DATA SECURITY

By Launching Threat Protection, NordVPN Entered the Antivirus Market

NordVPN | February 11, 2022

With the launching of Threat Protection, which is integrated
With the launching of Threat Protection, which is integrated into the NordVPN app, NordVPN, the world's largest VPN service provider, takes another step toward cementing its position as a market leader in cybersecurity. By preventing trackers, phishing attempts, invasive adverts, harmful websites, and corrupted files, this new function provides a complete defense against cyber threats.

"At Nord Security, we know that cybersecurity evolves rapidly, and cybersecurity tools must evolve too. And as part of a broader effort to shift into a more encompassing cybersecurity company, introducing Threat Protection brings us one step closer," says Vykintas Maknickas, product strategist at NordVPN. "With the introduction of Threat Protection, we will be able to offer more services and more comprehensive protection that doesn't depend merely on your VPN connection."

Threat Protection protects against three types of threats. Web trackers and malicious adverts, as well as hazardous websites and corrupted files, are among them.

Web trackers and malicious ads

Defending against trackers is often outside the scope of a VPN, which is where Threat Protection comes in. Threat Protection improves the overall web privacy experience by ultimately preventing trackers. In real-time, you can monitor and manage the blacklisted trackers.
Harmful websites

To avoid harmful websites, utilize Threat Protection while browsing the web. Before the page loading, Threat Protection displays a warning popup. This allows you to escape rather than proceed to a potentially hazardous site where you could be phished or have your info harvested.
Infected files

Threat Protection can also be the first line of security while downloading a file from the internet. It will scan the file for malware and, if none are found, it will be designated as safe without any interruptions. However, if malware is discovered, the file will be removed before it can cause any harm. You'll also get access to a log of scanned files that you may look at at any time.

"Threat Protection takes what was once the task of antivirus software and merges it with NordVPN,Regardless of how long you have been using the internet, you can end up falling victim to some precarious website or download. This is exactly why Threat Protection was introduced — to add a layer of security to make your online browsing safer, cleaner, and more private."

Vykintas Maknickas, product strategist at NordVPN

Users must download the newest OpenVPN version of the NordVPN app from the official website to use Threat Protection. Users will be protected without connecting to a VPN server once the feature is enabled. Threat Protection is currently available for all macOS users, and Windows users will receive it gradually.

NordVPN is a service provided by Nord Security. Nord Security is steadily progressing toward its goal of being an all-in-one cybersecurity solution. Three more market-leading products join NordVPN: NordLocker, an encrypted cloud storage solution; NordPass, a next-generation password manager; and NordLayer, an advanced network access security solution.

Spotlight

"Imagine a scenario: In a single day, a disgruntled employee opposed to the practices of your company downloads sensitive or confidential company documents, announces his or her resignation, and tells the inside story to a journalist friend. The revelations become front-page news, and the company's legal and public relations teams spend millions trying to repair the company's tarnished brand. Perhaps they succeed. Perhaps they don't."


Other News
SOFTWARE SECURITY

JFrog Integrates with ServiceNow to Improve Software Security Vulnerability Response Times with “ServiceOps”

JFrog | May 27, 2022

JFrog Ltd. , the Liquid Software company and creators of the JFrog DevOps Platform, today unveiled new integrations for JFrog Xray with ServiceNow’s Lightstep Incident Response and Spoke products for IT Service Management. Available immediately, the JFrog Xray integrations with ServiceNow (NYSE: NOW) provide IT leaders with real-time insights on security vulnerabilities and compliance issues to quickly engage necessary team members from across the organization for more immediate response and remediation. “Successfully securing the software supply chain at the speed of business is a team sport, requiring efficient, cross-team collaboration for timely security incident remediation. Our integration with ServiceNow aims to change the relationship between developers and the rest of the business, so they can maintain the speed and frequency of releases, while avoiding downtime and loss of trust from end customers." Shlomi Ben Haim, Co-Founder and CEO, JFrog The new integration enables IT teams to proactively address security issues before they become major concerns. The combination of JFrog Xray and ServiceNow delivers a robust software composition analysis (SCA) tool that can quickly scan binaries for vulnerabilities and license compliance issues, then share those insights with the appropriate parties across the organization. The JFrog Xray-ServiceNow solution is unique in that it helps DevOps engineers, site reliability engineers (SREs), IT system administrators, and others, more securely build, deploy, run, and monitor applications effortlessly, in a single view. It also enables real-time security alerts and insights with assigned actions across all the tools, people, and processes needed for timely resolution. JFrog Xray & ServiceNow: Delivering Incident Response & Enterprise-wide Workflow Design for Security Incidents Identifying and effectively responding to malicious attacks must transcend business units and operational functions. By improving real-time insight, collaboration, and communication amongst and between enterprise security and IT teams, the JFrog Xray-ServiceNow integrations ensure swift responses to emerging security threats. The JFrog Xray integration with Lightstep Incident Response enables developers, SREs, and Security Administrators to: Monitor, collect and respond to license compliance and security vulnerabilities impacting the software supply chain across all stages of the software development and release lifecycle. Streamline vulnerability response by pulling-in the right team members across the organization for faster remediation. The JFrog Xray Spoke for ServiceNow allows IT operations staff to: Generate violation reports, create ‘ignore rules’, re-scan builds, add custom item properties, and more. Automate workflows that meet audit demands and avoid penalties for improper use of code segments obtained from the open-source community. Identify problems earlier in the application development pipeline and incorporate change management solutions. For more information on the new JFrog Xray integrations for ServiceNow Lightstep Incident Response, read this blog or solution sheet. Further details on the JFrog Xray integration with Spoke can be found in this blog. You can also connect with JFrog and ServiceNow solution experts during swampUP 2022 taking place in San Diego, May 25 - 26, 2022. For more information and to register, visit https://swampup.jfrog.com/. About JFrog JFrog Ltd. , is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back.

