Cybersecurity

Cavirin Pioneers Machine Learning Driven CyberPosture Scoring and Closed Loop Security for Google Cloud, AWS and OS Resources

Cavirin Systems, Inc., the only company providing risk, cybersecurity and compliance posture for the enterprise hybrid cloud, today announced the general availability of its Winter 2019 CyberPosture Intelligence release. New capabilities include closed-loop security for Google Cloud and Amazon Web Services (AWS), Google Cloud Security Command Center (SCC) integration, Ansible auto-remediation for Linux workloads, and machine learning-based CyberPosture scoring that helps customers prioritize remediation based on risk.

"Our Winter 2019 release is the next step in delivering on our vision of true multi-cloud closed-loop security," said Bashyam Anant, Vice President of Product Management at Cavirin. "Current security solutions use a siloed approach for proactive and reactive security, leaving organizations vulnerable. With closed-loop security, Cavirin is the first to assess the impact of alerts related to new, deleted or changed resources from monitoring solutions like AWS CloudTrail and Google StackDriver, using CyberPosture scoring to prioritize infrastructure changes based on their risk. Security gaps can be auto-remediated using each cloud's serverless functions."

Cavirin is also the first to apply machine learning to recommend technical controls for industry standards (e.g. NIST 800-171) and regulatory frameworks (e.g HIPAA) with associated weights and severities, which in turn drives the ability for customers to drive compliance based on risk, using Cavirin's CyberPosture scores.

Zix to Acquire AppRiver, Leading Cloud-Based Cybersecurity Solutions Provider

Zix Corporation (Zix), a leader in email security, has entered into a definitive agreement to acquire AppRiver, a leading provider of cloud-based cybersecurity solutions for $275 million in cash.

AppRiver is a channel-first provider of cloud-based cybersecurity and productivity services, serving more than 60,000 companies worldwide and supported by a 4,500-strong Managed Service Provider (MSP) reseller community. AppRiver launched its flagship spam and virus service in 2002, and has since bolstered its suite of cloud-based security offerings with web protection, email encryption, secure archiving, and email continuity solutions. AppRiver also provides Microsoft Office 365 and Secure Hosted Exchange services, which serve as an effective lead generation tool for the company's security solutions. For more than 15 years, AppRiver has helped drive industry-leading customer value through its award-winning 24/7 customer service and a single centralized platform to manage all cloud-based security solutions.

New Cloud Security Alliance Study Finds Cybersecurity Misconceptions Increase as Critical ERP Systems Migrate to Clouds

The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the findings from the first research survey on "Enterprise Resource Planning (ERP) Applications and Cloud Adoption." The study offers greater insight into cloud preparation and migration, the features and benefits gained, and the security and privacy challenges for ERP systems in a cloud environment.

According to the survey, 69 percent of organizations are migrating data for popular ERP applications to the cloud, moving to major cloud infrastructure-as-a-service providers, with the overwhelming majority, almost 90 percent, stating that these applications are business-critical.

In line with the top three migration concerns - moving sensitive data followed by security and compliance - the research finds that attackers are evolving, too. Over half of the survey respondents stated that they expect security incidents in the cloud to increase in the next year.

Cybersecurity Practices to Consider in 2019

As the years have gone by, cyber crimes have been on the rise. This has forced businesses to become savvier online and learn about how to protect themselves on the internet. This can seem like an impossible task taking into consideration the lack of monitoring that's present on the internet. However, it is vital that you learn how you can do so If you don't want to have to deal with the chaos that comes along with data breaches and cyber threats. On that note, seeing as a new year has quickly arrived, here are some cybersecurity practices that you can consider trying.

Use a Firewall

A cybersecurity best practice that you should take into consideration is using a firewall if you don't already. If you don't know what a firewall is, on the other hand, it's a program or device that filters information that's coming through the internet connection into your private network. Setting up a firewall can help create a barrier between your data and cybercriminals. In addition to external firewalls, you also have the option of installing internal ones as well as they provide added protection.

In the case that you have any employees working from home, make sure they install a firewall on their network as well. Alternatively, provide software and support for home networks to ensure compliance.

What Companies are Doing to Keep Their Data Safe



Article Written by Avery Phillips

A strong lock on the door used to be adequate to keep a company's records safe. Not anymore! Now, with so much information being kept on computers, mobile devices and stored in the cloud, the job of keeping data safe in a corporate environment is more complicated than ever. 

Cyberattacks are on the news frequently, and hackers are a real threat to every company with online access. You have a responsibility to your customers to keep their data safe, but you also store sensitive information about your employees. That too is in danger of being stolen and used for identity theft or worse. 

As a corporate executive, it is your job to put into place all the security measures necessary to keep the company data safe. Some of the policies may not be popular with employees, but it will help to keep you and them safe from thieves and cybercriminals.

Circadence Brings Project Ares Cybersecurity Platform to Microsoft Azure

Circadence helps address one of today's biggest cybersecurity learning challenges through its connection with Azure: scalability. By hosting Project Ares on Azure, Circadence has established a learning environment that can scale to replicate networks, complex enterprises, interconnected city infrastructure, and even military operations, with full digital fidelity.

