Category: Product Release

On Thursday, November 7, SonicWall is set to unveil a new security solution crafted to meet the specific needs of branch offices and small office/home office (SOHO) setups.

With its robust, cost-efficient blend of networking, access, and security capabilities, this subscription-based device is tailored for service providers and value-added resellers, aiming to redefine the cybersecurity landscape for this segment.

The platform leverages a best-in-class firewall that seamlessly integrates with cloud-native zero trust network access (ZTNA) and VPN-as-a-service (VPNaaS), delivering optimal protection for hybrid environments. Supported by industry-leading technical assistance, the solution also offers firewall management, network monitoring, and the unprecedented addition of a cyber threat warranty.

Would you be interested in receiving this release under embargo and/or speaking with Chief Strategy Officer Matt Neiderman to discuss how SonicWall’s solution is reshaping network security by uniting on-premise, hybrid, and cloud technologies into a unified offering?

The post SonicWall Unveils Cutting-Edge Security Solution for Branch and Small Office Environments appeared first on Cybersecurity Insiders.

Cyber GRC software provider Cypago has launched a new automation solution for AI governance, risk management, and compliance.

This includes implementation of NIST AI RMF and ISO/IEC 42001 standards, which are the latest frameworks for AI security and governance. As organizations increasingly incorporate AI into their business processes, daily operations, and customer-facing products and services, ensuring AI is used safely and within regulatory guidelines has become crucial.

The adoption rate of AI-powered tools and solutions is surging, fueled by the growing capabilities and accessibility of AI technologies, along with the significant advantages they offer to business operations. Yet, AI also introduces several risks such as the potential exposure of private data, opacity in operations, and escalating cyber threats. Moreover, companies must prepare for an evolving landscape of AI-related regulations within business contexts.

The optimal strategy for mitigating these risks and remaining compliant with AI regulations is to adopt robust cyber GRC practices, which continue to evolve rapidly. Cypago provides extensive risk management, around-the-clock automated monitoring, and tailored cybersecurity governance for AI applications, facilitating secure AI deployments for businesses.

“The world of AI is changing quickly, with new threats arising all the time and new regulations arriving frequently. We view it as our responsibility to help organizations maximize the benefits of AI while effectively mitigating the risks and ensuring compliance with best practices and good governance,” said Arik Solomon, CEO of Cypago. “These latest features ensure that Cypago supports the newest AI and cyber governance frameworks, enabling GRC and cybersecurity teams to automate GRC with the most up-to-date requirements.”

Cypago offers continuous visibility into an organization’s tools, applications, and models, while automating many of the processes required for effective risk evaluation and threat monitoring. The platform’s advanced security protocols for AI systems safeguard against cyber threats, data breaches, and compliance breaches.

Furthermore, Cypago has experience in deploying safe AI technologies, having integrated natural language processing models and generative AI command prompts into its offerings in 2023.

The platform enhances the management of security, risk, and compliance, streamlining the identification and rectification of gaps, which enables quicker response to new threats and vulnerabilities. It also ensures adherence to global, national, and industry-specific regulations, giving companies the confidence to navigate the intricate compliance environment related to AI use.

About Cypago

Cypago’s revolutionary SaaS-based Cyber GRC Automation (CGA) platform redefines the three lines model by eliminating friction and bridging the gap between management, security, and operations. It transforms GRC initiatives into automated processes, enabling in-depth visibility, streamlining enforcement, and significantly reducing overall costs. The platform leverages innovative technologies, including advanced analysis and correlation engines, GenAI, and NLP models, designed to support any security framework in any IT environment, both in the cloud and on-premises. Cypago was founded in 2020 by tech leaders and cybersecurity veterans with decades of combined experience in the development, operations, and commercialization of cybersecurity solutions. For more information, visit https://cypago.com/.

The post Cypago Unveils New Automation Support for AI Security and Governance appeared first on Cybersecurity Insiders.

