Cyber Survey shows a deficit in cybersecurity skills threatens job efficiency in the face of rising global cyber attacks

prnewswire | September 22, 2020

Cybrary, the world's largest online cybersecurity career development platform, today released the findings from the "Cybrary Skills Gap Research Survey and Report," which examines the current challenges, perceptions, and impacts of the cybersecurity skills gap faced by IT and security teams worldwide. The survey questioned respondents about the employer contributions towards their skill development, their level of personal commitment to growing their skills, and the current level of organizational support and opportunities offered for skill development.

Spotlight

Artificial intelligence (AI), and in particular machine learning, has seen huge strides in recent years and is now set to really start impacting all aspects of society and business. This development has been fueled by decades of exponential improvement in raw computing power, combined with progress in algorithms and, perhaps most importantly, a huge increase in the volume of data for training and testing machines that is readily available on the internet. The combination of these three factors is now giving us everything from voice-controlled digital assistants to autonomous cars. It it safe to say that “this changes everything,” and cybersecurity is no exception.


Other News
PLATFORM SECURITY

Swimlane Extends Cloud-Based Security Automation into APJ Amid Momentous Growth in Region

Swimlane | April 19, 2022

Swimlane, the leader in low-code security automation, today announced the general availability of Swimlane Cloud in the Asia-Pacific Japan (APJ) region. This deployment is further evidence of Swimlane’s continued commitment to empowering APJ customers to enable new use cases previously not possible with traditional security orchestration, automation and response (SOAR). This includes unlocking the use of automation beyond the SOC, where Swimlane serves as the system-of-record for the entire security organization. Meeting the APJ Staffing Shortage Head-On with Swimlane Cloud The APJ region faces a significant cybersecurity talent shortage with an estimated 2.045 million open cybersecurity roles, accounting for 66% of the total global shortage, signaling the struggle to find qualified, skilled professionals to handle increasing security alerts. Without automation, these overburdened security administrators must manually perform repetitive and time-consuming tasks needed to track, mitigate and resolve security events across multiple security platforms. Despite significant time investments, security teams cannot realistically analyze and adequately prioritize security alerts and events at the rate necessary to protect networks. “In order to mature our security operations, we knew it was necessary to advance how we monitor and respond to threat intelligence by taking a more proactive approach to security operations,” said Tanajak Watanakij, CISO, R V Connex. “With our existing talent pool, we turned to Swimlane’s low-code security automation offering to create a centralized system of record for our Security Operations Center (SOC) and remove dependencies on a host of manual processes. Swimlane’s interactive dashboards and automated, easily customizable workflows reduced our mean time to respond and ultimately helped us ensure continuous compliance and prevent breaches across the entire R V Connex Corporation and our MSSP customers.” “Security teams across APJ need solutions that reduce the manual operations needed to respond to security threats and speed up incident response. We are a customer-focused company with a powerful platform for helping companies ease the burden security teams face daily. Swimlane is fully dedicated to supporting the region’s ongoing cybersecurity challenges through the adoption of low-code security automation.” Johan Wikenstedt, Vice President of Asia Pacific and Japan (APJ) for Swimlane Demand for Low-Code Automation Continues to Climb Swimlane’s current product initiatives in APJ continue to drive regional market traction highlighted by: 173% revenue growth of regional presence in the past four months, with more than 7x revenue growth in the past 6 months. 142% growth of regional employee headcount in the past six months. New sales offices established in Australia, Malaysia and South Korea. Net-new customer adoption in Australia, Bangladesh, India, Japan, Malaysia, Philippines, Singapore, Thailand, and New Zealand. Vertical expansion of customer adoption across banking, technology, financial services, government, MSSP, and manufacturing industries. 8 new go-to-market partners established in the region. Lumen Technologies turned to Swimlane after experiencing a rapid period of growth that challenged the company’s security team to capacity. Swimlane’s low-code security automation platform allowed the organization to maintain the integrity of its security operations and quickly adapt to business growth across its SecOps infrastructure. Within the first quarter of implementing the solution, Lumen achieved a 30% automation level. Today, 70% of security events hitting the Security Operations Center (SOC) can be fully automated without human intervention. “Swimlane was a partner from the start, helping us ensure the solution was easy to manage and operate and providing technical support whenever we needed,” said Wai Kit Cheah, Director of the Security Practice at Lumen Technologies. “With Swimlane’s robust automation engine, events can be processed from any source, enabling our security team to integrate security automation with user and entity behavior analytics (UEBA) and third-party threat intelligence feeds. This allowed us to achieve a holistic look at our ecosystem and has quickly made Swimlane’s platform an essential component of our SOC.” Swimlane Medley Partner Program Expands to Malaysia Swimlane has invested significantly in Malaysia due to the region’s robust national cybersecurity strategy and world-class talent. As part of its growth in the region, Swimlane recently announced a partnership with CyberSecurity Malaysia, the national cyber security specialist agency under the purview of the Ministry of Communications and Multimedia Malaysia (KKMM), to assist the organization on its mission to build a more resilient cyber ecosystem throughout Malaysia. “Our strategic partnership with Swimlane comes at an exciting time for CyberSecurity Malaysia as we seek to elevate a strategic cybersecurity vision for the region,” said Dato’ Ts. Dr. Haji Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia. “Together, Swimlane and Cybersecurity Malaysia will leverage our combined experience, capabilities, and products to deliver innovative cybersecurity solutions across Malaysia and ensure companies in the region have access to the world’s most-capable low-code automation technology to safeguard their networks and data.” Join Swimlane at the SecOps Automation Summit 2022 Swimlane will hold the SecOps Automation Summit 2022 in South Korea, Malaysia and Australia in late April and early May. Presenters include Co-Founder and Chief Strategy Officer Cody Cornell and other members of the Swimlane team, along with various current partners and customers, to explore new and future innovations in the dynamic field of security automation. To learn more about the summit and Swimlane’s expansion in the APJ region, visit https://swimlane.com/swimlane-helps-address-asia-pacifics-security-skills-shortage. About Swimlane Swimlane is the leader in cloud-scale, low-code security automation. Supporting use cases beyond SOAR, Swimlane improves the ease with which security teams can overcome process and data fatigue, as well as chronic staffing shortages. Swimlane unlocks the potential of automation beyond the SOC by delivering a low-code platform that serves as the system-of-record for the entire security organization and enables anyone within the organization to contribute their knowledge and expertise to the protection of the organization.

