, Shira Shamban

To present the most relevant and updated data about permission levels and potential risks derived from permission level gaps, Solvo's IAMagnifier offers visual experience, which turns boring tables and records into easy to comprehend mapping of connections and dependencies between Roles, Policies, assets and users. The IAMagnifier also highlights what its analyzer has declared as "excessive permissions", and suggests an alternative, least-privileged permission policy, which can then be enforced by the user just by approving the suggestion.

Unlike traditional infrastructure default definitions or human-set definitions, the "excessive" permission status definition and the alternative permission suggestion the IAMagnifier highlights and suggests are derived from analyzing actual real behaviour of the application and finding the balance between preventing unrequired access by irrelevant stakeholders, and keeping an uninterrupted workflow for relevant stakeholders (i.e least-privileged).

Sylvie Veilluex, Solvo's advisor and former CIO of Dropbox, added: "The team has been offering early access to the IAM Magnifier to selected customers, and the feedback has been nothing short of amazing. One of the CEO whose company was using the IAMagnifier went on to declare the ability to easily see the company's security posture, and effortlessly enhance it, made scaling the company's cloud and business infrastructure frictionless and even enjoyable."

Solvo's team will present IAM Magnifier during AWS' Re:Invent conference, which takes place in Las Vegas, NV, between November 29th and December 3rd, 2021. Solvo will also be providing a free AWS S3 Bucket policy auditing during the conference, and visitors can schedule a meeting with the team for a chance to get back from Vegas with a win.

About Solvo
Solvo allows security teams to empower software developers and accelerate their cloud delivery. The developer-centric security platform creates and maintains a least-privilege security policy for cloud native applications. It adapts the security configuration to every environment, creates it from scratch and monitors for changes, integrating with existing workflows seamlessly and automatically.

Spotlight

"Data breaches have become an everyday occurrence and numerous well-known organisations have been named and shamed, denting their reputations and wreaking financial damage. But any organisation, whatever its size or line of business, can be a target. Every organisation has some form of sensitive data such as financial records, customer details and employee information that is highly prized by criminals and the vast majority of organisations rely on technology to run their business.

Technology, especially the use of disruptive technologies such as big data and cloud-based services, provides for greater productivity, flexibility and improved information access. But it also increases the chances that sensitive information can be inappropriately accessed, lost or stolen."

Related News

Google and KPMG Security Experts Share Their Insights on COVID-19 Related Cyber Scams

Google | May 18, 2020

Google and KPMG online security observers share their insights for securing accounts and access, even while operating from remote locations. Hackers and other cybercriminals tend to look at crises as opportunities, and COVID-19 has proven to be the mother of all crises as not only are systems . Cyber scams based on COVID-19 have become prevalent in recent months, as hackers look to capitalize on the virus-driven uncertainty affecting individuals, enterprises . COVID-19 has created previously unthinkable consequences for our society. Organised crime has been quick to respond, mounting large scale orchestrated campaigns to defraud banking customers, preying on fear and anxiety related to COVID-19. Further, as governments prepare stimulus packages in response to the pandemic and begin providing fiscal support to their citizens, the risk of being defrauded by COVID-19 related scams will likely continue to rise. For the financial sector in particular there are great challenges. The industry has already begun to provide an unprecedented response, but are having to work through their own business continuity issues. The past two months have seen the largest ever migration of individuals to digital platforms and tools in order to stay connected, for both productivity and personal purposes. Millions turned to virtual tools such as videoconferencing apps, many utilizing them for the first time. At the same time, building closures and the rapid shift towards remote working policies left many enterprises and governmental organizations scrambling to ensure adequate measures had been taken to shield confidential data, private servers, and other exposed systems. Learn more: THE TIME HAS COME TO BRING IN AI, MACHINE LEARNING AND AUTOMATION IN CYBERSECURITY . “Our systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organizations, and even official coronavirus maps". ~ Mark Risher, Senior Director for Account Security . In an era of social distancing, it is fortunate that technology has evolved to a point that many services can be rendered completely online. Yet with each new helpful technological advancement, comes the possibility of introducing new online security risks. Hackers and other cybercriminals tend to look at crises as opportunities, and COVID-19 has proven to be the mother of all crises as not only are systems vulnerable due to quickly changing world circumstances, but everyone is constantly looking to digital means to keep them connected. “Such prolific fraud attempts out there, realization of what forms these COVID-19 scams take – and how they should be best handled – should be of urgent importance for both the organizations and the people who work for them. “ Fraudsters posing as members of domestic and international health authorities, such as the United States Centre for Disease Control and Prevention (CDC) or the World Health Organisation (WHO), targeting victims with emails including malicious attachments, links, or redirects to “updates” regarding the spread of COVID-19, new containment measures, maps of the outbreak or ways to protect yourself from exposure. Our systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organizations, and even official coronavirus maps.During the past couple of weeks, our advanced, machine-learning classifiers have seen 18 million daily malware and phishing attempts related to COVID-19, in addition to more than 240 million COVID-related spam messages. Right now, everyone is heavily reliant on their laptops or mobile phones to conduct their everyday needs such as online banking, shopping or donating to causes and charities. Criminals are not afraid to take advantage of that,” warned Tan Kim Chuan, Head of Forensic at KPMG in Malaysia. Mark Risher, Senior Director for Account Security, Identity, and Abuse at Google, says Google’s team of cybersecurity experts have encountered coronavirus-related cyber scams aimed at individuals, companies, and government administrations. Our Threat Analysis Group continually monitors for sophisticated, government-backed hacking activity and is seeing new COVID-19 messaging used in attacks, and our security systems have detected a range of new scams such as phishing emails posing as messages from charities and NGOs battling COVID-19, directions from “administrators” to employees working from home, and even notices spoofing healthcare providers. Learn more: DELOITTE EXTENDS ITS CYBERSECURITY SERVICES BY PARTNERING WITH PALO ALTO .

