About Us

Mandiant and Interos to Provide Risk Management

Mandiant and Interos have announced a strategic partnership to provide advanced insights and analysis to help enterprises defend against cyber-attacks and other operational resilience threats. The collaborative partnership aims to bring to market new intelligence based on insights gleaned from the Interos Resilience Lab, as well as Interos’ SaaS platform and Mandiant’s frontline investigations and remediations of high-impact cyber-attacks around the world. Interos reinvents supply chain management and business relationships to reduce risk, avoid disruptions, and achieve superior enterprise adaptability.

According to the Mandiant M-Trends 2022 report, global supply chains remain an appealing target for threat actors looking to exploit trusted business-to-business relationships, as attacking the supply chain provides an opportunity to pivot from one supplier network into multiple customer networks at the same time. In fact, when the initial infection vector was identified, supply chain compromise accounted for 17 percent of Mandiant intrusions investigated in 2021, up from less than 1% in 2020.

Marshall Heilman, Chief Technology Officer of Mandiant commented, “Interos is focused on helping organizations ensure operational resilience; continuously delivering in-depth analysis on criticality for risk and risk management. Together with Interos, Mandiant will be able to proactively problem-solve with a company that is leading the way in ensuring organizations of all sizes understand key attack vectors across the supply chain, threat actors, and nation-state threats.”

The partnership announcement comes after the Cybersecurity and Infrastructure Security Agency (CISA) issued a recent alert warning of an increase in malicious cyber activity targeting managed service providers (MSPs). The advisory also advised MSPs to understand and manage supply chain risk proactively.

Nishant Gupta, Chief Technology Officer, Interos stated, “The CISA warning is more evidence that existing supply chain risk management systems were not designed for today’s complex risk environment. Our collaboration with Mandiant will provide multi-factor risk intelligence to help commercial and government organizations better protect targeted entities in their third-party relationships to insulate them from disruption, ransomware, and IP theft. We’re proud to partner with Mandiant to help leaders discover hidden business relationships and exposure to cyber vulnerabilities.”

Read more articles:

CyberCube and Kroll Launched CAERS

Palo Alto Networks Launched Supply Chain Security!

Palo Alto Networks, a global cybersecurity leader launched Prisma Cloud Supply Chain Security. It provides a comprehensive view of potential vulnerabilities or misconfigurations that occur in the software supply chain, which gives enterprises the leverage to easily trace and remedy them. These security issues could allow attackers to enter networks, disseminate harmful payloads throughout an organization’s software, and access sensitive data if not swiftly rectified or, better still, avoided when coding.

Prisma Cloud Supply Chain Security enables the security of the interrelated components that make up and supply cloud-native apps by using a full stack, full lifecycle approach. It can aid in the detection of vulnerabilities and misconfigurations in code, such as open-source packages, infrastructure as code (IaC) files, and delivery pipelines, such as VCS and CI pipeline setups.

Senior Vice President, Prisma Cloud products at Palo Alto Networks, Ankur Shah, stated “Every day new vulnerabilities are found in open source and other software components that have previously been integrated into the organization’s software code. Without the proper tools, it is very difficult for organizations to quickly spot where they have used the unpatched versions of these components. Prisma Cloud is designed to help protect organizations from code to cloud; and now that customers can visualize their software supply chain, it’s easier to spot, prioritize, and remediate security weaknesses at the onset of development and during delivery pipelines.”

Multiple providers of code or cloud resource layer only give vulnerability and misconfiguration data. Prisma Cloud, already a leader in cloud-native security and the most comprehensive Cloud-Native Application Protection Platform (CNAPP), now offers Supply Chain Security, which provides not only full lifecycle visibility and protection but also the context of where a vulnerability fits into a cloud architecture’s layers.

Entreda Acquires Privva, an Innovative Provider of Cloud-Based Supply Chain Risk Management Software

Entreda, the leading cyber security company offering cyber security training to the independent financial advice industry and a wholly owned subsidiary of Smarsh announced the acquisition of Privva. The Cloud-based Platform of Privva enables organisations to carry cyber risk evaluations in order to manage third party vendors and internal risks.