Tel Aviv-based IONIX has unveiled a groundbreaking enhancement to its Attack Surface Management (ASM) platform: the introduction of a centralized Threat Center designed to accelerate the response of security teams to newly disclosed zero-day vulnerabilities. This advancement comes at a critical juncture in the cybersecurity domain, where the speed and efficiency of responding to vulnerabilities can mean the difference between a secure network and a compromised one.

The new IONIX Threat Center is engineered to provide security teams with detailed, up-to-the-minute insights into the exposures that the latest zero-day vulnerabilities may pose. It accomplishes this by pinpointing specific assets within an organization’s digital ecosystem that are, or could potentially be, exposed to zero-day exploits. Upon identifying these vulnerabilities, the Threat Center proactively alerts customers and provides them with suggested remediation actions, enabling a response up to three times faster than traditional methods.

This innovation is particularly notable for its synergy with IONIX’s recently integrated Exposure Validation capabilities, which simulate non-intrusive exploit scenarios in response to emerging zero-days. This approach allows for a precise identification and validation of assets that are exploitable or potentially at risk, with the validated findings made accessible through the IONIX Threat Center. This ensures that customers have focused visibility into their exposure to zero-day threats, along with streamlined access to necessary remediation steps.

A real-world example of the platform’s efficacy was demonstrated earlier this year when the IONIX system swiftly mapped and evaluated the exploitability of customer instances of Jenkins, an open-source automation server, following the disclosure of a critical vulnerability. This proactive approach underscores IONIX’s commitment to equipping its customers with the tools and information needed to swiftly and effectively address critical vulnerabilities.

Marc Gaffan, CEO of IONIX, emphasized the importance of narrowing down the focus to the fraction of zero-day vulnerabilities that are actively exploited. He stated, “It’s commonly assumed that only two percent of zero-day vulnerabilities are actively exploited. Getting to that two percent and helping customers identify the assets with exploitable risks – that’s where the focus of cybersecurity teams should be.” Gaffan further elaborated that the Threat Center’s objective is to bring clarity to the real impact of zero-day exploits, facilitating the identification and rapid remediation of the most critical and exploitable assets.

The IONIX Threat Center is supported by the company’s research team, which conducts continuous scanning and tracking of vulnerabilities. This ensures that new vulnerabilities are quickly identified, analyzed, and that specific exploitable assets are highlighted for customer action. The Threat Center’s capabilities extend beyond mere identification, offering actionable remediation advice in an accessible format through the IONIX customer portal. This includes validated exploitability and recommended actions, alongside proactive communication to maintain transparency and reinforce the reliability of IONIX’s testing procedures.

IONIX’s ASM platform stands out in the crowded cybersecurity field for its comprehensive approach to revealing exploitable risks across real attack surfaces and digital supply chains. It boasts an unparalleled ability to discover and monitor every internet-facing asset and connection, delivering focused insights into the most critical risks to businesses, and providing the tools necessary for rapid threat remediation and attack surface exposure reduction. Global leaders, including Lexmark, Infosys, The Telegraph, Warner Music Group, and E.ON, rely on IONIX for proactive defense against the complexities of securing their expansive and ever-evolving attack surfaces.

The launch of the IONIX Threat Center represents a significant leap forward in attack surface management, setting a new benchmark for the cybersecurity industry. It underscores the critical need for organizations to adopt advanced, intelligent solutions that can keep pace with the rapid evolution of cyber threats. As the ASM space continues to grow and evolve, innovations like the IONIX Threat Center will play a pivotal role in shaping the future of cybersecurity, providing organizations with the means to stay one step ahead of potential threats.

The post IONIX Advances Industry Leading Attack Surface Management (ASM) Platform With Centralized Threat Center for Swift Zero-day Response appeared first on Cybersecurity Insiders.

Aembit, the Workload Identity and Access Management (IAM) platform that enables DevOps and security teams to discover, manage, enforce and audit access between workloads, today announced the availability of a new integration with the industry-leading CrowdStrike Falcon® platform to give enterprises the ability to dynamically manage and enforce conditional access policies based on the real-time security posture of their applications and services. This integration signifies a significant leap in Aembit’s mission to empower organizations to apply Zero Trust principles to make workload-to-workload access more secure and manageable. 

