Data Security

NERC CIP Security Assessment Secures OT Remote Operations at XONA

XONA, the world's initial zero-trust distant activities stage for basic foundation, was discovered agreeable with NERC CIP appraisal, including an engineering survey, gadget survey, and counterfeit review.

Cybersecurity has taken on restored significance in 2021 as organizations progressively depend on distant admittance to screen, survey, and connect with basic OT framework. This the truth was on full presentation in February 2021 when a programmer distantly got to a water treatment framework in Oldsmar, Florida, highlighting the potential weaknesses related with far off activities limit.

XONA NERC CIP Compliance Demonstrates Readiness to Secure Against Cybersecurity Risks at Crucial Time

Understanding the centrality of cybersecurity while sending distant tasks limit, XONA's review shows the organization's digital preparation.

XONA's CSG apparatus was evaluated from both an inspector's and SCADA designer's points of view. Simultaneously, manual and robotized checking was performed to gather, recognize, and examine potential weaknesses that may affect NERC CIP consistence and data security pose.

Moreover, XONA mentioned an arrangement and approach assessment, guaranteeing that the organization's inner conventions are reliable with progressing consistence orders. Securicon discovered XONA agreeable with necessities surveyed and tracked down no basic high, medium, or okay weaknesses identified with the XONA CSG.

Regions and Critical Infrastructures Expanding Remote Operations Rely on XONA as Secure, Compliant Solution

"We are eager to impart our consistence confirmation to our clients. This certificate mirrors the XONA group's diligent effort and our persistent obligation to ensuring our clients' IT framework," clarifies Bill Moore, author and CEO of XONA.

He adds, "As districts and other basic framework OT administrators seek after or grow far off activities abilities, we need to routinely show that XONA is a protected, secure arrangement."

Continuous financial vulnerability and restricted admittance to cybersecurity faculty makes it more significant than any other time that basic framework tasks can depend on distant activities answers for secure their OT climate.

To find out about XONA's client access arrangement worked for OT that sets these exercises in motion, plan a demo.

About XONA

As the world's initial zero-trust far off tasks stage for basic framework, industry-driving associations all throughout the planet in energy, oil and gas, assembling and government trust XONA to guarantee basic and secure admittance to their operational innovation from anyplace.

XONA consistently and safely empowers secure versatile admittance to your most basic frameworks and applications while likewise lessening operational and digital dangers and expanding operational effectiveness.

Spotlight

Other News
Platform Security

SentinelOne Launches RemoteOps Forensics for Faster Incident Response

SentinelOne | September 18, 2023

SentinelOne, a global leader in autonomous cybersecurity, is addressing the pressing need for rapid and effective responses to the escalating wave of cyber breaches. Today, the company announced the launch of Singularity RemoteOps Forensics, a pioneering digital forensics product designed to streamline and accelerate incident response readiness. This innovative solution promises to empower organizations of all sizes, ushering in a new era of efficient and scalable investigation and response capabilities in the face of evolving cybersecurity challenges. Integrated seamlessly with the SentinelOne Singularity Platform and as an add-on to Sentinel One's Endpoint and Cloud Workload Security solutions, RemoteOps Forensics offers a rapid, adaptable digital forensics and incident response solution. Security teams can leverage this tool to enhance efficiency by optimizing resources and accelerating Mean Time to Resolution. With the capability for targeted investigations on various assets, including endpoints and server workloads, it enables conditional trigger-based evidence collection. This automation efficiently gathers evidence, such as process data, ports, service listings, MFT, Amcache, JumpLists, and memory dumps, orchestrating them in under a minute. Consolidating evidence into the Singularity Security DataLake allows for the correlation of SentinelOne and partner data with forensics data in a unified search, facilitating a comprehensive view of attacks, rapid root cause identification, and risk mitigation. Furthermore, it provides the ability to analyze collected evidence alongside Endpoint Detection and Response (EDR) data within a single console, empowering proactive defense against future threats. The integration and analysis of this combined data unveil concealed indicators of compromise, detect advanced attack patterns, and offer insights into threat actors' tactics, techniques, and procedures. RemoteOps Forensics is a cost-effective and resource-efficient solution that seamlessly integrates with the SentinelOne agent. This integration alleviates the necessity of deploying and provisioning multiple tools throughout the investigative process, resulting in significant time and resource savings for organizations. In addition, this innovative solution prioritizes the maintenance of forensic integrity by minimizing changes made to the disk, and it leverages SentinelOne's anti-tampering and metadata collection capabilities to safeguard data integrity. In doing so, it streamlines investigations and upholds the highest standards of forensic rigor, reinforcing organizations' cybersecurity defenses with a comprehensive and efficient approach. Jane Wong, Senior Vice President of Products and Strategy at SentinelOne, said, As timelines for reporting and responding to breaches shrink, it is imperative that the security teams have advanced forensics capabilities that can make investigations faster and more efficient, and with Singularity RemoteOps Forensics, the team is delivering them. [Source – Business Wire] SentinelOne's new forensic capabilities help develop incident response by enabling security teams to conduct thorough investigations more quickly, Jane also mentioned eliminating the requirement for specialized expertise or additional tools. About SentinelOne SentinelOne is a leading provider of autonomous cybersecurity solutions. With its identified Singularity Platform, the company excels at detecting, preventing, and responding swiftly to cyber threats. SentinelOne enables businesses to protect their endpoints, cloud workloads, containers, and identities, as well as their mobile and network-connected devices, with unparalleled speed, accuracy, and ease of use. With a formidable clientele comprising over 11,000 customers, SentinelOne has proven itself as the trusted guardian of a secure digital future.

