DATA SECURITY

Google Announces Cybersecurity Action Team to Support the Security Transformations of Public and Private Sector Organizations

Cybersecurity Action Team | October 13, 2021

Google announced the Google Cybersecurity Action Team. Made up of experts from across the company, the Google Cybersecurity Action Team will be the world's premier security advisory team with the singular mission of supporting the security and digital transformation of governments, critical infrastructure, enterprises and small businesses.

To deliver on this mission, the Google Cybersecurity Action Team will provide:

  • Strategic advisory services for customers' security strategies, including transformation workshops and educational content. This function will advise customers on the structure of their digital security transformation and provide program management and professional services support.
  • Trust and compliance services that map our global compliance certifications to industry control frameworks, enabling customers to simplify their compliance journey.
  • Security customer and solutions engineering that deliver proven blueprints and architectures for deploying Google Cloud products and services securely and in accordance with regulatory requirements, as well as comprehensive solutions for autonomic security operations, cyber resilience and more.
  • Threat intelligence and incident response services, which include threat briefings, preparedness drills, incident support and rapid response engagements to stay on top of the evolving security landscape.

The vision of this team is to guide customers through the cycle of security transformation - from their first transformation roadmap and implementation, through increasing their cyber-resilience preparedness for potential events and incidents, and engineering new solutions as requirements change. This effort will begin within Google Cloud, building on our close partnerships with organizations of all sizes, and will evolve to bring Google security to more organizations as it progresses.

"Cybersecurity is at the top of every C-level and board agenda, given the increasing prominence of software supply chain exploits, ransomware, and other attacks. To address these unprecedented security challenges facing organizations in every industry today, we are announcing the creation of the Google Cybersecurity Action Team," said Thomas Kurian, CEO of Google Cloud. "The Google Cybersecurity Action Team is part of our ongoing commitment to be the best partner for our enterprise and government customers along their security transformation journey."

Recent attacks like USAID, Colonial Pipeline, and Solarwinds all speak to a major shift in the needs of threat protection. In August, Google dedicated $10 billion over the next five years to strengthen cybersecurity, including expanding zero trust programs, securing software supply chain frameworks, enhancing open-source security and strengthening the digital security skills of the American workforce. The Google Cybersecurity Action team is one of our efforts under these commitments.

"The Cybersecurity and Infrastructure Security Agency (CISA) recently established the Joint Cyber Defense Collaborative (JCDC). This initiative will unite government and private sector entities to enhance efforts to prevent and respond to malicious cyber activity against the nation's critical infrastructure," said CISA Director Jen Easterly. "It's great to see a large company like Google Cloud orient itself to support the cybersecurity of all organizations large and small through its Cybersecurity Action Team, and as part of the JCDC and other initiatives, we look forward to partnering with them and other tech companies in this vital effort."

"Google Cloud has been a critical partner in the BBVA security journey, helping us protect our customers' sensitive and proprietary data with modern frameworks like zero trust and secure-by-default products like Google Workspace," said Alvaro Garrido, Chief Security Officer at BBVA. "We look forward to the strategic services and guidance the Google Cybersecurity Action Team will deliver as we continue on our security transformation."

Under the Google Cybersecurity Action Team, Google Cloud will deliver full spectrum security and customer engineering solutions that will help organizations address business and security challenges. These will build on existing offerings like Autonomic Security Operations, which helps businesses transform their organization's Security Operations Center (SOC) and Web App and API Protection, which provides customers a comprehensive solution for protecting against modern internet threats.

Today, Google Cloud announced a new security and resiliency framework that delivers customers a comprehensive security management program with cloud technologies that are aligned to the National Institute of Standards and Technology's Cybersecurity Framework. Additionally, Google also announced its new Work Safer offering, designed to help organizations, their employees, and partners collaborate and communicate securely and privately in today's hybrid work environment. It uniquely brings together the cloud-native, zero-trust solutions of Google Workspace with industry-leading solutions from across Google and its cybersecurity partners, CrowdStrike and Palo Alto Networks.

Customers need a consistent approach to preparing for and defending against cybersecurity  threats,Our comprehensive suite of security solutions delivered through our platform and amplified by the Google Cybersecurity Action Team will help protect organizations against adverse cyber events with capabilities that address industry frameworks and standards.

Phil Venables, Vice President and Chief Information Security Officer at Google Cloud and founder of the Google Cybersecurity Action Team

About Google Cloud
Google Cloud accelerates organizations' ability to digitally transform their business with the best infrastructure, platform, industry solutions and expertise. We deliver enterprise-grade solutions that leverage Google's cutting-edge technology – all on the cleanest cloud in the industry. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

Spotlight

Smartphones and tablets give you the freedom to access the Web from anywhere. But, mobile devices can easily be misplaced, or worse, stolen—putting all your personal Stuff at risk. Norton Mobile Security helps you recover your lost or stolen devices, protect against malware and prevent strangers from accessing your private Stuff.


