About Us

Action1 Partnered With Brigantia To Provide Real-Time Visibility And Security Risk Mitigation

Action1 Corporation, the provider of the simple and secure remote monitoring and management (RMM) cloud platform has announced a partnership with Brigantia.  Through enhanced remote IT administration, the alliance will enable local managed service providers (MSPs) to improve their business performance by assuring secure and efficient operations for their clients.

Brigantia is a managed services channel distributor that offers a full suite of cybersecurity solutions, as well as secure, enterprise-class data communications and cloud services. Brigantia is based in Ripon, North Yorkshire, and works with hundreds of channel partners throughout the United Kingdom and Ireland. Brigantia can now address local MSP demand for a modern, secure, and easy-to-use cloud RMM solution with the addition of Action1 RMM to its portfolio.

“Brigantia take great pride in helping next-generation vendors break into the UK and Ireland MSP channel markets, and Action1 RMM is a true disruptor in what has been a rather stale RMM space,” said Angus Shaw, Sales Director at Brigantia. “This cloud-based platform enables MSPs to mitigate security risks for their clients, manage their endpoints, comply with security standards, and support users — from anywhere. It is an exciting addition to our portfolio in a space that is crying out for innovation, and we are looking forward to introducing Action1 RMM to our channel community throughout 2022 and beyond.”

“We are excited to expand our distribution footprint in the UK with such a strong market player as Brigantia,” said Alex Vovk, CEO and co-founder of Action1. “This partnership will help meet market demand for a modern cloud-based RMM solution that empowers IT service providers to effectively secure and support today’s hybrid workforces.”

Immersive Labs Acquires Snap Labs To Improve Cyber Simulations With New Depth And Realism

Immersive Labs, the firm empowering enterprises to constantly monitor and optimise their whole workforce’s cyber capabilities, announced the acquisition of Snap Labs. The deal gives enterprises seeking to enhance their cyber knowledge, skills, and decisions, allowing them to create multi-player simulations tailored to certain situations and roles.

The acquisition emphasizes the importance of developing human capabilities that represent the unique characteristics of each firm, from executive to technical teams. Cyber risk is effectively mitigated by gaining cyber knowledge, skills, and judgement customized to individual elements such as technical environments and regulatory requirements.

Clients will be able to run labs and cyber crisis practices in a cloud-based replica of their own business with specific vendors using the newly integrated platform. This also gives technical teams the chance to collaborate in a large virtual environment as part of larger exercises including executive decision-makers.

When combined with the rest of the Immersive Labs platform, enterprises will be able to build a continuous cycle of human cyber capacity improvement. The cyber knowledge, skills, and judgement of the entire staff can keep pace with risk, empowering them to be employed strategically for the first time, with frequent exercising and evidencing against internal and anonymised peer benchmark data.

“From day one we have believed in the power of immersive experiences. Whether you are a CEO wrestling with the wicked problems of a cyber crisis exercise or a malware analyst decompiling the latest APT, nothing is better for building and evidencing cyber knowledge, skills and judgement,” said James Hadley, CEO of Immersive Labs.   

“The acquisition of Snap Labs doubles down on this, allowing customers to build better cyber workforces with richly detailed realistic experiences pinpointed to the risk they face. We welcome the team to Immersive Labs and look forward to building on our joint vision together.”  

Chris Myers, Co-Founder, said, “Snap Labs has always strived to provide the most realistic environments and training experiences for cybersecurity teams. Immersive Labs’ vision to build cyber knowledge, skills, and judgement across the entire workforce is remarkably aligned with our own, and we’re extremely excited to bring our technology into their platform. The two platforms are a natural fit, and by combining them we hope to help our customers build even more resilience against cyber threats.” 

Zyxel Communications And SEC Consult Formed Partnership To Improve Cybersecurity

Zyxel Communications today announced a partnership with SEC Consult, a leading consultancy in cyber- and application security. The collaboration between the two companies will further strengthen Zyxel’s cybersecurity strategy by expediting and optimizing the ability to respond to threats and vulnerabilities posed by increasingly-complex and ever-evolving cybersecurity threats.

