Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Tuesday, August 3, 2021

Juniper offer Zero Trust Cloud Workload Protection

Juniper Networks introduced a Zero Trust Data Center architecture to automatically defend application workloads in any cloud or on-premises data center environment against application exploits as they happen, including the Open Web Application Security Project (OWASP) Top 10 and memory-based attacks.

Juniper Cloud Workload Protection is a lightweight software agent that controls application execution and monitors the application’s behavior and context, with vulnerability remediation is done automatically without admin intervention. 

The company says its new product provides the following critical capabilities:

  • Signatureless Run-Time Application Self-Protection (RASP) provides real-time protection against attacks. It protects the application from malicious actions, such as exploitation and data theft, without any manual intervention, catching sophisticated attacks that endpoint detection (EDR) and web application firewall (WAF) solutions cannot.
  • Memory-Based Attack Prevention provides real-time protection against advanced memory-based attacks, including fileless, return-oriented programming (ROP) and buffer overflow attacks.
  • Vulnerability Detection continuously assesses vulnerabilities in applications and containers to detect serious and critical exploit attempts as they happen. Juniper Cloud Workload Protection delivers information on the exploit attempt to DevSecOps teams to better understand where the vulnerability exists, so they can remediate.
  • Comprehensive Telemetry provides rich application-level security event generation and reporting, including application connectivity, topology and detailed information about the attempted attack.
  • Optimized Control Flow Integrity (OCFI) technology minimizes false alerts by validating the execution of applications and detecting attacks without using behavior or signatures.
  • Zero Trust Microsegmentation shields application resources from lateral threat propagation and integrates with Juniper vSRX Virtualized Firewalls to restrict access based on risk, even as workloads and virtual environments change. Automated threat response with built-in, real-time telemetry helps security teams detect threats once and block them across the entire network.

https://blogs.juniper.net/en-us/security/connecting-and-protecting-applications-within-a-zero-trust-data-center-architecture-with-juniper-cloud-workload-protection

Nozomi raises $100 million for OT and IoT security

Nozomi Networks, a start-up based in San Francisco, announced a $100 million pre-IPO-funding round to help accelerate its OT and IoT security solutions.

The company said it plans to grow its sales, marketing and partner enablement efforts, and enhance its products to address new challenges in both the operational technology (OT) and internet of things (IoT) visibility and security markets. 

The Series D funding was led by Triangle Peak Partners and included Forward Investments, Honeywell Ventures, In-Q-Tel, Keysight Technologies, Porsche Ventures, and Telefónica Ventures.

“As we began the fund-raising process, many of the largest ecosystem partners in the world along with our customers recognized Nozomi Networks as the industry leader and requested the opportunity to invest in the company,” said Edgard Capdevielle, President and CEO of Nozomi Networks. “It’s the ultimate endorsement when not only a prestigious firm such as Triangle Peak Partners leads the investment, but customers and partners embrace Nozomi Networks and further validate our market leadership.”

“With the OT and IoT security market on the verge of explosive growth, Nozomi Networks has not only risen to the top but is strongly positioned to continue to outpace the market,” said Dain F. DeGroff, Co-founding Partner and President, Triangle Peak Partners.“The company’s consistently strong performance in combination with an impressive R&D model and its ability to scale quickly set itself apart. We’re excited to be a part of Nozomi Networks’ future.”


Thursday, July 29, 2021

Biden signs order on Cybersecurity for Critical Infrastructure

President Biden signed a National Security Memorandum (NSM) on “Improving Cybersecurity for Critical Infrastructure Control Systems”. There are two key parts:


  • Directs the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST), in collaboration with other agencies, to develop cybersecurity performance goals for critical infrastructure. We expect those standards will assist companies responsible for providing essential services like power, water, and transportation to strengthen their cybersecurity.
  • Formally establishes the President’s Industrial Control System Cybersecurity (ICS) Initiative. The ICS initiative is a voluntary, collaborative effort between the federal government and the critical infrastructure community to facilitate the deployment of technology and systems that provide threat visibility, indicators, detections, and warnings. The Initiative began in mid-April with an Electricity Subsector pilot, and already over 150 electricity utilities representing almost 90 million residential customers are either deploying or have agreed to deploy control system cybersecurity technologies. The action plan for natural gas pipelines is underway, and additional initiatives for other sectors will follow later this year.

https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/fact-sheet-biden-administration-announces-further-actions-to-protect-u-s-critical-infrastructure/

Wednesday, July 21, 2021

BT makes equity investment in SAFE Security

BT announced a multi-million pound investment in Safe Security, cyber risk management firm based in Palo Alto, California.

