Technology and Enterprise Leaders Combine Efforts to Improve Open Source Security

Red Hat, IBM, Google, Microsoft | August 10, 2020

With the growth of open source software such as Linux and cloud computing becoming more wide spread, a host of tech giants have joined a new group focusing on improving security.

Red Hat – the global leader in Linux open source software and solutions – is part of the Open Source Security Foundation as well as IBM, Red Hat���s owner.

Also signing on are GitHub, Google, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation, ElevenPaths, GitLab, HackerOne, Intel, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, Uber and VMware.

Spotlight

Whether public key infrastructure (PKI) is your passion or it’s something you wouldn’t touch with a 39-and-a-half-foot pole, it’s without a doubt become critical to the security of your organization. A rare few companies have an in-house expert or even an entire team dedicated to PKI, but for most, it’s more of a “hot potato” th

Spotlight

Whether public key infrastructure (PKI) is your passion or it’s something you wouldn’t touch with a 39-and-a-half-foot pole, it’s without a doubt become critical to the security of your organization. A rare few companies have an in-house expert or even an entire team dedicated to PKI, but for most, it’s more of a “hot potato” th

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Legit Security Announces New Partnership with Snyk

Globenewswire | April 13, 2023

Legit Security, a cyber security company with an enterprise platform that protects software delivery from code to cloud, including the software supply chain, today announced a partnership with Snyk, the leader in developer security. Together, Legit Security and Snyk help bridge the gap between security and development teams by scaling-up security from code to cloud through the combination of secure code and secure application delivery. The partnership enables organizations to greatly improve productivity by contextualizing cybersecurity risks, consolidating vulnerability management in a unified view, and prioritizing remediation to the most critical risks and applications so their businesses can stay safe while releasing trusted software fast. Today’s digital business models depend on rapid innovation, but security teams struggle to keep pace with the development of modern applications, DevOps and changing CI/CD pipelines. Legit Security helps application security teams align with iterative, fast paced DevOps models by protecting applications from code-to-cloud with automated SDLC discovery and a unified application security control plane that provides visibility, security, and governance over rapidly changing environments. By providing real-time security posture management and deep security issue context, security and development teams can rapidly prioritize security issues and accelerate their productivity, effectiveness, and collaboration. “In most organizations today, software development pipelines are unchartered highways to cloud deployment,” said Roni Fuchs, CEO and co-founder, Legit Security. “To build applications securely at scale, you need to have visibility and security control over your development environments including traceability from cloud apps back to their CI/CD software pipelines and originating source code. We are thrilled to partner with Snyk to combine our code to cloud security capabilities with their developer-first approach to secure code and open source dependencies.” “We’re excited to further our relationship with Legit Security,” said Jill Wilkins, Senior Director Global Alliances, Snyk. “As the demand for developer security grows, we are always looking to expand our partner ecosystem and help businesses all over the world capitalize on that opportunity. Our partnership with Legit Security will help us continue our mission to empower developers all over the world with developer first security, and offer our mutual customers the ability to seamlessly integrate Snyk into existing workflows, tools, and processes to help accelerate development and security team adoption of DevSecOps.” For more information, please visit Legit Security at www.legitsecurity.com. About Legit Security Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Flashpoint Expands Google Cloud Partnership to Accelerate Risk Intelligence Insights With Google Cloud’s Next-Generation AI

Businesswire | April 11, 2023

Flashpoint, the globally trusted leader in risk intelligence, today announced an expansion of its partnership with Google Cloud to deploy next-generation intelligence solutions, including generative AI, within the Flashpoint product suite. This initiative will revolutionize how organizations detect security threats and reduce risk, in support of better, faster, and more intuitive decision making. As part of this collaboration, Flashpoint is working to leverage Google Cloud’s generative AI technology to move from the boolean search-based interaction model that the intelligence industry uses today to a natural, conversation-based experience. By supporting a conversational approach to intelligence research, organizations will be able to maximize the value of their intelligence investment—helping them get more out of their security and intelligence teams, close the cybersecurity skills gap, and rapidly mitigate risk. With past security ML innovations and last year’s acquisition of Mandiant, Google is uniquely positioned to empower security generative AI use cases. The upcoming release of Flashpoint’s conversational intelligence capability will expand upon Flashpoint’s use of Google Cloud Vertex AI services such as Vision AI and Translation AI to provide industry-leading AI-driven intelligence innovations, including the processing and contextualizing of images and videos through optical character recognition (OCR) and in-platform video search, as well as the use of Google’s BigQuery and Looker to accelerate enrichment, analysis, and visualizations within the Flashpoint platform. Among other wins, these innovations have led to the prevention of millions of dollars of fraud each week, along with the mitigation of physical and cyber risks in industries ranging from financial services, technology, retail, and national security. “We are thrilled to work with Google Cloud to leverage their AI expertise in support of the Flashpoint Intelligence Platform and our customers,” said Josh Lefkowtiz, CEO of Flashpoint. “With this collaboration, we aim to empower organizations with faster and more comprehensive insights into potential cyber, physical, and fraud threats, enabling them to stay one step ahead in the ever-evolving landscape of cybersecurity.” This partnership expansion signifies Flashpoint’s commitment to pushing the boundaries of what's possible by applying artificial intelligence to risk intelligence. Both Flashpoint and Google Cloud share a common vision of helping our customers make smarter decisions with data to protect what’s important by creating smarter, more efficient, and more sustainable solutions to address the growing demands of our digital era. With these innovations, Flashpoint is poised to expand its leading position in the risk intelligence market to power the next wave of technological breakthroughs. This partnership exemplifies the companies' shared dedication to driving innovation and building a better, more connected future for all. See us at RSA 2023 To learn more about how Flashpoint can help your organization rapidly identify, mitigate, and prevent risk, visit us at booth 4404 in the Moscone Center South Hall, or book a 1:1 consultation at the expo. Access Flashpoint through Google Marketplace Flashpoint is available for purchase through the Google Cloud Marketplace. About Flashpoint Trusted by governments, commercial enterprises, and educational institutions worldwide, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including physical and corporate security, cyber threat intelligence (CTI), vulnerability management, and vendor risk management teams—rely on the Flashpoint Intelligence Platform, comprising open-source (OSINT) and closed intelligence, to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. Learn more at www.flashpoint.io.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Vectra Unifies AI-driven Behavior-based Detection and Signature-based Detection in a Single Solution

