Mobileum has found a 5G Security Sample Vendor in Gartner's Hype Cycle Identity and Access Control Technologies

prnewswire | September 03, 2020

Mobileum Inc. ("Mobileum"), a leading global provider of analytics-based roaming, telco security, risk management and testing and monitoring solutions, is pleased to announce that it has been recognized in Gartner's Hype Cycle for Identity and Access Management Technologies, 2020 and in the Hype Cycle for Privacy, 2020, as a Sample Vendor for 5G security. According to Gartner, "5G will increase the number and diversity of connected objects, potential DDoS attack vectors and entry points; this also provides more telemetry for anomaly detection" and "5G infrastructure virtualization, automation and orchestration of a service-based architecture increases exposure." Gartner continues to say, "Slicing virtual networks across shared infrastructure impacts security due to lateral movement risk, and cross-slice permeability issues."

Spotlight

The practice—and, some would say, art—of risk mitigation is a critical skill and a top priority for general counsels and corporate legal departments today. While every company faces unique challenges based on its own business model and operating environment, there is one overarching danger on which all companies agree: the threat of insiders, especially with respect to cybercrime.


Other News
SOFTWARE SECURITY

Illumio Collaborates with IBM Security to Bolster Cyber Resilience for Modern Organizations

Illumio | May 06, 2022

Illumio, Inc., the Zero Trust Segmentation company, today announced an expanded relationship with IBM Security and a new integration between the companies’ technologies for advanced end-to-end threat detection and response. The integration combines IBM Security QRadar XDR with Segmentation from Illumio to provide pre-attack protections for accelerated detection and automated containment and remediation capabilities to help defend against the impacts of aggressive cyberattacks, including ransomware. “In 2021, over half of organizations globally reported suffering a ransomware attack that blocked access to critical systems or data,” said Frank Dickson, Program Vice President at IDC. “As ransomware, and the attackers behind it, continues to plague every industry, organizations must act now to bolster cyber and business resiliency. The best way firms can safeguard their organizations is to address the five core elements of a ransomware attack: initial compromise, lateral movement, privilege escalation, data exfiltration and the encryption. Given the complexity and difficulty of the task, security tools should be adaptable, scalable and emphasize real-time visibility to enable real-time action.” The integration provides customers with enhanced visibility into network traffic and can help limit the potential spread of attacks by segmenting application networks. When an intrusion takes place, an attacker’s external communication and movement throughout an organization’s network can be quickly detected, denied, and analyzed with the help of Illumio and QRadar SIEM. This centralized visibility and analysis can help with the detection of threats and ransomware that moves, often undetected, throughout organizations. Beyond detection, Illumio’s integration with QRadar SOAR enables incident responders to activate Illumio’s emergency ransomware containment controls in near real time, helping them to reduce the impact of ransomware and accelerate the eradication and recovery process. “The onslaught of ransomware attacks demands end to end visibility, advanced analytics and automated actions based on an open platform – which are the foundational elements on which QRadar XDR was designed. “By leveraging its open architecture and segmentation platforms like Illumio, QRadar XDR helps customers achieve early detection, orchestration, and rapid, automated response to ransomware and other fast-moving attacks.” Chris Meenan, VP of Product Management at IBM Security “In February 2022, the Cybersecurity and Infrastructure Security Agency reported ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors, which signals the urgent business resilience risk it poses,” said John Skinner, VP, Business Development at Illumio. “Not only is ransomware today becoming more sophisticated and targeted, but incident rates are climbing. Successful detection and response depends on segmentation aligned with Zero Trust principles to isolate and stop ransomware before it spreads. Together, Illumio and IBM Security are empowering organizations to minimize the business impact of devastating attacks by combatting known risks at every phase.” About Illumio Illumio, the Zero Trust Segmentation company, prevents breaches from spreading and turning into cyber disasters. Illumio protects critical applications and valuable digital assets with proven segmentation technology purpose-built for the Zero Trust security model. Illumio ransomware mitigation and segmentation solutions see risk, isolate attacks, and secure data across cloud-native apps, hybrid and multi-clouds, data centers, and endpoints, enabling the world’s leading organizations to strengthen their cyber resiliency and reduce risk.

