This new function offers secure access to corporate applications and external SaaS through a virtual browser.

TOKYO (PRWEB) SEPTEMBER 28, 2022 Internet Initiative Japan Inc. (TSE Prime: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, announced to add a new remote browser isolation function, "Browser Isolation" to the zero-trust network access (ZTNA) (\*) service, "Safous", which is mainly available for users in the U.S and Asia and will be available starting today.

The Safous platform is a zero-trust remote access service that provides application-level control over corporate applications and external software as a service (SaaS) access from a remote environment. This optional Browser Isolation function is Safous' proprietary, sandbox-based virtual browser that allows users to access applications and SaaS virtually, eliminating browser-based threats and providing more secure access.

"Kasm Technologies is honored to provide Kasm Workspaces remote browser isolation, our web-native secure remote access and DevOps-enabled container streaming technology, to Safous’ Browser Isolation function. Browser Isolation is an industry-leading, cost-effective, and secure browser-based remote access solution,” stated Justin Travis, Co-founder and CEO of Kasm Technologies.

ZTNA is a zero-trust solution that provides seamless and secure remote access to internal applications. Instead of authenticating at the boundaries of the enterprise network, authentication is performed through a trusted broker system each time an application is accessed.

More companies have started using SaaS in recent years, including powerhouses like Microsoft 365 and Google Workspace, due to the popularization of hybrid work. Unfortunately, these cloud-based systems are critical targets for attackers. In several reported cases, company networks are infected with malware and ransomware through a remote environment, causing a data breach and the suspension of business operations.

Because the browser and network on the terminal side are not secure in remote environments – and are potentially infected with malware already – the need to access internal data from remote environments securely has become a more urgent issue for companies. To solve this problem, Browser Isolation protects the terminal from browser-based threats and securely controls file manipulation when users access SaaS or corporate applications from a remote environment.

One of the benefits of utilizing virtual browsers is that they defend corporate networks from risky websites. Browser Isolation provides a virtual browser that allows users to access business applications and external SaaS applications securely – even if their PCs are vulnerable. This function also prohibits users from downloading and executing malicious files that come from email, eliminating the threat of intrusion through the internet. Website content is streamed to user browsers, allowing them to access any web application safely.

Companies also benefit from enhanced protection of sensitive data with the Browser Isolation function. Browser Isolation allows individual users to control file uploads and downloads centrally, and sensitive data is accessed through the virtual browser to prevent data breaches. Additionally, downloaded data and access history are deleted at the end of each session to ensure security.

With the release of Browser Isolation, Safous is introducing a new “Advanced'' pricing tier. This tier includes everything the “Standard” and “Standard Plus” packages offers, including multi-factor authentication, external account linkage, flexible policy settings, and more – plus, Safous’ new, advanced Browser Isolation function. For more information about pricing and the features included in each tier, please visit https://www.safous.com/pricing.

**About IIJ**  
Founded in 1992, IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers. IIJ and its group companies provide total network solutions that mainly cater to high-end corporate customers. IIJ's services include high-quality Internet connectivity services, system integration, cloud computing services, security services and mobile services. Moreover, IIJ has built one of the largest Internet backbone networks in Japan that is connected to the United States, the United Kingdom and Asia. IIJ was listed on the Prime Market of the Tokyo Stock Exchange in 2022. For more information about IIJ, visit the official website: https://www.iij.ad.jp/en/.

The statements within this release contain forward-looking statements about our future plans that involve risk and uncertainty. These statements may differ materially from actual future events or results.

Safous Adds Browser Isolation to Its Zero-Trust Network Access Service

Security service provider selects cybersecurity training platform to safeguard enterprises in LATAM.

SANTA CLARA, Calif., September 27, 2022 -- CybeReady, provider of the world’s fastest security training platform, today announced the partnership with corporate security service provider ICE-LA (Israel Cybersecurity Enterprise Latin America) with the goal to implement its Autonomous Cybersecurity Training Platform throughout Latin America.

