DATA SECURITY

Flashpoint Acquires Vulnerability Intelligence Leader Risk Based Security

Flashpoint | January 13, 2022

Flashpoint, the trusted leader in threat intelligence and risk prevention, today announced it has acquired Risk Based Security (RBS), a Richmond, Virginia-based company specializing in vulnerability and data breach intelligence, as well as vendor risk ratings. The integration of RBS’s collections and technology into the Flashpoint platform offers a wide range of cybersecurity practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management teams—the contextual threat intelligence and automation they need to detect, prioritize, and thwart emerging cyber risks rapidly and holistically.

“I am incredibly excited to welcome the RBS team to Flashpoint,This acquisition will enable our clients to rapidly detect critical vulnerabilities before they are widely known, and then automate how they prioritize and remediate these issues. This is a game changer for security teams and represents a vital step towards achieving Flashpoint’s vision of being the single vendor that enterprises can rely on to mitigate all types of security risks and protect critical assets.”

Flashpoint CEO Josh Lefkowitz

Since its founding in 2011, Risk Based Security has partnered with a diverse group of clients, including Microsoft, BlackRock, Northrop Grumman, Swisscom, American Electric Power, Amtrak, and numerous other enterprises across the technology, financial, insurance, and consumer goods sectors. To date, RBS possesses over 90,000 vulnerabilities in its collections that are not assigned CVE IDs and therefore do not exist in the National Vulnerability Database (NVD). RBS’s proprietary technology consistently identifies vulnerabilities before they are commonly known—and maps those vulnerabilities to an enterprise’s software—providing clients with a critical edge and head-start on potential adversaries.

“We’re thrilled to join forces with Flashpoint,” said Jake Kouns, CEO of RBS. “It’s rare to find two organizations so similar in culture with a mutual drive to get things done. Our visions align perfectly, and we are excited to collaborate with them to bring a holistic, risk-based intelligence offering to a broad market.”

AN ASSET-BASED APPROACH TO INTELLIGENCE AND RISK MANAGEMENT
RBS’s extensive vulnerability, data breach, and proprietary vendor risk ratings empower security teams to quickly assess and remediate vulnerabilities based on their unique risk profile—making it the only vulnerability management tool on the market that provides scanless, real-time vulnerability intelligence with vendor and product risk ratings. With this technology, Flashpoint will be able to reveal a customer’s exposure to critical vulnerabilities and supply chain weaknesses, provide contextual awareness into how these vulnerabilities are being exploited by threat actors, and prioritize and automate the actions needed to remediate potential threats.

In light of recent critical vulnerabilities like the highly-publicized disclosure of Log4j, early detection and rapid prioritization of risks is more important than ever. Moving beyond a reactive approach to threats, a combined Flashpoint and RBS solution will drive immediate and differentiated value to all types of security practitioners who are focused on protecting critical assets and infrastructure.

ABOUT FLASHPOINT
Trusted by governments and the Fortune 500, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps and vendor risk management teams—rely on Flashpoint's intelligence platform to proactively identify and mitigate risk and stay ahead of the evolving threat landscape.

ABOUT RISK BASED SECURITY
Risk Based Security (RBS) provides detailed information and analysis on Vulnerability Intelligence, Vendor Risk Ratings and Data Breaches. Our product, the Risk Based Security Platform, combines VulnDB and Cyber Risk Analytics (CRA), providing organizations access to the most comprehensive security intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner.

Spotlight

McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network by using advanced detection and emulation techniques. This next-generation hardware platform scales to speeds of more than 40 Gbps with a single device to meet the needs of demanding networks. For larger enterprise environments that require additional performance, an individual intrusion prevention system (IPS) can be replaced with a cluster of IPS devices, easily scaling to achieve the desired throughput. In this scenario, network traffic is load balanced across the sensor cluster for fast, efficient inspection. In addition, multiple IPS sensors can be easily managed via a single pane of glass for efficiency. This paper describes several load balancing techniques to optimize performance across the sensors.


