DATA SECURITY

Spectral has joined the Open Source Security Foundation to help Strengthen Open-Source Software Security

Spectral | April 27, 2021

Spectral, the developer first software safety organization, declared they have become supporters of the Open Source Security Foundation (OpenSSF). Spectral is currently an individual from OpenSSF's developing worldwide local area expecting to improve the security of open-source programming.

OpenSSF is cross-industry cooperation zeroed in on measurements, tooling, weakness divulgences, security tooling, best practices, and then some, to get the open-source environment and improve the security of open-source programming (OSS). OpenSSF unites pioneers from around the world to give a discussion to genuinely collective, cross-industry endeavors.

Spectral is a developer first software safety solution that finds and ensures against exorbitant security botches in code, setup, and other engineer resources. Otherworldly utilizes the main mixture examining motor, that consolidates AI and many indicators to discover and ensure against hurtful security blunders in code, solutions, and different ancient rarities.

In accordance with OpenSSF's main goal, Spectral as of late delivered Teller, an open-source instrument that assists developers with recovering and utilize touchy access subtleties. At the point when engineers need to get to mysteries, they frequently need to depend on utilizing homebrewed custom content or duplicating privileged insights from a vault to their neighborhood advancement climate. Teller is the principal open-source secret supervisor addressing the "last mile issue" by giving a developer cordial, normalized strategy for getting to and utilizing mysteries that protects touchy data.

"Spectral's main goal is to empower developers to assemble and dispatch programming at scale without stress. We feel that the OpenSSF activity is the ideal scene to examine and improve open source security and is a characteristic stage that engages engineers. The Spectral group is glad to take part in the functioning gatherings and offer their ability in security investigation and exploration of innovation stacks at scale, engineer insight (DX) and tooling, open-source codebases examination and patterns, developer social investigation, however a definitive objective of improving open source security and engineer bliss," said Dotan Nahum, CEO and prime supporter of Spectral.

About Spectral

Spectral is a lightning-quick, developer first software protection solution that goes about as a control plane over source code and other engineer resources. It finds and ensures against hurtful security blunders in code, designs, and different antiquities. Spectral utilizes the principal cross breed checking the motor, consolidating AI and many locators, guaranteeing engineers can code with certainty while shielding organizations from signific

Spotlight

"This white paper discusses how organizations can build effective and highly available disaster recovery (DR) solutions using Microsoft virtualization and failover capabilities complemented with partner data replication products. It showcases various available end-to-end disaster recovery solutions for different scenarios. Each scenario enables organizations to select a Microsoft partner product to provide cross-site data management and replication that is appropriate for a company’s particular environment. The solutions discussed in this document are generic approaches for structuring DR solutions in a geographically dispersed Hyper-V environment with the help of clustering. The solutions discussed are intended to provide disaster recovery solution configuration examples that customers can use to evaluate and select end-to-end disaster recovery
solutions that best fit their needs. However, this white paper is not intended to be an exhaustive study of specific architectures for every environment. To evaluate specific data center disaster recovery requirements, please contact a Microsoft sales representative.
This paper is written for those who have a working knowledge of Windows Server 2008 and virtualized Windows Server environments. This paper also assumes that the reader understands replication and clustering terminology."

Spotlight

"This white paper discusses how organizations can build effective and highly available disaster recovery (DR) solutions using Microsoft virtualization and failover capabilities complemented with partner data replication products. It showcases various available end-to-end disaster recovery solutions for different scenarios. Each scenario enables organizations to select a Microsoft partner product to provide cross-site data management and replication that is appropriate for a company’s particular environment. The solutions discussed in this document are generic approaches for structuring DR solutions in a geographically dispersed Hyper-V environment with the help of clustering. The solutions discussed are intended to provide disaster recovery solution configuration examples that customers can use to evaluate and select end-to-end disaster recovery
solutions that best fit their needs. However, this white paper is not intended to be an exhaustive study of specific architectures for every environment. To evaluate specific data center disaster recovery requirements, please contact a Microsoft sales representative.
This paper is written for those who have a working knowledge of Windows Server 2008 and virtualized Windows Server environments. This paper also assumes that the reader understands replication and clustering terminology."

