SOFTWARE SECURITY

Sysdig Open Source Is Extended to Secure Cloud Services

Sysdig | May 16, 2022

Sysdig
Sysdig, the unified container and cloud security leader, announced that Sysdig open source, the incident response standard for containers, has been extended to the cloud. Using system calls, Sysdig open source (Sysdig OSS) traditionally offers deep observability into running applications, as well as file system access and network activity, which speeds incident response and troubleshooting. Teams can quickly filter information from Sysdig OSS and take action. With the announcement of this new integration, these capabilities have been extended beyond containers to any cloud environment.

Today, Sysdig announced Edd Wilder-James has joined Sysdig from Google to lead the company’s open source ecosystem team.

The complexity of cloud-native applications – with countless components and variables – makes it extremely difficult for security analysts and system administrators to quickly triage alerts and debug problems. Sysdig OSS captures process, file system, and network activity in real time and with a high degree of granularity. The tool, which has nearly two million downloads and 6,850 GitHub stars, surfaces everything from executed commands and file system activity to network activity. Sysdig OSS then offers advanced filtering and troubleshooting capabilities, supporting root cause analysis for security and performance issues.Using a new plugin framework – originally developed by the open source community for the CNCF project Falco – Sysdig extends the number of sources Sysdig OSS can be connected with to anything that generates logs or events, including Azure, Google, and AWS CloudTrail logs. Going forward, every plugin developed for Falco can also be leveraged by Sysdig OSS. Using one tool, like Sysdig OSS, to observe events from the entire cloud-native environment streamlines investigations. Using a different tool for each environment adds complexity, which makes it massively harder to troubleshoot.

Sysdig’s Commitment to Open Source

Sysdig was founded as an open source company and Sysdig Secure and Sysdig Monitor were both built on an open source foundation to address the security challenges of modern cloud applications. Both projects were created by Sysdig to leverage deep visibility as a foundation for security, and they have become standards for container and cloud threat detection and incident response. Falco, which was contributed to the CNCF in 2018, is now an incubation-level hosted project with more than 45 million downloads.

Sysdig OSS and Falco can be used together as a powerful open source solution to reduce risk at runtime. Sysdig OSS acts as a flight recorder, capturing a detailed record for inspection. Falco acts as a security camera, continuously detecting unexpected behavior, configuration changes, intrusions, and data theft in real time. Teams can use Sysdig OSS and Falco together to detect and respond to threats.

“If you want to see what is going on inside an application, Sysdig OSS gives you that record. “Sysdig open source was the inspiration for Falco. While Falco will monitor and alert based on your policies, Sysdig open source will tell you what happened at a particular time, before and after the event. Having the ability to use both open source tools in the cloud is extremely powerful.”

Loris Degioanni, Founder and CTO of Sysdig

About Sysdig
Sysdig is driving the standard for cloud and container security. The company pioneered cloud-native runtime threat detection and response by creating Falco and Sysdig as open source standards and key building blocks of the Sysdig platform. With the platform, teams can find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. From containers and Kubernetes to cloud services, teams get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes. The largest and most innovative companies around the world rely on Sysdig.

Spotlight

Cyber security is a process, not a destination. No matter how well you’re prepared, chances are you will be hacked at some point. Along with a strong security defense strategy, you need a plan to investigate and remediate a breach. Many organisations outsource basic security tasks to a Managed Security Services Provider (MSSP). Unlike an IT department, the MSSP has purpose-built tools and processes focused solely on securing your environment. Download this white paper to discover how integrated services reduce risk for your  organisation.


Other News
DATA SECURITY

Rubrik Launches Rubrik Security Cloud to Secure Data, Wherever it Lives, Across Enterprise, Cloud, and SaaS

