Noetic Cyber | February 03, 2022
Noetic Cyber, a cloud-based continuous cyber asset management and controls platform, today announced a partnership with autonomous cybersecurity platform company SentinelOne (NYSE:S). This partnership delivers an end-to-end cybersecurity asset management solution that leverages SentinelOne's endpoint and cloud workload telemetry, combined and correlated with information from other information sources, to generate a high-fidelity, continuously updated, multidimensional map of all assets and their cyber relationships.
The current fragmentation of IT management, DevOps and security tools makes it difficult for security teams to see all the assets in the business and to understand the relationships between them. In fact, 71% of global IT leaders admit to finding new endpoints in their environment on a weekly basis. Endpoint and cloud workload telemetry is a vital part of this information, providing high-fidelity, relevant insights into threats and cyber assets. The integration of SentinelOne Singularity XDR and the Noetic platform enables teams to extend the visibility, detection and endpoint insights of SentinelOne into a wider asset inventory and management architecture, maximizing their value.
"We are very excited to be partnering with Noetic Cyber on this integrated solution," said Chuck Fontana, SVP of Business Development, SentinelOne. "There is a significant security challenge in not understanding the cyber risk of all assets in your environment. Together with Noetic, we're able to close that gap and ensure a hygienic cybersecurity environment for organizations across industries."
The SentinelOne Connector for Noetic is an API-based integration. Joint customers install the SentinelOne Connector into the Noetic platform and provide it with API credentials to establish a bi-directional integration between the two platforms. The Noetic platform periodically polls SentinelOne, looking for information indicating new, updated or removed endpoints. This information is ingested, aggregated and correlated with information from other data sources, presented to security teams via innovative graph database technology. Pre-packaged queries and dashboards help analysts to uncover coverage and compliance gaps and hidden risks. The Noetic platform also includes a comprehensive automation workflow engine, which allows security teams to pre-determine corrective action, such as deploying the SentinelOne agent to unprotected machines, triggering a scan or disconnecting a machine from the network.
"Through this innovative partnership with SentinelOne, we are able to jointly address security coverage gaps and automatically correct misconfigured endpoints that could otherwise leave organizations vulnerable,Leveraging the high-fidelity data provided by SentinelOne, Noetic provides unparalleled insights into your cyber assets, identifies security risks and uses automation to continuously close them."
Paul Ayers, CEO of Noetic
SentinelOne's cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform.
About Noetic Cyber
Noetic Cyber enables security teams to make faster, more accurate decisions to detect coverage gaps and reduce cyber risk. The Noetic solution is a cloud-based Continuous Cyber Asset Management & Controls Platform that provides teams with unified visibility of all assets across their cloud and on-premises systems, and delivers continuous, automated remediation to close coverage gaps and enforce security policy. Noetic improves security tools and control efficacy by breaking down existing siloes and improving the entire security ecosystem. Founded in 2019, Noetic is based in Boston and London.
Veracode | March 30, 2022
Veracode, a leading global provider of application security testing solutions, has released new findings that show the public sector has the highest proportion of security flaws in its applications and maintains some of the lowest and slowest fix rates compared to other industry sectors. Analysis of data collected from 20 million scans across half a million applications revealed these sector-specific findings as part of Veracode’s annual report on the State of Software Security (SOSS).
"Public sector policy makers and leaders recognize that dated technology and vast troves of sensitive data make government applications a prime target for malicious actors. That’s why the White House and Congress are working together to update regulations governing cybersecurity compliance. In the wake of May 2021's Executive Order to improve the nation's cybersecurity and protect federal government networks, the U.S. Office of Management and Budget, Department of Defense and the White House have issued four memos addressing the need to adopt zero trust cybersecurity principles and strengthen the security of the software supply chain. Our research confirms this need.”
Chris Eng, Chief Research Officer at Veracode
No Time to Waste: Fix More Flaws Faster
Veracode’s research found that compared to other industries, the public sector has the highest proportion of applications with security flaws, at 82 percent. When it comes to how quickly organizations fix flaws once detected, the public sector posts the slowest times on average—roughly two times slower than other sectors. The research also revealed that 60 percent of flaws in third-party libraries in the public sector remain unfixed after two years, which is double that of other sectors and lags the cross-industry average by more than 15 months. Finally, with only a 22 percent fix rate overall, the public sector is challenged to keep software supply chain attacks from impacting critical state, local, and educational applications.
Eng continued, “Organizations in this sector must act with urgency. They can improve their secure DevOps practices significantly by using multiple types of scanning—static, dynamic, and software composition analysis—to get a more complete picture of an application’s security, which in turn will help them to improve remediation times, comply with industry regulations, and make the case for increasing application security budgets.”
High Severity Flaws Are Priority One
Demonstrating a positive trend, the public sector ranks highly when it comes to addressing high severity flaws. The research reveals that government entities have made great strides to address high severity flaws, which appear in only 16 percent of applications. In fact, the number of high severity flaws has decreased by 30 percent in the last year alone, suggesting that developers in the sector increasingly recognize the importance of prioritizing flaws that present the greatest risks. This is encouraging and may reflect growing understanding of new software security guidelines, such as those outlined in the U.S. Executive Order on Cybersecurity and the U.K. Government Cyber Security Strategy 2022 – 2030.
Eng closed, "Recognizing that time is of the essence, public sector leaders are beginning to set timelines. For example, in “Moving the US Government Toward Zero Trust Cybersecurity Principles”, Shalanda Young has set a deadline of September 30, 2024 for all US federal agencies to meet specific cybersecurity standards. We think that the progress made against high security flaws is a great starting point and support all public sector agencies who seek to gain better control over their software supply chains."
About the State of Software Security Report
The twelfth volume of Veracode’s annual report on the State of Software Security (SOSS) examines historical trends shaping the software landscape and how security practices are evolving along with those trends. This year’s findings are based on the full historical data available from Veracode services and customers and represent a cross-section of large and mid-sized companies, commercial software suppliers, and open-source projects. The report contains findings about applications that were subjected to static analysis, dynamic analysis, software composition analysis, and/or manual penetration testing through Veracode’s cloud-based platform.
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.
Atakama | February 16, 2022
Atakama, the leading encryption company, has partnered with BigID, the leading data intelligence platform, to provide organizations with an integrated, automated approach to discovering and protecting sensitive and critical data.
The integration of Atakama's file encryption solution with BigID's data discovery and classification ensures that organizations can automate well-defined policies to discover, classify, and protect their data. Together, BigID and Atakama make it easy for customers to accelerate governance, reduce risk, protect their sensitive data with advanced encryption, and achieve continuous data compliance.
BigID enables customers to automatically discover, catalog, and classify all types of data and metadata, structured and unstructured. This includes PII, PHI, NPI, IP, and other sensitive, critical, and regulated data. Once the data has been identified, BigID can label and tag data in accordance with the organization's policies. Atakama can read the labels and immediately encrypt files in whichever location the files are stored. The integration of BigID and Atakama provides a powerful and scalable approach to sensitive data discovery and protection across the entire enterprise.
"BigID together with Atakama provides our customers with a seamless, but multi-faceted approach to data security,This partnership takes data protection to another level and will immediately strengthen an organization's security posture through unmatched visibility and control. We're thrilled to have Atakama be an integral technology partner via the BigID App Marketplace as we continue helping organizations meet their data management and security objectives."
Marc DeGaetano, CRO at BigID
"Partnering with BigID is a natural fit given their industry-leading capabilities across discovery and classification," said Scott Glazer, CRO at Atakama. "The ability to discover and protect sensitive data is the cornerstone of a successful cybersecurity program. We're thrilled to be able to work with BigID to deliver the combined solution to our customers via the BigID App Marketplace, who can trust that their data has been properly identified and securely protected."
BigID's data intelligence platform enables organizations to know their enterprise data and take action for privacy, protection, and perspective. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, a Business Insider 2020 AI Startup to Watch, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com.
Atakama is a distributed key management solution that enables granular, file-level encryption without the need for passwords, identity and access controls, centralized servers, or HSMs. Attackers are prevented from accessing any data encrypted by Atakama even when the network or systems are breached. Atakama's distributed architecture has no single point of attack or failure, a security breakthrough that vastly exceeds the status quo for information security. By using Atakama, organizations can prevent file exfiltration, enhance regulatory compliance, secure sensitive information, and enable the cornerstone of a full-fledged zero trust infrastructure.
Rubrik | May 18, 2022
Rubrik, the Zero Trust Data Security™ Company, today announced Rubrik Security Cloud to secure customers’ data, wherever it lives, across enterprise, cloud, and SaaS.
Ransomware is on the rise and cyberattacks are getting more sophisticated. Despite investments in infrastructure security tools, cybercriminals are still getting through to the data. And when they take the data down, they take down the entire business. It’s time for a new approach. The next frontier in cybersecurity pairs the investments in infrastructure security with data security giving companies security from the point of data.
Rubrik is a pioneer in data security and the Rubrik Security Cloud delivers three unique capabilities:
Data Resilience: Safeguards data by providing immutable, logically air-gapped data protection with multi-factor authentication-based access control.
Data Observability: Continuously monitors risks and investigates threats to data including Ransomware Monitoring and Investigation powered by machine learning to detect data anomalies, encryptions, deletions, and modifications; Sensitive Data Monitoring to find and classify the most sensitive data, and assess exfiltration risk; and Threat Monitoring and Hunting to identify indicators of compromise and find the last known clean copy of data.
Data Recovery: Quickly contains threats and recovers data, whether it’s a file, application data or a mass recovery for the entire organization. Rubrik’s new Threat Containment capability quarantines malware and restricts user access to infected data to support safer recovery.
As organizations continue to struggle with cyberattacks that compromise data, Rubrik also launched the Data Security Command Center to easily assess whether data is safe and capable of being recovered from a cyberattack. Now, customers can see which data is at risk and get recommendations to make their data more secure.
“Every company in the world is vulnerable as cybercriminals get more savvy every day. With Rubrik Security Cloud, we are strengthening customers' defenses so they can secure their business across enterprise, cloud, and SaaS workloads. Our data security platform enables our customers to defend their data, recover quickly, and prevail in this new cyber landscape.”
Bipul Sinha, Rubrik CEO and co-founder
“INTEGRIS Health is proud to be the largest not-for-profit health care system in Oklahoma, with eighteen hospitals in our network and more than a million patients that rely on us every year for their health care needs. With the expansive network we support, it’s paramount that our data is resilient, and we maintain a strong data security posture to keep our hospital moving. As a CIO, I believe Rubrik is an important service and helps us provide excellent patient care. As a Rubrik customer, we’re thrilled to see the continued innovation with Rubrik Security Cloud and the company’s ongoing focus on keeping customer data safe and making it easy to recover in the face of cyber-attacks, like ransomware,” said Bill Hudson, CIO of INTEGRIS Health.
"NJ TRANSIT delivered more than a quarter of a billion annual passenger trips before the pandemic and is responsible for our riders’ safety, mobility, and livelihoods every day. It’s imperative that nothing interrupts our business, so we’ve prioritized a strong data security strategy in partnership with Rubrik. We’re committed to the ongoing and necessary work that gives our data resilience and helps us reduce our risk as we face ever evolving, and inevitable, cyber threats,” said Rafi Khan, CISO of NJ TRANSIT.
Research and Development Fuels Additional Capabilities
As part of Data Observability, Sensitive Data Discovery for Microsoft 365 discovers and classifies sensitive data within Microsoft 365 to better assess risk and help maintain compliance with regulations.
These latest integrations build on the joint collaboration between Rubrik and Microsoft. Last year, Rubrik Cloud Vault built on Microsoft Azure was launched to help customers better defend against cyberattacks using a fully managed, secure and isolated cloud vault service. Since launch, Rubrik has seen strong demand for Rubrik Cloud Vault across key industries including Healthcare and Life Sciences, Manufacturing, State and Local Government, and Financial Services as customers build Zero Trust solutions to defend against and recover from ransomware.
“Businesses need a data resiliency strategy to keep their data secure in the face of escalating cyber threats,” said Jurgen Willis, Vice President Microsoft Azure. “Rubrik's Security Cloud, which builds on integrations with Rubrik Cloud Vault and Microsoft Azure, will help customers accelerate their Zero Trust journey.”
Rubrik Security Cloud is available now and new enhancements will be available in the months ahead.
Rubrik, the Zero Trust Data Security™ Company delivers data resilience, data observability, and data recovery for organizations. Rubrik keeps your data safe and easy to recover in the face of cyber attacks and operational failures. Now you can recover the data you need, however and whenever you need it to keep your business running.