Enterprise Security,Platform Security,Software Security

SteelCloud and Telos Corporation Collaborate to Enhance NIST RMF Compliance

SteelCloud and Telos Corporation Collaborate to Enhance

SteelCloud LLC, a leading CIS and STIG compliance automation software developer and Telos Corporation, a renowned provider of cyber, enterprise, and cloud security solutions to the world's most security-conscious organizations, recently announced entering into a partnership to assist customers in reducing the complexity of NIST Risk Management Framework (RMF) compliance. Customers gain access to all seven RMF phases via a unified, automated solution.

SteelCloud's ConfigOS capabilities take care of the identify/ categorize, select, and implement components of RMF for technical assets. ConfigOS examines an asset, determining whether Security Technical Implementation Guides (STIG) apply, scanning against the STIG standards, identifying compliance indicators, and automating the remediation of findings. Meanwhile, Xacta incorporates and uses this information during the RMF's assessment and authorization processes, as well as when the monitor step is initiated once authorization to operate (ATO) is obtained.

Working together, ConfigOS and Xacta drive decisions to address identification and selection problems while reporting important indicator metrics required to achieve and sustain ATO. STIG and vulnerability data from ConfigOS are integrated into Xacta and mapped to appropriate requirements as part of Assessment and Authorization (A&A), providing customers with a streamlined approach to gaining necessary permissions. Xacta's workflow automation streamlines the whole NIST RMF workflow, managing validation, analysis, documentation, and accreditation processes from start to end.

About Telos Corporation

Telos Corporation provides solutions for continuous security assurance of personnel, systems, and information to the world's most security-conscious enterprises, empowering and protecting them. The company offers enterprise security solutions for identity and access management, organizational messaging, secure mobility, and network management and defense. Telos Corporation serves commercial organizations, regulated sectors, and government customers all around the world.

About SteelCloud

SteelCloud is a company that creates STIG and CIS compliance software for government and business clients. The company's product reduces the complexity, effort, and cost of implementing federal security standards by automating policy and security repair. SteelCloud has provided enterprise-wide security policy-compliant solutions, easing setup, and ongoing security and compliance support. SteelCloud goods are simple to obtain through our GSA Schedule 70 contract.

Spotlight

Other News
Software Security

Keeper Security’s Latest Update Improves Android and User Interface

Keeper Security, Inc. | September 25, 2023

Keeper Security, a prominent cybersecurity software provider specializing in zero-trust and zero-knowledge solutions safeguarding credentials, privileged access, secrets, and remote connections, has announced the unveiling of a new, contemporary User Interface (UI) for the Keeper Password Manager application on Android. This awaited release introduces enhanced usability, intelligent search capabilities, and quicker synchronization times. With a focus on a polished appearance and user-friendly interactions, these enhancements are designed to simplify the utilization of Keeper's robust password and passkey management features, offering improved clarity and search functionality. Keeper has adopted an incremental approach to enhancing the user experience, consistently refining the appearance, usability, and overall feel of its applications while staying mindful of the importance of consistency, familiarity and the world-class security and functionality that Keeper users have come to expect. With this update, Keeper's new user experience has been effectively implemented across all platforms, encompassing desktop, web browsers, and iOS. Android users can also anticipate an upcoming dark mode experience soon. Android users of Keeper will encounter refreshed themes, including a default Light Mode and improved user-selectable themes. Additionally, new features include: Streamlined Usability Friendlier Interface Accessibility and Inclusion Advanced Search Craig Lurey, CTO and Co-Founder of Keeper Security, said, We are excited to introduce these enhancements to our Android app, completing the rollout of our stunning new user interface (UI) to every Keeper user. [Source – Cision PR Newswire] Lurey stated that the update represented their ongoing commitment to delivering the best possible user experience while maintaining the highest security standards. He mentioned that with the improved usability, modernized interface, and lightning-fast sync times, Keeper Password Manager for Android continued to be a go-to solution for organizations and individuals looking to secure their digital identities. About Keeper Security Keeper Security is revolutionizing the way to secure passwords, confidential data, and secrets for individuals and organizations worldwide. The company's user-friendly cybersecurity platform is built on the foundation of zero-trust and zero-knowledge security, providing protection for users on all devices. Its solution is quick to deploy and seamlessly integrates with any technology stack, effectively preventing breaches, lowering help desk expenses, and ensuring compliance. Trusted by millions of individuals and numerous global organizations, Keeper leads in top-tier password management, privileged access, secrets management, secure remote access, and encrypted messaging solutions.

Read More

API Security

Salt Security, CrowdStrike Expands Partnership with New Integration

Salt Security | September 20, 2023

Salt Security, a prominent API security company, has announced the expansion of its partnership with CrowdStrike, a leading cybersecurity technology company providing cloud workload and endpoint security, cyberattack response, and threat intelligence services. This expansion involves the integration of the Salt Security API Protection Platform with the widely recognized CrowdStrike Falcon Platform. Roey Eliyahu, Co-founder and CEO of Salt Security, stated, Protecting against API threats requires deep visibility and robust runtime protection. We’re excited to bring our unique strengths in API security to the CrowdStrike customer base with this new integration. Together with CrowdStrike, Salt can provide organizations with extended runtime protections and posture management across the cloud and application landscapes. [Source – Cision PR Newswire] Through this integration, customers gain access to a comprehensive 360-degree view of API security risks, particularly focusing on the application-layer attack surface. This integration is accessible via the CrowdStrike Marketplace and provides valuable API threat intelligence. It also enhances cross-organization API security capabilities by streamlining and enhancing the workflows related to API auditing, monitoring, and enforcement. The partnership between Salt Security, offering top-notch API runtime monitoring and AI-driven insights, and CrowdStrike, renowned for its award-winning AI-powered protection, provides organizations with complete visibility into their API attack surface. This integration also offers valuable context regarding the severity of threats in relation to business-critical aspects. With this partnership, customers benefit from: API vulnerability and threat context API threat mitigation API threat management automation The patented Salt API security platform stands out for its utilization of cloud-scale big data, artificial intelligence (AI), and machine learning (ML). These technologies work in tandem to automate the process of discovering and cataloging an organization's entire set of APIs. Salt plays a crucial role in pinpointing areas where APIs might expose sensitive data. This proactive approach aids enterprises in recognizing and mitigating potential API threats while also reinforcing their overall API security. Gur Talpaz, Head of Falcon Fund and Vice President of Corporate Development at CrowdStrike, said, With APIs now a prime target for malicious actors, securing them requires a comprehensive and diligent approach. Through this joint integration, we can harness the mature AI-driven intelligence of the Salt API security platform with our widely deployed Falcon platform, giving organizations complete visibility into their application-layer attack surface and a detailed understanding of their application threat landscape. [Source – Cision PR Newswire] About Salt Security Salt Security is a leading API security company that safeguards the APIs at the core of all modern applications. Its API Protection Platform is the sole API security solution that integrates the power of cloud-scale big data with time-tested machine learning and artificial intelligence to detect and prevent API attacks. Salt provides extensive context, real-time analysis, and continuous insights for API discovery, hardening APIs, and attack prevention by correlating the activities of millions of APIs and users over time.