Rubrik | May 18, 2022

Rubrik, the Zero Trust Data Security™ Company, today announced Rubrik Security Cloud to secure customers’ data, wherever it lives, across enterprise, cloud, and SaaS. Ransomware is on the rise and cyberattacks are getting more sophisticated. Despite investments in infrastructure security tools, cybercriminals are still getting through to the data. And when they take the data down, they take down the entire business. It’s time for a new approach. The next frontier in cybersecurity pairs the investments in infrastructure security with data security giving companies security from the point of data. Rubrik is a pioneer in data security and the Rubrik Security Cloud delivers three unique capabilities: Data Resilience: Safeguards data by providing immutable, logically air-gapped data protection with multi-factor authentication-based access control. Data Observability: Continuously monitors risks and investigates threats to data including Ransomware Monitoring and Investigation powered by machine learning to detect data anomalies, encryptions, deletions, and modifications; Sensitive Data Monitoring to find and classify the most sensitive data, and assess exfiltration risk; and Threat Monitoring and Hunting to identify indicators of compromise and find the last known clean copy of data. Data Recovery: Quickly contains threats and recovers data, whether it’s a file, application data or a mass recovery for the entire organization. Rubrik’s new Threat Containment capability quarantines malware and restricts user access to infected data to support safer recovery. As organizations continue to struggle with cyberattacks that compromise data, Rubrik also launched the Data Security Command Center to easily assess whether data is safe and capable of being recovered from a cyberattack. Now, customers can see which data is at risk and get recommendations to make their data more secure. “Every company in the world is vulnerable as cybercriminals get more savvy every day. With Rubrik Security Cloud, we are strengthening customers' defenses so they can secure their business across enterprise, cloud, and SaaS workloads. Our data security platform enables our customers to defend their data, recover quickly, and prevail in this new cyber landscape.” Bipul Sinha, Rubrik CEO and co-founder “INTEGRIS Health is proud to be the largest not-for-profit health care system in Oklahoma, with eighteen hospitals in our network and more than a million patients that rely on us every year for their health care needs. With the expansive network we support, it’s paramount that our data is resilient, and we maintain a strong data security posture to keep our hospital moving. As a CIO, I believe Rubrik is an important service and helps us provide excellent patient care. As a Rubrik customer, we’re thrilled to see the continued innovation with Rubrik Security Cloud and the company’s ongoing focus on keeping customer data safe and making it easy to recover in the face of cyber-attacks, like ransomware,” said Bill Hudson, CIO of INTEGRIS Health. "NJ TRANSIT delivered more than a quarter of a billion annual passenger trips before the pandemic and is responsible for our riders’ safety, mobility, and livelihoods every day. It’s imperative that nothing interrupts our business, so we’ve prioritized a strong data security strategy in partnership with Rubrik. We’re committed to the ongoing and necessary work that gives our data resilience and helps us reduce our risk as we face ever evolving, and inevitable, cyber threats,” said Rafi Khan, CISO of NJ TRANSIT. Research and Development Fuels Additional Capabilities As part of Data Observability, Sensitive Data Discovery for Microsoft 365 discovers and classifies sensitive data within Microsoft 365 to better assess risk and help maintain compliance with regulations. These latest integrations build on the joint collaboration between Rubrik and Microsoft. Last year, Rubrik Cloud Vault built on Microsoft Azure was launched to help customers better defend against cyberattacks using a fully managed, secure and isolated cloud vault service. Since launch, Rubrik has seen strong demand for Rubrik Cloud Vault across key industries including Healthcare and Life Sciences, Manufacturing, State and Local Government, and Financial Services as customers build Zero Trust solutions to defend against and recover from ransomware. “Businesses need a data resiliency strategy to keep their data secure in the face of escalating cyber threats,” said Jurgen Willis, Vice President Microsoft Azure. “Rubrik's Security Cloud, which builds on integrations with Rubrik Cloud Vault and Microsoft Azure, will help customers accelerate their Zero Trust journey.” Rubrik Security Cloud is available now and new enhancements will be available in the months ahead. About Rubrik Rubrik, the Zero Trust Data Security™ Company delivers data resilience, data observability, and data recovery for organizations. Rubrik keeps your data safe and easy to recover in the face of cyber attacks and operational failures. Now you can recover the data you need, however and whenever you need it to keep your business running.

