Accurics Terrascan, Sophos XDR Solution, & API Security Need to Know – ESW #227

"By integrating Cortex XSOAR with the XM Cyber platform, security analysts can receive additional contextual information if an incident should be prioritized because it could be used to create an attack path toward a critical asset. The XM Cyber platform also generates incidents if there is a dramatic change in the company’s security posture,"

"So what is a security team to do when they are faced with a situation where a security researcher has found vulnerabilities in your business-critical applications. You have 90 days, and the clock is ticking. The answer – shift left while you shield right. "

"Cycode protects DevOps tools such as source control management systems, build systems, registries and cloud infrastructure. The solution addresses multiple layers of security, including access and authorization, security configurations, compliance and scanning engines. This enables customers to identify code tampering, code leakage, hardcoded secrets, Infrastructure as Code (IaC) misconfigurations, excess privileges and more, all from a single platform."

"HelpSystems announced today the acquisition of Beyond Security, a global leader in vulnerability assessment and management software. Beyond Security’s cloud-based products enable hundreds of organizations to easily scan their growing, complex environments for network or application vulnerabilities. The team and solutions from Beyond Security will fit into HelpSystems’ popular infrastructure protection portfolio featuring Digital Defense, Core Security, and Cobalt Strike."

"Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code (IaC), now integrates with the Argo Project. This integration, coupled with the new Terrascan admission controller feature to enforce CNCF’s Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach. Argo, an open source GitOps engine for Kubernetes, synchronizes Kubernetes clusters, making it easier to specify, schedule and coordinate the running of complex workflows and applications on Kubernetes."

So many organizations need this: "Eliminating API discovery surprises: API Sentinel integrates with your network infrastructure from the edge to the data center to ingress controllers, providing 360 degree visibility and helping eliminate surprise discoveries of APIs deployed outside of a defined process."

"The Security24 offering enables organizations to protect sensitive emails and attachments at scale. Sensitive emails and attachments can be automatically protected based on security policies with no user intervention or protected manually by users. Protecting sensitive data when shared or stored in the cloud mitigates the threat of losing it."

“Having served mission critical clients like the Department of Defense (DOD) and Department of Energy (DOE), we’ve seen the tremendous value of a crowdsourced, cyber-offensive capability for the most critically important sectors. Deploying the world’s best ethical hackers to help secure the power grid is simply the best way to stay ahead of the growing threat from cyber criminals and nation-state adversaries.”

"The service organization model employed by groups such as DarkSide is an important trend in ransomware activities that are meant to maintain at least some level of decency making as much money as possible. For example, they do not target certain industries and services such as healthcare. While not specifically targeted toward bringing down critical infrastructure, these attacks are a wake-up call for organizations with related supply chains."

"Cyberinc delivers intelligent remote browser isolation (RBI) technology that gives administrators granular control that enables them to minimize risk without impeding user productivity."

Stop saying ONLY: "Sophos XDR, the industry’s only extended detection and response (XDR) solution that synchronises native endpoint, server, firewall and e-mail security"