PLATFORM SECURITY

CyberProof Collaborates with Microsoft on Security Portfolio

CyberProof | June 22, 2022

CyberProof
CyberProof, a UST company, announced a partnership with Microsoft and can provide Managed Extended Detection and Response (MXDR) capabilities for Microsoft Security Services for Enterprise, a new managed service for large enterprise customers that is part of Microsoft's new security services portfolio. Microsoft Security Services for business is a comprehensive, expert-led service that manages onboarding, everyday interaction, practice modernization, and incident response by combining proactive threat hunting and MXDR with devoted Microsoft security experts. The service extends threat detection and response across Microsoft 365 Defender and Microsoft Sentinel security solutions by leveraging the human expertise and service delivery experience of MXDR providers like CyberProof and internal Microsoft teams.

Customers can mitigate the cybersecurity risks associated with digital transition by leveraging CyberProof's experience with the most difficult, enterprise-scale changes. The CyberProof Defense Center platform runs on Microsoft Azure natively and connects with the Microsoft Security Stack. This allows CyberProof to assist organizations in addressing critical difficulties as they grow their security operations, ranging from log gathering and analysis to proactive search for malicious threat behavior.

CyberProof's nation-state qualified cybersecurity professionals offer Managed XDR services and experience to companies wishing to transition from old on-premises security solutions to cloud-native protection. CyberProof partners with Microsoft as a Microsoft Gold Partner, with R&D teams in Tel Aviv working closely together to provide customers with end-to-end security services such as advanced threat intelligence and hunting, use case engineering, and vulnerability management.

Microsoft's entry into this industry validates the importance of sophisticated MXDR services, which are quickly rising. Gartner predicts that by 2025, half of enterprises will be employing MDR services for threat monitoring, detection, and response tasks that provide threat containment and mitigation capabilities.

"Our Managed XDR service offering indicates a shift in security operations supported by cloud-native technology. Forward-thinking CISOs are quickly discovering the many benefits of a cloud-native security architecture and we are helping them solve the most complex challenges as co-innovation partners with Microsoft." He continued, "We are proud to work together with Microsoft as a part of Microsoft's partner community and are excited about the process Microsoft is undergoing," said Tony Velleca, Chief Executive Officer, CyberProof.

"CyberProof shares Microsoft's belief in the crucial importance of collaborating within the cybersecurity community to improve customers' threat detection and response capabilities. As members of Microsoft's partner community, we are now offering Managed XDR for Microsoft 365 Defender and Microsoft Sentinel in our portfolio." He added, "CyberProof was among the first to deploy Microsoft Sentinel in a highly regulated, global enterprise, and today, our close partnership with Microsoft is expanding to address the increasing demand for Managed XDR services."

Yuval Wollman, President, CyberProof

"CyberProof is committed to collaboration within the cybersecurity community. We value CyberProof's capabilities in cyber defense and appreciate the team working with us to improve the ability of our customers to predict, detect, and respond to security threats faster." said Kelly Bissell, Corporate Vice President of Security Service Line, Microsoft.

Spotlight

Many organizations are not aware of the targeted attacks and advanced threats that readily breach existing security defenses. Today's attackers conduct advance reconnaissance on their targets, in order to custom-design advanced malware attack methods that are specifically designed to evade detection. To protect data, intellectual property, and communications, and to avoid the unexpected costs associated with targeted attacks and advanced threats, organizations need the ability to discover attacks that traditional security is blind to.


Other News
SOFTWARE SECURITY

Red Canary and Palo Alto Networks expand collaboration to provide detection and response across security landscape

Red Canary | July 08, 2022

Red Canary, the Managed Detection and Response (MDR) trailblazer, has expanded its collaboration with industry leader Palo Alto Networks to help deliver on a bold vision: unifying threat investigation across a wide range of Palo Alto Networks products. To help achieve this goal Red Canary is now a part of the Palo Alto Networks Cortex® MSSP partner program. Today, Red Canary MDR supports Palo Alto Networks firewalls by integrating with PAN-OS version 9 and higher. This integration allows security alerts and event data generated by firewall appliances to feed into the Red Canary MDR platform for further investigation and remediation. Red Canary is working with Palo Alto Networks as an MDR partner for the Cortex XDR product, which includes built-in endpoint protection. While many MDR offerings simply ingest alerts generated by endpoint security tools, Red Canary is working toward being able to ingest raw telemetry as well as alerts from the Cortex XDR endpoint agent. Red Canary anticipates this will allow it to reduce false positives by up to 99% and significantly increase the detection of confirmed threats compared to what endpoint security tools can identify on their own. "The detailed endpoint telemetry generated by Cortex XDR enables leading scores in actual hands-on tests, such as MITRE's recent ATT&CK® evaluation," said Rick Caccia, SVP of Marketing for Palo Alto Networks. "Red Canary's ability to manage and analyze large volumes of endpoint, network, and other types of telemetry will make them an ideal partner for solving customers' most pressing security challenges. Together, we can help protect organizations from ransomware, phishing, and other modern threats." To complete our vision of unifying threat investigation across the Palo Alto Networks product line, Red Canary is also developing integrations for Prisma® Cloud, Threat Prevention, and the WildFire Analysis Environment. Red Canary's MDR everywhere strategy allows events from Palo Alto Networks products to be combined with multi-vendor events in a unified timeline. To learn more, visit https://redcanary.com/cyber-threat-investigation/. "Red Canary is meeting customer demand for security across the modern IT environment by integrating alert data from network, identity, and SaaS applications – all in a unified timeline. Our collaboration with Palo Alto Networks layers best-in-class managed detection and response across an industry-leading portfolio of cybersecurity solutions. The result is more choice and better security for our customers." Chris Rothe, CTO, Red Canary About Red Canary Red Canary stops cyber threats no one else does so organizations can fearlessly pursue their missions. The company's managed detection and response (MDR) solution works across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. Red Canary operates as a security ally for customers and partners by providing unlimited 24×7 support, deep threat expertise and hands-on remediation to prevent threats from turning into business-defining incidents.

