ISF Predicts Collision of Digital and Physical Worlds in 2022

Infosecurity | April 16, 2020

New research published today by the Information Security Forum (ISF) predicts nine potential threats that could make 2022 a turbulent year for cybersecurity and business. The direful overarching theme of the "Threat Horizon 2022" report is that the collision of the digital and physical worlds in 2022 will spell disaster for humanity. The ISF states: "The digital and physical worlds are on an irreversible collision course. By 2022, organizations will be plunged into crisis as ruthless attackers exploit weaknesses in immature technologies and take advantage of an unprepared workforce. At the same time, natural forces will ravage infrastructure." Menaces detailed in the report include a digital cold war that engulfs businesses followed by a crisis of trust that will undermine digital companies.

Spotlight

The commercial cloud is here to stay. In this vlog Jim Gibson describes why you should have peace of mind in putting your data in the cloud. He also mentions that you need to do your side of cloud security. Make sure you pick a reputable cloud provider and know exactly your responsibilities before it is placed in the cloud.  the Department of Defense,  the NSA and the CIA  store top secret information and data in the cloud.  If you're an IT professional then you need to start studying the cloud and the benefits that it can provide both you and your customers. The cloud is here to stay. And it is a secure place to do your data backups.


Other News
DATA SECURITY

Flow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round

Flow Security | August 05, 2022

Flow Security today announced $10M in seed funding and launched the first data security platform that discovers and protects both data at rest and in motion. The funding was led by Amiti, with participation from GFC, Amdocs Ventures, and industry leaders such as CyberArk CEO Udi Mokady and Demisto CEO and co-founder Slavik Markovich. Enterprises of all sizes continue to make heavy investments in technology stacks as they transition to modern cloud application architectures. This new era promises many benefits, but has also led to significant data sprawl and major difficulties in securing data. With the widespread adoption of modern architectures, securing sensitive data such as PII, PHI, financial information, and intellectual property has become a near-impossible task. Flow Security helps organizations overcome these challenges by continuously mapping and detecting all data-related risks for an improved data security posture. Flow is the only data security platform that supports use cases including discovering and classifying data flows to external services, policy enforcement, automatic data-related threat modeling, and reducing data access permissions to the minimum. Flow has a growing customer base in highly-regulated markets such as e-commerce, fintech, healthcare, insurtech, and more. "Discovery, mapping and protecting data is usually a manual process, which is not effective in large organizations," says Nir Chervoni, Head of Data Security of Booking.com, "Automatic data mapping should consist of analyzing the actual payload, and not only its metadata. So far, Flow is the only company I've seen that provides that capability for multiple scenarios." "Security and data protection teams are struggling to keep up with the rapid pace of today, and Flow is making their lives exponentially easier," said Ben Rabinowitz, Managing Partner and Founder at Amiti Ventures. "We're thrilled to be a partner on this journey, and eager to help capitalize on this opportunity to give security teams the technology they need to become business enablers." "We've reviewed dozens of different data security tools lately, and we weren't satisfied with any of them. "But Flow's data-in-motion approach is a game changer. It took the platform a few days to map data-related threats that usually take months of manual work to detect." Ralph Pyne, VP of Security at NextRoll "Data security is not a new problem, but the challenges are changing and growing," said Jonathan Roizin, co-founder and CEO of Flow Security. "Organizations are moving at a record pace and quickly transitioning to the cloud and cloud-first applications. These transformations often make life easier, but they also make the jobs of security professionals even more difficult. With Flow, security teams are no longer forced to chase down information. It simplifies security and regulatory processes and bridges the gap between security and development teams." About Flow Security Flow Security revolutionizes data security with the first platform that discovers and protects data not only at rest, but also in motion. Founded in 2021 by Jonathan Roizin and Rom Ashkenazi, the Israel-based company is backed by Amiti, GFC, Amdocs Ventures, and market-leading angel investors.

