Time Is Right for Unified Security Solutions, Finds Check Point's Dimensional Research Survey

Cisco | June 12, 2020

  • Non-integrated point solutions make enterprise cyber security more challenging, thereby damaging confidence in security, according to a plurality of IT and security professionals.

  • Adding multiple products from different suppliers simply adds more complexity and can potentially undermine the organisation’s security.

  • Cisco’s network security unit is also banging the drum for unified security solutions with its SecureX platform, a cloud-native security platform.


Non-integrated point solutions make enterprise cyber security more challenging, thereby damaging confidence in security, making it harder to gain an accurate picture of what is going on, and wasting time managing multiple suppliers, according to a plurality of IT and security professionals. This is the key finding of a Dimensional Research survey of 411 security specialists conducted on behalf of security firm Check Point, which set out to examine IT leaders’ attitudes towards consolidated security services.


The study found that close to 50% of organisations tended to deploy anywhere between six and 40 security products around their estate, and virtually every organisation quizzed used multiple suppliers, with larger organisations tending to use more. A total of 98% of organisations said they were using multiple consoles to manage these products, making it impossible to get a truly holistic view of the threat landscape and complicating responses to any incidents that flare up.



Read more: CISA RELEASES FIRST OF ITS SERIES OF SIX CYBERSECURITY ESSENTIALS TOOLKITS

Some organisations operate under the false assumption that more products translate to more security. However, in this situation, global security leaders should adopt the less is more mentality .

~ said Ian Porteous, Check Point regional director


Meanwhile, the never-ending process of maintenance, upgrade, contract renewals and other activities related to “the care and feeding” of a security solution caused a headache for 79% of security professionals. Adding multiple products from different suppliers simply adds more complexity and can potentially undermine the organisation’s security. Enterprises need a consolidated cyber security solution that strengthens their defences while improving their agility against all forms of attack.


Check Point said that many of those who responded to the study believed prioritising supplier consolidation would lead to a better overall security posture, and many were taking advantage of the shifts occasioned by the Covid-19 coronavirus pandemic to reassess their needs. The findings support Check Point’s own views that reducing the number of suppliers enables organisations to enable a higher level of security through superior integration and fewer functional gaps between the protections that each product delivers.


That is what we need to do in the next decade – to try, as much as possible, to make security simple, available and uniform, so it can fight these threats.


At Check Point’s CPX360 event in February 2020, the firm unveiled its Infinity Next concept, which it said will address the concerns of chief information security officers (CISOs), who say that they have too much technology and too many products; of security engineers, who say that they are overwhelmed and cannot secure clouds and internet of things (IoT) estates; and DevOps teams, who say security should be automated and that they cannot wait for human approval.

Check Point does not, however, have the field all to itself. Cisco’s network security unit is also banging the drum for unified security solutions with its SecureX platform, a cloud-native security platform set to unify visibility across the supplier’s security portfolio and user infrastructure, enabling automated security workflows, and incorporating managed threat-hunting capabilities. “We’re trying to solve the number one problem that every CISO has – that these environments have been built to be highly fragmented,” said Cisco chief security officer John Maynard. “The vast majority of customers have a multi-supplier security estate, and struggle with orchestrating alerts and driving remediation at scale across that fragmented landscape.”


Read more: CISCO TO SECURE ITS BLOCKCHAIN-AS-A-SERVICE (BAAS) PLATFORM FOR ENTERPRISE SECURITY

Spotlight

"At its most basic level, a disaster recovery strategy is not about technology—or, at least, not just about technology. It’s also about people and processes and the confidence to look into the future without turning away from the potential for bad things to happen.
The good news is that with the new generation of disaster recovery technologies, it is possible to confidently prepare for disaster recovery in a way and at a cost that can be tailored to your organization’s tolerance for risk. You just have to decide how much risk you are prepared to take. If you don’t already know, you should consider a DR assessment…before it’s too late. "


Other News
DATA SECURITY,ENTERPRISE IDENTITY

SandboxAQ Acquires Cryptosense to Accelerate Delivery of Security Solutions to Global Organizations