Related News

SOFTWARE SECURITY

Aqua Launches the Industry’s First Out-of-the-Box Runtime Security with Advanced Protection Against the Most Sophisticated Threats

Aqua Security | July 26, 2022

Aqua Security, the leading pure-play cloud native security provider, today announced the launch of out-of-the-box runtime protection with minimal configuration to stop attacks in real time on running workloads. Protection is composed of new curated and optimized default security controls, as well as advanced threat intel from observations of real attacks on cloud native environments. Both the controls and threat intel are the result of knowledge gained through years of securing customers’ live production environments. Customers can now apply this knowledge to achieve trusted and advanced runtime protection in minutes without requiring in-depth knowledge of their applications and environments. Using eBPF technology and threat intel from cyber research team Aqua Nautilus to identify advanced threats, Aqua surfaces the most critical issues in real time while also implementing a set of controls to protect running workloads immediately, without disrupting the business. “Aqua is transforming the runtime security paradigm. “Traditional runtime security requires security teams to have a great deal of cloud native knowledge, and as a result has been slow to adopt. Aqua is removing this barrier to adoption by making cloud workload threat protection immediately effective and easy for security professionals.” Amir Jerbi, CTO and co-founder, Aqua Security Stopping Attacks in Real Time with Runtime Security Recent data from Nautilus shows that one in three live attacks could be missed when relying exclusively on snapshot scanning of running workload images. Nautilus also found tens of thousands of instances of in-memory attacks and fileless attacks in a one-month period—attacks that would not be seen or stopped without kernel-level visibility. Aqua’s detection of anomalous behavior goes beyond point-in-time snapshots and catches malicious behavior of known and unknown threats in real time—this includes both known CVEs and zero-day exploits that have yet to be discovered. The new default runtime controls are based on ongoing recommendations from Aqua Nautilus, who detect and analyze 80,000 attacks a month using Aqua’s open source eBPF-based threat detection engine, Aqua Tracee. The result is real-time visibility at the kernel level that alerts customers the moment an attacker breaches a running workload, reducing attackers’ dwell time from months to milliseconds. Aqua’s Runtime Protection solution is part of Aqua’s fully integrated Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. Customers of the Aqua Platform also have access to the entire, full set of customizable, advanced runtime capabilities if and when they decide to define and implement more stringent policies. Key benefits of Aqua Runtime Protection include: Discover attacks immediately with continuously updated kernel-level behavioral detection. Updates are based on cloud native threat research from Aqua Nautilus along with years of experience securing customer workloads in production. Respond faster and reduce attacker dwell time by stopping attacks with pattern-based anti-malware in production and the option to block or delete malware on access. Simplify incident investigation and rapidly determine the impact and attack path of a security incident with a detailed incident timeline including rich contextual information. “Unlike overly complex runtime solutions, legacy solutions not designed for cloud-native applications, or solutions that can’t detect in real time, our goal with this release is to provide runtime security that is simple to deploy, giving you effective real-time security out-of-the-box,” said Jerbi. “What this boils down to is that, unlike alternative solutions, Aqua’s Platform will both detect sophisticated attacks and stop them in real time.” Aqua’s out-of-the-box Runtime Protection is now available and will make an industry debut at AWS re:Inforce on July 26-27 in Boston at Booth 104. To learn more, visit Aqua’s YouTube. About Aqua Security Aqua Security stops cloud native attacks and is the only company with a $1 Million Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry’s most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston and Ramat Gan, Israel, with Fortune 1000 customers in over 40 countries.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Cymulate Raises $70M Series D Funding for Continuous Security Posture Testing

