DATA SECURITY

CyberSN acquires Leader Matt Donato of cybersecurity staff to expand reach into the Southeast & Mid-Atlantic region

prnewswire | November 17, 2020

CyberSN, an innovation engaged ability securing firm in the U.S. zeroed in only on cybersecurity experts has reported its extension in the Southeast and Mid-Atlantic areas with the employing of Matt Donato and Drew Crisan in Charlotte, NC.

Matt Donato joins CyberSN as its Managing Director South Region liable for all action from Washington DC to Florida. Preceding CyberSN Matt was one of the Founders of a Charlotte, NC based cybersecurity staffing firm. "I am so eager to join the CyberSN family and consolidate my affection for cybersecurity with the staggering assets at CyberSN. I am anticipating extending the CyberSN brand in this locale," said Donato. Drew Crisan additionally joins CyberSN as its Cybersecurity Recruiting Manager for the East and South Regions. CyberSN Founder and CEO Deidre Diamond said of the extension, "we are seeing an expanded interest for our administrations, particularly our Resume Service, called Talent Scout, where we accomplish a large portion of the work and our customers do half, for a large portion of the cost. This development with solid pioneers like Matt and Drew implies we can more readily support this area."

North Carolina is a developing business sector with a 128% development in tech work postings in 2019 and an extended requirement for 3,960 extra data security examiners by 2024. These positions are progressively open to out-of-territory up-and-comers, which will permit neighborhood organizations to use the CyberSN public organization of employment searchers. As indicated by NCTECH's positions rundown, "the Charlotte locale added 39,413 tech occupations a year ago," which was instrumental in CyberSNs' choice to add assets to this district, said Diamond. "We are multiplying down broadly in all business sectors. Our resume administration, dispatched recently, has demonstrated to be truly attractive. With more administration hands on the wheel, we can support substantially more of the network we love," said Diamond.

About CyberSN

Founded in 2014, CyberSN is solely focused on the cybersecurity talent industry serving as a trusted brand across the U.S. Recognized by their unique care and dedication to the cyber community, diversity and inclusion initiatives, and KnowMoreTM, their cybersecurity job posting and talent matching platform.

Spotlight

Cyber criminals constantly innovate their threat tactics to more efficiently breach organizations and make off with valuable data. As cybercrime evolves, we see increased innovation in the hacking tools and techniques used to evade known security mechanisms. In the past few years, we have seen more advanced, targeted attacks, where hackers spent ample time investigating the target and tailoring the threat.


Other News
SOFTWARE SECURITY

ConnectWise Amplifies MSP Cyberattack Defense with Incident Response Service

ConnectWise | April 20, 2022

ConnectWise, the world’s leading software company dedicated to the success of IT solution providers, today announced a new service offering designed to help MSPs and their clients rapidly respond to attacks and recover from security incidents. The ConnectWise Incident Response Service provides direct, around-the-clock access to a team of expert cybersecurity analysts to provide immediate assistance to assess, contain and remediate threats to minimize impact and business disruption. According to the 2022 ConnectWise MSP Threat Report, there was a 10-15% increase in ransomware incidents by quarter in 2021, with 56% of all incidents occurring in the second half of the year. When it comes to cyberattacks, preparation is the best prevention for MSPs that are increasingly becoming targets of threat actors. For MSPs and their clients that often lack resources to properly respond to incidents, the ConnectWise Incident Response Service provides an immediate life-line to skilled cybersecurity experts that accelerate incident resolution and help avoid mistakes that can be costly to business operations. “With a talent shortage, more sophisticated threat actors and more technologies to protect, cybersecurity incidents can quickly overwhelm an MSP and their end client and jeopardize protection of their client’s critical assets. Every second counts in a cyberattack, so having a team of security experts at a moment’s notice is a game-changing force multiplier for an MSP’s successful delivery of cybersecurity services. With this service, MSPs can confidently turn to ConnectWise to gain swift understanding and control of the situation to eradicate threats and prevent costly downtime.” Raffael Marty, General Manager, Cybersecurity, ConnectWise The ConnectWise Incident Response Service also aids in the recovery process with forensic examination of system data, user activity and artifacts of digital evidence to determine the extent of compromise and identify which threat actor might be involved. The ConnectWise Incident Response Service is available today to both ConnectWise partners and non-partners. About ConnectWise ConnectWise is the world's leading software company dedicated to the success of IT solution providers through our unmatched software, services, community. ConnectWise’s innovative, integrated, and security-centric platform – Asio™ - provides unmatched flexibility, automation, and scale that fuels profitable, long-term growth for our Partners. ConnectWise equips TSPs with cybersecurity solutions, unified monitoring and management solutions, and business automation solutions—all while providing industry-leading operational maturity offerings to accelerate business transformation.

