SOFTWARE SECURITY

Mandiant Recognized as a Large Provider of Cyber Security Incident Response Services by Independent Research Firm

Mandiant | December 03, 2021

Mandiant-Recognized-min
-Mandiant, Inc. the leader in dynamic cyber defense and response, today announced its inclusion in the new Forrester report “Now Tech: Cybersecurity Incident Response Services, Q4 2021.” The report provides an overview of 36 cyber security incident response vendors segmented by capabilities, size, vertical focus and geographic footprint. The purpose of the report is to help security leaders better understand the value organizations can expect from incident response vendors and make more informed procurement decisions.

Since 2004, Mandiant has been at the forefront of cyber security and cyber threat intelligence, enabling a deep understanding of both existing and emerging threat actors, as well as their rapidly changing tactics, techniques and procedures. Its expertise derived from more than 200,000 hours responding to attacks per year as well as its proven track record of working on large and highly publicized incidents uniquely qualifies the company to assist clients with all aspects of an incident response—from technical response to crisis management. With Mandiant, organizations can confidently investigate and remediate incidents faster and more efficiently, allowing them to quickly get back to what matters most—their business.

“In today’s ever-evolving threat environment, it’s not a question of if an organization will become a target of a cyber attack, but rather when,And with attacks becoming more sophisticated, speed to detection and remediation are key to ensuring business continuity. Mandiant services combined with our cyber security SaaS platform—Mandiant Advantage—enable early threat insights, ensuring our customers can quickly identify, respond to and defend against cyber threats.”

Jurgen Kutscher, Executive Vice President, Service Delivery, Mandiant

About Mandiant, Inc.
Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.

Spotlight

The news headlines have been filled with stories about security breaches in recent months. And most of these high-profile breaches originated with a vulnerability in an application. In fact, web and mobile applications account for more than a third of data breaches (source: 2014 Verizon Data Breach Investigations Report). Yet, most organizations are not spending time or money on application security. So why the disconnect? One reason is that fallacies abound when it comes to application security. Many of these fallacies stem from the traditional, on-premises tools-based approach to application security, which has fostered the misconception that application security programs are expensive and difficult to manage. But as breaches continue to make headlines, organizations are realizing the serious risk posed by applications.


Other News
DATA SECURITY,SOFTWARE SECURITY

Accenture Named a Leader in European Managed Security Service Providers by Independent Analyst Firm

Accenture | September 13, 2022

Accenture has been named a Leader in the latest Forrester Research report on European managed security service (MSS) providers, which notes that Accenture sets itself apart from the rest of the market by the way in which it develops assets that are embedded in its services for the benefit of clients. The report — "The Forrester Wave™: European Managed Security Service Providers, Q3 2022" — includes a comprehensive 39-criteria assessment of the top 10 cybersecurity consulting providers across three high-level categories: “Current Offering”; “Strategy”; and “Market Presence.” Client references and buyer feedback were also factored into each criterion evaluated in the report. Accenture received the highest score in the Current Offering category among competitors evaluated, with the highest possible score in twelve criteria, including: data sovereignty and European service delivery; managed application security; business and technical value; product vision; execution roadmap; innovation roadmap; and partner ecosystem. The report says that: Accenture stands out for its vision roadmap, with several planned items focusing on emerging CISO [chief information service officer] needs for managed services providers. Accenture also continues to set the standard for strong partnerships to drive unique technology and services IP. When noting how Accenture sets itself apart by developing assets that are embedded in services for clients, the report said that one particularly strong example of this was its Intelligent Application Security Platform (IASP), which delivers significant value for developers within its application security services. Reference customers praise the flexible personnel, highly competent technical staff, and strong partnership approach. Accenture is a good match for customers who want end-to-end security capabilities that deliver a wide array of managed services. “We’re on a mission to make cybersecurity a priority for business leaders in Europe, and our managed security services team can help clients navigate the challenges. “It’s an honor to be recognized for our work helping clients build better defenses and strengthen their cybersecurity capabilities. Because cyber risk is a constantly moving target, we help our clients identify not only existing threats but also emerging threats to their enterprises.” Jacky Fox, who leads Accenture Security in Europe In addition to being named a Leader among European MSS providers by Forrester, Accenture was recently named the No. 1 cybersecurity service provider by HFS Research and positioned as a Leader in the latest IDC MarketScape analysis of managed security services (MSS) providers in Europe. In 2021, Accenture was positioned as a Leader in two Forrester reports on cybersecurity: The Forrester Wave™: Global Cybersecurity Consulting Providers, Q4 2021 and The Forrester Wave™: European Cybersecurity Consulting Providers, Q3 2021. More information on Accenture in “The Forrester Wave™: European Managed Security Service Providers, Q3 2022” report can be found here. About Accenture Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services and Accenture Song — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 710,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