Read More

SOFTWARE SECURITY

JFrog Integrates with ServiceNow to Improve Software Security Vulnerability Response Times with “ServiceOps”

JFrog | May 27, 2022

JFrog Ltd. , the Liquid Software company and creators of the JFrog DevOps Platform, today unveiled new integrations for JFrog Xray with ServiceNow’s Lightstep Incident Response and Spoke products for IT Service Management. Available immediately, the JFrog Xray integrations with ServiceNow (NYSE: NOW) provide IT leaders with real-time insights on security vulnerabilities and compliance issues to quickly engage necessary team members from across the organization for more immediate response and remediation. “Successfully securing the software supply chain at the speed of business is a team sport, requiring efficient, cross-team collaboration for timely security incident remediation. Our integration with ServiceNow aims to change the relationship between developers and the rest of the business, so they can maintain the speed and frequency of releases, while avoiding downtime and loss of trust from end customers." Shlomi Ben Haim, Co-Founder and CEO, JFrog The new integration enables IT teams to proactively address security issues before they become major concerns. The combination of JFrog Xray and ServiceNow delivers a robust software composition analysis (SCA) tool that can quickly scan binaries for vulnerabilities and license compliance issues, then share those insights with the appropriate parties across the organization. The JFrog Xray-ServiceNow solution is unique in that it helps DevOps engineers, site reliability engineers (SREs), IT system administrators, and others, more securely build, deploy, run, and monitor applications effortlessly, in a single view. It also enables real-time security alerts and insights with assigned actions across all the tools, people, and processes needed for timely resolution. JFrog Xray & ServiceNow: Delivering Incident Response & Enterprise-wide Workflow Design for Security Incidents Identifying and effectively responding to malicious attacks must transcend business units and operational functions. By improving real-time insight, collaboration, and communication amongst and between enterprise security and IT teams, the JFrog Xray-ServiceNow integrations ensure swift responses to emerging security threats. The JFrog Xray integration with Lightstep Incident Response enables developers, SREs, and Security Administrators to: Monitor, collect and respond to license compliance and security vulnerabilities impacting the software supply chain across all stages of the software development and release lifecycle. Streamline vulnerability response by pulling-in the right team members across the organization for faster remediation. The JFrog Xray Spoke for ServiceNow allows IT operations staff to: Generate violation reports, create ‘ignore rules’, re-scan builds, add custom item properties, and more. Automate workflows that meet audit demands and avoid penalties for improper use of code segments obtained from the open-source community. Identify problems earlier in the application development pipeline and incorporate change management solutions. For more information on the new JFrog Xray integrations for ServiceNow Lightstep Incident Response, read this blog or solution sheet. Further details on the JFrog Xray integration with Spoke can be found in this blog. You can also connect with JFrog and ServiceNow solution experts during swampUP 2022 taking place in San Diego, May 25 - 26, 2022. For more information and to register, visit https://swampup.jfrog.com/. About JFrog JFrog Ltd. , is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back.

