DATA SECURITY

DigiCert Acquires Mocana, a Known IoT Cybersecurity Provider

DigiCert | January 17, 2022

DigiCert
A leading provider of TLS/SSL, IoT, and other PKI solutions, DigiCert, Inc., announced that it had acquired Internet of Things (IoT) cybersecurity firm Mocana. Crosspoint Capital, Clearlake Capital Group, backs the company. L.P. ("Clearlake"), and TA Associates. The combination of DigiCert and Mocana technologies offers IoT manufacturers and operators a unified platform for controlling security throughout the whole lifecycle of IoT devices. The transaction's terms were not disclosed.

DigiCert's foothold in the fast-growing IoT industry will be strategically accelerated due to the purchase. Organizational investment in IoT platforms for operational efficiency, competitive differentiation, and digital transformation,  according to IDC, will drive growth to more than 55 billion linked devices by 2025.

"IoT security has been a challenge for device manufactures and operators,With the addition of Mocana, DigiCert is building on its vision for delivering digital trust, a growing necessity in the IoT market as smart devices become ubiquitous in every corner of our personal and professional lives. We are excited to introduce new and existing customers to our integrated platform and welcome the addition of Mocana's expertise in IoT technology and the industrial and manufacturing verticals to the DigiCert team."

DigiCert CEO John Merrill

"We have had a strategic partnership with Mocana for years and truly value their contribution to our product portfolio," said James Kline, senior director of program management at ABB Inc. "We are excited about the backing from DigiCert as a global leader in IoT security." 

Customers can use DigiCert and Mocana together to manage device identity, prevent device tampering, secure communications, and remotely and securely upgrade firmware and settings once in the field. This end-to-end platform eliminates security risks and allows digital transformation, which is enabled by the convergence of information technology (IT) and operational technology (OT).

"Mocana is excited to be joining the DigiCert team," said Mocana CTO Srinivas Kumar. "Together, our solutions uniquely solve the challenges of IoT security, from embedding security protections on-chip or at device manufacturing to on-device secure communications and firmware updates once in the field."

Spotlight

Over the years, network security threats have grown in number, type and sophistication. Today's security teams have to protect against advanced persistent threats, stealth bots, targeted application attacks, designer malware and more. The attacks on the network are relentless, and high-profile breaches continue to occur on a regular basis.


Other News
DATA SECURITY

Armis Selects Radware to Deliver Cloud Security for AWS

Radware | December 30, 2021

Radware a leading provider of cyber security and application delivery solutions, today announced that Armis, a leading unified asset visibility and security platform provider, chose Radware’s Cloud Native Protector to safeguard its Amazon Web Services (AWS) environment. This born-in-the-cloud business adopted Radware’s solution to fortify its cloud security posture and identify potential vulnerabilities before they evolved into threats. Armis’ security platform enables companies to safely use and control IoT and other unmanaged devices without fear of compromise by cyberattacks. Armis was looking for a solution that would give its DevOps team full visibility and control of its public cloud environment. The company turned to Radware to make it easier for its team to remotely track assets, supervise access to sensitive resources, and detect suspicious activity. “The Radware team understands that we are a dynamic company with requirements that are constantly changing,” said Roi Amitay, head of DevInfra at Armis. “Radware’s Cloud Native Protector plays an essential role in securing our cloud environment. It helps us see our full cloud picture and focus on what matters most. Radware provides trusted products and support, making this the best solution for our company.” Radware’s solution enhances the visibility and control Armis has over its public cloud environment. It automates manual analysis and notifies Armis about any publicly exposed assets and potential cyberattacks to help the company prioritize its work. “Cloud-native companies like Armis have unique and constantly shifting security requirements that need specialized solutions,Our Cloud Native Protector not only secures Armis’ cloud workloads but also is continually assessing risks and improving visibility and governance of their cloud.” Gilad Barzilay, director of public cloud sales at Radware Radware’s Cloud Native Protector is an agentless solution that provides centralized visibility and reporting for workloads and accounts on AWS and Microsoft Azure. Its intuitive 360-degree centralized dashboard shows alerts across accounts and clouds with risk-prioritized alerting so that security teams know which alert to focus on first. Using a multi-layered approach that covers a wide security posture of the cloud and threats to individual workloads, the solution also identifies and prevents public exposure of public facing assets, cloud security misconfigurations, excessive permissions, and malicious activity in the cloud. About Radware Radware is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.

