DATA SECURITY

Climb Channel Solutions Signs Agreement with Palo Alto Networks to Distribute Best-in-Breed Cybersecurity Solutions

Climb | June 03, 2021

Climb Channel Solutions, an international specialty technology distributor and wholly-owned subsidiary of Wayside Technology Group, Inc. (NASDAQ: WSTG), announced a new agreement today with global cybersecurity leader, Palo Alto Networks, to distribute Palo Alto Networks Prisma Access and Prisma SD-WAN (formerly CloudGenix SD-WAN) solutions.

The addition of Prisma Access with Prisma SD-WAN from Palo Alto Networks reinforces Climb's leadership in enterprise cybersecurity, by offering best-in-class protection for dynamic customer environments defined by remote and hybrid workforces and expanding cloud footprints.

Prisma Access delivers the industry's most complete cloud-delivered security platform, protecting all application traffic so organizations can safely enable secure remote workforces. It consolidates best-of-breed security capabilities – including firewall-as-a-service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA), cloud access security broker (CASB), and more – into a consistent global services edge that delivers more security coverage than any other solution. Built upon a massively scalable network with ultra-low latency and backed by industry-leading SLAs, Prisma Access ensures a great digital experience for end-users. Combined with our CloudGenix next SD-WAN portfolio – the industry's first next-generation SD-WAN solution that simplifies management enables app-defined SD-WAN policies and delivers a secure, cloud-delivered branch – Palo Alto Networks enables organizations to transform their infrastructure with the most complete SASE offering, which simplifies the delivery of consistent security at scale while ensuring optimal work from anywhere experience.

Spotlight

RedTalk: Discover, Detect, and Respond to Cloud Security Incidents Using an Extensible Language called RedLock Query Language (RQL). In order to provide comprehensive security and operational visibility across AWS, Azure, and Google Cloud Platform (GCP) environments, the RedLock Cloud 360 platform ingests various services from the cloud service providers such as IAM, Virtual Machines, Storage Services, and more. Once ingested, we provide standard, out-of-the-box policies to look for potential security risks.


Other News
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Upstream Deepens Investment in Michigan, US with a New Vehicle Security Operation Center

Upstream | September 08, 2022

Upstream, the creator of industry-leading cloud-based cybersecurity and data management platform for connected vehicles and smart mobility, is opening its first U.S.-based vehicle security operation center (vSOC) in Ann Arbor, Michigan, to closely surveil and mitigate emerging cyber threats and risks for its U.S.-based automotive clients. Data and connectivity are the foundation of the automotive industry's transformation, unlocking new revenue streams and business opportunities for automotive stakeholders and users. But, connectivity and mobility applications bring a wide range of cyber risks. "Upstream enables OEMs to build trust into the connected vehicles ecosystem. "Our platform monitors over 12 million vehicles worldwide. We see new attack surfaces and threats on a regular basis, fueled by a wide variety of vulnerabilities, including EV charging networks, expanded use of smartphone apps that control basic car functions and infotainment systems. This is the right timing to open our U.S.-based vSOC, and Michigan is a natural choice." Yoav Levy, CEO and co-founder of Upstream "Companies continue to invest in Michigan because of our world-class talent, quality of life, low cost of doing business and culture of innovation," said Trevor Pawl, Michigan's Chief Mobility Officer. "Michigan remains committed to being the global epicenter of the next revolution of the automotive industry and we applaud Upstream's continued success and investment in Michigan's autonomous and electrified future." "Vehicles are benefiting from a wave of technology innovation, producing transportation that is safer and smarter thanks to connectivity," said Faye Francy, executive director of Auto-ISAC, a global information sharing community established by automakers to address cybersecurity risks. "The very technology that provides us with these new efficiencies also introduces potential cyber risk to the vehicle, and vSOC operations is an application for the automotive industry to proactively address the risk." In fact, Upstream found more than 50 percent of all reported automotive-related cybersecurity incidents took place during the past two years alone. "Customer experience applications, by OEMs and smart mobility providers, are one of the fastest growing attack surfaces and account for 6 percent of total attacks in 2022 so far compared to 2 percent in 2021, explains Yaniv Maimon, Upstream's director of vSOC. "Charging stations and infrastructure have also become a significant concern, especially given range anxiety concerns and the constant pressure to accelerate EV adoption." At the Michigan vSOC, Upstream is hiring and training experienced local cyber and automotive experts to operate the vSOC, offer cross-functional response and mitigate attacks in real time. "Southeast Michigan's emergence as a high-tech mobility hub and its proximity to our automotive customers, their Tier-1 suppliers and cybersecurity talent makes it a perfect setting for our new vSOC," Levy said, adding that traditional security operation centers focus on compliance and IT assets and lack the holistic and contextual view required to mitigate cybersecurity threats against vehicles, services and entire fleets. The Michigan-based vSOC is expected to be fully operational by the end of the year. It adds to Upstream's growing network of automotive-specific security centers already active in Israel, and coming soon in Japan. Additional vSOC investments are expected in Europe in the near future. About Upstream: Upstream provides a cloud-based data management platform purpose-built for connected vehicles, delivering unparalleled automotive cybersecurity detection and response (V-XDR) and data-driven applications. The Upstream Platform unlocks the value of vehicle data, empowering customers to build connected vehicle applications by transforming highly distributed vehicle data into centralized, structured, contextualized data lakes. Coupled with AutoThreat® Intelligence, the first automotive cybersecurity threat intelligence solution, Upstream provides industry-leading cyber threat protection and actionable insights, seamlessly integrated into the customer's environment and Vehicle Security Operation Centers (vSOC).