OneSpan Launches Virtual Room Enabling Secure Face-to-Face Transactions

OneSpan | September 19, 2022

OneSpan™ , the digital agreements security company, today announced the general availability of its secure Virtual Room cloud service which enables organizations to deliver live, high-touch assistance to their customers in a high-assurance virtual environment. This next-generation customer engagement solution gives organizations the ability to balance identity security, authentication, and e-signature solutions from the broader OneSpan portfolio with a high-assurance virtual experience that is the next best thing to entering a branch or meeting in person. Virtual Room complements digital-first transaction experiences by providing a unique opportunity for organizations to create personalized, high-touch, human-assisted interactions, and by improving the customer experience, increasing agreement completion rates, and reducing security risks and fraud. “Today, businesses requiring a high degree of security and regulatory compliance rely daily on a variety of technologies that use insecure, shared links and expose users to elevated risks including data breaches and compliance violations in the anywhere economy. This should not be the case. Organizations and their customers want to be confident that the person joining a virtual meeting is the person they claim to be. And multi-million dollar business agreements transacted digitally should not be subject to fraud fallout. “Today’s off-the-shelf video conferencing tools do not offer optimal security. As the complexity and value of transactions increase, customers want a live interaction rather than relying on a virtual assistant or self-service experience. We built Virtual Room for these scenarios to help our customers complete an agreement or transaction where they need a personal touch and where security is paramount.” Matthew Moynahan, President and CEO at OneSpan Combining OneSpan’s heritage in high-assurance identity verification and authentication with agreement co-browsing, web-enabled videoconferencing, rich collaboration features, and built-in e-signature, Virtual Room helps organizations engage and transact with customers with confidence. Virtual Room can be used for multiple high-value customer agreements, including account opening and maintenance, wealth management, and car financing. Virtual Room enables organizations to: Verify the identities of participants, utilizing OneSpan’s identity verification and mobile and hardware authentication solutions; Interact with signers remotely; Simultaneously review documents and address questions; Capture legally binding e-signatures in real-time; and Record virtual sessions to reinforce the electronic evidence captured in the audit trails. A recent report from Aragon highlighted the need for higher assurance within these processes. “It’s important for buyers to look for a provider that has global security compliance expertise in all aspects of the workflow, from the initial identity verification and authentication steps, to creating a secure virtual interaction environment and all the way through to securing the final output or artifact of the transaction, for compliance and enforceability purposes. Equally important, buyers should look for a vendor that has the flexibility to adapt any step in the digital workflow to meet local regulations for digital identity, secure customer authentication, transaction risk analysis, and the many other security requirements, which differ from one country to the next.” As a secure solution for customer-facing digital agreements where the integrity of the agreement is paramount, ​Virtual Room allows organizations to embrace a new way of working that’s more distributed, virtual, and dynamic, enabled by advancements in cloud technology. With the onset of the anywhere economy, and with more transactions being completed online, identity verification and authentication technologies are critical in the digital agreements process. This purpose-built, high-assurance digital agreement solution includes identification and authentication capabilities that enable organizations to increase the integrity and completion rates of agreements and transactions in a highly-secure and protected ecosystem without impacting user experience or productivity. About OneSpan OneSpan helps organizations accelerate digital transformations by enabling secure, compliant, and refreshingly easy customer agreements and transaction experiences. Organizations requiring high assurance security, including the integrity of end-users and the fidelity of transaction records behind every agreement, choose OneSpan to simplify and secure business processes with their partners and customers. Trusted by global blue-chip enterprises, including more than 60% of the world’s largest 100 banks, OneSpan processes millions of digital agreements and billions of transactions in 100+ countries annually.

