SECURITY AUDIT AND COMPLIANCE
NetWitness | June 08, 2022
NetWitness, a globally trusted provider of cybersecurity technologies and incident response, today announced NetWitness XDR, a family of products and capabilities delivering comprehensive detection and response on premise, in the cloud or as a hybrid of the two. This new offering and product architecture delivers the full range of deployment options enterprises seek today to meet their unique cybersecurity needs and use cases.
NetWitness XDR delivers a robust set of capabilities enabling extended detection and response (XDR) and helping customers stay ahead of the most sophisticated cyber threats. These include:
Unified collection, data, and visibility across multiple security layers
Automatic enrichment of data using any technical or business source
A wide toolset of detection technologies including, but not limited to, advanced behavioral analysis
External and internal threat intelligence to identify known security risks and threat actors
Truly insightful context, visualization, and investigation tools
Threat hunting tools and methodologies to identify previously unknown threats
Highly repeatable and measurable incident investigation and response processes
A strong array of both automated and human response options
“NetWitness has enjoyed the trust of some of the world’s most security sensitive organizations because of its unique ability to monitor the entire attack surface across the network, endpoint, cloud, IoT, logs and more,” said CEO of RSA and NetWitness, Rohit Ghai. “We have been delivering XDR capability to the market for several years and today we are delighted to announce new innovations in the platform and reintroduce it to the market as NetWitness XDR.”
Under this new model, NetWitness XDR will be comprised of three main product lines that showcase its uniquely powerful support for all XDR use cases. NetWitness Platform XDR 12 is the newest major release of NetWitness Platform. This technology stack, typically deployed as customer-managed software or hosted by MSSPs, has been enhanced to focus on detection capabilities that identify threats faster and decrease their impact. The company’s new cloud-native SaaS version will be known as NetWitness Vision XDR and is currently in design preview. The third product line, NetWitness XDR Cloud Services, is a set of optional SaaS applications that take advantage of the cloud’s inherent elastic nature to deliver flexible and cost-effective components which can be used to augment either Platform XDR or Vision XDR.
“Our network-forward approach allows us to stand out in this emerging space and highlights NetWitness XDR’s ability to detect across customers’ growing number of systems and devices. “We are embracing the belief that the best XDR must be consumable on prem, in the cloud, and hybrid.”
Director of Product Management and Research, Kevin Bowers
Developed initially in 1996, NetWitness began as a government-sponsored research project to inspect network packets for cyberthreats and tools to detect and respond to them. Since then, the technology has continuously evolved and been innovated to tackle today’s most complex attacks. NetWitness now features fully integrated components for network, log, endpoint and IoT detection and response that drive its threat intelligence and security orchestration platform, NetWitness Orchestrator. With its long history and global footprint, NetWitness XDR integrates directly with the world’s most critical and widely deployed tools, as well as many specialized and industry-specific solutions.
NetWitness XDR will host demonstrations at its booth at RSA Conference this year for Platform XDR and Vision XDR.
NetWitness, an RSA® Group Business, provides comprehensive and highly scalable threat detection and response capabilities for organizations around the world. The NetWitness Platform delivers complete visibility combined with applied threat intelligence and user behavior analytics to detect, prioritize, investigate threats, and automate response. This empowers security analysts to be more efficient and stay ahead of business-impacting threats.
OpenText | June 03, 2022
OpenText™ , a global leader in information management, today announced an expanded suite of security solutions to address the heightened state of cyber security in today's vulnerable world. With OpenText, organizations of every size can protect their data and systems against evolving threats. OpenText is showcasing new and enhanced security offerings that strengthen cyber resilience for SMBs, government agencies, and enterprises at this year's RSA Conference in San Francisco at booths #4214, #4221 and #1535.
Real-time threat intelligence is an essential component of a business's cyber resilience strategy. Further to the findings from the 2022 BrightCloud Threat Report, new quarterly findings released today from BrightCloud® Threat Intelligence show:
1122% increase in phishing in the first quarter of 2022 compared to 2021 Q1 phishing numbers, indicating a buck in the trend of hackers taking holiday in Q1;
For the first time, Instagram broke into the top five most impersonated brands for phishing, demonstrating increased targeting of younger users; and
36.1% reduction in malware encounters for customers using both endpoint and DNS protection versus only endpoint protection, reinforcing the added efficacy benefit of securing DNS and using layered security.
To ensure cyber resilience, organizations must deploy strong, multi-layered security and data protection policies to prevent, respond, and quickly recover from threats. OpenText has expanded its security offerings with new technology and increased capabilities that enable businesses to confidently power and protect information continuously at the data, application, infrastructure, and edge layers with intelligence and insights across the perimeter and endpoints.
"With security risks escalating worldwide and a persistent state of evolving threats, compromises are inevitable, security remains job number one," said Mark J. Barrenechea, OpenText CEO and CTO. "Through our breadth of OpenText Security Cloud, we make it easier for businesses to increase their cyber resilience posture and protect themselves against threats. And if a vulnerability unfortunately leads to a breech, our solutions enable quick detection, response, and recovery to minimize disruption."
"Texas Tech University Health Sciences Center, (TTUHSC), a large medical school serving more than 100 counties in the western portion of Texas, needed a trusted partner to help us protect our operations from cyberattacks. OpenText MxDR has been responding to our needs effectively and because it is a 24X7X365 service, our experience has been seamless," said TTUHSC, ISO, Lane Timmons.
