DATA SECURITY

Radiflow's New Version of CIARA - OT Risk Platform Transforms Industrial Cybersecurity

Radiflow | May 31, 2021

Radiflow has received extensive industry appreciation for its one-of-a-kind, fully IEC62443-compliant Cyber Industrial Automated Risk Analysis Platform (CIARA), enabling CISOs to optimize their cybersecurity expenditure non-intrusively simulating breach attempts in industrial automation networks and prioritizing the most effective mitigation measures.

In accordance with Radiflow's ongoing mission of "Taking the guesswork out of OT cybersecurity," the latest edition of CIARA allows users to further customize their cybersecurity optimization with additional operational and budgetary criteria.

Ilan Barda, CEO of Radiflow, announced the new features: "CIARA was warmly received in the market as the first-of-its-kind OT BAS solution (breach attack simulation). Since its release, we have seen an increase in demand for risk prioritization in the dynamic OT/ICS threat landscape. Our new edition responds to the critical need for data-driven decision-making. We are delighted to assist CISOs in developing the best budget-driven mitigation strategy."

Users of the updated version of CIARA can now:

Customize their OT-security optimization: Users can now choose from a wide range of factors to find a balance between security, compliance, and budget. CIARA prioritizes security requirements for mitigation measures (SRs) that match the chosen criterion to maximize their cybersecurity ROI. Among the current optimization criteria are:

• Zone impact: What is the financial impact of a disruption in that zone?

• Which zone has the lowest tolerated risk (as specified by the user)?

• Which zones have the highest disparity between real security measures and those prescribed by the IEC62443 standard?

New supply chain threats are included in attack simulations: Supply chain attacks, such as the SolarWinds breach, take advantage of vendor networks' vulnerabilities. In addition to the fundamental requirement control groups in IEC62443, CIARA users can now add a security control group for Supply Chain attacks (NIST 800-161) to CIARA's breach simulations, including such attack strategies prioritize the effectiveness of relevant mitigation measures.

Budget and Plan :

CIARA's new OT security project planner generates a complete quarterly mitigation plan based on the user's optimization preferences, balancing the estimated cost of mitigation controls against the quarterly budget constraints.

About Radiflow

These new features enhance Radiflow's objective to eliminate the guesswork from OT security. Radiflow is committed to assisting CISOs in prioritizing their activities by providing industrial threat detection and risk management solutions.

Spotlight

In the last few years, companies both in the United States and abroad have witnessed the steady growth of cyberattacks and corporate espionage. The financial losses and, worse, often irreparable reputational harm such incidents wreak have served to place a target squarely on the backs of board members to ensure they are properly overseeing cyber risk.


Other News
PLATFORM SECURITY

Contrast Security Achieves AWS DevSecOps Competency Status

Contrast Security | May 13, 2022

Contrast Security (Contrast), the leader in code security that empowers developers to secure-as-they code, announced today that it has achieved Amazon Web Services (AWS) DevOps Competency for development, security, and operations (DevSecOps) garnered by demonstrating technical proficiency and proven customer success specializing in DevSecOps. Contrast was selected as one of the official launch partners of the DevSecOps Competency by AWS, which is an extension of the DevOps category. Achieving the AWS DevOps Competency for DevSecOps differentiates Contrast Security as an AWS Partner with deep domain expertise in delivering software products that integrate security across every stage of the development and delivery cycles, including pre-, during, and post-deployment. Contrast Security is part of a small group of innovative security technologies to achieve the AWS DevSecOps Competency in its inaugural year. "We're honored to achieve AWS DevSecOps Competency status on top of the DevOps Competency status that we received last year. It is a true testament to our efforts in helping large enterprises ensure security and compliance across the entire lifecycle of their web applications and APIs running on AWS. We're looking forward to expanding our AWS capabilities so that organizations garner continuous visibility and centralized point-of-control for software risk through a single platform." Surag Patel, Chief Strategy Officer at Contrast Security By using instrumentation technology, Contrast Security is embedding self-assessment and self-protection capabilities directly into AWS applications during run-time. This enables DevSecOps teams to detect accurate code-level vulnerabilities (both custom code and open source libraries) in development and quality assurance (QA) environments, and monitor and block production applications from threats and attacks in real-time. Envestnet | Yodlee, the leading data aggregation and data analytics platform, helps consumers live better financial lives through innovative products and services created for more than 1,400 financial institutions and financial technology (FinTech) companies. The company revolutionizes financial services with its intelligent APIs, innovative applications, and advanced analytics products. With the help of Contrast Security and AWS, the company was able to seamlessly integrate new applications and accelerate its time-to-market. The AWS offerings have helped Envestnet | Yodlee launch products to market quickly and effectively. By implementing Contrast as part of their DevSecOps initiatives, Envestnet | Yodlee further secured its financial software solutions and by adopting a DevSecOps methodology, security and development teams are jointly responsible for bolstering security by essentially bringing development and operations together. "Envestnet | Yodlee requires an application security framework that is repeatable, scalable, and can find and remediate vulnerabilities by using the best software security solutions," said Saran Makam, Director of Application Security at Envestnet | Yodlee. "My team chose Contrast Security because their solution was well received by our development and security teams and because it works continuously and in real-time." About Contrast Security Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Read More

SOFTWARE SECURITY

Sysdig Open Source Is Extended to Secure Cloud Services

Sysdig | May 16, 2022

Sysdig, the unified container and cloud security leader, announced that Sysdig open source, the incident response standard for containers, has been extended to the cloud. Using system calls, Sysdig open source (Sysdig OSS) traditionally offers deep observability into running applications, as well as file system access and network activity, which speeds incident response and troubleshooting. Teams can quickly filter information from Sysdig OSS and take action. With the announcement of this new integration, these capabilities have been extended beyond containers to any cloud environment. Today, Sysdig announced Edd Wilder-James has joined Sysdig from Google to lead the company’s open source ecosystem team. The complexity of cloud-native applications – with countless components and variables – makes it extremely difficult for security analysts and system administrators to quickly triage alerts and debug problems. Sysdig OSS captures process, file system, and network activity in real time and with a high degree of granularity. The tool, which has nearly two million downloads and 6,850 GitHub stars, surfaces everything from executed commands and file system activity to network activity. Sysdig OSS then offers advanced filtering and troubleshooting capabilities, supporting root cause analysis for security and performance issues.Using a new plugin framework – originally developed by the open source community for the CNCF project Falco – Sysdig extends the number of sources Sysdig OSS can be connected with to anything that generates logs or events, including Azure, Google, and AWS CloudTrail logs. Going forward, every plugin developed for Falco can also be leveraged by Sysdig OSS. Using one tool, like Sysdig OSS, to observe events from the entire cloud-native environment streamlines investigations. Using a different tool for each environment adds complexity, which makes it massively harder to troubleshoot. Sysdig’s Commitment to Open Source Sysdig was founded as an open source company and Sysdig Secure and Sysdig Monitor were both built on an open source foundation to address the security challenges of modern cloud applications. Both projects were created by Sysdig to leverage deep visibility as a foundation for security, and they have become standards for container and cloud threat detection and incident response. Falco, which was contributed to the CNCF in 2018, is now an incubation-level hosted project with more than 45 million downloads. Sysdig OSS and Falco can be used together as a powerful open source solution to reduce risk at runtime. Sysdig OSS acts as a flight recorder, capturing a detailed record for inspection. Falco acts as a security camera, continuously detecting unexpected behavior, configuration changes, intrusions, and data theft in real time. Teams can use Sysdig OSS and Falco together to detect and respond to threats. “If you want to see what is going on inside an application, Sysdig OSS gives you that record. “Sysdig open source was the inspiration for Falco. While Falco will monitor and alert based on your policies, Sysdig open source will tell you what happened at a particular time, before and after the event. Having the ability to use both open source tools in the cloud is extremely powerful.” Loris Degioanni, Founder and CTO of Sysdig About Sysdig Sysdig is driving the standard for cloud and container security. The company pioneered cloud-native runtime threat detection and response by creating Falco and Sysdig as open source standards and key building blocks of the Sysdig platform. With the platform, teams can find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. From containers and Kubernetes to cloud services, teams get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes. The largest and most innovative companies around the world rely on Sysdig.

Read More

SOFTWARE SECURITY

Contrast Security Introduces Cloud-Native Automation

Contrast Security | April 23, 2022

Contrast Security , the leader in code security that empowers developers to secure-as-they code, today announced the introduction of cloud-native automation for users leveraging Red Hat OpenShift, the industry's leading enterprise Kubernetes platform. Red Hat OpenShift users can now deploy containerized applications with embedded security features within a native continuous integration and continuous delivery (CI/CD) pipelines. This enables Red Hat OpenShift users to retain scalability, while adding automated security testing and protection as a routine part of the software delivery process. These added capabilities result in minimized manual configuration, reduction in additional overhead costs, and overall security efficiencies. Contrast enables customers to continuously monitor OpenShift applications at runtime to deliver the most actionable results without requiring AppSec teams to waste hundreds of hours validating results and causing delays for developers. "Unfortunately many organizations lack the means to implement scalable security gates within their CI/CD pipelines, which translates to insecure code being shipped across distributed cloud environments. Contrast helps these teams drive their DevSecOps transformation with automation at scale. These new capabilities are another component to Contrast's overall mission of ensuring developers are empowered to embed security capabilities within their environments without imposing additional work on them. We want to make security a value-add for everyone." Sanjay Ramnath, Vice President of Product Management at Contrast Security Contrast enables Red Hat OpenShift users to benefit from the following capabilities: Source-to-Image Deployment: Cloud developers can embed Contrast's Assess and Protect agents into their source code image to implement continuous vulnerability detection with runtime context and help protect their apps from targeted attacks in production. CI/CD Jenkins Pipelines: AppSec teams can trigger automated security tests within native Jenkins pipelines and establish security policy gates to mitigate potential vulnerabilities. Alternatively, users can also automate in their Jenkins CI/CD pipelines by pulling the agent from Contrast. OpenShift Pipelines via Tekton: Contrast provides OpenShift users with automated tasks that can be used to create repeatable pipeline templates within OpenShift Pipelines environments. APIs provided by the Contrast Secure Code Platform help initiate automated vulnerability static scanning at build time and instrument applications for security telemetry from within prior to deployment. The Contrast Secure Code Platform is available today with support for Java, .NET, and Node.js applications. About Contrast Security Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Read More

DATA SECURITY

Dataprise Expands its DRaaS and Data Protection Offerings with Acquisition of Industry Leader Global Data Vault

Dataprise | January 18, 2022

Dataprise, a leading strategic IT managed service provider, today announced the acquisition of Global Data Vault, a leader in Disaster-Recovery-as-a-Service (DRaaS), Backup-as-a-Service (BaaS) and modern data protection solutions. The addition of Global Data Vault creates one of the industry's broadest portfolios of integrated data protection and cybersecurity offerings to solve client's toughest business resilience, risk mitigation and compliance challenges. "Clients turn to Dataprise to be their one strategic IT partner, which requires we bring the broadest portfolio of services powered by the best technology and deepest expertise. Today, the mandate for a holistic cybersecurity and data protection strategy is a top priority for our clients, Global Data Vault is a powerful addition as they bring industry leading cloud-based data protection solutions that bolster our premier cybersecurity portfolio, top-notch employees, a strong Veeam partnership, and relentless focus on client success." Steve Lewis, CEO of Dataprise Founded in 2004, Global Data Vault is a recognized leader in the BaaS and DRaaS industry and holds the distinction of being a Platinum Veeam Cloud & Service Provider. Global Data Vault's mission is to protect organizations' critical data with modern data protection strategies to ensure business continuity and eliminate downtime. Headquartered in Dallas, TX, Global Data Vault protects hundreds of clients across the United States, Canada, and the United Kingdom. "Our clients are facing new challenges driven by dramatic changes in the cybersecurity threat landscape and evolution of IT strategies including cloud adoption," said Anthony Galley, Chairman of Global Data Vault. "Dataprise has an enviable portfolio of cybersecurity, managed IT services, and cloud services that enhance the value of our modern data protection and DRaaS offerings. Together with Dataprise we are perfectly positioned to provide our clients even greater value." "We're excited for the opportunity that joining Dataprise presents for our clients, employees and partners. We now have a much broader set of services, capabilities and resources all aimed at protecting client data and ensuring business continuity," said Will Baccich, CEO of Global Data Vault. This marks Dataprise's second acquisition as the company executes on its strategy to build the broadest managed services portfolio and give clients one strategic IT partner to solve it all. The recent acquisition of Wireless Watchdogs added a comprehensive Mobility Managed Services (MMS) and Mobile Device Management (MDM) portfolio aimed at solving mobile device, Internet of Things (IoT) and endpoint management challenges. About Dataprise Founded in 1995, Dataprise believes that technology should enable our clients to be the absolute best at what they do. This commitment to client success is why Dataprise is recognized as the premier strategic managed service and security partner to strategic CIOs and IT leaders across the United States. Dataprise delivers best-in-class managed cybersecurity, disaster recovery as a service (DRaaS), managed infrastructure and managed end-user services that transform business, enhance user experiences, and eliminate risks.

Read More

Spotlight

In the last few years, companies both in the United States and abroad have witnessed the steady growth of cyberattacks and corporate espionage. The financial losses and, worse, often irreparable reputational harm such incidents wreak have served to place a target squarely on the backs of board members to ensure they are properly overseeing cyber risk.

Resources