Vulnerability intelligence data is fragmented across multiple sources, from vendor security advisories to open-source projects, premium tools, and government databases, including CISA’s Known Exploited Vulnerabilities (KEV) catalog and National Vulnerability Database (NVD). As a result, threat and vulnerability analysts must spend hours manually collecting the data from these sources to analyze and assess threats. This time-consuming approach impacts incident response times and limits coverage. It makes it virtually impossible to proactively monitor the threat landscape to track vulnerabilities that may pose significant risks to the organization.

Nucleus Vulnerability Intelligence Platform aggregates data from up to 16 government, open-source, and premium feeds, enabling organizations to monitor threats efficiently. It eliminates the manual consolidation of data and speeds up the process exponentially. The platform also enables automated alerts for specific vendors, threat actors, Malware, and more to ensure that the most relevant threats are immediately identified and managed.

“Traditional vulnerability assessment processes are tedious and time-intensive and simply cannot keep pace with the speed and contextual intelligence required to quickly and effectively analyze and act on threats,” said Stephen Carter, co-founder and CEO of Nucleus Security. “By automating the process of aggregating intelligence data, presenting the data in a unified view, overlaid with risk-level categorization and business-specific context, Nucleus Vulnerability Intelligence platform streamlines threat assessment and empowers teams to prioritize and take action confidently.”

Critical capabilities of the Nucleus Vulnerability Intelligence Platform include:

• Unified visibility: Consolidates open and premium intelligence sources into a single platform, providing comprehensive threat visibility.
• Automated intelligence: Reduces manual effort with automatic threat monitoring, business-driven alerts, and risk-level categorization.
• Tailored alerts: Delivers business-specific threat alerts, enabling teams to monitor the vast vulnerability landscape and drive actionable insights effectively.
• Risk-based workflows: Streamline risk-based workflows across teams by automatically categorizing risk levels.
• Accelerated assessment: Speed up vulnerability threat assessment and investigation with unified vulnerability intelligence and automated processes.
• Proactive defense: Empower your security teams to proactively hunt for vulnerabilities and mitigate risks before they can be exploited.

“One of the biggest challenges to vulnerability remediation is the ability to quickly analyze available data to determine criticality and relevance to an organization. VM teams struggle without data in a unified format that is relevant to their unique business context. Combined with automated threat assessment and risk level categorization, this takes the manual work out of the equation and allows teams to quickly get from notification to action,” – Richard Stiennon, Chief Research Analyst, IT-Harvest

For additional information about Nucleus Vulnerability Intelligence Platform, click here.

Related Posts:

Nucleus Security Adds Jeremiah Grossman to Board and Tamir Hardof as CMO

MSPs Face Unplanned Security Expenses from 51% of Cyberattacks

The post Accelerate Threat Assessment and Risk Mitigation with Nucleus Vulnerability Intelligence Platform appeared first on Digital IT News.

In a radical move, Praetorian also announced plans to open source all Chariot capability modules. This approach reflects their belief that software is a commodity, and the real value lies in support, solutions, and services that accompany it, along with the continuous threat exposure management platform.

“Our goal is to provide all foundational capabilities for free, while simultaneously betting that the true differentiation lies in our team of offensive security experts standing side by side with our customers’ defensive teams every day, at a price point that makes sense” said Nathan Sportsman, CEO and founder of Praetorian. “While working at Sun Microsystems, RedHat taught us the hard way that software is a commodity. I want to apply those lessons to cybersecurity and rid this industry of overpriced and non-functional security products.

Chariot’s Attack Surface Management (ASM) module will be the first module to roll out into a freemium tier.

Key Features within Chariot’s ASM Module:

• Comprehensive Asset Visibility: Monitor dynamic cloud environments, discover shadow IT and reduce technology sprawl
• Proactive Risk Assessment: Understand business impact and risk of interconnected assets
• Prioritization of Critical Risks: Eliminate the noise, remove false positives and ensure resources are directed at the issues that truly matters
• Continuous Monitoring: Immediately scan for 0-days and attack techniques reported by cyber threat intelligence
• Public and Private Repository Monitoring: Detect exposed secrets, public repositories, and CI/CD misconfigurations

These features empower organizations to maintain strong security postures without the financial burden typically associated with asset discovery. But Praetorian isn’t stopping there. As a fast follow to Chariot’s Free ASM release, Praetorian will release a Breach and Attack Simulation module in the coming weeks. To top this, Praetorian will also release free modules for Vulnerability Management, Cyber Threat Intelligence, and Continuous Penetration Testing, further enhancing Chariot’s free tier capabilities.