Prnewswire | March 27, 2023

Vectra AI, the leader in AI-driven hybrid cloud threat detection and response, today announced the introduction of Vectra Match. Vectra Match brings intrusion detection signature context to Vectra Network Detection and Response (NDR), enabling security teams to accelerate their evolution to AI-driven threat detection and response without sacrificing investments already made in signatures. "As enterprises transform embracing digital identities, supply chains and ecosystems - GRC and SOC teams are forced to keep pace. Keeping pace with existing, evolving and emerging cyber threats requires visibility, context and control for both known and unknown threats. The challenge for many security organizations is doing so without adding complexity and cost," says Kevin Kennedy, SVP Products at Vectra. With the addition of Vectra Match, Vectra NDR addresses core GRC and SOC use cases enabling more efficient and effective: Correlation and validation of threat signals for accuracy. Compliance for network-based CVE detection with compensating controls. Threat hunting, investigation and incident response processes. "CISOs and their SOC teams across Asia Pacific are working with a challenging lack of visibility across their hybrid cloud environments, as attackers continue to evolve. Vectra NDR now enables security teams to unify signatures for known threats and AI-driven behavior-based detection for unknown threats in a single solution," comments David Sajoto, Vice President Vectra Asia Pacific Japan. According to Gartner®, "recent trends in the NDR market indicate many NDR offerings have expanded to capture new categories of events and to analyze additional traffic patterns. This includes new detection techniques: by adding support for more traditional signatures, performance monitoring, threat intelligence and sometimes malware detection engines. This move toward more multifunction network detection aligns well with the use case of network/security operations convergence, but also with midsize enterprises."1 "The attack surface cyber attackers have at their disposal continues to grow exponentially creating unknown threats on top of the tens of thousands of known vulnerabilities that exist. Attackers simply have exponentially more ways to infiltrate an organization and exfiltrate data -- and do so with far more frequency, velocity and impact. Keeping pace with attackers exploiting known vulnerabilities and unknown threats is an immense challenge for every Security, Risk and Compliance officer," says Ronald Heil, Global Risk Advisory Lead for Energy and Natural Resources and Partner at KPMG Netherlands. "Today, cyber-resilience and compliance requires complete visibility and context for both known and unknown attacker methods. Without it, disrupting and containing their impact becomes an exercise in brand reputation and customer trust damage control. Vectra Match capabilities allow us to combine both worlds, having the continued AI-based detection of real-time "movement", while also having the ability to check against specific Suricata indicators -- often required during incident response or proof of compliancy (e.g., Log4J). Consolidating AI-based and signature-based detection enables optimization, because in our case, less is more." "When it comes to shadow IT, we know people with admin rights are 'building boxes off the grid.' Our SOC team cannot protect what we cannot see, thus making these unknown systems prime targets for attackers. No doubt, behavior-based AI-driven detections are great for catching attackers deploying new, evasive methods, but when it comes to attackers leveraging CVEs to compromise unknown, unpatched systems, we need signature-based detection. Combining signature-based detection with behavior-based detection gives our SOC team visibility for both the known-unknown and unknown-unknown threats. It's the best of both worlds," says Brett Fernicola, Sr. Director, Security Operations at Anywhere.re. Vectra NDR with Vectra Match Vectra NDR - a key component of the Vectra platform - provides end-to-end protection against hybrid and multicloud attacks. Deployed on-premises or in the cloud, the Vectra NDR console is a single source of truth (visibility) and first line of defense (control) for attacks traversing cloud and data center networks. By harnessing AI-driven Attack Signal Intelligence, Vectra NDR empowers GRC and SOC teams with: AI-driven Detections that think like an attacker by going beyond signatures and anomalies to understand attacker behavior and zero in on attacker TTPs across the entire cyber kill chain post compromise, with 90% fewer blind spots and 3x more threats proactively identified. AI-driven Triage that knows what is malicious by utilizing ML to analyze detection patterns unique to the customer's environment to score how meaningful each detection is, thus reducing 85% of alert noise - surfacing only relevant true positive events that require analyst attention. AI-driven Prioritization that focuses on what is urgent by automatically correlating attacker TTPs across attack surfaces, evaluating each entity against globally observed attack profiles to create an attack urgency rating enabling analysts to focus on the most critical threats to the organization. Vectra NDR empowers security and risk professionals with next-level intrusion detection. Armed with rich context on both known and unknown threats, GRC and SOC teams not only improve the effectiveness of their threat detection, but the efficiency on their threat hunting, investigation and incident response program and processes. Vectra NDR with Vectra Match is available for evaluation and purchase today. For additional information, please visit the following resources. About Vectra Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. Only Vectra optimizes AI to detect attacker methods - the TTPs at the heart of all attacks - rather than simplistically alerting on "different." The resulting high-fidelity threat signal and clear context enables cybersecurity teams to rapidly respond to threats and stop attacks from becoming breaches. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure - both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

Read More