Software Security

RangeForce introduces cloud-based security team threat exercises

RangeForce
RangeForce, a provider of team cyber defense readiness at scale, announced that it has improved its platform for team threat exercises with new features that make it simpler for organizations to hasten the development of their security teams' skills through multi-user detection and response drills involving simulated attacks.

Through the use of RangeForce team threat exercises, security teams can set up the security stack to be defended, select an attack scenario, carry out the threat exercise, analyze the post-exercise data, and create a customized training program.

RangeForce threat exercises produce realistic digital artifacts of both signal and noise that demand teams to demonstrate their cyber preparedness. They use high-intensity, real-world assault scenarios that call security experts to work in teams to discover and neutralize cyber threats.

"RangeForce threat exercises are based on years of running hundreds of live cyber events and deliver the most realistic experience for teams using headline making attack scenarios and the same security tools they use every day. They provide participants the opportunity to acquire hands-on skills so they build the muscle memory to meet threat actors head on."

Ben Langrill, Senior Director of Product Engineering for RangeForce

RangeForce exercises take place in a cyber-environment that goes beyond the standard tabletop exercise, forcing participants to use well-known security tools like Splunk and Fortigate to identify and address threats. Instead, events follow the NIST cybersecurity architecture and combine threat intelligence, threat hunting, digital forensics, and system hardening expertise to reduce threats depending on current malware patterns.

Spotlight

Organizations are losing IT and security control Once upon a time, IT and security teams focused mostly on managing their organization’s on-prem environment. But as business requirements changed, customer bases became global, and remote work took root, these technology teams were handed responsibility across more domains: cloud


Other News
Platform Security

Stellar Cyber and Proofpoint Strategic Alliance to Deliver Comprehensive Email Security Solution For SecOps Teams

Stellar Cyber | January 23, 2024

Stellar Cyber, the innovator of Open XDR, announced a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this alliance, Proofpoint and Stellar Cyber customers benefit from an out-of-the-box integration enabling swift email investigations and real-time response actions to email-driven attacks. Proofpoint Targeted Attack Protection monitors emails to identify suspicious emails and potentially malicious attachments and URLs. Once identified, the findings are shared with Stellar Cyber automatically. Stellar Cyber’s Open XDR platform ingests, normalizes, and analyzes Proofpoint findings and other collected data to deliver a comprehensive threat picture. As security analysts conduct investigations, they can instruct integrated third-party products – including Proofpoint – on corrective actions. “Protecting organizations against email-borne attacks is a top priority, and security teams need a way to automatically correlate threat telemetry across the entire attack surface in order to quickly remediate threats,” said Andrew Homer, VP of Strategic Alliances, Stellar Cyber. “This new partnership with Proofpoint is the latest example of Stellar Cyber delivering on its Open XDR strategy to provide customers turn-key integrations that improve productivity and threat detection.” “Email attacks remain the number one entry point into an organization, and the level of sophistication of these attacks continues to grow exponentially,” said D.J. Long, Vice President, Strategic Alliances & Business Development, Proofpoint. “We’re thrilled to work with Stellar Cyber on this strategic alliance to help customers protect against advanced email-based threats and unify their cybersecurity defense.” Through this alliance, Stellar Cyber and Proofpoint give security teams an advantage over attackers, resulting in the following: Real-time threat signals exchanged for proactive detection Correlation of Proofpoint alerts across the entire attack surface Automated response actions for immediate threat containment About Stellar Cyber Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

