About Us

Fugue and CWS Team Up to Solve Enterprise Cloud Security Gaps with End-to-End Policy as Code Enforcement

CWS, an IT services firm that helps large, highly regulated companies migrate to the cloud, has teamed up with Fugue, a cloud security SaaS company, to provide developer-first cloud security for mission-critical and time-sensitive cloud deployments. Fugue’s SaaS platform secures cloud infrastructure throughout all stages of the software development life cycle by employing the same infrastructure controls as code checks and the cloud runtime environment. CWS and Fugue have teamed together to focus on delivering safe cloud infrastructure quickly, starting with a large telecoms firm and resulting in a 90 percent faster deployment with half the engineering staff.

“Time and again we see critical cloud initiatives get bogged down in time-consuming enterprise security processes that kill development velocity. After evaluating a number of tools, Fugue was the only one that addressed cloud security end-to-end using the same set of policies, reducing delivery times for security-critical cloud infrastructure from months to days and requiring only a fraction of the engineering investment previously needed,” said Rajat Sharma, founder of CWS.

“Security is the rate-limiting factor for how fast enterprises can go in the cloud, and key to changing this is developer-centric security based on policy as code and automated enforcement.  CWS has a track record of helping engineering teams innovate fast in challenging regulatory environments, and we’re thrilled they’ve chosen Fugue as their platform for operationalizing cloud security across the software development life cycle,” said Josh Stella, co-founder and CEO of Fugue.

Data Theorem Releases Industry’s First Active Protection Suite with Observability and Runtime Defense

Data Theorem, Inc., a global leading provider of modern application security, announced the industry’s first Active Protection package, which includes observability and runtime defense and provides comprehensive security for API, mobile, modern web, cloud, and serverless (Lambda) functions.

To prevent data breaches, organisations today require technologies that are specifically designed for securing modern application stacks. Runtime AppSec technologies in the past (WAFs, RASPs, EDRs) were unable to cover crucial sections of modern application stacks like cloud-native applications. Traditional web application firewalls (WAFs), runtime application self-protection (RASPs), and endpoint detection and response (EDR) agents, these cannot secure serverless applications with APIs, such as AWS Lambda. This is due to the lack of readily available operating systems for agent installation, as well as typical network perimeters with ingress/egress points. Data Theorem’s whole product suite now includes runtime protections and observability, addressing security gaps in modern application exposures typical in cloud-native stacks.

Data Theorem is the first to provide full stack security for current modern apps, starting with the client layer (mobile and web), protecting the network layer (REST and GraphQL APIs), and extending all the way down to the underlying infrastructure (cloud services).

“Data Theorem’s Active Protection is the first in the industry to provide comprehensive security across today’s modern application stacks. Application environments are more dynamic when leveraging cloud services requiring increased telemetry. Organizations need to discover their growing attack surfaces as their cloud adoption grows. We are not aware of any other vendor delivering active protection runtime defenses and observability across cloud-native, mobile, modern web, and serverless applications,” said Doug Dooley, Data Theorem COO.

Data Theorem’s extensive AppSec portfolio secures companies against data breaches with application security testing and protection for modern web frameworks, API-driven microservices, and cloud resources. Its solutions are driven by the company’s award-winning Analyzer Engine, which utilizes a unique sort of dynamic and run-time analysis that is completely implemented into the CI/CD process and allows enterprises to undertake continuous, automated security inspection and remediation.

Its solutions are driven by the company’s award-winning Analyzer Engine, which utilizes a unique sort of dynamic and run-time analysis that is completely implemented into the CI/CD process and allows enterprises to undertake continuous, automated security inspection and remediation.

UL Launches SafeCyber to Protect Connected Devices

UL, a global leader in safety science, announced a new solution SafeCyber Digital Security, a suite of solutions aimed at democratising IoT security and equipping key businesses like device manufacturers, suppliers, and systems integrators to take control of their networked infrastructure. UL’s SafeCyber Digital Security Platform working to mitigate the growing amount of cyberthreats faced by these enterprises, from smart home gadgets and complex medical equipment to advanced automotive and Industry 4.0 technology.

“The proliferation of connected devices has unlocked immense new economic potential, but it has also introduced a flurry of cybersecurity risks that can materially impact businesses. SafeCyber helps organizations holistically understand and assess risk, allowing both new and existing assets to be designed and maintained to conform with the latest cybersecurity legislation and best practices,” said Jukka Makinen, managing director of the Identity Management and Security division at UL.

