Data Security

HUB Security acquires the leading Cyber Security Comsec for NIS 70M

HUB Security ("HUB" or the "Company"), announces today the acquisition of Comsec Global for NIS 70 million, of which HUB will pay NIS 40 million in cash and NIS 30 million in its own shares. The Shares consideration are under a share sale lock-up provision for a period of 6 months post closing of the transaction.

The main goal of the acquisition is to dramatically increase HUB Security's global sales and distribution infrastructure by over 40 countries, which will enable the Company to more than double its revenues and significantly accelerate penetration of HUB's unique cyber-security solutions in global enterprises.

HUB has developed a technology that can cause a paradigm shift in the Cyber Security market, HUB's solution was considered to be the Holy Grail long awaited by governments and enterprises worldwide. The combination between the two companies creates a unique entity that has a strong foundation of global cyber business coupled with an unparalleled growth potential that leverages upon a 40-country sales infrastructure. In our opinion, this is a classic case of 1+1 equals 10 and not two.

Mr. Rony Sternbach, Comsec Chairman and controlling shareholder.

Comsec is one of the leading companies in Israel's cybersecurity sector. Founded in 1987, the company was a pioneer in data security and now has an extensive customer base spanning over a thousand leading companies in 40 countries across five continents. It operates four consulting and distribution companies and has subsidiaries in the UK and the Netherlands.

The company offers a broad spectrum of services to its clients, providing comprehensive solutions in application security, security, and source code testing. These include application lifecycle development consulting, infrastructure security, and communication security. It further provides security auditing via several models; Threat Modeling, penetration tests, Black Box and comprehensive White Box audit Design Review, and more.

Comsec's annual sales turnover is approx NIS 120 million. Its customers include banking, insurance, hi-tech, communications, industrial, retail, large-scale infrastructures, and local and central government bodies and ministries. Comsec is a one-stop shop for all their cybersecurity needs.

HUB Security was established in 2017 by veterans of the IDF's 8200 and 81 intelligence units. The company specializes in protecting sensitive commercial information and has an advanced encrypted computing solution for companies and organizations aimed at preventing hostile intrusions and the theft of sensitive commercial information.

Hub offers cybersecurity solutions to, amongst others, the AI, Fintek, and critical infrastructure sectors. The company employs 400 employees, and its offices are located in Israel and the United States.

Spotlight

Organizations are losing IT and security control Once upon a time, IT and security teams focused mostly on managing their organization’s on-prem environment. But as business requirements changed, customer bases became global, and remote work took root, these technology teams were handed responsibility across more domains: cloud


Other News
Software Security

Picus Launches New MSSP Program to Make Starting Security Validation Simple

Picus Security | December 12, 2023

Picus Security, the pioneer of Breach and Attack Simulation (BAS), today announced the Picus Managed Security Services Provider (MSSP) Partner Program. Picus has a long-standing 100% channel approach and works closely with MSSPs to deliver security validation services that quantify risk and reduce threat exposure. Now, it's easier than ever for MSSPs and their customers to get started with security validation to measure the effectiveness of security controls with real-world attack simulations and then scale up testing programs to perform validation checks consistently. The new Picus MSSP Program provides the flexibility MSSPs need to introduce automated validation services and generate new recurring revenues quickly. Designed for customers of varying levels of cyber maturity, the program features interval-based and continuous licensing options. With interval-based licensing, MSSPs can purchase credits that allow an entry cadence for validation assessments. Then, once customers are ready to advance their security program maturity and increase the frequency of assessments they can easily switch to a continuous licensing model. The program means MSSPs can help customers to 'crawl,' 'walk,' and then 'run' with validation. "With this new MSSP program, it's never been simpler for managed service providers to get the consistent and accurate validation insights needed to improve security outcomes for clients," said Ryan Kunker, Picus Security, Senior Director of Channels and Alliances. "By shining a light on security effectiveness in areas such as security control validation, automated security validation presents an enormous opportunity for MSSPs to improve security outcomes for clients and identify new upsell opportunities." Security validation powered by BAS is a core pillar of Continuous Threat Exposure Management (CTEM). It helps security teams to understand if security controls provide the coverage needed to defend organizations against the latest threats, including ransomware and Advanced Persistent Threats. Gartner estimates that security services providers that adopt cybersecurity validation assessments will see an improvement of over 5% in their acquisition, retention and upsell rates.* "We are constantly looking for new ways to provide real actionable value to our clients," said Perry Schumacher, Chief Strategy Officer at Ridge IT. "We evaluated Picus in our cyber range against our best practice configurations and it showed us opportunities to improve beyond today's best tools and practices. The Picus platform helps us provide better security for our clients by increasing our effectiveness. Our clients who purchase Picus begin a continuous improvement journey for their cyber security and are always in a cyber-ready state." In addition to real-world threat simulation, the Picus platform also offers asset and vulnerability discovery, attack path mapping, detection engineering as code, and AI-based threat profiling - capabilities that help MSSPs to manage customers' threat exposure even more efficiently. To enable MSSPs to validate the security of multiple clients simultaneously, the platform also offers a multi-tenant portal. "Now more than ever, every dollar spent in the security budget must be carefully weighed on merit and returned value," said Darren Humphries, Acora Group CISO and MSSP Cyber Portfolio CTO. "For strengthening the security of our own company portfolio and that of our customers, Picus is a key tool that helps us measure the efficacy of the protective security tools we use as well as our detective SOC and SIEM capabilities. Picus is a true force multiplier." About Picus Security Picus Security helps security teams consistently and accurately validate their security posture. Our Security Validation Platform simulates real-world threats to evaluate the effectiveness of security controls, identify high-risk attack paths to critical assets, and optimize threat prevention and detection capabilities. As the pioneer of Breach and Attack Simulation, we specialize in delivering the actionable insights our customers need to be threat-centric and proactive. Picus has been named a 'Cool Vendor' by Gartner and is recognized by Frost & Sullivan as a leader in the Breach and Attack Simulation (BAS) market.

Read More

Software Security

Fortinet Advances the Industry’s Most Comprehensive Operational Technology Security Platform

Fortinet | December 19, 2023

Fortinet (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the latest release of new, integrated operational technology (OT) security solutions and services. These additions further distance Fortinet’s industry-leading OT Security Platform from the rest of the market. “We understand that OT differs significantly from traditional IT systems, and that’s why our OT Security Platform was purpose-built to provide integrated protection and risk management specific to industrial environments,” said John Maddison, Chief Marketing Officer and EVP, Product Strategy at Fortinet. “Rising attacks on critical infrastructure have made OT security more important than ever before. With today’s news, Fortinet continues to empower customers with the most sophisticated OT solutions and intelligence in the industry.” The Need for Integrated OT-Specific Security The number of industrial devices connected beyond their network boundaries is rapidly increasing, and CISOs now face skyrocketing risks across their OT environments. In fact, Fortinet found that three-fourths of OT organizations reported at least one intrusion in the last year, and nearly one-third reported being victims of a ransomware attack. To solve this challenge, organizations need an integrated security approach designed specifically for industrial solutions that enables policy enforcement across the entire attack surface, consolidates point products, and reduces operational overhead. Bolstering the Fortinet OT Security Platform with New and Enhanced Offerings The Fortinet OT Security Platform is an integrated portfolio of cybersecurity products, solutions, and security services designed specifically for industrial networks and powered by real-time OT threat intelligence. Because the OT Security Platform is a part of the Fortinet Security Fabric, it empowers customers with deep visibility across their entire environment and securely facilitates IT/OT convergence. The platform also gives organizations the ability to implement a zero-trust model within OT environments, including secure remote access to OT assets and systems for remote employees and contractors. OT Security Platform updates announced today, which build on improvements unveiled earlier this year, span two key pillars of the Security Fabric: Secure Networking for OT The new FortiSwitch Rugged 424F is an industrial-class ethernet switch (IES) designed to address the requirements of digital substations and the power utility industry. The switch supports real-time OT networking protocols and integrates with FortiGate Next-Generation Firewalls (NGFWs) for comprehensive security and access control. The new FortiAP 432F access point meets Class 1, Division 2 requirements for use in hazardous OT environments. It can segment industrial Wi-Fi networks to prevent attacks from spreading across unprotected devices and systems. This expansion of the IP67-rated access-point line now enables the deployment of additional OT applications in industries such as oil and gas. The new FortiExtender Vehicle 211F wireless gateway is a semi-ruggedized mobility solution for connected fleets, mobile systems, and OT deployments. It was also designed to meet the requirements of the AT&T FirstNet wireless communications network for first responders. FortiOS, Fortinet’s operating system, has been updated with the OT View dashboard, which correlates and displays important OT data. This dashboard makes it easy for organizations to understand their entire attack surface—both IT and OT—and take action from a single console. Security Operations and Services for OT FortiAnalyzer now includes OT-specific analytics, risk, and compliance reports, providing security operations teams with faster threat detection, asset and vulnerability correlation, and reporting. FortiNDR, which supports on-premises, cloud, and hybrid deployments, can now analyze more than 15 different OT-network protocols. It also includes AI-powered OT-network behavior analysis to identify malicious network activity and files. FortiDeceptor, Fortinet’s deception technology for early breach and attack isolation, now supports 30 OT protocols and additional OT decoys to protect diverse industrial environments. The FortiGuard OT Security Service boasts the industry’s deepest OT threat intelligence database and now covers more than 70 OT protocols and more than 4,000 OT application and device vulnerability signatures. These signatures enable strict access control policies on network traffic and provide virtual patching for vulnerable OT assets. FortiGuard Outbreak Alerts, an industry-leading cybersecurity resource, now includes critical information about OT-specific threats. This empowers customers with the information they need to harden their systems against new and emerging attacks following the NIST Cyber Security Framework. "IT and OT are converging and these colliding environments are increasing overall risk. Our clients require robust OT solutions and services without extensive deployments that complicate administration and place additional strain on IT and security teams. Through the Fortinet OT Security Platform, we can provide clients with a unified approach of safeguarding both the carpeted side of a business as well as the concrete side of the business. We eagerly anticipate introducing these updated and novel offerings to our customer community." – Dan Sanderson, VP of Strategy, Cyber Advisors About Fortinet Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

Read More

Software Security

Salt Security API Protection Platform Wins Gold in 13th Annual Best in Biz Awards