SandboxAQ | September 14, 2022

SandboxAQ, an enterprise SaaS company delivering the compound effects of AI and Quantum tech (AQ) to governments and the Global 1000, today announced it has acquired Cryptosense, a leading cybersecurity and encryption analysis software company. SandboxAQ's acquisition comes just weeks after the company unveiled its Strategic Investment Program and initial investment in evolutionQ. The acquisition of Cryptosense complements and accelerates the deployment of SandboxAQ's Post-Quantum Cryptography (PQC) solutions to corporations and government institutions worldwide. SandboxAQ's cybersecurity products enable large enterprises to scale cryptography management across their IT infrastructure, providing CISOs with a single, 360° view of how encryption is used throughout the enterprise – a critical first step in migrating to PQC. This migration to stronger cybersecurity is important for critical infrastructure sectors such as financial services, technology, energy, biopharma, logistics, and government. Cryptosense is used by leading technology and financial services organizations and is a fellow NIST NCCOE partner. The combined customer relationships will help SandboxAQ bring its PQC solutions to market faster and protect these organizations and their customers from existing and emerging quantum threats, such as Store Now, Decrypt Later (SNDL) attacks. "Rapid advances in quantum computing and AI challenge the effectiveness and performance of existing cryptography-based cybersecurity solutions. The combined leadership, talent, and expertise that SandboxAQ and Cryptosense bring to the marketplace accelerates the deployment of more effective cryptography solutions to protect the world against the security threats of today and tomorrow," said Jack D. Hidary, CEO of SandboxAQ. "The caliber of the Cryptosense team is recognized throughout the information security community, with the leadership by Graham Steel and Clément Jeanjean. We welcome Cryptosense to the SandboxAQ family and look forward to our continued success as one company." "The complementary functionality and expertise between Cryptosense and SandboxAQ enables us to build and deliver SaaS solutions at scale with higher touch customer service. PQC implementation is critical to protect the world's sensitive data and together we will make a greater impact." Dr. Graham Steel, Cryptosense founder Cryptosense was advised by Stifel and Hogan Lovells and SandboxAQ was advised by Morgan Lewis. About SandboxAQ SandboxAQ is an enterprise SaaS company, providing solutions at the nexus of AI and Quantum technology (AQ) to address some of the world's most challenging problems. The company's core team and inspiration formed at Alphabet Inc., emerging as an independent, growth-capital-backed company in 2022. About Cryptosense Cryptosense is an enterprise SaaS company that helps organizations identify and catalog the cryptography leveraged within their applications and infrastructure. Some of the largest technology and financial services companies worldwide use Cryptosense for their cybersecurity needs. Cryptosense announced a $4.8 million funding round in May 2021 backed by Amadeus Capital Partners, Elaia Partners and BGV.

Read More

SOFTWARE SECURITY

GuidePoint Security Achieves AWS Security Competency Status

GuidePoint Security | July 27, 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that it has achieved the Compliance and Privacy distinction in the Amazon Web Services (AWS) Security Competency. This designation recognizes that GuidePoint Security has demonstrated and successfully met AWS’s technical and quality requirements for providing customers with a deep level of consulting services expertise in Compliance and Privacy to help them achieve their cloud security goals. Achieving the Compliance and Privacy distinction in the AWS Security Competency differentiates GuidePoint Security as an AWS Partner that provides specialized consulting services designed to help companies from startups and mid-sized businesses to the largest global enterprises to adopt, develop, and deploy security into their AWS environments, increasing their overall security posture on AWS. To receive the designation, partners must possess deep AWS expertise and deliver solutions seamlessly on AWS. “GuidePoint Security was an original AWS Security Competency launch partner and we are proud to be launch partner yet again for the updated AWS Security Competency program having achieved the Compliance and Privacy distinction,” said Anil Badruddin, Practice Director – AWS Cloud Security, GuidePoint Security. “Our team is dedicated to helping organizations achieve their security goals by combining our in-depth knowledge of technical solutions along with our deep expertise of the powerful security tools AWS provides.” AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise. GuidePoint Security’s distinction for Compliance and Privacy is based on the following attributes: Specialized consulting service offerings including: cloud security assessments, cloud governance, solution design and implementation, and security automation The ability to develop enterprise-wide security playbooks to help organizations mature their cybersecurity programs Deep technical expertise for a wide range of third-party security solution providers and AWS native services to help customers identify, implement, and manage the right solutions for their environment and business Expertise in helping customers ensure Payment Card Industry Data Security Standard (PCI DSS) compliance on AWS (GuidePoint Security is certified as a PCI QSA) About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk.

