DATA SECURITY

XSOC CORP Launches Four Foundational Patent Pending Cryptographic Systems Built to Secure Critical Data

XSOC CORP | May 12, 2021

XSOC CORP has emerged from stealth mode after three years of intense research and development, and today unveiled new cybersecurity solutions aimed at offering improved cryptographic capabilities for existing systems in local industrial and wireless environments. XSOC CORP is a post-quantum data security company that protects businesses' most sensitive data and communications from well-funded hacker groups and nation-state attackers using more sophisticated attacks.

Senior software and hardware developers at XSOC CORP combine decades of algorithmic programming expertise with high-performance encryption techniques. Matching global-level cybersecurity innovations with the business and marketing acumen of a professionally experienced executive management team have boosted XSOC CORP's entry into the market.

XSOC CORP expands on the idea that good security, together with stronger tools, is the only real way to ensure data and device safety against external threats – no matter how sophisticated. The new technology from XSOC CORP fills gaps in existing cybersecurity systems by providing specialized encryption products, utilities, and pluggable modules that are specifically tailored for the expanding Internet of Things (IoT) and Industrial Internet of Things (IIoT) markets.

XSOC CORP is collaborating with the academic and professional sectors to solve some of the problems associated with outdated Public Key Infrastructure (PKI). SSL/TLS is the most commonly used mode of PKI, but it only provides a "static" certificate-based solution and, in many situations, only updates cryptographic key material certificates once per year. In the last 20 years, the certificate concept hasn't evolved or improved much; instead, it's gotten more expensive while being hard to configure and maintain. SOCKET is a breakthrough technology that allows for continuous cryptographic key rotation (updates) with or without SSL/TLS support.

SOCKET is a cryptographic key exchange protocol designed for near-field/radio frequency (RF) and wireless transmissions in closed-circuit, limited-distance, or intermittent ad-hoc network environments that support hardened encryption protection.

SOCKET also offers a relatively reliable and secure main infrastructure mechanism for more permanent network conditions. SOCKET, for example, can be used as an out-of-band (stand-alone) means of symmetric key transmission for legacy devices in an industrial (IT/OT) or commercial wireless surveillance environment, or modern streaming video cameras in a warehouse or embassy. SOCKET is an ideal companion to the XSOC Cryptosystem, and offers a safe solution for symmetric key sharing, allowing authentication in situations where TLS (SSL Certificates) are either impractical or impossible. SOCKET can be thought of as an “N-Tier” variant of Kerberos / X.509 technology, which has been around for 20 years and does not have a single point of failure.

Although XSOC CORP's SOCKET technology focuses on the idea of protected key exchanges in private network environments, the technology has also been completely opened to the internet via WAN-SOCKET. SOCKET's Wide Area Network (WAN) version employs advanced Distributed Hash Table (DHT) and Peer to Peer (P2P) technologies to provide symmetric encryption keys safely and with reduced lag or delay.

The reliability of SOCKET (and WAN-SOCKET) is due to the final pillar of XSOC CORP's main underlying technology set, Encrypted Broadcast Protocol, or "EBP." EBP is a native authentication protocol for network-efficient secure signal communications with 512bit or higher encryption strength. XSOC CORP has improved on the already effective UDP protocol, making it 100% stable and capable of providing completely encrypted data. XSOC CORP has shown that transfer of massive volumes of data over EBP can be achieved more than twice as fast as the leading FTP client/server while also being secured by 512bit encryption in a clear head-to-head challenge against the TCP/IP protocol.

About XSOC CORP

Founded in 2018, XSOC CORP is headquartered in Irvine, CA, and has a senior management and technology engineering team that has developed the XSOC Cryptosystem, which employs a supplied cryptographic cipher and a versatile SDK/API for fast integration into a wide range of software and platforms. XSOC Cryptosystem is designed to make the use of symmetric encryption easier. It eliminates the amount of time and code (or effort) taken to apply strong encryption directly to text, data, and, in particular, streaming-media services. SOCKET and WAN-SOCKET, which are powered by the modern and high-performance EBP protocol, expand the scope of symmetric cryptography globally.

