DATA SECURITY

By acquiring Cyber Lantern, Foresite Cybersecurity has added a robust risk management product to its portfolio

Foresite | February 03, 2022

Foresite
Cyber Lantern has been acquired by Foresite Cybersecurity, a cyber security innovator, and will be integrated into its security monitoring, management, and assessment systems. Foresite now offers the most comprehensive SaaS solution for SMEs wishing to automate the administration of their security, risk, and compliance initiatives, with support for more than 160 of the essential compliance standards. In addition, Foresite continues to focus on providing a holistic Cybersecurity as a Service platform that simplifies, integrates, and automates critical cyber security processes and software for time-strapped IT teams, demonstrating its commitment to serving SMEs as security risks grow.

"Smaller enterprises are at an extreme disadvantage with insufficient security processes – still woefully underserved by enterprise-focused security vendors, they typically have to rely heavily on service providers to help overcome a lack of senior security talent. Yet, they still have to shoulder the same deluge of security threats, complex regulatory demands and tough compliance standards,We need to drastically change how SMEs approach cyber security. This acquisition is another step toward fulfilling our vision of simplifying cyber security so SMEs can easily assess, build, monitor, measure, and maintain a stronger cyber posture. Integrating our teams and technology will expedite our global growth."

Matt Gyde, CEO of Foresite

With the integration of Cyber Lantern into Foresite's ProVision SaaS platform, current clients now have access to a broader array of advanced cyber security solutions. In addition, Foresite and Cyber Lantern have teamed up to provide SMEs with simple yet powerful SaaS compliance and security operations solutions. By combining Foresite's advanced data modeling and compliance automation with Cyber Lantern's advanced data modeling and compliance automation, customers will be better aware of their security posture. They will meet compliance audit readiness in days rather than months.

"Foresite was able to seamlessly integrate the robust Cyber Lantern platform into its ProVision solution to make it immediately market ready. Together, it is a powerful combination – providing a centralized solution that makes enterprise-grade risk, compliance and security management accessible for SMEs so they can better understand and implement effective security measures despite budget constraints," added Sloane Child, vice president at Elsewhere Partners, who helped oversee the acquisition.

Aside from product improvements, the acquisition adds a strong bench of security expertise to the Foresite team. All Cyber Lantern workers, including former National Security Agency (NSA) big data experts who spent two decades establishing military-grade security teams and developing US Department of Defense cyber platforms, will join Foresite immediately.

"There is a giant cyber security gap for SMEs, and the continued surge of attacks on smaller organizations prove that the hackers are well aware of that fact," noted Duane Shugars, the former CEO of Cyber Lantern who now joins the Foresight leadership team. "I think Foresite will help decrease the complexity, time and cost of cyber defense and compliance for SMEs and become an unstoppable force in the industry."

Spotlight

In just the last year, we saw more than one million new malware variants introduced per day and the number of ransomware families tripled. The average ransom amount paid spiked 266 percent to $1,077. Those kind of stark numbers provide a glimpse of the herculean task that security professionals face on a daily basis.As organizations struggle to deal with the rising security demands associated with complex networks and myriad, ever-mutating external threats, it's imperative to ensure that the right endpoint security solution is in place. This means complete endpoint security that provides full cycle protection that includes protection, detection and response specifically designed to handle a rapidly shifting security environment. The consequences for operating with more limited protection have never been clearer.


Other News
DATA SECURITY,ENTERPRISE IDENTITY,NETWORK THREAT DETECTION

Radiant Logic Named Winner of 1st Annual Cybersecurity Impact Award

Radiant Logic | August 18, 2022

Radiant Logic, the Identity Data Fabric company, announced today that it has been named the winner of the 2022 Cybersecurity Impact Award for “Best Enterprise Security Solution for Employee and Nth Party Access” from Aite-Novarica Group, a global advisory firm providing mission-critical insights on technology, regulations, strategy, and operations to the Financial Services industry. In its first year, the Cybersecurity Impact Awards program identifies the organizations and vendors pioneering new and disruptive cybersecurity tools and services. Award recipients and their innovations are bringing the financial services industry one step closer to stopping illicit cyber activity. “Our Cybersecurity Impact Awards help CISOs looking for highly innovative solutions that deliver transformative value to the institution,” said John Horn, Cybersecurity Practice Director at Aite-Novarica Group. “Seven judges worked through a rigorous scoring process to select Radiant Logic for this award. Radiant’s unique approach allows CISOs to leverage identity silos across the business, and recreate Identity as a powerful enabler for the workforce, third parties, and customers.” The award winners were selected based on various factors, including innovation, market need, and impact on customer experience and operational efficiency. All entries were considered by a panel of industry expert judges. “We’re thrilled to receive this award in such a competitive category. “RadiantOne has been known over the last twenty years as the technical enabler for solving enterprise-grade security and business challenges; with this award, we’re pleased to be recognized as a strategic investment in the security infrastructure.” Joe Sander, CEO of Radiant Logic After years of inorganic growth, piecemeal identity solutions, and a loss of control due to unplanned remote work, identity sprawl is a reality for most modern enterprises. This sprawl leads to tremendous technical debt, increased risk posture, reduced productivity, and poor decision-making capabilities. RadiantOne’s ability to unify identity data across disparate sources creates an authoritative identity data pipeline, improving security, efficiency, and ease-of-use across the organization. About Radiant Logic Radiant Logic, the enterprise Identity Data Fabric company, helps organizations combat complexity and improve security by making identity data easy to use, manage, and protect. The RadiantOne Platform turns identity data into a strategic asset, enabling organizations to improve decision making, accelerate innovation, and minimize risk. About Aite-Novarica Group Aite-Novarica Group is an advisory firm providing mission-critical insights on technology, regulations, strategy, and operations to hundreds of banks, insurers, payments providers, and investment firms—as well as the technology and service providers that support them. Comprising former senior technology, strategy, and operations executives as well as experienced researchers and consultants, our experts provide actionable advice to our client base, leveraging deep insights developed via our extensive network of clients and other industry contacts.

