About Us

Akamai introduced Linode Managed Database for Developers

Akamai Linode Managed Database simplifies database deployment by assisting developers in reducing risk, improving efficiency, and reducing the complexity associated with manually managing production database clusters. Akamai Technologies introduced its database service powered by Linode that supports MySQL, PostgreSQL, Redis, and MongoDB.

Will Charnock, Senior Director of Engineering at Akamai stated, “Every web application needs a database. Being able to automate aspects of database management is critical for applications that need to be scalable, highly performant, and resilient. Linode Managed Database continues the important work, which began with Linode Kubernetes Engine – our managed Kubernetes service – of supporting developers, businesses, and partners by managing the day-to-day tasks of mission-critical components of their applications, allowing them to focus more on innovation and less on daily infrastructure management. With the click of a button, developers can have a fully managed database deployed and ready to be populated.”

Databases are the most crucial facet of any application but managing them manually is a time-consuming and resource-intensive process.  Akamai Linode Managed Database service can allocate common deployment and maintenance tasks to Linode and select highly available configurations to ensure that database performance and uptime are never compromised. As a result, deploying applications requires less hands-on management expertise and has a lower risk of downtime when compared to manual management.

Linode customers have frequently sought the need for managed databases. Following the acquisition of Linode in March of this year, Akamai’s first product launch in its compute line of business is the Linode Managed Database service, reinforcing its mission to develop the world’s most powerful and distributed compute platform from the cloud to the edge.

Akamai will initially offer Linode Managed Database for MySQL in all of Linode’s 11 global data centers, with PostgreSQL, Redis, and MongoDB support coming in the second quarter of 2022. Customers can take advantage of features such as flat-rate costing, security and recovery measures, flexible deployment options, and high availability cluster options with each supported managed database.

Read more articles:

Integrated Risk Management Platform

BreachBits Launches BreachRisk

Vicarius Launched Nmap Scan Analysis to Identify High-risk Assets

Vicarius Nmap Scan Analysis is the most versatile tool for port scanning, network discovery, and security auditing. Nmap helps security and IT professionals determine which hosts are available, what services they offer, what operating systems are in use, and what software versions are installed on each host. Vicarius is offering Nmap Scan Analysis services for free to help security professionals, IT administrators, and pen-testers who use Nmap with vulnerability assessment, prioritization, and remediation.

Michael Assraf, CEO of Vicarius stated, “We’ve long believed in the value of open-source projects and the community that supports them. This is an exciting way for us to give back and contribute to the Nmap legacy. With our integrated analysis, we are putting more resources and sound decision making in the hands of system and network administrators and leading the way for democratizing security tools.”

Nmap is praised by network administrators for its pace, flexibility, and performance. The scan results can be difficult to interpret, particularly as the network’s scope grows. Vicarius hopes to enhance what is already one of the most valued resources in the security community by providing comprehensive data visualization.

Users can import an XML file of a Nmap scan result directly into the Vicarius TOPIA dashboard using Nmap Scan Analysis. Following the completion of the analysis, users are presented with a comprehensive and visually coherent interpretation of their results, which includes open ports, services, operating systems, and detected CVEs. The tool is available for free on the company’s website.

Vicarius has made its Nmap scripts available to the public via its Github repository. Vicarius engineers will push code updates and new features directly to the open-source project, ensuring that enhancements are always available. Nmap users can expect improved precision, dynamically updated CVE content, and daily CVE updates. The company has also set up a Research Center, which offers free and unlimited access to the world’s CVE database, as well as information on vulnerable apps and operating systems.

Read more articles:

Integrated Risk Management Platforms – All You Need to Know

LexisNexis Announced LexisNexis AmplifyId to Boost Identity Management

LexisNexis AmplifyID improves identity management across critical agency tasks, from benefits access to beneficiary enrolment. AmplifyID is a reliable and secure platform, and it offers improved coordination of services, fraud prevention, program integrity, policy comprehension, and decision-making. 

LexisNexis Risk Solutions developed the LexisNexis AmplifyID platform to help federal, state, and local governments ensure equitable access and fraud prevention. A comprehensive understanding of the individuals and families served by public benefits programs is required. The government agencies are tasked to balance user-friendly access to critical services quickly and accurately while maintaining privacy, security, and fraud mitigation.

Haywood Talcove, CEO Government, LexisNexis Risk Solutions said, “In our communities, successful outcomes are driven by connection not division. Data is no different. Silos are purpose-built for grain, not people. Eliminating the huge backlog agencies are facing in unemployment insurance distribution is just one of the ways this new solution will prove invaluable for government agencies. The power of AmplifyID to create cross-agency visibility, coordination, and trust is truly innovative and we are incredibly excited by the potential of this person-centered platform to bring agencies and people together.”