Salt Security | December 13, 2023

Salt Security, the leading API security company, today announced that the Salt Security API Protection Platform has been named a Gold Winner in the "Enterprise Product of the Year - Security Software" category in the Best in Biz Awards 2023. The Salt Security API Protection Platform is a best-in-class solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. With its patented approach to blocking today's low-and-slow API attacks, only Salt provides the adaptive intelligence needed to protect APIs. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights into API threats and vulnerabilities, including those outlined in the OWASP API Security Top 10 list. "APIs sit at the core of today's modern applications, connecting enterprises to vital data and services," said Michael Nicosia, co-founder and COO, Salt Security. "Given the amount of sensitive information being transmitted through APIs, along with the growing complexity of API attacks, strong API security has become critical for modern businesses. The Salt platform is the only solution that provides cloud-scale big data and real-time analysis across all application environments, pinpointing and stopping attackers in their tracks. We are honored to have our solution's unique capabilities recognized by the Best in Biz Awards." According to the Salt Labs State of API Security Report, Q1 2023, 94% of organizations experienced security problems in production APIs in the past year, with a 400% increase in unique attackers overall in the last six months. The Salt platform protects APIs across their full lifecycle – build, deploy and runtime phases. Through its unique API Context Engine (ACE) architecture, the Salt platform provides API design analysis in pre-production, discovers all APIs, pinpoints and stops API attackers, and provides remediation insights learned during runtime to harden APIs. "As in years past, determining winners in some categories was a matter of selecting the very best from among the very good and came down to the smallest details," said Best in Biz Awards staff. "Each year, the judges are impressed by the innovations, growth, and change emanating from the winning companies and permeating across layers of society, from their employees through clients to local and global communities." The 13th annual program saw intense competition among more than 600 entries from public and private companies, representing all industries and regions in the U.S. and Canada and ranging from some of the most iconic global brands to the most innovative start-ups and beloved local companies. This year's judges highlighted the winning companies' breadth and depth of innovation, their novel approaches to employing new technologies, impressive workplace benefits and employee diversity and inclusion programs, as well as continued community involvement and critical investments in environment and corporate social responsibility programs. About Salt Security Salt Security protects the APIs that form the core of every modern application. Its patented API Protection Platform is the only API security solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and hardening APIs. Deployed quickly and seamlessly integrated within existing systems, the Salt platform gives customers immediate value and protection, so they can innovate with confidence and accelerate their digital transformation initiatives. For more information, visit: https://salt.security/ About Best in Biz Awards Since 2011, Best in Biz Awards has been the only independent business awards program judged by a who's who of prominent reporters and editors from top-tier publications from North America and around the world. Over the years, judges in the prestigious awards program have ranged from Associated Press to the Wall Street Journal and winners have spanned the spectrum, from blue-chip companies that form the bedrock of the global economy to some of the world's most innovative start-ups and nimble local companies. Each year, Best in Biz Awards honors are conferred in two separate programs: North America and International, and in 100 categories, including company, team, executive, product, and CSR, media, PR and other categories. For more information, visit: http://www.bestinbizawards.com.

Read More

Data Security

Boomi Strengthens Commitment to Data Security and Compliance by Achieving StateRAMP Authorization

Boomi | January 12, 2024

Boomi™, the intelligent connectivity and automation leader, today announced that the Boomi platform has achieved StateRAMP Authorization. This achievement reflects Boomi’s unwavering commitment to data security and compliance, and to delivering a secure and reliable solution that government agencies can rely on to safeguard their data and operations. “At Boomi, we are committed to democratizing modernization. Securing StateRAMP authorization for our platform was paramount, enabling public sector organizations to seamlessly and securely integrate and leverage cloud applications,” said Sean Wechter, Chief Information Officer at Boomi. “Through a strategic alliance with StateRAMP, Boomi actively collaborates with its leadership board, facilitating streamlined documentation and audit processes to expedite digital transformation within the public sector." According to the U.S. Government Accountability Office, government agencies plan to spend billions of dollars each year to support their IT and cybersecurity efforts, including transitioning IT resources to secure, cost-effective commercial cloud services.1 However, agencies are challenged to select secure cloud-based solutions, making it difficult for these organizations to modernize and improve constituent experiences. StateRAMP, a nationally recognized risk authorization management program that provides a standardized approach to assessing cloud products, improves security and simplifies procurement by building a pool of pre-authorized Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) solutions for public sector entities. As organizations more frequently implement cloud-based solutions, they also require validated access to integration platform as a service (iPaaS) to streamline application and resource integration. iPaaS integrates cloud-to-cloud, cloud-to-on premises, and on-premises-to-on-premises platforms, helping public sector organizations break down data silos to enhance information flow, improve citizen services, and increase operational effectiveness. About Boomi Boomi aims to make the world a better place by connecting everyone to everything, anywhere. The pioneer of cloud-based integration platform as a service (iPaaS), and now a category-leading, global software as a service (SaaS) company, Boomi touts the largest customer base among integration platform vendors and a worldwide network of approximately 800 partners – including Accenture, Capgemini, SAP, and Snowflake. Global organizations turn to Boomi’s award-winning platform to discover, manage, and orchestrate data, while connecting applications, processes, and people for better, faster outcomes. For more information, visit boomi.com.

Read More

Spotlight

Organizations are losing IT and security control Once upon a time, IT and security teams focused mostly on managing their organization’s on-prem environment. But as business requirements changed, customer bases became global, and remote work took root, these technology teams were handed responsibility across more domains: cloud

Resources