The acquisition strengthens Entreda’s relationship with Privva as strategic partners. The products and services of Entreda help mitigate the risk of breaches of IT systems and networks. In the meantime, Privva’s provides help to companies to assess their vendors and suppliers’ cyber security preparation. Entreda and Privva will create a more streamlined and integrated offering that allows customers to do business with greater trust.

Privva’s game-changing technology enables regulated organizations, including wealth management firms, to identify and mitigate vulnerabilities in the cybersecurity posture of their third-party vendors and suppliers and do so in a streamlined, automated way. Firms can never be too sure about the cyber hygiene of partners, no matter how familiar they believe they are. They owe it to themselves and their clients to offer a greater level of security, and Privva’s solution offers just that,” said Sid Yenamandra, CEO and founder of Entreda.

Going forward, Privva will do business under the Entreda brand, and Founder and CEO Ishan Girdhar will continue to lead the Privva organization, reporting to Mr. Yenamandra.

“It’s a great honor and pleasure to join Entreda, a Smarsh company and cybersecurity leader in the wealth management space, whose track record of protecting client firms’ sensitive data speaks for itself. Privva and Entreda have worked together for nearly two years implementing Privva’s solution into some of the largest wealth management firms’ platforms. The opportunity to fully integrate with Sid and his team was ideal, as the combined entity will enable both of us to serve firms even more effectively,” said Mr. Girdhar.

“The closer integration of the Entreda and Privva platforms will enhance Advisor Group’s ability to perform cyber risk assessments of thousands of advisors and branch offices in our network and protect them – along with their clients,” said Jon DeLaCastro, VP of Security Assurance, Governance, Risk & Compliance, for Advisor Group.

Sid Yenamandra said, “With the advent of remote work and cloud apps, wealth firms and advisors are relying on tools from third-party vendors more than ever before. Combined with and integrated into our Unify platform, Privva’s proprietary risk scoring methodology will ensure that our client firms can do business with their suppliers, knowing that their data is well protected.”

Entreda is the leading provider of cybersecurity in the field of wealth management with over 300 companies. Entreda will expand its presence beyond its conventional markets by adding Privva’s customers to financial services, law, technology and healthcare services.

BlackBerry and Deloitte Formed an Alliance to Secure IoT Software Supply Chains

BlackBerry Limited and Deloitte announced that they are collaborating to assist OEMs to secure their supply chains by building mission-critical applications.

Deloitte will use BlackBerry® Jarvis tool to provide open source (OSS) software, common vulnerabilities and exposures (CVE) and software data bill (SBOM) analyses to help its clients in the medical, automotive or aero industry, to ensure safe and secure software as part of the agreement. 

In order to ensure the safety of its traffic management and wider transport infrastructure, the G7 Transportation Ministry has selected the joint software and services of the companies.

“We’re thrilled to partner with Deloitte to help OEMs and those responsible for critical infrastructure better understand their embedded systems security challenges with a view to ensuring their end products are both secure and updated with the most recent security patches. Just as a health-conscious grocery shopper can benefit from scrutinizing nutrition labels on food packages, an embedded software developer can gain a whole host of insights by leveraging tools and expertise that enable them to detect issues in their supply chain that may have real implications for intellectual property disputes, security risks and overall quality,” said Adam Boulton, Chief Technology Officer, BlackBerry Technology Solutions. “

BlackBerry Jarvis is designed to respond to the increasing complexity and threats to cyber-security among multi-stage supply chains. It enables OEMs to monitor their code origin and each software asset in their supply chain to ensure their products are both safe and upgraded with the latest safety patches.

By identifying vulnerabilities, BlackBerry Jarvis address the need for deeper action in minutes. Otherwise, manual scanning would take a large number and impractical time for a large number of experts.

Stephen Meagher, Director of IOT for Risk Advisory, Deloitte said, “Deloitte is very excited to partner with BlackBerry. Our already productive relationship will focus on key mobility and other market opportunities.  We’re confident that BlackBerry’s deep security heritage and expertise complimented by Deloitte’s world leading Risk Advisory teams will create a compelling value proposition for new and existing clients.”