Software Security

Picus Launches New MSSP Program to Make Starting Security Validation Simple

Picus Security | December 12, 2023

Picus Security, the pioneer of Breach and Attack Simulation (BAS), today announced the Picus Managed Security Services Provider (MSSP) Partner Program. Picus has a long-standing 100% channel approach and works closely with MSSPs to deliver security validation services that quantify risk and reduce threat exposure. Now, it's easier than ever for MSSPs and their customers to get started with security validation to measure the effectiveness of security controls with real-world attack simulations and then scale up testing programs to perform validation checks consistently. The new Picus MSSP Program provides the flexibility MSSPs need to introduce automated validation services and generate new recurring revenues quickly. Designed for customers of varying levels of cyber maturity, the program features interval-based and continuous licensing options. With interval-based licensing, MSSPs can purchase credits that allow an entry cadence for validation assessments. Then, once customers are ready to advance their security program maturity and increase the frequency of assessments they can easily switch to a continuous licensing model. The program means MSSPs can help customers to 'crawl,' 'walk,' and then 'run' with validation. "With this new MSSP program, it's never been simpler for managed service providers to get the consistent and accurate validation insights needed to improve security outcomes for clients," said Ryan Kunker, Picus Security, Senior Director of Channels and Alliances. "By shining a light on security effectiveness in areas such as security control validation, automated security validation presents an enormous opportunity for MSSPs to improve security outcomes for clients and identify new upsell opportunities." Security validation powered by BAS is a core pillar of Continuous Threat Exposure Management (CTEM). It helps security teams to understand if security controls provide the coverage needed to defend organizations against the latest threats, including ransomware and Advanced Persistent Threats. Gartner estimates that security services providers that adopt cybersecurity validation assessments will see an improvement of over 5% in their acquisition, retention and upsell rates.* "We are constantly looking for new ways to provide real actionable value to our clients," said Perry Schumacher, Chief Strategy Officer at Ridge IT. "We evaluated Picus in our cyber range against our best practice configurations and it showed us opportunities to improve beyond today's best tools and practices. The Picus platform helps us provide better security for our clients by increasing our effectiveness. Our clients who purchase Picus begin a continuous improvement journey for their cyber security and are always in a cyber-ready state." In addition to real-world threat simulation, the Picus platform also offers asset and vulnerability discovery, attack path mapping, detection engineering as code, and AI-based threat profiling - capabilities that help MSSPs to manage customers' threat exposure even more efficiently. To enable MSSPs to validate the security of multiple clients simultaneously, the platform also offers a multi-tenant portal. "Now more than ever, every dollar spent in the security budget must be carefully weighed on merit and returned value," said Darren Humphries, Acora Group CISO and MSSP Cyber Portfolio CTO. "For strengthening the security of our own company portfolio and that of our customers, Picus is a key tool that helps us measure the efficacy of the protective security tools we use as well as our detective SOC and SIEM capabilities. Picus is a true force multiplier." About Picus Security Picus Security helps security teams consistently and accurately validate their security posture. Our Security Validation Platform simulates real-world threats to evaluate the effectiveness of security controls, identify high-risk attack paths to critical assets, and optimize threat prevention and detection capabilities. As the pioneer of Breach and Attack Simulation, we specialize in delivering the actionable insights our customers need to be threat-centric and proactive. Picus has been named a 'Cool Vendor' by Gartner and is recognized by Frost & Sullivan as a leader in the Breach and Attack Simulation (BAS) market.

Read More

Network Threat Detection

Flashpoint and Scale AI Forge Strategic Partnership to Empower Government Clients With AI-Enhanced Threat Intelligence

Flashpoint | December 11, 2023

Flashpoint, the leader in high-fidelity threat intelligence and data-driven insights, and Scale AI, whose proprietary data engine powers the most advanced large language, generative, and computer vision models with high-quality data, announced today a groundbreaking partnership that unites Donovan, Scale’s AI-powered decision-making platform, with Flashpoint's pioneering open-source intelligence. This strategic alliance promises to advance intelligence and security operations for government agencies, including the U.S. Department of Defense and Intelligence Community, substantially enhancing their ability to tackle complex global security challenges with advanced threat detection and in-depth analysis. “Merging Scale’s advanced AI technology with Flashpoint's unparalleled intelligence and data isn't just about setting a new industry standard; it's about revolutionizing how government agencies manage national security challenges in today's digital landscape," said Andrew Makridis, the former COO of the Central Intelligence Agency who serves on the advisory boards of both Scale and Flashpoint National Security Solutions (FNSS), a dedicated Flashpoint business unit that serves the unique needs of national security organizations. "This partnership will enable agencies to quickly adapt to emerging threats and leverage data-driven insights for strategic operations.” "Flashpoint's collaboration with Scale AI represents a significant expansion of our capabilities in national security intelligence," said Flashpoint CEO Josh Lefkowitz. "Our tailored, actionable intelligence perfectly complements Scale’s AI technology, enhancing our ability to help organizations in the public sector identify and address evolving security challenges effectively." “Our partnership with Flashpoint is a game-changer. Through our Donovan LLM platform, we are helping analysts in the cyber and infrastructure security domain take advantage of the data trove Flashpoint delivers. We are enhancing decision-making and security frameworks for our government clients," said John Brennan, General Manager of Scale AI’s Public Sector business unit. "We chose Flashpoint for their unparalleled cyber intelligence depth and actionability, a cornerstone in our joint efforts to fortify national and homeland security through artificial intelligence." Flashpoint will discuss the advanced capabilities from our partnership with Scale AI at booth #1937 during 2023 DoDIIS Worldwide Conference in Portland, Oregon, starting December 12. Visit our booth to learn about how this partnership will equip national security teams with the essential data, intelligence, and insights needed for mission success. Flashpoint National Security Solutions (FNSS) FNSS is a dedicated Flashpoint business unit that serves the unique needs of national security organizations. FNSS partners with teams across defense, federal law enforcement, federal civilian agencies, state and local government, and the intelligence community, to enhance global situational awareness and drive mission success through industry-leading technology and intelligence expertise. About Flashpoint Trusted by governments, commercial enterprises, and educational institutions worldwide, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks. Leading security practitioners—including physical and corporate security, cyber threat intelligence (CTI), fraud, vulnerability management, national security, and vendor risk management teams—rely on Flashpoint’s Ignite platform and its team of intelligence analysts to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. Discover more at flashpoint.io or join the conversation on LinkedIn, Twitter, and YouTube. About Scale Scale unlocks AI for every industry. Our proprietary data engine powers the most advanced large language, generative, and computer vision models with high-quality data. Our experience partnering with leading AI companies allows us to provide the blueprint for any organization to apply AI. Scale is trusted by industry leaders including Meta, Microsoft, U.S. Army, DoD's Defense Innovation Unit, Open AI, Cohere, Anthropic, Stability AI, General Motors, Toyota Research Institute, Brex, Instacart and Flexport.

Read More

Data Security

Boomi Strengthens Commitment to Data Security and Compliance by Achieving StateRAMP Authorization

Boomi | January 12, 2024

Boomi™, the intelligent connectivity and automation leader, today announced that the Boomi platform has achieved StateRAMP Authorization. This achievement reflects Boomi’s unwavering commitment to data security and compliance, and to delivering a secure and reliable solution that government agencies can rely on to safeguard their data and operations. “At Boomi, we are committed to democratizing modernization. Securing StateRAMP authorization for our platform was paramount, enabling public sector organizations to seamlessly and securely integrate and leverage cloud applications,” said Sean Wechter, Chief Information Officer at Boomi. “Through a strategic alliance with StateRAMP, Boomi actively collaborates with its leadership board, facilitating streamlined documentation and audit processes to expedite digital transformation within the public sector." According to the U.S. Government Accountability Office, government agencies plan to spend billions of dollars each year to support their IT and cybersecurity efforts, including transitioning IT resources to secure, cost-effective commercial cloud services.1 However, agencies are challenged to select secure cloud-based solutions, making it difficult for these organizations to modernize and improve constituent experiences. StateRAMP, a nationally recognized risk authorization management program that provides a standardized approach to assessing cloud products, improves security and simplifies procurement by building a pool of pre-authorized Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) solutions for public sector entities. As organizations more frequently implement cloud-based solutions, they also require validated access to integration platform as a service (iPaaS) to streamline application and resource integration. iPaaS integrates cloud-to-cloud, cloud-to-on premises, and on-premises-to-on-premises platforms, helping public sector organizations break down data silos to enhance information flow, improve citizen services, and increase operational effectiveness. About Boomi Boomi aims to make the world a better place by connecting everyone to everything, anywhere. The pioneer of cloud-based integration platform as a service (iPaaS), and now a category-leading, global software as a service (SaaS) company, Boomi touts the largest customer base among integration platform vendors and a worldwide network of approximately 800 partners – including Accenture, Capgemini, SAP, and Snowflake. Global organizations turn to Boomi’s award-winning platform to discover, manage, and orchestrate data, while connecting applications, processes, and people for better, faster outcomes. For more information, visit boomi.com.

Read More

Spotlight

Organizations are losing IT and security control Once upon a time, IT and security teams focused mostly on managing their organization’s on-prem environment. But as business requirements changed, customer bases became global, and remote work took root, these technology teams were handed responsibility across more domains: cloud

Resources