Read More

PLATFORM SECURITY

OccamSec Unveils Revolutionary Cybersecurity Platform Set to Change the Industry

OccamSec | May 04, 2022

OccamSec, a leading cybersecurity provider, announced today the launch of their Incenter platform. Incenter identifies the security weaknesses an organization has in real-time, and helps teams develop insights and communicate business context from a security perspective. For today's organizations, the threat landscape is constantly evolving. Penetration testing and vulnerability scanning can help, but with new vulnerabilities and exploits found all the time, infrequent testing means risk data may be outdated. At the same time the industry is trending towards slicing the solution ever thinner, which means costs keep increasing. Incenter combines the functionality of a range of security services in one single solution. The platform provides, in real time, where an organization is vulnerable, and just as critically, what the impact will be if an attack occurs. Incenter utilizes a dual approach. It combines the best in technology with advanced automated testing, and the best in people with OccamSec's security team. Supported by vulnerability research and a threat intelligence team, the burden on clients having to buy multiple services is eliminated. Users have the ability to generate reports that compile real-time information with the touch of a button, rather than waiting for a timed report to be generated. Incenter also provides step-by-step guidance on how to mitigate any risks that are identified, with the tools an organization already has which means no hidden costs. Incenter combines the functionality of a range of security services in one single solution: Manual Penetration Testing Penetration Testing as a Service (PTaaS) Automated Security Validation (ASV) Vulnerability Scanning External Attack Surface Management (EASM) Crowd Source Penetration Testing Threat Intelligence This provides a single source of truth on the exposures an organization faces. Improving the effectiveness of any security team, regardless of size, and at the same time breaking organizations out of ever increasing cyber security expenditure. The platform's focus on the unique business context of each organization means that security teams no longer have to trudge through 1000's of scan findings or determine how relevant a penetration test finding is and how to fix it. At the same time from the dashboard, management can see a high level summary of their organization's exposure, the likelihood of a breach, and how much it's going to cost them. "Over the years we have seen what works, what doesn't and where the gaps are," says OccamSec founder Mark Stamford. "The biggest gap is organizations needing more and more tools and services to effectively secure themselves. The key to effective security is joining the dots, not having ever more dots scattered in ever more places. With Incenter we have combined the talents of our security team and their expert knowledge, with a technical solution that is unrivaled. The result is a win for our clients, regardless of size." About OccamSec OccamSec is a leading provider in the world of cybersecurity. Its clients rely on them to provide information security services that exceed current industry standards. OccamSec provides accurate, actionable information to reduce risk and enable better informed decisions. Its unique end-to-end solutions detect, identify, respond, and protect in order to maximize the effectiveness of security programs.

Read More

DATA SECURITY

CloudCover Continues to Move Into a New Era of CyberSafety with the Launch of CloudCover’s Cyber Liability