Read More

Software Security

ZeroFox Unveils New Anti-Phishing Features to Stop Attacks at Source

ZeroFox | September 22, 2023

ZeroFox, an industry-leading provider of enterprise software-as-a-service for external cybersecurity, has announced the unveiling of multiple anti-phishing product enhancements. These updates solidify ZeroFox's position as the world leader in digital risk protection. Developed using cutting-edge AI/ML technologies and designed by a team of top-tier security experts, these new anti-phishing features boost escalated alert volume, reduce the occurrence of false positives, and expedite the process from threat identification to initial disruption and successful takedowns for all our customers. The importance of these new features cannot be overstated, especially given the rising threat landscape. In the first half of 2023, ZeroFox Intelligence has recorded a substantial increase in the volume and complexity of phishing attacks, including a 30% surge in domain takedowns compared to the first half of 2022. New ZeroFox phishing trend research also highlights the adoption of evasion techniques like cloaking alongside emerging tactics such as SEO poisoning and phishing-as-a-service. These developments underscore the critical role of these new capabilities in safeguarding against evolving cyber threats. Continuous and Complete Protection Against Domain-based Threats ZeroFox adopts a unique approach to phishing compared to email security and conventional anti-phishing providers. Its strategy revolves around the identification, disruption, and elimination of the domains necessary for launching phishing campaigns. With daily monitoring of over 65 million domains, ZeroFox combats various threats like typo squats, subdomain spoofs, homoglyphs, and other malicious domain and URL-based attacks, effectively shielding customers and preventing any disruptions to business operations. Incorporate advanced domain protection capabilities to enhance their cybersecurity measures, aiming to achieve substantial and measurable business outcomes: Reduce Phishing Risks with Anti-Cloaking Capabilities: Strengthen Compliance and Trust with SSL Monitoring Secure Brand Identity with Favicon Search Improve Operational Efficiency with Enhanced Subdomain Coverage Enhance User Experience (UX) with Weblog Monitoring Mike Price, Chief Technology Officer of ZeroFox, said, ZeroFox has been detecting and disrupting phishing attacks for the last decade, constantly enhancing our solution to protect our customers from changing phishing techniques used by threat actors, including the widespread use of malicious cloaking and subdomains techniques. [Source – Globe Newswire] Price stated that the enhanced capabilities being announced represented their ongoing commitment to tackling the increasing phishing challenge encountered by security teams. He emphasized that as phishing continued to evolve, ZeroFox would remain a trusted anti-phishing partner dedicated to safeguarding customers from both current and future phishing techniques. About ZeroFox ZeroFox, a prominent enterprise software-as-a-service provider in the field of external cybersecurity, has revolutionized security beyond the corporate perimeter on the internet, where businesses conduct their operations and threat actors are active. Their platform seamlessly integrates cutting-edge AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust set of breach, incident, and takedown response tools. This enables them to uncover and disrupt various threats, including phishing and fraud campaigns, botnet exposures, impersonations, credential theft, data breaches, and physical threats that target domains, brands, personnel, and assets.

Read More

Software Security

Malwarebytes Announces Consumer Identity Theft Protection Solution to Defend Against Online Fraud and Theft

PR Newswire | October 27, 2023

Malwarebytes, a global leader in real-time cyber protection, today launched an essential new consumer solution, Identity Theft Protection. The new service helps individuals secure their digital identities and defend against identity and online threats. Malwarebytes Identity Theft Protection includes real-time identity monitoring and alerts, robust credit protection and reporting and live agent-supported identity recovery and resolution services – backed by up to a $2 million identity theft insurance policy. The new service, paired with Malwarebytes' award-winning antivirus and VPN software, helps prevent criminals from stealing or using personal information to drain financial accounts, hack or impersonate social media accounts, damage a user's reputation or other online and identity-based attacks. Today's digital life is complex and sometimes deceptive. According to new research from Malwarebytes, identity theft ranks as people's third biggest concern when it comes to online security, just behind fear of financial accounts and personal data being breached – both of which play into identity theft. Of those surveyed 64% agree that identity theft protection is important, but only 13% have it. Consumers are also increasingly fearful of new technology. Malwarebytes gives consumers protection they can trust, alerting them when we see their information has been stolen and providing live agent support to restore their identity and replace lost items. Even as we spend more and more of our lives online, we all know that the internet today can't be trusted, said Mark Beare, GM of Consumer Business Unit, Malwarebytes. Consumers need a tool that not only blocks threats like malware and phishing, but that also monitors and protects their digital identity, be that social media profiles, bank accounts or email. With Malwarebytes Identity Theft Protection, we provide a robust and exhaustive suite of services so individuals and families can rest easy knowing that we are actively working to keep them safe and protect their digital identity. Malwarebytes Identity Theft Protection is available globally through a variety of tiered offerings that provide protection via computers and mobile devices across multiple operating systems including Windows, macOS, Android and iOS. Key features include: Identity Monitoring & Alerts: Continuously scours a multitude of websites and data sources, including the Dark Web, to alert if personal information is being illegally traded or sold. Recommends actions to take to protect yourself. Credit Monitoring and Protection: Ongoing tracking of credit for critical changes, such as new accounts or inquiries and applications for new lines of credit. A credit freeze also can be activated*. Breach IQ: Provides a safety score and alerts if personal information is part of a known breach*. Identity Recovery & Resolution: Assistance in the event of an identity theft incident, including guided steps to report the crime, dispute fraudulent charges, restore identity and recuperate financial losses incurred. Includes up to a $2 million insurance policy. About Malwarebytes Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes' award-winning endpoint protection, privacy and threat prevention solutions along with a world-class team of threat researchers protect millions of individuals and thousands of businesses across the globe daily. Malwarebytes solutions are consistently recognized by independent tests including AVLAB and AV-TEST. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.

Read More