BlueRed Partners Announces $18-million Series B Funding in US-based Cybersecurity Startup Cynet

BlueRed | June 30, 2020

SINGAPORE-BASED BlueRed Partners has led a US$18-million, extended Series B fundraising in US-based cyber security startup Cynet, the venture firm announced in a statement on Tuesday. The round was joined by German telecommunications firm Deutsche Telekom and cyber security firm Merlin International. Cynet’s existing investors Norwest Venture Partners and Ibex Investors also participated in the round. Cynet, the world’s first autonomous breach-protection platform that consolidates and automates monitoring and control, attack prevention and detection and response orchestration, will use the fresh funding to strengthen its breach-prevention platform, as well as to expand in the US and international markets. The firm says it has hundreds of customers globally, ranging from small companies to large enterprises. Yishai Klein, managing partner of BlueRed, said in the statement: “Cynet has the requisite talent and technology to succeed in the white-hot cyber security market, particularly automated breach protection, which continues to present growth opportunities to innovation leaders. Their support and success rate for organisational cyber-security initiatives with respect to threat prevention, detection and response have been very impressive.” Laurence Harel, who heads strategic business development at BlueRed, added that the venture firm looks forward to helping Cynet expand into the Asian market.

Spotlight

The growing requirement for mobile access and BYOD (Bring Your Own Device) can give organizations significant headaches in areas of security, management of devices, and content availability. How employees access corporate information is changing and organizations need to respond to these changes or risk having to play catch-up with their policies and processes.


Other News
SOFTWARE SECURITY

Whistic Announces Support of Google’s Minimum Viable Secure Product Framework

Whistic | May 23, 2022

Today, Whistic, the proactive vendor security network for both buyers and sellers, announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google in a collaborative effort with Okta, Slack, and Salesforce. Until the introduction of MVSP, there was no commonly accepted baseline available among security professionals that indicated the importance of security controls. With MVSP, vendors can demonstrate to their customers that they are meeting, at a minimum, the baseline of security as outlined by some of the industry’s top security professionals. “We believe a vendor-neutral security baseline is an important step in establishing minimum acceptable security requirements for enterprise software and services. “By assuring enterprise solutions include the core security building blocks, we can work to reduce third-party risk, and promote security as a key part of the product development lifecycle.” Chris John Riley, Senior Security Engineer at Google Vendors that utilize Whistic to share security documentation via the MVSP help streamline and accelerate the security review process for their customers, helping them to rapidly understand the vendor’s security posture. “Enabling companies to showcase their security posture using the MVSP and other industry frameworks is a key step toward ensuring transparent relationships between vendors and their customers,” stated Nick Sorensen, Whistic CEO. “In addition to announcing support of MVSP, we recently launched Whistic Basic Profile that enables any business regardless of size to proactively share their security posture with customers and publish it to the Whistic Vendor Security Network for free.” Basic Profile allows vendors to self-assess against industry standard frameworks, including MVSP. It also includes a limited number of Profile shares, and the ability to publish to the Whistic Trust Catalog, enabling Whistic customers to conduct Zero-Touch Assessments of the vendor’s security posture. “Okta has already added MVSP to our Whistic Profile and we look forward to seeing more and more of our vendors adopt this baseline in their Profiles,” said Gen Buckley, Director, Customer Assurance Customer Trust at Okta Security and founding committee member of MVSP. “We are always looking for ways to streamline our vendor security reviews and drive a more secure ecosystem, and MVSP helps accomplish that while also promoting transparency and collaboration between vendors and customers.” Marat Vyshegorodtsev, Enterprise Security JAPAC representative at Salesforce adds, “Organizations of all sizes often purchase dozens of software products managed by third parties. The onboarding process alone can take weeks or months, especially when it comes to vetting the security posture for each. MVSP helps solve this—it standardizes this process and eliminates overhead, complexity, and confusion for both parties while ensuring the minimum-security requirements.” About Whistic Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs.

