SOFTWARE SECURITY

Sysdig Open Source Is Extended to Secure Cloud Services

Sysdig | May 16, 2022

Sysdig
Sysdig, the unified container and cloud security leader, announced that Sysdig open source, the incident response standard for containers, has been extended to the cloud. Using system calls, Sysdig open source (Sysdig OSS) traditionally offers deep observability into running applications, as well as file system access and network activity, which speeds incident response and troubleshooting. Teams can quickly filter information from Sysdig OSS and take action. With the announcement of this new integration, these capabilities have been extended beyond containers to any cloud environment.

Today, Sysdig announced Edd Wilder-James has joined Sysdig from Google to lead the company’s open source ecosystem team.

The complexity of cloud-native applications – with countless components and variables – makes it extremely difficult for security analysts and system administrators to quickly triage alerts and debug problems. Sysdig OSS captures process, file system, and network activity in real time and with a high degree of granularity. The tool, which has nearly two million downloads and 6,850 GitHub stars, surfaces everything from executed commands and file system activity to network activity. Sysdig OSS then offers advanced filtering and troubleshooting capabilities, supporting root cause analysis for security and performance issues.Using a new plugin framework – originally developed by the open source community for the CNCF project Falco – Sysdig extends the number of sources Sysdig OSS can be connected with to anything that generates logs or events, including Azure, Google, and AWS CloudTrail logs. Going forward, every plugin developed for Falco can also be leveraged by Sysdig OSS. Using one tool, like Sysdig OSS, to observe events from the entire cloud-native environment streamlines investigations. Using a different tool for each environment adds complexity, which makes it massively harder to troubleshoot.

Sysdig’s Commitment to Open Source

Sysdig was founded as an open source company and Sysdig Secure and Sysdig Monitor were both built on an open source foundation to address the security challenges of modern cloud applications. Both projects were created by Sysdig to leverage deep visibility as a foundation for security, and they have become standards for container and cloud threat detection and incident response. Falco, which was contributed to the CNCF in 2018, is now an incubation-level hosted project with more than 45 million downloads.

Sysdig OSS and Falco can be used together as a powerful open source solution to reduce risk at runtime. Sysdig OSS acts as a flight recorder, capturing a detailed record for inspection. Falco acts as a security camera, continuously detecting unexpected behavior, configuration changes, intrusions, and data theft in real time. Teams can use Sysdig OSS and Falco together to detect and respond to threats.

“If you want to see what is going on inside an application, Sysdig OSS gives you that record. “Sysdig open source was the inspiration for Falco. While Falco will monitor and alert based on your policies, Sysdig open source will tell you what happened at a particular time, before and after the event. Having the ability to use both open source tools in the cloud is extremely powerful.”

Loris Degioanni, Founder and CTO of Sysdig

About Sysdig
Sysdig is driving the standard for cloud and container security. The company pioneered cloud-native runtime threat detection and response by creating Falco and Sysdig as open source standards and key building blocks of the Sysdig platform. With the platform, teams can find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. From containers and Kubernetes to cloud services, teams get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes. The largest and most innovative companies around the world rely on Sysdig.

Spotlight

Whether public key infrastructure (PKI) is your passion or it’s something you wouldn’t touch with a 39-and-a-half-foot pole, it’s without a doubt become critical to the security of your organization. A rare few companies have an in-house expert or even an entire team dedicated to PKI, but for most, it’s more of a “hot potato” th

Spotlight

Whether public key infrastructure (PKI) is your passion or it’s something you wouldn’t touch with a 39-and-a-half-foot pole, it’s without a doubt become critical to the security of your organization. A rare few companies have an in-house expert or even an entire team dedicated to PKI, but for most, it’s more of a “hot potato” th

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Forcepoint Launches Global Managed Security Service Provider Program for Forcepoint ONE SSE

Businesswire | April 19, 2023

Global security leader Forcepoint today introduced its best-in-class Managed Security Service Provider (MSSP) program for service providers, distribution partners and other resellers. With managed services based on the Forcepoint ONE Security Service Edge (SSE) platform, Forcepoint partners can simplify Zero Trust security and gain predictable, repeatable revenue streams through cloud-first, hybrid-ready security. Forcepoint ONE also allows partners to quickly differentiate their security offerings with Data-first SASE, integrating SSE with connectivity through FlexEdge Secure SD-WAN solutions. Forcepoint MSSP partners can help enterprises and government agencies turn security into a competitive advantage by increasing productivity, streamlining costs and simplifying regulatory compliance. “As more and more organizations look to MSSPs for their cybersecurity solutions, the opportunity for partners is absolutely massive with market growth to $53.22B expected in the next several years. And every customer we speak to is on a path to SASE, with many looking to MSSPs for pay-as-you-go solutions that stop threats and data loss while letting users access information and apps securely on any device,” said Myles Bray, Chief Revenue Officer at Forcepoint. “Forcepoint ONE allows MSSP partners to fast forward their journey to Data-first SASE through the delivery of security convergence, subscription model and business tools that enable partners to reduce complexity for mutual customers, drive recurring revenue, and quickly scale their service offerings.” “Forcepoint’s data-centric focus on security aligns with our vision for proactive protection, detection and remediation,” said Raluca Saceanu, CEO of Smarttech247, a Forcepoint partner. “Smarttech247’s hosted and managed services centered on Forcepoint ONE SSE cloud-native and Forcepoint enterprise data security solutions allow today’s enterprises to manage risk holistically and simplify security operations. This is a game-changer when adversaries are constantly finding new ways to steal confidential data.” As a channel-first company, Forcepoint will help partners quickly incorporate SASE into their services through its MSSP program. Using the Forcepoint management portal, partners can update customer configurations and offer multi-tenant services with a few clicks. Subscriptions with simple billing help providers scale their profitability when end-user licensing needs change. With no significant up-front expenses, partners can offer Forcepoint ONE and Secure SD-WAN solutions quickly over the internet and customers can add more services anytime. Forcepoint also provides enablement and training support, including channel managers dedicated to building business plans with MSSPs and distribution partners. Additional Forcepoint MSSP benefits to partners include: Unified Management: the Forcepoint ONE all-in-one console offers a single set of policies for securing remote, hybrid, and office workers. Modern: strong Zero Trust data security delivered with a cloud-native SASE architecture. Global: available everywhere, with 300+ points of presence for managed devices and agentless support for BYOD. Reliable: 99.99% uptime since 2015. Profitable: cost competitive, higher margin services. About Forcepoint Forcepoint simplifies security for global businesses and governments. Forcepoint’s all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft or loss of sensitive data and intellectual property no matter where people are working. Based in Austin, Texas, Forcepoint creates safe, trusted environments for customers and their employees in more than 150 countries. Engage with Forcepoint on www.forcepoint.com, Twitter and LinkedIn. About Smarttech247 Smarttech247 is a multi-award-winning cybersecurity company that helps organizations reduce their risk. Trusted by global customers, our platform provides threat intelligence with managed detection and response to provide actionable insights, 24/7 threat detection, investigation, and response. Our service is geared towards proactive prevention and we do this by utilizing the latest in cloud, big data analytics and machine learning, along with our industry leading governance, risk and compliance team.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Spin.AI Expands SpinOne Platform with New SaaS Security Capabilities: SaaS SPM, SaaS DLP and SaaS Ransomware Protection

Businesswire | April 20, 2023

Spin.AI, developer of the SpinOne SaaS security platform for mission-critical SaaS apps, today announced the significant expansion of its platform with new solutions to help enterprises proactively respond to the growing challenge of protecting SaaS data. This includes new capabilities around SaaS security posture management (SSPM), SaaS data leak prevention and data loss protection (SDLP), and SaaS ransomware detection and response (SRDR), as well as new integrations with JIRA and ServiceNow, and backup support for Slack. "The rising adoption of mission-critical SaaS applications, such as collaboration tools and CRMs, has resulted in a massive amount of new SaaS data that must be safeguarded for compliance, regulatory, and business continuity purposes,” said Dmitry Dontov, CEO and founder of Spin.AI. “The most recent enhancements to the SpinOne platform protect SaaS applications, automate manual processes, and minimize business downtime for organizations that rely on SaaS apps and SaaS data. With SpinOne, teams can reduce the time it takes to identify and remediate SaaS application risks from days and months to minutes and seconds." SpinOne is an all-in-one, SaaS security platform that protects SaaS data for mission-critical SaaS applications, including Google Workplace, Microsoft 365, Salesforce and now Slack, by delivering full visibility and fast incident response. It eliminates fundamental security and management challenges associated with protecting SaaS data by reducing the risk of data leak and loss, saving time for SecOps teams through automation, reducing downtime and recovery costs from ransomware attacks, and improving compliance. The new platform updates include: SSPM (SaaS Security Posture Management) – Offers automated security operations to help companies quickly detect and respond to misconfigurations while also providing inventory and assessment of unsanctioned third-party apps and extensions. This reduces security and compliance risks while minimizing manual workloads. SpinOne provides full visibility and control over SaaS apps, Cloud apps, Mobile apps, and browser extensions with OAuth access to collaboration tools. Additionally, SpinOne provides access to a database of 300,000+ apps and extensions assessed by its AI-driven algorithms, reducing risk assessment time from months to seconds. SaaS DLP (SaaS Data Leak Prevention and Loss Protection) – Mitigates unauthorized access to sensitive SaaS data with configurable access management and advanced reporting. Recovers lost data in a matter of minutes or hours (instead of the typical weeks or months) with integrated, automated SaaS backup and rapid incident response. SaaS Ransomware Detection and Response – Quickly detects and responds to in-progress ransomware attacks, minimizing downtime from an average of one month to up to 2 hours and preventing further encryption. Provides 24/7 ransomware monitoring and automated incident alerting, and can recover SaaS data in minutes, reducing recovery costs by 90%. This patented technology gives organizations the unique capability to limit files impacted and avoid throttling and API limits on recovery. JIRA and ServiceNow – Integrates with JIRA and ServiceNow to create alerts and incidents automatically, streamlining security operations processes for enterprise teams by eliminating the need for manual alert creation. SpinOne for Slack – Helps protect an organization’s Slack channels and messages to meet data protection and compliance requirements, ensure business continuity, and decrease recovery costs. You can easily set up automated 3x a day backup of your Slack data on AWS, GCP, Azure or BYOS. Enterprises use multiple point products to meet their security requirements, making it challenging to manage various dashboards, invoices, and support channels. Consequently, enterprises are consolidating on platforms that address significant issues in a single solution. This all-in-one SaaS security solution is what SpinOne provides. SpinOne can efficiently substitute existing vendors or complement an enterprise’s existing security stack, reducing overhead and complexity. “SaaS applications, such as Google Workspace and Microsoft 365 for example, have a significant number of controls and configurations,” said Davit Asatryan, Director of Product at Spin.AI. “One of the biggest challenges administrators face is configuring these applications for the best security posture. This new SpinOne update delivers the visibility needed to better understand configuration issues, set better policies, and respond faster, while aligning with existing regulations such as NIST, ISO, and SOC 2.” SpinOne protects the SaaS applications enterprises use on a daily basis, reducing the risk of downtime due to business disruptions, ensuring business continuity, and improving compliance. For more information including a deeper technical overview of the new SpinOne capabilities, please visit www.spin.ai/platform/spinone or request a demo at www.spin.ai/demo. About Spin.AI Spin.AI is a SaaS security company protecting enterprises against the risk of shadow IT, data leak and loss, ransomware, and non-compliance. SpinOne, the all-in-one SaaS security platform for mission-critical SaaS apps, protects SaaS data for Google Workspace, Microsoft 365, Salesforce, and Slack. SpinOne provides SaaS security posture management, SaaS DLP, and SaaS ransomware protection for more than 1,600 organizations worldwide to reduce downtime and recovery costs, improve compliance, and save time for SecOps teams. For more information, please visit: https://www.spin.ai/