Read More

DATA SECURITY

New CyberCube Scenarios Aid the Cyber Planning of Lloyd's Syndicates

businesswire | January 21, 2021

CyberCube has refreshed its information driven insightful programming to flawlessly empower guarantors to evaluate misfortunes to situations that Lloyd's has given to partners for the forthcoming March information assortment cutoff time. These situations are utilized to answer to Lloyd's on how their arrangement of business would be influenced by major digital occasions. CyberCube has presented the three situations for practical digital fiascos as a component of its Portfolio Manager item, which is utilized by hazard transporters. The three situations, which CyberCube planned related to Lloyd's Underwriting group, Lloyd's market specialists and Guy Carpenter, are: - a cloud blackout - a force or foundation blackout - a significant malware assault The Lloyd's Market Association's Cyber Risk Strategy Group has additionally been vigorously engaged with building up the situations in the course of recent months. By dissecting how their arrangement of protection chances are influenced by these situations, the Lloyd's market can survey each coordinate's monetary flexibility and that of the market in general. The situations additionally uncover the most cutting-edge danger scene and related digital dangers that cause critical gatherings of misfortunes. The three digital situations, which will in future be remembered for Lloyd's formal Realistic Disaster Scenario (RDS) structure, will assume a significant part in organizations' business arranging measures. They mark the market's most complex digital examination exercise to date. Pascal Millaire, CyberCube’s CEO, said: “Lloyd’s syndicates have long been leaders in the global cyber insurance market and so it is no surprise that the Lloyd’s market is also taking a leadership role amongst regulators in thoughtfully measuring cyber exposure accumulation. We’re thrilled to be able to help Lloyd’s syndicates with this exercise using our platform.” Kirsten Mitchell-Wallace, Lloyd’s Head of Portfolio Risk Management, said: “The Lloyd’s market is a global leader in cyber insurance so understanding and controlling exposure to this class of business is critical. Cyber is a rapidly evolving risk that demands scrutiny at both syndicate and market level: the use of scenarios helps Lloyd’s to achieve this.” Siobhan O’Brien, Managing Director and Head of Guy Carpenter’s International Cyber Centre of Excellence, commented: “This is a very important piece of work for the broader RDS framework. The findings of the study will prove valuable not only for Lloyd’s syndicates but also for the wider insurance industry in helping to address some of the most challenging aspects of cyber risk that impact multiple lines of insurance.” CyberCube's Portfolio Manager is a digital danger fiasco model that permits guarantors to see how their book of business would be influenced by a progression of digital dangers. The model has not been closed down by Lloyd's yet is broadly utilized on the lookout. Deviations should be accounted for to Lloyd's and any inquiries with respect to the assortment time frame (January 8 to March 31) ought to be tended to in the main example to Lloyd's. About CyberCube CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modelling on thousands of points of technology failure. The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners and backing from ForgePoint Capital, HSCM Bermuda, MTech Capital and individuals from Stone Point Capital.