Read More

DATA SECURITY

ControlCase Partners with ConnectWise & FifthWall Solutions to Increase MSP Cybersecurity Maturity & Bridge Access to Cyber Insurance.

ControlCase | July 11, 2022

ControlCase, a leading provider of IT Security Certifications and Continuous Compliance Services announced its recent partnership with ConnectWise and FifthWall Solutions. Under this partnership, Managed Service Providers (MSPs) can now access the ConnectWise MSP+ security best practices framework from the ControlCase Compliance HubTM platform for both self-assessment and verification by ControlCase. This partnership also provides the rate-quote-bind assistance required for procuring insurance. ConnectWise’s MSP+ framework is derived from the NIST CSF framework and aims to help MSPs strengthen their cybersecurity program, increase cybersecurity maturity, and ultimately lower their risk of a data breach. MSP+ provides an affordable compliance framework that can be used as the foundation for an MSPs cybersecurity program. The MSP+ program is split into 3 parts: 1. MSP+ Self Assessment – Allows the MSP to access the framework and start implementing controls and closing gaps at their own pace. 2. MSP+ Advanced – Includes assistance with remediation and final verification by ControlCase. 3. MSP+ Mastery – Demonstrates a mature cybersecurity program and is also verified by ControlCase. “This partnership is a gamechanger for MSPs,” said Mike Jenner, CEO at ControlCase. “Security incidents involving MSPs, and their clients continue to rise. This rise necessitates stringent security controls to be implemented and the MSP+ framework provides a great place for MSPs to start learning about cybersecurity and implementing necessary controls.” Speaking on the achievement, Raffael Marty, General Manager -Cybersecurity at ConnectWise said “Cyber insurance is a critical element to help partners protect their legacy by building a more cyber-resilient business. This partnership will help MSPs increase their cybersecurity maturity, prepare for and procure insurance; eliminating dozens of steps they and their customers would otherwise have to take.” The ControlCase Compliance HubTM platform is integrated with ConnectWise Manage. MSPs can complete their MSP+ assessments without ever leaving their PSA. The MSP+ Advanced and Mastery offerings also include real-time compliance status and vital statistics such as risk rating and security milestone planning. “FifthWall is excited to be the dedicated Cyber Insurance & Risk Management Solution Provider,” said Reid Wellock, President, FifthWall Solutions. “We work with 35+ insurers to limit clients’ cyber exposure and give peace of mind for businesses of any size.” This partnership greatly simplifies MSPs and their clients' access to insurance.” For more information on this partnership and the related offerings, please contact Kimberly Simon at ksimon@controlcase.com About ControlCase ControlCase is a global provider of certification, cybersecurity, and continuous compliance services. ControlCase is committed to empowering organizations to develop and deploy strategic information security and compliance programs that are simplified, cost-effective, and comprehensive in both on-premises and cloud environments. ControlCase offers certifications and a broad spectrum of cyber security services that meet the needs of companies required to certify to PCI DSS, HITRUST, SOC 2 Type II, ISO 27001, PCI PIN, PCI P2PE, PCI TSP, PA DSS, CSA STAR, HIPAA, GDPR, SWIFT, and FedRAMP. About FifthWall Solutions FifthWall works with 35+ carriers to limit your clients’ cyber exposure and give peace of mind for businesses of any size. With our policies, MSPs and their clients are covered from business interruptions, cyber crimes, and several of the consequences that follow. With breach prevention and response tools, MSPs and their clients avoid risk and minimize impact in the event of a security incident.