Read More

SOFTWARE SECURITY

Whistic Announces Support of Google’s Minimum Viable Secure Product Framework

Whistic | May 23, 2022

Today, Whistic, the proactive vendor security network for both buyers and sellers, announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google in a collaborative effort with Okta, Slack, and Salesforce. Until the introduction of MVSP, there was no commonly accepted baseline available among security professionals that indicated the importance of security controls. With MVSP, vendors can demonstrate to their customers that they are meeting, at a minimum, the baseline of security as outlined by some of the industry’s top security professionals. “We believe a vendor-neutral security baseline is an important step in establishing minimum acceptable security requirements for enterprise software and services. “By assuring enterprise solutions include the core security building blocks, we can work to reduce third-party risk, and promote security as a key part of the product development lifecycle.” Chris John Riley, Senior Security Engineer at Google Vendors that utilize Whistic to share security documentation via the MVSP help streamline and accelerate the security review process for their customers, helping them to rapidly understand the vendor’s security posture. “Enabling companies to showcase their security posture using the MVSP and other industry frameworks is a key step toward ensuring transparent relationships between vendors and their customers,” stated Nick Sorensen, Whistic CEO. “In addition to announcing support of MVSP, we recently launched Whistic Basic Profile that enables any business regardless of size to proactively share their security posture with customers and publish it to the Whistic Vendor Security Network for free.” Basic Profile allows vendors to self-assess against industry standard frameworks, including MVSP. It also includes a limited number of Profile shares, and the ability to publish to the Whistic Trust Catalog, enabling Whistic customers to conduct Zero-Touch Assessments of the vendor’s security posture. “Okta has already added MVSP to our Whistic Profile and we look forward to seeing more and more of our vendors adopt this baseline in their Profiles,” said Gen Buckley, Director, Customer Assurance Customer Trust at Okta Security and founding committee member of MVSP. “We are always looking for ways to streamline our vendor security reviews and drive a more secure ecosystem, and MVSP helps accomplish that while also promoting transparency and collaboration between vendors and customers.” Marat Vyshegorodtsev, Enterprise Security JAPAC representative at Salesforce adds, “Organizations of all sizes often purchase dozens of software products managed by third parties. The onboarding process alone can take weeks or months, especially when it comes to vetting the security posture for each. MVSP helps solve this—it standardizes this process and eliminates overhead, complexity, and confusion for both parties while ensuring the minimum-security requirements.” About Whistic Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs.

Read More

SOFTWARE SECURITY

ColorTokens Launches Xcloud, Autonomous Cloud Security Protection for All Enterprise Environments

ColorTokens | April 06, 2022

ColorTokens Inc., a leading innovator in autonomous Zero Trust cybersecurity solutions, announced the launch of its new product, Xcloud. Xcloud's agentless, automated, and deep scanning technology finds the most elusive threats across cloud and container environments fast and without disruption. Xcloud combines vulnerability management, malware detection, and compliance monitoring all in one platform, saving time, resources, and cost. Customers worldwide can now gain access to Xcloud directly from AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS). Today's enterprises are leveraging cloud technologies at a hyper-scale. According to the Gartner® Hype Cycle™ for Cloud Security, 2021, "By 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40% in 2020. By 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end-users." To address the unique challenges of cloud security — shortages of skilled staff, tools not designed for the cloud, limited or no visibility, and the inability to control cloud security — enterprises need simple, fast, agentless, and autonomous tools to provide the support they need. "In today's cloud era, it is widely embraced that cloud environments require agentless tools. But current tools for cloud security follow a fragmented approach, and these siloed point security tools cannot deliver end-to-end visibility on the comprehensive security posture of the enterprise business," says Rajesh Khazanchi, chief executive officer of ColorTokens. "ColorTokens now uniquely solves enterprise cloud security challenges, combining Xcloud with our comprehensive platform to bring unparalleled risk visibility, essential insights, and automation into the risks that threaten cloud and container environments." With nothing to install, deploy, or configure, Xcloud keeps you secure automatically. Xcloud uniquely allows security teams to find and fix the deepest risks in their cloud: Uncover more critical risks. Xcloud's ShadowScan™ dives deeper into workloads and containers at the OS level to detect vulnerabilities and risky configuration issues that are often missed. ShadowScan™ creates and scans a complete replica of workloads to eliminate disruptions, downtime, and impact to applications. Prevent supply chain attacks. Xcloud's ChainScan™ uncovers hidden vulnerabilities in critical application libraries and scans container and cloud workloads for all software dependencies. This allows enterprises to identify the risks introduced in third-party packages throughout their entire application software supply chain. Detect the latest threats. Xcloud automatically tracks the latest vulnerabilities and malware from multiple threat intelligence and vulnerability sources. Every security scan of environments uses a real-time database to find the latest threats so businesses can continuously detect and remediate new threats. "When compared to the two other leading solutions in the cloud security market, ColorTokens' Xcloud uniquely delivers brilliant ease of use and unmatched deep visibility into the cloud," says Harish Akali, CTO of ColorTokens. "As a result of Xcloud's automated, agentless, customer-obsessed approach, combined with its availability in AWS Marketplace, Xcloud delivers instantaneous onboarding and results and without any disruption." Ravi Pattabhi, VP of cloud security at ColorTokens To access Xcloud today, visit ColorTokens in AWS Marketplace. ABOUT COLORTOKENS ColorTokens Inc. is a leading innovator in SaaS-based Zero Trust cybersecurity solutions that provides global enterprises with a unique set of products and services for securing applications, data, and users across cloud and hybrid environments. Through its award-winning Xtended ZeroTrust™ Platform and context-aware machine learning-powered technologies, ColorTokens helps businesses accurately assess and improve their security posture dynamically.

