DATA SECURITY

CRITICALSTART Partners with Managed Detection and Response Provider RangeForce

businesswire | January 11, 2021

RangeForce, the organization that is changing network safety preparing, today declared an association with Texas-based CRITICALSTART, a main online protection supplier of Managed Detection and Response (MDR) administrations. Under terms of the understanding, CRITICALSTART will give the RangeForce intelligent network safety preparing stage to its clients.

RangeForce's double way to deal with digital preparation joins cyberskills recreation modules with a completely incorporated digital reach in a SaaS climate. This mix permits security experts and groups to constantly prepare and shield against genuine assaults in an active and connecting with climate.

“We are excited to partner with RangeForce to address the cybersecurity training needs of our customers,” said Tera Davis, Managing Director, CRITICALSTART. “Their approach to cyber simulation can fulfill the unique needs of organizations of all sizes.”

RangeForce clients generally start their excursion with on-request preparing modules conveyed through job based, prescriptive learning ways. From that point, students keep on taking provokes that range from fledgling to cutting edge capacities to test their aptitudes and report progress. RangeForce's preparation is a financially savvy option in contrast to conventional preparing and on-premise digital reaches.

“Skills training and readiness is crucially important to cybersecurity operations for all types of organizations,” said Jackson Thibodeau, Sr. Director of Channels at RangeForce. “At RangeForce, we have a strong commitment to the channel and CRITICALSTART has a reputation and presence that will help us deliver these solutions to customers in their region.”

About RangeForce

RangeForce makes creating highly skilled cybersecurity defenders simple, flexible, and fast for all enterprises. Powered by the industry’s first SaaS-based, integrated cybersecurity simulation and virtual cyber range, we help customers operationalize a security training program in hours, saving up to 65% over traditional training and up to $1M annually on hosted cyber ranges. RangeForce is revolutionizing cybersecurity training with its adaptive learning to rapidly train and cross-train DevOps, IT, and security professionals, while integrating best-of-breed solutions from a growing ecosystem of RangeForce partners.

Spotlight

CRASHOVERRIDE1 is the first publicly-known malware designed to impact electric grid operations. While some attention has already been paid to CRASHOVERRIDE’s ICS-specific effects, the broader scope of the attack – and the necessary prerequisites to its execution – have been woefully unexamined. Reviewing previously unavailable data covering log, forensics, and various incident data, this paper will outline the CRASHOVERIDE attack in its entirety, from breach of the ICS network through delivery and execution of ICS-specific payloads.


