PLATFORM SECURITY

Splashtop and Acronis Integrate and Bring Scalable Remote Support to Acronis’ Cyber Protect Cloud Solution

Splashtop, Acronis | July 06, 2022 | Read time : 10 min

Splashtop and Acronis Integrate
Managed Service Providers (MSPs) using Acronis for endpoint protection management can now initiate Splashtop remote control sessions directly from within the console to provide faster, reliable support for client workloads.

CUPERTINO, Calif. and MIAMI, FL, July 6, 2022 — Splashtop and Acronis today announced a partnership that integrates solutions for secure remote access and support with Acronis Cyber Protect Cloud, an all-in-one data and cybersecurity protection platform. This integration alleviates downtime by enabling MSP technicians to access and take control of computers to troubleshoot and resolve issues directly from the Acronis Cyber Protect Cloud console – resulting in increased customer satisfaction and decreased costs.

Acronis Cyber Protect Cloud unites backup and next-generation, AI-based anti-malware, antivirus, and endpoint protection management in one solution. With Splashtop integrated, service providers can instantly access all their clients’ managed devices directly from the Acronis console, enabling faster remediation of incidents, reliable support, and increased efficiency by providing instant access to endpoints.

Now, not only are client workloads protected with a world-class integrated solution, but they can be easily and immediately accessed in case of an incident. Service providers can deliver on-demand help desk support to any end user computer or mobile device remotely using Splashtop, regardless of device type or operating system. They can also enable their end users to remotely access their work computers, all from a centralized platform.

“No business is safe in the current cyberthreat landscape, and they are looking to Managed Service Providers who specialize in cyber protection services,” said Acronis Vice President and General Manager, Americas, Pat Hurley. “Acronis provides the air-tight protection MSPs need, while Splashtop’s intuitive interface allows issues to be resolved without delay, reducing costs associated with downtime.”

Managed Service Providers can execute service requests faster, exceed SLAs and increase overall customer satisfaction by enabling this free-of-charge integration with Splashtop. Client workloads are protected with a world-class cyber protection solution that is easily accessible in the event of an incident. Users enjoy:
  • Quick onboarding: The Acronis-Splashtop integration enables users to initiate immediate, one-click access to all managed workloads.
  • Easy remote desktop access for managed devices: Support distributed teams and devices with ease, whether employees are working from home, from the office, or on the go.
  • Native features during remote sessions: Take advantage of Splashtop’s high performance features, including file transfer, remote reboot, share technician desktop, chat and more.

The synergy between Acronis Cyber Protect Cloud and Splashtop allows service providers to deliver superior remote support — silently, seamlessly and on time — through a reliable, direct connection.

“Security is the backbone of everything we do at Splashtop, so we are proud to partner with such a trusted and proven cyber protection platform,” said Thomas Deng, Co-Founder and SVP of Product Management at Splashtop. “Acronis leaves no stone unturned when it comes to the protections and support it offers service providers and their clients.” 

200,000 businesses and 30 million end users around the world securely use Splashtop, including large banks, sports & entertainment companies, educational institutions, healthcare organizations and government agencies. To learn more about the Acronis Splashtop integration, visit solutions.acronis.com/splashtop and Splashtop.com/integrations/acronis.

About Splashtop
Splashtop is a leader in secure remote access and support. Its solutions for flexible work, learning and IT support deliver an ‘in-person experience’ that is as fast, simple and secure as being in front of an on-site machine. Splashtop delivers high performance with 4k quality at 60fps; advanced security features and compliance; one application for access and support for all devices and operating systems; and instant global support with direct access to an expert. More than 30 million users, including those in 85% of Fortune 500 enterprises, enjoy Splashtop products globally. Splashtop.com

About Acronis
Acronis unifies data protection and cybersecurity to deliver integrated, automated cyber protection that solves the safety, accessibility, privacy, authenticity, and security (SAPAS) challenges of the modern digital world. With flexible deployment models that fit the demands of service providers and IT professionals, Acronis provides superior cyber protection for data, applications, and systems with innovative next-generation antivirus, backup, disaster recovery, and endpoint protection management solutions powered by AI. With advanced anti-malware powered by cutting-edge machine intelligence and blockchain based data authentication technologies, Acronis protects any environment – from cloud to hybrid to on premises – at a low and predictable cost.

Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 2,000 employees and offices in 34 locations worldwide. Its solutions are trusted by more than 5.5 million home users and 500,000 companies, and top-tier professional sports teams. Acronis products are available through over 50,000 partners and service providers in over 150 countries and 26 languages.

Spotlight

Smartphones can help law firm employees stay connected, respond faster, and access legal briefs and other client data on-the-go. But that data is highly sensitive, and a lost or hacked device can have massive repercussions on a law firm's reputation and revenue. Here are five key tactics that IT leaders at law firms should be using to mitigate mobile security risks while still giving their attorneys the productivity tools they need.


Other News
SOFTWARE SECURITY

Anglepoint Launches New Public Sector Software Compliance Offering

ANGLEPOINT | December 08, 2022

Anglepoint, the leading Software Asset Management (SAM) services provider for the Public Sector and the Global 2000, has launched the Software Supply Chain Security (SSCS) offering. As mandated by Executive Order 14028, federal government agencies must complete a full audit of their software as part of widespread efforts to improve the nation's cybersecurity. The SSCS offering encompasses a pre-packaged suite of tools and support for agency compliance with the new requirements as set forth by the Office of Management and Budget (OMB) in accordance with the National Institute of Standards and Technology (NIST) under publication 800-218. "More than ever before, the government's mission to safeguard information and systems against threats and vulnerabilities sits firmly at the forefront of every agency Chief Information Security Officer (CISO). Anglepoint stands ready to assist Federal agencies in meeting all requirements as specified by the OMB security regulations in accordance with NIST 800-218 within the designated time frames. We are excited to collaborate with government agencies to meet these important milestones." -Philippe de Raet, Anglepoint's Vice President of Business Development for Public Sector clients. SSCS addresses the three major areas of the regulations that agencies must meet, including: 1) completing a software inventory, 2) developing process and training plans, and 3) attaining self-attestation from all software vendors. Anglepoint's Chief Product Officer, Kris Johnson, says, Anglepoint understands the unique security concerns faced by the US government. SSCS was carefully crafted to offer agencies a level of service in achieving compliance with these complicated regulations that is not available anywhere else. Rather than relying on already over-burdened internal teams or a patchwork of outside consultants, Anglepoint's SSCS experts take agencies through each step necessary to achieve compliance while adhering to the quick succession of deadlines. ABOUT ANGLEPOINT: Anglepoint is the leading provider of SAM & ITAM services to the Fortune 500 & Global 2000. Anglepoint's services drive cost optimization, risk mitigation, strategic planning within the cloud, SaaS, enterprise software and hardware estates of complex hybrid IT environments. We deliver comprehensive managed services including SAM strategy, execution, process automation, technology selection and implementation.

Read More

DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

Legit Security Discovers and Helps Remediate Software Supply Chain Vulnerabilities in Google Firebase & Apache Open-Source Projects

Legit Security | September 16, 2022

Legit Security, a cyber security company with an enterprise platform to secure an organization’s software supply chain, today announced that it discovered software supply chain attack vulnerabilities in popular open-source projects from Google and Apache. The discovered vulnerability affects GitHub, an extremely popular Source Code Management (SCM) system at the heart of many organization’s software supply chains and used by software developers globally. The Legit Security research team found a new type of CI/CD vulnerability called “GitHub Environment Injection” that allows attackers to take control of the vulnerable project's GitHub Actions CI/CD pipeline. Any GitHub user could exploit this vulnerability to modify the project’s source code, steal secrets, move laterally and attack inside the organization, and ultimately initiate a SolarWinds-like supply chain attack. The vulnerability was found in the Google Firebase project and in a very popular integration framework project from Apache. Both Google and Apache acknowledged and fixed the vulnerabilities after an initial disclosure by Legit Security. Legit Security has published a technical disclosure blog on their website including guidance for organizations to remediate this vulnerability. Legit Security’s Research Team discovered that a specially crafted payload written to a GitHub environment variable called “GITHUB_ENV” could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a “pull request” or a proposed change to the source code. The mere act of submitting the pull request will trigger the vulnerable build action and carry out a successful compromise and the attacker does not need to be subjected a code review approval from the source code maintainer for it to take effect. The Legit Security team disclosed these issues to Google and Apache project maintainers, along with remediation guidelines, and verified that these vulnerabilities weren’t exploited by a malicious actor. Both projects have been fixed and are now safe. However, these are not the only projects susceptible to this kind of attack. Since using the GITHUB_ENV file is currently considered the “safe” way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed to supply chain attacks. “This type of vulnerability joins many other software supply chain vulnerabilities and attacks targeting popular open-source projects, including GitHub, which is the largest and the de facto host of most open-source projects. “We, as a security community, must build the tools and processes to address these threats and allow organizations to trust software and use it safely. Here at Legit Security our mission is to secure every organization’s software supply chain and we are active conducting security research and collaborating on initiatives to achieve this goal." Liav Caspi, CTO and co-founder of Legit Security According to Gartner®, nearly half of organizations worldwide will experience an attack on their software supply chains by 2025, a three-fold increase from 2021. There has been a huge rise in attempts to compromise open-source projects and CI/CD build services, including GitHub Actions, to enable wide ranging attacks through software supply chains. For in-depth analysis of the GitHub Environment Injection vulnerability, along with broader information and guidance on how to protect your organization from software supply chain attacks, please visit the Legit Security website and blog. About Legit Security Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code and people so that businesses can stay safe while releasing software fast. Legit provides an easy to implement SaaS platform that supports both cloud and on-premises resources and combines automated discovery and analysis capabilities with hundreds of security policies developed by industry experts with real-world SDLC security experience. This integrated platform keeps your software factory secure and provides continuous assurance that your applications are released without vulnerabilities.

Read More

DATA SECURITY, ENTERPRISE IDENTITY

Keeper Security's Cybersecurity Census Finds U.S. Businesses are Unprepared for Escalation in Cyberattacks

Keeper Security | September 15, 2022

Keeper Security, the leading provider of zero-trust, zero-knowledge and FedRAMP Authorized cybersecurity software, today released findings from its second annual Cybersecurity Census. The report explores insights from IT decision-makers at businesses and organizations across the U.S., revealing that most respondents expect the onslaught of cyberattacks to intensify over the next year, yet 32% lack a management platform for IT secrets–posing a significant risk to organizational security. The 2022 U.S.Cybersecurity Census Report explores the ongoing threats of cyberattacks and the need for cybersecurity investment. The report maps the evolving cybersecurity landscape as hybrid and remote work have transformed businesses over the past two years. According to survey findings, the average U.S. business experiences 42 cyberattacks annually—between three to four each month. Still, fewer than half (44%) of respondents provide their employees with guidance or best practices for governing passwords and access management. IT leaders reveal a lack of preparedness for cyberattacks U.S. businesses face many cyberattacks each year, significantly impacting their organizations. Most respondents agree the total number of attacks will increase over the next year, with 39% predicting the number of successful cyberattacks will also rise. Most organizations in the U.S. believe they're prepared to fend off cyberattacks, with 64% of respondents rating their preparedness at least an eight on a 10-point scale and 28% rating themselves as a 10/10. At the same time, the majority of respondents (57%) say it is taking longer to respond to attacks and only 8% say responses are getting faster. Though most report feeling prepared for attacks, leaders admit their tech stacks lack essential tools. Nearly one-third of respondents (32%) lack a management platform for IT secrets, such as API keys, database passwords and privileged credentials. 84% are concerned about the dangers of hard-coded credentials in source code but 25% don't have software to remove them. More than one-quarter of respondents (26%) said they lack a remote connection management solution to secure remote access to IT infrastructure. With the rise in hybrid work and remote work, this is a significant security gap. This lack of investment in cybersecurity tools is alarming, especially considering the lasting impact of cyberattacks that survey respondents revealed. Nearly one-third (31%) suffered a disruption of partner or customer operations in the wake of a cyberattack and the same percentage experienced theft of financial information. 18% of organizations experienced theft of money, with the average amounting to more than $75,000, while 37% lost $100,000 or more. 23% experienced the inability to carry out business operations. In addition to direct costs, cyberattacks can cause lasting damage to business perception and client trust. More than one-quarter of respondents (28%) suffered reputational damage due to a successful cyberattack and 19% reported losing business or a contract. "The volume and pace at which cyberattacks are hitting businesses is increasing and with that come severe financial, reputational and organizational penalties," said Darren Guccione, CEO and co-founder of Keeper Security. "Leadership must prioritize cybersecurity, enabling their security teams to address rapid shifts in technology and distributed remote work. The impact these shifts have on cybersecurity are both pervasive and extreme. Building a culture of trust, accountability and responsiveness is critical." U.S. businesses must take immediate action against cyber threats Cybersecurity is a pillar of every good business and these findings underscore the need for business leaders to make cybersecurity a part of organizational culture. U.S. business leaders are working to source the necessary talent to stay secure. Nearly three-quarters (71%) of respondents have made new hires in cybersecurity over the past year and 58% say they've increased cybersecurity training. A devastating cyberattack is one stolen password away, but despite this threat, fewer than half (48%) of respondents state they have plans to invest in password management, visibility tools for network-based threats or infrastructure secrets management. Only 44% of respondents provide their employees with guidance and best practices governing passwords and access management. 30% of respondents allow employees to set and manage their passwords and admit that employees often share access to passwords. A mere 26% have a highly sophisticated framework for visibility and control of identity security. Many organizations are considering future investments with 73% of respondents expecting their cybersecurity budgets to increase. However, they face being outmatched by rising external threats and the demands created by existing weaknesses. Cybersecurity in company culture Employees understand the dangers of both external and internal threats. An overwhelming 79% of IT professionals are concerned about a breach from within their organization and 47% have suffered a breach of that nature. As more employees work remotely, businesses must rethink their investments in order to maintain security. In fact, 40% of respondents highlighted remote and hybrid work as a top concern, with rising external threats close behind at 39%. IT leaders themselves admit a lack of transparency in cyber incident reporting within their organizations, with nearly half of respondents (48%) being aware of a cyberattack, but keeping it to themselves. Businesses must foster a sense of trust and transparency in their organizations, creating an open dialogue to recognize the scale of the cybersecurity challenges their organization faces. Only with that recognition can resources be devoted to education and embedding a cybersecurity mindset into the organization's culture. Keeper's 2022 U.S. Cybersecurity Census Report demonstrates that cyberattacks present a profound and ongoing threat. Preventative measures, including investment, education and cultural shifts, are essential for businesses to drive resilience and protect their organizations from cybercriminals. Methodology The report yielded results from 516 IT leaders and decision-makers in businesses across the U.S. About Keeper Security Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyberattacks, while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password management, secrets management, privileged access, secure remote infrastructure access and encrypted messaging.

Read More

DATA SECURITY, ENTERPRISE IDENTITY

Cybeats Announces Partnership with Veracode, an Industry-Leading Application Security Firm

Cybeats | September 29, 2022

Cybeats Technologies Inc., a leading software supply chain risk and security technology provider announces a strategic partnership with Veracode, a leading global provider of application security testing solutions. The partnership will leverage complementary expertise to ensure customers receive the highest standard of cybersecurity solutions. Cybeats' software supply chain security product, SBOM Studio, will be available to customers through Veracode Partners, and the companies will explore joint commercial opportunities. Once generated within the Veracode Continuous Software Security Platform, a Software Bill of Materials (SBOM) can enable greater software security by offering a full inventory of the third-party components used within an application. Cybeats SBOM Studio is an enterprise-class solution that helps companies understand and track third-party components that are an integral part of their own software. Veracode will provide advice and guidance around the commercial deployment of SBOM Studio within its existing customer base. The partnership aims to enable both companies to continue to expand their existing presence in the global cybersecurity market. Through this alliance, the companies' joint customers will be able to maximize their technology investments and procure, develop, and deploy secure software, while reducing the risk of a security breach resulting from weak links in their software supply chain. "As a Veracode Elite Technology Alliance Partner, Cybeats brings additional expert solutions to the frictionless developer experience already offered by our Continuous Software Security Platform," said Laurie Haley, Vice President of Strategic Alliances at Veracode. "By complementing our existing software composition analysis capability, Cybeats' integrated solutions will allow customers to maximize SBOM (Software Bill of Materials) utility and simplify their workflow for greater ROI." "We are honoured to partner with Veracode to expand each other's presence in the global cybersecurity market. As the cyber risk related to software supply chain attacks continues to mount, deep visibility and universal transparency using SBOMS is necessary for resilient cybersecurity defense." Yoav Raiter, CEO, Cybeats "In this modern era of rapid development, the importance of time to market and automation is paramount. Together, Veracode and Cybeats offer a substantial contribution to enabling our customers to align with the SBOM market needs and seamlessly support practices mentioned in SSDF NIST 800-218 framework without increasing the overhead on their development and product security teams," said Dmitry Raidman, CTO, Cybeats Through a single, centralized platform offering comprehensive visibility into vulnerabilities using all software security testing types, Veracode delivers one of the industry's only cloud-native solutions that allows partners to onboard quickly and seamlessly, so companies can securely move AppSec to the cloud. As a result of this partnership, Veracode can easily integrate the full breadth of Cybeats' software solutions into their customers' environments. The partner program provides market-leading solutions and services to get partners up and running straight away, with minimal impact to their existing business. Cybeats SBOM Studio SBOM Studio provides organizations with the capability to efficiently manage SBOM and software vulnerabilities, and provides proactive mitigation of risks to their software supply chain. Key product features include robust software supply chain intelligence, universal SBOM document management and repository, continuous vulnerability, threat insights, precise risk management, open source software license infringement and utilization, and secure SBOM exchange with regulatory authorities, customers and vendors, at reduced cost. About Cybeats Cybeats is a leading software supply chain intelligence technology provider, helping organizations manage risk, meet compliance and secure software from procurement, development through operation. Our platform provides customers with deep visibility and universal transparency into their software supply chain, as a result enables them to increase operational efficiencies and revenue. Cybeats. Software Made Certain.

Read More

Spotlight

Smartphones can help law firm employees stay connected, respond faster, and access legal briefs and other client data on-the-go. But that data is highly sensitive, and a lost or hacked device can have massive repercussions on a law firm's reputation and revenue. Here are five key tactics that IT leaders at law firms should be using to mitigate mobile security risks while still giving their attorneys the productivity tools they need.

Resources