The company's Security Assessment Framework for Enterprises') platform allows organisations to take a health check of their existing defences and understand their likelihood of suffering a major cyber attack.

Philip Jansen, Chief Executive of BT, said: "Cyber security is now at the top of the agenda for businesses and governments, who need to be able to trust that they're protected against increasing levels of attack. Adding SAFE to BT's proactive, predictive security services will give customers an enhanced view of their threat level, and rapidly pinpoint specific actions needed to strengthen their defences. Already one of the world's leading providers in a highly fragmented security market, this investment is a clear sign of BT's ambition to grow further."

Saket Modi, Co-founder and CEO of Safe Security, said: "We're delighted to be working with a proven global security leader in BT. Their investment and strategic partnership with Safe Security will further accelerate our vision of making SAFE scores the industry standard for measuring and mitigating cyber risks. By aligning BT's global reach and capabilities with SAFE's ability to provide real-time visibility on cyber risk posture, we are going to fundamentally change how cyber security is measured and managed across the globe."    

https://www.safe.security/

Wednesday, June 30, 2021

SentinelOne completes highest-valued cybersecurity IPO

SentinelOne, a cybersecurity firm based in Mountain View, California, completed an initial public offering of 35,000,000 shares of its Class A common stock at a public offering price of $35.00 per share, raising $1.2 billion for the firm. 

The shares, which are listed on the New York Stock Exchange under the ticker symbol "S", closed on 30-June-2021 at $42.50, giving the company a market cap of over $10 billion.

Thursday, June 24, 2021

 Illumio raises $225 million for its Zero Trust Segmentation

Illumio, a start-up based in Sunnyvale, California, announced a $225 million Series F funding round at a $2.75 billion valuation for its Zero Trust Segmentation solutions. 

Illumio says its Zero Trust Segmentation SaaS platform delivers automated enforcement in minutes, dramatically reducing risk by stopping successful cyberattacks and ransomware from moving to other applications, clouds, containers, data centers, and endpoints. Th company claims many Fortune 100 companies and hundreds of global enterprises as customers, including the three top enterprise SaaS companies, five of the leading insurance companies, and six of the ten biggest banks in the world.

The round was led by Thoma Bravo and is also supported by Franklin Templeton, funds managed by Hamilton Lane, and Owl Rock, a division of Blue Owl Capital.

“Adopting Zero Trust strategies has never been more important for organizations across all industries, as the Biden Administration’s recent cybersecurity Executive Order demonstrates. This investment signals that now is the time to reimagine the cybersecurity model as we know it, with Zero Trust Segmentation playing a fundamental role in this strategic shift,” said Andrew Rubin, CEO and co-founder of Illumio. “With this funding, we will accelerate our innovation in product and engineering, further invest in customer success, and build upon our global partner strategy.”



Tuesday, June 15, 2021

Nokia: Most DDoS attacks originate from under 50 hosting companies

In-depth analysis provided by Nokia Deepfiled across large sample of networks globally finds that majority of DDoS attacks originate from fewer than 50 hosting companies and regional providers.

Nokia said its study examined service provider network traffic encompassing thousands of routers on the internet between January 2020 and May 2021. Among the findings, which were presented by Dr. Craig Labovitz, Nokia Deepfield CTO, at NANOG82: more than 100% increase in daily DDoS peak traffic in this time period; newly identified DDoS threat potential over 10 Tbps – four to five times higher than the largest current attacks reported – due to rapidly growing number of open and insecure internet services and IoT devices.

Dr. Craig Labovitz, CTO, Nokia Deepfield, said: “It is equally important for every participant in the network security ecosystem – end users, vendors, service providers, cloud builders, regulators and governments – to understand the dangers DDoS poses to the availability of internet content, applications and critical connectivity services. With this knowledge and a community commitment to solving the DDoS problem, we can go a long way towards making our networks, services and subscribers more secure.”

