DATA SECURITY

CYFIRMA launches Threat Visibility and Cyber Intelligence Capabilities in AWS Marketplace; joins AWS ISV Accelerate Program

CYFIRMA | August 17, 2021

CYFIRMA, a threat discovery and cyber-intelligence platform company funded by Goldman Sachs, Zodius Capital and Z3Partners, today announced the availability of CYFIRMA's two core products, DeCYFIR and DeTCT, in Amazon Web Services (AWS) Marketplace. AWS offers an unmatched portfolio of cloud services designed to help organizations build secure, resilient, and efficient infrastructure for their applications. DeCYFIR and DeTCT provide an added layer of security to help businesses navigate the evolving threat landscape.

CYFIRMA has also been inducted into the AWS Independent Software Vendors (ISV) Accelerate program, which provides CYFIRMA with co-sell support and benefits to easily gain access to millions of active AWS customers with AWS field sellers globally.

DeCYFIR is a threat discovery and cyber-intelligence platform that arms businesses with personalized and predictive intelligence. To prevent data breaches and cyberattacks, DeCYFIR employs a systematic approach guiding defenders to swiftly identify threats and applying remedial actions to avoid financial and brand damage. The cloud-based, software-as-a-service (SaaS) platform is non-intrusive, can on-board customers within two hours, and provides customers with insights related to their threat landscape within 24 hours.

DeCYFIR provides visibility into the external threat landscape by monitoring the dark web, hacker forums and various closed communities to look for threat indicators that would signal cybercriminals planning to exploit security weaknesses that could lead to business disruption.

DeCYFIR helps customers complement AWS's robust cloud security features and services by delivering six foundation pillars of threat discovery and cyber-intelligence on a single unified platform.

DeTCT is a digital risk protection platform with risk and hackability scores to help cybersecurity leaders gain real-time insights into their security profiles. DeTCT uncovers potential attack surfaces, provides vulnerability and brand intelligence, and discovers data breaches and leaks, impersonation and infringement. DeTCT then assists firms in prioritizing measures to increase their security.

By making DeCYFIR and DeTCT available in AWS Marketplace, businesses can further increase cloud security by using threat intelligence to protect themselves against cyberattacks.

"Customer safety and their personal information remain our utmost priority at Mitsubishi Motors Corporation. With the rising level of cyberattacks, cybersecurity threat intelligence information becomes paramount as a countermeasure and deterrence to these risks. We are confident that CYFIRMA is the right partner for us to work with," said Mr. Yoshinori Yamane, General Manager of Information Security Management Office, Mitsubishi Motors. "DeCYFIR is a powerful platform that enhances our cybersecurity posture as it goes one step further in providing critical early warning intelligence to identify attack surfaces and vulnerabilities at the earliest stages, allowing our security team to take rapid action in mitigating risk."

"As a healthcare services company delivering life-saving medicines to those who need them the most, we own and operate some of the most advanced cold chain facilities, managing temperature-sensitive medicines through innovative and digitalized processes. The rapidly evolving threat landscape in the healthcare industry has shown us the importance of managing cybersecurity in dynamic ways, particularly as we continue rolling out more digitalization initiatives. CYFIRMA's DeCYFIR has guided us in our response to cyber risks by providing us with real-time insights and early warnings to malicious activities targeting us," said Mike Brewster, Vice President Technology, Zuellig Pharma.

"At AWS, security will always be our top priority, and the availability of a broad and deep set of Cloud security services is why customers choose AWS Cloud to run their mission-critical workloads. To augment our native cloud security services, AWS is committed to building a partner ecosystem to provide our customers with the most comprehensive range of security offerings available today. The AWS Marketplace helps ASEAN ISVs scale internationally and we are excited to add CYFIRMA's cybersecurity platforms so that AWS's millions of active customers across the globe can benefit from their offerings," said Conor McNamara, Managing Director, ASEAN at AWS.

"According to Interpol, in just over a year, cyber threats have increased multifold, leading many firms to reassess how they have been managing cybersecurity. We are happy to make our two key products, DeCYFIR and DeTCT, available in AWS Marketplace to assist businesses globally with strengthening their cloud security. With DeCYFIR, clients will acquire threats insights to perform successful intelligence hunting and attribution, connecting the dots between hacker, motive, campaign, and method to gain a full perspective of their threat landscape - all on a single unified platform. DeTCT's real-time digital risk profiling will enable businesses with the much-needed visibility into their risk state, allowing them to take action to enhance their cybersecurity posture. With both DeCYFIR and DeTCT, businesses of all sizes can accelerate their digitalization journeys knowing we have got their back when it comes to fending off cyberattacks," said Kumar Ritesh, Founder & CEO of CYFIRMA.