Praetorian’s core value proposition is industry-leading offensive security experts supercharged by world-class software and proprietary data. “We believe software is just enablement technology,” said Sportsman. “Enterprises are seeking solutions, support, and services. CISOs don’t have enough budget, they don’t have enough people, and the business does not listen to them enough. We solve all three of those problems by consolidating tech spend, eliminating noise, standing side-by-side with their teams, leveraging our 3^rd party assessor status to provide customers the ammo they need to get things fixed. – all at a price point less than a fully burdened senior FTE hire.”

Modern security teams are drowning in noisy alerts and spread thinly across too many security products. Chariot enables organizations to cut through the noise and consolidate five core security solutions into a single unified platform. Its combination of software plus experts empowers customers to focus on exploitable risks instead of superficial alerts. For more information about Praetorian’s free ASM offering and the Chariot platform, visit praetorian.com  or contact info@praetorian.com. 

Related News:

IT and Security Professionals Think Non‑IT Leaders Don’t Grasp Vulnerability Management

Top Ways to Enhance Your Cybersecurity Defenses

The post Praetorian Offering a Free Version of the Attack Surface Management Platform appeared first on Digital IT News.

SSDL is a modular orchestration platform powered by Palo Alto Networks Prisma Cloud and Cortex XSOAR that enables shared clients to reinforce their cloud environments with enhanced security measures from code to cloud. This helps them to mitigate risks and promote a secure development and deployment lifecycle that adheres to their unique cloud security and compliance requirements. The platform helps clients address cybersecurity requirements from design to tactical build/deploy, as well as manage ongoing cloud observability and optimize operational efficiency. SSDL can be efficiently integrated as an overall solution or integrated into an organization’s existing Continuous Integration/Continuous Delivery (CI/CD) pipeline, cloud security infrastructure and compliance ecosystem — and scales across all major cloud platforms.

“Our new Secure Software Development Lifecycle solution helps organizations address cloud security complexities with confidence,” said Kieran Norton, Deloitte Risk & Financial Advisory’s transformation and emerging technology leader and principal, Deloitte & Touche LLP. “As our strategic alliance with Palo Alto Networks expands, we’re excited to continue to help our shared clients achieve their cloud and business goals by driving successful cybersecurity outcomes.”

Deloitte and Palo Alto Networks shared clients can leverage the platform for streamlining account provisioning, enabling secure build and deployment processes, implementing robust logging and monitoring mechanisms, enforcing custom security guardrails and auto remediation.

“Organizations today need help securing constantly changing, cloud-native applications and infrastructure from development to deployment,” said Prem Iyer, SVP Global Ecosystems, Palo Alto Networks. “We are pleased to further expand our collaboration with Deloitte by offering clients a transformative solution that provides continuous security across the software development lifecycle, helping them address compliance requirements and increasing efficiency with embedded security and automated remediation.”

The existing alliance between Deloitte and Palo Alto Networks focuses on jointly developing and offering integrated, end-to-end Zero Trust and multi-cloud cybersecurity solutions to their mutual enterprise and government customers.

For more information visit deloitte.com.

Related News:

Netwrix MSP Sector Report Finds Data and Network Security Top Priorities

Trend Vision One Announced for Optimized Security for Endpoints

The post New SSDL Offered by Deloitte and Palo Alto Networks Alliance appeared first on Digital IT News.

The new functionality in Netwrix Auditor X enables customers to:

• Reduce the time to detect and investigate incidents involving sensitive data. Security teams can quickly detect and respond to activity that threatens sensitive content, thanks to more granular security intelligence.
• Enjoy a personalized security experience. The customizable home screen gives users instant access to the information most relevant to them, such their current risks and favorite reports, so they can swiftly make informed decisions to strengthen their security posture.
• Gain control over Azure AD users and their roles. With the detailed information about Azure AD users and roles in Netwrix Auditor X, IT teams can further mitigate the risk of security incidents and prove to auditors that they are following compliance requirements and industry best practices for their cloud users.
• Identify and eliminate security gaps in SharePoint Online. New detailed reports make it easy to spot security risks in SharePoint Online, such as documents that have been shared with external users or that can be accessed by everyone in the organization.
• Know who’s reading sensitive data in SQL Server. Organizations can hold privileged users accountable for improper actions in SQL Server, such as reading information they are not supposed to. As a result, security teams can deter behavior that could lead to data leakage, speed security investigations, and prove to auditors that only authorized users are viewing the confidential content stored in SQL Server.