Cymulate | September 07, 2022

Cymulate, the market leader in Extended Security Posture Management (XSPM), today announced a $70 million Series D investment led by existing investors One Peak, together with Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and Dell Technologies Capital. Cymulate has raised $141M to date. The latest investment, which is among the largest for continuous security testing vendors, doubles Cymulate's funding raised to date and accelerates the Company's global expansion and pace of innovation. In a recent report on Continuous Threat Exposure Management (CTEM) GartnerⓇ analysts observed, "Previous approaches to managing the attack surface are no longer keeping up with digital velocity — in an age where organizations can't fix everything, nor can they be completely sure what vulnerability remediation can be safely postponed. CTEM is a pragmatic and effective systemic approach to continuously refine priorities, walking the tightrope between those two impossible extremes."* The global shortage of 2.72 million cybersecurity professionals, and overstretched in-house security resources further exacerbates the need for Cymulate's real-world solutions which closes security gaps quickly and efficiently, rationalizes technology, helps upskill staff and improves processes. "We are thrilled to lead this round of investment in Cymulate," said David Klein, Managing Partner of One Peak. "Cyber posture management and continuous security validation have dramatically increased in popularity in response to the onslaught of ransomware and cyber warfare for businesses across all size ranges. Cymulate is the clear leader in the sector, and we look forward to continuing to support the Company in further accelerating its already strong growth trajectory." Cymulate sets the industry standard for organizations to use automation to continuously validate their threat exposure and cyber posture, by testing their cloud and on-premise networks against the latest threats in the wild. The Company's Extended Security Posture Management platform leverages its native offensive security technology and capabilities to widely support customers' security and business needs. XSPM incorporates four fundamental pillars tied together with analytics to provide actionable security posture insights: Attack Surface Management, Continuous Automated Red Teaming, Breach & Attack Simulation, and Advanced Purple Teaming. Cymulate's customers see their cyber risk reduced by nearly 50% during the first three months of use. Running daily risk assessments, the cyber risk of Cymulate's customers continues to decrease in the first year without any security drift. The Series D funding will be used to extend Cymulate's technological capabilities and further accelerate its global growth. The Company more than doubled its ARR in 2021 and grew more than 200% in North America alone. Cymulate has more than 500 customers globally, including Fortune 500 companies and strategic partners such as Optiv and Wipro. By the end of this year, Cymulate plans to further expand its staff by 75% to continue supporting its go-to-market efforts. "In a market where every business must be prepared to fight advanced threats, I am proud of our team's ability to innovate and respond quickly to the constant turbulence of cybersecurity. "Our funding from existing investors is a further testament to their confidence in our company, direction, and continued vision. We look forward to reaching our next innovation milestones and expanding into new markets across the globe." Eyal Wachsman, CEO and Co-Founder of Cymulate Alongside their Series D funding, Cymulate also recently announced two C-level executive appointments to bolster the company's leadership, namely the appointment of Maria Mastakas as Chief Operating Officer and Carolyn Crandall as Chief Marketing Officer and Chief Security Advocate of Cymulate. *Gartner, Implement a Continuous Threat Exposure Management (CTEM) Program, July 2022. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. About Cymulate Cymulate's SaaS-based Extended Security Posture Management (XSPM) provides security professionals with the ability to continuously challenge, validate and optimize their on-premises and cloud cyber-security posture with visualization end-to-end across the MITRE ATT&CK® framework. The platform provides automated, expert and threat intelligence led risk assessments that are simple to deploy and use for organizations of all cybersecurity maturity levels. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies.

Read More

SOFTWARE SECURITY

RangeForce introduces cloud-based security team threat exercises

RangeForce | June 29, 2022

RangeForce, a provider of team cyber defense readiness at scale, announced that it has improved its platform for team threat exercises with new features that make it simpler for organizations to hasten the development of their security teams' skills through multi-user detection and response drills involving simulated attacks. Through the use of RangeForce team threat exercises, security teams can set up the security stack to be defended, select an attack scenario, carry out the threat exercise, analyze the post-exercise data, and create a customized training program. RangeForce threat exercises produce realistic digital artifacts of both signal and noise that demand teams to demonstrate their cyber preparedness. They use high-intensity, real-world assault scenarios that call security experts to work in teams to discover and neutralize cyber threats. "RangeForce threat exercises are based on years of running hundreds of live cyber events and deliver the most realistic experience for teams using headline making attack scenarios and the same security tools they use every day. They provide participants the opportunity to acquire hands-on skills so they build the muscle memory to meet threat actors head on." Ben Langrill, Senior Director of Product Engineering for RangeForce RangeForce exercises take place in a cyber-environment that goes beyond the standard tabletop exercise, forcing participants to use well-known security tools like Splunk and Fortigate to identify and address threats. Instead, events follow the NIST cybersecurity architecture and combine threat intelligence, threat hunting, digital forensics, and system hardening expertise to reduce threats depending on current malware patterns.

Read More