DATA SECURITY

XM Cyber Partners with Italy-based Value-Added Distributor ICOS

XM Cyber | May 06, 2021

XM Cyber, the multi-award-winning leader in cyberattack path management, today announced that it has signed an agreement with Italy-based value-added distributor (VAD) ICOS. This agreement will enable ICOS to offer XM Cyber solutions in the Italian market to help organizations protect their most critical assets.

"XM brings a new approach that uses the attacker perspective to find and remediate critical attack paths toward organizations' crown jewels across on-premises and multi-cloud networks," explained Erez Jacobson, Channels Sales Director, EMEA & APAC, XM Cyber. "We are a fast-growing business and need to scale through our partners ecosystem. The agreement with ICOS is an exciting development to consolidate our footprint in the Italian market."

ICOS is a partner of some of the leading technology vendors in the sector, offering resellers the infrastructure and cybersecurity solutions that are most in line with the new paradigms of enterprise IT.

About XM Cyber
XM Cyber is the global leader in cyberattack path management. The XM Cyber platform enables companies to rapidly respond to cyber risks affecting their business-sensitive systems by continuously finding new exposures, including exploitable vulnerabilities and credentials, misconfigurations, and user activities. XM Cyber constantly simulates and prioritizes the attack paths putting mission-critical systems at risk, providing context-sensitive remediation options. XM Cyber helps to eliminate 99% of the risk by focusing allowing IT and Security Operations to focus on the 1% of the exposures before they get exploited to breach the organization's "crown jewels" – its critical assets. XM Cyber was founded by top executives from the Israeli cyber intelligence community and has offices in North America, Europe, and Israel.

Spotlight

Today, Financial Services firms have a unique vantage point into the challenges of managing business information. Within a jittery global financial climate, firms must deal with information volume that continues to grow at an unstoppable rate, and carried via an exploding number of tools that advisors are using to collaborate and communicate with clients. And firms must extend the life of current technology systems given pressure to remove costs, while also protecting sensitive information assets against an unprecedented level of cybersecurity threats. Unfortunately, for many firms, managing the security of information has existed as a specialized domain, and consequently, led to siloed investments to protect specific processes or systems – not necessarily to protect information that might carry the highest value or risk as it flows through the firm. As a result, few organizations feel well prepared to address the consequences of data breach.


Other News
DATA SECURITY, ENTERPRISE IDENTITY

Cervello Partners with ST Engineering to Provide Cybersecurity for Rail Operational Networks

Cervello | October 19, 2022

Cervello, a global leader in rail cybersecurity, announced today a new strategic partnership with ST Engineering, a global technology, defense, and engineering group, to incorporate ST Engineering’s cybersecurity services as part of Cervello's patented rail security solution for rail operators and infrastructure managers. This partnership, which has already proven its value by securing the operations of one of the busiest rail networks in APAC, enhances Cervello's ability to offer and support its solution globally. “We are pleased to officially announce our already proven strategic cooperation with ST Engineering, a proven technology and engineering powerhouse, as a significant step toward Cervello's continued global expansion,” states Roie Onn, Cervello's CEO & Co-Founder. “Combining ST Engineering’s decades of experience in empowering cyber resilience across various sectors, together with Cervello’s unparalleled expertise in rail-specific security, we are able to globally support rail organizations with cybersecurity solutions and services that enable them to operate more safely and efficiently.” “Threats in the cyber-physical world are growing at an exponential rate and conventional ways of securing systems and assets are no longer sufficient. “The joint cybersecurity capabilities of ST Engineering and Cervello allow us to build a more comprehensive effective suite of cybersecurity rail solutions that is reliable and ensures business continuity for rail operators." Goh Eng Choon, President, Cyber, ST Engineering About Cervello Cervello accelerates rail digital transformation by securing the industry’s infrastructure and operations from cyber threats. Cervello offers the industry's leading dedicated rail security platform, enabling rail companies to safely deliver connected service. Cervello’s platform gives you the confidence to see, secure, and manage all ​assets connected to your ​critical ​network, combining OT, IoT, IT and physical systems, and turn the associated data into a powerful resource. This means the end of any compromise between security​, safety​ and usability – put simply, this allows you to ​operate with confidence​. The world’s leading rail operators and infrastructure managers trust Cervello to minimize threats and prevent cybersecurity incidents, thereby increasing their safety, reliability, business continuity and service availability.