  • In an environment where attackers constantly leverage opportunistic resources to source their attacks, Nokia Deepfield found in the past 15 months accessibility of DDoS for hire services has increased the threat potential of the existing botnet, IoT and cloud-based attack models. 
  • The results trace the origins of most of the high-bandwidth, high-intensity (volumetric) attacks to a limited number of internet domains, finding that most global DDoS attacks (by frequency and traffic volume) originate in less than 50 hosting companies and regional providers.
  • As COVID lockdown measures were implemented in 2020, Nokia Deepfield noticed a 40-50% increase in DDoS traffic. The continued increases in intensity, frequency and sophistication of DDoS attacks have resulted in a 100% increase in the “high watermark levels” of DDoS daily peaks – from 1.5 Tbps (January 2020) to over 3 Tbps (May 2021).

The report is posted here:

https://www.nokia.com/networks/solutions/deepfield/network-intelligence-report/

Monday, June 14, 2021

Defense Info Systems Agency awards $1.8 billion contract to Cisco

The U.S. Defense Information Systems Agency awarded a contract valued at $1.8 billion to Cisco for Cisco Smart Net Total Care and Software Support Services for users across the Department of Defense.  

The period of performance is a one-year base period and two one-year option periods, for a total contract life cycle of three years. 


https://www.defense.gov/Newsroom/Contracts/Contract/Article/2657500/

Wednesday, June 2, 2021

Investment group acquires FireEye Products business for $1.2 billion

A consortium led by Symphony Technology Group (STG) will acquire the FireEye Products business, including the FireEye name, in an all-cash transaction for $1.2 billion.

The transaction, which is expected to close by the end of the fourth quarter of 2021, will separate FireEye’s network, email, endpoint, and cloud security products, along with the related security management and orchestration platform, from Mandiant’s controls-agnostic software and services.

“We believe this separation will unlock our high-growth Mandiant Solutions business and allow both organizations to better serve customers,” said FireEye Chief Executive Officer Kevin Mandia. “After closing, we will be able to concentrate exclusively on scaling our intelligence and frontline expertise through the Mandiant Advantage platform, while the FireEye Products business will be able to prioritize investment on its cloud-first security product portfolio. STG’s focus on fueling innovative market leaders in software and cybersecurity makes them an ideal partner for FireEye Products. We look forward to our relationship and collaboration on threat intelligence and expertise.”

“We are extremely impressed by the FireEye Products business and the mission critical role it plays for its customers,” said William Chisholm, Managing Partner at STG. “We believe that there is enormous untapped opportunity for the business that we are excited to crystallize by leveraging our significant security software sector experience and our market leading carve-out expertise.”

Mandiant Solutions has established its position as the market leader in threat intelligence and cybersecurity expertise from the front lines, serving enterprises, governments and law enforcement agencies worldwide. 

FireEye pioneered the advanced threat detection market with the introduction of its Multi-Vector Execution (MVX) engine for network security.

FireEye Acquires Mandiant for $1 Billion

FireEye acquired privately held Mandiant in a transaction valued at around $1 billion.  The deal consists of 21.5 million newly issued shares (NASDAQ: FEYE), options to purchase shares of FireEye stock, and approximately $106.5 million of net cash to the former Mandiant security holders. Mandiant is a leading provider of advanced endpoint security products and security incident response management solutions. It has more than two million endpoints...


Wednesday, May 12, 2021

Biden's cybersecurity order mandates zero-trust for federal networks

In the wake of recent cybersecurity incidents, notably SolarWinds, Microsoft Exchange, and Colonial Pipeline, President Biden signed an executive order aimed at improving the nation's cybersecurity posture. 

Here are the highlights:

Remove Barriers to Threat Information Sharing Between Government and the Private Sector. The Executive Order ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information. 

Modernize and Implement Stronger Cybersecurity Standards in the Federal Government. The Executive Order helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period.  The Federal government must increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.

