DATA SECURITY

Security Tops Retailers’ Wish Lists this Holiday Season

Futurex | November 17, 2021

Security Tops Retailers
Record sales expected in 2021, along with hackers; Futurex recommends point-to-point encryption for retailers to protect cardholder data

BULVERDE, Texas, November 17, 2021 — As we enter the biggest retail season of the year, transactions are increasing, as are the numbers of hackers and skimmers — targeting shoppers’ cardholder data. The last thing retailers need to worry about is cyber threats that lead to ransomware or data breaches, as they welcome shoppers and juggle supply chain disruptions. Futurex, a leader in hardened, enterprise-class data security solutions, recommends retailers implement point-to-point encryption (P2PE) to encrypt cardholder data at the point of sale to keep it safe from malware that might be spying on network traffic and capturing credit card numbers. Futurex secures transactions for several of the nation’s largest retailers, protecting shoppers’ sensitive cardholder data and payment information.

U.S. retail sales now through December are expected to grow 10.5% to a record $859 billion, compared to 2020, according to the National Retail Federation. Meanwhile, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned about the increase of cyber threats, including ransomware, around the holidays.

“Behind every gift, every purchase, and every payment, retailers and consumers depend on secure transactions to protect payment information,” said Ryan Smith, vice president, global business development, at Futurex. “As the critical security backbone of the global financial ecosystem, we work with the world’s largest retailers and financial institutions to safeguard data in transit and at rest."

The use of hardware security modules (HSMs) in transaction processing is critical, as payment HSMs provide the cryptographic functions needed to support end-to-end data security, including encryption and cryptography key management. In a compliant P2PE environment, sensitive data is encrypted from the point of interaction and decrypted only within the secure boundary of a FIPS 140-2 Level 3 or PCI HSM-validated HSM. Learn more about point-to-point encryption.

About Futurex
For more than 40 years, Futurex has been a trusted provider of hardened, enterprise-class data security solutions. More than 15,000 organizations worldwide, including financial services providers and corporate enterprises, have used Futurex’s innovative hardware security modules, key management servers, and enterprise-class cloud solutions to address their mission-critical systems, data security, and cryptographic needs. This includes the secure encryption, storage, transmission, and certification of sensitive data. For more information, please visit futurex.com.

Spotlight

Research from Norton estimates the global price tag of consumer cybercrime now topping some US$113 billion annually4 which is enough to host the 2012 London Olympics nearly 10 times over. The cost per cybercrime victim has shot up to USD$298: a 50% increase over 2012. In terms of the number of victims of such attacks, that’s 378 million per year – averaging 1 million plus per day. ”Domain Validated (DV)” SSL Certificates pose a direct threat to consumers on the Internet.


Other News
DATA SECURITY

Axonius Unveils SaaS Management Solution to Combat Complexity, Cost, and Risk

Axonius | January 20, 2022

Axonius, the leader in cybersecurity asset management, today unveiled Axonius SaaS Management, a new comprehensive solution that helps security, IT, finance, and risk teams control the complexity, cost, and risk of software as a service (SaaS) with a single source of truth into their SaaS application landscape. As businesses rapidly increase consumption of SaaS applications, they face acute IT, security, and business challenges. The rate of SaaS adoption makes manual approaches to gaining a credible SaaS asset inventory woefully inadequate and exposes extremely difficult visibility challenges into both known and unknown SaaS applications. Compounding these visibility challenges, companies struggle to identify how data flows between apps, manage a myriad of configurations, and close security gaps, as well as track licensing and spend, across hundreds sometimes thousands of SaaS applications. Axonius SaaS Management lets customers address the operational and financial challenges of SaaS asset management, as well as the security and risk gaps, all via a seamless, nonintrusive deployment that delivers actionable insights from day one. This is the first product delivered by AxoniusX, the company’s innovation-focused business unit that launched in June 2021. “Over the past few years, we’ve seen tools emerge that address some aspects of SaaS management from either the business side or SaaS security posture management, but these approaches still leave companies with gaps in visibility and siloed information,We’ve built on our unique approach to cybersecurity asset management to deliver the same results for SaaS applications. With our rich history in building and maintaining API integrations with SaaS solutions, Axonius has the expertise and market traction to bring massive value to organizations struggling with the complexity of modern apps and infrastructure.” Amir Ofek, CEO and co-founder of AxoniusX Axonius SaaS Management uses adapters (API connections to data sources) and proprietary SaaS discovery tools to create a detailed inventory of all SaaS applications, permissions, and data flows. By connecting to all layers of the SaaS application stack, the solution discovers both the SaaS applications known to and sanctioned by organizations as well as shadow and unmanaged apps. This approach provides comprehensive visibility into all data types and interconnectivity flows, identifies misconfigurations and data security risks, and delivers actionable insights for better IT management and cost optimization. Axonius SaaS Management integrates with Axonius Cybersecurity Asset Management to provide a comprehensive platform that unifies all digital assets from SaaS apps to devices, user accounts, cloud assets, and more so customers can easily and effectively control complexity across the entire IT environment. About Axonius Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world.

Read More

SOFTWARE SECURITY

CyberSaint Releases CyberStrong Version 3.20 Empowering Customers to Further Automate the Cyber & IT Risk Management Function

CyberSaint | June 22, 2022

CyberSaint, the developer of the leading platform delivering cyber risk automation, announced the release of CyberStrong version 3.20 today, providing customers with the ability to further automate the assessment process via continuous control automation with Tenable and Microsoft Azure Security Center integrations. “CyberSaint’s continuous control automation functionality changes the way that security and risk teams perform assessments, and ultimately, manage cyber risk,” said Jerry Layden, CEO of CyberSaint. “Being first-to-market with this technology is exciting for us, and positions us to redefine the cyber and IT risk management market at large.” Until now, the process of assessing an organization’s cybersecurity risk posture against a framework or standard has been manual. CyberStrong’s continuous control automation leverages natural language processing (NLP) to map telemetry coming in from various security products, such as Tenable and Microsoft Azure Security Center, to controls in a customer environment, automating scores at the control level and pulling in evidence. Want to see this new feature in action? Register for the Live Demo on July 12th at 3:00pm EDT or watch after on-demand. “Having the capability to integrate with cybersecurity solutions such as those in a hybrid cloud environment is essential for successful integrated risk management (IRM) technologies. “IRM solution providers like CyberSaint offer companies real-time visibility and understanding of their cybersecurity risk. This provides a competitive edge by giving business leaders actionable data to mitigate growing cybersecurity and associated digital risks.” John A. Wheeler, Founder and CEO of Wheelhouse Advisors and former Gartner IRM analyst CyberSaint’s integration with Tenable allows customers to: Identify and create mappings to controls and control actions Automate the scoring of vulnerability scanning controls Keep assessment control scores up to date with every successful vulnerability scan CyberSaint’s integration with Microsoft Azure Security Center allows customers to: Pull in policies from Azure and relate their compliance to assessments within the CyberStrong platform Query the customer Azure configuration and correlate directly to NIST 800-53, the CSF, and additional standards such as CMMC, PCI, HIPAA, and more Provide nightly updates to control actions within the CyberStrong platform to keep compliance status up to date which aids in viewing variance of controls when evaluating risk About CyberSaint CyberSaint's mission is to empower today's organizations to build a cybersecurity program that is as clear, actionable, and measurable as any other business function. CyberSaint's solutions empower teams, CISOs, and Boards to measure, mitigate, and communicate risk with agility and alignment.