UL also unveiled its Maturity Path capability as part of the launch, a solution that gives device manufacturers, suppliers, and system integrators with a maturity assessment for linked device security in order to develop long-term product security governance and processes.

In SafeCyber platform, UL also introduced Firmware Check and Field Monitoring features. Firmware Check will provide stakeholders with a security check on firmware implementations that are presently in development, whereas Field Monitoring will allow those companies to run large-scale security checks on firmware that is already in the market.

“For more than 125 years, UL has been a trusted partner helping organizations ensure the safety and compliance of their products and solutions. Today’s launch of SafeCyber marks an important milestone in our long-term vision to develop a best-in-class capability that helps organizations move beyond a compliance mindset, and toward a proactive stance that enables them to actively manage their security posture in what is becoming an increasingly connected, ever-evolving threat landscape,” added Makinen.

SafeCyber’s clients will get immediate access to UL’s Maturity Path, Firmware Check and Field Monitoring. Any connected device stakeholder can begin a free Maturity Path self-assessment as part of UL’s efforts to make best quality product security practises better accessible. 

CrowdStrike Acquires SecureCircle to Extend Zero Trust Data Protection

CrowdStrike Holdings, a leading company in cloud-delivered endpoint and workload protection, announced the acquisition of SecureCircle, a SaaS-based cybersecurity service that extends Zero Trust security to endpoint data. CrowdStrike will strengthen its leading Zero Trust endpoint security device and identity capabilities to incorporate data with this takeover. The all-cash deal is expected to complete in the fourth quarter of CrowdStrike’s fiscal year.

By securing the hub of enterprise risk — the endpoint – CrowdStrike has transformed security for the cloud era. CrowdStrike will enhance data protection with SecureCircle’s technology, allowing customers to implement Zero Trust at the device, identity, and data levels. CrowdStrike intends to resolve complex problem that all organisations face, data protection, with a simple solution – enforcing Zero Trust control at multiple levels, all deployed through CrowdStrike’s lightweight Falcon agent on the endpoint – by combining forces and leveraging SecureCircle’s innovative capabilities.

Zero Trust Data Protection Reimagined

In 2021, the market for data loss prevention (DLP) and related technologies is expected to reach $3 billion. Even billions of dollars are invested in legacy DLP technologies, data breaches via inadvertent leaks, ransomware, sophisticated cyberattacks, and other sources continue to occur at an astonishing speed. Clients demand a solution to protect data without compromising the user experience, as DLP has failed. CrowdStrike promises to rethink data security using SecureCircle’s technology, enforcing encryption on data in all three states (in transit, at rest, and in use), allowing clients to secure data on, from, and to endpoints. Clients will be able to govern data access and usage regulations for each user based on their Zero Trust score when integrated with CrowdStrike Zero Trust Assessment, providing dynamic risk mitigation.

“Data loss prevention has suffered from a lack of innovation and legacy tools have completely failed to live up to the promise of preventing breaches. At the same time, the endpoint has become the focal point for how data is accessed, used, shared and stored,” said George Kurtz, co-founder and chief executive officer of CrowdStrike. “CrowdStrike will be setting a new standard for endpoint-based data protection by connecting Zero Trust enforcement to the device, the user identity and, with this acquisition, the data users are accessing and using.”

Jeff Capone, chief executive officer at SecureCircle said, “We are excited to join the CrowdStrike family, and integrate SecureCircle’s revolutionary data protection solutions with the industry leader in cloud-delivered endpoint protection. The endpoint in today’s enterprise is everything, and coupling our cloud-native approach to protecting sensitive data with CrowdStrike’s industry leading Zero Trust endpoint security will enable customers to enforce Zero Trust on the endpoint across all levels.”

SecureReview Rebrands as SessionGuardian

SecureReview, an industry leader in cybersecurity for distributed workforces, has announced the launch of a new brand name and identity. SessionGuardian will be the firm’s new name, indicating their strong commitment to developing a new global standard for endpoint security. A new logo, brand name, and visual identity are all part of the rebranding.

“After launching the next evolution in remote endpoint cybersecurity, we felt it was the right time for a brand evolution. Our new SessionGuardian.com website and brand identity reflect our industry-leading position and clearly demonstrate the evolution of our endpoint security software and company. Our team is excited to deliver the future of cybersecurity as SessionGuardian,” said Jordan Ellington, founder and CEO of SessionGuardian.