Other News
DATA SECURITY

Futurex Announces Support for Google Cloud External Key Manager

Futurex | October 12, 2021

Futurex’s key management technology and Google Cloud EKM give customers more control over encryption keys to maximize data security, privacy, and compliance BULVERDE, Texas, October 12, 2021 — Futurex, a leader in hardened, enterprise-class data security solutions, today announced support for Google Cloud External Key Manager (EKM), giving customers more control over encryption keys. Google Cloud EKM gives users full separation between their data and encryption keys, enabling users to create, store, and manage their encryption keys in a third-party key management service (KMS) — such as Futurex’s key management servers (KMES). Users can turn to Futurex KMES Series 3, a FIPS 140-2 Level 3-validated key management enterprise server, or Futurex's VirtuCrypt cloud service to handle all cryptographic key lifecycle management to maximize data security, privacy, and compliance. “We continue to add security and flexibility for Google Cloud users, giving them full control of the location, distribution, and access of their externally-managed keys,” said Bahul Harikumar, Head of Infrastructure Security Partnerships at Google Cloud. “Google Cloud EKM and Futurex give users more security options and more control.” Futurex’s robust key management platform is globally available and highly scalable, providing a versatile, external key service using fully-validated HSM and cloud technology. In addition to solutions for Google Cloud External Key Manager, Futurex’s KMES Series 3 offers: Cloud key management Data protection Public key infrastructure (PKI) Certificate Authority (CA) Code signing Vaultless tokenization Integration with numerous 3rd-party applications and services “Google Cloud’s commitment to encryption is evidenced by its support for external key management partners and we are thrilled to support Google Cloud EKM with our FIPS 140-2 Level 3-validated systems,” said Ryan Smith, vice president, global business development, at Futurex. “Futurex’s centralized encryption makes everything easier by fulfilling multiple key management use cases in a single platform.” Futurex’s Google Cloud EKM can be deployed via Futurex on-premises key management servers, Futurex’s VirtuCrypt Cloud, or an on-premises/cloud hybrid. For more information on Futurex’s support for Google Cloud EKM, visit futurex.com. Google Cloud will be showcasing its Cloud EKM at its Google Cloud Next ‘21 conference, taking place October 12-14, 2021. About Futurex For more than 40 years, Futurex has been a trusted provider of hardened, enterprise-class data security solutions. More than 15,000 organizations worldwide, including financial services providers and corporate enterprises, have used Futurex’s innovative hardware security modules, key management servers, and enterprise-class cloud solutions to address their mission-critical systems, data security, and cryptographic needs. This includes the secure encryption, storage, transmission, and certification of sensitive data. For more information, please visit futurex.com.

Read More

SOFTWARE SECURITY

Guidepost Solutions Acquires Significant Equity Interest in Cybersecurity Solutions Firm Truvantis, Inc.