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Datadog Launches Cloud Security Management to Provide Cloud Native Application Protection

Datadog | October 20, 2022

Datadog, Inc., the monitoring and security platform for cloud applications, today announced the general availability of Cloud Security Management. This product brings together capabilities from Cloud Security Posture Management (CSPM), Cloud Workload Security (CWS), alerting, incident management and reporting in a single platform to enable DevOps and Security teams to identify misconfigurations, detect threats and secure cloud-native applications. As organizations' cloud architectures become more complex, assessing security risks and collaborating across teams to mitigate them has become increasingly difficult. While security engineers are responsible for identifying threats and misconfigurations, DevOps teams are responsible for remediating them. DevOps and security teams often use multiple point solutions and tools to report on and resolve issues, but these tools provide an incomplete view of security risks and create silos between teams. Datadog's Cloud Security Management brings together observability and security insights across an organization's entire cloud environment—without the need to deploy additional agents. This shared context provides security engineers with deeper insights to collaborate with DevOps teams and more quickly remediate security issues. "Tight collaboration between security and DevOps teams is required to mitigate security risks in today's environments. This change has been brought on by the move to the cloud. Security teams today cannot take countermeasures alone without potentially impacting the performance and reliability of production systems. "Datadog Cloud Security Management helps these teams work together to remediate issues quickly by providing a single platform—as opposed to multiple point solutions—that delivers a complete view of an organization's infrastructure and risk exposure." Prashant Prahlad, VP of Product at Datadog "Using Cloud Security Management was like having a member of the InfoSec team embedded within our DevOps team," said Chad Upton, Vice President of Infrastructure at FirstUp. "All the security metrics were front and center so they could easily see the number of misconfigured resources in a single view and they didn't have to wait for someone from InfoSec to reach out and let them know there was an issue." "Because Datadog Cloud Security Management shows observability and security data together, alongside the resource relationship graph, we were able to remove cloud resources that were no longer in use and easily understand the impact of misconfigured cloud resources by visualizing all dependencies," said Ben Collen, Senior Director of Engineering and CISO at Vertex. Cloud Security Management expands on the foundational capabilities of cloud security posture management and cloud workload security of a CNAPP solution through: Resource Relationship Graph: By providing a visual risk assessment of misconfigured resources and vulnerabilities across an organization's cloud infrastructure, DevOps teams can take remedial actions based on the impact of the risk. Custom Detection Rules: Teams can now create fine-grained threat detection rules across all cloud resources—including their associated logs and security incident events. Resource Catalog (Beta): Engineers can access a comprehensive visual representation of all security risks associated with each cloud resource in a customer's environment and identify the owners of every cloud infrastructure resource to remediate vulnerabilities and misconfigurations. About Datadog Datadog is the monitoring and security platform for cloud applications. Our SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration, drive collaboration among development, operations, security and business teams, accelerate time to market for applications, reduce time to problem resolution, secure applications and infrastructure, understand user behavior and track key business metrics.