Read More

DATA SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS

Legit Security Discovers and Helps Remediate Software Supply Chain Vulnerabilities in Google Firebase & Apache Open-Source Projects

Legit Security | September 16, 2022

Legit Security, a cyber security company with an enterprise platform to secure an organization’s software supply chain, today announced that it discovered software supply chain attack vulnerabilities in popular open-source projects from Google and Apache. The discovered vulnerability affects GitHub, an extremely popular Source Code Management (SCM) system at the heart of many organization’s software supply chains and used by software developers globally. The Legit Security research team found a new type of CI/CD vulnerability called “GitHub Environment Injection” that allows attackers to take control of the vulnerable project's GitHub Actions CI/CD pipeline. Any GitHub user could exploit this vulnerability to modify the project’s source code, steal secrets, move laterally and attack inside the organization, and ultimately initiate a SolarWinds-like supply chain attack. The vulnerability was found in the Google Firebase project and in a very popular integration framework project from Apache. Both Google and Apache acknowledged and fixed the vulnerabilities after an initial disclosure by Legit Security. Legit Security has published a technical disclosure blog on their website including guidance for organizations to remediate this vulnerability. Legit Security’s Research Team discovered that a specially crafted payload written to a GitHub environment variable called “GITHUB_ENV” could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a “pull request” or a proposed change to the source code. The mere act of submitting the pull request will trigger the vulnerable build action and carry out a successful compromise and the attacker does not need to be subjected a code review approval from the source code maintainer for it to take effect. The Legit Security team disclosed these issues to Google and Apache project maintainers, along with remediation guidelines, and verified that these vulnerabilities weren’t exploited by a malicious actor. Both projects have been fixed and are now safe. However, these are not the only projects susceptible to this kind of attack. Since using the GITHUB_ENV file is currently considered the “safe” way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed to supply chain attacks. “This type of vulnerability joins many other software supply chain vulnerabilities and attacks targeting popular open-source projects, including GitHub, which is the largest and the de facto host of most open-source projects. “We, as a security community, must build the tools and processes to address these threats and allow organizations to trust software and use it safely. Here at Legit Security our mission is to secure every organization’s software supply chain and we are active conducting security research and collaborating on initiatives to achieve this goal." Liav Caspi, CTO and co-founder of Legit Security According to Gartner®, nearly half of organizations worldwide will experience an attack on their software supply chains by 2025, a three-fold increase from 2021. There has been a huge rise in attempts to compromise open-source projects and CI/CD build services, including GitHub Actions, to enable wide ranging attacks through software supply chains. For in-depth analysis of the GitHub Environment Injection vulnerability, along with broader information and guidance on how to protect your organization from software supply chain attacks, please visit the Legit Security website and blog. About Legit Security Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code and people so that businesses can stay safe while releasing software fast. Legit provides an easy to implement SaaS platform that supports both cloud and on-premises resources and combines automated discovery and analysis capabilities with hundreds of security policies developed by industry experts with real-world SDLC security experience. This integrated platform keeps your software factory secure and provides continuous assurance that your applications are released without vulnerabilities.

Read More

DATA SECURITY,ENTERPRISE IDENTITY

Cybeats Announces Partnership with Veracode, an Industry-Leading Application Security Firm