Read More

DATA SECURITY

SentinelOne Expands Partner Ecosystem with New Zero Trust, CNAPP, Patch Management, and Threat Simulation Integrations

SentinelOne | January 15, 2022

SentinelOne an autonomous cybersecurity platform company, today announced integrations with Remediant, Blue Hexagon, Keysight, and Automox, expanding the set of capabilities available via SentinelOne’s Singularity Marketplace. With comprehensive integrations across enterprise use cases, the Singularity Marketplace enables customers to unify leading technologies to autonomously protect against threats at machine speed. Enable Zero Trust with Remediant SentinelOne’s joint solution with Remediant enables organizations to enforce Zero Trust solutions across cloud, hybrid, and on-premises infrastructure with a single agent. With the rise of credential stuffing attacks and ransomware, endpoints and identities are two of the most exploited attack vectors today. SentinelOne captures behavioral telemetry across user endpoints, cloud workloads and IoT, feeding process and file activities to Remediant. This enables administrators, auditors, and incident responders to identify malicious sessions and activity in a single workflow. “This partnership with SentinelOne marks one of the first, and best, examples of what becomes possible when leading identity and endpoint security solution providers align their capabilities,” said Paul Lanzi, Co-founder, Remediant. “As partners, we are both aware that today's remote workforce has to be secured by a new generation of tools that secure endpoints and privileged access. We're launching this partnership because EDR and identity vendors working together is one of the most powerful things we can do for our customers to ensure they can defend against attacks." Strengthens Cloud Ransomware Security with Blue Hexagon SentinelOne’s integration with Blue Hexagon enables the rapid detection and prevention of malware and ransomware in the cloud. As the first line of defense, SentinelOne secures endpoints, cloud workloads and IoT devices with AI powered protection, detection and response. The integration shares Blue Hexagon’s awareness of malware and ransomware reducing the time to respond through automated remediation. In addition, cloud misconfigurations are shared with SentinelOne. “We are excited to partner with SentinelOne, a leader in XDR, to provide a threat detection and response solution that unifies endpoint, cloud, and network security.With Singularity XDR and Blue Hexagon, joint customers can use leading solutions to seamlessly share ransomware intelligence and automate response across cloud environments.” Nayeem Islam, CEO and Cofounder, Blue Hexagon Proactive Threat Simulation with Keysight SentinelOne’s integration with Keysight allows joint customers to safely simulate threats in order to validate threat detection and remediation. Keysight’s Threat Simulator attacks both network and endpoints from a ‘Dark Web’ environment. Attacks are validated against Singularity XDR’s protection and detection models using SentinelOne’s rich API functionality, identifying gaps in the cyber kill chain and suggesting updates to organizational security infrastructure. “The integration of Keysight Threat Simulator with SentinelOne is exciting because it allows our joint customers to automate validation of their security processes and defenses before actual threats occur,” said Greg Copeland, Director of Technical Alliances, Keysight. “Cyber defense groups can test and train their operations teams using realistic scenarios, to sharpen their skills and procedures proactively.” Automate Vulnerability Management with Automox SentinelOne and Automox’s joint solution delivers end-to-end vulnerability discovery and remediation. As corporate networks become more technically diverse, organizations often struggle to keep up with patch management and cyber hygiene, forcing security teams to adopt multiple tools that require heavy training, dedicated on-site resources, and multiple dashboards. SentinelOne and Automox provide the visibility and workflows needed to significantly reduce the time to remediation and the burden on in-house resources. “As corporate IT environments become more distributed and overwhelmed with multiple operating systems and a vast inventory of third-party software, organizations are left wide open to cyber attacks,” said Jay Prassl, founder and CEO at Automox. “SentinelOne mirrors our mission to proactively reduce security exposure. Through our partnership, enterprise and government organizations benefit from a powerful, cloud-enabled solution to detect and remediate vulnerabilities, seamlessly and at scale.” About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