“Netwrix Auditor has evolved from an Active Directory auditing tool for operational problems into a comprehensive security intelligence solution for issues that are top of mind at the executive level,” said Steve Dickson, CEO of Netwrix. “Over 11,000 organizations around the globe rely on Netwrix Auditor, and with each release, it becomes even simpler to use while further strengthening security. This is how Netwrix is changing the industry — we make powerful data security easy.”

Netwrix Auditor is a security solution that helps organizations detect security threats, prove compliance and increase IT team efficiency. The platform provides security intelligence to minimize IT risks, detect activity that threatens the security of sensitive data and investigate incidents in time to prevent real damage.

Netwrix Auditor X is now globally available. To learn how Netwrix Auditor X can make IT admins into heroes and IT managers into superstars, please visit www.netwrix.com/auditorx.

Related News:

Lack of Budget and Cloud Security Skills are Top Obstacles Keeping Organizations from Protecting Data in the Cloud, According to Netwrix Study

Stealthbits, Now Part of Netwrix, Named to Carahsoft ITES-SW2 Contract to Support U.S. Army Enterprise Infrastructure Goals

The post Speed the Detection of Threats to Sensitive Data and Enhance the Security of Cloud Environments with Netwrix Auditor X appeared first on Digital IT News.

“As the crypto economy continues to become a more important part of our customers’ lives, we want to empower them to mine cryptocurrency with Norton, a brand they trust,” said Vincent Pilette, CEO of NortonLifeLock. “Norton Crypto is yet another innovative example of how we are expanding our Cyber Safety platform to protect our customers’ ever-evolving digital lives.”

For years, many coinminers have had to take risks in their quest for cryptocurrency, disabling their security in order to run coinmining and allowing unvetted code on their machines that could be skimming from their earnings or even planting ransomware. Earnings are commonly stored directly on miners’ hard drives, where their digital wallet could be lost should it fail.

Norton Crypto delivers a secure, reliable way for consumers to mine for Ethereum without opening themselves and their devices up to these pitfalls. Once cryptocurrency has been earned, customers can track and transfer earnings into their Norton Crypto Wallet, which is stored in the cloud so it cannot be lost due to hard drive failure.

“We are proud to be the first consumer Cyber Safety company to offer coinminers the ability to safely and easily turn the idle time on their PCs into an opportunity to earn digital currency,” said Gagan Singh, chief product officer at NortonLifeLock. “With Norton Crypto, our customers can mine for cryptocurrency with just a few clicks, avoiding many barriers to entry in the cryptocurrency ecosystem.”

Norton Crypto is expected to become available to all Norton 360 customers¹ in the coming weeks.

Image licensed by Pexels.com

Related News: 

New Norton 360 App Brings Comprehensive Cyber Safety to Android and iOS Devices

83% Of Respondents Used A QR Code To Process A Payment , But Many Are Unaware Of The Hidden Dangers: Ivanti Research

The post NortonLifeLock Unveils Norton Crypto appeared first on Digital IT News.

Ransomware has been an increasing threat targeting organizations of all sizes. In 2020, 47 percent of cyber insurance claims reported to Coalition were ransomware attacks and targeted businesses of all sizes. The majority of these claims could have been prevented with an EDR solution in place or contained with rapid incident response services.

“The complexity, severity, and frequency of cyber attacks continue to increase. To keep pace, the tools and services we arm our policyholders with need to match this trajectory,” said Matt Dort, Head of Technology Alliances for Coalition. “Partnering with SentinelOne brings scale to our incident response and simplicity to intricate threats.”

“A risk management strategy shouldn’t end with security solution deployment,” said Chuck Fontana, Senior Vice President, Business & Corporate Development for SentinelOne. “The combination of Coalition’s cyber insurance and SentinelOne’s suite of services ensures there are no gaps in an organization’s strategy.”

SentinelOne Singularity XDR, which is a combination of endpoint protection and endpoint detection and response, provides next-gen prevention and EDR capabilities to achieve autonomous protection, visibility, and response at machine speed. SentinelOne recently participated in the MITRE Engenuity evaluation, where it was the only vendor to achieve complete visibility with zero missed detections across both Windows and Linux environments. SentinelOne was also recognized by Gartner as a Leader in the 2021 Magic Quadrant for Endpoint Protection Platforms and received the highest score for all three customer types in Gartner’s Critical Capabilities for Endpoint Protection Platforms report.