Read More

DATA SECURITY,ENTERPRISE SECURITY,PLATFORM SECURITY

Laminar Supports Launch of Amazon Security Lake

Laminar | November 30, 2022

Laminar, a leader in public cloud data security, today announced it is supporting the launch of Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes an organization’s security data from cloud, on-premises, and custom sources into a customer owned purpose-built data lake. With support for the Open Cybersecurity Schema Framework (OCSF) standard, Amazon Security Lake reduces the complexity and costs for customers to make their security solutions data accessible to address a variety of security use cases such as threat detection, investigation, and incident response. “All cybersecurity in the end is about protecting data and all cybersecurity is more effective and efficient with data-context. “Laminar is proud to be a launch partner for Amazon Security Lake, adding data-context to security events for better risk models, effective investigations and efficient remediation.” Amit Shaked, co-founder and CEO, Laminar Amazon Security Lake helps organizations aggregate, manage, and derive value from log and event data on the cloud and on-premises to give security teams greater visibility across their organizations. With Amazon Security Lake, customers can use the security and analytics solutions of their choice to simply query that data in place or ingest the OCSF-compliant data to address further use cases. Amazon Security Lake helps customers optimize security log data retention by optimizing the partitioning of data to improve performance and reduce costs. Now, analysts and engineers can easily build and use a centralized security data lake to improve the protection of workloads, applications, and data. Laminar is a Data Security Posture Management (DSPM) leader that delivers autonomous, agentless, and continuous data security for everything that you build and run on the cloud. Laminar provides autonomous discovery and classification for all data across AWS and hybrid cloud environments into a cloud data catalog, prioritization of data assets by our proprietary risk model, and an agentless and asynchronous approach to DSPM to reduce the exposure surface without impacting performance. “Data is every enterprise’s most valuable asset, which makes protecting it a critical capability for all cybersecurity solutions,” said Rod Wallace, General Manager for Amazon Security Lake. “Amazon Security Lake enables security teams to optimize security log data collection and retention by optimizing the partitioning of data to improve performance and reduce costs. With the Laminar integration, analysts and engineers can store their data in the OCSF format for further analytics to improve the protection of workloads, applications, and data.” About Laminar Laminar’s Cloud Data Security Platform protects data for everything you build and run in the cloud across cloud providers and cloud data warehouses. The platform autonomously and continuously discovers and classifies new datastores for complete visibility, prioritizes risk based on sensitivity and data risk posture, secures data by remediating weak controls and actively monitors for egress and access anomalies. Designed for the multi cloud, the architecture takes an API-only approach, without any agents, and without sensitive data ever leaving your environment. Founded in 2020 by a brilliant team of award winning Israeli red team experts, Laminar is proudly backed by Insight Partners, Tiger Global, Salesforce Ventures, TLV Partners, and SentinelOne.

Read More

DATA SECURITY, SOFTWARE SECURITY

Accenture Named a Leader in European Managed Security Service Providers by Independent Analyst Firm