Read More

PLATFORM SECURITY

Searchlight Security Elevates Dark Web Intelligence to Board Level with New Automated Reporting

Searchlight Security | August 02, 2022

Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives. DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business. DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats. “Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.” Eric Milam, EVP product at Searchlight Security DarkIQ Reporting gives enterprise security teams and MSSPs the ability to: Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform. Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data. Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations. Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers. Resource more effectively - with less time spent on reporting so they can spend more time protecting the business. Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence. Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.” About Searchlight Security Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Read More

DATA SECURITY

DoControl Integrates with Box to Transform SaaS Data Access Security

DoControl | August 03, 2022

DoControl, the automated Software as a Service (SaaS) security company, today announced an expanded integration with Box, the leading Content Cloud, that adds a foundational layer of granular controls to protect sensitive data and provide comprehensive data access security. The solution further secures cross-application, business-critical data, and files accessed by every identity and entity, both internal employees and external collaborators, allowing for content collaboration to be achieved securely. Recent research found that nearly half of enterprise tech leaders find too much time is spent on manually provisioning and managing apps. In addition, it found other pain points around managing SaaS, including a lack of visibility, data exposure, and unmanageable access. DoControl No-Code SaaS Security Workflows Engine supports organizations in mitigating ongoing risk consistently, with the customization level required to effectively balance security with business enablement. "By partnering with Box, we will help customers confidently maintain business continuity and mitigate the risk of data breaches, overexposure, and exfiltration. "Security teams can effectively extend least privilege to the SaaS data layer and utilize a risk-based approach in securing their Box instances through the prioritization of identities that present higher levels of risk." Adam Gavish, CEO and Co-Founder of DoControl "Organizations today need products that are inherently secure to support employees working from anywhere," said Fred Klein, Vice President of Business and Corporate Development at Box. "At Box, we continuously strive to improve our integrations with third-party apps so that it's easier than ever for customers to use Box alongside best-in-class solutions. With today's integration with DoControl, we are taking that mission one step further to enable our joint customers to have more granular security controls over who has access to their business-critical content." Key joint solution capabilities include: Comprehensive asset management: Gain full awareness of every entity that is accessing corporate data within Box to identify what needs to be protected; Real-time monitoring and control: Monitor every user activity in real-time, with self-service tooling to detect and respond to immediate threats; Automated remediation: Establish data access control workflows that are future-proofed, consistently enforced, and allow for secure file sharing between all internal and external users. About DoControl Founded in 2020 and headquartered in New York, DoControl is an automated data access controls platform for SaaS applications, improving security and operational efficiency with ease for enterprises. DoControl is backed by investors Insight Partners, StageOne Ventures, Cardumen Capital, RTP Global and global cybersecurity leader CrowdStrike's early stage investment fund, the CrowdStrike Falcon Fund. The company's leadership team combines product, engineering and sales experience across cybersecurity, enterprise and SaaS innovators.

Read More

Spotlight

The news headlines have been filled with stories about security breaches in recent months. And most of these high-profile breaches originated with a vulnerability in an application. In fact, web and mobile applications account for more than a third of data breaches (source: 2014 Verizon Data Breach Investigations Report). Yet, most organizations are not spending time or money on application security. So why the disconnect? One reason is that fallacies abound when it comes to application security. Many of these fallacies stem from the traditional, on-premises tools-based approach to application security, which has fostered the misconception that application security programs are expensive and difficult to manage. But as breaches continue to make headlines, organizations are realizing the serious risk posed by applications.

Resources