Cybersecurity

Three Small Cybersecurity Tips That Make A Big Difference

Written by Max Emelianov, CEO HostForWeb
 

Protecting your business doesn't always require you to spent six figures on security infrastructure or perform hundreds of penetration tests. As with many things in life, it's the little things that really count. Here are a few things you can do right now to enhance your business's security posture - and they won't cost a thing.

There's a lot of doom and gloom in the cybersecurity space. It seems like you can't even read the news without hearing about some terrifying new black hat organization, or some highly-sophisticated malware that's bringing businesses to their knees across the world. It's hard not to adopt something of a fatalist outlook amidst all that chaos.

After all, if these large enterprises with their million and billion dollar security budgets can't fend off hackers, what chance do the rest of us have?

A pretty good one, actually. See, while it's certainly true that there are a ton of well-funded, extremely advanced hacking groups out there, the chances that one of them will directly target your business are extremely slim. Likely as not, anyone who goes after you is simply taking a shotgun approach to their hacking - throw a bunch of attempts at the wall and see which ones work.

TechDemocracy Announces IT Risk Management Platform for Amazon Web Services

TechDemocracy announced that its flagship platform, Intellicta, is now optimized for Amazon Web Services (AWS), letting boards of directors and senior management teams bridge the visibility gaps across their compliance, security, risk and governance functions, all while merging their enterprise security silos with AWS.

Intellicta's unique Digital Risk Management (DRM) Assurance framework offers the capability of getting a proactive and comprehensive view of the overall cybersecurity resilience and all-inclusive dashboard across each service and application within the Amazon Cloud.

Under the AWS shared responsibility model, Intellicta provides 360 degrees of visibility when it comes to various threat vectors that arise in the areas of infrastructure security; access control; logging and monitoring; configuration and vulnerability analysis; and data loss prevention. It also performs an in-depth analysis on the effectiveness of existing cyber risk and compliance solutions and offers a consolidated view of enterprise risk posture.

New Nerdio Security Features Available in the Microsoft Azure Marketplace

Nerdio, a provider of cloud IT automation for the public and private cloud, today announced the availability of new security features in Nerdio for Azure on the Microsoft Azure Marketplace, an online store providing applications and services for use on Microsoft Azure. The new features, also available in Nerdio Private Cloud, are designed to help managed service providers (MSPs) and small to medium-sized corporations (SMCs) with enhanced cybersecurity guidance.

"As new threats are constantly emerging and known vulnerabilities continue to evolve, it's increasingly challenging for organizations to stay ahead of security issues in an effective and resource-efficient way," said Vadim Vladimirskiy, CEO of Nerdio. "Our new security tools extend the efficiencies and benefits of MSPs and internal IT departments and empower them to be more effective in identifying and implementing which controls will truly serve the organization best."

Nerdio for Azure is an automation platform for pricing, packaging, provisioning, management, and optimization of IT environments. It uses Office 365 with Azure Active Directory ADFS, Azure virtual machines with premium managed disks, Azure Recovery Services for both backup and DR replication, and the latest Server 2016 with its optimized RDP v10 protocol running on top of GPU-enabled virtual machines. Nerdio Private Cloud is a fully integrated platform that delivers comprehensive IT infrastructure.

New McAfee Report Reveals Data in the Cloud More Exposed Than Organizations Think

McAfee, the device to cloud cybersecurity company, today released its Cloud Adoption and Risk Report, which analyzed billions of events in anonymized customers production cloud use to assess the current state of cloud deployments and to uncover risks. The report revealed that nearly a quarter of the data in the cloud can be categorized as sensitive, putting an organization at risk if stolen or leaked. Coupled with the fact that sharing sensitive data in the cloud has increased 53 percent YoY, those who do not adopt a cloud strategy that includes data loss protection, configuration audits and collaboration controls, will endanger the security of their most valuable asset-data-while exposing themselves to increased risk of noncompliance with internal and external regulations.

The study found that while organizations aggressively use the public cloud to create new digital experiences for their customers, the average enterprise experiences more than 2,200 misconfiguration incidents per month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances. Cloud service providers only cover the security of the cloud itself, not customer data or customer use of their infrastructure and platforms. Companies are always responsible for securing their data wherever it is, hence highlighting the need to deploy cloud security solutions that span the whole cloud spectrum, from SaaS (software-as-a-service) to IaaS and PaaS.

"Operating in the cloud has become the new normal for organizations, so much so that our employees do not think twice about storing and sharing sensitive data in the cloud," said Rajiv Gupta, senior vice president of the Cloud Security Business, McAfee. "Accidental sharing, collaboration errors in SaaS cloud services, configuration errors in IaaS/PaaS cloud services, and threats are all increasing. In order to continue to accelerate their business, organizations need a cloud-native and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS."

Armor Cloud Security Poll Finds Companies Are Comfortable Putting Sensitive Data in the Cloud

Grazed from Armor

Armor, a leading cloud security solutions provider, has released the results of its second annual social media poll. The responses will give readers a quick take on how businesses and institutions view their cybersecurity posture, especially as it relates to adopting the cloud.

The annual #ArmorU poll fielded responses from 37,000 Twitter users over a 13-week period. According to the findings captured in the #ArmorU Report, many corporate employees are ready to store highly sensitive data in the cloud. However, many are still skeptical of the security posture of their own organizations. Additional key findings show that reducing the cost of managing security, maintaining compliance, and improving incident response capabilities are important pieces of the security puzzle as digital transformation pushes companies toward cloud adoption.