Read More

DATA SECURITY

To speed up the distribution of cyber insurance for small companies, Cowbell Cyber Partners with Mylo

prnewswire | November 05, 2020

Cowbell Cyber, the business' first AI-controlled digital protection supplier for little to moderate sized organizations (SMBs), today declared it has cooperated with Mylo – the advanced specialist dispatched by the world's biggest free merchant, Lockton – to empower expanded dispersion of Cowbell's independent digital protection to the private company market, a territory customarily underserved by digital protection. Organizations of all sizes are getting more dependent on an advanced climate given the present far off setting, regularly leaving them presented to expanded online protection weaknesses including information penetrates, ransomware assaults, digital wrongdoing, and then some. Along these lines, the interest in digital inclusion has definitely expanded as organizations acknowledge digital protection is currently a need, not an extravagance. Mylo chose Cowbell Cyber in light of the fact that Cowbell Prime – Cowbell's independent, conceded digital protection programs – addresses the difficulties looked by private companies while considering protection including: Lucidity of the arrangement terms: entrepreneurs can now quickly comprehend the insurance they will get Importance: Quote and strategies are adjustable in a couple of snaps for higher significance for the policyholder Conceded program: Ensures that everything has been altogether verified by state level offices Prevalent danger the board apparatuses: Free danger appraisal and moderation devices increase the value of private venture on the very first moment of the strategy "We are excited to partner with Mylo to deliver on the promise of customized cyber coverage and easy-to-use risk management tools for their expanding client base," said Dan Law, Head of National Accounts at Cowbell Cyber. "Partnering with Mylo will allow us to better distribute cyber insurance to the currently underserved markets, ultimately helping customers with their cyber resilience." "As an advocate for small business owners, we care about helping them prepare for a cyberattack that could threaten everything they've worked so hard to build," said Mylo COO, Belen Tokarski. "Mylo and Cowbell Cyber are a great fit because we both focus on using technology to give businesses the protection they need to anticipate and recover from serious risks." The association carries critical efficiencies to Mylo's operators including: Speed: Cowbell Prime empowers operators to set up different, tweaked cites in a couple of snaps Usability and straightforwardness: Selling of digital protection is rearranged with inclusions that are introduced to policyholders in a straightforward way, alongside Cowbell Factors to recognize hazard deviation from the business normal No coupling delays: Every statement gave by Cowbell Prime can be momentarily bound About Cowbell Cyber Cowbell Cyber is dedicated to providing standalone, admitted, individualized and easy-to-understand cyber insurance for small and mid-size businesses. In its unique AI-based approach to risk selection and pricing, Cowbell's continuous underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Cowbell Insurance Agency is currently licensed in 34 U.S. states and provides SMBs with admitted cyber insurance on AM Best "A" rated paper with up to $15 Million in coverage. About Mylo Mylo is a digital one-stop-shop that makes it easy for businesses and individuals to compare and purchase top-rated insurance products from multiple carriers, including business, small group benefits, home, auto, life and individual health. Launched in 2015 by Lockton, the world's largest privately held independent insurance broker, Mylo offers expert insurance recommendations online or on the phone with licensed agents. Mylo can be easily integrated into a partner's customer experience, providing a proven boost in customer engagement.

Read More

Spotlight

"Data breaches have become an everyday occurrence and numerous well-known organisations have been named and shamed, denting their reputations and wreaking financial damage. But any organisation, whatever its size or line of business, can be a target. Every organisation has some form of sensitive data such as financial records, customer details and employee information that is highly prized by criminals and the vast majority of organisations rely on technology to run their business.

Technology, especially the use of disruptive technologies such as big data and cloud-based services, provides for greater productivity, flexibility and improved information access. But it also increases the chances that sensitive information can be inappropriately accessed, lost or stolen."