ABOUT CYFIRMA
CYFIRMA is a threat discovery and cyber-intelligence platform company. We combine cyber intelligence with attack surface discovery and digital risk protection to deliver predictive, personalized, contextual, outside-in, and multi-layered insights. We harness our cloud-based AI and ML-powered analytics platform to help organizations proactively identify potential threats at the planning stage of cyberattacks. Our unique approach of providing the hacker's view and deep insights into the external cyber landscape help clients prepare for upcoming attacks.

Spotlight

Enterprises are engaged in a constant arms race to defend their assets, and the perception is that the offense is winning. Today, the IT threat environment is more dangerous because it is driven by organized crime looking for large paydays in selling credit cards and valuable information, cybermercenaries capturing intellectual property for economic espionage, lone-wolf hackers who target relatively low-value targets, nation-states looking to disrupt U.S. commerce and government activity, and hacktivists with their various "occupy" and "anti-"agendas


Other News
DATA SECURITY

Flashpoint Acquires Vulnerability Intelligence Leader Risk Based Security

Flashpoint | January 13, 2022

Flashpoint, the trusted leader in threat intelligence and risk prevention, today announced it has acquired Risk Based Security (RBS), a Richmond, Virginia-based company specializing in vulnerability and data breach intelligence, as well as vendor risk ratings. The integration of RBS’s collections and technology into the Flashpoint platform offers a wide range of cybersecurity practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management teams—the contextual threat intelligence and automation they need to detect, prioritize, and thwart emerging cyber risks rapidly and holistically. “I am incredibly excited to welcome the RBS team to Flashpoint,This acquisition will enable our clients to rapidly detect critical vulnerabilities before they are widely known, and then automate how they prioritize and remediate these issues. This is a game changer for security teams and represents a vital step towards achieving Flashpoint’s vision of being the single vendor that enterprises can rely on to mitigate all types of security risks and protect critical assets.” Flashpoint CEO Josh Lefkowitz Since its founding in 2011, Risk Based Security has partnered with a diverse group of clients, including Microsoft, BlackRock, Northrop Grumman, Swisscom, American Electric Power, Amtrak, and numerous other enterprises across the technology, financial, insurance, and consumer goods sectors. To date, RBS possesses over 90,000 vulnerabilities in its collections that are not assigned CVE IDs and therefore do not exist in the National Vulnerability Database (NVD). RBS’s proprietary technology consistently identifies vulnerabilities before they are commonly known—and maps those vulnerabilities to an enterprise’s software—providing clients with a critical edge and head-start on potential adversaries. “We’re thrilled to join forces with Flashpoint,” said Jake Kouns, CEO of RBS. “It’s rare to find two organizations so similar in culture with a mutual drive to get things done. Our visions align perfectly, and we are excited to collaborate with them to bring a holistic, risk-based intelligence offering to a broad market.” AN ASSET-BASED APPROACH TO INTELLIGENCE AND RISK MANAGEMENT RBS’s extensive vulnerability, data breach, and proprietary vendor risk ratings empower security teams to quickly assess and remediate vulnerabilities based on their unique risk profile—making it the only vulnerability management tool on the market that provides scanless, real-time vulnerability intelligence with vendor and product risk ratings. With this technology, Flashpoint will be able to reveal a customer’s exposure to critical vulnerabilities and supply chain weaknesses, provide contextual awareness into how these vulnerabilities are being exploited by threat actors, and prioritize and automate the actions needed to remediate potential threats. In light of recent critical vulnerabilities like the highly-publicized disclosure of Log4j, early detection and rapid prioritization of risks is more important than ever. Moving beyond a reactive approach to threats, a combined Flashpoint and RBS solution will drive immediate and differentiated value to all types of security practitioners who are focused on protecting critical assets and infrastructure. ABOUT FLASHPOINT Trusted by governments and the Fortune 500, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps and vendor risk management teams—rely on Flashpoint's intelligence platform to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. ABOUT RISK BASED SECURITY Risk Based Security (RBS) provides detailed information and analysis on Vulnerability Intelligence, Vendor Risk Ratings and Data Breaches. Our product, the Risk Based Security Platform, combines VulnDB and Cyber Risk Analytics (CRA), providing organizations access to the most comprehensive security intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner.