Spotlight

The Center for Strategic & International Studies (CSIS) and the European Security Round Table (ESRT) Host the conference "Transatlantic Dimensions of Cyber Security" Keynote Speech: Cecilia Malmström,Commissioner for Home Affairs, European Commission


Other News
PLATFORM SECURITY

Contrast Security Achieves AWS DevSecOps Competency Status

Contrast Security | May 13, 2022

Contrast Security (Contrast), the leader in code security that empowers developers to secure-as-they code, announced today that it has achieved Amazon Web Services (AWS) DevOps Competency for development, security, and operations (DevSecOps) garnered by demonstrating technical proficiency and proven customer success specializing in DevSecOps. Contrast was selected as one of the official launch partners of the DevSecOps Competency by AWS, which is an extension of the DevOps category. Achieving the AWS DevOps Competency for DevSecOps differentiates Contrast Security as an AWS Partner with deep domain expertise in delivering software products that integrate security across every stage of the development and delivery cycles, including pre-, during, and post-deployment. Contrast Security is part of a small group of innovative security technologies to achieve the AWS DevSecOps Competency in its inaugural year. "We're honored to achieve AWS DevSecOps Competency status on top of the DevOps Competency status that we received last year. It is a true testament to our efforts in helping large enterprises ensure security and compliance across the entire lifecycle of their web applications and APIs running on AWS. We're looking forward to expanding our AWS capabilities so that organizations garner continuous visibility and centralized point-of-control for software risk through a single platform." Surag Patel, Chief Strategy Officer at Contrast Security By using instrumentation technology, Contrast Security is embedding self-assessment and self-protection capabilities directly into AWS applications during run-time. This enables DevSecOps teams to detect accurate code-level vulnerabilities (both custom code and open source libraries) in development and quality assurance (QA) environments, and monitor and block production applications from threats and attacks in real-time. Envestnet | Yodlee, the leading data aggregation and data analytics platform, helps consumers live better financial lives through innovative products and services created for more than 1,400 financial institutions and financial technology (FinTech) companies. The company revolutionizes financial services with its intelligent APIs, innovative applications, and advanced analytics products. With the help of Contrast Security and AWS, the company was able to seamlessly integrate new applications and accelerate its time-to-market. The AWS offerings have helped Envestnet | Yodlee launch products to market quickly and effectively. By implementing Contrast as part of their DevSecOps initiatives, Envestnet | Yodlee further secured its financial software solutions and by adopting a DevSecOps methodology, security and development teams are jointly responsible for bolstering security by essentially bringing development and operations together. "Envestnet | Yodlee requires an application security framework that is repeatable, scalable, and can find and remediate vulnerabilities by using the best software security solutions," said Saran Makam, Director of Application Security at Envestnet | Yodlee. "My team chose Contrast Security because their solution was well received by our development and security teams and because it works continuously and in real-time." About Contrast Security Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Read More

ENTERPRISE SECURITY

Confluera Cloud Research Finds Cybersecurity Concern as Biggest Obstacle to Cloud and Multi-Cloud Adoption

