PLATFORM SECURITY

ReliaQuest GreyMatter joins Microsoft Intelligent Security Association

ReliaQuest | June 17, 2022

ReliaQuest
ReliaQuest, a security operations force enhancer, announced today that it has joined the Microsoft Intelligent Security Association (MISA). MISA is an ecosystem of independent software manufacturers and managed security service providers that have linked their products to better guard against an ever-increasing number of threats.

"With digital transformation driving migration to Microsoft Azure, it becomes even more critical to have a unified view across an organization’s security infrastructure. Now, with added support for Microsoft Sentinel, Microsoft 365 and Microsoft Defender for Endpoint, ReliaQuest GreyMatter extends visibility across the Microsoft ecosystem. GreyMatter unifies detection, investigation and response to drive security effectiveness and cyber resilience, while allowing the customer to integrate Microsoft Security products at the pace that best suits their organization.”

Brian Foster, ReliaQuest Chief Product Officer

This partnership makes it simple for Microsoft clients to ingest data and automate activities across any vendor solution, whether on-premises or in one or more clouds. GreyMatter, in conjunction with extensive security operations knowledge, accelerates threat detection and response. This improves the efficiency of current investments, such as the correlation capabilities of Microsoft Sentinel and Microsoft Defender for Endpoint.

GreyMatter contextualizes threat research, aggregate customer knowledge, more than 40 open source and commercial security data sources to build a complete, actionable picture of present and upcoming risks. ReliaQuest will continue investing in GreyMatter's integration capabilities with the Microsoft 365 security suite, extending the ReliaQuest aim to "Make Security Possible."

Rob Lefferts, Corporate Vice President, Microsoft Defender said that, “Microsoft Intelligent Security Association members, like ReliaQuest, leverage Microsoft’s security products to better defend against cyber security threats with identity and access management, threat protection, information protection and security management.”

Spotlight

As the DoD Information Assurance Certification and Accreditation Process (DIACAP) begins to make its curtain call from a defense compliance standpoint, a new process emerges and takes its place, the Risk Management Framework (RMF). How will this new process work? And more importantly, what does this mean for the way you do business? In most organizations, governance, risk, and compliance (GRC) are the pillars that ensure a business is capable of performing to meet its objectives. The national defense information security realm is no different. In the Department of Defense (DoD), cybersecurity governance is handled through various instructions, directives, and manuals. In the past, compliance was met through adherence to these rules, and validated using DIACAP. The RMF introduces a method to incorporate all three areas. It uses an established methodology through its special publication series, and incorporates DoD guidance within its 800-53 Revision 4 control set. These publications also provide information on Managing Information Security Risk (800-39) and a Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans (800-53 A) to ensure compliance to the DoD and National Institute of Standards and Technology (NIST) standards. DIACAP offered a control set to measure against, but fell short in its implementation and risk assessment guidance.