“Cybercrime increased in volume during the pandemic and has not abated,” noted KPMG report, A Triple Threat Across the Americas. “Companies surveyed report rises in frequency of various kinds of attacks, with phishing (cited by 44%), scamming (33%), malware (22%), and ransomware (20%), growing challenges for many. Overall, 79 percent of respondents saw growth in at least one of the types of attacks covered in the survey.”

Israel Cybersecurity Enterprise (ICE) Latin America is a high-level strategic consultancy that works with organizations to proactively build their cyber resilience and better respond to cyber-attacks within their networks. The company provides services, training, and local support throughout Latin America, leveraging a team of seasoned professionals with extensive cybersecurity experience in the field.

“In addition to sophisticated cybersecurity defenses, incident response, and cyber crisis management services, automated training processes are now a necessary part of any organization’s proactive defenses against a successful attack,” said Nathan Levy, CEO, of Israel Cybersecurity Enterprise. “As cyber-threats in Latin America mirror attacks occurring around the world, we are pleased to partner with CybeReady in our efforts to prepare business customers against these highly disruptive and costly situations.”

“Our partnership with ICE allows security officers across LATAM to easily implement a security awareness program that drives change and builds a security-minded culture quickly and effectively,” said Eitan Fogel, CybeReady’s CEO “We look forward to growing our business in these new regions and bringing our fully-automated platform to more enterprises – reducing the overall cyber risk from human-related factors.”

CybeReady’s fully-managed security training platform helps partners like ICE to guarantee the industry’s fastest risk mitigation – multiplying business customer security and safety. The platform operates 365 days a year, creating a continuous security culture and elevating the security awareness practice to that of other security solutions that operate year-round. With security teams often overloaded today with a nearly insurmountable number of tasks, CybeReady eases the training burden by providing everything needed to expedite training out-of-the box.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Israel Cybersecurity Enterprise (ICE) Teams with CybeReady to Deliver World-Class Security Training

Expedited software patching and updating recognized as one of the most important processes to protect against system compromise from cyberattacks.

South Bend, IN (September 27, 2022) – Aunalytics, a leading data management and analytics company delivering managed IT and data platform services for mid-sized and enterprise businesses, today initiated its Security Patching Platform, Co-managed Patching as a Service to complement the company’s Advanced Security solution suite. Windows OS and supported 3rd party patch management allow for tighter security in the defense against cyberattacks and the new offering ensures active remediation.

According to a 2022 Data Breach Investigations Report by Verizon, around 70 percent of successful cyberattacks exploited known vulnerabilities with available patches, making it important to update operating systems and applications regularly to prevent such attacks. Now, Aunalytics’ new technology as a service includes the tools, structure, strategy and intelligence for managing patch deployment and is a complete solution with best practices, templates, libraries, and built-in alert thresholds.

Lack of security patching leads to vulnerabilities within an organization’s information systems, internal controls, or system processes, which can then be exploited by cybercriminals. Using a collection of tools, cyber attackers use the vulnerability to gain unauthorized access to corporate systems and data. Identifying and resolving vulnerabilities is very important since a successful exploit can lead to a full-scale system breach.

Workstation and server application patching ensures that organizations have baseline protection against the latest security vulnerabilities, preventing such attacks before they occur. However, patching can be difficult to manage and update in real-time as software fixes are published on an ongoing basis. Setting up and coordinating manual patching across an organization can be extremely cumbersome, taking days to organize, schedule, and execute across an entire company.

McKinsey cites good patch management as a top proactive maintenance measure that can help organizations prevent cyberattacks. However, knowing the priority level for patch installment can be confusing and lead to poor patch management as a result. Enlisting the help of a partner to employ security patching best-practices can add true value to many organizations. Aunalytics patch detection, download, and installment methods are developed considering each client's security and uptime requirements and prioritized in order of threat potential. Aunalytics’ experienced security patching team proactively monitors for updates, eliminating worry for end users and server administrators.