Workload IAM transforms enterprise security by securing workload-to-workload access through policy-driven, identity-based, and secretless access controls, moving away from the legacy unmanaged, secrets-based approach. 

Through this partnership, the Aembit Workload IAM solution checks to see if a CrowdStrike Falcon agent is running on the workload and evaluates its real-time security posture to drive workload access decisions to applications and data. With this approach, now enterprises can protect their workloads from unauthorized access, even against the backdrop of changing conditions and dynamic access requirements. Additional customer benefits from this partnership include:

  • Managed Workload-to-Workload Access: Enforce and manage workload access to other applications, SaaS services, and third-party APIs based on identity and policy set by the security team, driving down risk.
  • Seamless Deployment: Drive consolidation by effortlessly integrating the Aembit Workload IAM Platform with the Falcon platform in a few clicks, providing a unified experience for managing workload identities while understanding workload security posture.
  • Zero Trust Security Model: Embrace a Zero Trust approach, ensuring that every access request, regardless of the source, is verified before granting access rights. Aembit’s solution enforces the principle of least privilege based on identity, policy, and workload security posture, minimizing potential security vulnerabilities.
  • Visibility and Monitoring: Gain extensive visibility into workload identities and access permissions, enabling swift detection and response to potential security threats. Monitor and audit access logs based on identity for comprehensive security oversight.

This industry-first collaboration builds on the recent CrowdStrike Falcon Fund strategic investment in Aembit, underscoring the global cybersecurity leader’s commitment to fostering innovation within the space. The investment reflects the recognition of the growing demands for securing workload access.

Aembit Workload IAM is available in the CrowdStrike Marketplace, a one-stop destination and world-class ecosystem of third party products. See more here

Supporting Quotes:

“Today’s attacks are increasingly identity-based, which is why enforcing identity-protection across the enterprise at every layer is critical for modern security. The CrowdStrike Falcon platform is rapidly becoming the center of cybersecurity’s ecosystem. This integration with Aembit enables organizations to secure machine identities as part of a holistic approach to security.” said Daniel Bernard, chief business officer at CrowdStrike.

“The launch of the Aembit Workload IAM Platform on the CrowdStrike Marketplace represents a significant advancement in our joint mission to securely manage workload-to-workload access,” said David Goldschlag, CEO and co-founder at Aembit.

“We are excited to bring the power of Aembit’s Workload IAM to the CrowdStrike Marketplace. This collaboration enables us to deliver Zero Trust for workload access in a way that simplifies and automates the evolving security challenges faced by DevOps and DevSecOps teams,” said Apurva Dave, CMO at Aembit.

The post Aembit Announces New Workload IAM Integration with CrowdStrike to Help Enterprises Secure Workload-to-Workload Access appeared first on Cybersecurity Insiders.

The cybersecurity industry has been rapidly transforming for well over a decade. With threat actors rapidly finding unique ways to expose vulnerabilities, organizations are constantly seeking the latest technology to protect their proprietary information, such as Intrusion Detection Systems (IDS) or Security Information and Event Management (SIEM). In recent years, the shift to cloud infrastructure has presented a new obstacle for cybersecurity experts’ threat detection and response toolkit.

From SIEM to Cloud

In the early aughts, IT pros interested in having a precise log of events across their systems invested in SIEM. SIEM tools offer on-premises monitoring capabilities with real-time insights for these IT teams. This software can log and manage events, provide analyses, and store information, and it still exists today.

As the technology industry grew, cloud computing became more common. Moving data and tech infrastructure into the cloud became a significant priority for many organizations. Most companies broadened their SIEM reach into the cloud to keep up with technology and monitor the events occurring within, but there was a deep contrast between the on-premises and cloud environments, involving more strategic coordination.

Keeping Up With The Cloud

The cloud is a new space involving careful, research-based adjustments to reduce significant consequences. While SIEM was able to provide real-time insights for IT teams, it simply couldn’t accurately offer predictive results to users, focusing solely on the “what” rather than the “so what.”