CloudCover | December 27, 2021

The cybersecurity insurance market is in trouble, fueled by a rapid increase in cyber attacks – up 486% from the beginning of 2018 through the end of 2021, according to Aon. As a result, insurers have little choice but to raise rates and scrutinize policy terms and conditions, as there’s no historical data to set policies and premiums like traditional insurance products. CloudCover, the company Reimagining CyberSecurity, is making strides to improve cyber safety by creating the first end-to-end cyber security technology and insurance platform. Today, the company announces the continued rollout of its suite of CloudCover insurance products with the launch of a new insurance offering: CloudCover Cyber Liability (CCCL) and Information Systems Business Interruption (ISBI) insurance. The release of the cybersecurity insurance coverage brings forward an entirely new market category: cybersecurity network and data insurance cover that utilizes the CC/B1 PlatformTM to obtain the data analytic set required to efficiently underwrite and set accurate premiums. CloudCover’s $1 Million Ransomware Warranty was launched in September 2021. Through its CCCL insurance, CloudCover will issue a $1 million cover per occurrence and a $10 million aggregate policy. This insurance option covers: First-party response costs, including any costs associated with the investigation and remediation of cybersecurity breaches, as well as payment for costs associated with notifying affected parties of the breach, Third-party liability and regulatory costs, including any costs associated with the defense of lawsuits, regulatory fines, and penalties in addition to the costs associated with any judgements rendered from those activities, and Cover for any ransom demanded by cyber criminals who have locked the insured company’s network or computer systems. Similar to the CCCL coverage, CloudCover will also issue $1 million coverage per occurrence and a $10 million aggregate policy for its ISBI coverage. The insurance policy provides payment for lost revenue in the event that a Distributed Denial of Service (DDoS) attack disrupts or compromises the insured party’s network. Both insurance covers are powered by CloudCover’s CC/B1 Platform, an advanced Intelligent Threat ManagementTM security solution. The CC/B1 relies on a patented AI/ML (automated intelligence/machine learning), X-NDR (extended network detection and response), SOAR (security, orchestration, automation and response) technology that empowers risk awareness, risk control, and risk transfer in near real time. The platform operates as a Firewall EverywhereTM, collecting data from all corners of an organization’s network, streamlining and utilizing machine learning to detect, analyze, and stop suspicious activity – all while using the collected network patterns with risk scoring and building actuarial models for incremental cybersecurity network insurance. “This marriage of cybersecurity technology and cyber insurance represents the creation of a new market,No other security vendor is able to provide cybersecurity risk scoring, risk event mitigation and mediation, accurate identification and threat stopping, and cyber risk insurance underwriting and auto-adjudication for claims in one platform. Using cybersecurity technology to learn about a company’s network and utilizing that data to create more accurate premiums and better coverage gives our industry the opportunity to better control cybersecurity insurance losses in the future, as we’ll be able to detect threats and issue micro-policies in a fraction of a second.” Stephen Cardot, founder and CEO of CloudCover In the months ahead, CloudCover plans to debut the final product in its initial CyberSafety Insurance Coverage portfolio: Cybersecurity Network Data Insurance, which will be the first insurance policy to insure data in motion with both first- and third-party liability coverage. This insurance, which will launch in February 2022, makes it possible for organizations to insure and thereby value their intangible assets, i.e., data, just as they would other company assets – something that’s been long seen as impossible in the FASB/GAAP industry. In order to purchase CloudCover’s insurance offerings, a company will need to have the CC/B1 Platform installed on its network in addition to completing CloudCover’s CyberSafety Registry. About CloudCover CloudCover is an AI-driven, virtual machine-learning cybersecurity platform. CloudCover has reimagined cybersecurity as a risk-predictive CyberSafety Platform – delivering real-time extended network detection and response through a patented, math-based security orchestration automated response risk aware/control solution. The CloudCover SOAR capability accumulates data between an organization’s diverse security technologies and environments and streamlines them into holistic actions on potential risks. The CC/B1 Platform provides an ever-evolving, protective security layer to your existing cybersecurity tech stack – meaning network threats are detected in near zero-second speed with near zero-threat accuracy. With CloudCover, the elusive “single pane of orchestration” capability of an organization’s network security isn’t a myth – it’s reality.

Read More

ENTERPRISE SECURITY

SecurityScorecard and Marsh McLennan Collaborate to Elevate Cybersecurity in Challenging Risk Landscape

SecurityScorecard | January 28, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced a collaboration with Marsh McLennan, the world's leading professional services firm in the areas of risk, strategy and people, to enable organizations around the world to improve their cyber resilience. As part of the collaboration, Marsh McLennan's Cyber Risk Analytics Center will leverage SecurityScorecard's data and analytics to gain real-time cyber risk insights and define risk mitigation strategies for the Company's global client base. The companies will also collaborate on joint research aimed at increasing awareness of cyber risk and educating the market on risk management strategies. "We are excited to work with Marsh McLennan, which understands that to stay competitive, you must stay innovative," said Prashant Pai, Senior Vice President and General Manager of Strategic Initiatives at SecurityScorecard. "Given how fast the cyber risk landscape evolves, it's essential that business leaders have access to the most up-to-date and complete view of a client's cybersecurity posture." "Cyber risk evolves minute-to-minute, making it challenging to build data-driven risk management strategies,SecurityScorecard's data and analytics are a valuable addition to our proprietary insights, furthering our ability to help our clients stay on top of emerging vulnerabilities and threats that may impact their businesses." Scott Stransky, Managing Director, Marsh McLennan Cyber Risk Analytics Center SecurityScorecard continuously monitors millions of entities worldwide and non-intrusively assesses their security posture across 10 risk categories including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security and patching cadence. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

Spotlight

Cyber security is a process, not a destination. No matter how well you’re prepared, chances are you will be hacked at some point. Along with a strong security defense strategy, you need a plan to investigate and remediate a breach. Many organisations outsource basic security tasks to a Managed Security Services Provider (MSSP). Unlike an IT department, the MSSP has purpose-built tools and processes focused solely on securing your environment. Download this white paper to discover how integrated services reduce risk for your  organisation.

Resources