Guidepost Solutions LLC | March 29, 2022

Guidepost Solutions LLC, a global leader in domestic and international investigations, compliance solutions, monitoring, and security and technology consulting, announced that it has acquired a significant equity stake in Truvantis, Inc., a cybersecurity company formed in 2010. Truvantis provides best-in-class cyber and privacy services to secure infrastructure, data, operations, and products. This strategic partnership allows both Guidepost and Truvantis to offer a wide-ranging suite of cybersecurity solutions and consulting services, at a time when cybersecurity risks are evolving and affecting all business operations. Truvantis is led by its founder and CEO, Andy Cottrell. With more than 25 years of experience in IT and cybersecurity, Cottrell has designed and implemented security solutions, launched innovative security products to market, and helped countless small and large companies improve their security posture. “I am pleased to announce this partnership with Truvantis, as part of our firm’s continued efforts to grow its capabilities and footprint in the cybersecurity arena. We are committed to providing our clients with unique solutions to defend against one of the greatest risks facing their companies – cyber threats. This partnership significantly expands our ability to fulfill that commitment.” Julie Myers Wood, Guidepost Solutions CEO This new alliance enables clients to leverage comprehensive threat, risk, vulnerability management, privacy, and assessment services to protect against a full spectrum of cyber and physical security issues and address a variety of regulatory and business-critical requirements. Today’s companies are faced with an increasing number of requests for independent verification of their cybersecurity and privacy policies and practices. Whether it’s an assessment against a security framework like the NIST CSF, ISO 27001, or CIS Controls, addressing compliance with privacy laws and requirements like the PCI DSS, or preparing for a SOC2 or HITRUST audit, companies are seeking help from highly qualified, credentialed consultants who can help address these complex cybersecurity and privacy challenges. The Guidepost/Truvantis team will afford clients a depth of expertise as well as a breadth of services to address a broad range of risk mitigation needs. “Guidepost Solutions is a leader in investigations, compliance, and physical security consulting and we’re excited to bring these capabilities to our clients to provide comprehensive risk management solutions,” said Andy Cottrell, CEO, Truvantis. “As the market continues to evolve toward consolidated physical, personnel, and cybersecurity management, this partnership enables us to provide the most comprehensive solutions in the market.” Through this investment and partnership, Guidepost Solutions and Truvantis are positioned to enhance cyber and physical security defenses for clients and provide resiliency for their critical systems. Specific security services include risk assessments, security testing, cyber investigations, cybersecurity governance, data protection, privacy consulting, operational security design and project management, vCISO, and remediation services. About Guidepost Solutions LLC Guidepost Solutions is a leader in domestic and international investigations, compliance solutions, monitoring, and security and technology consulting. We work wherever your needs take us – whether on the ground around the globe – or from one of our offices located in Bogotá, Boston, Chicago, Dallas, Honolulu, London, Los Angeles, Miami, New York, Palm Beach, Philadelphia, Phoenix, San Francisco, Seattle, Singapore, Walnut Creek, and Washington, DC. About Truvantis Inc. Truvantis® is a cybersecurity consulting organization providing best-in-class privacy and cybersecurity services to secure your organization’s infrastructure, data, operations, and products. We specialize in helping our customers improve their cybersecurity posture by implementing, testing, auditing, and operating information security programs.

Read More

PLATFORM SECURITY

Cynamics Announces Dedicated Managed Security Service Provider (MSSP) Offering

Cynamics | March 07, 2022

Cynamics, leading provider of AI-driven Network Detection and Response solutions, today announced the release of their new offering which is dedicated for Managed Security Service Providers and Managed Service Providers. The Cynamics Managed Service solution delivers a comprehensive dashboard for Cynamics partners to view all aspects of their Cynamics services across all client networks. This new dashboard represents the next step in the continued evolution of the Cynamics solution and offering. Cynamics teams up with best-in-class partners, offering unhindered network visibility and threat prediction to manage their client's environment. Cynamics unique sample-based approach accompanied with patent-pending and academically acknowledged AI technology allows our partners to predict and detect risk in seconds, responding faster and giving customers the security and granularity, they deserve. "We are grateful for our partnership with Cynamics, as it allows us to offer robust and innovative network visibility to our clients, increasing their overall security posture," said Peter Baur, IT Manager of Metro-INET. "With the rise in cyber threats on municipalities, we were looking for a provider to reduce and mitigate risk. Cynamics makes a big difference in how our customers can protect their networks effectively and gives us a comprehensive view across the entire landscape. Cynamics intuitive dashboard, access to cyber analysts 24/7 and unparalleled level of support have been a key differentiator for us as we focus on connecting our customers to solutions that enable them to operate in a more secure and productive way," Said Baur. The new offering, modeled after the Cynamics Network Blueprint dashboard, lets managed service partners add their client accounts and rapidly connect them to Cynamics, view a summary of the recent activities from all of their clients, and drilling down to each threat detection root-cause analysis and to the respective client dashboard for further details. This dashboard can enhance MSSPs cybersecurity service offering to customers by leveraging Cynamics AI-driven technology and sample-based approach to provide 100% network visibility and threat prediction without requiring installation of an appliance or agent in the customer's network, no matter the network's size or environment. "The Cynamics MSSP offering was designed with our growing managed service customer-base in mind. Our goal was to deliver a dashboard that provides complete visibility across all client accounts in a central pane view that gives MSSPs more services to capture a greater opportunity amongst their customers" said Dr. Aviv Yehezkel, Co-Founder and CTO of Cynamics. "With Cynamics, our managed service partners reduce risk because of the lack of appliances and agents, as well as there are no permissions to the client's network, and no collecting or storing any sensitive or private client information at any time, therefore creating no additional attack surface", said Dr. Yehezkel. The Cynamics MSSP dashboard reduces the burden of managing, configuring and optimizing network security for clients with notoriously convoluted networks, differing environments and complex architectures. Cynamics solution uses proprietary AI and ML technology to enrich threat signals, patterns, and suspicious behaviors by detecting and classifying them in a generalized way which is agnostic to a specific network deployment. The solution autonomously and continuously is learning and improving with each additional deployment. The performance, capabilities and broad visibility offered by Cynamics gives MSSPs an edge in keeping their customers safe in the continuously evolving cybersecurity landscape. About Cynamics Cynamics is the only Next Generation (NG) Cloud Network Detection and Response (NDR) solution on the market today using standard sampling protocols built-in to every gateway, patented algorithms, as well as AI and Machine Learning, to provide threat prediction and visibility at speed and scale. Built to protect networks of all sizes and complexity, its highly scalable approach discovers threats missed by competitors and provides clients and partners with an elite defense against cyberattacks, with little-to-no burden on their resources.