As part of the new service, users gain access to comprehensive security solutions with customized alerting and vulnerability prioritization, leveraging proprietary solutions and processes. The platform facilitates collaboration between IT and security teams and includes the following capabilities:

• Inventory and performance management and proactive alerting  
• Patch deployment control strategy, prioritization, planning  
• Patch vetting and blacklisting intelligence  
• Windows Operating System patch management  
• Supported 3rd Party Patch Management  
• Anti-Malware  
• DNS-based Malware Protection  
• Device Encryption Management  
• Innovative management tool library

“Security patch exploits can have extremely damaging effects on an organization, decreasing revenues or causing reputational damage, making it imperative to have security patching in place,” said Chris Nicholson, Vice President of Managed IT Services. “Aunalytics’ Security Patching Platform services allow for the rapid resolution of these concerns to maintain the highest levels of cyber-resiliency.”

**About Aunalytics**  
Aunalytics is a leading data management and analytics company delivering Insights-as-a-Service for mid-sized businesses and enterprises. Selected for the prestigious Inc. 5000 list for two consecutive years as one of the nation’s fastest growing companies, Aunalytics offers managed IT services and managed analytics services, private cloud services, and a private cloud-native data platform for data management and analytics. The platform is built for universal data access, advanced analytics and AI -- unifying distributed data silos into a single source of truth for highly accurate, actionable business information. Its DaybreakTM industry intelligent data mart combined with the power of the Aunalytics data platform provides industry-specific data models with built-in queries and AI for accurate mission-critical insights. To solve the talent gap that so many mid-sized businesses and enterprises located in secondary markets face, through its side-by-side digital transformation model, Aunalytics provides the technical talent needed for data management and analytics success in addition to its innovative technologies and tools. To learn more contact us at +1 855-799-DATA or visit Aunalytics at http://www.aunalytics.com or on Twitter and LinkedIn.

Aunalytics Launches Security Patching Platform as a Service

Companies collaborate to strengthen organizations' first line of security defense – end users.

ATLANTA, Sept. 27, 2022 /PRNewswire/ -- Veristor Systems, Inc., a trusted provider of transformative business technology solutions, and SANS Security Awareness, the global leader in providing security awareness training, today announce that Veristor has become a certified provider of SANS Security Awareness' comprehensive suite of products to enable a data-driven approach to cybersecurity training for an organization's end users.

"Researchers from Stanford University found that as much as 88% of all data breaches are caused by an employee mistake," said Daniel Martin, Principal Security Consultant, vCISO, Veristor. "This shows that end users are the most critical vulnerability gap in today's enterprise. Yet if properly trained, they can also be the most resilient security defense – a human firewall. Together with the experts from SANS Security Awareness we are helping customers guard their environments with an army of well-trained employees. With proven training to spot and act when suspicious activity arises, users can take an active role in preventing the growing wave of cyberattacks."

The SANS Security Awareness suite of dynamic multilingual computer-based training, games, phishing simulations, and engagement materials teach vital security behaviors to effectively manage human cyber risk. With different training styles to match different corporate cultures, employee comprehension levels, and learning preferences, SANS Security Awareness training equips workforces to recognize and prevent current cyberattacks, including work-from-home threats. The platform delivers valuable metrics to measure the effectiveness of each program, and customization features to tailor training to meet specific organizational needs."

With some groups requiring even greater specialized training, in addition to addressing core human behavior risk topics, SANS Security Awareness also offers secure development and coding techniques, understanding NERC CIP compliance requirements, and handling Industrial Control Systems (ICS) incidents.

"We are very pleased to be partnering with the cybersecurity experts at Veristor to provide the SANS Security Awareness program to their customers," said Brad Stilling, Director of Global Sales for SANS Security Awareness. "Regular awareness training is an essential activity for organizations looking to ensure security and compliance. When employees feel informed and empowered to recognize and address cyber risks, they can protect the organization. With SANS Security Awareness, Veristor customers are now better positioned to detect and prevent cyber-attacks."

For organizations starting their awareness training journey, Veristor delivers a SANS Human Risk Insight assessment to identify program cost reductions, eliminate unneeded staff training, and create risk metrics to baseline and benchmark an organization's human cyber risk. Request a pre-assessment consultation here.