Read More

SOFTWARE SECURITY

NowSecure Integrates with GitHub Dependabot for Developer-First Mobile Software Supply-Chain Security

NowSecure | July 06, 2022

NowSecure, the leading standards-based mobile app security and privacy software company, today announced a new GitHub Action for Dependency Graph integration to bring automated mobile app Software Bill of Materials (SBOM) generation to developer workflows directly inside GitHub. Now iOS and Android mobile app developers can gain visibility into the components, third-party libraries and frameworks they use and ensure their proper version, security and privacy as they build them — all to deliver high-quality, secure mobile app releases faster. GitHub,the leading software development platform for more than 83 million developers, announced new extensions for dependency information in the GitHub Dependency Graph with new GitHub Actions. As a recognized leader in mobile app security, NowSecure has delivered the first automated dynamic mobile app SBOM solution integrated into GitHub Dependency Graph. The NowSecure GitHub Action for Mobile SBOM to populate the GitHub Dependency Graph is now available in early access via the GitHub Marketplace. In addition, the NowSecure Platform can now be purchased through Microsoft Azure Marketplace. As part of the early access program, all GitHub mobile developers can request a free scan for dynamic SBOM generation into GitHub Dependency Graph. Underlying the urgency of managing software dependencies, software supply-chain attacks in 2021 grew by 650% with major incidents from SolarWinds, Microsoft, Kasaya, log4j and others. White House Cybersecurity Orders in 2021 identified critical risks in the global software supply chain and set out requirements for government agencies to establish standards and policies for securing the software supply chain. "Developers want to deliver innovative, high-quality mobile applications fast," said NowSecure CEO Alan Snyder. "This means they need a developer-first, easy to use and accurate mobile security solution embedded directly in their dev workflows. While mobile developers depend on third-party code for innovative experiences, complex functionality and time to market, they must ensure the code they use is up to date and secure. We are excited to extend our partnership with GitHub and the community by adding dynamic SBOM generation into GitHub Dependency Graph to help developers protect their software supply chain." NowSecure offers two GitHub Actions for automated mobile app analysis and mobile app SBOMs. The NowSecure GitHub Action provides automated static and dynamic security analysis of iOS and Android mobile apps built in any language or framework including Swift, Objective-C, Java, Kotlin, Dart, React-Native and more. The NowSecure GitHub Action for Mobile SBOMs generates component detail for visibility into the libraries/frameworks included in all mobile apps, identifying transitive dependencies, pinpointing libraries/frameworks that are using older versions, identifying components that remain but may have previously specified to be removed, and uncovering component license details. "The NowSecure GitHub Action for Mobile SBOM populates the GitHub Dependency Graph with mobile data so that in the future GitHub Dependabot alerts can update dependencies to the latest and more secure versions of libraries in mobile apps. "Furthermore, comparing SBOMs and dependencies from different versions of a mobile app provides insight into changes made by the developer over time that may require further analysis or help identify technical debt. Overall, we've been very impressed with GitHub's implementation, enabling third-parties to extend the Dependency Graph and Dependabot to support new ecosystems like mobile." NowSecure CTO David Weinstein "The software supply chain starts with the developer. Extending automated visibility into your SBOM means developers can significantly reduce their usage of vulnerable software dependencies as well as be confident in shipping new mobile features and products with security built in by design," said Jose Palafox, Director of Business Partnerships at GitHub. The NowSecure GitHub Action for Mobile SBOM early access program for GitHub Dependabot Graph is part of the world's most comprehensive suite for mobile app security including NowSecure Platform for continuous security testing in the development pipeline for DevSecOps, NowSecure Workstation kit for pen tester productivity, NowSecure Supply Chain Risk Management, NowSecure Pen Testing Services, and NowSecure Academy training courseware for dev and security teams. Built on a foundation of standards and automation, NowSecure empowers organizations to deliver secure mobile apps faster and continuously monitor their mobile app supply chains for risk. Top mobile innovators, global businesses and agencies trust NowSecure to secure their mobile apps including AT&T, Caribou Coffee, Chime, iRobot and Uber. About NowSecure As the standards-based mobile app security and privacy company, NowSecure protects the Mobile App Economy. The world's most demanding organizations, innovative mobile developers and advanced security teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers the full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing and training courseware with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP, ioXt and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.