Other News
PLATFORM SECURITY

Trend Micro Unites Industry With Most Powerful and Complete Security Platform

Trend Micro | April 26, 2022

Trend Micro Incorporated , a global cybersecurity leader, announced the launch of Trend Micro One, a unified cybersecurity platform with a growing list of ecosystem technology partners that enables customers to better understand, communicate, and lower their cyber risk. Organizations are battling on all fronts to face mounting cyber risks from their complex and growing attack surface with stretched teams and siloed security products. The unified security platform approach delivers a continuous lifecycle of risk and threat assessment with attack surface discovery, cyber risk analysis, and threat mitigation and response. Inaugural partners of the Trend Micro One technology ecosystem include: Bit Discovery, Google Cloud, Microsoft, Okta, Palo Alto Networks, ServiceNow, Slack, Qualys, Rapid7, Splunk, and Tenable. "We are so proud that ecosystem partners value integrating into our platform. Collectively we help enterprises fight the bad guys known as cybercriminals. Alone we are strong, but together our industry is unstoppable in helping customers eliminate security gaps anywhere, identify internal and external enterprise assets, and take critical steps to mitigate them. Kevin Simzer, COO of Trend Micro According to Gartner®, "vendors are increasingly acquiring or developing these adjacent technologies and integrating them into a single platform. The benefits are best realized when this integration minimizes consoles and configuration planes and reuses components (e.g., endpoint agents) and information.1" "We all know that digital transformation is table stakes for the post-pandemic enterprise. But this comes with additional risks: a bigger target for threat actors to aim at and more visibility and security coverage gaps for them to hide in," said Jeremiah Grossman, CEO of Bit Discovery. "Trend Micro's approach stands out from the crowd — notably with its blend of multiple sources of asset and risk visibility, including external attack surface visibility powered by Bit Discovery. Trend Micro's platform helps customers quickly get a prioritized and comprehensive understanding of their attack surface." As a unified platform, Trend Micro One delivers powerful risk assessment capabilities, but the ecosystem partners extend that to make it the most complete in the industry. Joint customers benefit from truly connected visibility, better detection and response capabilities, and comprehensive protection across security layers and systems. Trend Micro One supports this approach by enabling customers to: Discover the attack surface: Identify, monitor, and profile cyber assets in customers' environments. Understand and continuously assess risk: Analyze risk exposure, the status of vulnerabilities, the configuration of security controls, and types of threat activity. Effectively mitigate risk: Ensure the right preventative controls and take swift action to mitigate risk and remediate attacks across the enterprise by leveraging Trend Micro's threat and risk intelligence. About Trend Micro Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response.

Read More

SOFTWARE SECURITY

CyCognito and Carahsoft Partner to Deliver Attack Surface Management and Protection Solutions to the Public Sector

CyCognito | December 29, 2021

CyCognito, the leader in external attack surface management and protection, today announced a strategic go-to-market alliance with Carahsoft Technology Corp., the Trusted Government IT Solutions Provider. Under the agreement, Carahsoft will serve as CyCognito’s first Public Sector Distributor. The new relationship expands and deepens CyCognito’s reach across and within the Public Sector through Carahsoft’s NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), OMNIA Partners, National Association of State Procurement Officials (NASPO) ValuePoint, and National Cooperative Purchasing Alliance (NCPA), as well as through Carahsoft’s reseller partners. “Together with our channel partners, CyCognito is using its platform, program and best practices to help the Public Sector establish a stronger security posture and proactively identify, protect and prevent cyberattacks from happening,” says Channel Chief and CyCognito’s Worldwide Sales Leader Lori Cornmesser. Most of today’s cyberattacks continue to intrude through external attack vectors. CyCognito’s innovative platform automates the discovery, multi-factor security testing and risk prioritization of all externally-exposed assets in an organization’s extended IT ecosystem. Once cyber threats are identified, CyCognito orchestrates data sharing to automatically start the remediation process by creating an incident response ticket. The platform integrates its findings and intelligence into existing vulnerability lifecycle management processes through channels such as Slack, PagerDuty, ServiceNow, and several additional platforms. This proven and proactive layer of automated security ensures an organization’s entire attack surface is protected quickly and efficiently when risks are detected. “Empowering organizations to find and eliminate the paths attackers easily exploit is a vital tactic within any surface management and protection strategy,Prevention and remediation must remain top of mind for channel partners and IT decision makers, especially those working within the Public Sector where the stakes are high and the impact of a single breach has the potential to span states, the nation and even the globe.” Rob Gurzeev, Founder and CEO, CyCognito CyCognito and Carahsoft are enabling forward-thinking security value-added resellers (VARs), managed service providers (MSPs), global systems integrators (GSIs) and managed security services providers (MSSPs) with a new and enhanced lineup of SLED and Federal-focused sales and marketing assets. Offered at no charge, these business-building assets are readily available within CyCognito’s partner portal and include how to market, how to pitch and position, and how to demo the technology. “Agencies today are under tremendous pressure to protect their customers from cybercrime,” said Michael Shrader, Vice President of Intelligence and Innovative Solutions at Carahsoft. “CyCognito’s leading platform preempts attacks and helps businesses satisfy key elements of most common security frameworks and regulatory compliance standards. We look forward to working with CyCognito and our reseller partners to help educate and better enable the Public Sector with the knowledge, specialization and technology needed to properly assess their cyber risk and eliminate exposure.” About CyCognito CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure. Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. The Palo Alto-based company is funded by leading Silicon Valley venture capitalists, and its mission is to help organizations protect themselves from even the most sophisticated attackers. It does this with a category-defining, transformative platform that automates offensive cybersecurity operations to provide reconnaissance capabilities superior to those of attackers. About Carahsoft Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, we deliver solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and Engagement, and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles.

