Wire implements new Messaging Layer Security protocol
IT Security Wire
Wire, the world’s most secure collaboration platform, is starting to implement the Messaging Layer Security (MLS) protocol into its platform architecture.
This will be the world’s first implementation of the MLS protocol in a federated environment and it marks the start of MLS as an open standard solution for communication.
Co-initiated by Wire as part of the Internet Engineering Task Force (IETF) Working Group which includes members from Cisco, Mozilla, Google, Facebook, Twitter, the University of Oxford and INRIA, MLS is a new protocol designed to bolster the security of enterprise messaging platforms by using end-to-end encryption within group communication.
MLS allows users to communicate across devices, within the cloud, while offering maximum fluidity, as it exists within a federated environment, with no central cloud needed for its implementation.
This opens up the possibility of using multiple devices in a secure environment, relying fully on an open standard, something that many business or government employees have been doing for some time in insecure environments.
Link: https://itsecuritywire.com/news/wire-implements-new-messaging-layer-security-protocol/
Start-up emerges with an ‘enterprise browser’
Lucas Mearian
Computer World
The Island browser is based on Chrome and can limit site access and stop employees from uploading and downloading data, copying and pasting information, and even taking screenshots.
Admins can fully control last-mile actions, from advanced security demands to more basic data exfiltration protections such as copy, paste, download, upload, screenshots, and other activities that might expose critical data.
The browser works with both Windows and macOS; mobile versions (for iOS and Android) as well as for Linux are forthcoming, the company said.
Link: https://www.computerworld.com/article/3648597/start-up-emerges-with-an-enterprise-browser.html
Binalyze secures $10.4 million in seed funding for enterprise forensics platform
Data Center Solutions
Binalyze, the Enterprise Forensics platform which enables enterprises to respond faster and more effectively to cyber threats, has raised $10.4 million (€9.1m) in its Seed funding round.
The investment will enable further innovation to define the standard for next-generation Enterprise Forensic solutions.
It will support the extension of Binalyze’s cloud-native capabilities to enhance coverage in cloud and container environments and enable it to continue to be the fastest and most complete Enterprise Forensics Platform on the market.
The investment will also accelerate Binalyze’s expansion in the US, Europe, and other key global markets enabling enterprises, MSP, and Incident Response partners to mount a forensic response to cybersecurity attacks in near-real-time.
This minimizes damage and cost to the business.
The investment, which brings total funding to date to $11.7 million, was led by European venture capital firm OpenOcean, with participation from Earlybird Digital East which led Binalyze’s pre-seed round last year.
Link: https://datacentre.solutions/news/63099/binalyze-secures-104-million-in-seed-funding-for-enterprise-forensics-platform
CyberCX aquisition of Cyber Research NZ a game-changer
Disp
CyberCX has today announced its successful acquisition of New Zealand cyber security company Cyber Research NZ Ltd, bringing further capability, talent and depth of experience to its service offerings in New Zealand and across the ANZ region.
Link: https://dispatchist.com/news/cybercx-aquisition-of-cyber-research-nz-a-game-changer/
Vicarius Announces $24 Million Series A Funding to Rebuild the Vulnerability Remediation Market for Today’s Remote, Cloud-Based World
Business Wire
NEW YORK–(BUSINESS WIRE)–Vicarius, developers of the industry’s first fully autonomous end-to-end vulnerability remediation platform, today announced a $24M Series A round to breathe new life into the vulnerability remediation market.
AllegisCyber Capital, JVP, and AlleyCorp led the round with executives from Okta, SecurityScorecard, and Exabeam providing capital as well.
Founded by three security experts, Michael Assraf, Yossi Ze’evi and Roi Cohen, Vicarius equips IT and security teams with a fully automated and consolidated platform, TOPIA, to assess, prioritize, and remediate vulnerabilities in applications, assets, and operating systems.
Traditional network and scanning-based tools focus exclusively on vulnerability discovery or patch management and can’t adapt to changing WFH infrastructure.
Vicarius provides a cloud-first, integrated solution that closes the loop from discovery to remediation for today’s shift to remote work and cloud-based applications.
Because Vicarius provides threat insight as well as extensive patching capabilities and prioritization, IT and security teams have a deeper understanding of what is vulnerable, how much risk is present, and where patches have been applied.
As a result, CISOs and IT administrators achieve safer networks and lower likelihood of exploitation through cooperation.
Link: https://www.businesswire.com/news/home/20220209005459/en/Vicarius-Announces-24-Million-Series-A-Funding-to-Rebuild-the-Vulnerability-Remediation-Market-for-Today%E2%80%99s-Remote-Cloud-Based-World
Cyware Enhances Automated Threat Intelligence Sharing for Auto-ISAC to Promote a Collective Defense
AI Thority
Cyware, the industry’s only Virtual Cyber Fusion Platform provider, announced that it has partnered with the Automotive Information Sharing and Analysis Center (Auto-ISAC) to give its members the ability to automatically aggregate, share, and collaborate on actionable threat intelligence.
Over 20+ ISACs / ISAOs leverage Cyware solutions as the de facto standard for automated threat intelligence sharing, collaboration, and distribution.