Zyxel Communications announced a partnership with SEC Consult, a prominent cyber- and application security firm. The partnership will boost Zyxel’s cybersecurity strategy by accelerating and improving the company’s capabilities to respond to risks and vulnerabilities caused by incredibly challenging and ever-evolving cybersecurity threats.

End-users are heavily dependant on information-sensitive online services as digitization pervades daily life and online communications tools become crucial for many services. As a result, leading internet service providers are placing an even greater emphasis on network security.

Ensuring a secure development and software architecture

To maintain the highest level of product security, Zyxel, a prominent broadband access provider, has a thorough security strategy and already employs a dedicated security team. The partnership with SEC Consult is aimed at addressing the problems that software-driven products can cause by exposing the network to unidentified security vulnerabilities. The firms collaborated to perform a thorough organisational and technological review that will result in an overall optimization of Zyxel’s safe software development process and security verification methods, with the goal of detecting and eliminating potential security risks.

SEC Consult also did a vulnerability assessment, which included a look into the software for a few Zyxel devices. The assessment’s findings were given to Zyxel’s specialised security team as input for a secure development and software architecture.

SEC Consult will now assist Zyxel in implementing a firmware security analysis platform as a regular security review mechanism in order to automate the security analysis method in the long run.

Raising the overall security level

“Cybersecurity should be considered from the very beginning. It is important to cooperate as early as possible in the value chain, starting with the manufacturers. Additionally, continuous improvement and regular assessments are just as important as the sustainable creation of security awareness in the company. We are proud that our company is supporting Zyxel to prevent, handle, and manage security vulnerabilities more efficiently in the future,” says Wolfgang Baumgartner, General Manager SEC Consult Group.

“The cooperation with SEC Consult will help us to reinforce our security awareness among employees through well-designed training programs. We expect to escalate our product security level through proactive vulnerability prevention,” said Gavin Yeh, Senior Director, EMEA CPE SBU at Zyxel.

Huntsman Security Introduced SmartCheck for Ransomware

Huntsman Security introduced new solution SmartCheck for Ransomware, an automated, on-demand diagnostic application developed to analyse the risk of a ransomware outbreak. The application captures data directly from security activities in order to report on an organization’s security posture in comparison to a set of security measures. These measures are similar to those recently recommended by the UK National Cyber Security Centre (NCSC) and the US National Institute of Science and Technology (NIST), and will provide users with assurance that they are adhering to known cyber security best practice.

SmartCheck for Ransomware tests an organization’s ransomware readiness quickly and effectively, providing a numeric score for each of the 12 security controls. As a result, companies can findout their risk exposure and modify any security policies that are needed to enhance their security posture and ransomware preparation. At the same time, the verifiable report gives higher security trust levels to third parties, such as insurers or potential partners, at a time when supply chain security is a big issue.

“To protect against ransomware and effectively manage their security risks, it is vital that senior executives have clear visibility of their cyber posture. This goes beyond annual audits to having the relevant information available whenever the organisation needs it – whether to modify security settings to improve readiness; or to verify their posture to partners or insurers. By making assessments automated and in line with established best practice, we have given organisations access to reliable security information that they can use with confidence to improve their risk management processes,” said Peter Woollacott, CEO, Huntsman Security.

SmartCheck for Ransomware is developed with much the same precision and reliability as Huntsman Security’s other defence-grade SIEM and Scorecard products, and is meant to be simple to install and use. It assesses the effectiveness of important cyber-attack prevention, containment, and restoration mitigation tactics across the course of a cyber-attack.

“As the threat of ransomware grows everywhere, organisations need to regularly assess their state of readiness. With insurers such as AIG tightening terms and raising premiums in response to the ransomware threat, organisations that can’t demonstrate adequate security precautions will find insurance terms increasingly difficult to negotiate. At the same time, organisations need to take steps to ensure that ransomware will not disrupt their operations or those of their supply chains – making assessing partners’ security posture just as important as assessing their own. Updating ransomware risk management efforts to include SmartCheck for Ransomware to better address their ever changing risk environment will put organisations in a much better position to combat the threat of ransomware,” said Woollacott.