The SANS Security Awareness training solutions are now offered as a part of Veristor's suite of security solutions that are designed to solve business challenges through the intelligent application of next-generation security technology. For more information visit: https://veristor.com/it-security/.

**About Veristor Systems, Inc.**

Veristor, which recently announced a merger with Anexinet, is a leading provider of transformative business technology solutions that helps its customers accelerate the time-to-value for the software, infrastructure and systems they deploy. We do this by harnessing deep expertise in today's most advanced data center, security, networking, hybrid cloud, and big data technologies and guiding businesses to the right solutions for their most pressing challenges. And with a full suite of design, deployment, support, and managed service offerings, we work shoulder-to-shoulder with our customers at every step of their technology journey to make technology truly work for them. IT's just who we are. Learn more at veristor.com.

**About SANS Security Awareness**

SANS Security Awareness provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their human cybersecurity risk. SANS Security Awareness has worked with over 1,300 organizations and trained over 6.5 million people around the world. The SANS Security Awareness program offers globally relevant, expert authored tools and training to enable individuals to shield their organization from attacks and a fleet of savvy guides and resources to work with you every step of the way. To learn more, visit www.sans.org/security-awareness-training

_SOURCE Veristor Systems, Inc._

Veristor Partners with SANS Security Awareness to Deliver Employee Security Awareness Training

Joint phishing intelligence solution provides 360-degree mobile communication defense.

LAS VEGAS, Sept. 27, 2022 /PRNewswire/ -- YouMail, the leading provider of call protection services for consumers, enterprises, and service providers, and WMC Global, a 16-year leader in mobile threat intelligence, today announced their joint cybersecurity intelligence solution that safeguards against voice and SMS phishing scams. The partnership between YouMail and WMC Global is a first-of-its-kind offering that protects brands and their customers simultaneously from vishing and smishing attacks.

Mobile phones are the center of consumers' digital lives with 97% of Americans owning smart phones and threat actors knowingly targeting them with spam and scam SMS and voice calls. The combination of YouMail voice & vishing protection and WMC Global SMS & smishing protection services act as two sides of the mobile fraud disruption coin, enabling enterprises plagued by threat actors impersonating them and phishing consumers to mitigate these risks and improve their effectiveness at preventing fraud and serving their customers.

YouMail Protective Services, the enterprise services division of YouMail, classifies, monitors and disrupts threat actors using voice to target consumers for both impersonated brands and voice service providers that are unwillingly serving as the conduits for these phone-based attacks.

"With this marriage of voice and SMS protection, enterprises like banks now have a powerful weapon against threat actors using mobile phishing attacks against their customers," said Alex Quilici, CEO of YouMail. "Our specialized voice protection, coupled with WMC Global's suite of anti-phishing SMS safeguards, solves a complicated industry issue that affects brand reputation and millions of mobile users."

Focusing on threat actor phishing kits, compromised credential recovery, mobile number investigations and takedowns, and consumer text message analysis, WMC Global's Anti-Phishing Suite analyzes, classifies, and disarms mobile threats before a victim's personal data is exploited.

"Partnering with YouMail to develop this joint offering was the next logical step in our fight against unwanted messaging and malicious phishing attacks on consumers' mobile devices," said Ian Matthews, CEO of WMC Global. "Our specific combination of services effectively helps telecoms uncover unlawful calls and texts made on their networks, prevents brand impersonation, and protects their customers from potential identity theft."

Learn more at https://www.youmailps.com and https://www.wmcglobal.com

**About YouMail, Inc.**

YouMail protects consumers, enterprises, and service providers from harmful phone calls. YouMail protects over 11 million registered consumers with app-based call protection services in the US and the UK, with the YouMail, Another Number, and Hullo Mail apps. YouMail protects consumer-facing enterprises by detecting and helping to shut down imposter traffic that can lead to financial or brand damage while working with voice service providers to mitigate unlawful communications in their networks. YouMail also operates the YouMail Robocall Index™, the nation's definitive source on telephone network activity and attacks. YouMail, Inc. is privately funded and based in Irvine, California. For more information, follow YouMail on Twitter and LinkedIn.