Security teams investigating concerning activities must focus on the “so what” to evaluate the potential impact threat activity can present to an organization. SIEM technology is unclear to many, and assigning specific assets to team members can lead to misunderstandings. Security teams using SIEM require more legwork to identify risk by mapping permissions, putting up safety precautions, and determining motives.

As a result of the effort required to use SIEM for security, there is a further cost to the organization in the form of time. Investigations have the potential to take hours or days, and inaccuracies can be extremely risky. Attackers gaining access to specific databases and exposing them online present detrimental ramifications to a business. Because of this challenge, security, and operations (SecOps) teams must evaluate the impact of each adjustment made in the cloud. The ability to accurately and promptly investigate events is rare, which leads teams to choose between ignoring suspicious events or spending time and resources on proper investigation.

CDR Solutions

The resolution to this predicament is Cloud Detection and Response (CDR), which spans beyond the limitations presented by SIEM solutions used in the cloud. CDR solutions streamline processes to give security teams the necessary information rather than an overwhelming log of events. These systems analyze the impact of events within the cloud, predicting potential effects for teams to save time and remain focused on the most critical parts of the cloud security system.

In order to address these security issues and the broader shift to CDR, Stream Security announced a significant expansion into the cloud security space. By analyzing potential threats, considering identifying exposures, unveiling security gaps and assessing the impact of their remediation efforts, Stream Security enables improved collaboration between security and operations teams with precise insights into their cloud environment.

With this expansion, Stream Security is giving their proprietary Cloud Twin technology a major upgrade that empowers security and operations teams to detect and investigate their exposure and threats. Cloud Twin models evaluate the environmental posture continuously, offering real-time insights into data traffic and correlating this information to each organization’s unique needs and guardrails. Intended for a dynamic cloud environment, Cloud Twin technology provides security and DevOps teams with the tools to detect threats and exposure without inaccuracies, allowing operations teams to react quickly.

Stream Security’s tech is currently the only known solution of its kind to map cloud dependencies in real-time. The update to their solution comes with significant new features, including Azure Integration, Vulnerability Correlation, and Threat Anomaly Detection.

Image by rawpixel.com on Freepik

The post Stream Security Takes on CloudSecOps appeared first on Cybersecurity Insiders.

As the networking landscape rapidly shifts with data, applications, and infrastructure migrating to the cloud, Enea, a leader in telecom and cybersecurity, has launched its Qosmos Threat Detection SDK. This SDK addresses the limitations of conventional intrusion detection systems (IDS), which struggle to meet the evolving demands of cloud-based, multifunction security platforms.

Filling the Gap in Conventional IDS

Traditional IDS platforms have become increasingly important as traditional network perimeters disappear, but they often fall short in terms of scalability and performance in modern cloud environments. Enea’s Qosmos Threat Detection SDK offers a comprehensive approach to IDS that meets both technical and functional threat detection requirements. It combines Suricata’s industry-leading IDS functionalities with Enea’s Qosmos ixEngine, thereby eliminating the need for double packet processing and significantly accelerating parsing speed.

Performance and Scalability

The SDK doubles the performance by leveraging Enea’s Qosmos ixEngine for packet acquisition and parsing. By optimizing resources, it vastly expands traffic insights, providing significantly higher native throughput than traditional IDS systems.

Jean-Pierre Coury, Vice President of Enea Traffic Intelligence, added, “Faced with the performance and scale requirements of today’s cloud-centric, multifunction IT platforms, traditional IDS/IPS systems are falling behind. Enea Qosmos Threat Detection SDK meets these challenges with a threat detection engine delivered in the format of a software development kit capable of tight integration with third-party solutions, easy customization, and radically improved cybersecurity performance.”

Enhanced Accuracy and Customizability

One of the SDK’s key features is its full traffic visibility, even into encrypted communications. Coupled with enhanced parsing capabilities, this significantly reduces both false negatives and false positives. The SDK allows for the easy creation of custom rulesets, providing cybersecurity solution developers with more accurate and rapid threat detection capabilities.