Read More

PLATFORM SECURITY

TAC Security Launches the ESOF Vulnerability Prediction Feature

TAC Security | June 13, 2022

TAC Security, a Silicon Valley-based Cybersecurity company, announced the launch of their ESOF Prediction Feature. The Prediction feature allows the organizations to forecast the quantity of new vulnerabilities in an asset for the coming month. The results will be based on the vulnerability specifics from anyone’s most recent scan results for each Asset type. The feature anticipates the ESOF cyber scores of various Asset types present in one’s infrastructure and based on the number, the predicted vulnerabilities are generated. The count of predicted vulnerabilities gets further divided based on severity levels for e.g., Critical, High, Medium and Low. ESOF predicts the number of vulnerabilities in the coming months and generates a cyber score based on that for the coming months. The platform will predict the following - Monthly Prediction of Vulnerabilities. Prediction of ESOF Cyber Score Prediction of Vulnerabilities that can be patched Prediction of Type of Vulnerability(s) ESOF also allows the count of predicted vulnerabilities to be compared to the number of actual vulnerabilities. The representational graphs will contain both the actual count and predictive count of the vulnerabilities for the coming months. “The prediction feature allows security teams to foresee threats and prepare for them. If the security team needs training or resources, knowing in advance allows them to invest time and resources to improve their security processes. ESOF plays an essential role in allowing teams to discover, prioritize and remediate before situation demands, rather than mass efforts like other tools,” said, Trishneet Arora, Founder and Chief Executive Officer, TAC Security. “We are thrilled to take the next step to ensure ESOF becomes Cybersecurity's Future. The Prediction feature is a revolutionary contribution by TAC Security to the ever-evolving Risk and Vulnerability Management market. The ability to foresee threats allows not only the security teams and leaders to be prepared. And gives them the chance to communicate with the whole organization, including the Board Members, so they know what to expect. It allows the organization to be well prepared and plan their resources to strengthen their security processes and reduce the chances of a breach remarkably.” Chris Fisher – CMO, TAC Security This announcement closely follows TAC Security’s recent launch of another new product, ESOF Product CyberScore. The product provides ability to generate risk scores for each product installed in the system. In addition to an individual product risk score for the product on a single asset, there is also a group score that will be based upon all the assets that have the product installed. With the overall product score, they can easily identify the most vulnerable products present in all the assets and prioritize the top 10 most vulnerable products present in the organization. The prediction model is a major stepping stone in TAC Security’s mission of ensuring a cyberscore becomes the next credit score system for organizations to be considered compliant. The ability to forecast upcoming vulnerabilities gives organizations an edge over the adversaries and continues to strengthen the risk posture of their overall IT infrastructure. About TAC Security TAC Security, headquartered in San Francisco, is a global leader in Vulnerability Management that protects Fortune 500 companies, leading enterprises, and governments around the world. TAC Security manages 5+ Million vulnerabilities through its Artificial Intelligence (AI) based Vulnerability Management Platform ESOF (Enterprise Security in One Framework). TAC Security has established strategic partnerships with leading cloud providers and managed service providers and consulting organizations including Tech Mahindra, IBM, KDDI Japan, and distributors including Dataguard Technologies LLC and Ingram Micro.