Read More

DATA SECURITY

Red Hat Unveils New Levels of Security from the Software Supply Chain to the Edge

Red Hat | May 11, 2022

Red Hat, Inc., the world's leading provider of open source solutions, today announced new security innovations and capabilities across its portfolio of open hybrid cloud technologies. Designed to help organizations mitigate risks and meet compliance requirements across increasingly complex IT environments that mix cloud services, traditional systems and edge devices, these enhancements are intended to minimize complexity, while helping customers improve their security posture and enable DevSecOps. According to Red Hat’s 2021 Global Tech Outlook report, 45% of respondents put IT Security as their top funding priority. IT security, however, is not a static demand - regulatory controls, compliance demands and threat actors shift on an almost daily basis, requiring almost constant vigilance from IT security teams. Red Hat has long been a leader in security for enterprise open source solutions, beginning with Red Hat Enterprise Linux, viewing security as a fundamental component and not an add-on. KuppingerCole Analysts recently recognized Red Hat as the Overall Leader in its Leadership Compass for Container Security. According to KuppingerCole’s evaluation, “With a massive market presence and proven expertise in container management, enhanced by the recent acquisition and integration of StackRox, a leading container security company, Red Hat is recognized as the Overall Leader in this Leadership Compass.” With today’s news, Red Hat continues a relentless march of innovation to advance security across hybrid cloud environments—from on-premises to multi-cloud to the edge—across the entire technology lifecycle and software stack. Enhancing software supply chain security Securing applications from development through the entire lifecycle can be complex and frequently requires multiple components to work together. To help simplify the process of implementing security features throughout the complete build, deploy and run process, Red Hat is introducing a software supply chain security pattern. Delivered via Red Hat OpenShift, patterns deliver complete stacks as code and define, build and test the necessary software configurations. Available as a preview, the software supply chain security pattern will bring together the necessary components to architect cloud-native applications from trusted components. The pattern uses a Kubernetes-native, continuously-integrated pipeline through Red Hat OpenShift Pipelines and Red Hat OpenShift GitOps for version control, helping to reduce complexity and save time. Additionally, through Tekton Chains, the pattern will incorporate Sigstore, an open source project aimed at making cryptographic signing of code more accessible. This addition makes it easier for artifacts to be signed in the pipeline itself rather than after application creation. In addition, in Red Hat Ansible Automation Platform 2.2, Red Hat is introducing a technical preview of Ansible content signing technology. The new capability helps with software supply chain security by enabling automation teams to validate that the automation content being executed in their enterprise is verified and trusted. Enhancing application security lifecycle from the datacenter to the edge As organizations adopt cloud-native architectures, the core enterprise needs for hardened environments, lowered attack surfaces and faster detection and response to threats remain. Applications running outside of traditional IT environments, including at the edge, introduce further security requirements that compound these already complex challenges. Beyond the physical security requirements of edge devices, CIOs and IT decision-makers are increasingly seeing a need to protect the container workloads running on these devices. An example could be implementing strategies and capabilities to prevent the lateral movement of potential attacks or breaches across edge deployments. Red Hat Advanced Cluster Security for Kubernetes brings a deployment-ready answer to these concerns, with key capabilities to protect edge workloads, including: Automated DevSecOps in the CI/CD pipeline to help protect the software supply chain for edge environments through vulnerability management, application configuration analysis and CI/CD integration Threat protection provides threat detection and incident response capabilities at runtime for common threats Network segmentation to enforce workload isolation, analyze container communication and detect risky network communication paths Integrated security starts with the operating system In the 2022 Gartner® Board of Directors Survey, 88% of board members classified cybersecurity as a business risk; just 12% called it a technology risk.1 The broad ramifications of a cyber attack or data breach have led to increased scrutiny across IT environments by investors and regulators alike. Fortifying IT environments against these potentially damaging incidents is critical, and Red Hat believes that this effort starts at the foundation, at the operating system level, with Red Hat Enterprise Linux. Red Hat Enterprise Linux 9 lays the foundation for runtime integrity verification of the operating system and application files by providing file digital signatures within RPM packages. The platform uses integrity measurement architecture (IMA) at the kernel level to verify individual files and their provenance. IMA file verification specifically helps to detect accidental and malicious modifications to systems, providing more remediation capabilities for security teams in addressing potential issues or breaches. Additional key security features in Red Hat Enterprise Linux 9 include: Enhanced security around root privileges by disabling root login via SSH by default. This helps to prevent the discovery of root passwords through brute force attacks and improving baseline security postures of an operating environment. Support for latest cryptographic frameworks with the integration of OpenSSL 3. This enables IT teams to enact new ciphers for encrypting and protecting sensitive information. Bolstered security best practices by disabling the cryptographically-broken SHA-1 hash function by default for digital signature, driving improved security hygiene. Additionally, Red Hat and IBM Research are collaborating around expanding the core security aspects of the Linux kernel, such as through support for signing and verifying elliptic curve digital signatures. This work expands the algorithms supported and reduces the size of digital signatures used throughout the Linux kernel. About Red Hat, Inc. Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.