Roy Chua, Founder and Principal at AvidThink, added, “Modern cybersecurity models rely heavily on DPI. A strong DPI engine not only enables better network traffic visibility but also provides the data needed to create custom rules specific to each environment.”

Simplified Integration and Deployment

Designed with cybersecurity software developers in mind, the Qosmos Threat Detection SDK allows for tight integration into various cybersecurity solutions while maintaining flexibility and scalability. It supports standard rulesets with Suricata syntax, making deployment easier. The SDK also makes Qosmos ixEngine metadata available in rule syntax, further improving threat detection and simplifying integration.

To learn more please visit: https://www.enea.com/solutions/dpi-traffic-intelligence/threat-detection-sdk/

 

The post Enea Unveils Qosmos Threat Detection SDK to Boost Network Security appeared first on Cybersecurity Insiders.

Adaptive Shield, a leader in SaaS security, has made headlines with the announcement of its groundbreaking Identity Threat Detection and Response (ITDR) solution at Black Hat USA 2023. This new addition to its SaaS Security Posture Management (SSPM) solution marks a bold stride towards comprehensively safeguarding the SaaS ecosystem.

In a recent interview with Maor Bin, Co-Founder and CEO of Adaptive Shield, we explored the security implications of the shift to SaaS and Adaptive Shield’s ITDR capabilities for addressing identity-related risks.

The Challenges: Mapping the SaaS Shift

The rise of SaaS applications has reshaped the security landscape, adding complexity and decentralizing control. Integration with various systems expands the attack surface and creates opportunities for breaches. Compliance in the flexible SaaS framework becomes more intricate, and the rapid pace of innovation can outstrip security considerations. The interactions between systems and the shared responsibility model between providers and customers add even more layers of complexity. These evolving factors profoundly redefine SaaS security, requiring an innovative and multi-dimensional approach to anticipate and respond to the challenges.

According to Maor, the broader industry trends are clear: “As on-prem is shifting to SaaS, there’s an immediate need for robust security measures that can adapt to the new environment.”

The shift towards SaaS applications represents a transformative change in how organizations operate, offering flexibility, scalability, and cost-efficiency. However, this shift also introduces new security challenges that require a multifaceted approach. Understanding the factors driving these challenges is the first step in devising effective strategies to address them, ensuring that the benefits of SaaS adoption are not overshadowed by potential risks.

Adaptive Shield’s Innovative Approach to SaaS Security

“When speaking with our enterprise customers, CISOs highlight SaaS Security as a top priority, and ITDR has quickly become a critically needed capability as part of SSPM,” Maor states, aligning the company’s focus with customer needs.

Designed to tackle various SaaS-related threats, Adaptive Shield’s ITDR detects and responds to identity-related security threats based on key Indicators of Compromise (IOCs) and User and Entity Behavior Analytics (UEBA). These threats include password-based attacks, IP behavior anomalies, unauthorized document access, and more. Adaptive Shield’s platform goes beyond mere detection and response, offering a comprehensive model for securing the SaaS Identity Fabric. This includes:

  • Misconfiguration Management: Identification of security drifts across all security controls and receive detailed remediation plans to ensure proper configuration.
  • Identity and Access Governance: Consolidated visibility and risk management of user accounts, permissions, and activities across all SaaS applications.
  • SaaS-to-SaaS Access and Discovery: Visibility into connected apps and assessment of the risk posed to the SaaS environment.
  • Device-to-SaaS Risk Management: Management of risks from SaaS users and their associated devices.

Adaptive Shield offers a complete package that includes Misconfiguration Management, SaaS-to-SaaS Access and Discovery, Identity & Access Governance, Device-to-SaaS Risk Management, and, of course, the newly announced Identity Threat Detection & Response (ITDR). This comprehensive approach ensures that organizations can effectively prevent, detect, and respond to threats, offering unparalleled protection for their SaaS platforms.