Confluera | February 19, 2022

Confluera, the leading provider of next-generation cloud cyber attack detection and response, today released the findings of their latest research report, which explores how IT leaders detect, evaluate, and act against cybersecurity threats in today's cloud environment. The study, 2022 Cloud Cybersecurity Survey Report, showcases the perspective of 200 U.S. IT leaders at medium to large sized organizations and how they are tackling the increasingly complex remote, cloud-centric IT security landscape. The majority of organizations are accelerating their cloud adoption with 97% of IT leaders surveyed stating that their strategy includes the expansion of cloud deployments. The strategy includes expansion in scale and in many cases, the adoption of multiple platforms such as AWS, Google Cloud and Azure. This strategy is not without its challenges, however. Approximately, 63% of IT professionals identified cyberthreats designed to target cloud services as the top obstacle to their cloud strategy. Cloud and multi-cloud adoption has greatly increased the workload of already burdened IT teams. Of the 200 IT leaders surveyed, only about half of the respondents said that they are adequately staffed to manage the frequency of alerts they receive. IT teams spend 54% of their time investigating security alerts, with over half of those alerts turning out to be false or benign alarms. As threats within the cloud proliferate, IT leaders are looking for solutions to help them quickly separate the signal from the noise so they can act on the real threats promptly. Some key findings of the survey as it relates to cloud deployments are below. More than 65% of IT leaders said cloud IaaS adoption (AWS, Azure, Google Cloud, etc.) was the primary contributor to their increased workload in 2021 When asked what challenges were associated with adopting multiple cloud platforms, 69% said maintaining consistent cybersecurity coverage across all cloud infrastructures Nearly 50% said securing the resources to manage different cloud infrastructures Nearly 45% identified the difficulty detecting threats progressing from one cloud infrastructure to another "While accelerated cloud adoption continues to be a critical element in adapting to the new way of doing business, it has strained IT leader's ability to manage their workload, Organizations need to ensure proper people, processes, and tools are in place for the team to expand the complex cloud environments without sacrificing their attention to security." John Morgan, CEO of Confluera Morgan continued, "To make matters worse, the Great Resignation has demonstrated the burnout that workers across the U.S. economy are feeling, and nowhere is this burnout more obvious than in the cybersecurity teams. Organizations must ensure frequent conversations between executives and cybersecurity managers to ensure they are well equipped to adequately manage alerts, maintain systems, and avoid burnout within their teams. Other key findings include the following: 85% of IT leaders said that they experienced increased workload due to shift in work model including remote workers Nearly 70% of IT leaders said that the change in work model has made it more difficult to keep company resources secure Nearly 59% of all alert investigations turn out to be false alarms or benign activities 90% of IT leaders said they create threat storyboards but close to 60% rely on third-party services to create storyboards after the incident Not all findings in the report were so glum, however. In a positive sign, 84% of IT leaders were optimistic about their cybersecurity readiness for 2022. The majority of respondents note the availability of new cybersecurity tools as the reason for their positive outlook, with 59% saying that a Detection and Response solution for the cloud, or CxDR, is the innovation they are most excited about for future deployment. "2021 was a tough year for many IT leaders, but the market is now providing organizations with the tools they need to effectively manage the infrastructures they have and even expand them further," added Morgan. "Given proper resources and effective communication, IT leaders have every right to be positive as we move into the new year." About the Study Confluera commissioned an independent research firm to survey U.S. IT leaders using a national network of verified panel providers. A total of 200 respondents completed the survey, which was conducted between December 3-7, 2021. Those surveyed included those with senior titles, including Manager, Director, and VP/C-level. The margin of error for this study is +/-5.9% at the 95% confidence level. About Confluera Confluera is the leading provider of next-generation Cloud eXtended Detection and Response (CxDR) solutions. Recognized by Forbes as one of the Top 20 Cybersecurity Startups to Watch in 2021, Confluera's storyboard technology automates cyber attack analysis making small and large security teams more efficient. The solution has unprecedented visibility of attacks in the cloud and modern application architectures, reveals threats in real-time, and will shut down advanced multistage attacks.

Read More

DATA SECURITY

Atakama and BigID Announce Strategic Alliance for Discovering and Protecting Sensitive Data

Atakama | February 16, 2022

Atakama, the leading encryption company, has partnered with BigID, the leading data intelligence platform, to provide organizations with an integrated, automated approach to discovering and protecting sensitive and critical data. The integration of Atakama's file encryption solution with BigID's data discovery and classification ensures that organizations can automate well-defined policies to discover, classify, and protect their data. Together, BigID and Atakama make it easy for customers to accelerate governance, reduce risk, protect their sensitive data with advanced encryption, and achieve continuous data compliance. BigID enables customers to automatically discover, catalog, and classify all types of data and metadata, structured and unstructured. This includes PII, PHI, NPI, IP, and other sensitive, critical, and regulated data. Once the data has been identified, BigID can label and tag data in accordance with the organization's policies. Atakama can read the labels and immediately encrypt files in whichever location the files are stored. The integration of BigID and Atakama provides a powerful and scalable approach to sensitive data discovery and protection across the entire enterprise. "BigID together with Atakama provides our customers with a seamless, but multi-faceted approach to data security,This partnership takes data protection to another level and will immediately strengthen an organization's security posture through unmatched visibility and control. We're thrilled to have Atakama be an integral technology partner via the BigID App Marketplace as we continue helping organizations meet their data management and security objectives." Marc DeGaetano, CRO at BigID "Partnering with BigID is a natural fit given their industry-leading capabilities across discovery and classification," said Scott Glazer, CRO at Atakama. "The ability to discover and protect sensitive data is the cornerstone of a successful cybersecurity program. We're thrilled to be able to work with BigID to deliver the combined solution to our customers via the BigID App Marketplace, who can trust that their data has been properly identified and securely protected." About BigID BigID's data intelligence platform enables organizations to know their enterprise data and take action for privacy, protection, and perspective. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, a Business Insider 2020 AI Startup to Watch, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com. About Atakama Atakama is a distributed key management solution that enables granular, file-level encryption without the need for passwords, identity and access controls, centralized servers, or HSMs. Attackers are prevented from accessing any data encrypted by Atakama even when the network or systems are breached. Atakama's distributed architecture has no single point of attack or failure, a security breakthrough that vastly exceeds the status quo for information security. By using Atakama, organizations can prevent file exfiltration, enhance regulatory compliance, secure sensitive information, and enable the cornerstone of a full-fledged zero trust infrastructure.