Within Project Ares, CyRaaS - or Circadence's Cyber Range-as-a-Service - is the innovative capability that spins up simulated, virtual environments. When cloned in CyRaaS, the learning model is computationally elastic. It can be used for individual skill-based learning, team collaboration and interaction, staff or student assessment, cyber-attack scenario testing, and more - and then be restored to the original state with the flip of a virtual switch. CyRaaS creates authentic, immersive, real-world learning experiences for cyber professionals who can now safely enhance their skillsets and performance without compromising operational infrastructure.

Awake Security Uncovers Malicious Intent Across On-Premise, Internet of Things and Cloud Infrastructure

Awake Security today unveiled the Fall release of its Awake Security Platform, an advanced network traffic analysis (NTA) solution designed to help organizations combat sophisticated cyber threats and improve overall visibility.

Awake's exhaustive intelligence is built on 360-degree visibility and a deep understanding of the business entities in the organization-whether those are traditional IT assets, Internet of things (IoT) devices, or cloud workloads. Through analysis of every communication between these entities, Awake's enhanced network detection and response platform better detects mal-intent and attacks that blend in with business-justified activity. This empowers security teams to stop insider attacks, credential abuse, lateral movement, data exfiltration, and more.

"We see a shift in the way security teams go about uncovering threats as their organizations embrace the cloud, IoT, and/or hybrid IT. Only looking for ‘known-bad' is no longer sufficient as it leaves security teams oblivious to advanced, non-malware oriented threats especially once the perimeter has been compromised. Modern security operations centers must focus on using analytics and artificial intelligence on real-time network data to rapidly uncover such threat activity," said Eric Ogren at 451 Research. "Awake's entity-centric NTA approach promises to help eliminate noise and provides security teams with the visibility, detection, and response features required to secure modern enterprise environments."

TechDemocracy Announces IT Risk Management Platform for Amazon Web Services

TechDemocracy announced that its flagship platform, Intellicta, is now optimized for Amazon Web Services (AWS), letting boards of directors and senior management teams bridge the visibility gaps across their compliance, security, risk and governance functions, all while merging their enterprise security silos with AWS.

Intellicta's unique Digital Risk Management (DRM) Assurance framework offers the capability of getting a proactive and comprehensive view of the overall cybersecurity resilience and all-inclusive dashboard across each service and application within the Amazon Cloud.

Under the AWS shared responsibility model, Intellicta provides 360 degrees of visibility when it comes to various threat vectors that arise in the areas of infrastructure security; access control; logging and monitoring; configuration and vulnerability analysis; and data loss prevention. It also performs an in-depth analysis on the effectiveness of existing cyber risk and compliance solutions and offers a consolidated view of enterprise risk posture.

New Nerdio Security Features Available in the Microsoft Azure Marketplace

Nerdio, a provider of cloud IT automation for the public and private cloud, today announced the availability of new security features in Nerdio for Azure on the Microsoft Azure Marketplace, an online store providing applications and services for use on Microsoft Azure. The new features, also available in Nerdio Private Cloud, are designed to help managed service providers (MSPs) and small to medium-sized corporations (SMCs) with enhanced cybersecurity guidance.

"As new threats are constantly emerging and known vulnerabilities continue to evolve, it's increasingly challenging for organizations to stay ahead of security issues in an effective and resource-efficient way," said Vadim Vladimirskiy, CEO of Nerdio. "Our new security tools extend the efficiencies and benefits of MSPs and internal IT departments and empower them to be more effective in identifying and implementing which controls will truly serve the organization best."

Nerdio for Azure is an automation platform for pricing, packaging, provisioning, management, and optimization of IT environments. It uses Office 365 with Azure Active Directory ADFS, Azure virtual machines with premium managed disks, Azure Recovery Services for both backup and DR replication, and the latest Server 2016 with its optimized RDP v10 protocol running on top of GPU-enabled virtual machines. Nerdio Private Cloud is a fully integrated platform that delivers comprehensive IT infrastructure.

Three Small Cybersecurity Tips That Make A Big Difference

Written by Max Emelianov, CEO HostForWeb
 

Protecting your business doesn't always require you to spent six figures on security infrastructure or perform hundreds of penetration tests. As with many things in life, it's the little things that really count. Here are a few things you can do right now to enhance your business's security posture - and they won't cost a thing.

There's a lot of doom and gloom in the cybersecurity space. It seems like you can't even read the news without hearing about some terrifying new black hat organization, or some highly-sophisticated malware that's bringing businesses to their knees across the world. It's hard not to adopt something of a fatalist outlook amidst all that chaos.

After all, if these large enterprises with their million and billion dollar security budgets can't fend off hackers, what chance do the rest of us have?

A pretty good one, actually. See, while it's certainly true that there are a ton of well-funded, extremely advanced hacking groups out there, the chances that one of them will directly target your business are extremely slim. Likely as not, anyone who goes after you is simply taking a shotgun approach to their hacking - throw a bunch of attempts at the wall and see which ones work.