Read More

PLATFORM SECURITY

Swimlane Extends Cloud-Based Security Automation into APJ Amid Momentous Growth in Region

Swimlane | April 19, 2022

Swimlane, the leader in low-code security automation, today announced the general availability of Swimlane Cloud in the Asia-Pacific Japan (APJ) region. This deployment is further evidence of Swimlane’s continued commitment to empowering APJ customers to enable new use cases previously not possible with traditional security orchestration, automation and response (SOAR). This includes unlocking the use of automation beyond the SOC, where Swimlane serves as the system-of-record for the entire security organization. Meeting the APJ Staffing Shortage Head-On with Swimlane Cloud The APJ region faces a significant cybersecurity talent shortage with an estimated 2.045 million open cybersecurity roles, accounting for 66% of the total global shortage, signaling the struggle to find qualified, skilled professionals to handle increasing security alerts. Without automation, these overburdened security administrators must manually perform repetitive and time-consuming tasks needed to track, mitigate and resolve security events across multiple security platforms. Despite significant time investments, security teams cannot realistically analyze and adequately prioritize security alerts and events at the rate necessary to protect networks. “In order to mature our security operations, we knew it was necessary to advance how we monitor and respond to threat intelligence by taking a more proactive approach to security operations,” said Tanajak Watanakij, CISO, R V Connex. “With our existing talent pool, we turned to Swimlane’s low-code security automation offering to create a centralized system of record for our Security Operations Center (SOC) and remove dependencies on a host of manual processes. Swimlane’s interactive dashboards and automated, easily customizable workflows reduced our mean time to respond and ultimately helped us ensure continuous compliance and prevent breaches across the entire R V Connex Corporation and our MSSP customers.” “Security teams across APJ need solutions that reduce the manual operations needed to respond to security threats and speed up incident response. We are a customer-focused company with a powerful platform for helping companies ease the burden security teams face daily. Swimlane is fully dedicated to supporting the region’s ongoing cybersecurity challenges through the adoption of low-code security automation.” Johan Wikenstedt, Vice President of Asia Pacific and Japan (APJ) for Swimlane Demand for Low-Code Automation Continues to Climb Swimlane’s current product initiatives in APJ continue to drive regional market traction highlighted by: 173% revenue growth of regional presence in the past four months, with more than 7x revenue growth in the past 6 months. 142% growth of regional employee headcount in the past six months. New sales offices established in Australia, Malaysia and South Korea. Net-new customer adoption in Australia, Bangladesh, India, Japan, Malaysia, Philippines, Singapore, Thailand, and New Zealand. Vertical expansion of customer adoption across banking, technology, financial services, government, MSSP, and manufacturing industries. 8 new go-to-market partners established in the region. Lumen Technologies turned to Swimlane after experiencing a rapid period of growth that challenged the company’s security team to capacity. Swimlane’s low-code security automation platform allowed the organization to maintain the integrity of its security operations and quickly adapt to business growth across its SecOps infrastructure. Within the first quarter of implementing the solution, Lumen achieved a 30% automation level. Today, 70% of security events hitting the Security Operations Center (SOC) can be fully automated without human intervention. “Swimlane was a partner from the start, helping us ensure the solution was easy to manage and operate and providing technical support whenever we needed,” said Wai Kit Cheah, Director of the Security Practice at Lumen Technologies. “With Swimlane’s robust automation engine, events can be processed from any source, enabling our security team to integrate security automation with user and entity behavior analytics (UEBA) and third-party threat intelligence feeds. This allowed us to achieve a holistic look at our ecosystem and has quickly made Swimlane’s platform an essential component of our SOC.” Swimlane Medley Partner Program Expands to Malaysia Swimlane has invested significantly in Malaysia due to the region’s robust national cybersecurity strategy and world-class talent. As part of its growth in the region, Swimlane recently announced a partnership with CyberSecurity Malaysia, the national cyber security specialist agency under the purview of the Ministry of Communications and Multimedia Malaysia (KKMM), to assist the organization on its mission to build a more resilient cyber ecosystem throughout Malaysia. “Our strategic partnership with Swimlane comes at an exciting time for CyberSecurity Malaysia as we seek to elevate a strategic cybersecurity vision for the region,” said Dato’ Ts. Dr. Haji Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia. “Together, Swimlane and Cybersecurity Malaysia will leverage our combined experience, capabilities, and products to deliver innovative cybersecurity solutions across Malaysia and ensure companies in the region have access to the world’s most-capable low-code automation technology to safeguard their networks and data.” Join Swimlane at the SecOps Automation Summit 2022 Swimlane will hold the SecOps Automation Summit 2022 in South Korea, Malaysia and Australia in late April and early May. Presenters include Co-Founder and Chief Strategy Officer Cody Cornell and other members of the Swimlane team, along with various current partners and customers, to explore new and future innovations in the dynamic field of security automation. To learn more about the summit and Swimlane’s expansion in the APJ region, visit https://swimlane.com/swimlane-helps-address-asia-pacifics-security-skills-shortage. About Swimlane Swimlane is the leader in cloud-scale, low-code security automation. Supporting use cases beyond SOAR, Swimlane improves the ease with which security teams can overcome process and data fatigue, as well as chronic staffing shortages. Swimlane unlocks the potential of automation beyond the SOC by delivering a low-code platform that serves as the system-of-record for the entire security organization and enables anyone within the organization to contribute their knowledge and expertise to the protection of the organization.