Improve Software Supply Chain Security. The Executive Order will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. It stands up a concurrent public-private process to develop new and innovative approaches to secure software development and uses the power of Federal procurement to incentivize the market. Finally, it creates a pilot program to create an “energy star” type of label so the government – and the public at large – can quickly determine whether software was developed securely. 

Establish a Cybersecurity Safety Review Board. The Executive Order establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity. 

Create a Standard Playbook for Responding to Cyber Incidents. The Executive Order creates a standardized playbook and set of definitions for cyber incident response by federal departments and agencies. The playbook will ensure all Federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat.  The playbook will also provide the private sector with a template for its response efforts.

Improve Detection of Cybersecurity Incidents on Federal Government Networks. The Executive Order improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government.

Improve Investigative and Remediation Capabilities. The Executive Order creates cybersecurity event log requirements for federal departments and agencies. 

https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/

Tuesday, May 11, 2021

ADVA FSP 150 multi-layer demarc adds MACsec encryption

ADVA announced an upgraded FSP 150 multi-layer demarcation solution with precise timing and MACsec encryption capabilities.

The new member of the ADVA FSP 150 programmable demarcation and edge compute portfolio supports 10 Gbps MEF 3.0 Carrier Ethernet and IP services, provides precise synchronization capabilities and now features hardware-based encryption. 

“Our FSP 150-XG118Pro (CSH) provides a simple and affordable route to high-capacity Carrier Ethernet connectivity with the highest levels of data protection. Unique in our industry, this compact and cost-efficient device combines demarcation, edge compute, synchronization and encryption,” said James Buchanan, GM, Edge Cloud, ADVA. “No other single solution offers all the features of our FSP 150-XG118Pro (CSH). Straight out of the box, it delivers data encryption compliant with the strictest standards in the industry, including FIPS 140-3. Our FSP 150-XG118Pro (CSH) has multi-layer demarcation capabilities as well as precise synchronization delivery. What’s more, its edge computing capabilities and open SDN control make it a key component for industrial IoT applications.”

https://www.adva.com/en/newsroom/press-releases/20210511-adva-adds-encryption-to-flagship-10g-edge-device

Sunday, May 9, 2021

Cyber attack on U.S. fuel pipeline may be most serious to date

The Colonial Pipeline Company, the leading fuel pipeline operator in the United States responsible for transporting over 100 million gallons of fuel daily, confirmed that it is the target of a ransomware attack.

On Friday, the company was forced to take IT systems offline to contain the threat, effectively halting all pipeline operations. 

Colonial Pipeline supplies an estimated 45% of the fuel for the East Coast of the United States.

As of Sunday evening, Colonial Pipeline had not yet established a timeline for when operations would be restored.

Media reports attribute the attack to a criminal organization known as DarkSide and not a nation-state.

Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, states "We are engaged with the company and our interagency partners regarding this situation. This underscores the threat that ransomware poses to organizations regardless of size or sector. "

Thursday, April 29, 2021

Vectra AI raises $130 million for automated threat detection/response

Vectra AI, a start-up based in San Jose, California, announced $130 million in new funding for its work in automated cyber threat detection and response. The company's mission is "to see and stop threats before they become breaches."

“Over the past year, we have witnessed a continuous series of the most impactful and widespread cyberattacks in history. To protect their employees and digital assets, our customers require security solutions that are smarter than today’s adversaries and provide coverage for cloud, data centers and SaaS applications” said Hitesh Sheth, president and chief executive officer at Vectra. “As we look to the future, Blackstone’s global presence, operational resources, and in-house technology expertise will help us achieve our mission to become one of the dominant cybersecurity companies in the world.”

The new $130 funding round was led by funds managed by Blackstone Growth. This brings Vectra's total funding since inception to more than $350 million at a post-money $1.2 billion valuation.

Viral Patel, a Senior Managing Director at Blackstone, said: “Vectra has a proven ability to stop in-progress attacks in the cloud, on corporate networks, and in private data centers for some of the top organizations in the world. The company has experienced extraordinary success through its commitment to combining innovative AI technology, first-class customer service, and top talent, and Blackstone is excited to become part of the Vectra team.”

For 2020, the Vectra reported a compound annual growth rate (CAGR) exceeding 100 percent, while sales of its Cognito Detect product for Microsoft Office 365 have grown at a rate of over 700 percent. 

http://www.vectra.ai

  • Vectra AI is headed by Hitesh Sheth (president and CEO), who previously was chief operating officer at Aruba Networks. Hitesh joined Aruba from Juniper Networks, where he was EVP/GM for its switching business and before that, SVP for the Service Layer Technologies group, which included security. Prior to Juniper, Hitesh held a number of senior management positions at Cisco.

Monday, April 19, 2021

Dutch report: Huawei backdoor into KPN's mobile network

The Dutch newspaper Volksrant published a report alleging that Huawei had full access to KPN's mobile subscriber traffic as far back as 2010. 

The report states that although KPN was aware that Huawei had gained uncontrolled and unauthorized access to the core of the KPN mobile network, the company did not disclose the security threat to the public. 

The story is picked up by other leading European news media.

For its part, Huawei has denied the allegations, saying it never had access to the prime minister's phone conversations nor those of anyone else in the country. 


KPN picks Ericsson for 5G core


 KPN has awarded a five year contract to Ericsson to deploy dual-mode 5G Core software with full support services, including an accompanying systems integration program with third-line support services.

The secure cloud-native dual-mode Ericsson 5G Core will allow KPN to meet increasing data demands of customers in existing consumer markets, as well as pursue new 5G innovation opportunities in emerging enterprise segments supported by enhanced network slicing capabilities. 

Arun Bansal, President of Europe and Latin America, Ericsson, says: ”We are pleased to expand our 100-year partnership with KPN through our technology-leading 5G Core solutions. We will work closely with KPN to ensure that consumers and enterprises in the Netherlands can benefit from the emerging opportunities of 5G as it embraces digitalization. Ericsson’s cloud-native dual-mode 5G Core provides the cutting-edge, container-based, microservice architecture that will help KPN to both develop new business models as well as move onto the next level of network operational efficiency.”

Monday, April 12, 2021

Biden nominates National Cyber Director and CISA Director

 President Biden will nominate Chris Inglis as the firstNational Cyber Director and Jen Easterly as the Director of the Cybersecurity and Infrastructure Agency. 


John Chris Inglis is a former Deputy Director of the National Security Agency.

Jen Easterly is a former Army intelligence officer and currently Head of Firm Resilience and the Fusion Resilience Center at Morgan Stanley.

https://www.whitehouse.gov/

Monday, March 8, 2021

DARPA launches Data Protection in Virtual Environments

The U.S. Defense Advanced Research Projects Agency (DARPA) launched an initiative called the Data Protection in Virtual Environments (DPRIVE) program which seeks to develop a hardware accelerator for Fully Homomorphic Encryption (FHE).

Fully homomorphic encryption enables users to compute on always-encrypted data, or cryptograms. The data never needs to be decrypted, reducing the potential for cyberthreats.

DPRIVE aims to design and implement a hardware accelerator for FHE computations that is capable of drastically speeding up FHE calculations, making the technology more accessible for sensitive defense applications as well as commercial use.

DARPA has selected four teams of researchers to lead the initiative: Duality Technologies, Galois, SRI International, and Intel Federal. Each team will develop an FHE accelerator hardware and software stack that reduces the computational overhead required to make FHE calculations to a speed comparable to similar unencrypted data operations. The teams will create accelerator architectures that are flexible, scalable, and programmable, but will also explore various approaches with different native word sizes. Current standard CPUs are based on 64-bit words, which are the units of data that determine a particular processor’s design. Word size directly relates to the signal-to-noise ratio of how encrypted data is stored and processed, as well as the error generated each time an FHE calculation is processed. The selected DPRIVE research teams will explore various approaches covering a diversity of word sizes – from 64 bits to thousands of bits – to solve the challenge.

In addition, teams are exploring novel approaches to memory management, flexible data structures and programming models, and formal verification methods to ensure the FHE implementation is correct-by-design and provides confidence to the user. As the co-design of FHE algorithms, hardware, and software is critical to the successful creation of the target DPRIVE accelerator, each team is bringing varied technical expertise to the program as well as in-depth knowledge on FHE.