OpenText, The Information Company™, enables organizations to gain insight through market leading information management solutions, powered by OpenText Cloud Editions.
SecurityScorecard | June 23, 2022
SecurityScorecard, the global leader in cybersecurity ratings announced today that it has joined Snowflake's Partner Network, enabling mutual customers to gain instant visibility into their own security posture and that of their third and fourth party software vendors.
Catching Third-Party Risks Early
Snowflake customers now have access to "call" security data within Snowflake, gaining direct access to SecurityScorecard Ratings data that can be correlated with various systems and processes including third party risk, identity and access and IT asset management to catch potential security risks early and create a unified view.
"CISOs need to know the scale and scope of their cyber environment and that includes third and fourth-party vendors that can pose substantial risks to their organization," said Alex Rich, Vice President of Alliances at SecurityScorecard. "The insights gleaned from continuous monitoring with SecurityScorecard ratings data helps Snowflake data cloud customers get a broad view into their Third Party Risk Management, supply chain management, and business intelligence applications with continuous cybersecurity data."
SecurityScorecard collects and analyzes global threat signals that give organizations instant visibility into the security posture of vendors and business partners as well as the capability to do a self-assessment of their own security posture. The technology continuously monitors 10 groups of risk factors to instantly deliver an easy-to-understand A-F rating.
The Snowflake Partner Network unlocks the potential of the Data Cloud with a broad array of tools and partners. Certified partnerships and integrations enable customers to leverage Snowflake's flexibility, performance, and ease of use to deliver more meaningful data insights.
"With SecurityScorecard on the Snowflake Data Marketplace - organizations can now access and use robust vendor risk data directly in their Snowflake account. "Joint customers of Snowflake and SecurityScorecard can now easily combine, enrich, and contextualize vendor risk data with procurement, legal, IT, compliance, and security data, systems, and processes, accelerating the modern CIO and CISO's priority of data-driven, risk-based, and automated security and compliance."
Joshua McKibben, Director Security Compliance & Risk Management at Snowflake
"Our partnership with SecurityScorecard is delivering customers the detailed cybersecurity ratings data they need to refine and enrich data around numerous different use cases," said Tarik Dwiek, Head of Technology Alliances at Snowflake. "From third party risk and M&A due diligence, to cyber insurance, SecurityScorecard and Snowflake are helping global enterprises better manage their third-party risk management programs."
Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
Cloud Security Alliance | June 10, 2022
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Software-as-a-Service (SaaS) Governance Best Practices for Cloud Customers. Drafted by the SaaS Governance Working Group, the paper provides a baseline set of SaaS governance best practices for protecting data within SaaS environments, enumerates and considers risks according to the SaaS adoption and usage lifecycles, and finally, provides potential mitigation measures from the SaaS customer’s perspective.
The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. While the domain of cloud adoption and security continues to evolve, not much guidance is available regarding SaaS governance and security. This, despite the reality that increasingly, different departments within an organization (Shadow IT) are occasionally utilizing SaaS offerings to power their critical business processes and functions and often storing sensitive data in SaaS environments.
“SaaS requires a different security governance mindset. Because SaaS apps allow businesses to quickly and easily optimize business operations, adoption has come at the price of security. Few recognize how complex the configuration and permission settings of SaaS apps can be, which results in numerous misconfigurations, giving attackers the potential to access sensitive data,” said Amir Ofek, CEO of AxoniusX, the new innovation unit of Axonius, which sponsored the paper. “By following a widely adopted security framework, such as NIST CSF, coupled with the best-practices and recommendations in this document, organizations will be able to better establish SaaS governance and security processes to mitigate risk associated with SaaS usage, eliminate misconfigurations, and gain full control over their entire SaaS environment.”
“While SaaS offers tremendous opportunities for organizations to change the way they operate, consume innovative capabilities, and offload many of the operational burdens associated with both creating and maintaining applications, it isn’t without its concerns. As organizations continue to adopt SaaS-based applications and solutions, traditional organizational cybersecurity must be updated to reflect this new operating model. Failing to do so can increase the potential risk and ramifications of security incidents associated with the consumption of SaaS.”
Chris Hughes, co-founder and CISO at Aquia and project lead/lead author of the paper
The guide defines three necessary components that, when combined into a cohesive strategy, can provide integrated security for SaaS systems and solutions:
Process security. Protects the integrity of procedural activities to ensure the input and output of processes aren’t easily compromised. These are the managerial aspects, including policies and procedures, to ensure that an organization’s processes are consistent.
Platform security. Deals with the security strength of the platform and the underlying dependencies of a SaaS service. These include the SaaS infrastructure, operating systems, and its potential suppliers.
Application security. Deals with the security of the SaaS application itself. A SaaS application can only stay secure if it does not contain exploitable vulnerabilities and has implemented hardened configurations aligned with organizational and vendor security best practices, as well as compliance requirements.
The Software-as-a-Service (SaaS) Governance Working Group aims to benefit all parties in the SaaS ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider. Individuals interested in becoming involved in future research and initiatives are invited to join the working group.
SaaS Governance Best Practices for Cloud Customers was sponsored by Axonius, a leader in cybersecurity asset management and SaaS management. CSA research prides itself on vendor neutrality, agility, and integrity of results. Sponsors are CSA Corporate Members who support the findings of the research project but have no added influence on the content development or editing rights to CSA research.
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem.