DATA SECURITY

RedMonocle Launches New Platform to Assist CISOs in Finding, Funding, and Fixing Cybersecurity Risk Blind Spots

RedMonocle | April 29, 2021

RedMonocle, a leader in SaaS-based cybersecurity risk quantification software, today announced new features to its platform aimed at helping chief information security officers (CISOs) and other security leaders anticipate threats in their Technology Security Stack by helping them find, fund, and fix cybersecurity risk blind spots that leave organizations vulnerable for a breach through their Tech Stack.

The acceleration of digital transformation last year brought security into the spotlight as companies scrambled to shift their entire organization to remote operations practically overnight. According to the FBI Internet Crime Complaint Center, cybercrime is up 300% in the last 12 months. As a result, cyber risk blind spots, or unknown areas outside of a company’s field of vision, and other security gaps were created. One out of five cybersecurity leaders surveyed by RedMonocle named blind spots as the No. 1 risk keeping them up at night, followed closely by data loss protection and leadership commitment.

“CISOs are feeling extra pressure this year to minimize security risks across the ever-growing Security Stack while maintaining compliance to security standards and fending off daily threats from well-funded attackers,” said Sean McDermott, CEO, and co-founder of RedMonocle. “Every day Security Leaders are playing a highly complex game of chess knowing there are parts of the board they can’t even see. CISOs know they have blind spots hidden in their Security Stack. Now, they want to know what to do next and we want to help them get there.”

New features to the RedMonocle platform include the Security Stack Assessment and Always-On Risk Intelligence. Their newly released Security Stack Assessment helps CISOs and cybersecurity leaders find cyber risk blind spots by checking for gaps and overlaps in the current system that could risk compliance, increase costs and leave company and consumer data exposed to malicious activity. This assessment simplifies the way CISOs compare the security of their stack with their selected security standards. Their Always-On Risk Intelligence helps CISOs find blind spots before they become a problem and highlights how to fix them. This update also compares Stack to Standard and continuously tracks gaps in compliance to NIST-800-53 for companies to always be prepared for audits.

About RedMonocle

RedMonocle Inc. is a SaaS-based risk intelligence software designed to help CISOs and cybersecurity leaders find, fund, and fix their cybersecurity risk blind spots. Founded by Sean McDermott and Chris Schroeder, RedMonocle has spent the past 25 years working with Fortune 500 companies to evaluate, install, customize and optimize the IT Tech Stack.

Spotlight

echnology has slowly become a larger part our lives since 1970. Since our society today is driven by technology we must recognize the history of internet security. Lewis University’s online Master of Science in Information Security program has put together this infographic on “The History of Cyber Warfare,” making a strong point for the importance of education on latest information security training to defend society against such acts of a cyber security war. Governments to major corporations have been hit with cyber-attacks. Despite the growing advancements in information security, hackers across the globe still endanger society with threats to countries, corporations, and individuals. Organizations and governments will continue to have to adapt to the ongoing threats in our shared digital space. Threats may come from any part of the world because of the expanding global connectivity. We must prepare to defend ourselves against future cyber warfare by learning from the past historical attacks.


Other News
DATA SECURITY

Veza, the Data Security Platform Built on the Power of Authorization, Announces Blackstone as a Customer and Strategic Series C Investor

Veza | June 27, 2022

Veza, the data security platform built on the power of authorization, announced an investment in their Series C funding round from Blackstone Innovations Investments, along with participation from previous investors. To date, Veza has raised a total of $110 million from top-tier investors including Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, True Ventures, and others. Blackstone has also selected Veza to help modernize its data security and access governance. Veza empowers organizations to address today’s greatest cybersecurity challenge: who can and should take what action on what data. As the world increasingly moves online, our changing behaviors are driving a transformational shift toward multi-cloud data systems, apps, computing, and infrastructure. This shift creates a complex, distributed web of human identities, accounts, apps, services, and access points that are constantly changing and susceptible to vulnerabilities. To address this, Veza takes a comprehensive approach that pulls together authorization data from disparate systems, giving customers a single source of truth to manage data access and controls. “Having a world-class cybersecurity program that protects our brand, reputation, investors and intellectual property is of paramount importance to our firm, and we are continuing to incorporate innovative technology solutions,” says Adam Fletcher, Chief Security Officer at Blackstone. “Our team is always looking for ways to develop a more comprehensive view of access across all of our applications and cloud infrastructure to allow us to modernize the firm’s access controls. We are excited to partner with Veza to help us accomplish this.” “Blackstone Innovations Investments is committed to investing in cutting-edge technology companies that we believe will have a meaningful impact on Blackstone, our portfolio companies, and the broader industry. We look forward to working with Veza and their impressive leadership team as they enter this next phase of growth,” comments Stevi Petrelli, Head of Blackstone Innovations Investments. “Institutions across multiple industries view Blackstone as an example of exceptional technology deployment and cybersecurity expertise. “Veza has greatly benefited from Blackstone’s product feedback and market insights. We are thrilled to work with Blackstone’s Security team to further modernize data security for their hybrid and multi-cloud environment.” Tarun Thakur, CEO and Co-Founder of Veza Additional investment in Veza comes from notable entrepreneurs including Dheeraj Pandey, Co-founder & CEO, DevRev and former CEO, Nutanix, and Lars Dalgaard, Founder Luv Ventures, Founder & Former CEO, SuccessFactors. “Authorization is the source of truth when it comes to understanding who has access to what,” says Dheeraj Pandey, Co-Founder and CEO of DevRev. “Understanding authorization at scale is one of the hardest problems to address and I am excited to watch team Veza bring on a new era of identity, rooted in authorization. Veza is defining authorization as a standard for protecting data against ransomware and other forms of data breach.” “Entrepreneurs will tell you that company building is one of the hardest, yet rewarding experiences, with real potential to make an impact,” says Lars Dalgaard, Founder Luv Ventures, Founder & Former CEO SuccessFactors. “When evaluating any company, I look for deep technical breakthrough for a massive market opportunity, deal composition and company traction, and passion amongst founders. And, I’m very excited to be partnering with Tarun and Veza on the mission to build an iconic company that will revolutionize the data security industry for decades to come.” About Veza Veza is the data security platform built on the power of authorization. Our platform is purpose-built for hybrid multi-cloud environments to help you use and share your data safely. Veza makes it easy to understand, manage, and control who can and should take what action on what data. We organize authorization metadata across identity providers, data systems, cloud service providers, and applications — all to address the toughest data security challenges of the modern era. Founded in 2020, the company is funded by top-tier investors including Accel, Bain Capital, Ballistic Ventures, Blackstone, GV, Norwest Venture Partners, and True Ventures. To learn more, please visit us at veza.com. Many Fortune 500, Fortune 1000 and smaller organizations use its data security platform for protection against ransomware, modernizing access governance for critical data and apps, and implementing data lake security for Snowflake and other solutions.

Read More

SOFTWARE SECURITY

Whistic Announces Support of Google’s Minimum Viable Secure Product Framework

Whistic | May 23, 2022

Today, Whistic, the proactive vendor security network for both buyers and sellers, announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google in a collaborative effort with Okta, Slack, and Salesforce. Until the introduction of MVSP, there was no commonly accepted baseline available among security professionals that indicated the importance of security controls. With MVSP, vendors can demonstrate to their customers that they are meeting, at a minimum, the baseline of security as outlined by some of the industry’s top security professionals. “We believe a vendor-neutral security baseline is an important step in establishing minimum acceptable security requirements for enterprise software and services. “By assuring enterprise solutions include the core security building blocks, we can work to reduce third-party risk, and promote security as a key part of the product development lifecycle.” Chris John Riley, Senior Security Engineer at Google Vendors that utilize Whistic to share security documentation via the MVSP help streamline and accelerate the security review process for their customers, helping them to rapidly understand the vendor’s security posture. “Enabling companies to showcase their security posture using the MVSP and other industry frameworks is a key step toward ensuring transparent relationships between vendors and their customers,” stated Nick Sorensen, Whistic CEO. “In addition to announcing support of MVSP, we recently launched Whistic Basic Profile that enables any business regardless of size to proactively share their security posture with customers and publish it to the Whistic Vendor Security Network for free.” Basic Profile allows vendors to self-assess against industry standard frameworks, including MVSP. It also includes a limited number of Profile shares, and the ability to publish to the Whistic Trust Catalog, enabling Whistic customers to conduct Zero-Touch Assessments of the vendor’s security posture. “Okta has already added MVSP to our Whistic Profile and we look forward to seeing more and more of our vendors adopt this baseline in their Profiles,” said Gen Buckley, Director, Customer Assurance Customer Trust at Okta Security and founding committee member of MVSP. “We are always looking for ways to streamline our vendor security reviews and drive a more secure ecosystem, and MVSP helps accomplish that while also promoting transparency and collaboration between vendors and customers.” Marat Vyshegorodtsev, Enterprise Security JAPAC representative at Salesforce adds, “Organizations of all sizes often purchase dozens of software products managed by third parties. The onboarding process alone can take weeks or months, especially when it comes to vetting the security posture for each. MVSP helps solve this—it standardizes this process and eliminates overhead, complexity, and confusion for both parties while ensuring the minimum-security requirements.” About Whistic Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs.

Read More

SOFTWARE SECURITY

ZeroEyes Announces Partnership with Veteran-Owned Cybersecurity Firm Layer 8 Security

Layer 8 Security | February 02, 2022

ZeroEyes, Inc., creators of the only AI-based video analytics platform focused solely on gun detection, is proud to announce its partnership with Philadelphia-based company, Layer 8 Security. Layer 8 Security is a cybersecurity consulting and technical services firm that arms organizations with practical security, compliance, and privacy strategies. Starting in 2022, Layer 8 Security will assist ZeroEyes with the company's information security certifications. Both companies are veteran-founded, owned, and operated, and are part of the Veterans Business Referral Network with over 200 members in the Greater Philadelphia area. In addition to the local connections, both companies are well-known on the national stage for being leaders in their respective disciplines. "I've known members of the ZeroEyes team for years,ZeroEyes' focus on gun detection and physical security complements our focus on being the 'sheepdogs,' protecting people in any way we can. In our case our focus is on data privacy and protecting businesses from hackers. I'm excited to leverage our shared goals as veterans helping veterans." Kevin Hyde, President and Co-Founder at Layer 8 Security "Layer 8 Security and ZeroEyes are both focused on security and building veteran-owned businesses," adds ZeroEyes' Chief of Staff, Kieran Carroll. "We're excited to support Layer 8 Security in their mission and appreciate their services in securing our own business." About ZeroEyes ZeroEyes is the industry's leading AI-based weapons detection solution. Our software integrates into existing security camera systems and sends out a series of alerts when a verified gun is detected via our best-in-class weapons detection algorithms. Founded by a team of Navy SEALs and military veterans with over 50 years of military experience with deep special operations and intelligence community expertise, ZeroEyes is the trusted weapons detection provider of numerous clients, including the US Department of Defense, leading public K-12 school districts, commercial property groups, Fortune 1000 corporate campuses, shopping malls, and big-box retail. About Layer 8 Security Layer 8 Security is a cybersecurity consulting, advisory, and technical services firm that arms organizations with practical security, compliance, and privacy strategies. Today's business environment requires seamless integration with third-party vendors, clients, and partners. Layer 8 Security ensures your information ecosystem is secure, compliant, and resilient to the severity and frequency of a disruption resulting from a cyber attack.

Read More

PLATFORM SECURITY

Cloudflare Completes Acquisition of Area 1 Security

Cloudflare | April 04, 2022

Cloudflare, Inc. , the security, performance, and reliability company helping to build a better Internet, today announced it has completed its acquisition of Area 1 Security. Email is both one of the largest cloud applications for any business, and the biggest security threats that organizations of all sizes face. Yet legacy email security solutions are often expensive, overly complex, and disjointed from an organization’s holistic security strategy. Further, malicious phishing and business email compromise campaigns are incredibly costly—with U.S. businesses losing more than $2.4 billion a year according to data from the FBI’s Internet Crime Complaint Center 2021 Internet Crime Report. With the acquisition of Area 1 Security, Cloudflare will provide organizations an easy way to block phishing, malware, business email compromise and other advanced threats as part of an integrated, Zero Trust approach to securing all of their organizations’ applications. “Cloudflare's mission is to help build a better Internet, and we've invested heavily in building the world's most powerful cloud network to deliver a faster, safer, and more reliable Internet for our users. Now we're officially able to welcome the Area 1 team to Cloudflare and enhance our ability to secure the number one place where security threats come from, email. To us, Zero Trust security without email built in is worth nearly zero. By bringing email security and Zero Trust together with Area 1 Security, we believe that we will give customers the most complete Zero Trust security platform available." Matthew Prince, co-founder & CEO of Cloudflare Area 1 Security’s cloud native platform, which works seamlessly with any email offering, stops phishing and other advanced email attacks by preemptively discovering and eliminating them before they can inflict damage in a corporate environment. By combining Area 1 Security’s highly scalable technology and years of experience in email protection with Cloudflare’s global network, the two companies will provide a holistic Zero Trust solution that customers can enable through Cloudflare’s global network. Area 1 Security’s email security capabilities will be available for purchase for all enterprise plan customers today, and will be available to customers on all other paid plans in the months to come. "Cloudflare delivers one of the world’s leading Zero Trust networks, and we're excited about what we'll be able to build together for our customers and channel partners," said Patrick Sweeney, CEO and President of Area 1 Security. "By joining forces, Area 1’s technology and Cloudflare's global network will give customers the most complete Zero Trust security platform available, inclusive of securing the most critical of today’s business applications – your email." About Cloudflare Cloudflare, Inc. is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures 2018 list and ranked among the World’s Most Innovative Companies by Fast Company in 2019. Headquartered in San Francisco, CA, Cloudflare has offices in Austin, TX, Champaign, IL, New York, NY, San Jose, CA, Seattle, WA, Washington, D.C., Toronto, Lisbon, London, Munich, Paris, Beijing, Singapore, Sydney, and Tokyo.

Read More

Spotlight

echnology has slowly become a larger part our lives since 1970. Since our society today is driven by technology we must recognize the history of internet security. Lewis University’s online Master of Science in Information Security program has put together this infographic on “The History of Cyber Warfare,” making a strong point for the importance of education on latest information security training to defend society against such acts of a cyber security war. Governments to major corporations have been hit with cyber-attacks. Despite the growing advancements in information security, hackers across the globe still endanger society with threats to countries, corporations, and individuals. Organizations and governments will continue to have to adapt to the ongoing threats in our shared digital space. Threats may come from any part of the world because of the expanding global connectivity. We must prepare to defend ourselves against future cyber warfare by learning from the past historical attacks.

Resources