SOFTWARE SECURITY

UL Launches New SafeCyber™ Solution and Platform Features to Address Mounting Security Threats

UL | June 07, 2022

UL
UL, a global safety science leader, today announced the latest enhancements to its product security and compliance life cycle management platform, SafeCyber. Launched last year, SafeCyber aims to democratize product security and empower device manufacturers, suppliers and system integrators to take charge of their connected ecosystems and mitigate growing threats from chip to cloud.

Amid an uptick in supply chain attacks, a shortage of security expertise and a dynamic regulatory environment, UL's new SafeCyber dashboard provides users with a comprehensive view of their product security maturity and projects in one place. SafeCyber also provides an easy-to-use portal to help users discover available device life cycle solutions to better manage and secure their ecosystems.

Through this new dashboard, users can view all their product security testing and evaluation activities in a single, central location. The new feature provides visibility on the security maturity of their product lines and certification readiness to industry standards, including ISA/SAE 21434 and IEC 62443 4-1, among others.

Additionally, UL formally announced Binary Check™, a new SafeCyber platform solution. Binary Check allows users to perform continuous, automated binary code analysis to ensure ongoing security and compliance readiness of connected devices and systems. This new solution includes the ability to generate a software bill of materials (SBOM), detect and manage vulnerabilities for faster remediation and obtain compliance readiness analysis.

"The skyrocketing adoption of connected devices creates countless benefits and opportunities but also leads to an increasingly large and attractive attack vector for bad actors. "As devices become progressively connected, it's challenging for businesses to keep up with growing device and security system complexities, making them vulnerable to ransomware and firmware attacks. Hardening security requires a proactive approach. At UL, we are committed to enabling organizations to innovate and bring products to the marketplace safely and securely. With SafeCyber, customers benefit from a 360-degree view of their security governance and processes to better manage and mitigate product security risks."

David Nosibor, platform solutions lead, Identity Management Security and head of UL's SafeCyber project

About UL
UL is a global safety science leader. We deliver testing, inspection and certification (TIC), training and advisory services, risk management solutions and essential business insights to help our customers, based in more than 100 countries, achieve their safety, security and sustainability goals. We believe our deep knowledge of products and intelligence across supply chains make us the partner of choice for customers with complex challenges.

Spotlight

"A business with 95% of its revenues generated online got hammered by DDoS attacks over a 6-month period, resulting in lost sales and damage to its brand. Unprepared for the situation, the company was forced to assess the threat and research solutions quickly.

Using a cloud-based DDoS mitigation service, the website manager blocked the attacks quickly and kept their website online."


Other News
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Concentric AI Included in Newly Created Data Security Posture Management Category in Recent Gartner® Hype Cycle™ Report

Concentric AI | August 29, 2022

Concentric AI, a leading vendor of intelligent AI-based solutions for autonomous data security posture management, today announced it has been listed as a Sample Vendor in the newly created Data Security Posture Management category in the recently published Gartner Hype Cycle for Data Security, 2022 report.1 Concentric AI also appears in the Data Access Governance and Data Discovery and Management categories in the Gartner Hype Cycle for Data Security, 2022 report.1 According to the Hype Cycle for Data Security, 2022: “Data security posture management (DSPM) provides visibility as to where sensitive data is, who has access to that data, how it has been used and what the security posture of the data store or application is.”1 Organizations use DSPM as the basis for data risk assessment and to optimize data security governance implementations. The new Data Security Posture Management category has a Benefit Rating of Transformational, which Gartner defines as, “Enables new ways of doing business across industries that will result in major shifts in industry dynamics.”1 According to Gartner: “Organizations face challenges mitigating data security and privacy risks as data rapidly proliferates across multi-cloud and hybrid IT architectures. Identifying meaningful data risk is impossible to solve without combining metrics from data sensitivity, data lineage, infrastructure configurations that create data risks and access risk into a common view. This is an urgent problem that is encouraging rapid growth in the availability and maturation of this technology.”1 “We believe being recognized by Gartner as a Sample Vendor in Data Security Posture Management validates that organizations need visibility of into their sensitive data across datasets and locations, as well as a consolidated view into the risk associated with inconsistent access privileges, permissions, activity, and location to protect their data from loss. “Organizations using Concentric AI benefit from the company’s AI-assisted deep learning autonomous data security solution to reduce their data risk by discovering, evaluating, and remediating security issues.” Karthik Krishnan, Founder and CEO, Concentric AI Concentric AI secures data-centric work using AI to protect business-critical information hidden in the millions of files and databases used by today’s distributed workforce. The company’s unique deep learning solution autonomously and accurately finds sensitive content, assesses risk, and remediates security issues, allowing organizations across industries to meet their data security needs for the first time. Concentric AI’s Semantic Intelligence™ automates unstructured and structured data security using deep learning to categorize data, uncover business criticality and reduce risk. Its Risk Distance™ analysis technology uses the baseline security practices observed for each data category to spot security anomalies in individual files. It compares documents of the same type to identify risk from oversharing, third-party access, wrong location, or misclassification. Organizations benefit from the expertise of content owners without intrusive classification mandates, with no rules, regex, or policy maintenance needed. Gartner Disclaimer Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER and HYPE CYCLE are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. About Concentric AI With Concentric AI, organizations can finally address their unmet data security needs by discovering and protecting business-critical content. Concentric AI protects intellectual property, financial documents, PII/PCI content, customer data, business confidential data and more, across on-premises and cloud-based data stores, as well as messaging and communication applications. The Concentric AI Semantic Intelligence™ Data Security Posture Management solution uses deep learning and Risk Distance™ analysis to accurately categorize data, assess risk, and remediate security issues – without relying on upfront rules or complex configuration. Concentric AI is venture-backed by leading Silicon Valley VCs and is headquartered in San Jose, Calif.