The AmplifyID platform combines government program data with unique identifying information to produce person-centred analytics and visualizations that help government decision making. The result is a best-in-class identity view tailored to government agencies looking to modernize and scale their approach to helping underserved populations. AmplifyID is a module-based platform that addresses government identity concerns with its two significant services LexisNexis AmplifyID Identity Risk Navigator and LexisNexis AmplifyID Master Person Index.

AmplifyID Master Person Index provides a consistent view of an individual to government agencies, allowing for data sharing and care coordination across programs. It also gives government organizations the ability to comprehend important identity insights, such as regularly updated contact and demographic data, as well as clinically proven socioeconomic determinants of health.

AmplifyID Identity Risk Navigator increases fraud protection by combining and integrating data from different sources, including internal agency information and donated identity intelligence from throughout the government, to guard against the full range of existing and emerging identity fraud threats. The importance of shared intelligence cannot be overstated. It provides authorities with a much more comprehensive view of known fraudulent identities, habits, and fraud schemes. The advantages of such scrutiny are substantial.

Read more articles:

Identity and Access Management – All You Need to Know

Enterprise Fraud Management – An Overview

WhiteSource Launched Spring4Shell Detect

WhiteSource Spring4Shell Detect, a free command-line interface (CLI) tool that swiftly searches projects for susceptible open-source libraries for CVE-2022-22965, also known as Spring4Shell, was released today by WhiteSource, a leader in application security. Spring4Shell is a remote code execution (RCE) vulnerability in Spring, one of the most widely used open-source Java frameworks today. While we are still learning about this vulnerability, its impact is anticipated to be comparable to that of Log4j, and it has a severity level of 9.8. WhiteSource’s free developer tool, which is currently accessible on GitHub, gives developers the exact path to direct and indirect dependencies, as well as the patched version, so they can fix them quickly.

Increasing the possibility of global prevalence and risks because of this zero-day vulnerability, WhiteSource advises companies to take the following steps to resolve and avoid future incidents:

  • Upgrade to the most recent version of Spring Framework if you have any vulnerable versions. Use tools like WhiteSource Renovate to update your libraries automatically with the most recent updates.
  • Inventory your whole program list to find all CVE-2022-22965 instances. WhiteSource’s free detection tool can help with this.
  • For each program in your environment, create a software bill of materials (SBOM). An SBOM gives you access to your whole software attack surface, including direct and indirect dependencies, and allows you to respond fast to vulnerability announcements.

The CEO at WhiteSource, Rami Sass, stated, “Organizations and security teams must approach Spring4Shell with the same attention and urgency they did with the recent Log4j vulnerability. This vulnerability highlights the importance of a proactive approach to software security and the need for more automated application security to be baked into the development lifecycle. Ensure you are handling your technical debt, and update.”

With over several downloads, WhiteSource Renovate automatically uploads prerequisites and has found and mitigated the Spring4Shell vulnerability for large numbers of businesses.

What is UEBA ?

Advanced cyberattacks and persistent vulnerabilities to your business frequently rely on compromised credentials or coercion of people to do actions that vandalize enterprise security. To detect these types of threats, you’ll need a robust solution that allows analysts to swiftly distinguish between regular and unusual network behavior. The UEBA module has the fastest time-to-value in the industry, allowing for same-day deployment and quick insights.

User and Entity Behavior Analytics (UEBA) is the application of machine learning and security research to discover when users or entities are engaging in unusual and unsafe ways. It tracks users’ interactions with data, systems, and apps to identify and attribute threats so that security analysts can respond swiftly. UEBA uses comprehensive context information to enrich security data. Context data improves event detection accuracy, decreases false positives, and allows for context-based searching and threat hunting. Machine learning, behavioral analytics, and threat modeling are all used by UEBA’s analytics engine to detect your top threats. As a result, analysts are continually on the lookout for your most critical security incidents.

According to Infosecurity Outlook, people have specified patterns of behavior, and behavioral analytics is about how we take those patterns and start to extract usable information from them.

UEBA is being adopted by businesses to bring advanced analytics and machine learning capabilities to their IT security arsenal. UEBA solutions recognize patterns in regular user behavior and identify anomalous behaviors that do not match those patterns and may be linked to security events.

Organizations utilize UEBA technologies to increase efficiency and risk management while minimizing financial and reputational loss. They bring value by allowing firms to prevent attacks, particularly those that originate from within the network, detect breaches more quickly to decrease exposure, and mitigate the damage caused by cyber threats. Organizations would be able to detect and respond to threats more quickly and easily if they used such technologies. Customers and business partners will trust organizations that use effective security and risk management strategies and processes. As a result, they can serve as a business enabler, assisting firms in meeting their data privacy and security obligations, as well as compliance goals.