Accenture | September 13, 2022

Accenture has been named a Leader in the latest Forrester Research report on European managed security service (MSS) providers, which notes that Accenture sets itself apart from the rest of the market by the way in which it develops assets that are embedded in its services for the benefit of clients. The report — "The Forrester Wave™: European Managed Security Service Providers, Q3 2022" — includes a comprehensive 39-criteria assessment of the top 10 cybersecurity consulting providers across three high-level categories: “Current Offering”; “Strategy”; and “Market Presence.” Client references and buyer feedback were also factored into each criterion evaluated in the report. Accenture received the highest score in the Current Offering category among competitors evaluated, with the highest possible score in twelve criteria, including: data sovereignty and European service delivery; managed application security; business and technical value; product vision; execution roadmap; innovation roadmap; and partner ecosystem. The report says that: Accenture stands out for its vision roadmap, with several planned items focusing on emerging CISO [chief information service officer] needs for managed services providers. Accenture also continues to set the standard for strong partnerships to drive unique technology and services IP. When noting how Accenture sets itself apart by developing assets that are embedded in services for clients, the report said that one particularly strong example of this was its Intelligent Application Security Platform (IASP), which delivers significant value for developers within its application security services. Reference customers praise the flexible personnel, highly competent technical staff, and strong partnership approach. Accenture is a good match for customers who want end-to-end security capabilities that deliver a wide array of managed services. “We’re on a mission to make cybersecurity a priority for business leaders in Europe, and our managed security services team can help clients navigate the challenges. “It’s an honor to be recognized for our work helping clients build better defenses and strengthen their cybersecurity capabilities. Because cyber risk is a constantly moving target, we help our clients identify not only existing threats but also emerging threats to their enterprises.” Jacky Fox, who leads Accenture Security in Europe In addition to being named a Leader among European MSS providers by Forrester, Accenture was recently named the No. 1 cybersecurity service provider by HFS Research and positioned as a Leader in the latest IDC MarketScape analysis of managed security services (MSS) providers in Europe. In 2021, Accenture was positioned as a Leader in two Forrester reports on cybersecurity: The Forrester Wave™: Global Cybersecurity Consulting Providers, Q4 2021 and The Forrester Wave™: European Cybersecurity Consulting Providers, Q3 2021. More information on Accenture in “The Forrester Wave™: European Managed Security Service Providers, Q3 2022” report can be found here. About Accenture Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services and Accenture Song — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 710,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities.

Read More

DATA SECURITY, ENTERPRISE IDENTITY

Keeper Security's Cybersecurity Census Finds U.S. Businesses are Unprepared for Escalation in Cyberattacks