Coalition’s unique product and partner offering combines best-in-class cyber insurance and proactive cybersecurity tools to help organizations manage cyber threats and protect the value of their entire business. Its all-new platform, Coalition Control, provides free attack surface monitoring to any organization to help them visualize and mitigate their cyber risk right away. Inside Coalition Control is a robust partner ecosystem that helps prevent incidents from happening, while Coalition’s comprehensive cyber insurance covers the full breadth of cyber peril, including cyber crime, forensics, bodily injury and property damage, and more, to offer support before, during, and after a crisis.

To learn more about Coalition, visit https://www.coalitioninc.com/.

To read more about SentinelOne, visit their blog or website at https://www.sentinelone.com/.

Image licensed by Pixabay.com

Related News:

Zscaler Advances Zero Trust Security for the Digital Business Disrupting Decades of Legacy IT Security and Networking Models

Most Consumers Want Insurers to Handle Personal Cyber Threats as Pandemic Drives Digital Consumption

The post Coalition Partners with SentinelOne to Protect Customers from Ransomware and Cyber Threats appeared first on Digital IT News.

a leader in The Forrester Wave: Zero Trust

The post Palo Alto Networks Introduces Complete Zero Trust Network Security appeared first on Digital IT News.

CREST’s SOC Accreditation is available for both service providers and internal SOCs and was developed with extensive input from CREST members and the wider industry to provide an internationally recognized and independent validation of the SOC. Accreditation demonstrates a high level of assurance and trust. Since its launch at the end of 2017, the CREST SOC Accreditation has seen a significant increase in demand.

CREST has a detailed and comprehensive SOC Assessment Criteria that looks at six key areas of a SOC: Organizational Environment; Customer Requirements; Technology and Tools; Event Analysis; Threat Intelligence & Situational Awareness; and Protecting the SOC. The first stage to accreditation involves completing the application via the CREST Membership Portal, which will ask questions about processes, policies and methodologies. The second stage is the detailed audit conducted by a qualified auditor within six months of the application.

“Even before the pandemic and the additional travel constraints it has brought, high levels of international demand for SOC Accreditation meant we needed to look for a more accessible, flexible and efficient approach to speed up the audit process,” explains Samantha Alexander, Principal Accreditor at CREST. “But we needed to ensure that any solution didn’t impact the very high standards of the audit itself. This remote capability allows the CREST audit team to review documentation, conduct interviews and site tours with the same rigor and attention to detail as an onsite visit.”

CREST will discuss the process with the organization’s SOC team in advance to ensure that all SOC criteria are covered and technology requirements are reviewed to deliver an effective audit. The audit will start with a review of documentation and records, observations of processes and methodologies, interviews with the SOC staff and a remote video tour of the SOC environment. All data and evidence will be noted and included in the final audit report, held under a CREST NDA. More information is available by visiting https://www.crest-approved.org/applying-for-soc-accreditation.

Image licensed by: Pixabay.com

Related News:

Check Point Software’s Mobile Security Report 2021 Shows Almost Every Organization Globally Experienced a Mobile Malware Attack during the Past Year

Survey: 60% of Educational Organizations Hit by Phishing Attacks Targeting Cloud Data, the Highest Result of All Verticals Analyzed

The post CREST Launches Remote Audit Facility for SOC Accreditation appeared first on Digital IT News.

“Managing security and compliance can be a tedious and complex task, which has been further complicated by a flood of single, point products,” said Bryon Miller, CISO and Hosted Portal Lead, ASCENT. “With the ASCENT Security Compliance Portal, organizations can automate their security processes while gaining a single source of compliance truth for visibility into achievements and gaps across leading security frameworks. In a single cloud-based platform, security and compliance teams now have everything they need to manage compliance readiness.”

The new ASCENT Security Compliance Portal automates security program processes, including assessments, policies, plans, and incident response, end-to-end. The new portal also features capabilities for complete vendor management and artifact storage so that companies can simplify their adherence to leading compliance frameworks while retaining regulatory proof to simplify auditing response. Key features of the portal include:

• Security Assessments. Providing the real-time status for any control framework, or multiple control frameworks, ASCENT security assessments provide complete, continuous monitoring of controls to ensure assessments are always current.
• Security and Compliance Calendar. Featuring automated email reminders to control owners, the security and compliance calendar proactively manages and monitors control tasks so last-minute data collection is avoided.
• Risk Assessments. ASCENT provides annual risk assessments for natural, man-made, business, and IT risks, to ensure appropriate mitigation steps can be performed. Once completed, it’s easy to maintain changes and report on real-time status to ensure the risk assessments are current.
• Complete Vendor Management. ASCENT simplifies vendor management processes, automating vendor due diligence assessments where vendors are notified of the need to complete their risk assessment directly within the portal. Vendor contract management features also monitor, manage and alert on renewals and expirations.
• Automated and On-Demand Reporting. ASCENT provides automated weekly reporting and offers customizable on-demand reporting across critical compliance areas including security assessments, security awareness training, outstanding compliance tasks and more.