**About WMC Global**

WMC Global is a market leader in digital threat intelligence, enhanced by a team of threat hunters that are experts at understanding SMS phishing and the toolkits that criminals devise to make their attacks possible. WMC Global is the most trusted digital compliance firm in North America, having partnered with all Tier 1 mobile carriers for the past 16 years. The WMC Global portfolio is at the forefront of fighting malicious text messages, eradicating phishing attacks, stopping cyber criminals from targeting large brands, financial institutions, and governments, and monitoring consumer experiences for industry compliance. WMC Global provides its partners with proprietary data feeds of phishing attacks (including live phishing kits), threat response and takedown services, automated partner due diligence, and customer experience monitoring. WMC Global headquarters are located in Fairfax, VA, with offices in London, UK and Sydney, AU. For more information, follow WMC Global on Twitter and LinkedIn.

YouMail, Inc. and WMC Global Partner to Deliver Voice and SMS Phishing Disruption Services

Settling for 'satisfactory' level of readiness may underestimate growing levels of risk.

DOWNERS GROVE, Ill, Sept. 27, 2022 /PRNewswire/ -- Fortifying cybersecurity defenses remains a work in progress for many organizations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, new research from CompTIA, the nonprofit association for the information technology (IT) industry and workforce, reveals.

"Risk mitigation is the key, the filter through which everything should be viewed."

A majority of organizations in every region feel that their cybersecurity is satisfactory, but a much smaller number rank the situation as “completely satisfactory.” Nearly everyone feels that there is room for improvement, with some cases more dire than others. (Source: CompTIA “State of Cybersecurity”)

While a majority of respondents in each of seven geographic regions\[1\] feels that their company's cybersecurity is satisfactory, CompTIA's "State of Cybersecurity" shows that a much smaller number rank the situation as "completely satisfactory." Nearly everyone feels that there is room for improvement.

"Companies are aware of the threats they face and the potential consequences of an attack or breach," said Seth Robinson, vice president, industry research, CompTIA. "But they may be underestimating their exposure and how much they need to invest in cybersecurity. Risk mitigation is the key, the filter through which everything should be viewed."

Two of the top three issues driving cybersecurity considerations are the growing volume of cybercriminals, cited by 48% of respondents, and the growing variety of cyberattacks (45%). Additionally, ransomware and phishing have quickly become major areas of concern as digital operations have increased and human error has proven more costly.

"Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cybersecurity, but this poses significant challenges, both tactically and financially," Robinson said. "As IT operations and strategy have grown more complex, so has the management of cybersecurity."

As cybersecurity is more tightly integrated with business objectives, zero trust is the overarching policy that should be guiding modern efforts, though its adoption will not take place overnight because it requires a drastically different way of thinking and acting. The report suggests there is small progress in recognizing a holistic zero trust approach, but better progress in adopting some elements that are part of an overarching zero trust policy. Multifactor authentication is in place at 46% of companies and cloud workload governance at 41%. Among other changes in organizations' approach to cybersecurity:

43% of companies have placed a higher priority on incident response,

39% are deploying a more diverse set of technology tools, with SaaS monitoring and management tools making a substantial jump in adoption,

38% are increasing their focus on process improvements,

37% are shifting to more proactive measures, and

36% are expanding employee education.

Adopting a total zero-trust philosophy, including setting specific, strategic objectives will address many problems companies face. But there are substantial hurdles to overcome, such as closing the communications gap that exists between the technology and business sides of organizations. The overall rate of business staff participation is too low for a business-critical function. Nearly half (47%) of small businesses have the CEO or owner as part of the cybersecurity chain compared to 37% of mid-sized firms and 27% of large enterprises. In addition, companies are struggling to address technical skill needs, such as threat knowledge, network security and data analysis.