Read More

ENTERPRISE IDENTITY,PLATFORM SECURITY,SOFTWARE SECURITY

Bearer Launches Data-First Security Solution

Bearer | November 15, 2022

Bearer, the data-first security software company, today announced the general availability of the Bearer Data Security Platform. Based on extensive interviews with more than 130 enterprise CISOs at high-growth and global 2,000 companies, Bearer is in beta use across multiple industries with one customer protecting the private data of more than 75 million medical patients. “At Bearer, we strongly believe the best approach for a data-first security approach is to start at the beginning of the journey, following the shift-left security trend. “Data-first security should start in the code. And to be truly effective, it should never impede developers and never allow access to private data itself while still providing ownership context and protecting against vulnerabilities created in the business logic of an application or service.” said Guillaume Montard, CEO and co-founder of Bearer Why Bearer Data Security Platform Now Data security is becoming a top priority for businesses, with customers and governments demanding better data protection driven by the demands of GDPR, CCPA, PDPA and more. Bearer’s detection engine protects PD, PHI, PII and financial data. Cloud native organizations have more complex and fragmented architectures than ever before, making properly-implemented data security risk controls impossible without a proper solution. More than two-thirds of the enterprise 2,000 are focusing on cloud-native applications. DevSecOps is gaining huge traction. 57% of security teams have shifted security left already or are planning to this year, making them ready to use a solution such as Bearer. Bearer has been tested on more than 20,000 open source software projects as well as more than 6,000 data repositories at beta users, partners and early customers. The Bearer Data Security Platform Bearer is a SaaS platform that enables scalable deployments and workflow automation for security management. It discovers sensitive data flows automatically by continuously scanning source code and associated metadata. By monitoring data security risks proactively, it can automatically detect gaps within data security policies during coding and in production. Finally, it can remediate data security issues at a massive scale, giving developers immediate actionable advice on how to mitigate as well as prioritize an issue. Bearer accomplishes these results through three major innovations: Identification of data security risks – Including business logic flaws: Bearer pinpoints data security technical and business logic flaws in code before it’s too late and costly to correct. It then provides actionable context and ownership information to fix issues quickly – in minutes. Before Bearer, pinpointing business logic flaws could only be achieved manually – often left ignored. Frictionless deployment: Bearer is a data security SaaS solution that fits into the development cycles of Global 2000 enterprises without requiring any changes to how software engineering teams work. Additionally, Bearer does not require access to the underlying source code nor the sensitive data itself. Extreme automation: Designed by developers for developers in a world of constant code iterations, Bearer automates the burden of data security compliance for software engineers so they don’t have to become experts on data security regulations across different global markets. Security and compliance teams love how Bearer prioritizes the most critical issues in remediation workflow to allow for speedy resolution between security and development. About Bearer Bearer, the data-first security software company, pioneered a solution for developers to automatically detect sensitive data flow and data security risks while coding. Its policy engine proactively monitors data security policies before releasing code and its unique remediation workflow prioritizes the most critical issues – including business logic flaws – for quick resolution between security and engineering teams. Venture-backed with more than $8 million in seed financing, Bearer is used in markets where privacy protection and data security are business-critical, including eCommerce, financial services, and healthcare.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Noname Security Announces Ambitious EMEA Channel Strategy to Capitalise on Accelerating Demand for API Security