Read More

PLATFORM SECURITY

TAC Security Launches the ESOF Vulnerability Prediction Feature

TAC Security | June 13, 2022

TAC Security, a Silicon Valley-based Cybersecurity company, announced the launch of their ESOF Prediction Feature. The Prediction feature allows the organizations to forecast the quantity of new vulnerabilities in an asset for the coming month. The results will be based on the vulnerability specifics from anyone’s most recent scan results for each Asset type. The feature anticipates the ESOF cyber scores of various Asset types present in one’s infrastructure and based on the number, the predicted vulnerabilities are generated. The count of predicted vulnerabilities gets further divided based on severity levels for e.g., Critical, High, Medium and Low. ESOF predicts the number of vulnerabilities in the coming months and generates a cyber score based on that for the coming months. The platform will predict the following - Monthly Prediction of Vulnerabilities. Prediction of ESOF Cyber Score Prediction of Vulnerabilities that can be patched Prediction of Type of Vulnerability(s) ESOF also allows the count of predicted vulnerabilities to be compared to the number of actual vulnerabilities. The representational graphs will contain both the actual count and predictive count of the vulnerabilities for the coming months. “The prediction feature allows security teams to foresee threats and prepare for them. If the security team needs training or resources, knowing in advance allows them to invest time and resources to improve their security processes. ESOF plays an essential role in allowing teams to discover, prioritize and remediate before situation demands, rather than mass efforts like other tools,” said, Trishneet Arora, Founder and Chief Executive Officer, TAC Security. “We are thrilled to take the next step to ensure ESOF becomes Cybersecurity's Future. The Prediction feature is a revolutionary contribution by TAC Security to the ever-evolving Risk and Vulnerability Management market. The ability to foresee threats allows not only the security teams and leaders to be prepared. And gives them the chance to communicate with the whole organization, including the Board Members, so they know what to expect. It allows the organization to be well prepared and plan their resources to strengthen their security processes and reduce the chances of a breach remarkably.” Chris Fisher – CMO, TAC Security This announcement closely follows TAC Security’s recent launch of another new product, ESOF Product CyberScore. The product provides ability to generate risk scores for each product installed in the system. In addition to an individual product risk score for the product on a single asset, there is also a group score that will be based upon all the assets that have the product installed. With the overall product score, they can easily identify the most vulnerable products present in all the assets and prioritize the top 10 most vulnerable products present in the organization. The prediction model is a major stepping stone in TAC Security’s mission of ensuring a cyberscore becomes the next credit score system for organizations to be considered compliant. The ability to forecast upcoming vulnerabilities gives organizations an edge over the adversaries and continues to strengthen the risk posture of their overall IT infrastructure. About TAC Security TAC Security, headquartered in San Francisco, is a global leader in Vulnerability Management that protects Fortune 500 companies, leading enterprises, and governments around the world. TAC Security manages 5+ Million vulnerabilities through its Artificial Intelligence (AI) based Vulnerability Management Platform ESOF (Enterprise Security in One Framework). TAC Security has established strategic partnerships with leading cloud providers and managed service providers and consulting organizations including Tech Mahindra, IBM, KDDI Japan, and distributors including Dataguard Technologies LLC and Ingram Micro.

Read More

SOFTWARE SECURITY

SentinelOne Integrates with Torq, Streamlining SOC Workflows with Automated Incident Response

SentinelOne | June 29, 2022

SentinelOne , an autonomous cybersecurity platform company, today announced a new integration with Torq, a no-code security automation platform. The combination of SentinelOne and Torq allows security teams to accelerate response time, reduce alert fatigue, and improve overall security posture. “SentinelOne’s powerful intelligence and protection helps security teams protect their employees and customers – no matter how complex the environment. “With Torq, security teams can extend the power of SentinelOne to systems across the organization to automate workflows, respond faster, maintain/boost compliance to benefit from a proactive security posture.” Eldad Livni, Chief Innovation Officer, Torq The SentinelOne integration with Torq combines SentinelOne’s powerful detection and protection with Torq’s no-code automation, enabling customers to limit alert fatigue, respond to threats at machine speed, and proactively identify and remediate risks. Torq makes it easy for security teams to create automated workflows, with a drag and drop workflow builder and hundreds of templates aligned with industry best practices and frameworks from MITRE and NIST. With robust data from SentinelOne, the Torq solution has access to more high-fidelity threat data for improved enrichment, accelerated response times, and alert fatigue reduction. Torq workflows can listen for SentinelOne alerts, and ingest these to trigger action in any security or operations tool. The solution deploys out-of-the-box in minutes with no coding, installation, or ‘connectors’ needed. Key benefits of the integration include: Real-time threat enrichment - automatically enrich alerts from any system with data directly from SentinelOne Singularity. Automated remediation - remediate threats with fully autonomous or partially autonomous remediation workflows to accelerate mean time to respond. Optimize SOC workflows - clearly and quickly orchestrate threat hunting, information sharing, and ticket creation for vulnerability management. Bot-driven collaboration - Create no-code interactive chat bots that allow users to perform critical actions, run deep visibility queries, or control SentinelOne endpoints from within Slack or other chat tools. “The SentinelOne-Torq integration provides joint customers with a powerful combination of best-in-breed automated security solutions,” said Ruby Sharma, Head of Technical Partnerships, SentinelOne. “Not only are customers utilizing industry leading endpoint protection and XDR, they also have access to innovative security automation tools that can accelerate workflow automation. We are pleased to make this integration available via the Singularity Marketplace, and we look forward to expanding our offerings to address even more use cases.” About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

Spotlight

Research from Norton estimates the global price tag of consumer cybercrime now topping some US$113 billion annually4 which is enough to host the 2012 London Olympics nearly 10 times over. The cost per cybercrime victim has shot up to USD$298: a 50% increase over 2012. In terms of the number of victims of such attacks, that’s 378 million per year – averaging 1 million plus per day. ”Domain Validated (DV)” SSL Certificates pose a direct threat to consumers on the Internet.

Resources