Ellington and his market advisors founded SessionGuardian in 2017 after noticing a significant gap in conventional endpoint security procedures. They introduced software that uses biometric technology to enforce second-by-second facial recognition throughout remote user sessions, from log on to log off, in order to address this widespread threat that end users pose. 

SessionGuardian is better positioned to expand their impact on worldwide cybersecurity landscape with a new identity. They are proud to adopt a name that more precisely and strongly communicates the end-user vulnerability protection they provide.

Kivu and Fortalice partnered to provide cybersecurity services to their joint customers

Kivu Consulting, Inc. and Fortalice Solutions, LLC announced a strategic partnership to provide end-to-end cybersecurity services. These world-class organizations will be able to address rising customers’ demands for numerous cybersecurity areas as a result of their collaboration. Fortalice has  knowledge of offensive cybersecurity, security engineering, open-source intelligence, strategic communications, and risk and compliance experience. Kivu brings decades of experience in incident response, digital forensics, breach cleanup, and managed services to the table.

“Now more than ever, clients need cybersecurity firms to offer ‘best-in-class’ abilities across all their urgent needs. As a women-owned business headed by the first female CIO at the White House under George W. Bush, Fortalice’s excellence in handling incidents from triage to remediation perfectly complements Kivu’s reputation as the ‘go-to’ firm for incident response, post-breach remediation, and managed services,” said Chad Holmes, CEO of Kivu Consulting.

Organizations require advanced, distinct skillsets to plan for, respond to, and recover from breaches as bad actors become more sophisticated. Professionals with diversified and highly specialized backgrounds make up the Fortalice and Kivu Consulting teams. “The professionals at Fortalice and Kivu have spent time reimagining how to provide solutions that meet clients exactly where they are in that moment. Our combined teams bring to the industry some of the globe’s leading expert problem-solvers, many of whom have decades of experience”This combination assures our clients have access to a deeper bench of professionals, all at the top of their game, bringing the highest skill levels to all stages of cybersecurity,” said Theresa Payton, CEO of Fortalice Solutions.

Kivu and Fortalice will collaborate to service clients based on their needs as a result of the partnership. Together, the two companies will provide a broad range of services throughout the breach lifecycle.

ActZero Cybersecurity Startup and Tech Data formed Strategic Partnership

ActZero, a cybersecurity startup whose AI-powered managed detection and response (MDR) solution helps to secure organizations of all sizes, announced a strategic partnership with Tech Data, one of the world’s top technology distributors and solutions aggregators. ActZero and Tech Data intend to work together to help businesses correctly detect, learn from, and prevent emerging security threats.

The ActZero platform brings together next-generation antivirus protection, endpoint detection and response (EDR), and 24/7 automated and managed threat hunting capabilities, all powered by a purpose-built AI engine and provided as a single, cost-effective solution. As a result, ActZero detects and blocks all forms of threats in sub-second response times, from commodity malware to cyberattacks.

Through the IT distributor and solutions aggregator’s global network, the agreement will boost the adoption of ActZero’s unique security platform as part of Tech Data’s edge-to-cloud offering and widen access to superior security for small and mid-size enterprises. Furthermore, this scale enables ActZero’s machine learning engines to benefit from tremendous network effects, which enhance the company’s capacity to detect and contain threats.

“We’re excited to roll out this partnership. Our goal is to democratize cybersecurity for small and mid-size businesses, and Tech Data’s well known distribution platform and industry-leading security expertise unlocks the ability to get ActZero’s superior approach in the hands of more companies,” said John Nurczynski, co-founder and Head of the Summit partnership program at ActZero.

“With year-over-year cybercrime statistics increasing exponentially, making smart investments in security solutions is a no-brainer for businesses grappling with how to handle malware, ransomware and proliferating cyber threats. Adding cybersecurity innovators like ActZero to our portfolio of solutions arms Tech Data customers with critical online security tools so the businesses they serve – especially small and mid-sized companies – are equipped to protect from edge to cloud,” said Tracy Holtz, vice president of security solutions at Tech Data.

DeepSurface Security Announces Endpoint Integration with Microsoft Defender

DeepSurface, the award-winning risk-based vulnerability management platform has integrated with Microsoft Defender for Endpoint. DeepSurface can now automatically accept reports of vulnerabilities, missing patches, and misconfigurations across Microsoft, Linux, and Mac hosts provided by Microsoft Defender for Endpoint. DeepSurface then assesses and ranks vulnerabilities based on the possible risk to the company. Vulnerability management teams can gain comprehensive insight on where their cybersecurity risks are with DeepSurface, allowing them to lower the risk of a cyberattack on their company swiftly.