CompTIA's "State of Cybersecurity" report is based on a Q3 2022 survey of technology and business professionals involved in cybersecurity. There were 500 respondents from the U.S. and 125 from each of six other regions around the world. The full report is available at https://insights.comptia.org/2022-state-of-cybersecurity-it-pro/p/1.

**About CompTIA**

The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world's economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for unlocking the potential of the tech industry and its workforce. https://www.comptia.org/

\[1\] Australia/New Zealand, ASEAN, Benelux, Canada, Germany, United Kingdom and United States

Organizations Finding the Need for New Approaches on the Cybersecurity Front, CompTIA research reveals

The chip giant has developed new features and services to make it tougher for malicious hackers and insiders to access sensitive data from applications in the cloud.

INTEL INNOVATION 2022 -- San Jose, Calif. — Intel has announced new hardware and software features for Project Amber, a confidential computing service that interlaces hardware and software to attest and certify the trustworthiness of data, at its Innovation developer summit this week.

The enhancements include features to protect data from the time it leaves the system and is in transit, in use, or at rest in storage.

"This is a fundamental technology that Intel has been developing for years. The place where it's going to be the most important is in AI/ML models ... to make sure when you're running a model on the edge, it's not being pilfered, it's not being stolen, it's not being manipulated," said Intel CTO Greg Lavender during his Wednesday keynote.

Data is traveling farther when outside the data center, with multiple stopovers, until it reaches cloud services or completes a round trip to enterprise infrastructure. Information from sources like sensors are added as data moves along a telecom network, with stopovers and artificial intelligence (AI) chips ensuring only relevant data moves ahead.

Project Amber uses hardware and software techniques to verify that the packets of data and its origin device are trustworthy. That layer of trust between devices and waypoints when data is in transit is a form of assurance that a company's infrastructure and execution environment are secure, says Anil Rao, Microsoft vice president for systems architecture and engineering in the office of CTO.

"Gone are the days where the central hubs are simply the data movers," Rao says. "They're not simple data movers. They're intelligent data movers."

The confidential computing offering is important for an enterprise mixing its own datasets with information from third parties to strengthen AI learning models. Project Amber provides a way to ensure that data is coming from trusted sources, Rao says.

**Secure Enclaves**

Project Amber adds a stronger lockdown mechanism to protect data while it is being processed. The Trust Domain Execution (TDX) instructions, which are on the company's upcoming 4th Generation Xeon Scalable processor, can secure an entire virtual machine as a trusted enclave.

The data is locked down so even hypervisors — which manage and monitor virtual machines — can't peek into the confidential computing environment.

"Your application will still do a virtual machine entry and exit call, but during those calls the data is still encrypted," Rao says.

Today's computing environment in the cloud is built around virtual machines, and applications don't run directly off processors, says Steve Leibson, principal analyst at Tirias Research.

"When we ran on processors, we didn't need attestation because nobody was going to alter a Xeon. But a virtual machine — that's just software. You can alter it," Leibson says. "Attestation is trying to provide the same sort of rigidity to software machines as silicon does for hardware processors."

TDX is bigger in scope than Secure Guard Extensions (SGX), which is a secure area in the memory in which to push, run, and operate code. SGX, a common feature on Intel chips, is also a part of Project Amber.

Intel's Rao compares the scope of TDX and SGX to hotel rooms. If TDX was a trusted boundary in the form of a secure hotel room, SGX was a secure locker inside the hotel room.

Project Amber allows data to enter secure enclaves after matching numerical codes issued by Amber engines. If the codes match, data can enter the secure enclave; if not, entry is denied because data could have been altered, modified, or hacked in transit.

"It's almost like you're giving somebody your VIN number and saying, 'Is this the authentic VIN number for my car or has someone done something hanky-panky with that thing?'" Rao says.

Intel will also provide customers the ability to define their own policies to create a trusted execution environment.

"You may want to process everything in an East Coast data center versus a West Coast," Rao says. "What Amber says is that here is exactly what it is — your code did not pass the policy."