Pulse Secure Launches New Packaging to Fuel Secure Access Services for Cloud and Hybrid IT

Grazed from Pulse Secure

Pulse Secure, the leading provider of Secure Access solutions to both enterprises and service providers, announced the launch of new packaging of its award-winning Pulse Access Suite for Managed Security Service Providers (MSSPs). The solution offers service providers an accelerated, cost-effective means to differentiate and build out their service portfolio to meet the massive demand for protected connectivity to cloud applications and hybrid IT resources.

Pulse Secure offers a comprehensive, integrated and highly interoperable set of Secure Access solutions spanning remote, mobile and cloud access security; network visibility and access control; and application delivery. The suite allows service providers to extend lucrative access protection, endpoint compliance, threat response and availability services for the data center, hosted in the cloud or running as SaaS.

The service provider packaging optimizes capital expenditure through an on-demand, pay-per-use model. MSSPs can spin up or spin down virtual Secure Access instances and licenses at a cost based on the number of concurrent monthly users. On-demand provisioning and tiered, user-based pricing gives service providers needed flexibility for customer onboarding, growth spurts and business downturns.

 

RiskSense Cloud Service Protects Against Cyber Threats and Vulnerabilities Ahead of Midterm Elections

Grazed from RiskSense

RiskSense, Inc., pioneering risk-based vulnerability prioritization and management, today announced its AI-Assisted Pen Testing Service called Attack Surface Validation for Election Systems which provides complete visibility and prioritization of security vulnerabilities that enables any district to remediate problems before the midterms. Immediate findings are delivered through the RiskSense cloud-service and cover the assessment of a district's entire voting ecosystem, including devices, applications, databases, networks, etc., for vulnerabilities, missing patches, misconfigurations, and more. RiskSense allows resource and security expert-constrained districts to know what to urgently fix, and receive validation that remediation actions were successful.

"I am not a security expert, but I knew it was important to assess the security of the technology and processes used in my district," said the New Mexico Secretary of State. "The priorities and prescriptive actions provided to our IT staff by RiskSense allowed us to prepare and remediate quickly as findings came to light with the specialized attack scenarios. We have the results to share amongst our constituents that our district will not be idle nor let our community be vulnerable to tampering."

WhiteHat Application Security Report Released Today

WhiteHat Security released its 2018 Application Security Statistics Report, "The Evolution of the Secure Software Lifecycle," today.  The report identifies the security vulnerabilities and challenges introduced into the enterprise through traditional applications, and through agile development frameworks, microservices, application programming interfaces (APIs), and cloud architectures. 

WhiteHat's annual study was published in partnership with NowSecure, providers of automated mobile app security testing; and Coalfire, providers of cyber risk management and compliance services for public and private enterprises.

One of the greatest concerns discovered by these methods, alongside WhiteHat's application security testing, is that with few exceptions, the number of serious vulnerabilities per site has increased across all major industries, despite some improvements in finance, healthcare and retail. Unfortunately, these verticals are still struggling with long windows of exposure combined with very high times to fix, which has driven up security risk levels compared with last year's report

Three Steps You Need to Take to Ensure the Security of Your Business

When you are running a business in the modern world, to achieve any success, you will be using a vast variety of different, innovative technology. The developments and advancements in technology and the use of the internet in the past few decades have not only changed the way you will do business but, indeed, the way you will live your entire life. For all the great things technology brings, however, there will always be people who use it unlawfully or for bad purposes, such as hacking into accounts or stealing information. As the head of a business, it is incredibly important that you take every step you possibly can to safeguard your business from these potential security issues. As the leader, you will have a huge number of tasks on your to-do list and adding in time to think of possible ways you can improve security shouldn't be one of them. This handy guide will walk you through some of the essential things you should seriously consider doing as soon as possible to make sure your company is well and truly protected. 

Keeping threats at bay

McAfee Expands Support for Amazon Web Services with New MVISION ePO on AWS

Grazed from McAfee

McAfee, the device-to-cloud cybersecurity company, today announced the availability of McAfee MVISION ePolicy Orchestrator (ePO) on Amazon Web Services (AWS). This new Software-as-a-Service (SaaS) deployment gives organizations more time to dedicate their efforts on security concerns by eliminating the typical hardware, software and database maintenance tasks associated with on-premises management solutions.

McAfee MVISION ePO is a SaaS solution that offers a simplified, centralized point of view and comprehension. It removes the deployment and maintenance overhead of backend infrastructure and allows customers to easily migrate their existing McAfee ePO environment. Organizations can focus exclusively on reducing security risk with the agility of AWS and always run the latest security capabilities. With McAfee MVISION ePO on AWS, McAfee manages the service and further leverages AWS to provide premier infrastructure.

"We're excited to see the launch of McAfee MVISION ePO on AWS, giving enterprises the ability to continue their cloud journey with an additional layer of security," said Rohit Gupta, global segment leader, Security, Amazon Web Services, Inc. "We look forward to continuing and strengthening our relationship with McAfee in the future."

"With AWS, we can simplify the deployment of McAfee MVISION ePO to remove barriers for customers and allow them to take advantage of our security management platform from anywhere," said Raja Patel, vice president and general manager of Corporate Security Products, McAfee. "Offering McAfee MVISION ePO on AWS, an open and integrated security management console, supports our customers' cloud transformation and allows their security technologies to work in tandem to create a strengthened defence."