Some of the Essential Features of UEBA that you should know are;

  • Connects security information to identity and entity context.
  • UEBA uses machine learning to provide powerful behavior analytics.
  • Reduces false positives by analyzing the context of user, object activities and security events.
  • Threat chains automate machine learning and analytics processes, reducing the time to detect and respond to threats.
  • UEBA covers a variety of use cases for detecting cyber threats, fraud, non-compliance, and attacks from both inside and outside the company.

Security solutions like UEBA, which were once viewed solely as a means of lowering possible financial losses and increasing productivity, are now seen as a means of enabling a business. Organizations may better prioritize their investments to improve their overall security posture and enable them to satisfy privacy and compliance objectives by understanding what people are doing and how they interact with applications and data. Customers and business partners trust organizations that use effective security and risk management strategies and processes. Thus, they can serve as a business enabler, supporting firms in meeting their data privacy and security obligations, as well as compliance goals.

How expensive is Insider Threat?

Proofpoint published a report on the costs and trends associated with negligent, compromised, and malicious insiders. Notably, impacted organizations spent an average of $15.4 million per year on overall insider threat remediation and took 85 days to control each incident.

According to the report, the frequency and costs associated with insider threats have increased dramatically over the last two years across all three insider threat categories, which include: careless or inattentive employees/contractors, illegal or malicious insiders, and cybercriminal credential theft.

EVP of cybersecurity strategy at Proofpoint, Ryan Kalember says, “Months of sustained remote and hybrid working leading up to “The Great Resignation” has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them.”

“In addition, organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure. With people now the new perimeter, we recommend layered defenses, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of risks.”

Action1 Partnered With Brigantia To Provide Real-Time Visibility And Security Risk Mitigation

Action1 Corporation, the provider of the simple and secure remote monitoring and management (RMM) cloud platform has announced a partnership with Brigantia.  Through enhanced remote IT administration, the alliance will enable local managed service providers (MSPs) to improve their business performance by assuring secure and efficient operations for their clients.

Brigantia is a managed services channel distributor that offers a full suite of cybersecurity solutions, as well as secure, enterprise-class data communications and cloud services. Brigantia is based in Ripon, North Yorkshire, and works with hundreds of channel partners throughout the United Kingdom and Ireland. Brigantia can now address local MSP demand for a modern, secure, and easy-to-use cloud RMM solution with the addition of Action1 RMM to its portfolio.

“Brigantia take great pride in helping next-generation vendors break into the UK and Ireland MSP channel markets, and Action1 RMM is a true disruptor in what has been a rather stale RMM space,” said Angus Shaw, Sales Director at Brigantia. “This cloud-based platform enables MSPs to mitigate security risks for their clients, manage their endpoints, comply with security standards, and support users — from anywhere. It is an exciting addition to our portfolio in a space that is crying out for innovation, and we are looking forward to introducing Action1 RMM to our channel community throughout 2022 and beyond.”

“We are excited to expand our distribution footprint in the UK with such a strong market player as Brigantia,” said Alex Vovk, CEO and co-founder of Action1. “This partnership will help meet market demand for a modern cloud-based RMM solution that empowers IT service providers to effectively secure and support today’s hybrid workforces.”

Castellan’s The New Crisis Management Module Allows Holistic Resilience Management

Castellan Solutions, a leading firm providing resilience management solutions, announced the launch of its new Crisis Management module, which enables companies to act quickly and effectively in the crucial times following the onset of a business disruption.

The risk landscape has evolved, and business as usual is being called into question on a daily basis. As supply chain disruptions continue and cyber attacks grow in magnitude and frequency, the question is no longer whether disruption will occur, but when.

Organizations can integrate better and optimise readiness activities (operational resilience, disaster recovery, business continuity, and compliance planning) and response activities (crisis/incident management and emergency notification) to reduce the impact of business disruptions affecting their people, consumers, reputation, and revenue by taking a holistic approach to risk management through resilience management.

Castellan’s SaaS platform provides a fully integrated solutions can help users to analyse and prioritise risk, develop actionable response and recovery plans, interact with colleagues through multiple channels, stress test plans using possible scenarios, and rapidly mobilise response teams in the critical moments of an incident occurring – all from a single platform.

The Crisis Management module fully integrates with Castellan’s multi-modal emergency notification capability, allowing organisations to communicate and manage an incident with confidence through:

Task Management: Activate plans and drive accountability with interactive task management and tracking, with an ability to assign ad hoc tasks based on the unique nature of the incident.

Encrypted Chat: Collaborate securely across teams with encrypted chat inside each incident, even if normal channels are compromised.

Mobile Functionality: Drive all response coordination, from incident creation to task management, straight from your mobile device.

Executive Dashboards: Provide real-time updates on the situation and the overall response.