“We currently estimate we are about a million times slower to compute in the FHE world then we are in the plaintext world. The goal of DPRIVE is to bring FHE down to the computational speeds we see in plaintext. If we are able to achieve this goal while positioning the technology to scale, DPRIVE will have a significant impact on our ability to protect and preserve data and user privacy,” concluded Rondeau.

“Fully homomorphic encryption remains the holy grail in the quest to keep data secure while in use. Despite strong advances in trusted execution environments and other confidential computing technologies to protect data while at rest and in transit, data is unencrypted during computation, opening the possibility of potential attacks at this stage. This frequently inhibits our ability to fully share and extract the maximum value out of data. We are pleased to be chosen as a technology partner by DARPA and look forward to working with them as well as Microsoft to advance this next chapter in confidential computing and unlock the promise of fully homomorphic encryption for all,” stated Rosario Cammarota, principal engineer, Intel Labs, and principal investigator, DARPA DPRIVE program.

For its part, Intel says it plans to design an application-specific integrated circuit (ASIC) accelerator to reduce the performance overhead currently associated with fully homomorphic encryption. When fully realized, the accelerator could deliver a massive improvement in executing FHE workloads over existing CPU-driven systems, potentially reducing cryptograms’ processing time by five orders of magnitude.

With its expertise in cloud infrastructure, software stacks and fully homomorphic encryption, Microsoft will be a critical partner in accelerating the commercialization of this technology when ready, enabling free data sharing and collaboration while promoting privacy throughout the data life cycle.

“We are pleased to bring our expertise in cloud computing and homomorphic encryption to the DARPA DPRIVE program, collaborating with Intel to advance this transformative technology when ready into commercial usages that will help our customers close the last-mile gap in data confidentiality —– keeping data fully secure and private, whether in storage, transit or use,” said Dr. William Chappell, chief technology officer, Azure Global, and vice president, Mission Systems, Microsoft.


Sunday, March 7, 2021

Microsoft Exchange hit by state-sponsored hackers from China

Microsoft warned enterprises using its on-premises Exchange Server platforms of multiple 0-day exploits being used in limited and targeted attacks. The exploit does not affect Microsoft 365 or Azure Cloud deployments.

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures. HAFNIUM, which primarily targets entities in the United States across a number of industry sectors,  exfiltrates data to file sharing sites like MEGA. The group is believed to use leased virtual private servers (VPS) in the United States to launch their attacks

In the attacks observed, HAFNIUM used the newly discovered vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. 

According to media reports, the attack potentially compromised up to 30,000 organizations.

Microsoft has released out-of-band security updates to address four vulnerabilities in Exchange Server. In addition, Microsoft has released alternative mitigation techniques for Exchange Server customers who are not able to immediately apply updates that address vulnerabilities.

Separately, the U.S. Cybersecurity and Infrastructure Security Agency issued a directive requiring federal civilian departments and agencies running Microsoft Exchange on-premises products to update or disconnect the products from their networks.

In addition, the European Banking Authority confirmed that it was compromised by the attack, and that as a precautionary measure, the EBA has decided to take its email systems offline.

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/



Tuesday, February 16, 2021

Palo Alto Networks to acquire Bridgecrew

Palo Alto Networks agreed to acquire Bridgecrew, a developer-first cloud security company, for approximately $156 million in cash. 

Bridgecrew, which is based in San Francisco, is a pioneer in shift left, focusing on infrastructure as code (IaC), where infrastructure configuration is codified during development. The company’s developer-first IaC security platform offers developers and DevOps teams a systematic way to enforce infrastructure security standards throughout the development lifecycle. The proposed acquisition will enable Prisma Cloud to provide developers with security assessment and enforcement capabilities throughout the DevOps process.

Bridgecrew’s open-source IaC scanner, Checkov, has gained significant early traction with developers, surpassing 1 million downloads in 2020 — its first full year of availability. 

"Shift left security is a must-have in any cloud security platform. Developers don’t want to wait until runtime to find out their security is not working, and the CISO charged with protecting the entire organization certainly values higher security from fixing issues earlier in the development lifecycle. We are thrilled to welcome Bridgecrew, and their widely adopted and trusted developer security platform, to Palo Alto Networks. When combined, Prisma Cloud customers will benefit from having security embedded in the very foundation of their cloud infrastructure," says Nikesh Arora, chairman and CEO of Palo Alto Networks.