Read More

DATA SECURITY

Atakama and BigID Announce Strategic Alliance for Discovering and Protecting Sensitive Data

Atakama | February 16, 2022

Atakama, the leading encryption company, has partnered with BigID, the leading data intelligence platform, to provide organizations with an integrated, automated approach to discovering and protecting sensitive and critical data. The integration of Atakama's file encryption solution with BigID's data discovery and classification ensures that organizations can automate well-defined policies to discover, classify, and protect their data. Together, BigID and Atakama make it easy for customers to accelerate governance, reduce risk, protect their sensitive data with advanced encryption, and achieve continuous data compliance. BigID enables customers to automatically discover, catalog, and classify all types of data and metadata, structured and unstructured. This includes PII, PHI, NPI, IP, and other sensitive, critical, and regulated data. Once the data has been identified, BigID can label and tag data in accordance with the organization's policies. Atakama can read the labels and immediately encrypt files in whichever location the files are stored. The integration of BigID and Atakama provides a powerful and scalable approach to sensitive data discovery and protection across the entire enterprise. "BigID together with Atakama provides our customers with a seamless, but multi-faceted approach to data security,This partnership takes data protection to another level and will immediately strengthen an organization's security posture through unmatched visibility and control. We're thrilled to have Atakama be an integral technology partner via the BigID App Marketplace as we continue helping organizations meet their data management and security objectives." Marc DeGaetano, CRO at BigID "Partnering with BigID is a natural fit given their industry-leading capabilities across discovery and classification," said Scott Glazer, CRO at Atakama. "The ability to discover and protect sensitive data is the cornerstone of a successful cybersecurity program. We're thrilled to be able to work with BigID to deliver the combined solution to our customers via the BigID App Marketplace, who can trust that their data has been properly identified and securely protected." About BigID BigID's data intelligence platform enables organizations to know their enterprise data and take action for privacy, protection, and perspective. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, a Business Insider 2020 AI Startup to Watch, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com. About Atakama Atakama is a distributed key management solution that enables granular, file-level encryption without the need for passwords, identity and access controls, centralized servers, or HSMs. Attackers are prevented from accessing any data encrypted by Atakama even when the network or systems are breached. Atakama's distributed architecture has no single point of attack or failure, a security breakthrough that vastly exceeds the status quo for information security. By using Atakama, organizations can prevent file exfiltration, enhance regulatory compliance, secure sensitive information, and enable the cornerstone of a full-fledged zero trust infrastructure.

Read More

ENTERPRISE SECURITY

CyberRes Completes Acquisition of Debricked to Further Expand Software Supply Chain Security