Black Kite Introduced Aviator Partner Program to Expand Deployment Cyber Risk Ratings Solutions

Black Kite launched the Black Kite Aviator partner program. Black kite is a recognized cyber risk ratings firm. Aviator allows IT solutions providers to expand their cyber risk services portfolio and assist clients in securing their supply chains. The Aviator program has reached an agreement with more than 50 companies.

Members of the Aviator partnership program will have rights to use Black Kite’s industry-leading platform, which streamlines third-party risk management, uses open-source intelligence and non-intrusive scans, provides automated and continuous monitoring, and measures third-party technical, financial, and compliance risk. Members of the program will also have access to Black Kite’s partner site, which has a repository of sales and marketing materials, a formal deal registration procedure, and other enablement tools.

“Every organization needs third-party risk visibility and a means of determining the financial, brand, and reputational costs,” said Paul Paget, CEO of Black Kite. “The Aviator partner program will make Black Kite’s unique cyber risk and ransomware rating tools available to companies in the healthcare, financial services, manufacturing, and automotive verticals.”

The Ransomware Susceptibility IndexTM (RSITM), the OpenFairTM Tool, and a scalable that system reduce vendor evaluation times from weeks to hours are among the cyber risk solutions offered by Black Kite.

The RSI is a tool that calculates incident susceptibility and detects ransomware-prone companies. The OpenFair System is the first automated risk-assessment software for C-suite executives that calculates the financial implications of cyber breaches in quantified, convenient commercial terms. The Black Kite software continuously monitors for modifications across 20 cybersecurity categories, keeping vendor risk evaluations up to date.

Argon announces Integrity solution, the first software supply chain security solution in the industry that prevents supply chain attacks

Argon Security announced the introduction of its patent-pending IntegrityTM technology, which enables businesses to detect and prevent software supply chain cyberattacks such as the ones that hit SolarWinds and ClickStudios. Misconfigurations, vulnerabilities, and weak dependencies in the company’s CI/CD pipeline are also eliminated, reducing supply chain risks.

Argon IntegrityTM strengthens Argon’s position as a leader in software supply chain security for the modern paradigm of DevOps-led high-velocity software development and increased trust and confidence in businesses’ software releases.

Argon’s patent-pending solution monitors the development process and prevents source-code tampering or manipulation during the software development and release process. Together with the infrastructure hardening and process security, Argon is the only solution in the market that provides holistic, multi-layered prevention of supply chain threats.

“The SolarWinds’ breach highlighted the fact that the software supply chain is a new attack vector that organizations are not currently equipped to defend against. Our solution provides full visibility into the development environment and protects our customers from bad actors who seek to tamper with their code or native behavior and uptime of their applications,” said Eilon Elhadad, CEO, Argon.

“Defending against supply chain attacks is a difficult challenge. Argon is the first solution I’ve seen that can provide broad visibility and security across your software supply chain, detect and prevent risks from misconfigurations, vulnerabilities, and supply chain attacks. This is a quantum leap forward for the defending side,” said Stephen Davis, Chief Information Security Officer at Macmillan.

Cybercriminals are taking advantage of the high complexity and low security within new modern software development environments to exploit and cause massive damage, not only to the attacked corporation, but to their thousands of clients, in this new trend of software supply chain attacks that preyed on SolarWinds, Codecov, and thousands of other companies. Most firms that generate code have implemented continuous integration and delivery (CI/CD) techniques to automate their software development during the last few years, helping them to speed up product and feature releases while maintaining a competitive edge over their markets. As a result, they’ve become a target for supply chain attacks.

“Argon’s solution enables companies to secure their software supply chain against the risks of supply chain attacks effectively. Our unique and in-depth security technology allows us to cross-check and validate actions across the pipeline and prevent damage to the company’s infrastructure, code or application from supply chain attacks. Such consolidated multi-layer coverage is not available in the market today under a single solution,” said Eran Orzel, Argon’s chief revenue and customer officer.