Read More

PLATFORM SECURITY

Veracode Research Reveals Software Supply Chain Security Shortfalls for Public Sector

Veracode | March 30, 2022

Veracode, a leading global provider of application security testing solutions, has released new findings that show the public sector has the highest proportion of security flaws in its applications and maintains some of the lowest and slowest fix rates compared to other industry sectors. Analysis of data collected from 20 million scans across half a million applications revealed these sector-specific findings as part of Veracode’s annual report on the State of Software Security (SOSS). "Public sector policy makers and leaders recognize that dated technology and vast troves of sensitive data make government applications a prime target for malicious actors. That’s why the White House and Congress are working together to update regulations governing cybersecurity compliance. In the wake of May 2021's Executive Order to improve the nation's cybersecurity and protect federal government networks, the U.S. Office of Management and Budget, Department of Defense and the White House have issued four memos addressing the need to adopt zero trust cybersecurity principles and strengthen the security of the software supply chain. Our research confirms this need.” Chris Eng, Chief Research Officer at Veracode No Time to Waste: Fix More Flaws Faster Veracode’s research found that compared to other industries, the public sector has the highest proportion of applications with security flaws, at 82 percent. When it comes to how quickly organizations fix flaws once detected, the public sector posts the slowest times on average—roughly two times slower than other sectors. The research also revealed that 60 percent of flaws in third-party libraries in the public sector remain unfixed after two years, which is double that of other sectors and lags the cross-industry average by more than 15 months. Finally, with only a 22 percent fix rate overall, the public sector is challenged to keep software supply chain attacks from impacting critical state, local, and educational applications. Eng continued, “Organizations in this sector must act with urgency. They can improve their secure DevOps practices significantly by using multiple types of scanning—static, dynamic, and software composition analysis—to get a more complete picture of an application’s security, which in turn will help them to improve remediation times, comply with industry regulations, and make the case for increasing application security budgets.” High Severity Flaws Are Priority One Demonstrating a positive trend, the public sector ranks highly when it comes to addressing high severity flaws. The research reveals that government entities have made great strides to address high severity flaws, which appear in only 16 percent of applications. In fact, the number of high severity flaws has decreased by 30 percent in the last year alone, suggesting that developers in the sector increasingly recognize the importance of prioritizing flaws that present the greatest risks. This is encouraging and may reflect growing understanding of new software security guidelines, such as those outlined in the U.S. Executive Order on Cybersecurity and the U.K. Government Cyber Security Strategy 2022 – 2030. Eng closed, "Recognizing that time is of the essence, public sector leaders are beginning to set timelines. For example, in “Moving the US Government Toward Zero Trust Cybersecurity Principles”, Shalanda Young has set a deadline of September 30, 2024 for all US federal agencies to meet specific cybersecurity standards. We think that the progress made against high security flaws is a great starting point and support all public sector agencies who seek to gain better control over their software supply chains." About the State of Software Security Report The twelfth volume of Veracode’s annual report on the State of Software Security (SOSS) examines historical trends shaping the software landscape and how security practices are evolving along with those trends. This year’s findings are based on the full historical data available from Veracode services and customers and represent a cross-section of large and mid-sized companies, commercial software suppliers, and open-source projects. The report contains findings about applications that were subjected to static analysis, dynamic analysis, software composition analysis, and/or manual penetration testing through Veracode’s cloud-based platform. About Veracode Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Read More

Spotlight

Cyber criminals constantly innovate their threat tactics to more efficiently breach organizations and make off with valuable data. As cybercrime evolves, we see increased innovation in the hacking tools and techniques used to evade known security mechanisms. In the past few years, we have seen more advanced, targeted attacks, where hackers spent ample time investigating the target and tailoring the threat.

Resources