Read More

DATA SECURITY, ENTERPRISE SECURITY, PLATFORM SECURITY

BlueVoyant Enhances its Cloud-Native Splunk Managed Detection & Response (MDR), Consulting, and Implementation Services

BlueVoyant | March 20, 2023

BlueVoyant, a cybersecurity company that illuminates, validates, and remediates internal and external risks in one platform, announced enhanced Splunk capabilities, with end-to-end consulting, implementation, and Managed Detection & Response (MDR) services. With the increasing adoption of cloud technologies, organizations face a complex and rapidly evolving threat landscape. The service helps clients maximize their Splunk investment whether it be on the Splunk Cloud Platform or Splunk Enterprise. "Splunk Your Way with BlueVoyant enables our clients to have industry-leading consulting, implementation, and cyber defense in a cost-effective manner," said Drew Gibson, BlueVoyant senior director for the company's Splunk Alliance. "BlueVoyant has a strong relationship with Splunk, and is known for its dynamic expertise in the company's products, helping our joint clients have greater control and visibility of their data usage and security posture." Key components of Splunk Your Way with BlueVoyant include: Enabling clients to collect, monitor, and analyze security data across on-premise, hybrid, and multi-cloud environments in a single platform Cloud-native SIEM (security information and event management) with real-time visibility to identify security threats and remediate them quickly Clients can reduce their data burden by 20% or more with a proprietary Data Readiness model that improves data quality and reduces costs Onboarding within a month for Existing Splunk users to quickly see the benefits of BlueVoyant Continuously improving client's Splunk instance by using faster security content delivery, and parity between different SIEM and EDR (endpoint detection and response) tools Availability of numerous bundles of workshops, retainers, and MDR services to help clients optimize, implement, manage, and monitor and protect their Splunk instance "BlueVoyant has the strength of our MDR for Splunk which we launched in 2021, aided by the expertise of thousands of Splunk deployments by our Concanon Professional Services division to provide a compelling service which helps the client get the most their Splunk investment, whether Splunk is installed 'on-prem' or via Splunk Cloud," said Michael Cormier, managing director for Concanon, a BlueVoyant company. BlueVoyant acquired Conanon in fall 2021 to enhance its end-to-end Splunk platform capabilities. Splunk recognized BlueVoyant as a key MSP (managed service provider) partner with the new Premier Manage designation. BlueVoyant also earned core competency badges for Cloud Migration and Cloud Migration: Co-Delivery. The company has 200 active Splunk certifications. In 2022, BlueVoyant expanded its Splunk go-to-market by including its offerings on the Amazon Web Services (AWS) Marketplace. BlueVoyant is hosting a webinar at 1 p.m. EDT Thursday, April 13 to discuss what the company has learned from our Splunk deployments and clients, and to answer questions. Current clients, security professionals, and other parties are encouraged to attend. About BlueVoyant BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based cloud-native platform by continuously monitoring your network, endpoints, attack surface, and supply chain, as well as the clear, deep, and dark web for threats. The full-spectrum cyber defense platform illuminates, validates, and quickly remediates threats to protect your enterprise. BlueVoyant leverages both machine-learning-driven automation and human-led expertise to deliver industry-leading cybersecurity to more than 900 clients across the globe.

Read More