ContraForce | December 28, 2021
DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies, announced today a $2M seed investment in ContraForce, a leader in no-code security automation for small and medium-sized businesses.
ContraForce delivers a no-code security automation platform that makes cyber security accessible for small and medium-sized businesses that lack the resources and expertise to defend themselves. In addition, ContraForce also brings this facility to security compliance; a critical feature, as customers, regulators and insurance companies are putting increasing pressure on small and mid-sized organizations to not only be secure, but also to prove it.
No longer is it acceptable for smaller organizations to be a step behind in their security and compliance. Hackers are increasingly targeting them for ransomware or as an entry point into a supply chain. Because small businesses typically have limited resources to cope with a cyber attack, cyber attacks can represent an existential risk for them. ContraForce enables small and mid-sized businesses to manage this risk with their easy-to-use, self-service platform to automate threat detection, response, and compliance.
“We are thrilled to announce DataTribe's most recent investment in ContraForce on the heels of the company winning the fourth annual DataTribe Challenge,” said John Funge, Managing Director at DataTribe. “By providing a sort of security and compliance ‘easy button’, ContraForce is filling a really significant gap. Just because an organization is small does not mean that it does not possess vital data, IP, or access to strategic networks. It is paramount that smaller organizations overcome the resource barriers to robust security. ContraForce’s unique approach dramatically lowers these barriers.”
“I am looking forward to working with DataTribe as we build on the ContraForce team's passion for simple and effective cybersecurity solutions designed for the needs of small and medium-sized businesses,”
Stan Golubchik, CEO and co-founder of ContraForce
ContraForce’s security and compliance solutions map security vulnerabilities to the industry standard MITRE ATT&CK framework. They create and adapt security detection and response capabilities in real-time, ensuring the environment is secured in hours across the cloud, network, endpoint, and users. By using ContraForce, an organization without dedicated security personnel can respond to threats without having to learn or write complex security detection code and response workflows.
DataTribe is a startup foundry that invests in and co-builds world-class startups focused on generational leaps in cybersecurity and data science. Founded by leading investors, startup veterans, and alumni of the U.S. intelligence community, DataTribe commits capital, in-kind services, access to an unparalleled network, and decades of professional expertise to give their companies an unfair advantage. DataTribe is headquartered in the Washington-Baltimore metro area, in Fulton, Maryland.
ContraForce is the new no-code security automation company. We focus on securing the small and medium-sized businesses by helping their security and IT teams work smarter, allowing them to implement automated operations that are effective in combating cyberattacks and demonstrating compliance. ContraForce is headquartered in McKinney, Texas and was founded and built by industry security and cloud experts from Armor, McAfee, and Intel. ContraForce's mission is to empower IT and Security teams and enable them to be more efficient.
Palo Alto Networks | May 12, 2022
Palo Alto Networks , the global cybersecurity leader, today urged the industry to move to Zero Trust Network Access 2.0 (ZTNA 2.0) — the foundation for a new era of secure access. ZTNA was developed as a replacement for virtual private networks (VPNs) when it became clear that most VPNs did not adequately scale and were overly permissive, but the first-generation ZTNA products (ZTNA 1.0) are too trusting and can put customers at significant risk. ZTNA 2.0 solves these problems by removing implicit trust to help ensure organizations are properly secured.
"This is a critical time for cybersecurity. We are in an era of unprecedented cyberattacks, and the past two years have dramatically changed work — for many, work is now an activity, not a place. This means that securing employees and the applications they need is both harder and more important. Zero trust has been embraced as the solution — and it is absolutely the right approach! Unfortunately, not every solution with Zero Trust in its name can be trusted. ZTNA 1.0 — for example — falls short."
Nir Zuk, founder and chief technology officer at Palo Alto Networks
For modern organizations where hybrid work and distributed applications are the norm, ZTNA 1.0 has several limitations. It is overly permissive in granting access to applications because it can't control access to sub-applications or particular functions. Additionally, there is no monitoring of changes in user, application or device behavior, and it can't detect or prevent malware or lateral movement across connections. ZTNA 1.0 also cannot protect all enterprise data.
ZTNA 2.0-capable products, such as Palo Alto Networks Prisma® Access, help organizations meet the security challenges of modern applications, threats and the hybrid workforce. ZTNA 2.0 incorporates the following key principles:
Least-privileged access — enables precise access control at the application and sub-application levels, independent of network constructs like IP addresses and port numbers.
Continuous trust verification — after access to an application is granted, continuous trust assessment is ongoing based on changes in device posture, user behavior and application behavior.
Continuous security inspection — uses deep and ongoing inspection of all application traffic, even for allowed connections to help prevent threats, including zero-day threats.
Protection of all data — provides consistent control of data across all applications, including private applications and SaaS applications, with a single data loss prevention (DLP) policy.
Security for all applications — consistently secures all types of applications used across the enterprise, including modern cloud native applications, legacy private applications and SaaS applications.
In a new report, John Grady, ESG senior analyst, said: "[F]irst-generation/ZTNA 1.0 solutions fall short in many ways on delivering on the promise of true zero trust. In fact, they grant more access than is desired. What's more, once access is granted in ZTNA 1.0 solutions, the connection is implicitly trusted forever, allowing a handy exploit route for sophisticated threats and/or malicious actions and behavior." Grady also said, "It is time to embrace a new approach to ZTNA, one that has been designed from the ground up to meet the specific challenges of modern applications, threats, and a hybrid workforce."