Other News
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

OneSpan Launches Virtual Room Enabling Secure Face-to-Face Transactions

OneSpan | September 19, 2022

OneSpan™ , the digital agreements security company, today announced the general availability of its secure Virtual Room cloud service which enables organizations to deliver live, high-touch assistance to their customers in a high-assurance virtual environment. This next-generation customer engagement solution gives organizations the ability to balance identity security, authentication, and e-signature solutions from the broader OneSpan portfolio with a high-assurance virtual experience that is the next best thing to entering a branch or meeting in person. Virtual Room complements digital-first transaction experiences by providing a unique opportunity for organizations to create personalized, high-touch, human-assisted interactions, and by improving the customer experience, increasing agreement completion rates, and reducing security risks and fraud. “Today, businesses requiring a high degree of security and regulatory compliance rely daily on a variety of technologies that use insecure, shared links and expose users to elevated risks including data breaches and compliance violations in the anywhere economy. This should not be the case. Organizations and their customers want to be confident that the person joining a virtual meeting is the person they claim to be. And multi-million dollar business agreements transacted digitally should not be subject to fraud fallout. “Today’s off-the-shelf video conferencing tools do not offer optimal security. As the complexity and value of transactions increase, customers want a live interaction rather than relying on a virtual assistant or self-service experience. We built Virtual Room for these scenarios to help our customers complete an agreement or transaction where they need a personal touch and where security is paramount.” Matthew Moynahan, President and CEO at OneSpan Combining OneSpan’s heritage in high-assurance identity verification and authentication with agreement co-browsing, web-enabled videoconferencing, rich collaboration features, and built-in e-signature, Virtual Room helps organizations engage and transact with customers with confidence. Virtual Room can be used for multiple high-value customer agreements, including account opening and maintenance, wealth management, and car financing. Virtual Room enables organizations to: Verify the identities of participants, utilizing OneSpan’s identity verification and mobile and hardware authentication solutions; Interact with signers remotely; Simultaneously review documents and address questions; Capture legally binding e-signatures in real-time; and Record virtual sessions to reinforce the electronic evidence captured in the audit trails. A recent report from Aragon highlighted the need for higher assurance within these processes. “It’s important for buyers to look for a provider that has global security compliance expertise in all aspects of the workflow, from the initial identity verification and authentication steps, to creating a secure virtual interaction environment and all the way through to securing the final output or artifact of the transaction, for compliance and enforceability purposes. Equally important, buyers should look for a vendor that has the flexibility to adapt any step in the digital workflow to meet local regulations for digital identity, secure customer authentication, transaction risk analysis, and the many other security requirements, which differ from one country to the next.” As a secure solution for customer-facing digital agreements where the integrity of the agreement is paramount, ​Virtual Room allows organizations to embrace a new way of working that’s more distributed, virtual, and dynamic, enabled by advancements in cloud technology. With the onset of the anywhere economy, and with more transactions being completed online, identity verification and authentication technologies are critical in the digital agreements process. This purpose-built, high-assurance digital agreement solution includes identification and authentication capabilities that enable organizations to increase the integrity and completion rates of agreements and transactions in a highly-secure and protected ecosystem without impacting user experience or productivity. About OneSpan OneSpan helps organizations accelerate digital transformations by enabling secure, compliant, and refreshingly easy customer agreements and transaction experiences. Organizations requiring high assurance security, including the integrity of end-users and the fidelity of transaction records behind every agreement, choose OneSpan to simplify and secure business processes with their partners and customers. Trusted by global blue-chip enterprises, including more than 60% of the world’s largest 100 banks, OneSpan processes millions of digital agreements and billions of transactions in 100+ countries annually.

Read More

ENTERPRISE IDENTITY,PLATFORM SECURITY,SOFTWARE SECURITY

Bearer Launches Data-First Security Solution

Bearer | November 15, 2022

Bearer, the data-first security software company, today announced the general availability of the Bearer Data Security Platform. Based on extensive interviews with more than 130 enterprise CISOs at high-growth and global 2,000 companies, Bearer is in beta use across multiple industries with one customer protecting the private data of more than 75 million medical patients. “At Bearer, we strongly believe the best approach for a data-first security approach is to start at the beginning of the journey, following the shift-left security trend. “Data-first security should start in the code. And to be truly effective, it should never impede developers and never allow access to private data itself while still providing ownership context and protecting against vulnerabilities created in the business logic of an application or service.” said Guillaume Montard, CEO and co-founder of Bearer Why Bearer Data Security Platform Now Data security is becoming a top priority for businesses, with customers and governments demanding better data protection driven by the demands of GDPR, CCPA, PDPA and more. Bearer’s detection engine protects PD, PHI, PII and financial data. Cloud native organizations have more complex and fragmented architectures than ever before, making properly-implemented data security risk controls impossible without a proper solution. More than two-thirds of the enterprise 2,000 are focusing on cloud-native applications. DevSecOps is gaining huge traction. 57% of security teams have shifted security left already or are planning to this year, making them ready to use a solution such as Bearer. Bearer has been tested on more than 20,000 open source software projects as well as more than 6,000 data repositories at beta users, partners and early customers. The Bearer Data Security Platform Bearer is a SaaS platform that enables scalable deployments and workflow automation for security management. It discovers sensitive data flows automatically by continuously scanning source code and associated metadata. By monitoring data security risks proactively, it can automatically detect gaps within data security policies during coding and in production. Finally, it can remediate data security issues at a massive scale, giving developers immediate actionable advice on how to mitigate as well as prioritize an issue. Bearer accomplishes these results through three major innovations: Identification of data security risks – Including business logic flaws: Bearer pinpoints data security technical and business logic flaws in code before it’s too late and costly to correct. It then provides actionable context and ownership information to fix issues quickly – in minutes. Before Bearer, pinpointing business logic flaws could only be achieved manually – often left ignored. Frictionless deployment: Bearer is a data security SaaS solution that fits into the development cycles of Global 2000 enterprises without requiring any changes to how software engineering teams work. Additionally, Bearer does not require access to the underlying source code nor the sensitive data itself. Extreme automation: Designed by developers for developers in a world of constant code iterations, Bearer automates the burden of data security compliance for software engineers so they don’t have to become experts on data security regulations across different global markets. Security and compliance teams love how Bearer prioritizes the most critical issues in remediation workflow to allow for speedy resolution between security and development. About Bearer Bearer, the data-first security software company, pioneered a solution for developers to automatically detect sensitive data flow and data security risks while coding. Its policy engine proactively monitors data security policies before releasing code and its unique remediation workflow prioritizes the most critical issues – including business logic flaws – for quick resolution between security and engineering teams. Venture-backed with more than $8 million in seed financing, Bearer is used in markets where privacy protection and data security are business-critical, including eCommerce, financial services, and healthcare.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Next DLP Announces Cybersecurity Industry Veteran, Constance Stack, as New CEO