SOFTWARE SECURITY

SecurityScorecard Launches Cyber Risk Quantification Portfolio Providing Customers Various Models to Conduct Security Cost-Benefit Analysis

SecurityScorecard | April 27, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today introduced its Cyber Risk Quantification (CRQ) capabilities that will enable customers to understand cyber risk in financial terms, enabling organizations to bring cyber risk into holistic business risk analysis, and assisting organizations in a cost-benefit analysis of cyber investment options. SecurityScorecard's CRQ capabilities help customers understand the financial impact of a cyber-attack, gain insight into the probability of incidents over time and quantify the reduction in expected losses if issues are resolved. The SecurityScorecard CRQ capabilities will be included in the company's risk intelligence platform, the industry's first holistic offering that proactively protects organizations from every angle. "Executives and boards of directors lack the ability to connect cybersecurity budgets to business outcomes, hindering the CISO's ability to justify their cybersecurity budgets. By grounding risk quantification in SecurityScorecard's expansive data, we are bringing cyber security to the forefront of daily decision making. Our goal is to help our customers make informed decisions on how to raise the bar on their cybersecurity defenses with optimized investments, and we will continue to partner with leading CRQ thought leaders to provide the options they are looking for." Prashant Pai, Senior Vice President and General Manager Strategic Initiatives, SecurityScorecard To deliver the combined insights of SecurityScorecard's cybersecurity ratings data and leading risk models, SecurityScorecard is partnering with a number of leading CRQ thought leaders and developers including ThreatConnect, and RiskLens, which created Factor Analysis of Information Risk (FAIR™). With multiple views of risk available through the lens of different CRQ frameworks, risk managers can determine which framework is the best fit for their business. With cyber risks becoming increasingly prevalent, boards of directors and executives need to evaluate those risks and become more involved with cybersecurity. Effectively reporting to the board is a key component of every security leader's job. According to Gartner® The 2022 Board of Directors Survey, 88% of respondents viewed cybersecurity as a business risk, while 72% stated they are focused on aligning risk, strategy and performance to drive business resilience.1 "The CRQ integration between RiskLens and SecurityScorecard will finally give organizations of all sizes what they need to effectively understand and manage cyber risk: an automated, 'dollars and cents' view of cyber risk," said Nick Sanna, CEO, RiskLens. "Based on the FAIR cyber risk quantification standard, on industry benchmark data and on their SecurityScorecard security rating, organizations can now make risk-informed business decisions." "ThreatConnect is excited to partner with SecurityScorecard as the combination of their external cybersecurity risk posture and the power of ThreatConnect Risk Quantifier (RQ) connects the outside and inside views for an organization, giving them a 360 degree perspective of the risk to their organizations," said Jerry Caponera, Vice President of Cyber Risk Strategy for ThreatConnect. "Applying ThreatConnect's statistical and machine learning algorithms to the SecurityScorecard data enables customers to easily visualize their risk and, more importantly, prioritize which factors should be improved based on financial risk reductions." SecurityScorecard's CRQ portfolio enables executives, CISOs and risk managers to obtain a comprehensive view of their cyber risk that enables them to define cyber risk in a universally understood metric and embed those insights into decisions across the organization. SecurityScorecard's CRQ capabilities also offer: Scalable risk quantification methodology - With continuous monitoring of over 12 million companies, SecurityScorecard grounds its analysis in a consistent cybersecurity data-driven approach to deliver a real-time view of risk. Contextualized view of cyber risk - SecurityScorecard directly ties financial impact to the security issues that drive losses. Multiple risk quantification frameworks– Multiple risk frameworks are integrated into the CRQ capabilities to ease the evaluation and implementation of CRQ. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base.