Other News
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

GreyNoise Intelligence Partner Network Launches in the Cybersecurity Arena

GreyNoise Intelligence | November 07, 2022

GreyNoise Intelligence, the cybersecurity company analyzing internet scanning traffic to separate threats from background noise, today announced the official launch of a mulit-faceted partner program to help customers defend against mass exploitation attacks. As an ecosystem for cybersecurity solution providers, the program offers an array of opportunities for technical alliances, channel resale and OEM partners. "Mass exploitation attacks like Log4j have become the attack vector of choice for cyber criminals and state actors. "Security teams are struggling to defend themselves against these kinds of attacks with tools and threat intelligence designed for last year's threats. By building partnerships with other leading cyber solution providers, we can help customers implement new security strategies to end mass exploitation attacks." Andrew Morris, Founder and CEO of GreyNoise Mass exploitation attacks leverage internet-wide scanning technologies to find and exploit vulnerable computer systems around the world in minutes. When a new internet-exploitable vulnerability like Log4j is announced, these attacks can start in a matter of hours, before security teams have a chance to put their defenses in place. The GreyNoise Intelligence Partner Network enables other cybersecurity solution providers to expand their reach, increase revenues and deepen customer relationships. The network has three primary components: 1) GreyNoise Technical Alliance Program. GreyNoise provides contextual data on noisy IP addresses that scan the Internet. Technical Alliance partners collaborate with GreyNoise to ensure that mutual customers can seamlessly leverage inter scanner intelligence in their existing workflows, tools and processes. Customers use this data to reduce their alert volumes by 25% and minimize alert fatigue. GreyNoise also sharpens threat detection fidelity for mutual customers by providing valuable context on known malicious internet-wide scanners, speeding up the triage process. With GreyNoise data, technical partners have real time visibility into mass exploitation IPs targeting specific vulnerability, which provides critical actionable data during an active emergent attack. “Whenever a vulnerability is disclosed the dinner bell sounds for good and bad actors alike, meaning organizations are already on their back foot,” explains Robert Huber, chief security officer and head of research, Tenable. “We know threat actors are monitoring disclosure programs in the same way we are, looking for newly announced vulnerabilities, studying all available information such as proof of concepts, but they’re looking to utilize the flaw. OUr partnership with GreyNoise gives our customers the tools to address these weaknesses when they’re publicly announced. In doing so, we reduce that intelligence gap and hand the advantage back to the good guys.” 2) GreyNoise OEM Partnership Program. GreyNoise provides an integrated out-of-the-box threat intelligence solution for security vendors, ISPs and technology firms to embed in their product and service offerings. Unlike other threat intelligence vendors, GreyNoise is solely focused on providing high fidelity data on IPs that are actively mass scanning, crawling and attacking the internet. Integrating GreyNoise data directly into the platform of OEM partners enables customers to intelligently rule out internet background noise, and helps them to prioritize emerging threats and targeted activity more effectively. “Modern security teams need a fast, flexible and scalable platform for threat detection capable of analyzing terabytes of data per day, with built-in threat intelligence to rule out activity from trusted sources, and immediately flag activity from known bad actors,” said Jack Naglieri, CEO and founder, Panther Labs. “With Panther and GreyNoise, security teams can cut through background noise, improve alert fidelity, speed up analyst workflows and ensure prioritization of the most critical alerts. By making detection and response faster and more accurate, security teams can better protect their organizations from disruptive cyberattacks.” 3) GreyNoise Channel Resale Program. GreyNoise is committed to developing partnerships with highly focused, security-dedicated channel partners to deliver the best results to mutual customers. Value-added resellers and distributors offer GreyNoise protection and intelligence solutions to meet the IT security needs of their enterprise customers. In addition to providing a unique data and automation security solution that is relevant to Incident Response, SOC and Threat Intel teams, GreyNoise has a transparent, simple and profitable, channel sales program with a generous deal registration and rebate structure. GreyNoise sales teams provide materials for channel partners to explain the value GreyNoise offers in improving analyst efficiency, leveraging customer investment in existing technologies, and reducing the overall risk landscape. About GreyNoise Intelligence GreyNoise is THE source for understanding internet noise. We collect, analyze and label data on IPs that saturate security tools with noise. This unique perspective helps analysts waste less time on irrelevant or harmless activity, and spend more time focused on targeted and emerging threats. GreyNoise is trusted by Global 2000 enterprises, government organizations, top security vendors and tens of thousands of threat researchers.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Datadog Launches Cloud Security Management to Provide Cloud Native Application Protection

Datadog | October 20, 2022

Datadog, Inc., the monitoring and security platform for cloud applications, today announced the general availability of Cloud Security Management. This product brings together capabilities from Cloud Security Posture Management (CSPM), Cloud Workload Security (CWS), alerting, incident management and reporting in a single platform to enable DevOps and Security teams to identify misconfigurations, detect threats and secure cloud-native applications. As organizations' cloud architectures become more complex, assessing security risks and collaborating across teams to mitigate them has become increasingly difficult. While security engineers are responsible for identifying threats and misconfigurations, DevOps teams are responsible for remediating them. DevOps and security teams often use multiple point solutions and tools to report on and resolve issues, but these tools provide an incomplete view of security risks and create silos between teams. Datadog's Cloud Security Management brings together observability and security insights across an organization's entire cloud environment—without the need to deploy additional agents. This shared context provides security engineers with deeper insights to collaborate with DevOps teams and more quickly remediate security issues. "Tight collaboration between security and DevOps teams is required to mitigate security risks in today's environments. This change has been brought on by the move to the cloud. Security teams today cannot take countermeasures alone without potentially impacting the performance and reliability of production systems. "Datadog Cloud Security Management helps these teams work together to remediate issues quickly by providing a single platform—as opposed to multiple point solutions—that delivers a complete view of an organization's infrastructure and risk exposure." Prashant Prahlad, VP of Product at Datadog "Using Cloud Security Management was like having a member of the InfoSec team embedded within our DevOps team," said Chad Upton, Vice President of Infrastructure at FirstUp. "All the security metrics were front and center so they could easily see the number of misconfigured resources in a single view and they didn't have to wait for someone from InfoSec to reach out and let them know there was an issue." "Because Datadog Cloud Security Management shows observability and security data together, alongside the resource relationship graph, we were able to remove cloud resources that were no longer in use and easily understand the impact of misconfigured cloud resources by visualizing all dependencies," said Ben Collen, Senior Director of Engineering and CISO at Vertex. Cloud Security Management expands on the foundational capabilities of cloud security posture management and cloud workload security of a CNAPP solution through: Resource Relationship Graph: By providing a visual risk assessment of misconfigured resources and vulnerabilities across an organization's cloud infrastructure, DevOps teams can take remedial actions based on the impact of the risk. Custom Detection Rules: Teams can now create fine-grained threat detection rules across all cloud resources—including their associated logs and security incident events. Resource Catalog (Beta): Engineers can access a comprehensive visual representation of all security risks associated with each cloud resource in a customer's environment and identify the owners of every cloud infrastructure resource to remediate vulnerabilities and misconfigurations. About Datadog Datadog is the monitoring and security platform for cloud applications. Our SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration, drive collaboration among development, operations, security and business teams, accelerate time to market for applications, reduce time to problem resolution, secure applications and infrastructure, understand user behavior and track key business metrics.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

AI-Based Cloud Security Meets Live Professional Monitoring--Rhombus Releases 24/7 Alarm Monitoring with Video Verification and Emergency Dispatch

Rhombus | September 17, 2022

Rhombus, a leader in enterprise cloud physical security, has released Alarm Monitoring, a 24/7 service that deters threats in real time and enhances an organization's after-hours security by combining AI-based alerts with live professional monitoring. "Many IT and Safety Managers love that Rhombus automatically sends AI-based alerts but don't have the staff on call to respond after hours. "This is where Alarm Monitoring comes in. When an alert is triggered—for instance, if human movement is detected when a building should be empty—an audible deterrent can be issued to deescalate a threatening situation and a live dispatcher will verify the alert to determine the appropriate course of action. The combination of issuing a deterrent while conducting a live investigation not only reduces false alarms but also accelerates incident resolution and emergency response." Rickey Cox, Director of Product at Rhombus Once an alert is triggered, live agents will automatically verify the alert and will text/call an organization's contact list or immediately dispatch emergency services if a threat to a person or property is identified. Additionally, with the Rhombus A100 Audio Gateway, an audible deterrent can be issued, such as a police siren, loud alarm, or custom message. Monitoring agents can also use the A100 as a two-way communication device, informing perpetrators that the authorities are on their way and to vacate the property. The use of an audible deterrent helps neutralize damage or threats in real-time as emergency services are en route. Within minutes, Rhombus can trigger an alert, issue an audible deterrent, verify an alert, contact essential personnel regarding the situation, send emergency services, and provide contextual information to first responders, including alert footage, live streams, and location details. Alarm Monitoring utilizes fully redundant, Five Diamond, UL-Listed Central Monitoring Centers and the full suite of Rhombus products –including smart cameras, sensors, and industry-leading AI analytics—to provide best-in-class coverage to enterprise organizations. Rhombus Alarm Monitoring is now available starting at $1,799 per year, per location. About Rhombus Rhombus is a cloud physical security platform designed to bring greater intelligence, security, and productivity to enterprise organizations. Rhombus delivers NDAA-compliant smart cameras and connected sensors that can be managed from a single pane of glass to simplify infrastructure and security management at scale.

Read More

DATA SECURITY, PLATFORM SECURITY

Orange and Netskope Partner on Carrier-class Connectivity and SSE Services for a Secure, Cloud-smart Platform

Orange Cyberdefense | September 23, 2022

Orange Business Services, a global network-native digital services company, Orange Cyberdefense, a leading cybersecurity services provider, and Netskope, a leader in secure access service edge (SASE), are partnering to deliver a new SSE (Security Service Edge) solution embedded into the Orange Telco Cloud Platform. The enhanced solution is designed to deliver optimal performance with maximized security, meaning enterprises will no longer need to find a compromise between the two. A decade of shifting to cloud and mobile computing, along with the ever-present demands of hybrid work environments, have put security and networking requirements on a collision course. While SSE addresses the security challenges, enterprises need to incorporate them into overarching connectivity strategies to realize the full benefits of SASE. The partnership will leverage Orange Cyberdefense’s security expertise and Netskope’s global security private cloud footprint and SSE leadership, enabling Orange Business Services to deliver consistent internet security on and off the network. This will help protect enterprise customers from data loss and the growing volume of sophisticated threats across cloud, web and private applications, with the full attributes of a cloud-native platform. The co-managed solution will reduce complexity for enterprises, providing continuously updated cloud security via the Orange Business Services Telco Cloud Platform. Telco Cloud Platform is a revolution in the way networks are built, run, and managed with enhanced performance. The software-defined approach optimized for telco workloads allows for greater agility and cost reduction. Securing an enterprise’s most important assets: people and data This innovative hybrid architecture embeds Netskope’s points-of-presence (POPs) within the Orange network, strengthening the Orange customer value proposition by delivering the benefits of the Orange network, including speed and agility, while enabling customers to tap into the power of Netskope Intelligent SSE. Netskope Intelligent SSE provides granular visibility and real-time data and threat protection for cloud services, websites, and private apps accessed from anywhere, on any device. “Cloud transformation and hybrid work models mean that traditional security architectures are no longer effective or efficient. Plugging our market leading platform into Orange’s network will enable Orange to significantly increase its offering to enterprises looking to secure data without limiting business productivity.” Sanjay Beri, CEO, Netskope “Increasingly enterprises are using the internet as their only WAN transport, even in a growing threat landscape. Working together we are delivering Orange customers a SASE-ready WAN edge while upgrading the security of the enterprise’s network without downgrading the user experience.” says Hugues Foulon, CEO, Orange Cyberdefense. “This innovative partnership is an important part of our Evolution Platform concept designed to simplify connectivity, cloud, and security and support business outcomes from end-to-end, providing real-time protection for our users, their applications, and data, wherever they are. It underscores our position as a trailblazer in SSE and managed services, providing the right balance of performance, speed, and protection to our customers,” adds Aliette Mousnier-Lompré, CEO, Orange Business Services. About Orange Business Services Orange Business Services is a network-native digital services company and the global enterprise division of the Orange Group. It connects, protects, and innovates for enterprises worldwide to support sustainable business growth. Leveraging its connectivity and system integration expertise throughout the digital value chain, Orange Business Services is well placed to support global businesses in areas such as software-defined networks, multi-cloud services, Data and AI, smart mobility services, and cybersecurity. It securely accompanies enterprises across every stage of the data lifecycle end-to-end, from collection, transport, storage and processing to analysis and sharing. About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

Spotlight

As the DoD Information Assurance Certification and Accreditation Process (DIACAP) begins to make its curtain call from a defense compliance standpoint, a new process emerges and takes its place, the Risk Management Framework (RMF). How will this new process work? And more importantly, what does this mean for the way you do business? In most organizations, governance, risk, and compliance (GRC) are the pillars that ensure a business is capable of performing to meet its objectives. The national defense information security realm is no different. In the Department of Defense (DoD), cybersecurity governance is handled through various instructions, directives, and manuals. In the past, compliance was met through adherence to these rules, and validated using DIACAP. The RMF introduces a method to incorporate all three areas. It uses an established methodology through its special publication series, and incorporates DoD guidance within its 800-53 Revision 4 control set. These publications also provide information on Managing Information Security Risk (800-39) and a Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans (800-53 A) to ensure compliance to the DoD and National Institute of Standards and Technology (NIST) standards. DIACAP offered a control set to measure against, but fell short in its implementation and risk assessment guidance.

Resources