NETWORK THREAT DETECTION

Detectify Teams up with Hackers for Change to Benefit Security and Ethical Hacking Communities, Bolster Security for Non-profit Organizations

Detectify | August 19, 2021

Detectify, the SaaS security company powered by ethical hackers, today announced its partnership with Hackers for Change. The collaboration will equip non-profit organizations with the tools required to strengthen security and decrease the likelihood of cyber-attacks, supporting the mission of Hackers for Change to provide charities and nonprofits with industry-quality cybersecurity services at no cost. By combining each organizations' experience and hacking knowledge, the partnership aims to better serve customers and positively impact the security and ethical hacking communities.

Charities and non-profit organizations are becoming increasingly susceptible to cyber-attacks as cybercriminals seek to access and exploit their massive datasets. According to one report, 26 percent of charities experienced a cyber-attack or breach last year. As philanthropies collect more data, there is a growing need for nonprofits to stay ahead of cyber criminals and protect confidential information. However, many nonprofits lack the financial resources required to properly secure their networks.

This is where Hackers for Change comes in. The Toronto-based volunteer-operated organization provides other charities and nonprofits with industry-quality cybersecurity services for free. In doing so, Hackers for Change also trains Canada's next generation of cybersecurity professionals, making the digital community more resilient. For individuals seeking employment in the security industry, a lack of formal work experience can be a significant barrier to entry. By volunteering with Hackers for Change, volunteers not only gain invaluable hands-on work experience to jumpstart their careers, but also make a positive social impact on the community.

Partnering for a stronger community
"By teaming up with Hackers for Change, we're helping nonprofits improve their security posture while simultaneously sharing knowledge between us that will benefit customers, hacker volunteers linked to Hackers for Change, and the security industry overall," said Rickard Carlsson, co-founder and CEO at Detectify. "Collaboration is essential within the security space, and by marrying our strengths, we can't wait to see what strides we can make together."

Detectify's web application scanner, Deep Scan, lets non-profit organizations stay on top of critical patching; a vital component to improving security posture. Deep Scan allows organizations to automatically scan custom-built apps, find critical security vulnerabilities, and strengthen web application security with automated security findings sourced from leading ethical hackers that make up the Detectify Crowdsource community. In addition to empowering nonprofits to find, fix, and prevent critical security vulnerabilities, Deep Scan also helps determine which vulnerabilities to prioritize and provides remediation guidance.

About Detectify
At Detectify, we believe that world-class cybersecurity knowledge should be accessible to everyone. Detectify automates the latest security findings from leading ethical hackers and brings it into the hands of security defenders and web application teams. Powered by a network of handpicked ethical hackers, Detectify's security solutions check your application beyond the OWASP Top 10 and helps you stay on top of threats in the cloud.

Spotlight

As information has transformed into a huge business asset for modern companies, it has come at a price: Data is now a target for hackers seeking sensitive information about enterprises and their customers. This new online data security focus has forced businesses to invest in resources that protect trade secrets and other company information. At the same time, ensuring personal privacy has become a top concern for consumer advocates, and data security initiatives sometimes infringe on personal information protection measures. For companies to be successful in the digital age, GRC resources must walk the fine line between adequate cybersecurity and privacy protection for both employees and customers. In this handbook, learn the latest data governance strategies to help organizations strike this balance necessary to protect both corporate and personal information.


Other News
DATA SECURITY

Flashpoint Acquires Vulnerability Intelligence Leader Risk Based Security

Flashpoint | January 13, 2022

Flashpoint, the trusted leader in threat intelligence and risk prevention, today announced it has acquired Risk Based Security (RBS), a Richmond, Virginia-based company specializing in vulnerability and data breach intelligence, as well as vendor risk ratings. The integration of RBS’s collections and technology into the Flashpoint platform offers a wide range of cybersecurity practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management teams—the contextual threat intelligence and automation they need to detect, prioritize, and thwart emerging cyber risks rapidly and holistically. “I am incredibly excited to welcome the RBS team to Flashpoint,This acquisition will enable our clients to rapidly detect critical vulnerabilities before they are widely known, and then automate how they prioritize and remediate these issues. This is a game changer for security teams and represents a vital step towards achieving Flashpoint’s vision of being the single vendor that enterprises can rely on to mitigate all types of security risks and protect critical assets.” Flashpoint CEO Josh Lefkowitz Since its founding in 2011, Risk Based Security has partnered with a diverse group of clients, including Microsoft, BlackRock, Northrop Grumman, Swisscom, American Electric Power, Amtrak, and numerous other enterprises across the technology, financial, insurance, and consumer goods sectors. To date, RBS possesses over 90,000 vulnerabilities in its collections that are not assigned CVE IDs and therefore do not exist in the National Vulnerability Database (NVD). RBS’s proprietary technology consistently identifies vulnerabilities before they are commonly known—and maps those vulnerabilities to an enterprise’s software—providing clients with a critical edge and head-start on potential adversaries. “We’re thrilled to join forces with Flashpoint,” said Jake Kouns, CEO of RBS. “It’s rare to find two organizations so similar in culture with a mutual drive to get things done. Our visions align perfectly, and we are excited to collaborate with them to bring a holistic, risk-based intelligence offering to a broad market.” AN ASSET-BASED APPROACH TO INTELLIGENCE AND RISK MANAGEMENT RBS’s extensive vulnerability, data breach, and proprietary vendor risk ratings empower security teams to quickly assess and remediate vulnerabilities based on their unique risk profile—making it the only vulnerability management tool on the market that provides scanless, real-time vulnerability intelligence with vendor and product risk ratings. With this technology, Flashpoint will be able to reveal a customer’s exposure to critical vulnerabilities and supply chain weaknesses, provide contextual awareness into how these vulnerabilities are being exploited by threat actors, and prioritize and automate the actions needed to remediate potential threats. In light of recent critical vulnerabilities like the highly-publicized disclosure of Log4j, early detection and rapid prioritization of risks is more important than ever. Moving beyond a reactive approach to threats, a combined Flashpoint and RBS solution will drive immediate and differentiated value to all types of security practitioners who are focused on protecting critical assets and infrastructure. ABOUT FLASHPOINT Trusted by governments and the Fortune 500, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps and vendor risk management teams—rely on Flashpoint's intelligence platform to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. ABOUT RISK BASED SECURITY Risk Based Security (RBS) provides detailed information and analysis on Vulnerability Intelligence, Vendor Risk Ratings and Data Breaches. Our product, the Risk Based Security Platform, combines VulnDB and Cyber Risk Analytics (CRA), providing organizations access to the most comprehensive security intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner.

Read More

SOFTWARE SECURITY

Thrive Integrates SOAR Technology into their Security Operations to Enhance Real-Time Cyber Threat Detection

Thrive | May 20, 2022

Thrive, one of the leading Managed Security Services Providers (MSSPs) in the world, has made a significant investment to upgrade their 24x7x365 eyes-on-glass Security Operation Center (SOC) by integrating a Security Orchestration, Automation, and Response (SOAR) engine. The SOAR capabilities will enable the Thrive global security team to better navigate today's complex, risk-laden environment for clients via tool aggregation and coordinated response, unified operations, reduced alert fatigue, and Artificial Intelligence (AI). This will result in a significant reduction of incident response times for client threats and provide higher quality information for the Thrive SOC to combat intricate cyber risks in real time. By 2025, the amount lost to cyber theft is expected to reach $10.5 trillion annually, which is the single greatest transfer of wealth in history, according to a report from AT&T. These glaring statistics indicate why cybersecurity has become imperative in the world of commerce. "Cybersecurity threats and vulnerabilities are constantly multiplying, due to not only more sophisticated social engineering but also a rise in micro-ransomware incidents, That means vigilance against attacks of all kinds must also evolve. Incorporating a SOAR into our robust global security operations unit will allow Thrive clients to have a stronger defense system in place against cybersecurity attacks and enable our team to respond more expeditiously to any issues should they arise." Mike Gray, CTO of Thrive Thrive's integrated managed cybersecurity solutions provide a proactive and expert approach to security management for identifying and remediating security issues. Powered by next-gen technology, proven frameworks and service-driven experts, Thrive's unified cybersecurity platform enables Thrive's 24x7x365 SOC to automatically address critical security issues without client intervention. By creating a stress-free experience that solves for the technical complexity and talent shortage mid-market enterprises face, Thrive's cybersecurity solutions fortify the digital transformation initiatives that propel business growth. About Thrive Thrive is a leading provider of NextGen managed services designed to drive business outcomes through application enablement and optimization. The company's Thrive5 Methodology utilizes a unique combination of its Application Performance Platform and strategic services to ensure each business application achieves peak performance, scale, uptime, and the highest level of security.

Read More

WEB SECURITY TOOLS

Star Atlas Launches Initiative to Establish Web3 Security Framework

Star Atlas | May 25, 2022

Star Atlas, a next-gen metaverse with triple-A game design and Unreal Engine 5 graphics built on the Solana blockchain, today announced an expanded focus on security to ensure consumer protection and digital safety in the metaverse. This multi-pronged initiative includes signing Kudelski Security, the cybersecurity division of the Kudelski Group - the world leader in digital security, and the forefront leader in providing security solutions for major blockchain-based applications, exchanges, and ecosystems - as its security partner. Kudelski Security will perform ongoing audits and analysis to help ensure the integrity of the Star Atlas metaverse is maintained and both partners will work together to explore setting standards for web3 security. "We are pleased to partner with the team at Kudelski Security to advance the digital security of our fast-expanding metaverse," said Michael Wagner, Co-Founder and CEO of ATMTA, Inc., the principal development studio of Star Atlas. "We understand there is a lot of skepticism when it comes to web3 and security, so we want to be proactive by partnering with one of the top cybersecurity firms to help make sure our community feels safe. Protection of assets is paramount, and we look forward to working with Kudelski Security to establish the best practices for security when it comes to web3 gaming." As security auditor of record, Kudelski Security will increase the safety and security of the Star Atlas metaverse by testing the protocols and looking for potential vulnerabilities to be addressed. Star Atlas players will have greater assurance that the metaverse has been built securely and tested rigorously, and that Star Atlas has taken the necessary action to become the leader in the web3 space when it comes to security. The relationship with Kudelski Security goes beyond the hardening of the Star Atlas environment. Star Atlas is looking to expand collaborations with the wider Group to focus on new standards that can help to transition companies and projects into web3, including security standards, tokenization, and best practices in web3 gaming. By developing standard technology and processes that enable safe and secure on-chain gaming, players will be protected from the hacks that currently plague web3 and some of the main barriers to wider stakeholder adoption will be lowered. "Web3 is growing rapidly, and we are seeing more need for developing a security standard that is adopted across the industry to act as a framework. This is why we are excited to partner with a native web3 leader like Star Atlas and to come together to solve potential security issues before they arise." Andrew Howard, CEO of Kudelski Security In addition to Kudelski Security's blockchain and cybersecurity experience, the Kudelski Group is recognized as global leaders in digital security – with specialized expertise in encryption, anti-piracy, watermarking, cryptography, and digital rights management. Executives from Star Atlas, the Kudelski Group, Kudelski Security, and NAGRA Kudelski are meeting during the World Economic Summit in Davos, Switzerland, to further discuss establishing a framework for securing the web3 ecosystem. ABOUT STAR ATLAS Star Atlas is a next-gen gaming metaverse emerging from the confluence of state of the art blockchain, real-time graphics, multiplayer video game, and decentralized financial technologies. Real-time graphics technology using Unreal Engine 5's Nanite allows for cinematic quality video game visuals. Blockchain technology using the Solana protocol establishes a largely serverless and secured gameplay experience. Non-fungible tokens obtained and traded within Star Atlas creates an economy that replicates the tangibility of real world assets and ownership.

Read More

DATA SECURITY

Axonius Unveils SaaS Management Solution to Combat Complexity, Cost, and Risk

Axonius | January 20, 2022

Axonius, the leader in cybersecurity asset management, today unveiled Axonius SaaS Management, a new comprehensive solution that helps security, IT, finance, and risk teams control the complexity, cost, and risk of software as a service (SaaS) with a single source of truth into their SaaS application landscape. As businesses rapidly increase consumption of SaaS applications, they face acute IT, security, and business challenges. The rate of SaaS adoption makes manual approaches to gaining a credible SaaS asset inventory woefully inadequate and exposes extremely difficult visibility challenges into both known and unknown SaaS applications. Compounding these visibility challenges, companies struggle to identify how data flows between apps, manage a myriad of configurations, and close security gaps, as well as track licensing and spend, across hundreds sometimes thousands of SaaS applications. Axonius SaaS Management lets customers address the operational and financial challenges of SaaS asset management, as well as the security and risk gaps, all via a seamless, nonintrusive deployment that delivers actionable insights from day one. This is the first product delivered by AxoniusX, the company’s innovation-focused business unit that launched in June 2021. “Over the past few years, we’ve seen tools emerge that address some aspects of SaaS management from either the business side or SaaS security posture management, but these approaches still leave companies with gaps in visibility and siloed information,We’ve built on our unique approach to cybersecurity asset management to deliver the same results for SaaS applications. With our rich history in building and maintaining API integrations with SaaS solutions, Axonius has the expertise and market traction to bring massive value to organizations struggling with the complexity of modern apps and infrastructure.” Amir Ofek, CEO and co-founder of AxoniusX Axonius SaaS Management uses adapters (API connections to data sources) and proprietary SaaS discovery tools to create a detailed inventory of all SaaS applications, permissions, and data flows. By connecting to all layers of the SaaS application stack, the solution discovers both the SaaS applications known to and sanctioned by organizations as well as shadow and unmanaged apps. This approach provides comprehensive visibility into all data types and interconnectivity flows, identifies misconfigurations and data security risks, and delivers actionable insights for better IT management and cost optimization. Axonius SaaS Management integrates with Axonius Cybersecurity Asset Management to provide a comprehensive platform that unifies all digital assets from SaaS apps to devices, user accounts, cloud assets, and more so customers can easily and effectively control complexity across the entire IT environment. About Axonius Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world.

Read More

Spotlight

As information has transformed into a huge business asset for modern companies, it has come at a price: Data is now a target for hackers seeking sensitive information about enterprises and their customers. This new online data security focus has forced businesses to invest in resources that protect trade secrets and other company information. At the same time, ensuring personal privacy has become a top concern for consumer advocates, and data security initiatives sometimes infringe on personal information protection measures. For companies to be successful in the digital age, GRC resources must walk the fine line between adequate cybersecurity and privacy protection for both employees and customers. In this handbook, learn the latest data governance strategies to help organizations strike this balance necessary to protect both corporate and personal information.

Resources