Read More

SOFTWARE SECURITY

Bluum Launches Comprehensive Cybersecurity Offering to Schools

Bluum | June 14, 2022

Bluum, North America's leading education technology solutions provider, recently announced the launch of a comprehensive cybersecurity offering to schools. Cybersecurity needs and solutions for schools have evolved in recent years – even beyond those brought about by hybrid and remote learning – so Bluum responded with security solutions for people, processes and technology. According to the SecurityScorecard 2018 report, education ranks last out of 17 industries in terms of cybersecurity, demonstrating that a legacy solution that only includes a first-generation firewall and antivirus software has long been rendered obsolete. Since 2016, there have been more than 1,300 publicly disclosed attacks in the U.S., which averages out to more than one K-12 cyber incident per school day. More than three million students have been affected by cybersecurity breakdowns since February 2018, with education institutions spending an average of $2.73 million to address the impact of a ransomware attack. "With limited budgets, highly skilled IT personnel and time, K-12 organizations are hard-pressed to create a solid cybersecurity plan. "Cybersecurity is an incredibly technical and extensive area in IT that is rapidly evolving and needs to stay ahead of ever-evolving attack methods. Historically, school IT budget constraints have resulted in ineffective and outdated systems, so Bluum has developed comprehensive countermeasures to fill that void." Bluum Vice President of Product Strategy and Growth Andre Vashilko Whether cybersecurity incidents are caused externally or self-inflicted, Bluum can assist in preventative measures before, during and after the incidents and attacks. To get started, Bluum has debuted easy-to-use services to help schools assess their cybersecurity needs and identify immediate and future solutions. Vulnerability scans and penetration testing will detect critical areas of concern and exposure in the infrastructure, while a complementary customer survey will provide further insights into a school's specific needs. About Bluum Bluum empowers educators with technology solutions that improve learning and make it more accessible, assisting more than 27 million students grow and flourish.

Read More

Spotlight

McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network by using advanced detection and emulation techniques. This next-generation hardware platform scales to speeds of more than 40 Gbps with a single device to meet the needs of demanding networks. For larger enterprise environments that require additional performance, an individual intrusion prevention system (IPS) can be replaced with a cluster of IPS devices, easily scaling to achieve the desired throughput. In this scenario, network traffic is load balanced across the sensor cluster for fast, efficient inspection. In addition, multiple IPS sensors can be easily managed via a single pane of glass for efficiency. This paper describes several load balancing techniques to optimize performance across the sensors.

Resources