Read More

PLATFORM SECURITY

Network Perception Joins Operational Technology Cybersecurity Coalition to Aid with Strengthening National Security

Network Perception | June 15, 2022

Network Perception, innovators of operational technology (OT) solutions which protect mission-critical assets, today announced that it has joined the Operational Technology Cybersecurity Coalition (OT Cyber Coalition), a diverse group of leading cybersecurity vendors dedicated to improving the cybersecurity of OT environments. Launched in April, the OT Cyber Coalition supports an open, vendor-neutral approach to securing the nation’s critical infrastructure. Network Perception joins founding members Claroty, Forescout, Honeywell, Nozomi Networks and Tenable in the Coalition’s engagement with industry and government on how to best deploy data-sharing solutions that enhance the resiliency of our nation’s critical infrastructure. Network Perception solutions proactively and continuously assure the security of critical OT assets using intuitive network segmentation verification and visualization. Originally designed and built by a government-funded research team comprised of cybersecurity academics and industry experts in network security and critical infrastructure protection, the Network Perception NP-View platform has become the industry standard for the verification of proper network segmentation, the assurance of network security compliance, and the visualization of industrial control network environments. “When it comes to protecting the nation’s critical infrastructure, coordination and cooperation among the leaders in OT security technology is essential. “We’re proud to be a part of the collaboration with a diverse group of stakeholders responsible for protecting our nation’s critical infrastructure. Together we can not only advance the industry, but make our world a safer place.” Robin Berthier, Network Perception CEO and Co-Founder Other new members joining Network Perception as inductees into the OT Cyber Coalition, include ABS Group, Waterfall Security Solutions, and 1898 & Co. About the OT Cyber Coalition The Operational Technology Cybersecurity Coalition is a diverse group of leading cybersecurity vendors dedicated to improving the cybersecurity of OT environments. Representing the entire OT lifecycle, the OT Cyber Coalition believes that the strongest, most effective approach to securing our nation’s critical infrastructure is one that is open, vendor-neutral, and allows for diverse solutions and information sharing without compromising cybersecurity defenses. The OT Cyber Coalition was founded by Claroty, Forescout, Honeywell, Nozomi Networks, and Tenable in 2022. For more information, visit https://www.otcybercoalition.org/. About Network Perception Since 2014, Network Perception has set the standard for best-in-class OT network cybersecurity audit and compliance solutions. With intuitive, mapping-centric visualization and independent verification for network segmentation, Network Perception instantly and safely ensures compliance and protection.

Read More

SOFTWARE SECURITY

Whistic Announces Support of Google’s Minimum Viable Secure Product Framework

Whistic | May 23, 2022

Today, Whistic, the proactive vendor security network for both buyers and sellers, announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google in a collaborative effort with Okta, Slack, and Salesforce. Until the introduction of MVSP, there was no commonly accepted baseline available among security professionals that indicated the importance of security controls. With MVSP, vendors can demonstrate to their customers that they are meeting, at a minimum, the baseline of security as outlined by some of the industry’s top security professionals. “We believe a vendor-neutral security baseline is an important step in establishing minimum acceptable security requirements for enterprise software and services. “By assuring enterprise solutions include the core security building blocks, we can work to reduce third-party risk, and promote security as a key part of the product development lifecycle.” Chris John Riley, Senior Security Engineer at Google Vendors that utilize Whistic to share security documentation via the MVSP help streamline and accelerate the security review process for their customers, helping them to rapidly understand the vendor’s security posture. “Enabling companies to showcase their security posture using the MVSP and other industry frameworks is a key step toward ensuring transparent relationships between vendors and their customers,” stated Nick Sorensen, Whistic CEO. “In addition to announcing support of MVSP, we recently launched Whistic Basic Profile that enables any business regardless of size to proactively share their security posture with customers and publish it to the Whistic Vendor Security Network for free.” Basic Profile allows vendors to self-assess against industry standard frameworks, including MVSP. It also includes a limited number of Profile shares, and the ability to publish to the Whistic Trust Catalog, enabling Whistic customers to conduct Zero-Touch Assessments of the vendor’s security posture. “Okta has already added MVSP to our Whistic Profile and we look forward to seeing more and more of our vendors adopt this baseline in their Profiles,” said Gen Buckley, Director, Customer Assurance Customer Trust at Okta Security and founding committee member of MVSP. “We are always looking for ways to streamline our vendor security reviews and drive a more secure ecosystem, and MVSP helps accomplish that while also promoting transparency and collaboration between vendors and customers.” Marat Vyshegorodtsev, Enterprise Security JAPAC representative at Salesforce adds, “Organizations of all sizes often purchase dozens of software products managed by third parties. The onboarding process alone can take weeks or months, especially when it comes to vetting the security posture for each. MVSP helps solve this—it standardizes this process and eliminates overhead, complexity, and confusion for both parties while ensuring the minimum-security requirements.” About Whistic Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs.

Read More

Spotlight

Many organizations are not aware of the targeted attacks and advanced threats that readily breach existing security defenses. Today's attackers conduct advance reconnaissance on their targets, in order to custom-design advanced malware attack methods that are specifically designed to evade detection. To protect data, intellectual property, and communications, and to avoid the unexpected costs associated with targeted attacks and advanced threats, organizations need the ability to discover attacks that traditional security is blind to.

Resources