Noname Security | November 02, 2022

Noname Security, the leading API security company, today shared its EMEA channel strategy, which builds on significant momentum achieved in the past six months and is led by Ides Vanneuville, recently appointed EMEA Channels & Alliances Director. Vanneuville is an experienced leader in the cybersecurity market with a strong track record in cybersecurity and solutions engineering, having held a number of senior positions at organisations such as Palo Alto Networks, Nutanix, and Aviatrix. Demand for API security solutions is accelerating throughout EMEA as businesses continue to transition to public cloud and are increasingly adopting cloud-native development strategies. High-profile API breaches have underlined the critical nature of API security and the need for advanced solutions such as the Noname API Security Platform that accelerate digital transformation while addressing API security risks and vulnerabilities. This offers a new and growing market for established cybersecurity resellers and new entrants alike. "I am excited to join Noname Security at a time when the channel is transforming to meet growing demand for the powerful yet easy-to-use API security that our platform delivers," comments Vanneuville. "We are building productive partnerships with traditional cybersecurity companies seeking to expand their offering into the DevSecOps market, along with the innovative application-centric resellers that are carving out opportunities in this space." Noname Security operates a 100% indirect sales model, and its channel strategy focuses on building out presence across EMEA by securing key partnerships with a range of cybersecurity resellers, consultancies, systems integrators, and distributors. Since March 2022, Noname Security has signed new partnerships with Oblivion, part of Xebia (Netherlands, Denmark & Germany), NewGens Pte (Singapore, Malaysia, Indonesia and Thailand), CyberGate Defense (UAE), Evanssion (Middle East & Africa), Aditinet (Italy), iSOC24 (Benelux) and HighPoint (UK & NL) . These partners join a diverse group of existing partners across Europe, the Middle East, and Africa. These partners will be supported by Noname Security's global partner program, which provides the resources they need to address key customer pain points in their region and build sizable revenue opportunities in the API security market. The program is tailored to reflect the variations in maturity and background of the API security market in each geographic area. "API security is a rapidly evolving area that wraps around the ways APIs are being used in different territories," adds Vanneuville. "For example, the increase in open banking in emerging regions like Turkey is driving demand for API security in that region, and we have new Noname Security partners in place to meet that need. Similarly, the booming m-commerce market in Africa is a valuable target for our partners to focus on. Our program helps partners target these key vertical markets and build a reputation for excellence." API Security Workshops Provide Essential Partner and Market Education Noname Security is running a series of workshops to educate the market and channel partners about the importance of protecting APIs against attacks and how to go about it. These are currently available, both virtually and in-person in a variety of worldwide cities, and will help Noname's channel partners as well as their end-users to understand: The underlying security risks when deploying APIs Emerging threats facing applications and APIs Techniques used to exploit vulnerable APIs How Noname Security monitors API traffic for anomalies. "These educational workshops form an important part of Noname's go-to-market strategy," concludes Vanneuville. "An educated market is a receptive market, and with these workshops we aim to ensure that customers and partners fully understand the urgency of securing APIs in order to protect core revenue streams against disruptive attackers. This is a relatively new area, but one that is of critical importance for the success and stability of modern enterprises as the cloud transition continues and born-in-the-cloud businesses ramp up innovation and expansion." About Noname Security Noname Security is the only company taking a complete, proactive approach to API security. Noname works with 20% of the Fortune 500 and covers the entire API security scope across three pillars: posture management, runtime security and API security testing. Noname Security is privately held, remote-first with headquarters in Palo Alto, California, and offices in Tel Aviv and Amsterdam.

Read More

Spotlight

RedTalk: Discover, Detect, and Respond to Cloud Security Incidents Using an Extensible Language called RedLock Query Language (RQL). In order to provide comprehensive security and operational visibility across AWS, Azure, and Google Cloud Platform (GCP) environments, the RedLock Cloud 360 platform ingests various services from the cloud service providers such as IAM, Virtual Machines, Storage Services, and more. Once ingested, we provide standard, out-of-the-box policies to look for potential security risks.

Resources