Read More

PLATFORM SECURITY

Searchlight Security Elevates Dark Web Intelligence to Board Level with New Automated Reporting

Searchlight Security | August 02, 2022

Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives. DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business. DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats. “Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.” Eric Milam, EVP product at Searchlight Security DarkIQ Reporting gives enterprise security teams and MSSPs the ability to: Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform. Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data. Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations. Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers. Resource more effectively - with less time spent on reporting so they can spend more time protecting the business. Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence. Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.” About Searchlight Security Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Read More

DATA SECURITY

Veza, the Data Security Platform Built on the Power of Authorization, Announces Blackstone as a Customer and Strategic Series C Investor

Veza | June 27, 2022

Veza, the data security platform built on the power of authorization, announced an investment in their Series C funding round from Blackstone Innovations Investments, along with participation from previous investors. To date, Veza has raised a total of $110 million from top-tier investors including Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, True Ventures, and others. Blackstone has also selected Veza to help modernize its data security and access governance. Veza empowers organizations to address today’s greatest cybersecurity challenge: who can and should take what action on what data. As the world increasingly moves online, our changing behaviors are driving a transformational shift toward multi-cloud data systems, apps, computing, and infrastructure. This shift creates a complex, distributed web of human identities, accounts, apps, services, and access points that are constantly changing and susceptible to vulnerabilities. To address this, Veza takes a comprehensive approach that pulls together authorization data from disparate systems, giving customers a single source of truth to manage data access and controls. “Having a world-class cybersecurity program that protects our brand, reputation, investors and intellectual property is of paramount importance to our firm, and we are continuing to incorporate innovative technology solutions,” says Adam Fletcher, Chief Security Officer at Blackstone. “Our team is always looking for ways to develop a more comprehensive view of access across all of our applications and cloud infrastructure to allow us to modernize the firm’s access controls. We are excited to partner with Veza to help us accomplish this.” “Blackstone Innovations Investments is committed to investing in cutting-edge technology companies that we believe will have a meaningful impact on Blackstone, our portfolio companies, and the broader industry. We look forward to working with Veza and their impressive leadership team as they enter this next phase of growth,” comments Stevi Petrelli, Head of Blackstone Innovations Investments. “Institutions across multiple industries view Blackstone as an example of exceptional technology deployment and cybersecurity expertise. “Veza has greatly benefited from Blackstone’s product feedback and market insights. We are thrilled to work with Blackstone’s Security team to further modernize data security for their hybrid and multi-cloud environment.” Tarun Thakur, CEO and Co-Founder of Veza Additional investment in Veza comes from notable entrepreneurs including Dheeraj Pandey, Co-founder & CEO, DevRev and former CEO, Nutanix, and Lars Dalgaard, Founder Luv Ventures, Founder & Former CEO, SuccessFactors. “Authorization is the source of truth when it comes to understanding who has access to what,” says Dheeraj Pandey, Co-Founder and CEO of DevRev. “Understanding authorization at scale is one of the hardest problems to address and I am excited to watch team Veza bring on a new era of identity, rooted in authorization. Veza is defining authorization as a standard for protecting data against ransomware and other forms of data breach.” “Entrepreneurs will tell you that company building is one of the hardest, yet rewarding experiences, with real potential to make an impact,” says Lars Dalgaard, Founder Luv Ventures, Founder & Former CEO SuccessFactors. “When evaluating any company, I look for deep technical breakthrough for a massive market opportunity, deal composition and company traction, and passion amongst founders. And, I’m very excited to be partnering with Tarun and Veza on the mission to build an iconic company that will revolutionize the data security industry for decades to come.” About Veza Veza is the data security platform built on the power of authorization. Our platform is purpose-built for hybrid multi-cloud environments to help you use and share your data safely. Veza makes it easy to understand, manage, and control who can and should take what action on what data. We organize authorization metadata across identity providers, data systems, cloud service providers, and applications — all to address the toughest data security challenges of the modern era. Founded in 2020, the company is funded by top-tier investors including Accel, Bain Capital, Ballistic Ventures, Blackstone, GV, Norwest Venture Partners, and True Ventures. To learn more, please visit us at veza.com. Many Fortune 500, Fortune 1000 and smaller organizations use its data security platform for protection against ransomware, modernizing access governance for critical data and apps, and implementing data lake security for Snowflake and other solutions.