Strategic Investment by Blackstone

The ITDR launch follows Adaptive Shield’s strategic investment from Blackstone, one of its Fortune 500 customers. This investment emphasizes the industry focus on SaaS security and the critical need for innovative solutions like ITDR.

Adaptive Shield’s announcement of ITDR capabilities at Black Hat USA 2023 marks a crucial milestone in the field of SaaS security. By providing an integrated solution that understands and addresses the complexities of the SaaS environment, Adaptive Shield is setting new standards for cybersecurity.

For professionals and organizations seeking to fortify their SaaS platforms, Adaptive Shield’s ITDR capabilities present a compelling option that aligns with the evolving demands of modern cybersecurity.

For more information about ITDR or to request a demo, please visit Adaptive Shield’s official blog post on Identity Threat Detection and Response.

The post Adaptive Shield Unveils Identity Threat Detection and Response (ITDR): A New Era in SaaS Security appeared first on Cybersecurity Insiders.

Invary is advancing a new age of cybersecurity, focusing on restoring trust in existing cyberdefense tech stacks. Led by Jason Rogers and Dr. Wesley Peck, the company aims to bolster security infrastructure by addressing the crucial yet often overlooked runtime security gap.

Breaking Assumptions to Break Ground

During a recent interview, Rogers and Peck emphasized the necessity of questioning and testing long-standing assumptions within the cybersecurity sector. An alarming loophole lies in the common assumption that the operating system is always uncompromised and trustworthy. This blind spot persists even in advanced defenses like XDR, SIEM, and CNAPP solutions, creating a dangerous window of opportunity for threat actors.

To close this gap, Invary’s Runtime Integrity offering will enforce continuous validation of the operating system, forming an integral part of a “trust nothing” Zero Trust architecture. The innovative technology promises superior protection for the digital environment, efficiently detecting compromise.

Funding Fuels Expansion and Innovation

The successful completion of the pre-seed funding round, led by Flyover Capital, NetWork Kansas GROWKS Equity program, and the KU Innovation Park, is not merely a monetary boost for Invary, but a strong endorsement of their innovative approach to cybersecurity. The funding will catalyze the launch of Invary’s Runtime Integrity offering and support its broader mission to prevent data breaches and ransomware attacks.

Dr. Peck shared his enthusiasm about the funding in the interview, explaining that the investment validates their work and will help them “improve Invary’s Runtime Integrity Service while making our agent open source.”

Commitment to the Ecosystem

Apart from its proprietary services, Invary offers a free Runtime Integrity Score (RISe) service. Available now, this service lets customers assess their system’s integrity and spot hidden malware. This initiative reflects Invary’s steadfast dedication to enhancing the safety of the entire cyber community. CEO Jason Rogers stated in the interview, “We are thrilled to have secured this pre-seed funding, as it validates the need for Invary’s novel technology to shore up existing cyber defenses against high impact hidden threats.” Considering the fact that 72% of cyberattacks occur in production, according to Datadog’s latest State of Application Security report, the need for a solution is both apparent and urgent.

The Powerhouse Team

Invary’s leadership team boasts decades of operational expertise in Trusted Computing research. The company’s security credentials are further fortified by the inclusion of founder Dr. Perry Alexander, an eminent authority in Trusted Computing research, and his protégé Dr. Wesley Peck.

Unique Focus on Runtime Security

Invary’s unique approach to runtime security plugs this critical gap in the security infrastructure. Built on an exclusive intellectual property grant from the NSA, Invary’s Runtime Integrity service mandates continuous validation of the operating system, uncovering hidden threats that often go undetected by conventional threat detection systems. This strategy aligns with the principles of a Zero Trust architecture, which mandates a “trust nothing, verify everything” approach to cybersecurity.

By ensuring the integrity of the operating system and neutralizing threats at the runtime, Invary provides a critical layer of security that fortifies an organization’s defense against high-impact attacks like ransomware and data breaches. Its Runtime Integrity Score (RISe) service also allows customers to spot-check their system’s integrity and identify hidden malware, providing a vital, proactive tool in maintaining a secure digital environment.