CyberRes | March 15, 2022

CyberRes, a Micro Focus line of business, today announced the acquisition of Debricked, a developer-centric open source intelligence company aimed at innovating how organizations secure their software supply chain for today and the future. The addition of the cloud-native software composition analysis platform and AI/ML capabilities further drive CyberRes' strategy in the future of software resilience and DevSecOps. These aligned capabilities, combined with their vision of how developers evaluate, consume, and secure open-source components customized to their organization's need, make Debricked an extremely valuable addition to CyberRes' application security portfolio. "Nearly 90 percent of companies are developing software using open source components to accelerate their development speed to keep pace with business demands, which comes with accelerated risk," said Tony de la Lama, VP Product Management. "Our aim is to invest in and build solutions that allow organizations to secure their applications while maintaining the speed of development. Debricked is uniquely positioned in the market with their portfolio of solutions to address open source security and adds to an already robust portfolio in CyberRes to secure the software supply chain." Debricked's SaaS solution enables more intelligent selection of open source while drastically reducing the risks typically associated with it, both core requirements of modern DevSecOps programs. The service runs on state-of-the-art machine learning which enables the data quality to be extremely accurate as well as instantly updated whenever a new vulnerability is discovered. High precision, combined with developer focused UX and unique abilities to customize the service to your company's needs, makes Debricked unique in the world of open source security and positioned for accelerated growth. "We are excited at becoming a part of Micro Focus and CyberRes. Combining our team with such an industry-leading organization enables us to accelerate Debricked's journey toward our vision of making it easier for companies to use open source securely. We are also excited at the opportunity to present our customers with a full scale, robust security offering." Debricked CEO and co-founder Daniel Wisenhoff Key attributes of Debricked technologies include: Open Source Intelligence: With their latest innovation, Open Source Select, Debricked aims to make searching and comparing open source packages faster. By providing an in-depth analysis of the community health and offering contextualization, developers can make much more informed decisions. Security Vulnerabilities: Continuously and automatically identify, fix and prevent vulnerabilities in open source dependencies. Scan at every commit and get notified when new vulnerabilities appear. License Compliance: Ensure and maintain open source compliance with automated and enforceable pipeline rules, along with enabling creation of software bill of materials (SBOMs). Calculate risk levels for your repositories based on intended use. CyberRes is aimed at building the most complete portfolio that helps enterprises prepare for, respond to, and recover from cyber threats. With this acquisition, Micro Focus continues to show strong commitment and continued investment to Security and the ability to help customers and partners improve their cyber resilience posture. This additional investment includes a series of acquisitions made over the last two years, which strengthen our robust portfolio of security solutions, all focused on delivering business and technical outcomes to support cyber resilience. The latest example of how these investments come together is the recent launch of Galaxy, an immersive cyber threat experience built for CISOs and analysts. About CyberRes CyberRes is a Micro Focus line of business. We bring the expertise of one of the world's largest security portfolios to help our customers navigate the changing threat landscape by building both cyber and business resiliency within their teams and organizations. CyberRes is part of a larger set of digital transformation solutions that fight adverse conditions so businesses can continue to run today, keep the lights on, and transform to grow and take advantage of tomorrow's opportunities.

Read More

PLATFORM SECURITY

QuSecure Launches Industry’s First End-to-End Post-Quantum Cybersecurity Solution to Uniquely Address Current and Future Quantum Computing Threats