Read More

SOFTWARE SECURITY

JFrog Advances Software Development Collaboration, Automation, Speed, and Security with New Microsoft Teams App

JFrog | July 12, 2022

JFrog Ltd. , the Liquid Software company and creators of the JFrog DevOps Platform, today unveiled new integrations for JFrog Artifactory - the world's leading binary repository – and its JFrog Xray advanced security solution - with the Microsoft Teams collaboration platform. Available immediately, the JFrog App for Microsoft Teams delivers organization-wide visibility into security and software development events, such as failed builds, security vulnerabilities, or compliance issues. Using the new app, development team members can both assign and execute the tasks required to address issues, accelerating time-to-resolution. "Designing software and keeping it up-to-date has always been a team effort – but the urgency of that collaboration becomes even more important when builds fail or security vulnerabilities strike. “Our goal is to empower developers with solutions that enable efficient, cross-team communications on the platforms they’re already using day-to-day, which is why integrating with Teams was a logical choice. The JFrog App for Microsoft Teams makes it easier for developers to notify and collaborate with the wider business to devise and execute a speedy path to resolution." Stephen Chin, Vice President of Developer Relations, JFrog Many software teams use Teams to collaborate and provide visibility into development events or security vulnerabilities using both public and private group channels, as well as direct messaging. The new JFrog App for Microsoft Teams delivers insight into whether artifacts are being uploaded, moved, copied, or deleted, so developers and their extended team of stakeholders from across the organization can quickly make informed decisions and take action to keep their software pipelines on track and secure. “Microsoft Teams changes the way work gets done. It helps remote colleagues and partners collaborate and stay connected even when they’re working apart – and there are few places where collaboration is as critical to a project’s success as software development,” said Ben Summers, Director, Teams & Microsoft 365 Platform Marketing at Microsoft. “This integration aims to make life easier for developers who are already using Teams for their everyday work to share project or security updates with their extended set of stakeholders in one click.” Other features and benefits of the JFrog App for Microsoft Teams include: Accelerated vulnerability resolution - Integrating JFrog Artifactory and JFrog Xray with Teams significantly decreases the time it takes to resolve development challenges or security issues. Improved collaboration - Developers can use Teams to both delegate action items to extended team members - across departments – and take action on assigned tasks and provide status updates during each phase of the software development lifecycle. Quality assurance – Easily configure JFrog Xray policies and watches to monitor targeted artifact repositories used for test and staging environments, and tag team members on security vulnerabilities and compliance violations through Teams for prompt resolution. About JFrog JFrog Ltd.is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back

Read More

SOFTWARE SECURITY

GuidePoint Security Achieves AWS Security Competency Status

GuidePoint Security | July 27, 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that it has achieved the Compliance and Privacy distinction in the Amazon Web Services (AWS) Security Competency. This designation recognizes that GuidePoint Security has demonstrated and successfully met AWS’s technical and quality requirements for providing customers with a deep level of consulting services expertise in Compliance and Privacy to help them achieve their cloud security goals. Achieving the Compliance and Privacy distinction in the AWS Security Competency differentiates GuidePoint Security as an AWS Partner that provides specialized consulting services designed to help companies from startups and mid-sized businesses to the largest global enterprises to adopt, develop, and deploy security into their AWS environments, increasing their overall security posture on AWS. To receive the designation, partners must possess deep AWS expertise and deliver solutions seamlessly on AWS. “GuidePoint Security was an original AWS Security Competency launch partner and we are proud to be launch partner yet again for the updated AWS Security Competency program having achieved the Compliance and Privacy distinction,” said Anil Badruddin, Practice Director – AWS Cloud Security, GuidePoint Security. “Our team is dedicated to helping organizations achieve their security goals by combining our in-depth knowledge of technical solutions along with our deep expertise of the powerful security tools AWS provides.” AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise. GuidePoint Security’s distinction for Compliance and Privacy is based on the following attributes: Specialized consulting service offerings including: cloud security assessments, cloud governance, solution design and implementation, and security automation The ability to develop enterprise-wide security playbooks to help organizations mature their cybersecurity programs Deep technical expertise for a wide range of third-party security solution providers and AWS native services to help customers identify, implement, and manage the right solutions for their environment and business Expertise in helping customers ensure Payment Card Industry Data Security Standard (PCI DSS) compliance on AWS (GuidePoint Security is certified as a PCI QSA) About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk.