Entreda Acquires Privva, an Innovative Provider of Cloud-Based Supply Chain Risk Management Software

Entreda, the leading cyber security company offering cyber security training to the independent financial advice industry and a wholly owned subsidiary of Smarsh announced the acquisition of Privva. The Cloud-based Platform of Privva enables organisations to carry cyber risk evaluations in order to manage third party vendors and internal risks.

The acquisition strengthens Entreda’s relationship with Privva as strategic partners. The products and services of Entreda help mitigate the risk of breaches of IT systems and networks. In the meantime, Privva’s provides help to companies to assess their vendors and suppliers’ cyber security preparation. Entreda and Privva will create a more streamlined and integrated offering that allows customers to do business with greater trust.

Privva’s game-changing technology enables regulated organizations, including wealth management firms, to identify and mitigate vulnerabilities in the cybersecurity posture of their third-party vendors and suppliers and do so in a streamlined, automated way. Firms can never be too sure about the cyber hygiene of partners, no matter how familiar they believe they are. They owe it to themselves and their clients to offer a greater level of security, and Privva’s solution offers just that,” said Sid Yenamandra, CEO and founder of Entreda.

Going forward, Privva will do business under the Entreda brand, and Founder and CEO Ishan Girdhar will continue to lead the Privva organization, reporting to Mr. Yenamandra.

“It’s a great honor and pleasure to join Entreda, a Smarsh company and cybersecurity leader in the wealth management space, whose track record of protecting client firms’ sensitive data speaks for itself. Privva and Entreda have worked together for nearly two years implementing Privva’s solution into some of the largest wealth management firms’ platforms. The opportunity to fully integrate with Sid and his team was ideal, as the combined entity will enable both of us to serve firms even more effectively,” said Mr. Girdhar.

“The closer integration of the Entreda and Privva platforms will enhance Advisor Group’s ability to perform cyber risk assessments of thousands of advisors and branch offices in our network and protect them – along with their clients,” said Jon DeLaCastro, VP of Security Assurance, Governance, Risk & Compliance, for Advisor Group.

Sid Yenamandra said, “With the advent of remote work and cloud apps, wealth firms and advisors are relying on tools from third-party vendors more than ever before. Combined with and integrated into our Unify platform, Privva’s proprietary risk scoring methodology will ensure that our client firms can do business with their suppliers, knowing that their data is well protected.”

Entreda is the leading provider of cybersecurity in the field of wealth management with over 300 companies. Entreda will expand its presence beyond its conventional markets by adding Privva’s customers to financial services, law, technology and healthcare services.

NetSPI’s Penetration Testing and Vulnerability Management Platform now includes risk scoring

NetSPI, the industry leader in organizational penetration testing and attack surface management, has added risk scoring to its ResolveTM vulnerability management and penetration testing platform. NetSPI’s risk score intelligence in combination with Penetration Testing as a Service (PTaaS) assists clients in prioritizing, managing and remediating the vulnerabilities that pose the highest risk to their firm.

NetSPI’s new risk scoring features dynamical  integration into PTaaS to deliver both a detailed vulnerability risk score and an aggregate risk score for a firm’s projects, assets, apps, and networks. NetSPI customers who use its penetration testing services have access to risk scoring. NetSPI clients can safely dedicate funds and resources to the most critical vulnerabilities by using risk rating.

The risk scores are used as a quantitative assessment for risk reduction over time, validation of cybersecurity expenditures, resource allocation, and benchmarking in the industry. With NetSPI’s risk score, organizations can appropriately prioritize vulnerability patching by taking into account business context and the threat landscape.

“There are varying approaches to assigning vulnerability severity, but risk today extends far beyond individual vulnerabilities. The key is to recognize the risks most likely to disrupt the business, identify the threats that would increase those risks, and prioritize the most appropriate mitigations to protect your organization from those threats. NetSPI’s risk scoring does just that,” said Jake Reynolds, Head of Product at NetSPI.

