Stairwell Inception helps organizations get ahead of the most sophisticated attackers

Stairwell launched Inception, a platform for recursive threat hunting, detection, and response. Inception helps security practitioners decisively and quickly determine if they were compromised—now or in the past—by immediately surfacing threats that typically take months to detect. Stairwells’s approach—inside-out security—caught the eye of leading investors, securing $20 million in Series A funding from Sequoia Capital, […]

Continue Reading

Beyond Identity’s solution secures the software supply chain against insider threats and malicious attacks

Beyond Identity announced a solution that closes a critical vulnerability and secures the software supply chain against insider threats and malicious attacks. Beyond Identity’s new Secure DevOps product establishes a simple, secure, and automated way to confirm that all source code entering a corporate repository and processed by the continuous integration/continuous deployment (CI/CD) pipeline is […]

Continue Reading

Execs concerned about software supply chain security, but not taking action

Venafi announced survey results highlighting the challenges of improving software supply chain security. The survey evaluated the opinions of more than 1,000 IT and development professionals, including 193 executives with responsibility for both security and software development, and revealed a glaring disconnect between executive concern and executive action. While 94% of executives believe there should […]

Continue Reading

Protecting your company from fourth-party risk

In a world that is becoming ever more interconnected, organizations are learning firsthand that they are not only vulnerable to the adverse events that their vendors experience but also to the incidents that happen to those vendors’ vendors. Recent events such as the SolarWinds breach, Microsoft Exchange server attack and Fastly outage have revealed that […]

Continue Reading

IPKeys Power Partners SigmaFlow Beacon helps organizations align with NERC compliance mandates

IPKeys Power Partners released its SigmaFlow Beacon platform to provide utilities, generators, and grid operators a simple, unified solution for cybersecurity monitoring and compliance requirements. The SigmaFlow Beacon platform is built specifically to help organizations align with North American Electric Reliability Corp. (NERC) compliance mandates. It provides NERC registered entities with a single solution to […]

Continue Reading

Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation

SolarWinds did not enable anti-exploit mitigation available since 2006 allowing threat actors to target SolarWinds Serv-U FTP software in July attacks. Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July. Microsoft, which investigated the incidents, […]

Continue Reading

Reliance on third party workers making companies more vulnerable to cyberattacks

A survey from SecZetta revealed 83% of respondents agree that because organizations increasingly rely on contractors, freelancers, and other third party workers, their data systems have become more vulnerable to cyberattacks. Further, 88% of people say organizations and government entities must have better data security systems in place to protect them from the increase in […]

Continue Reading