Read More

DATA SECURITY

ControlCase Partners with ConnectWise & FifthWall Solutions to Increase MSP Cybersecurity Maturity & Bridge Access to Cyber Insurance.

ControlCase | July 11, 2022

ControlCase, a leading provider of IT Security Certifications and Continuous Compliance Services announced its recent partnership with ConnectWise and FifthWall Solutions. Under this partnership, Managed Service Providers (MSPs) can now access the ConnectWise MSP+ security best practices framework from the ControlCase Compliance HubTM platform for both self-assessment and verification by ControlCase. This partnership also provides the rate-quote-bind assistance required for procuring insurance. ConnectWise’s MSP+ framework is derived from the NIST CSF framework and aims to help MSPs strengthen their cybersecurity program, increase cybersecurity maturity, and ultimately lower their risk of a data breach. MSP+ provides an affordable compliance framework that can be used as the foundation for an MSPs cybersecurity program. The MSP+ program is split into 3 parts: 1. MSP+ Self Assessment – Allows the MSP to access the framework and start implementing controls and closing gaps at their own pace. 2. MSP+ Advanced – Includes assistance with remediation and final verification by ControlCase. 3. MSP+ Mastery – Demonstrates a mature cybersecurity program and is also verified by ControlCase. “This partnership is a gamechanger for MSPs,” said Mike Jenner, CEO at ControlCase. “Security incidents involving MSPs, and their clients continue to rise. This rise necessitates stringent security controls to be implemented and the MSP+ framework provides a great place for MSPs to start learning about cybersecurity and implementing necessary controls.” Speaking on the achievement, Raffael Marty, General Manager -Cybersecurity at ConnectWise said “Cyber insurance is a critical element to help partners protect their legacy by building a more cyber-resilient business. This partnership will help MSPs increase their cybersecurity maturity, prepare for and procure insurance; eliminating dozens of steps they and their customers would otherwise have to take.” The ControlCase Compliance HubTM platform is integrated with ConnectWise Manage. MSPs can complete their MSP+ assessments without ever leaving their PSA. The MSP+ Advanced and Mastery offerings also include real-time compliance status and vital statistics such as risk rating and security milestone planning. “FifthWall is excited to be the dedicated Cyber Insurance & Risk Management Solution Provider,” said Reid Wellock, President, FifthWall Solutions. “We work with 35+ insurers to limit clients’ cyber exposure and give peace of mind for businesses of any size.” This partnership greatly simplifies MSPs and their clients' access to insurance.” For more information on this partnership and the related offerings, please contact Kimberly Simon at ksimon@controlcase.com About ControlCase ControlCase is a global provider of certification, cybersecurity, and continuous compliance services. ControlCase is committed to empowering organizations to develop and deploy strategic information security and compliance programs that are simplified, cost-effective, and comprehensive in both on-premises and cloud environments. ControlCase offers certifications and a broad spectrum of cyber security services that meet the needs of companies required to certify to PCI DSS, HITRUST, SOC 2 Type II, ISO 27001, PCI PIN, PCI P2PE, PCI TSP, PA DSS, CSA STAR, HIPAA, GDPR, SWIFT, and FedRAMP. About FifthWall Solutions FifthWall works with 35+ carriers to limit your clients’ cyber exposure and give peace of mind for businesses of any size. With our policies, MSPs and their clients are covered from business interruptions, cyber crimes, and several of the consequences that follow. With breach prevention and response tools, MSPs and their clients avoid risk and minimize impact in the event of a security incident.

Read More

Spotlight

"A business with 95% of its revenues generated online got hammered by DDoS attacks over a 6-month period, resulting in lost sales and damage to its brand. Unprepared for the situation, the company was forced to assess the threat and research solutions quickly.

Using a cloud-based DDoS mitigation service, the website manager blocked the attacks quickly and kept their website online."

Resources