**Protection in the Clouds**

Amber will support multiple cloud service providers, but Intel didn't provide specific details.

"We want to make it multicloud so you don't need to have a different attestation mechanism as an enterprise when you go to different clouds," Rao says.

There are hundreds of millions of processors from Intel in data centers around the world, and bad actors have an established ability to break into servers and steal secrets, Tirias' Leibson says.

"It's a cat-and-mouse game, and Intel is constantly trying to develop new ways to prevent the bad guys from breaking into the servers and stealing secrets," Leibson says. "And it goes all the way from script kiddies, to teenagers who are just hacking around, to state-sponsored sites."

At some point, one has to think about protecting data in use, in motion, and in storage. Project Amber was thus inevitable, especially with computing moving farther away from homegrown infrastructure to the cloud, Leibson says.

Project Amber is still in the pilot phase as Intel gears the technology for computing models adopted by verticals. The chipmaker is working with research company Leidos to use Project Amber in the healthcare sector, which has many types of devices and sensors spread over large geographies and requires attestation to ensure systems receive only trustworthy data.

Intel Hardens Confidential Computing With Project Amber Updates

REDWOOD CITY, Calif., Sept. 27, 2022 /PRNewswire/ -- Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today announced the latest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams. New enhancements include development support on the most recent Mac computers, and improved secrets management usability through automation, intended to reduce development time and increase visibility.

According to a 2022 Crowdstrike report, 80% of cyber attacks involve stolen credentials, and in late 2021 Gartner listed managing machine identities as one of the top five cybersecurity and risk trends. Delinea strives to reduce the risk of using hardcoded credentials in applications and services by instead dynamically injecting secure credentials with Just-in-Time access from DevOps Secrets Vault.

Expanded Support for developers on Macs

With added support for the M1 chip, developers coding on the latest Macs can now benefit from using DevOps Secrets Vault's command line interface (CLI) and the DSV Engine (an agent supporting database dynamic secrets) as part of their toolset. Building upon its focus on seamless usability, Delinea continues to reduce friction that commonly arises when securing sensitive secrets and credentials, especially in fast-paced DevOps environments.

Continual interface improvements reduce friction for DevOps teams

Both the CLI and graphical interface receive continual usability and flexibility enhancements, allowing developers to work seamlessly in their preferred interface with their preferred tools while helping organizations decrease the risk of compromised credentials.

New features added to both interfaces include:

Expanded support for Security Information and Event Management (SIEM) functionality

A certified Ansible plugin for use on Ansible Automation Hub

Enhanced authentication methods

"The exponential growth of machine identities as applications are modernized and architected as micro-services continues to place organizations at increased risk," said Jason Michell, SVP of Engineering at Delinea. "Delinea's ongoing focus on making security seamless for developers is reflected in these recent enhancements, enabling them to use DevOps Secrets Vault to dynamically insert credentials in their code, in line with security best practices."

Organizations can try DevOps Secrets Vault for free at https://delinea.com/products/devops-secrets-management-vault.

**About Delinea**

Delinea is a leading provider of privileged access management (PAM) solutions that make security seamless for the modern, hybrid enterprise. Our solutions empower organizations to secure critical data, devices, code, and cloud infrastructure to help reduce risk, ensure compliance, and simplify security. Delinea removes complexity and defines the boundaries of access for thousands of customers worldwide. Our customers range from small businesses to the world's largest financial institutions, intelligence agencies, and critical infrastructure companies. Learn more about Delinea on LinkedIn, Twitter, and YouTube.

Latest Delinea Update Streamlines DevOps Security

KnowBe4's Compliance Audit Readiness Assessment (CARA) now addresses select requirements from HIPAA Security Rule.

TAMPA BAY, Fla., Sept. 27, 2022 /PRNewswire/ -- KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today launched a new version of its Compliance Audit Readiness Assessment (CARA) that now covers select requirements for the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to address healthcare privacy requirements.