Read More

DATA SECURITY

ControlCase Partners with ConnectWise & FifthWall Solutions to Increase MSP Cybersecurity Maturity & Bridge Access to Cyber Insurance.

ControlCase | July 11, 2022

ControlCase, a leading provider of IT Security Certifications and Continuous Compliance Services announced its recent partnership with ConnectWise and FifthWall Solutions. Under this partnership, Managed Service Providers (MSPs) can now access the ConnectWise MSP+ security best practices framework from the ControlCase Compliance HubTM platform for both self-assessment and verification by ControlCase. This partnership also provides the rate-quote-bind assistance required for procuring insurance. ConnectWise’s MSP+ framework is derived from the NIST CSF framework and aims to help MSPs strengthen their cybersecurity program, increase cybersecurity maturity, and ultimately lower their risk of a data breach. MSP+ provides an affordable compliance framework that can be used as the foundation for an MSPs cybersecurity program. The MSP+ program is split into 3 parts: 1. MSP+ Self Assessment – Allows the MSP to access the framework and start implementing controls and closing gaps at their own pace. 2. MSP+ Advanced – Includes assistance with remediation and final verification by ControlCase. 3. MSP+ Mastery – Demonstrates a mature cybersecurity program and is also verified by ControlCase. “This partnership is a gamechanger for MSPs,” said Mike Jenner, CEO at ControlCase. “Security incidents involving MSPs, and their clients continue to rise. This rise necessitates stringent security controls to be implemented and the MSP+ framework provides a great place for MSPs to start learning about cybersecurity and implementing necessary controls.” Speaking on the achievement, Raffael Marty, General Manager -Cybersecurity at ConnectWise said “Cyber insurance is a critical element to help partners protect their legacy by building a more cyber-resilient business. This partnership will help MSPs increase their cybersecurity maturity, prepare for and procure insurance; eliminating dozens of steps they and their customers would otherwise have to take.” The ControlCase Compliance HubTM platform is integrated with ConnectWise Manage. MSPs can complete their MSP+ assessments without ever leaving their PSA. The MSP+ Advanced and Mastery offerings also include real-time compliance status and vital statistics such as risk rating and security milestone planning. “FifthWall is excited to be the dedicated Cyber Insurance & Risk Management Solution Provider,” said Reid Wellock, President, FifthWall Solutions. “We work with 35+ insurers to limit clients’ cyber exposure and give peace of mind for businesses of any size.” This partnership greatly simplifies MSPs and their clients' access to insurance.” For more information on this partnership and the related offerings, please contact Kimberly Simon at ksimon@controlcase.com About ControlCase ControlCase is a global provider of certification, cybersecurity, and continuous compliance services. ControlCase is committed to empowering organizations to develop and deploy strategic information security and compliance programs that are simplified, cost-effective, and comprehensive in both on-premises and cloud environments. ControlCase offers certifications and a broad spectrum of cyber security services that meet the needs of companies required to certify to PCI DSS, HITRUST, SOC 2 Type II, ISO 27001, PCI PIN, PCI P2PE, PCI TSP, PA DSS, CSA STAR, HIPAA, GDPR, SWIFT, and FedRAMP. About FifthWall Solutions FifthWall works with 35+ carriers to limit your clients’ cyber exposure and give peace of mind for businesses of any size. With our policies, MSPs and their clients are covered from business interruptions, cyber crimes, and several of the consequences that follow. With breach prevention and response tools, MSPs and their clients avoid risk and minimize impact in the event of a security incident.