Keeper Security | September 15, 2022

Keeper Security, the leading provider of zero-trust, zero-knowledge and FedRAMP Authorized cybersecurity software, today released findings from its second annual Cybersecurity Census. The report explores insights from IT decision-makers at businesses and organizations across the U.S., revealing that most respondents expect the onslaught of cyberattacks to intensify over the next year, yet 32% lack a management platform for IT secrets–posing a significant risk to organizational security. The 2022 U.S.Cybersecurity Census Report explores the ongoing threats of cyberattacks and the need for cybersecurity investment. The report maps the evolving cybersecurity landscape as hybrid and remote work have transformed businesses over the past two years. According to survey findings, the average U.S. business experiences 42 cyberattacks annually—between three to four each month. Still, fewer than half (44%) of respondents provide their employees with guidance or best practices for governing passwords and access management. IT leaders reveal a lack of preparedness for cyberattacks U.S. businesses face many cyberattacks each year, significantly impacting their organizations. Most respondents agree the total number of attacks will increase over the next year, with 39% predicting the number of successful cyberattacks will also rise. Most organizations in the U.S. believe they're prepared to fend off cyberattacks, with 64% of respondents rating their preparedness at least an eight on a 10-point scale and 28% rating themselves as a 10/10. At the same time, the majority of respondents (57%) say it is taking longer to respond to attacks and only 8% say responses are getting faster. Though most report feeling prepared for attacks, leaders admit their tech stacks lack essential tools. Nearly one-third of respondents (32%) lack a management platform for IT secrets, such as API keys, database passwords and privileged credentials. 84% are concerned about the dangers of hard-coded credentials in source code but 25% don't have software to remove them. More than one-quarter of respondents (26%) said they lack a remote connection management solution to secure remote access to IT infrastructure. With the rise in hybrid work and remote work, this is a significant security gap. This lack of investment in cybersecurity tools is alarming, especially considering the lasting impact of cyberattacks that survey respondents revealed. Nearly one-third (31%) suffered a disruption of partner or customer operations in the wake of a cyberattack and the same percentage experienced theft of financial information. 18% of organizations experienced theft of money, with the average amounting to more than $75,000, while 37% lost $100,000 or more. 23% experienced the inability to carry out business operations. In addition to direct costs, cyberattacks can cause lasting damage to business perception and client trust. More than one-quarter of respondents (28%) suffered reputational damage due to a successful cyberattack and 19% reported losing business or a contract. "The volume and pace at which cyberattacks are hitting businesses is increasing and with that come severe financial, reputational and organizational penalties," said Darren Guccione, CEO and co-founder of Keeper Security. "Leadership must prioritize cybersecurity, enabling their security teams to address rapid shifts in technology and distributed remote work. The impact these shifts have on cybersecurity are both pervasive and extreme. Building a culture of trust, accountability and responsiveness is critical." U.S. businesses must take immediate action against cyber threats Cybersecurity is a pillar of every good business and these findings underscore the need for business leaders to make cybersecurity a part of organizational culture. U.S. business leaders are working to source the necessary talent to stay secure. Nearly three-quarters (71%) of respondents have made new hires in cybersecurity over the past year and 58% say they've increased cybersecurity training. A devastating cyberattack is one stolen password away, but despite this threat, fewer than half (48%) of respondents state they have plans to invest in password management, visibility tools for network-based threats or infrastructure secrets management. Only 44% of respondents provide their employees with guidance and best practices governing passwords and access management. 30% of respondents allow employees to set and manage their passwords and admit that employees often share access to passwords. A mere 26% have a highly sophisticated framework for visibility and control of identity security. Many organizations are considering future investments with 73% of respondents expecting their cybersecurity budgets to increase. However, they face being outmatched by rising external threats and the demands created by existing weaknesses. Cybersecurity in company culture Employees understand the dangers of both external and internal threats. An overwhelming 79% of IT professionals are concerned about a breach from within their organization and 47% have suffered a breach of that nature. As more employees work remotely, businesses must rethink their investments in order to maintain security. In fact, 40% of respondents highlighted remote and hybrid work as a top concern, with rising external threats close behind at 39%. IT leaders themselves admit a lack of transparency in cyber incident reporting within their organizations, with nearly half of respondents (48%) being aware of a cyberattack, but keeping it to themselves. Businesses must foster a sense of trust and transparency in their organizations, creating an open dialogue to recognize the scale of the cybersecurity challenges their organization faces. Only with that recognition can resources be devoted to education and embedding a cybersecurity mindset into the organization's culture. Keeper's 2022 U.S. Cybersecurity Census Report demonstrates that cyberattacks present a profound and ongoing threat. Preventative measures, including investment, education and cultural shifts, are essential for businesses to drive resilience and protect their organizations from cybercriminals. Methodology The report yielded results from 516 IT leaders and decision-makers in businesses across the U.S. About Keeper Security Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyberattacks, while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password management, secrets management, privileged access, secure remote infrastructure access and encrypted messaging.

Read More

Spotlight

Today, Financial Services firms have a unique vantage point into the challenges of managing business information. Within a jittery global financial climate, firms must deal with information volume that continues to grow at an unstoppable rate, and carried via an exploding number of tools that advisors are using to collaborate and communicate with clients. And firms must extend the life of current technology systems given pressure to remove costs, while also protecting sensitive information assets against an unprecedented level of cybersecurity threats. Unfortunately, for many firms, managing the security of information has existed as a specialized domain, and consequently, led to siloed investments to protect specific processes or systems – not necessarily to protect information that might carry the highest value or risk as it flows through the firm. As a result, few organizations feel well prepared to address the consequences of data breach.

Resources