Read More

PLATFORM SECURITY

Cybersecurity Startup ActZero Partners with Measured Analytics and Insurance

ACTZERO | December 15, 2021

ActZero, a cybersecurity startup whose AI-driven platform makes best-in-class security accessible for businesses of all sizes, today announced a strategic partnership with Measured Analytics and Insurance, the data and analytics-driven cyber insurance company. The partnership will enable businesses to protect themselves against emerging security threats with an integrated risk management approach. Recent reports by lead researchers have found that a majority of organizations have experienced incidents of ransomware or phishing in the last 12 months, while other cybersecurity threats are also on the rise. This trend means that more and more businesses need to level up their cybersecurity posture, while also preparing for the ramifications of potential attacks with cybersecurity-specific insurance. The partnership between ActZero and Measured is among the first to holistically address a business's cybersecurity needs by combining sophisticated managed detection and response services designed to stop attacks and extortion with insurance services that position companies to mitigate potential losses. "We're pleased to be working with Measured, which will serve as the foundation of our integrated risk management distribution channel,Pairing our solution with insurance coverage to better protect customers represents another leap forward in our pursuit of making cybersecurity more effective and affordable for small and mid-sized enterprises." Chris Finan, ActZero's Chief Operating Officer The ActZero platform combines next-generation antivirus protection, endpoint detection and response, extended detection and response technologies, and 24/7 automated and managed threat hunting capabilities to detect and prevent all types of cybersecurity threats, from commodity malware to sophisticated, headline attacks across endpoints, network and cloud. The combined offering with Measured means that ActZero clients can now take advantage of streamlined access to cyber insurance at better rates. Measured Analytics and Insurance sells industry-leading comprehensive cyber insurance backed by the most reputable reinsurance companies in the world. Measured tackles the challenge of underwriting cyber insurance by combining proprietary data and machine learning algorithms to assess and price cyber insurance for small- and mid-sized businesses. In partnering with ActZero, Measured's clients gain access to a robust suite of cybersecurity technologies at preferred rates. "In this era of growing concerns and evolving threats, it's critical to complement our cyber insurance offering with innovative detection and response capabilities to stop problems before they start," said Jack Vines, CEO of Measured Insurance. "ActZero is the ideal partner to deliver on this promise, enabling our customers to implement sophisticated risk management strategies, thereby best positioning themselves against today's current threat climate." ABOUT ACTZERO ActZero is a cybersecurity startup that makes small- and mid-size businesses more secure by empowering teams to cover more ground with fewer internal resources. Our intelligent managed detection and response service provides 24/7 monitoring, protection and response support that goes well beyond other third-party software solutions. Our teams of data scientists leverage cutting-edge technologies like AI and ML to scale resources, identify vulnerabilities and eliminate more threats in less time. We actively partner with our customers to drive security engineering, increase internal efficiencies and effectiveness and, ultimately, build a mature cybersecurity posture. Whether shoring up an existing security strategy or serving as the primary line of defense, ActZero enables business growth by empowering customers to cover more ground. ABOUT MEASURED ANALYTICS AND INSURANCE Measured Insurance offers an analytics-based approach to cyber insurance, specifically quantifying specific exposure to ransomware attacks. Measured Insurance is bridging the gap between technology and insurance by using AI-powered analytics that tracks individual exposure in real-time to create smarter insurance products. Every policy is tailored to fit the individual client–clearly identifying pre-event exposure in seven fundamental areas and customizing post-event loss mitigation services with real experts, real people, and real help if ever needed.

Read More

Spotlight

The Center for Strategic & International Studies (CSIS) and the European Security Round Table (ESRT) Host the conference "Transatlantic Dimensions of Cyber Security" Keynote Speech: Cecilia Malmström,Commissioner for Home Affairs, European Commission

Resources