"Securing today's hybrid workforce, with an increase in cloud and mobile technologies and evolving requirements, can be complicated," said Jerry Chapman, engineering fellow, Optiv. "Rethinking Zero Trust is essential for modern, hybrid organizations to prevent threats. Together with Palo Alto Networks, we're advising our customers to incorporate ZTNA 2.0 principles like continuous review of identity and connection across their domains to stay secure."
New Prisma Access Capabilities
Palo Alto Networks Prisma Access is the industry's only solution that meets today's ZTNA 2.0 requirements. Prisma Access protects all application traffic with best-in-class capabilities while securing both access and data.
New additions to Prisma Access announced today add the following capabilities:
ZTNA connector — simplifies the process of onboarding cloud native and traditional applications into the service, helping make ZTNA 2.0 easier to deploy and more secure.
The industry's only unified SASE product — providing a common policy framework and data model for all SASE capabilities, managed from a single cloud management console.
Self-serve autonomous digital experience management (ADEM) — helps proactively notify users of issues that require prompt attention and provides them with guidance on how to remediate.
Prisma Access is generally available today with full support for ZTNA 2.0. The new ZTNA connector, unified SASE, and self-service ADEM will be available in the next 90 days.
About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.
INFOSEC PROJECT MANAGEMENT
HUB Security | April 28, 2022
Today, HUB Security , a secure computing solutions provider, announced it has signed a strategic partnership with testing and cyber security leader, TestArmy, to offer HUB Security's Advanced DDoS Simulation Platform - D.Storm. HUB Security will be TestArmy cyber security partner to enhance current offerings and work together to reach ransomware resilience in the polish and central European market.
TestArmy Group is one of the fastest growing testing companies in Central Europe. Specializing in cyber security and quality assurance of digital products.
"With organizations challenged with increasing and new cyber incidents, we see great value in partnering with TestArmy and developing together future cyber solutions for the European market."
Eyal Moshe, CEO and co-founder of HUB Security
"With the growing list of customers we help protect and require the most advanced security solutions to maintain their operations," said Wojciech Humiński, CEO at TestArmy. "HUB Security's solutions will allow our customers a higher level of cyber readiness facing current and new cyber threats."
About HUB Security
HUB Security was established in 2017 by veterans of the 8200 and 81 elite intelligence units of the Israeli Defense Forces. The company specializes in unique Cyber Security solutions protecting sensitive commercial and government information. The company debuted an advanced encrypted computing solution aimed at preventing hostile intrusions at the hardware level while introducing a novel set of data theft prevention solutions. HUB operates in over 30 countries and provides innovative cybersecurity computing appliances as well as a wide range of cybersecurity professional services worldwide.
TestArmy Group is one of the fastest growing testing companies in Central Europe according to the Deloitte ranking (2019). Security, UX and Quality Assurance testing company with 80+ professional IT software testers/pentesters who possess ISTQB or other world renowned certificates.
Whistic | May 23, 2022
Today, Whistic, the proactive vendor security network for both buyers and sellers, announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google in a collaborative effort with Okta, Slack, and Salesforce.
Until the introduction of MVSP, there was no commonly accepted baseline available among security professionals that indicated the importance of security controls. With MVSP, vendors can demonstrate to their customers that they are meeting, at a minimum, the baseline of security as outlined by some of the industry’s top security professionals.
“We believe a vendor-neutral security baseline is an important step in establishing minimum acceptable security requirements for enterprise software and services. “By assuring enterprise solutions include the core security building blocks, we can work to reduce third-party risk, and promote security as a key part of the product development lifecycle.”
Chris John Riley, Senior Security Engineer at Google
Vendors that utilize Whistic to share security documentation via the MVSP help streamline and accelerate the security review process for their customers, helping them to rapidly understand the vendor’s security posture.
“Enabling companies to showcase their security posture using the MVSP and other industry frameworks is a key step toward ensuring transparent relationships between vendors and their customers,” stated Nick Sorensen, Whistic CEO. “In addition to announcing support of MVSP, we recently launched Whistic Basic Profile that enables any business regardless of size to proactively share their security posture with customers and publish it to the Whistic Vendor Security Network for free.”
Basic Profile allows vendors to self-assess against industry standard frameworks, including MVSP. It also includes a limited number of Profile shares, and the ability to publish to the Whistic Trust Catalog, enabling Whistic customers to conduct Zero-Touch Assessments of the vendor’s security posture.
“Okta has already added MVSP to our Whistic Profile and we look forward to seeing more and more of our vendors adopt this baseline in their Profiles,” said Gen Buckley, Director, Customer Assurance Customer Trust at Okta Security and founding committee member of MVSP. “We are always looking for ways to streamline our vendor security reviews and drive a more secure ecosystem, and MVSP helps accomplish that while also promoting transparency and collaboration between vendors and customers.”
Marat Vyshegorodtsev, Enterprise Security JAPAC representative at Salesforce adds, “Organizations of all sizes often purchase dozens of software products managed by third parties. The onboarding process alone can take weeks or months, especially when it comes to vetting the security posture for each. MVSP helps solve this—it standardizes this process and eliminates overhead, complexity, and confusion for both parties while ensuring the minimum-security requirements.”
Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs.