DECK 7 INTERVIEWS SANGRAM VAJRE, CO-FOUNDER & CHIEF EVANGELIST AT TERMINUS

DECK7 | January 13, 2020

DECK 7 is proud to present an exciting interview with the Co-Founder & Chief Evangelist at Terminus, Sangram Vajre. He is an author, keynote speaker, 3x CMO, host of the daily #FlipMyFunnel podcast, entrepreneur and category maker. Sangram has been a driving force behind the success of Terminus and building the ABM subcategory of marketing technology. Before co-founding Terminus, Sangram was Head of Marketing at Pardot through its acquisition by ExactTarget and then Salesforce. A contributing columnist for Inc., he wrote the book, "Account-Based Marketing For Dummies" and is the mastermind behind #FlipMyFunnel, a B2B podcast series that has now over 500 episodes and continues to rate in the top 50 business podcasts.

Spotlight

Bad guys, outsiders and insiders alike, know that traditional security tools work on basic thresholds and understand repetitive attempts to steal sensitive data raises red flags. They keep their activity slow enough with low volume, exfiltrating small amounts of data over time, to stay under the radar. UEBA identifies these types of reoccurring behaviors and notifies investigators immediately! Someone assigned to a specific role or group accesses data that’s not necessary for them to do their job. The person attempts to mask the activity within the noise of the group, hoping to go unseen. UEBA detects those behaviors and alerts investigators.


Other News
NETWORK THREAT DETECTION

SilverSky Announces Acquisition of Cygilant, Gains UK Presence and Renowned Data Research Talent

SilverSky | January 11, 2022

SilverSky, a cybersecurity innovator offering powerful managed detection and response (MDR) services, today announced it completed the acquisition of Burlington, Massachusetts-based Cygilant. As a leading cybersecurity-as-a-service provider, Cygilant operates a security operation center (SOC) in Belfast, Northern Ireland and also boasts some of the world's most notable Ph.D.-level talent focused on cybersecurity, advanced networks and data science. The addition of Cygilant's UK-based delivery center complements the current SilverSky footprint in Asia and North America while expanding SilverSky's access to European markets. In October 2021, SilverSky announced that ITOCHU International, Inc., the North American flagship company of Tokyo-based ITOCHU Corporation, made a strategic investment of $31.5 million in SilverSky. Additionally, in August 2021, SilverSky announced the completed acquisition of New Jersey-based Advanced Computer Solutions Group, LLC (ACSG) which added a notable customer base within the U.S. education sector and marked the company's first acquisition in a series of planned growth opportunities. "Alongside our recent growth-related announcements, this acquisition of Cygilant, a cybersecurity-as-a-service and threat-intelligence powerhouse, helps to further galvanize our efforts to globally expand the SilverSky presence as well as retain and nurture some of the industry's best cybersecurity and data science talent," said Richard Dobrow, CEO at SilverSky. "Cygilant shares our commitment to rich-service offerings that are unmatched in the industry. We're pleased to welcome the Cygilant team and their customers." "We are excited to join SilverSky,This represents a significant next-chapter of the Cygilant journey, as our innovative SOC capabilities and deep bench of cybersecurity expertise are combined with one of the industry's most comprehensive MDR offerings. The outcome for our customers will be access to the collective set of broader managed services that will continue to enrich their cyber protections and strengthen their security posture." Rob Scott, CEO and President at Cygilant who will be joining SilverSky as its Chief Strategy Officer About SilverSky Organizations of all sizes face the same cybersecurity threats, compliance mandates, and business risk as Fortune 500 companies. SilverSky levels the playing field and enables companies, regardless of their size, to access enterprise-grade cybersecurity to meet regulatory requirements, proactively respond to threats, and rapidly reduce risk. SilverSky offers one of the most comprehensive managed detection and response (MDR) solutions in the industry. Delivered as a managed services model, SilverSky MDR makes powerful cybersecurity simple, affordable, and accessible to organizations of all sizes and across industries. Customer environments are monitored 24x7x365 by highly skilled security operations analysts in SilverSky SOCs, which were developed based on military-grade security and are powered by the latest integrated technology. SilverSky has more than 20 years of operational cybersecurity success defending thousands of customers in some of the most demanding industry sectors.

Read More

SOFTWARE SECURITY

CyCognito and Carahsoft Partner to Deliver Attack Surface Management and Protection Solutions to the Public Sector

CyCognito | December 29, 2021

CyCognito, the leader in external attack surface management and protection, today announced a strategic go-to-market alliance with Carahsoft Technology Corp., the Trusted Government IT Solutions Provider. Under the agreement, Carahsoft will serve as CyCognito’s first Public Sector Distributor. The new relationship expands and deepens CyCognito’s reach across and within the Public Sector through Carahsoft’s NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), OMNIA Partners, National Association of State Procurement Officials (NASPO) ValuePoint, and National Cooperative Purchasing Alliance (NCPA), as well as through Carahsoft’s reseller partners. “Together with our channel partners, CyCognito is using its platform, program and best practices to help the Public Sector establish a stronger security posture and proactively identify, protect and prevent cyberattacks from happening,” says Channel Chief and CyCognito’s Worldwide Sales Leader Lori Cornmesser. Most of today’s cyberattacks continue to intrude through external attack vectors. CyCognito’s innovative platform automates the discovery, multi-factor security testing and risk prioritization of all externally-exposed assets in an organization’s extended IT ecosystem. Once cyber threats are identified, CyCognito orchestrates data sharing to automatically start the remediation process by creating an incident response ticket. The platform integrates its findings and intelligence into existing vulnerability lifecycle management processes through channels such as Slack, PagerDuty, ServiceNow, and several additional platforms. This proven and proactive layer of automated security ensures an organization’s entire attack surface is protected quickly and efficiently when risks are detected. “Empowering organizations to find and eliminate the paths attackers easily exploit is a vital tactic within any surface management and protection strategy,Prevention and remediation must remain top of mind for channel partners and IT decision makers, especially those working within the Public Sector where the stakes are high and the impact of a single breach has the potential to span states, the nation and even the globe.” Rob Gurzeev, Founder and CEO, CyCognito CyCognito and Carahsoft are enabling forward-thinking security value-added resellers (VARs), managed service providers (MSPs), global systems integrators (GSIs) and managed security services providers (MSSPs) with a new and enhanced lineup of SLED and Federal-focused sales and marketing assets. Offered at no charge, these business-building assets are readily available within CyCognito’s partner portal and include how to market, how to pitch and position, and how to demo the technology. “Agencies today are under tremendous pressure to protect their customers from cybercrime,” said Michael Shrader, Vice President of Intelligence and Innovative Solutions at Carahsoft. “CyCognito’s leading platform preempts attacks and helps businesses satisfy key elements of most common security frameworks and regulatory compliance standards. We look forward to working with CyCognito and our reseller partners to help educate and better enable the Public Sector with the knowledge, specialization and technology needed to properly assess their cyber risk and eliminate exposure.” About CyCognito CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure. Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. The Palo Alto-based company is funded by leading Silicon Valley venture capitalists, and its mission is to help organizations protect themselves from even the most sophisticated attackers. It does this with a category-defining, transformative platform that automates offensive cybersecurity operations to provide reconnaissance capabilities superior to those of attackers. About Carahsoft Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, we deliver solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and Engagement, and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles.

Read More

DATA SECURITY

HITRUST i1 Assessment control selection leverages security best practices, threat intelligence

HITRUST | December 18, 2021

HITRUST today announced it is addressing the need for a continuously-relevant cybersecurity assessment that aligns and incorporates best practices and leverages the latest threat intelligence to maintain applicability with information security risks and emerging cyber threats, such as ransomware. The design and selection of the controls for the HITRUST Implemented 1-year (i1) Assessment puts it in a new class of information security assessment that is threat-adaptive – designed to maintain relevance over time as threats evolve and new risks emerge, while retiring controls no longer deemed material. Most existing assessment approaches are not designed to keep pace with current and emerging threats; those that do, rely heavily on broad control requirements that raise questions about suitability of control and consistency of review that ultimately impact reliability of results. In contrast, HITRUST identifies information security controls relevant to mitigating known risks and leverages cyber threat intelligence data to influence the selection – and where necessary, updating – of technically-focused HITRUST CSF requirements included in the HITRUST i1 Assessment. As a result, the HITRUST i1 Assessment includes controls selected to address emerging cyber threats active today. “The HITRUST i1 Assessment is unique in both selection of controls and the design of its assurance program. Effort towards completion is comparable to other moderate assurance vehicles while delivering a higher level of reliability,” Jeremy Huval, HITRUST Chief Innovation Officer The HITRUST i1 Assessment is the first information security assessment of its kind with attributes not available through other assurance programs: Designed to maintain relevant control requirements to mitigate existing and emerging threats and provide updates as new threats are identified (It is threat-adaptive, prescriptive, and focused on controls relevant to risk) Designed to sunset controls that have lost relevance and have limited assurance value based on effort required to comply or assess Its unique controls selection and assurance program design deliver a higher level of reliability than other moderate assurance options The level of time and effort to complete is comparable to other moderate assurance options in the market Offers a forward-looking, 1-year certification As the HITRUST i1 was designed around relevant information security risks and emerging cyber threats, it is not surprising it provides coverage for numerous standards, such as NIST 800-171, GLBA Safeguards Rule, HIPAA Security Rule, and Health Industry Cybersecurity Practices (HICP). HITRUST will evaluate security controls and review threat intelligence data no less than quarterly, and for each subsequent major and minor release of the HITRUST CSF, to ensure the HITRUST i1 Assessment requirement selection remains relevant over time. Guidance documents will also drive enhancements to the HITRUST CSF and HITRUST i1 Assessment control sets as needed. While the HITRUST i1 Assessment is intended to adapt and evolve to maintain relevance, it’s important to note that HITRUST i1 Assessment certified organizations will not be impacted by changes to the HITRUST i1 Assessment control requirements until their next HITRUST assessment cycle. HITRUST is hosting a webinar at 11 a.m. CT on Thursday, February 3, 2022, to discuss the HITRUST Implemented 1-year (i1) Assessment in more detail. To register, and for more information, click here: Next Generation HITRUST Information Security Assessment Focuses on Continuous Cyber Relevance About HITRUST Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies.

Read More

ENTERPRISE SECURITY

CyberRes Completes Acquisition of Debricked to Further Expand Software Supply Chain Security

CyberRes | March 15, 2022

CyberRes, a Micro Focus line of business, today announced the acquisition of Debricked, a developer-centric open source intelligence company aimed at innovating how organizations secure their software supply chain for today and the future. The addition of the cloud-native software composition analysis platform and AI/ML capabilities further drive CyberRes' strategy in the future of software resilience and DevSecOps. These aligned capabilities, combined with their vision of how developers evaluate, consume, and secure open-source components customized to their organization's need, make Debricked an extremely valuable addition to CyberRes' application security portfolio. "Nearly 90 percent of companies are developing software using open source components to accelerate their development speed to keep pace with business demands, which comes with accelerated risk," said Tony de la Lama, VP Product Management. "Our aim is to invest in and build solutions that allow organizations to secure their applications while maintaining the speed of development. Debricked is uniquely positioned in the market with their portfolio of solutions to address open source security and adds to an already robust portfolio in CyberRes to secure the software supply chain." Debricked's SaaS solution enables more intelligent selection of open source while drastically reducing the risks typically associated with it, both core requirements of modern DevSecOps programs. The service runs on state-of-the-art machine learning which enables the data quality to be extremely accurate as well as instantly updated whenever a new vulnerability is discovered. High precision, combined with developer focused UX and unique abilities to customize the service to your company's needs, makes Debricked unique in the world of open source security and positioned for accelerated growth. "We are excited at becoming a part of Micro Focus and CyberRes. Combining our team with such an industry-leading organization enables us to accelerate Debricked's journey toward our vision of making it easier for companies to use open source securely. We are also excited at the opportunity to present our customers with a full scale, robust security offering." Debricked CEO and co-founder Daniel Wisenhoff Key attributes of Debricked technologies include: Open Source Intelligence: With their latest innovation, Open Source Select, Debricked aims to make searching and comparing open source packages faster. By providing an in-depth analysis of the community health and offering contextualization, developers can make much more informed decisions. Security Vulnerabilities: Continuously and automatically identify, fix and prevent vulnerabilities in open source dependencies. Scan at every commit and get notified when new vulnerabilities appear. License Compliance: Ensure and maintain open source compliance with automated and enforceable pipeline rules, along with enabling creation of software bill of materials (SBOMs). Calculate risk levels for your repositories based on intended use. CyberRes is aimed at building the most complete portfolio that helps enterprises prepare for, respond to, and recover from cyber threats. With this acquisition, Micro Focus continues to show strong commitment and continued investment to Security and the ability to help customers and partners improve their cyber resilience posture. This additional investment includes a series of acquisitions made over the last two years, which strengthen our robust portfolio of security solutions, all focused on delivering business and technical outcomes to support cyber resilience. The latest example of how these investments come together is the recent launch of Galaxy, an immersive cyber threat experience built for CISOs and analysts. About CyberRes CyberRes is a Micro Focus line of business. We bring the expertise of one of the world's largest security portfolios to help our customers navigate the changing threat landscape by building both cyber and business resiliency within their teams and organizations. CyberRes is part of a larger set of digital transformation solutions that fight adverse conditions so businesses can continue to run today, keep the lights on, and transform to grow and take advantage of tomorrow's opportunities.

Read More

Spotlight

Bad guys, outsiders and insiders alike, know that traditional security tools work on basic thresholds and understand repetitive attempts to steal sensitive data raises red flags. They keep their activity slow enough with low volume, exfiltrating small amounts of data over time, to stay under the radar. UEBA identifies these types of reoccurring behaviors and notifies investigators immediately! Someone assigned to a specific role or group accesses data that’s not necessary for them to do their job. The person attempts to mask the activity within the noise of the group, hoping to go unseen. UEBA detects those behaviors and alerts investigators.

Resources