“Reactive cybersecurity is a thing of the past. Security leaders must get proactive and take a risk-based approach to stay ahead of today’s adversaries. Our risk scores enable NetSPI clients to make proactive security decisions based on their unique risk factors. In other words, it allows them to confidently allocate budget and resources to the vulnerabilities that matter most,” said NetSPI President and CEO Aaron Shilts.

Distributed Denial of Service (DDoS) – Everything You Need to Know

A Distributed Denial of Service (DDoS) is a cyber-attack in which the attackers seek to make an online service unavailable by overwhelming it with traffic from multiple sources. DDoS attacks account for a significant portion of security threats and latest attacks have been larger and more complex than ever before. Research firms are expecting the DDoS attack prevention market to grow 20% every year.

The Basic steps in DDoS are-

1) Detection – The DDoS attack detection involves identification of deviations in traffic flow from a normal to high traffic based on parameters like IP address, bandwidth, etc. The wide-global distribution of attacking sources makes it extremely hard for organizations to recognize real client traffic from attack traffic spread across many points of origin. DDoS detection is the key to quickly stop or mitigate attack and to do these two factors- 1) Speed of detection and 2) Accuracy of detection, play an important role.

2) Decision – Traffic is rerouted away from its target organization using DNS (Domain Name System) or other techniques and a decision must be taken whether to filter it or discard it completely. Discarding traffic completely affects an organization’s customers.

3) Analysis and Adaption – Analytics helps to gather and analyze information about the attack specific patterns such as repeating IP address range, certain processes misused. Security analytics techniques can provide a detailed comprehensive overview of attack traffic and instant understanding of attack. This information can be used to create new robust system and adapt to enhance future attack prevention.

Risk involved in DDoS attack for an Enterprise

DDoS attacks on an organization’s online service or website are time-consuming and expensive. Maximum organizations don’t have experience and technical experts to prevent DDoS attack. These attacks take down an enterprise firm in few minutes and the recovery process take several hours or weeks. An Organization’s network infrastructure comprises of a number of servers, computers and other IT assets. These may include web servers, FTP servers, email servers, ERP or CRM platforms. In a DDoS attack they are targeted resulting in downtime of organization’s business. The negative impact of such downtime can be felt by firm are expensive, it can affect website’s ranking on search engines and they may lose client’s trust, which results in revenue loss. All businesses irrespective of size and industry are vulnerable to DDoS attacks. The organizations having business records, financial data and customer information are more targeted.

DDoS Cloud based Risk Mitigation Services

DDoS mitigation services is a set of techniques or tools for defending or mitigating the effect of distributed denial-of-service (DDoS) attack on Internet-connected networks by protecting the target at various levels of network. DDoS mitigation service can be deployed as a device on an organization’s premises or in their data centers, as a cloud service or hybrid of both. In this, they filter the traffic by accessing data repository stored in the Cloud, so regular customers are not affected. These services are customizable, reliable and can be Scaled up-down as per client’s need.

Big data and ML Integrated Solutions

DDoS attacks are becoming more frequent, Sophisticated and more effective with increasing speed of internet. The pool of potential attacks is now greater than ever considering the increasing availability of attacking tools and botnets. Humans are simply not enough to deter and block DDoS attacks and companies that rely on manual DDoS security and mitigation services are not completely protected against today’s and future threats. Big data Analytics systems can store and process huge data making it possible to have complete logs of raw data like IP address, which can be analyzed with the help of machine learning algorithms to prepare solutions that can help enterprises stay one step ahead of the DDoS attackers. This sector is still in initial phase of growth, but with time they will play a huge role in DDoS attack Prevention.

The main reason behind not buying a Distributed Denial of Service Protection Solution is the cost incurred in buying a service or dedicated team. The key to understanding the extent of the effect of DDoS attacks is to realize the importance or cost of network traffic being blocked or the downtime that will cost a business in terms of trust, reputation and money.