“To confidently achieve the right level of resilience, organizations must work to close high priority vulnerabilities and build a world-class response capability “The innovation and expansion of our SaaS platform paired with our consulting and managed services enables our clients and partners to manage their response to multiple, simultaneous threats with ease,” said Jon Ezrine, CEO of Castellan Solutions.

Resilience Raised $80 Million In Series C Round

Resilience, a leading cyber insurance and security solutions firm, announced the completion of  $80 million Series C funding round led by General Catalyst and Corey Thomas of Rapid7, with participation from Founders Fund, Charles River Ventures, Lightspeed Venture Partners, Shield Capital, and Intact Ventures.

The investment comes as Resilience moves forward with plans for mid market expansion and international expansion. Middle-market businesses – manufacturing, universities, agriculture, hospitals, and construction – are the backbone of the American economy. As ransomware attacks are rising, the hardened cyber insurance market has allowed newcomers with a fresh perspective to make it to the top.

“We took a deliberate approach entering the middle market. Our clients are discerning buyers with sophisticated infrastructure. We proactively connect their security posture with their insurance policy, not as vendors, but as partners. That personal, integrated approach of transparency and action is what makes us so. This funding round signals that the market is ready for our insure + secure model different,” said Vishaal “V8” Hariprasad, CEO of Resilience.

Resilience has created an Insure + Secure business model that offers its clients with both tailored insurance and security solutions. From risk assessment to post-bind vulnerability monitoring, a team of in-house security engineers works with clients.

“Resilience is building the leading cyber risk and response platform for the insurance industry, helping mid-market enterprises identify and integrate the best insurance and security solutions for their business needs. It’s more than risk mitigation – it’s bespoke security solutions combined with an insurance policy that provides clarity and certainty. General Catalyst is proud to co-lead this funding round with Corey Thomas as we believe Resilience’s integrated model is the future of cyber risk,” said David Fialkow, Managing Partner and Founder at General Catalyst.  

“Resilience’s expertise, combined with an innovative approach to cyber risk, deliver unparalleled value for clients. The team has seen tremendous progress in the past year, setting the course for responsible and profitable growth. Intact Insurance Specialty Solutions is pleased to be a carrier partner,” said Michael Miller, CEO, Global Specialty Lines, Intact.

“At Intact Ventures, we are thrilled to increase the size of our commitment and to invest in a world-class team building a category-defining business,” said Justin Smith-Lorenzetti, Intact Ventures.

This financing enables Resilience to accelerate delivery of Insure + Secure solutions more broadly in North America and now globally.

Zyxel Communications And SEC Consult Formed Partnership To Improve Cybersecurity

Zyxel Communications today announced a partnership with SEC Consult, a leading consultancy in cyber- and application security. The collaboration between the two companies will further strengthen Zyxel’s cybersecurity strategy by expediting and optimizing the ability to respond to threats and vulnerabilities posed by increasingly-complex and ever-evolving cybersecurity threats.

Zyxel Communications announced a partnership with SEC Consult, a prominent cyber- and application security firm. The partnership will boost Zyxel’s cybersecurity strategy by accelerating and improving the company’s capabilities to respond to risks and vulnerabilities caused by incredibly challenging and ever-evolving cybersecurity threats.

End-users are heavily dependant on information-sensitive online services as digitization pervades daily life and online communications tools become crucial for many services. As a result, leading internet service providers are placing an even greater emphasis on network security.

Ensuring a secure development and software architecture

To maintain the highest level of product security, Zyxel, a prominent broadband access provider, has a thorough security strategy and already employs a dedicated security team. The partnership with SEC Consult is aimed at addressing the problems that software-driven products can cause by exposing the network to unidentified security vulnerabilities. The firms collaborated to perform a thorough organisational and technological review that will result in an overall optimization of Zyxel’s safe software development process and security verification methods, with the goal of detecting and eliminating potential security risks.

SEC Consult also did a vulnerability assessment, which included a look into the software for a few Zyxel devices. The assessment’s findings were given to Zyxel’s specialised security team as input for a secure development and software architecture.

SEC Consult will now assist Zyxel in implementing a firmware security analysis platform as a regular security review mechanism in order to automate the security analysis method in the long run.

Raising the overall security level

“Cybersecurity should be considered from the very beginning. It is important to cooperate as early as possible in the value chain, starting with the manufacturers. Additionally, continuous improvement and regular assessments are just as important as the sustainable creation of security awareness in the company. We are proud that our company is supporting Zyxel to prevent, handle, and manage security vulnerabilities more efficiently in the future,” says Wolfgang Baumgartner, General Manager SEC Consult Group.

“The cooperation with SEC Consult will help us to reinforce our security awareness among employees through well-designed training programs. We expect to escalate our product security level through proactive vulnerability prevention,” said Gavin Yeh, Senior Director, EMEA CPE SBU at Zyxel.