Next DLP | November 03, 2022

Next DLP (“Next”), formerly Qush Security, today announced the appointment of Constance (“Connie”) Stack as its new chief executive officer. With Stack leading the way, Next expects to aggressively grow its market share and disrupt the legacy Data Loss Prevention (DLP) category. The DLP market is projected to reach 3.5 Billion USD by 2025 with the SaaS deployment model expected to dominate during the forecast period. Next’s “Reveal Cloud”, which was included in Gartner’s 2022 Market Guide for Data Loss Prevention, is an industry leading, user-centric, DLP solution, that uncovers risk, educates employees and fulfills security, compliance and regulatory needs. “This is an exciting time for all of us at Next DLP,. “We are pleased to have Connie lead Next and believe her leadership will further accelerate the company’s growth and deliver on our mission of reinventing data protection for today's distributed organization.” Fredrik Halvorsen, Chairman of Next’s board of directors and co-founder of Ubon Partners Most recently, Stack served as Managing Director/GM of the Data Protection Business Unit for HelpSystems, which included the Digital Guardian, Titus, Boldon James and Vera brands. Prior to acquisition by HelpSystems, Stack served as chief strategy officer and chief marketing officer of Digital Guardian. Earlier in her career, Stack was vice president of marketing at Veracode (acquired by CA Technologies) and chief revenue officer at WordStream (acquired by the Gannett Company). “Today’s most used DLP solutions came to market over twenty years ago; before the shift to cloud and SaaS really took off and well before the COVID-19 pandemic drove global knowledge workers to a remote working model. Put plainly, legacy DLP approaches are outdated and prone to failure,” said Constance Stack, Chief Executive Officer, Next DLP. “Next DLP offers a new and flexible approach to protecting data where it is most at risk. Its patent-pending endpoint agent and cloud platform were purpose-built for today’s IT environment and threat landscape. I look forward to this opportunity to work with Next’s incredibly talented team and to deliver DLP that works to our customers.” About Next DLP Next DLP (“Next”) is a leading provider of data protection solutions for organizations with valuable data who need to uncover risk, educate employees and fulfill security, compliance and regulatory needs. Next's mission is to reinvent data protection for today's distributed organization and it is disrupting the legacy data loss prevention market with a user-centric, flexible, cloud-native, AI/ML powered solution built for today’s threat landscape. The company's leadership brings decades of cyber and technology experience from HelpSystems, DigitalGuardian, Forcepoint, Mimecast, IBM, Cisco and Shopify. Next is trusted by organizations big and small, from Fortune 100 finance and retailers to fast growing healthcare and technology companies.