ASCENT Security Compliance Portal is a multi-tenant solution that offers out-of-the-box compliance framework processes for CIS Top 20, Cybersecurity Assessment Tool (CAT), Cybersecurity Maturity Model Certification (CMMC), FedRAMP, FFIEC, GDPR, HIPAA/HITECH/HITRUST CSF, ISO 27001/27002, NIST (FISMA), PCI-DSS and over 30 additional industry-standard frameworks. The solution is ideal for regulated industries, including financial services, DoD contractors and suppliers, healthcare organizations, law firms and auditing firms as well as the managed services providers (MSPs) that support them to ensure security and compliance practices for their customers.

“GiaSpace has been performing network audits as one-offs for many years, but we were missing a portal that we could use to deliver our Compliance as a Service,” said Robert Giannini, Strategic Technology Consultant, GiaSpace, a managed IT and security services provider. “When the DoD ramped up the intro of CMMC, we put forth a lot of searching for a system that we could use to manage NIST, CMMC, and HIPAA audits. After our initial trial and error, we found the ASCENT Portal. Today we use the ASCENT Portal to manage several multi-tenant audits and the required supporting documentation. I strongly feel this is a system that is going to streamline our efforts in getting DoD contractors CMMC certified and manage those findings in a secure system.”

Available now, the SaaS-based ASCENT Security Compliance Portal pricing starts at $4,800 annually. For more information, visit: www.ascent-portal.com.

Image licensed by: unslpash.com

Related News:

Deloitte Introduces ReadyAI Artificial Intelligence-as-a-Service Solution

BMC Enables Organizations to Develop and Deliver Code Faster

The post ASCENT Launches ASCENT Security Compliance Portal appeared first on Digital IT News.

Return to Work Security Services simplifies the complexities associated with returning to in-person work by empowering organizations to select the technologies and services they need with the agility to adapt to their unique environment as part of their individual plans to return to a physical workspace.

Return to Work Security Services can become part of a smarter and safer employee or visitor experience from entrance to exit, allowing customers to utilize:

• Kiosk-based access screening at employee, visitor, warehouse and plant entrances to facilitate company policies such as wellness screens, automated temperature checks, mask compliance and hand sanitizing – minimizing the need for human contact.
• Personnel density and physical distancing analysis and planning tools to reserve and modify the availability of reservable spaces, such as socially distanced desks, common rooms, warehouse spaces or occupancy-limited meeting rooms to accommodate social distancing protocols based on state and local mandates and compliance requirements determined by the customer.
• Access to analysis and materials that customers may incorporate into their own customized training, adoption and improvement programs and practices to reduce the risk of non-compliance, and access to past visitor logs for quick assessments, all allowing for proactive management of return-to-work challenges.

“As businesses return to the workplace, employers’ top concern is how to bring their staff back safely and address their obligations under various state and other mandates. This is a critical responsibility, now and post-pandemic, and will transform how we work and collaborate in face-to-face environments to help keep everyone at work safe long-term,” said Steven Burger, Vice President, Technology Innovation & New Business Development, Ricoh USA, Inc. “Business continuity measures such as taking preventative screening and distancing measures will remain paramount for the foreseeable future. Return to Work Security Services takes a common-sense, comprehensive approach to addressing the changes necessary for returning to the physical workplace so organizations can focus on recovery, growth and the future.”

Capturing the key attributes of users’ most pressing return-to-work policies and processes, Ricoh’s offering is customized for the specific needs of each customer with data-driven optimization and change management support. Ricoh also provides insights for improvements based on regular review of data analytics that customers may use as part of ongoing compliance programs and as they continue to refine their COVID-19 policies and practices. This latest service complements Ricoh’s existing offerings that address safety needs such as RICOH Intelligent Voice Control, Workplace & Facilities Management Services and more.

Image licensed by Pixabay.com

Related News: 

COVID-19 and the Future of Work: Citrix® Shares Lessons Learned One Year In

IGEL Reports Record Growth Driven by Increasing Global Adoption of Cloud-Delivered Digital Workspaces

The post Ricoh unveils Return to Work Security Services to address security and safety needs in physical workplaces appeared first on Digital IT News.