Read More

DATA SECURITY

HYAS Infosec Announces General Availability of Cybersecurity Solution for Production Environments

HYAS | August 10, 2022

Leading security technology firm HYAS Infosec — whose proactive solutions ensure that businesses can keep moving full forward in our ever-changing world — today announced the general release of its newest product, HYAS Confront, a cybersecurity solution offering complete visibility into every corner of a production environment. HYAS will be demoing Confront at Black Hat USA in Las Vegas from August 8 to August 11. Production environments are increasingly becoming a target for bad actors, as they want their attacks to cause as much disruption as possible. Afterall, if a company’s production environment is rendered inoperable, its ability to generate income is shut down. HYAS Confront addresses this growing issue by giving DevSecOps teams complete visibility into their production environment. HYAS Confront finally gives them a definitive picture of which devices on their network are communicating with one another, which devices are sending traffic outside the network, and how often and to whom they are sending it. HYAS Confront also automatically identifies communication to known command and control servers as well as other risks and threats. “We have gotten an excellent response from our first customers, who began using the service during development and testing. “We are extremely proud of the solution we have brought to market and the vital role it fulfills in providing complete network visibility.” HYAS CEO David Ratner Most cybersecurity solutions on the market today focus on protecting the perimeter of your network, but unfortunately, regardless of the strength of your outward-facing security posture, you will be breached at some point. The numbers bear this out, with 97 percent of companies reporting having experienced a successful cybersecurity breach at some point. However, even if bad actors sneak past your perimeter security, they can’t hide from the foundational network monitoring provided by HYAS Confront. Once deployed, a process that usually takes less than 30 minutes, it establishes a baseline of normal, healthy network traffic. With this data, HYAS Confront can recognize aberrations from normal traffic patterns that could indicate a problem. When such an anomaly is discovered, Confront alerts administrators so they can take appropriate action. But the benefits of full production environment visibility doesn’t end with security. HYAS Confront can also reveal issues like misconfigurations, violations of policies or controls, and incomplete removal of malware after an attack. One of the most difficult aspects of incident response is ensuring that the environment is actually clean again, and HYAS Confront’s visibility can play a vital role in that process. It can also be a useful tool for understanding service assurance. This innovative solution integrates seamlessly with other network management and security infrastructure, working alongside them to enhance the value of these pre-existing investments. This improves overall network health, preventing problems down the road and giving businesses the confidence to move forward at full speed. “Production environments are so critical to a company’s ability to function, and unfortunately, no matter how strong your perimeter is, bad actors will eventually find a way in,” said Ratner. “HYAS Confront’s distinctive ability to detect anomalies within your production environment ensures that even in these cases, you can uncover the problem before it does damage, letting businesses operate confidently and without fear of costly interruptions.” About HYAS HYAS is a valued partner and world-leading authority on cyber adversary infrastructure and communication to that infrastructure. We help businesses see more, do more, and understand more about the nature of the threats they face — or don’t even realize they are facing — in real time. HYAS’s foundational cybersecurity solutions and personalized service provide the confidence and enhanced risk mitigation that today’s businesses need to move forward in an ever-changing data environment.

Read More

Spotlight

"Imagine a scenario: In a single day, a disgruntled employee opposed to the practices of your company downloads sensitive or confidential company documents, announces his or her resignation, and tells the inside story to a journalist friend. The revelations become front-page news, and the company's legal and public relations teams spend millions trying to repair the company's tarnished brand. Perhaps they succeed. Perhaps they don't."

Resources