Read More

API Security

Wallarm Announces Policy Integration with MuleSoft AnyPoint Platform

Wallarm | October 13, 2023

Wallarm has announced the availability of Application and API Security policies seamless integration with the MuleSoft AnyPoint Platform, providing essential protection for apps and APIs in various deployment scenarios. This integration of Wallarm and MuleSoft presents a compelling choice for organizations dedicated to comprehensively safeguarding and managing their API security management, ensuring robust protection for their digital assets. In the digital age, enterprises heavily depend on APIs to facilitate application connections and drive their digital transformation. Wallarm's latest offering seamlessly integrates with the MuleSoft API management and integration platform, bolstering cloud security and compliance to meet the evolving needs of modern businesses. Effective API management is paramount for organizations, and the market offers numerous commercial solutions, each with its unique features. Whether opting for well-known platforms such as MuleSoft, Kong, or Apigee, or exploring external tools like Akamai Edge and Azion Edge, the decision on how to deploy and manage crucial APIs depends on factors such as scalability, performance, and existing infrastructure. Regardless of the chosen approach, the demand for robust API security that effortlessly aligns with these varied deployment methods remains a top priority. CEO and Co-founder of Wallarm, Ivan Novikov, said, Wallarm is keen to unveil a cutting-edge cloud-based security policy that is agile and fully integrated with MuleSoft, a leading integration and API management platform in the market. [Source – Business Wire] About Wallarm Wallarm is a leading provider of robust protection for APIs, microservices, web applications, and serverless workloads in cloud-native environments. Trusted by numerous Security and DevOps teams, Wallarm excels in comprehensive web app and API endpoint discovery, shielding against emerging threats across their API portfolio, and automating incident response for enhanced risk management. The platform is designed to support modern tech stacks, offering a myriad of deployment options in both cloud and Kubernetes-based environments, including a full cloud solution. Based in San Francisco, California, Wallarm is backed by prominent investors like Y Combinator, Toba Capital, Partech, and others.

Read More

Software Security

Keeper Security Protects Against Supply Chain Attacks with New Open Source Project

PR Newswire | October 20, 2023

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, today announces a new open source project for software developers and DevOps to easily and securely sign git commits with their Keeper vault. Through Keeper Secrets Manager (KSM), users can now use Secure Shell (SSH) keys stored in their Keeper Vault to digitally sign commits to confirm the authenticity of their code. Git is a version control system that tracks changes in your software projects, and a git commit is a snapshot of these changes at a specific point in time, accompanied by a brief message describing the modifications. Keeper and developers at The Migus Group teamed up to create the open-source solution to sign git commits using the SSH keys stored in a user's Keeper Vault. The integration provides developers with a secure and encrypted repository for their SSH keys and removes the practice of storing them on disk, both increasing security and streamlining DevOps workflows. The rise in software supply chain attacks highlights the need for organizations to prioritize security around the software supply chain. Signing git commits is a recommended best practice for developers to confirm the authenticity and integrity of code releases. As developers sign commits with SSH keys, they are provided with cryptographic proof of authorship, which helps secure the supply chain by assuring users the software originates from a legitimate source and remains unaltered since its signing. Digital signatures can also feed into a Software Bill of Materials (SBOM) to indicate whether a line-item in the SBOM is trusted, depending on the code signature status. The ability to store SSH keys and other credentials in Keeper Vault offers a layer of protection and ease-of-use that hasn't been the standard, said Craig Lurey, CTO and Co-founder of Keeper Security. Our integration enables developers to validate the software code with a cryptographic digital signature and transparent logging, making what historically has been a complex process into a simple one. In the future, all code will be signed, and the software supply chain will have one source of truth that will reduce supply chain attacks. "Our customers are asking for help insulating themselves from supply chain attacks, so we were already working to do that, often using Keeper," said Adam Migus, Founder and CEO of The Migus Group. "So, we thought working with them to make the git commit-signing process both safer and easier would be a win-win-win. Our customers can now seamlessly sign commits with keys that never leave their vaults. However, the broader community also gains an example of secure commit signing with benefits of central key management." The SSH keys for signing commits are secured in KSM, a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, SSH keys, certificates and any type of confidential data. KSM eliminates secrets sprawl by removing hard-coded credentials from source code, config files and CI/CD systems. The fully managed, cloud-based and IT friendly solution was named an overall leader on the 2023 KuppingerCole Leadership Compass for Secrets Management. KSM is supported on Windows, MacOS and Linux. It utilizes a zero-knowledge security architecture and is highly secure withISO 27001 and SOC 2 compliance, as well as FedRAMP and StateRAMP Authorization, among numerous other certifications. Keeper's integration helps support a broader government and industry effort to bring increased security and visibility to the open source community. The ease of providing a cryptographic digital signature allows developers to validate that the software in use is exactly what it is claiming to be and enhances security for both developers and end-users alike. About Keeper Security Keeper Security is transforming cybersecurity for organizations around the world with next-generation privileged access management. Keeper's zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by thousands of organizations to protect every user on every device, Keeper is the industry leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.

Read More

Data Security

Virtru Announces the Unveil of Data Security Integration for Zendesk

Virtru | October 09, 2023

Virtru, a worldwide leader in data-centric security and privacy, has announced the expansion of its encrypted file-sharing platform, Virtru Secure Share, to integrate with Zendesk. This direct integration enables organizations to safeguard data flow inward and outward within Zendesk without disrupting their current workflows. These integrations are accessible for purchase both from Virtru directly and through the Zendesk app marketplace. Virtru Secure Share offers top-notch, military-grade encryption and user-friendly experiences for Zendesk users. This integration is especially valuable for customer support teams involved in exchanging sensitive information with partners and customers during client onboarding and support processes. Jill Emerson, System Administrator and Member of Team Rehabilitation Physical Therapy, stated, We are in the healthcare sector, and to have that level of advanced data protection in Zendesk, without having to think about it, is invaluable. In between Virtru’s email security and the Virtru Secure Share integration for Zendesk, our most common and high-volume collaboration workflows can remain secure. Secure Share enables us to strike a balance between usability and security, so we can protect the data of our patients and deliver a positive experience at the same time. [Source – Globe Newswire] By utilizing Virtru’s user-friendly secure file-sharing features integrated into their familiar business applications, customer service representatives can efficiently assist customers while ensuring compliance with regulatory obligations. John Ackerly, Co-founder and CEO of Virtru, said, With this latest Secure Share integration, Zendesk users can now receive and send encrypted files securely with individuals both outside and inside of their organization without compromising the user experience or efficiency. [Source – Globe Newswire] He further stated that this is particularly crucial when confidential data must be shared to accomplish tasks. It was also mentioned that this should provide businesses with increased peace of mind, ensuring that their employees and customers maintain complete control of their data at all times. About Virtru Virtru empowers organizations worldwide, providing them with the means to harness the potential of data while ensuring control over its storage and sharing. Trusted by over 8,000 global clients, Virtru supports its Zero Trust strategies and safeguards its most sensitive data according to the world’s strictest security standards. As the creators of Trusted Data Format (TDF), an industry standard for persistent data protection, Virtru provides encryption technology for data shared through email, cloud environments, collaboration tools, and SaaS applications.

Read More