Read More

DATA SECURITY

Red Hat Unveils New Levels of Security from the Software Supply Chain to the Edge

Red Hat | May 11, 2022

Red Hat, Inc., the world's leading provider of open source solutions, today announced new security innovations and capabilities across its portfolio of open hybrid cloud technologies. Designed to help organizations mitigate risks and meet compliance requirements across increasingly complex IT environments that mix cloud services, traditional systems and edge devices, these enhancements are intended to minimize complexity, while helping customers improve their security posture and enable DevSecOps. According to Red Hat’s 2021 Global Tech Outlook report, 45% of respondents put IT Security as their top funding priority. IT security, however, is not a static demand - regulatory controls, compliance demands and threat actors shift on an almost daily basis, requiring almost constant vigilance from IT security teams. Red Hat has long been a leader in security for enterprise open source solutions, beginning with Red Hat Enterprise Linux, viewing security as a fundamental component and not an add-on. KuppingerCole Analysts recently recognized Red Hat as the Overall Leader in its Leadership Compass for Container Security. According to KuppingerCole’s evaluation, “With a massive market presence and proven expertise in container management, enhanced by the recent acquisition and integration of StackRox, a leading container security company, Red Hat is recognized as the Overall Leader in this Leadership Compass.” With today’s news, Red Hat continues a relentless march of innovation to advance security across hybrid cloud environments—from on-premises to multi-cloud to the edge—across the entire technology lifecycle and software stack. Enhancing software supply chain security Securing applications from development through the entire lifecycle can be complex and frequently requires multiple components to work together. To help simplify the process of implementing security features throughout the complete build, deploy and run process, Red Hat is introducing a software supply chain security pattern. Delivered via Red Hat OpenShift, patterns deliver complete stacks as code and define, build and test the necessary software configurations. Available as a preview, the software supply chain security pattern will bring together the necessary components to architect cloud-native applications from trusted components. The pattern uses a Kubernetes-native, continuously-integrated pipeline through Red Hat OpenShift Pipelines and Red Hat OpenShift GitOps for version control, helping to reduce complexity and save time. Additionally, through Tekton Chains, the pattern will incorporate Sigstore, an open source project aimed at making cryptographic signing of code more accessible. This addition makes it easier for artifacts to be signed in the pipeline itself rather than after application creation. In addition, in Red Hat Ansible Automation Platform 2.2, Red Hat is introducing a technical preview of Ansible content signing technology. The new capability helps with software supply chain security by enabling automation teams to validate that the automation content being executed in their enterprise is verified and trusted. Enhancing application security lifecycle from the datacenter to the edge As organizations adopt cloud-native architectures, the core enterprise needs for hardened environments, lowered attack surfaces and faster detection and response to threats remain. Applications running outside of traditional IT environments, including at the edge, introduce further security requirements that compound these already complex challenges. Beyond the physical security requirements of edge devices, CIOs and IT decision-makers are increasingly seeing a need to protect the container workloads running on these devices. An example could be implementing strategies and capabilities to prevent the lateral movement of potential attacks or breaches across edge deployments. Red Hat Advanced Cluster Security for Kubernetes brings a deployment-ready answer to these concerns, with key capabilities to protect edge workloads, including: Automated DevSecOps in the CI/CD pipeline to help protect the software supply chain for edge environments through vulnerability management, application configuration analysis and CI/CD integration Threat protection provides threat detection and incident response capabilities at runtime for common threats Network segmentation to enforce workload isolation, analyze container communication and detect risky network communication paths Integrated security starts with the operating system In the 2022 Gartner® Board of Directors Survey, 88% of board members classified cybersecurity as a business risk; just 12% called it a technology risk.1 The broad ramifications of a cyber attack or data breach have led to increased scrutiny across IT environments by investors and regulators alike. Fortifying IT environments against these potentially damaging incidents is critical, and Red Hat believes that this effort starts at the foundation, at the operating system level, with Red Hat Enterprise Linux. Red Hat Enterprise Linux 9 lays the foundation for runtime integrity verification of the operating system and application files by providing file digital signatures within RPM packages. The platform uses integrity measurement architecture (IMA) at the kernel level to verify individual files and their provenance. IMA file verification specifically helps to detect accidental and malicious modifications to systems, providing more remediation capabilities for security teams in addressing potential issues or breaches. Additional key security features in Red Hat Enterprise Linux 9 include: Enhanced security around root privileges by disabling root login via SSH by default. This helps to prevent the discovery of root passwords through brute force attacks and improving baseline security postures of an operating environment. Support for latest cryptographic frameworks with the integration of OpenSSL 3. This enables IT teams to enact new ciphers for encrypting and protecting sensitive information. Bolstered security best practices by disabling the cryptographically-broken SHA-1 hash function by default for digital signature, driving improved security hygiene. Additionally, Red Hat and IBM Research are collaborating around expanding the core security aspects of the Linux kernel, such as through support for signing and verifying elliptic curve digital signatures. This work expands the algorithms supported and reduces the size of digital signatures used throughout the Linux kernel. About Red Hat, Inc. Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.