“Vulnerability Management plays a crucial role in improving an organization’s overall security posture, and Microsoft’s threat and vulnerability management capabilities are a great way for customers to easily add vulnerability data to their threat model. We’re excited to make DeepSurface easy to use for any customers deploying Microsoft Defender for Endpoint. The new integration means companies can implement a cost-effective method of contextual vulnerability prioritization in one easy-to-use interface,” said DeepSurface CTO and co-founder Tim Morgan.

DeepSurface is one of the few vulnerability management systems that take into account more than 50 different environmental factors. User and system account permissions, Active Directory configuration, critical and sensitive assets, installed software, user activity, network access, vulnerability scanner output (from Tenable, Qualys, Microsoft ATP, and Rapid7), and AWS Elastic Compute Cloud (Amazon EC2) attributes are among the items examined. All of these details are utilized to place vulnerabilities (and chains of vulnerabilities) in the context of an organization’s digital infrastructure.

Tomer Teller, principal security program Manager, Microsoft said, “We’re pleased to see DeepSurface integrate with our threat and vulnerability management capabilities in Microsoft Defender for Endpoint because it gives our mutual customers even more flexibility in designing a well-integrated vulnerability management program.”

Nuspire Launches New Managed Endpoint Detection and Response (EDR) Service That Supports Leading EDR Technology Providers

Nuspire, a leading Managed Security Services Provider (MSSP) that is reshaping the cybersecurity experience, introduced its latest managed EDR service, which supports best-in-class EDR technologies from Carbon Black, SentinelOne, and others to help customers manage and automate their EDR solutions.

“As organizations shifted to remote work last year, there was a rush to get EDR technology solutions. More recently, organizations have recognized how essential the right skills and staff are to managing and monitoring them. This announcement underscores the ability to support clients that have Carbon Black, SentinelOne and/or other leading solutions while also providing clients with full visibility and response through one tool – myNuspire. It is designed for the security professional who wants to measure and improve their security program,” said Jyothish Varma, Nuspire Vice President of Product Management.

When clients have limited resources, 24×7 time, or knowledge to operate or monitor their EDR technology, Nuspire’s EDR solution provides SOC as a Service (SoCaas). Nuspire’s security professionals respond to issues automatically, assist clients in determining which technology best meets their organization’s objectives, and provide full insight into their security program through a single tool.

GroupSense and Airgap Partnership to Help Companies Defend Against Ransomware Attacks

GroupSense, a digital risk protection services company and Airgap, a cybersecurity vendor of the industry’s first agentless Ransomware Kill SwitchTM, announced a collaboration to assist clients prepare for and protect against ransomware attacks. Clients can microsegment their networks to automatically stop the spread of ransomware during the incident mitigation lifecycle and have a detailed and tested ransomware “playbook” for mitigating the damage caused by these cyberattacks by integrating GroupSense’s Ransomware Response Readiness Subscription (R3S) service offering with Airgap’s Ransomware Kill SwitchTM annual SaaS subscription.

The R3S service offering from GroupSense is supported by the company’s cyber intelligence team of ransomware professionals and includes three main features: an executive strategy session, a ransomware playbook that includes business, legal, and finance stakeholders, and 24/7 priority on call ransomware incident support with the negotiation process and cryptocurrency settlements.

Developed on Airgap’s Zero Trust Isolation platform, the Ransomware Kill Switch is a one-click switch that quickly stops all lateral data channels, lowering the attack surface to a single endpoint. Companies can also use the technology for post-exfiltration attack surface control and reporting. The partnership provides end-to-end cyber risk mitigation, placing control back in the hands of enterprise firms under attack and assisting them in reducing any negative effects on their operations.er

“Defending against and mitigating the damage from attacks has never been more critical as the ransomware epidemic continues to rage. By joining forces with GroupSense, we’re providing customers with a powerful, one-click solution for ransomware response, including the technical capability to kill the spread of ransomware instantly,” said Airgap CEO Ritesh Agrawal.

“Many companies think they’re prepared for a ransomware attack because they have a generic incident response plan, but that is just a false sense of security. Ransomware prevention needs to have a specific plan in place that includes a response playbook, so companies know exactly what protocol to follow as well as the technologies required to thwart any incoming attacks. That is why our partnership with Airgap is so important, because it combines these two key prevention areas for our customers, giving them the best protection possible against ransomware attacks.,” said Kurtis Minder, co-founder and CEO of GroupSense.