Read More

SOFTWARE SECURITY

Guidepost Solutions Acquires Significant Equity Interest in Cybersecurity Solutions Firm Truvantis, Inc.

Guidepost Solutions LLC | March 29, 2022

Guidepost Solutions LLC, a global leader in domestic and international investigations, compliance solutions, monitoring, and security and technology consulting, announced that it has acquired a significant equity stake in Truvantis, Inc., a cybersecurity company formed in 2010. Truvantis provides best-in-class cyber and privacy services to secure infrastructure, data, operations, and products. This strategic partnership allows both Guidepost and Truvantis to offer a wide-ranging suite of cybersecurity solutions and consulting services, at a time when cybersecurity risks are evolving and affecting all business operations. Truvantis is led by its founder and CEO, Andy Cottrell. With more than 25 years of experience in IT and cybersecurity, Cottrell has designed and implemented security solutions, launched innovative security products to market, and helped countless small and large companies improve their security posture. “I am pleased to announce this partnership with Truvantis, as part of our firm’s continued efforts to grow its capabilities and footprint in the cybersecurity arena. We are committed to providing our clients with unique solutions to defend against one of the greatest risks facing their companies – cyber threats. This partnership significantly expands our ability to fulfill that commitment.” Julie Myers Wood, Guidepost Solutions CEO This new alliance enables clients to leverage comprehensive threat, risk, vulnerability management, privacy, and assessment services to protect against a full spectrum of cyber and physical security issues and address a variety of regulatory and business-critical requirements. Today’s companies are faced with an increasing number of requests for independent verification of their cybersecurity and privacy policies and practices. Whether it’s an assessment against a security framework like the NIST CSF, ISO 27001, or CIS Controls, addressing compliance with privacy laws and requirements like the PCI DSS, or preparing for a SOC2 or HITRUST audit, companies are seeking help from highly qualified, credentialed consultants who can help address these complex cybersecurity and privacy challenges. The Guidepost/Truvantis team will afford clients a depth of expertise as well as a breadth of services to address a broad range of risk mitigation needs. “Guidepost Solutions is a leader in investigations, compliance, and physical security consulting and we’re excited to bring these capabilities to our clients to provide comprehensive risk management solutions,” said Andy Cottrell, CEO, Truvantis. “As the market continues to evolve toward consolidated physical, personnel, and cybersecurity management, this partnership enables us to provide the most comprehensive solutions in the market.” Through this investment and partnership, Guidepost Solutions and Truvantis are positioned to enhance cyber and physical security defenses for clients and provide resiliency for their critical systems. Specific security services include risk assessments, security testing, cyber investigations, cybersecurity governance, data protection, privacy consulting, operational security design and project management, vCISO, and remediation services. About Guidepost Solutions LLC Guidepost Solutions is a leader in domestic and international investigations, compliance solutions, monitoring, and security and technology consulting. We work wherever your needs take us – whether on the ground around the globe – or from one of our offices located in Bogotá, Boston, Chicago, Dallas, Honolulu, London, Los Angeles, Miami, New York, Palm Beach, Philadelphia, Phoenix, San Francisco, Seattle, Singapore, Walnut Creek, and Washington, DC. About Truvantis Inc. Truvantis® is a cybersecurity consulting organization providing best-in-class privacy and cybersecurity services to secure your organization’s infrastructure, data, operations, and products. We specialize in helping our customers improve their cybersecurity posture by implementing, testing, auditing, and operating information security programs.

Read More

Spotlight

The practice—and, some would say, art—of risk mitigation is a critical skill and a top priority for general counsels and corporate legal departments today. While every company faces unique challenges based on its own business model and operating environment, there is one overarching danger on which all companies agree: the threat of insiders, especially with respect to cybercrime.

Resources