Recognition from the Industry

Invary’s innovative approach has garnered praise from industry leaders. Jon Broek, CEO of Tenfold Security, commended Invary’s technology, stating, “Invary Runtime Integrity gives us an unfair advantage over the competition when deployed with our security solutions for cloud and virtual machines.”

With its unique approach, a proven team, and strong financial backing, Invary is closing a critical gap in Zero Trust security, setting a new standard in the industry.

The post Closing the Zero Trust Gap: Invary Leads Cybersecurity Innovation with New Approach appeared first on Cybersecurity Insiders.

When COVID-19 disrupted our work environments and triggered a massive shift to remote work, organizations faced the daunting task of securing corporate data and apps across thousands of disparate locations and devices.

Companies, employees, and IT departments were forced to quickly adapt to this new reality of a remote-first world. The issue was further exacerbated by traditional remote desktop solutions that proved inadequate for this new landscape. The blurring of personal and professional time, the rise of gig workers, offshore employees, and the need for businesses to secure this dynamic world of remote work, strained traditional remote desktop systems like Virtual Desktop Infrastructure (VDI) to their limits.

Traditional Remote Work Solutions Fall Short

Traditional VDI systems are ill-equipped to handle this shift, offering subpar user experiences due to latency, slowness and management overhead. Enterprise Browsers, although a more innovative solution, also have limitations around application use and network integration. Before Venn’s emergence, companies often resorted to shipping secure, corporate laptops to their remote employees or relied on complex, costly VDI technology to stay compliant with regulatory requirements. These solutions not only frustrate users but also fall short in terms of security, cost effectiveness and ease of use. This situation also leads to the security workaround paradox, where users, restricted by too many security constraints, seek alternate, less secure methods to get their work done. The urgent need for a better solution to secure remote work is evident.

A New Approach to Securing Remote Work

Recognizing the mounting issues associated with securing distributed workforces, David Matalon and his team at Venn Software sought to revolutionize remote work security. Having previously helped hundreds of organizations overcome compliance and security issues for remote workers, they understood the challenge at hand. With Matalon’s vision, the team started Venn, a radical and less costly alternative to VDI, and the first MDM (Mobile Device Management) solution for laptops. This vision resonated with investors, leading NewSpring Capital to support the product development and growth, resulting in a successful $29 million Series A funding round.

Recently awarded with a key patent (U.S. Patent No. 11,687,644) for a “Secure Visual and Computational Boundary for a Subset of Resources on a Computing Machine”, Venn’s approach is innovative: Remote work activity now lives in a company-controlled Secure Enclave installed on the user’s computer where all work data is encrypted and access is managed.

Similar to MDM for mobile devices, work applications run locally within a virtual wrapper, visually indicated by a Blue Border™, which intuitively demarcates protected work apps from private user applications. This method provides control over what work data can be transferred in and out of an application. This way, businesses can restrict activities like copying and pasting corporate data outside of work applications or saving a file onto a personal desktop. Even network traffic can be protected to ensure certain applications only connect to approved servers. With this approach, business activity is isolated and protected from personal use on the same device, safeguarding company data without having to control the entire device.

With Venn, employees can now use their personal computers for work without compromising security, effectively bringing BYOD (Bring Your Own Device) to laptops. This not only enhances the user experience but also drastically reduces the costs associated with maintaining separate devices or running complex virtual environments.

Matalon explains, “Instead of having to buy, manage, and lock down every PC and device, remote work can now easily be secured on any BYOD or unmanaged computer. Venn gives organizations more control, without the need for costly backend infrastructure.” The granting of the patent further strengthens the company’s intellectual property and ability to expand investments in Secure BYO-PC (Bring Your Own Personal Computer) technology.

With its key patent granted, a successful Series A funding round, and growing customer validation, Venn is ideally positioned for the next phase of growth. More than 700 companies, including major players like Fidelity, Guardian, and Voya, already trust Venn to meet stringent standards like FINRA, SEC, NAIC, and SOC 2. The focus now is on driving further innovation, expanding the reach of their Secure BYO-PC technology, and helping more organizations securely navigate the world of remote work.