Read More

DATA SECURITY,ENTERPRISE IDENTITY

Cybeats Announces Partnership with Veracode, an Industry-Leading Application Security Firm

Cybeats | September 29, 2022

Cybeats Technologies Inc., a leading software supply chain risk and security technology provider announces a strategic partnership with Veracode, a leading global provider of application security testing solutions. The partnership will leverage complementary expertise to ensure customers receive the highest standard of cybersecurity solutions. Cybeats' software supply chain security product, SBOM Studio, will be available to customers through Veracode Partners, and the companies will explore joint commercial opportunities. Once generated within the Veracode Continuous Software Security Platform, a Software Bill of Materials (SBOM) can enable greater software security by offering a full inventory of the third-party components used within an application. Cybeats SBOM Studio is an enterprise-class solution that helps companies understand and track third-party components that are an integral part of their own software. Veracode will provide advice and guidance around the commercial deployment of SBOM Studio within its existing customer base. The partnership aims to enable both companies to continue to expand their existing presence in the global cybersecurity market. Through this alliance, the companies' joint customers will be able to maximize their technology investments and procure, develop, and deploy secure software, while reducing the risk of a security breach resulting from weak links in their software supply chain. "As a Veracode Elite Technology Alliance Partner, Cybeats brings additional expert solutions to the frictionless developer experience already offered by our Continuous Software Security Platform," said Laurie Haley, Vice President of Strategic Alliances at Veracode. "By complementing our existing software composition analysis capability, Cybeats' integrated solutions will allow customers to maximize SBOM (Software Bill of Materials) utility and simplify their workflow for greater ROI." "We are honoured to partner with Veracode to expand each other's presence in the global cybersecurity market. As the cyber risk related to software supply chain attacks continues to mount, deep visibility and universal transparency using SBOMS is necessary for resilient cybersecurity defense." Yoav Raiter, CEO, Cybeats "In this modern era of rapid development, the importance of time to market and automation is paramount. Together, Veracode and Cybeats offer a substantial contribution to enabling our customers to align with the SBOM market needs and seamlessly support practices mentioned in SSDF NIST 800-218 framework without increasing the overhead on their development and product security teams," said Dmitry Raidman, CTO, Cybeats Through a single, centralized platform offering comprehensive visibility into vulnerabilities using all software security testing types, Veracode delivers one of the industry's only cloud-native solutions that allows partners to onboard quickly and seamlessly, so companies can securely move AppSec to the cloud. As a result of this partnership, Veracode can easily integrate the full breadth of Cybeats' software solutions into their customers' environments. The partner program provides market-leading solutions and services to get partners up and running straight away, with minimal impact to their existing business. Cybeats SBOM Studio SBOM Studio provides organizations with the capability to efficiently manage SBOM and software vulnerabilities, and provides proactive mitigation of risks to their software supply chain. Key product features include robust software supply chain intelligence, universal SBOM document management and repository, continuous vulnerability, threat insights, precise risk management, open source software license infringement and utilization, and secure SBOM exchange with regulatory authorities, customers and vendors, at reduced cost. About Cybeats Cybeats is a leading software supply chain intelligence technology provider, helping organizations manage risk, meet compliance and secure software from procurement, development through operation. Our platform provides customers with deep visibility and universal transparency into their software supply chain, as a result enables them to increase operational efficiencies and revenue. Cybeats. Software Made Certain.

Read More

Spotlight

"At its most basic level, a disaster recovery strategy is not about technology—or, at least, not just about technology. It’s also about people and processes and the confidence to look into the future without turning away from the potential for bad things to happen.
The good news is that with the new generation of disaster recovery technologies, it is possible to confidently prepare for disaster recovery in a way and at a cost that can be tailored to your organization’s tolerance for risk. You just have to decide how much risk you are prepared to take. If you don’t already know, you should consider a DR assessment…before it’s too late. "

Resources