Styra cites rapid growth of its cloud-native Open Policy Agent authorization

Privately-held Styra, the founders of Open Policy Agent (OPA) and provides of cloud-native authorization, reported over 300 percent growth year-over-year in 2020. The company's employee headcount grew by 90% during the year.

The company said the rapid adoption of its Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services. 

In 2020, OPA was awarded graduated status from the Cloud Native Computing Foundation (CNCF) after meeting the foundation’s criteria for community growth and project adoption.  OPA downloads increased from 6 million to over 35 million in 2020.

“OPA adoption across all use cases over the last year has been phenomenal,” said Torin Sandall, vice president of open source at Styra. “We’ve seen the community grow in every measurable way. Slack and openpolicyagent.org membership and participation has more than doubled, the number of public repositories on GitHub containing .rego files has also doubled and the number of Docker image downloads has gone from 6M to over 39M. We attribute much of this growth to the efforts of the community and to the need for a robust authorization policy-as-code solution in the cloud native ecosystem.”


Open Policy Agent: Building a standard for cloud-native authorization

Here is a quick introduction to Open Policy Agent (OPA), which is now a Cloud Native Computing Foundation incubating project, and which provides an open source, general-purpose policy engine for cloud infrastructure.

The cloud-native stack is becoming so complex and distributed that a common, application autorization mechanism is necessary.

 In this video, Bill Mann, CEO of Styra, talks about how OPA is gaining momentum as the de facto approach for establishing authorization policies across cloud native environments. Styra pioneered OPA. Its founding team of Tim Hinrichs and Teemu Koponen previously played key roles in the development of software-defined networking and network virtualization at Nicira.

https://youtu.be/U-a91ylm8uw

Monday, December 21, 2020

Arista begins Attack Surface Assessment service

Arista Networks will begin offering an Attack Surface Assessment, an advanced security service delivered through the recent acquisition of Awake Security, a start-up offering a Network Detection and Response (NDR) platform. 

Arista's new offering finds threats to devices and applications known to the IT and security teams, as well as shadow IT and unmanaged infrastructure across client to campus, data center and cloud.

“Sophisticated threats are no longer reliant on traditional malware,” said Rahul Kashyap, Vice President and General Manager, Arista’s NDR Security Division. “The recent supply chain attacks have exposed gaps in security programs. This new offering reinforces our commitment to help our customers defend against Sunburst and future threats.”

For more details on Awake’s approach to detecting supply chains threats like the SolarWinds / Sunburst campaign, see the blog at

https://awakesecurity.com/blog/detecting-supply-chain-threats-like-solarwinds-sunburst/

Arista to acquire Awake Security

Arista Networks agreed to acquire Awake Security, a start-up offering a Network Detection and Response (NDR) platform. Financial terms were not disclosed.

Awake, which is based in Santa Clara, California, combines artificial intelligence (AI) with human expertise to autonomously hunt and respond to insider and external threats. The Awake platform analyzes network traffic and autonomously identifies, assesses, and processes threats. 

"We see an exciting future for Awake within the Arista family," said Rahul Kashyap, CEO for Awake Security. “Awake pioneered NDR platforms for real-time AI-driven situational awareness to secure digital assets and then respond to mitigate those risks. This acquisition allows us to further that mission.”

"We warmly welcome Awake Security to the Arista team,” stated Anshul Sadana, COO for Arista Networks. “With the proliferation of users, devices and Internet of Things (IOT), Awake’s best of breed threat detection platform is synergistic with Arista’s market leading cognitive cloud networks, delivering proactive security for our customers.”

  • In April 2020, Awake Security, raised $36 million in Series C financing led by Evolution Equity Partners with participation from Energize Ventures and Liberty Global Ventures, as well as existing investors Bain Capital Ventures and Greylock Partners. The latest investment brings Awake’s total funding to nearly $80 million and will be used to propel expansion in areas including R&D, sales and marketing to meet the growing demand for the company’s advanced network traffic analysis platform. Awake also said that it has increased its annual recurring revenue (ARR) by close to 700% and doubled its employee headcount over the past year.