Read More

DATA SECURITY, ENTERPRISE IDENTITY, ENTERPRISE SECURITY

SyncDog Announces Partnership with 3Eye Technologies to Expand Access to Mobile Endpoint Security Technology

SyncDog Inc. | October 28, 2022

SyncDog, Inc., the leading Independent Software Vendor (ISV) for next generation mobile security and data loss prevention, today announced a partnership with 3Eye Technologies to develop a smarter, more advanced offering for its mobility and cloud strategy to accelerate sales initiatives. SyncDog's Secure.Systems™ Workspace offers companies and government organizations a more secure and scalable solution for addressing all the challenges that go along with enabling employees on mobile devices—with immediate opportunities around helping to bring organizations into compliance with the federal government's CMMC 2.0 framework and other security & privacy regulatory standards. The rising popularity and rapid adoption of hybrid work models means that employees are empowered to conduct their work from wherever they are and on whatever device they have on hand–even personally owned (BYOD) devices. However, hybrid and remote work policies emphasize the importance of having robust data protection and endpoint security solutions. Now, more than ever, the ability for both private and public sector institutions to achieve compliance and adopt the cybersecurity and data protection standards outlined in industry frameworks is more critical than ever, as evidenced by the federal government's push to implement CMMC 2.0. In accordance with CMMC and other federally regulated requirements, SyncDog's unified Trusted Mobile Workspace provides a holistic, zero-trust approach that helps bring organizations into compliance with the federal government's CMMC framework along with other broadly recognized regulatory standards. "We are excited to partner with 3Eye to offer even more organizations a smarter and more efficient approach to a secure mobility architecture. A particularly compelling opportunity will be in enabling government employees and federal contractors to collaborate in real-time outside the office in a secure way – even while using BYOD/Personal devices – and still complying with CMMC 2.0 regulations. "This partnership will help broaden the range of organizations securely transferring data between the device and organization's secure network and provide reassurance that devices and processes they are following and implementing adhere to necessary regulations." Brian Egenrieder, Chief Revenue Officer at SyncDog "The prevalence of hybrid and remote work has IT and security teams grappling with ever evolving and complex cybersecurity challenges. This widespread workforce shift has made the need for enterprise mobility more important than ever, but these challenges are only exacerbated by the lack of robust mobile security strategies," said Conor MacFarlane, President and CEO of 3Eye Technologies. "SyncDog technology protects sensitive data no matter what device it is on, making it easier for people to conduct business securely. It's a terrific addition to our portfolio of highly advanced mobility and security technologies." 3Eye Technologies is a mobile-first distributor, who partners with best of breed vendors to provide the highest quality mobility, security, and identity solutions to deliver cutting-edge technologies through its reseller database. SyncDog will leverage 3Eye Technologies' distribution capabilities to build upon their growing market presence and connect SyncDog with more customers across new commercial markets and regions. About SyncDog Inc. SyncDog is the leading ISV for building mobile frameworks that extend app functionality to devices while securing corporate and government networks from mobile-endpoint threats. SyncDog's flagship solution, Secure.Systems, delivers a rich and unimpeded mobile experience for employees working remotely, and supports a multitude of enterprise productivity apps within a NIST-certified (FIPS 140-2 cert. #2687) workspace. Secure.Systems is ideal for organizations that want to deliver a rich mobile app experience across BYOD, CYOD (choose your own device), or other endpoint device policy. Secure.Systems is a natural complement to security and compliance auditing initiatives to satisfy the mandates of CMMC, HIPAA, GDPR, PCI DSS, GLBA, FISMA, and other laws/standards for data security. About 3Eye Technologies 3Eye Technologies is a value-added distributor of mobility, security, and identity solutions, committed to helping our partners identify, configure, and deliver solutions that enable seamless and secure work, wherever work gets done.

Read More

Spotlight

CRASHOVERRIDE1 is the first publicly-known malware designed to impact electric grid operations. While some attention has already been paid to CRASHOVERRIDE’s ICS-specific effects, the broader scope of the attack – and the necessary prerequisites to its execution – have been woefully unexamined. Reviewing previously unavailable data covering log, forensics, and various incident data, this paper will outline the CRASHOVERIDE attack in its entirety, from breach of the ICS network through delivery and execution of ICS-specific payloads.

Resources