Read More

SOFTWARE SECURITY

CyCognito and Carahsoft Partner to Deliver Attack Surface Management and Protection Solutions to the Public Sector

CyCognito | December 29, 2021

CyCognito, the leader in external attack surface management and protection, today announced a strategic go-to-market alliance with Carahsoft Technology Corp., the Trusted Government IT Solutions Provider. Under the agreement, Carahsoft will serve as CyCognito’s first Public Sector Distributor. The new relationship expands and deepens CyCognito’s reach across and within the Public Sector through Carahsoft’s NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), OMNIA Partners, National Association of State Procurement Officials (NASPO) ValuePoint, and National Cooperative Purchasing Alliance (NCPA), as well as through Carahsoft’s reseller partners. “Together with our channel partners, CyCognito is using its platform, program and best practices to help the Public Sector establish a stronger security posture and proactively identify, protect and prevent cyberattacks from happening,” says Channel Chief and CyCognito’s Worldwide Sales Leader Lori Cornmesser. Most of today’s cyberattacks continue to intrude through external attack vectors. CyCognito’s innovative platform automates the discovery, multi-factor security testing and risk prioritization of all externally-exposed assets in an organization’s extended IT ecosystem. Once cyber threats are identified, CyCognito orchestrates data sharing to automatically start the remediation process by creating an incident response ticket. The platform integrates its findings and intelligence into existing vulnerability lifecycle management processes through channels such as Slack, PagerDuty, ServiceNow, and several additional platforms. This proven and proactive layer of automated security ensures an organization’s entire attack surface is protected quickly and efficiently when risks are detected. “Empowering organizations to find and eliminate the paths attackers easily exploit is a vital tactic within any surface management and protection strategy,Prevention and remediation must remain top of mind for channel partners and IT decision makers, especially those working within the Public Sector where the stakes are high and the impact of a single breach has the potential to span states, the nation and even the globe.” Rob Gurzeev, Founder and CEO, CyCognito CyCognito and Carahsoft are enabling forward-thinking security value-added resellers (VARs), managed service providers (MSPs), global systems integrators (GSIs) and managed security services providers (MSSPs) with a new and enhanced lineup of SLED and Federal-focused sales and marketing assets. Offered at no charge, these business-building assets are readily available within CyCognito’s partner portal and include how to market, how to pitch and position, and how to demo the technology. “Agencies today are under tremendous pressure to protect their customers from cybercrime,” said Michael Shrader, Vice President of Intelligence and Innovative Solutions at Carahsoft. “CyCognito’s leading platform preempts attacks and helps businesses satisfy key elements of most common security frameworks and regulatory compliance standards. We look forward to working with CyCognito and our reseller partners to help educate and better enable the Public Sector with the knowledge, specialization and technology needed to properly assess their cyber risk and eliminate exposure.” About CyCognito CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure. Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. The Palo Alto-based company is funded by leading Silicon Valley venture capitalists, and its mission is to help organizations protect themselves from even the most sophisticated attackers. It does this with a category-defining, transformative platform that automates offensive cybersecurity operations to provide reconnaissance capabilities superior to those of attackers. About Carahsoft Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, we deliver solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and Engagement, and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles.

Read More

Spotlight

Enterprises are engaged in a constant arms race to defend their assets, and the perception is that the offense is winning. Today, the IT threat environment is more dangerous because it is driven by organized crime looking for large paydays in selling credit cards and valuable information, cybermercenaries capturing intellectual property for economic espionage, lone-wolf hackers who target relatively low-value targets, nation-states looking to disrupt U.S. commerce and government activity, and hacktivists with their various "occupy" and "anti-"agendas

Resources