Read More

SECURITY AUDIT AND COMPLIANCE

NetWitness Launches Comprehensive XDR Offerings for Next Generation Security

NetWitness | June 08, 2022

NetWitness, a globally trusted provider of cybersecurity technologies and incident response, today announced NetWitness XDR, a family of products and capabilities delivering comprehensive detection and response on premise, in the cloud or as a hybrid of the two. This new offering and product architecture delivers the full range of deployment options enterprises seek today to meet their unique cybersecurity needs and use cases. NetWitness XDR delivers a robust set of capabilities enabling extended detection and response (XDR) and helping customers stay ahead of the most sophisticated cyber threats. These include: Unified collection, data, and visibility across multiple security layers Automatic enrichment of data using any technical or business source A wide toolset of detection technologies including, but not limited to, advanced behavioral analysis External and internal threat intelligence to identify known security risks and threat actors Truly insightful context, visualization, and investigation tools Threat hunting tools and methodologies to identify previously unknown threats Highly repeatable and measurable incident investigation and response processes A strong array of both automated and human response options “NetWitness has enjoyed the trust of some of the world’s most security sensitive organizations because of its unique ability to monitor the entire attack surface across the network, endpoint, cloud, IoT, logs and more,” said CEO of RSA and NetWitness, Rohit Ghai. “We have been delivering XDR capability to the market for several years and today we are delighted to announce new innovations in the platform and reintroduce it to the market as NetWitness XDR.” Under this new model, NetWitness XDR will be comprised of three main product lines that showcase its uniquely powerful support for all XDR use cases. NetWitness Platform XDR 12 is the newest major release of NetWitness Platform. This technology stack, typically deployed as customer-managed software or hosted by MSSPs, has been enhanced to focus on detection capabilities that identify threats faster and decrease their impact. The company’s new cloud-native SaaS version will be known as NetWitness Vision XDR and is currently in design preview. The third product line, NetWitness XDR Cloud Services, is a set of optional SaaS applications that take advantage of the cloud’s inherent elastic nature to deliver flexible and cost-effective components which can be used to augment either Platform XDR or Vision XDR. “Our network-forward approach allows us to stand out in this emerging space and highlights NetWitness XDR’s ability to detect across customers’ growing number of systems and devices. “We are embracing the belief that the best XDR must be consumable on prem, in the cloud, and hybrid.” Director of Product Management and Research, Kevin Bowers Developed initially in 1996, NetWitness began as a government-sponsored research project to inspect network packets for cyberthreats and tools to detect and respond to them. Since then, the technology has continuously evolved and been innovated to tackle today’s most complex attacks. NetWitness now features fully integrated components for network, log, endpoint and IoT detection and response that drive its threat intelligence and security orchestration platform, NetWitness Orchestrator. With its long history and global footprint, NetWitness XDR integrates directly with the world’s most critical and widely deployed tools, as well as many specialized and industry-specific solutions. NetWitness XDR will host demonstrations at its booth at RSA Conference this year for Platform XDR and Vision XDR. ABOUT NetWitness NetWitness, an RSA® Group Business, provides comprehensive and highly scalable threat detection and response capabilities for organizations around the world. The NetWitness Platform delivers complete visibility combined with applied threat intelligence and user behavior analytics to detect, prioritize, investigate threats, and automate response. This empowers security analysts to be more efficient and stay ahead of business-impacting threats.

Read More

Spotlight

The commercial cloud is here to stay. In this vlog Jim Gibson describes why you should have peace of mind in putting your data in the cloud. He also mentions that you need to do your side of cloud security. Make sure you pick a reputable cloud provider and know exactly your responsibilities before it is placed in the cloud.  the Department of Defense,  the NSA and the CIA  store top secret information and data in the cloud.  If you're an IT professional then you need to start studying the cloud and the benefits that it can provide both you and your customers. The cloud is here to stay. And it is a secure place to do your data backups.

Resources