Read More

SOFTWARE SECURITY

LeanIX Announces Cloud Security Alliance Membership

LeanIX | March 11, 2022

LeanIX , the platform to plan and manage continuous transformation across the enterprise, today announced its membership in the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. LeanIX is published on CSA's Security, Trust, Assurance, and Risk (STAR) Registry, a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. The company has maintained STAR Level ONE status on the registry since September 2020 and is now a registered SaaS Solution Provider with CSA. LeanIX builds information technology tools that promote a culture capable of navigating all types of change, both planned and unexpected. Its enterprise-ready, secure, and trusted SaaS platform supports the needs of leading companies around the world by providing the data, insights and common language needed to master software complexity. Whether rationalizing IT landscapes, preparing for a major technology migration, enabling flexible approaches to SaaS management, or mapping value streams from code to customer, LeanIX is the trusted partner for turning change into a competitive advantage. "SaaS depends on trust. We believe transparency around the protection of customer data and everything we do to ensure compliance and system availability helps build that trust. As proud CSA members, we share the organization's commitment to ensuring a trusted and secure cloud computing environment." LeanIX Co-founder and CEO André Christ "Publishing and maintaining Level ONE status on the STAR Registry is a testament to LeanIX's relentless commitment to information security, and we're thrilled to have the company as a member of the CSA," said Jim Reavis, CSA co-founder and CEO. "As a newly registered SaaS Solution Provider, our continued work with LeanIX will help promote excellent security practices and build on the foundation of trust for customers and the greater marketplace." About the Cloud Security Alliance The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA's activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. About LeanIX LeanIX's Continuous Transformation Platform® is trusted by Corporate IT and Product IT to achieve comprehensive visibility and superior governance. Global customers organize, plan and manage IT landscapes with LeanIX's automated and data-driven approach. Offering SaaS for Enterprise Architecture Management, SaaS Management, and Value Stream Management, LeanIX helps organizations make sound decisions and accelerate transformation journeys. LeanIX has hundreds of customers globally, including Adidas, Atlassian, Bosch, Dropbox, Santander or Workday. The company is headquartered in Bonn, Germany, with offices in Boston, Hyderabad and around the world.

Read More

SOFTWARE SECURITY

Whistic Announces Support of Google’s Minimum Viable Secure Product Framework

Whistic | May 23, 2022

Today, Whistic, the proactive vendor security network for both buyers and sellers, announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google in a collaborative effort with Okta, Slack, and Salesforce. Until the introduction of MVSP, there was no commonly accepted baseline available among security professionals that indicated the importance of security controls. With MVSP, vendors can demonstrate to their customers that they are meeting, at a minimum, the baseline of security as outlined by some of the industry’s top security professionals. “We believe a vendor-neutral security baseline is an important step in establishing minimum acceptable security requirements for enterprise software and services. “By assuring enterprise solutions include the core security building blocks, we can work to reduce third-party risk, and promote security as a key part of the product development lifecycle.” Chris John Riley, Senior Security Engineer at Google Vendors that utilize Whistic to share security documentation via the MVSP help streamline and accelerate the security review process for their customers, helping them to rapidly understand the vendor’s security posture. “Enabling companies to showcase their security posture using the MVSP and other industry frameworks is a key step toward ensuring transparent relationships between vendors and their customers,” stated Nick Sorensen, Whistic CEO. “In addition to announcing support of MVSP, we recently launched Whistic Basic Profile that enables any business regardless of size to proactively share their security posture with customers and publish it to the Whistic Vendor Security Network for free.” Basic Profile allows vendors to self-assess against industry standard frameworks, including MVSP. It also includes a limited number of Profile shares, and the ability to publish to the Whistic Trust Catalog, enabling Whistic customers to conduct Zero-Touch Assessments of the vendor’s security posture. “Okta has already added MVSP to our Whistic Profile and we look forward to seeing more and more of our vendors adopt this baseline in their Profiles,” said Gen Buckley, Director, Customer Assurance Customer Trust at Okta Security and founding committee member of MVSP. “We are always looking for ways to streamline our vendor security reviews and drive a more secure ecosystem, and MVSP helps accomplish that while also promoting transparency and collaboration between vendors and customers.” Marat Vyshegorodtsev, Enterprise Security JAPAC representative at Salesforce adds, “Organizations of all sizes often purchase dozens of software products managed by third parties. The onboarding process alone can take weeks or months, especially when it comes to vetting the security posture for each. MVSP helps solve this—it standardizes this process and eliminates overhead, complexity, and confusion for both parties while ensuring the minimum-security requirements.” About Whistic Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs.

Read More

Spotlight

Artificial intelligence (AI), and in particular machine learning, has seen huge strides in recent years and is now set to really start impacting all aspects of society and business. This development has been fueled by decades of exponential improvement in raw computing power, combined with progress in algorithms and, perhaps most importantly, a huge increase in the volume of data for training and testing machines that is readily available on the internet. The combination of these three factors is now giving us everything from voice-controlled digital assistants to autonomous cars. It it safe to say that “this changes everything,” and cybersecurity is no exception.

Resources