Healthcare organizations around the world continue to inadequately protect sensitive protected health information (PHI). Between 2009 and 2021, 4,419 healthcare data breaches of 500 or more records have been reported to the U.S. Health and Human Services' (HHS) Office for Civil Rights. Those breaches have resulted in the loss, theft, exposure or impermissible disclosure of 314,063,186 healthcare records.

CARA is a complimentary, web-based tool that helps organizations assess their readiness for meeting compliance requirements. With this new version, IT and security professionals are guided through specific select requirements from the Health Insurance Portability and Accountability Act (HIPAA) Security Rule outlined by HHS. CARA asks security professionals to rate their readiness for each requirement and then provides an analysis of the results to help them define the controls they need in place before a compliance audit.

"Accessing confidential patient data is the cybercriminal's equivalent to discovering buried treasure, but it happens far more often than imaginable due to antiquated healthcare systems and security practices," said Stu Sjouwerman, CEO, KnowBe4. "Security professionals are overwhelmed with trying to comply with all of the healthcare security requirements through HIPAA. Our CARA tool now has the capability to help healthcare organizations become better prepared for compliance requirements related to the HIPAA Security Rule. This refreshed tool goes a long way towards simplifying the process of getting healthcare organizations adequately equipped for compliance audits."

The HIPAA Security Rule contains the standards to safeguard and protect electronically created, accessed, processed or stored PHI. The rule applies to any organization or system that has access to confidential patient data.

For more information on CARA, visit https://www.knowbe4.com/compliance-audit-readiness-assessment.

**About KnowBe4**  
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 52,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

KnowBe4 Simplifies Compliance Requirements for Healthcare Privacy

Combination of two companies to help SAP customers streamline audit, compliance and control processes.

DALLAS, Sept. 27, 2022 /PRNewswire/ -- Pathlock, the leading provider of application security and controls automation for critical business applications, today announced the acquisition of Grey Monarch, a UK-based specialist SAP Partner dedicated to SAP Process Automation. The acquisition will strengthen Pathlock's vision of providing the industry's most complete 360-degree platform for application security and controls automation for the SAP ecosystem.

Since 2008, Grey Monarch has developed expertise in SAP Security, Segregation of Duties, SAP Licence Optimization, SAP Background Processing Automation and Secure Managed File Transfer. With this acquisition, the SAP community will benefit from the very best SAP Process Automation advice, implementation skills, and software and training capabilities, improving levels of security, enhancing their users' experience and streamlining audit, compliance and control procedures.

"It's now more imperative than ever for organizations to utilize a holistic view of user access and privileges so they can be managed, monitored and controlled to ensure the maximum protection of data, business processes and intellectual property," said David Lloyd, Director and Co-Founder, Grey Monarch. "Combining Grey Monarch's capabilities with the Pathlock family of expertise, resources and product portfolio will provide our customers, existing and new, with an unsurpassed visibility into their business applications."

"We're thrilled to complete the acquisition of Grey Monarch," said Piyush Pandey, CEO of Pathlock. "We continue to see a strong demand for our globally recognized application security and controls automation solutions, and know that with Grey Monarch's specialization in SAP process automation we can continue to enable our global customers to revolutionize the way they secure their sensitive financial and customer data."

In May 2022, Pathlock announced a $200M capital raise sponsored by Vertica Capital Partners alongside a merger with Appsian and Security Weaver and the acquisition of Belgium-based CSI Tools and Germany-based SAST SOLUTIONS. The company has successfully doubled in size in terms of revenue and employees and is now servicing over 1,400 customers across all major industries on a global scale with offices across the United States, Belgium, the UK, Germany, Israel and India.

**About Pathlock**

Pathlock is the leader in application security and controls automation. With Pathlock, enterprises can manage all aspects of access governance via a single platform, across applications, including user provisioning, ongoing User Access Reviews, segregation of duties, control testing, and audit preparation. Today, many of the world's most respected, global 2000 companies rely on Pathlock to protect their critical digital assets from financial, operational, regulatory and security threats, ensure corporate compliance and improve performance. Our customers have saved millions in employee productivity, labor costs, audit fees and data loss prevention.

Source

DARKReading