Read More

DATA SECURITY

Menlo Security Cloud Security Platform Now Available in the AWS Marketplace

Menlo Security | March 01, 2022

Menlo Security, a leader in cloud security, today announced that the Menlo Cloud Security Platform is now available in the AWS Marketplace. Amazon Web Services (AWS) customers now have access to Menlo Security’s isolation-powered platform that eliminates malware threats, connects users to the enterprise applications from anywhere, and scales elastically to meet user demand. Detecting and responding to today's sophisticated threats using yesterday's legacy security tools doesn't work. The Menlo Cloud Security Platform, powered by a patented Isolation Core™, proactively prevents malware threats from reaching workers without sacrificing the user experience. With 75% of work happening in the browser every day, the browser has quickly become the primary attack surface for threat actors, ransomware, and other attacks. Menlo Security recently identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employing techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. “Our goal is to ensure our partners and customers are able to access and deploy the Menlo Security cloud security solution on their terms and on their timeline, Today’s threat landscape is constantly evolving and becoming more sophisticated as our recent discovery of HEAT attacks demonstrates. Having our cloud security solution available in the AWS marketplace enables our channel partners to transact and seamlessly support their customers and protect their employees and networks through the AWS Consulting Partner Private Offers (CPPO) program.” Sanjit Shah, head of strategic alliances for Menlo Security Key features of the Menlo Cloud Security Platform include: Centralized Platform - cloud-native platform which prevents malware from reaching users, eliminates the need for multiple appliances, and gives IT managers one interface to navigate. Elastic Isolation Core - The patented Isolation Core™ protects against known/unknown threats and isolates them before they reach users. Zero Trust isolation provides 100% protection without special software or plug-ins, so users don't experience negative impacts or interruption. Elastic Edge - Built to scale globally on demand. It dynamically scales to meet enterprise-level growth-over 3M users-with no performance hit and is easily extendable with a rich set of APIs and integrations. About Menlo Security Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. The company is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase. Menlo Security is headquartered in Mountain View, California.

Read More

SOFTWARE SECURITY

Contrast Security Introduces Cloud-Native Automation

Contrast Security | April 23, 2022

Contrast Security , the leader in code security that empowers developers to secure-as-they code, today announced the introduction of cloud-native automation for users leveraging Red Hat OpenShift, the industry's leading enterprise Kubernetes platform. Red Hat OpenShift users can now deploy containerized applications with embedded security features within a native continuous integration and continuous delivery (CI/CD) pipelines. This enables Red Hat OpenShift users to retain scalability, while adding automated security testing and protection as a routine part of the software delivery process. These added capabilities result in minimized manual configuration, reduction in additional overhead costs, and overall security efficiencies. Contrast enables customers to continuously monitor OpenShift applications at runtime to deliver the most actionable results without requiring AppSec teams to waste hundreds of hours validating results and causing delays for developers. "Unfortunately many organizations lack the means to implement scalable security gates within their CI/CD pipelines, which translates to insecure code being shipped across distributed cloud environments. Contrast helps these teams drive their DevSecOps transformation with automation at scale. These new capabilities are another component to Contrast's overall mission of ensuring developers are empowered to embed security capabilities within their environments without imposing additional work on them. We want to make security a value-add for everyone." Sanjay Ramnath, Vice President of Product Management at Contrast Security Contrast enables Red Hat OpenShift users to benefit from the following capabilities: Source-to-Image Deployment: Cloud developers can embed Contrast's Assess and Protect agents into their source code image to implement continuous vulnerability detection with runtime context and help protect their apps from targeted attacks in production. CI/CD Jenkins Pipelines: AppSec teams can trigger automated security tests within native Jenkins pipelines and establish security policy gates to mitigate potential vulnerabilities. Alternatively, users can also automate in their Jenkins CI/CD pipelines by pulling the agent from Contrast. OpenShift Pipelines via Tekton: Contrast provides OpenShift users with automated tasks that can be used to create repeatable pipeline templates within OpenShift Pipelines environments. APIs provided by the Contrast Secure Code Platform help initiate automated vulnerability static scanning at build time and instrument applications for security telemetry from within prior to deployment. The Contrast Secure Code Platform is available today with support for Java, .NET, and Node.js applications. About Contrast Security Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Read More

Spotlight

Smartphones and tablets give you the freedom to access the Web from anywhere. But, mobile devices can easily be misplaced, or worse, stolen—putting all your personal Stuff at risk. Norton Mobile Security helps you recover your lost or stolen devices, protect against malware and prevent strangers from accessing your private Stuff.

Resources