Cybeats | September 29, 2022

Cybeats Technologies Inc., a leading software supply chain risk and security technology provider announces a strategic partnership with Veracode, a leading global provider of application security testing solutions. The partnership will leverage complementary expertise to ensure customers receive the highest standard of cybersecurity solutions. Cybeats' software supply chain security product, SBOM Studio, will be available to customers through Veracode Partners, and the companies will explore joint commercial opportunities. Once generated within the Veracode Continuous Software Security Platform, a Software Bill of Materials (SBOM) can enable greater software security by offering a full inventory of the third-party components used within an application. Cybeats SBOM Studio is an enterprise-class solution that helps companies understand and track third-party components that are an integral part of their own software. Veracode will provide advice and guidance around the commercial deployment of SBOM Studio within its existing customer base. The partnership aims to enable both companies to continue to expand their existing presence in the global cybersecurity market. Through this alliance, the companies' joint customers will be able to maximize their technology investments and procure, develop, and deploy secure software, while reducing the risk of a security breach resulting from weak links in their software supply chain. "As a Veracode Elite Technology Alliance Partner, Cybeats brings additional expert solutions to the frictionless developer experience already offered by our Continuous Software Security Platform," said Laurie Haley, Vice President of Strategic Alliances at Veracode. "By complementing our existing software composition analysis capability, Cybeats' integrated solutions will allow customers to maximize SBOM (Software Bill of Materials) utility and simplify their workflow for greater ROI." "We are honoured to partner with Veracode to expand each other's presence in the global cybersecurity market. As the cyber risk related to software supply chain attacks continues to mount, deep visibility and universal transparency using SBOMS is necessary for resilient cybersecurity defense." Yoav Raiter, CEO, Cybeats "In this modern era of rapid development, the importance of time to market and automation is paramount. Together, Veracode and Cybeats offer a substantial contribution to enabling our customers to align with the SBOM market needs and seamlessly support practices mentioned in SSDF NIST 800-218 framework without increasing the overhead on their development and product security teams," said Dmitry Raidman, CTO, Cybeats Through a single, centralized platform offering comprehensive visibility into vulnerabilities using all software security testing types, Veracode delivers one of the industry's only cloud-native solutions that allows partners to onboard quickly and seamlessly, so companies can securely move AppSec to the cloud. As a result of this partnership, Veracode can easily integrate the full breadth of Cybeats' software solutions into their customers' environments. The partner program provides market-leading solutions and services to get partners up and running straight away, with minimal impact to their existing business. Cybeats SBOM Studio SBOM Studio provides organizations with the capability to efficiently manage SBOM and software vulnerabilities, and provides proactive mitigation of risks to their software supply chain. Key product features include robust software supply chain intelligence, universal SBOM document management and repository, continuous vulnerability, threat insights, precise risk management, open source software license infringement and utilization, and secure SBOM exchange with regulatory authorities, customers and vendors, at reduced cost. About Cybeats Cybeats is a leading software supply chain intelligence technology provider, helping organizations manage risk, meet compliance and secure software from procurement, development through operation. Our platform provides customers with deep visibility and universal transparency into their software supply chain, as a result enables them to increase operational efficiencies and revenue. Cybeats. Software Made Certain.

Read More

PLATFORM SECURITY

Cybersecurity platform CrowdSec announces new Enterprise features

CrowdSec | July 13, 2022

CrowdSec, the French security startup enhancing the open-source and collaborative cyber security solution landscape, has today announced that its IP reputation tool has expanded its features in a paid version for enterprises. While CrowdSec's Community product remains available for individual users for free, the new Professional and Enterprise features will allow organizations to maximize scarce IT resources by crowdsourcing a higher volume of cyber threat intelligence (CTI). At a time where cyber attacks are on the rise and bad actors leverage vulnerabilities stemming from scarce IT budgets and talent pools, it is important that enterprises equip themselves with the right resources to increase their capacity. That is why CrowdSec, through crowd-power, compiles a collaborative IP reputation database from its tens of thousands of users in 160+ countries. With over 3.5 million malicious IPs reported and curated to date, CrowdSec makes cyber defense a collaborative effort and increases the capacity of individual defenders to protect themselves from the global network of bad actors. From $99 per month for the Professional tier (with custom pricing for the tailored Enterprise offering), users will benefit from: Data retention of 30 days compared to seven days in the free version Multi-user set up for organizations A brand new filter feature 500 IP intelligence requests per day The ability to subscribe to topic specific and verticalized IP blocklists (ecommerce, blockchain, TOR, VPN points, etc). Dedicated support service Filter internet background noise "Shifting to a collaborative approach is critical for enterprises to increase their capacity in light of skill shortages and scarce resources. Equipping enterprises of all sizes with crowd-sourced threat intelligence levels the playing field between small and large organizations and strengthens the resilience of the defense community as a whole. "Collaborative tools like CrowdSec are more important now than ever, which is why we've launched these enhanced offerings to strengthen what enterprises can do." CrowdSec founder and CEO Philippe Humeau About CrowdSec Based in Paris and founded in 2019, CrowdSec is an open-source & collaborative IPS generating crowd-sourced CTI. CrowdSec takes a collaborative approach to cybersecurity by analyzing behaviors, responding to attacks, and sharing signals across the community.

Read More

Spotlight

In just the last year, we saw more than one million new malware variants introduced per day and the number of ransomware families tripled. The average ransom amount paid spiked 266 percent to $1,077. Those kind of stark numbers provide a glimpse of the herculean task that security professionals face on a daily basis.As organizations struggle to deal with the rising security demands associated with complex networks and myriad, ever-mutating external threats, it's imperative to ensure that the right endpoint security solution is in place. This means complete endpoint security that provides full cycle protection that includes protection, detection and response specifically designed to handle a rapidly shifting security environment. The consequences for operating with more limited protection have never been clearer.

Resources