Auto-ISAC joins a cross-sector, connected network of over 20 other Information Sharing Analysis Centers (ISACs) and Community Emergency Response Teams (CERTs) using Cyware’s Situational Awareness Platform (CSAP) and Threat Intelligence Exchange (CTIX) to boost their overall threat intelligence sharing process, accelerate incident response time, and reduce cybersecurity risk.
Link: https://aithority.com/security/cyware-enhances-automated-threat-intelligence-sharing-for-auto-isac/
SecOps and XDR: Why trusted digital operations centers are essential
Mark Fernandes
Tech Beacon
Security operations are evolving from a purely technical capability to a key contributor to business resiliency, with cybersecurity becoming an imperative for organizations that have become keenly aware of the need to enable their digital future.
The latest generation of SOCs further extends XDR to turn SOCs into trusted digital operations centers (TDOCs), which bring advanced threat hunting capabilities to infrastructure, network signals, and the cloud.
Some of the capabilities of the new TDOC are:
Securing the digital value chain, reducing friction to the business, and enabling adoption of innovation to drive new markets and customer value
Crossing over electronic capability to enable enterprise resiliency, such as the ability to combine fraud with cybercrime to provide a holistic view of digital risk
Tying measurement to performance of business goals to evolve the SOC from a tech-oriented to a business-oriented capability
Providing an anti-fragility platform where any systemic threats to the business help strengthen its cyber defense through machine-aided root-cause analysis, learning, and transformational metrics
Ensuring self-healing and zero interruption to the business to limit disruption in delivery of value to the customer or stakeholder
Moving beyond the reactionary methods of traditional SOCs and XDR centers to build greater sensing and interpretation methods
Automating repeatable and expert tasks that are best done by machines so teams can focus on tasks best performed by wetware, such as creative threat hunting
Collaborating with trust circles, peers, and other parties to be proactive about threats through tightly coupled and cross-functional intelligence sharing
A traditional SOC can’t be transformed into a TDOC overnight.
During the first phase of the plan’s implementation, the business should establish the basis for the TDOC to accelerate digital transformation by clearly defining governance, capabilities, alignment with the business, and agile structure needed to do so.
Link: https://techbeacon.com/security/secops-xdr-why-trusted-digital-operations-centers-are-essential
Integrating IT Security with DevSecOps: Best Practices
Aminu Abdullahi
Enterprise Networking Planet
What Is DevSecOps?
==================
Why care about DevSecOps.
What does it look like in practice?
Challenges to Address Before Implementing DevSecOps
===================================================
Lack of integration between DevOps and IT security tools
Software development lifecycle/pipeline practices
Issue detection/response mechanism
Defining ownership
Security mindset
Why is IT Security Integral to the DevSecOps Cycle?
===================================================
IT Security and DevSecOps Integration Best Practices
====================================================
Automate tools and processes
Encourage culture change across organizations
Test early and often
Communicate proactively
Adopt static application security testing (SAST)
Adopt dynamic application security testing (DAST)
Adopt interactive application security testing (IAST)
Adopt application security testing as a service (ASTaaS)
========================================================
Future of DevSecOps in Enterprises
Link: https://www.enterprisenetworkingplanet.com/guides/integrating-it-security-with-devsecops-best-practices/
8 Penetration Testing Trends You Should Know in 2022
Niranjan Limbachiya
D Zone
The Three Kinds of Penetration Testing:
- White-box Testing
- Black-box Testing
- Grey-box Testing
The international pen-testing market is projected to hit a CAGR of around 14.2% during 2018-2027.
It is estimated to reach around $ 2.6 billion by the year 2027
According to the newest study Penetration Testing Market is anticipated to mature at a CAGR of 24.9% from 2017 to 2025.
The pen tests market size was projected to be USD 4,426 million in 2016 and is estimated to reach USD 6,887 million by 2025, registering a CAGR (compound annual growth rate) of 24.9 percent.
The pen tests industry is primarily driven by continuous cyber-attacks and mounting cybersecurity threats.
The Pen testing market is also estimated to hit 3.2 billion and rise with a 27 percent CAGR (compound annual growth rate) during the prediction period 2016-2023
As per Verified Market Research the Pen Testing Market size was valued at $ 1) 39 Billion in 2020 and is estimated to hit USD 7) 79 Billion by 2028, growing at a Compound annual growth rate (CAGR) of 24 percent from 2021 to 2028)
Top 8 Penetration Testing Trends to adapt in 2022
1) DevSecOps
2) Blockchain-centric Tech will increase the stakes for Security
3) Cloud-Services Attacks
4) Integrations with GRC, SIEM, and Helpdesk systems
5) Artificial intelligence (AI) -centric Cybersecurity
6) Machine learning (ML)
7) The Rising Threat of Ransomware
8) Environment-friendly 5G networks
5 Best Security Test Tools Of 2022
1- Burp Suite
2- AppScan
3- Nmap
4- Nessus
5- Metasploit
Link: https://dzone.com/articles/8-penetration-testing-trends-you-should-know-in-20