Read More

NETWORK THREAT DETECTION

SecurityScorecard Ignites European Adoption of Security Ratings Through Partnership with Exclusive Networks

SecurityScorecard | April 07, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced a Pan-European exclusive distribution agreement with Exclusive Networks, a global cybersecurity specialist for digital infrastructure, to accelerate adoption of security ratings throughout Europe. The partnership, with Exclusive Networks owned specialist value-added distributor Ignition Technology, enables European organisations to instantly rate, analyze and continuously monitor their security risk, to harden their security postures. "The evolving geopolitical landscape is causing CISOs throughout Europe to reevaluate their cybersecurity postures, requiring them to have greater visibility across their attack surface than ever before. As the threat landscape expands, Exclusive Networks' expertise in helping disruptive cybersecurity solutions like SecurityScorecard breakthrough in EMEA will dramatically scale the number of European organizations that will be able to instantly improve their security postures through much needed data, visibility and insights." Jan Bau, VP, EMEA Sales, at SecurityScorecard SecurityScorecard provides comprehensive security ratings, automated assessments, and guidance from industry experts, providing easy-to-understand A-F graded scorecards for improved communication, effective compliance reporting and more informed decision making. The solution allows organisations to automate and accelerate questionnaire exchange with over 20 compliance survey templates and questionnaires at scale. "Exclusive Networks is focused on meeting customer and partner demand across Europe for the most impactful cybersecurity solutions on the market today," said Sean Remnant, Chief Strategy Officer, Exclusive Networks. "SecurityScorecard provides our network of customers and partners with instant visibility into their security postures and that of their vendors and business partners, to fully understand their true cyber risk." Exclusive Networks is a global trusted cybersecurity specialist for digital infrastructure driving the transition to a totally trusted digital future for all people and organisations. Located in 43 countries, with the ability to service customers in over 170 countries across five continents, Exclusive Networks has a unique 'local sale, global scale' model, combining the extreme focus and value of local independents with the scale and service delivery of a single worldwide distribution powerhouse. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors.

Read More

DATA SECURITY

SecurityScorecard Research Reveals Cyber Vulnerabilities Pose a Threat to U.S. Maritime Security

SecurityScorecard | December 21, 2021

SecurityScorecard, the global leader in cybersecurity ratings, today released a new report on the U.S. shipping industry, "Proactive Security Measures for Global Maritime Shipping." The research found that high severity cyber vulnerabilities pose a big risk to U.S. maritime security, especially ahead of a busy holiday season. In December 2021, SecurityScorecard conducted an analysis of the cybersecurity health of 100 global shipping container companies compared to the Forbes Global 2000 companies, finding that: Overall, the cybersecurity risk posture of the shipping industry was better than the Forbes Global 2000, but the shipping industry did not perform higher in every risk group factor The largest risks to the sector include vulnerabilities in application security, irregular patching cadence, and network security Data breach percentages for shipping container companies increased from 2018 through 2021, indicating that the industry may be an increasingly attractive target for malicious cyber actors during the 2021 winter holiday season Shipping container companies initially did better than the Forbes Global 2000 until April 2020, when high-profile attacks sank the industry average. Since mid-2020, shipping container companies have continued to struggle to build resilience in their cybersecurity and have not yet returned to their pre-2020 breach scores. Global supply shortages and shipping disruptions brought on by the COVID-19 pandemic pose a threat to U.S maritime security and threaten to disrupt the holiday gift-giving season. The maritime shipping network, which is responsible for 90% of the global trade, has gone from being a fast and cost-effective system to one plagued by delays, clogged shipping lanes, and exorbitant prices. "The shipping and maritime industry is already strained and taxed by the pandemic and resulting supply chain backlog,A potential cyber incident in the shipping industry could have catastrophic effects on people and businesses all across the world. This research is a key indicator that the industry should continue to keep a focus on cyber resilience through continuous monitoring." Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard SecurityScorecard continuously monitors millions of entities world-wide, and non-intrusively assesses their security posture across ten risk categories, including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. This instantly delivers an easy-to-understand "A" through "F" security rating. About SecurityScorecard Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

Spotlight

Over the years, network security threats have grown in number, type and sophistication. Today's security teams have to protect against advanced persistent threats, stealth bots, targeted application attacks, designer malware and more. The attacks on the network are relentless, and high-profile breaches continue to occur on a regular basis.

Resources