QuSecure | May 21, 2022

QuSecure™, Inc., an innovator in post-quantum cybersecurity (PQC), today introduced its quantum orchestration platform, QuProtect™, the industry’s first end-to-end PQC software-based solution uniquely designed to protect encrypted communications and data with quantum-resilience using quantum secure channels. With QuProtect, for the first time organizations can leverage quantum resilient technology to help prevent today’s cyberattacks, while future-proofing networks and preparing for post-quantum cyberthreats. Leading experts, including Arthur Herman, senior fellow and director of the Quantum Alliance Initiative at The Hudson Institute, believe that a Cryptographically Relevant Quantum Computer (CRQC), which is a quantum computer that can break current cryptography and will expose the world’s encrypted communications and data, will be available within the next 3-5 years. Additionally, nation-state attackers are currently stealing encrypted data, using a “Steal Now, Decrypt Later” (SNDL) strategy to collect global encrypted data, which will be retroactively decrypted once a CRQC is available. As a result, on May 4, the White House mandated PQC compliance via the National Security Memorandum “Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.” Also, the bipartisan Endless Frontiers Act would establish a Technology and Innovation Directorate at the National Science Foundation which would use $100 billion in federal funds over five years to research emerging technologies including quantum computing, and specifically mentions the need for PQC. Organizations will need to follow suit to protect their data and communications from post-quantum cyberthreats. QuProtect provides quantum-resilient cryptography, anytime, anywhere and on any device. QuProtect uses an end-to-end quantum security as a service (QSaaS) architecture that addresses the digital ecosystem’s most vulnerable aspects, uniquely combining zero-trust, next-generation post-quantum-cryptography, quantum-strength keys, high availability, easy deployment, and active defense into a comprehensive and interoperable cybersecurity suite. The end-to-end approach is designed around the entire data lifecycle as data is stored, communicated, and used. “Quantum technologies have the potential to represent a platform shift, and platform shifts don’t come around that often,” said Laura Thomas, former CIA Chief of Base with more than 17 years in various national security and leadership roles and currently VP of Corporate Strategy at ColdQuanta, a quantum computing and sensing company. “When they do, they bring enormous opportunity coupled with the power for intense disruption, in all arenas, to include national security and economic security. Organizations should be evaluating post-quantum encryption solutions now and mapping out the resources and timelines needed to deploy them on their networks. QuSecure is playing a key role in future-proofing our networks from current classical and future quantum attacks.” QuSecure also today announced its formal company launch. See accompanying company launch press release issued by QuSecure today at QuSecure Company Launch. “Enterprises are charged with providing high levels of data security,” said Skip Sanzeri, QuSecure Founder and COO. “We are facing the largest computer upgrade cycle in history as all public key cryptography globally needs to be upgraded to PQC. Our QuProtect solution provides organizations with a first-mover advantage as the industry accelerates toward a quantum future. QuProtect allows organizations and their clients to maintain the highest level of quantum-resilient security to address cyberthreats with minimal disruption to existing systems.” QuProtect protects any node on the network by using National Institute of Standards and Technology (NIST) approved quantum algorithms to create secure quantum communications channels. Its technology enables backwards compatibility and can translate back and forth from PQC to standard Transport Layer Security (TLS), ensuring interoperability with any network. No other company combines QuSecure’s broad-based quantum and post-quantum technologies providing secure, interoperable cybersecurity to protect organizations’ networks from quantum threats. QuProtect’s unique differentiators include (partial list): Post-quantum open-source, end-to-end data protection on all platforms and networks – QuSecure applies post-quantum protections to all systems and devices – from cloud, to server, to laptop, to edge and IoT – protecting communications and data. QuProtect uses Quantum Random Number Generation (QRNG) to create quantum-resilient cryptographic keys which provide entropy throughout the entire network. Network-wide entropy is important because true quantum randomness protects systems from vulnerabilities and attacks such as pattern detection and cryptanalysis. Easy integration and deployment with zero client-side installations supporting most platforms – QuProtect is designed to be simple to deploy, operate and manage for existing devices and systems. Any existing platform that runs cryptography can be upgraded to PQC through QuProtect’s software-upgrade solutions. QuSecure’s solution enables controlled, phased deployment in highest priority segments first, enabling organizations to audit and/or delay endpoints which don’t need immediate upgrade. QuProtect permits instantaneous re-selection of algorithms enabling crypto agility while NIST finalizes the PQC algorithms to be standardized. Continuous monitoring and attack resilience – QuProtect improves security through continuous anomaly monitoring, machine learning-enabled attack detection, and active remediation. QuProtect is the industry’s most advanced PQC solution providing end-to-end quantum-resilience for many of today’s critical use cases, including satellite, network, and IoT communications. QuProtect can be hosted on-premise or via cloud-based orchestration delivering the most compatible solution to the post-quantum problem. An organization can implement PQC across all devices on the network with minimal disruption to existing systems, protecting against current and future classical and quantum attacks which could irreparably disrupt industries and infrastructures across government and commercial sectors. About QuSecure QuSecure is an innovator in post-quantum cybersecurity with a mission to protect enterprise and government data from quantum and classical cybersecurity threats. Its patent-pending, quantum-safe solutions provide an easy transition path to quantum resiliency across any organization. The company’s QuProtect solution is the industry’s first PQC software-based platform uniquely designed to protect encrypted communications and data with quantum-resilience using a quantum secure channel. QuSecure has current customer deployments in banking/finance, healthcare, space/satellite, IT/data enterprises, datacenters and various Department of Defense agencies. QuSecure is investor backed and has offices in Silicon Valley.

Read More

Spotlight

The growing requirement for mobile access and BYOD (Bring Your Own Device) can give organizations significant headaches in areas of security, management of devices, and content availability. How employees access corporate information is changing and organizations need to respond to these changes or risk having to play catch-up with their policies and processes.

Resources