As the boundaries between personal and professional devices continue to blur, and remote work becomes the new norm, the need for efficient, secure, and user-friendly remote work solutions has never been greater. With Venn, businesses now have a radically simplified, cost-effective alternative that meets these needs while enhancing the user experience – setting a new bar for the future of secure remote work.

To learn more, please visit: https://www.venn.com/patent-technology-mdm-for-laptops

The post Venn Redefines Remote Work Security with Innovative BYO-PC Solution appeared first on Cybersecurity Insiders.

The vCISO Directory comes to answer the increasing need of SMBs to manage their cybersecurity and helps them find and engage with the right vendor

TEL AVIV, ISRAEL, JUNE 22, 2023 – The industry’s first-ever directory of virtual Chief Information Security Officer service providers has gone live today at www.thevcisodirectory.com. This extensive list of virtual CISO (vCISO) providers, collated by Cynomi, means that small- and medium-sized businesses (SMBs) can easily tap the expertise of qualified cybersecurity professionals to protect their digital assets and ensure compliance.

Cyberattacks are on the rise, with Check Point Software’s Mid-Year Security Report revealing a 42% global increase in malicious incidents during the first half of 2022. In this climate, strong cybersecurity measures are crucial. However, most small and medium size companies do not have a CISO of their own, usually because they lack the budget to fill such a position. This problem is compounded by the talent gap that makes it difficult to find individuals with the necessary skill and specialized experience. According to research by Datto, only 50% of SMBs have a dedicated, internal IT person who manages their cybersecurity needs.

To address this gap and help organizations shore up their cyberdefenses, managed service providers (MSPs,) managed security service providers (MSSPs) and consultancies have developed vCISO services. They enable businesses to avail themselves of the expertise and skills of a professional CISO to improve their cybersecurity posture, while only paying for an agreed scope of work, usually a fraction of the cost of an in-house security expert. Cynomi, by publishing the industry’s first vCISO directory, is making it simple for businesses to access this expanding pool of resources.

At launch, the vCISO directory contains more than 200 listings of U.S.-based providers, together with details on the specific services they offer and the technology platforms they use to guide and implement their security strategies. The directory will be continually updated and expanded globally to incorporate international providers.

“Thousands of small and mid-sized businesses globally could benefit from the expertise and support of a traditional CISO, but on a more consultative or part-time basis”, said David Primor, co-founder and CEO of Cynomi. “This is where the vCISO services come in. Our new directory enables businesses to find all vCISO service providers in one place and make an informed choice between the different benefits of the many providers available.”

“Couple of years back we weren’t prioritizing our cybersecurity services, but then we started getting consistent security-as-a-service requests,” said Chris Bevil, CISO of InfoSystems, an MSP located in Tennessee, U.S.A. “We realized that setting up a robust vCISO offering was in our best business interest. In the present climate, this has been a significant boost to our business and positioned us as a leading MSP in our region.”

MSPs and MSSPs offering vCISO services that are not yet included in the directory can submit their details for consideration here.

About Cynomi

Cynomi’s AI-driven platform empowers MSSPs, MSPs and consultancies to offer vCISO services to SMEs at scale and provide them with proactive cyber resilience. Combining proprietary AI algorithms with CISO-level knowledge and knowhow, Cynomi’s platform streamlines the vCISO’s work while automating manual time-consuming tasks including risk assessment, compliance readiness, cyber posture reporting, creation of tailored security policies and remediation plans, as well as task management optimization.

Cynomi helps partners overcome the cybersecurity skill gap and scale their business, allowing them to offer new services, upsell and increase revenues while reducing operational costs. Established in 2020 with the vision that every company deserves a CISO, and with a channel-only approach, Cynomi now serves more than 50 partners worldwide.

To learn more about Cynomi’s solution for MSPs, MSSPs, and cyber consultancies visit www.cynomi.com

The post First Directory of Virtual CISO Providers Launched by Cynomi appeared first on Cybersecurity Insiders.