EMERGING TECHNOLOGY, CYBERSECURITY
Businesswire | May 02, 2023
Veracode, a leading provider of intelligent software security solutions, today announced its attainment of State Risk and Authorization Management Program (StateRAMP).
StateRAMP offers state and local government agencies a standardized approach toward compliance to help them improve their overall security posture. Veracode obtained FedRAMP authorization in July 2022, and this week’s authorization by StateRAMP reaffirms the company’s commitment to deliver cloud-based application security software to agencies at all levels of government—federal, state, and local.
“High-profile attacks and vulnerabilities are significantly impacting the software supply chain across industries, and state and local government is no different,” said Claire Bailey, Regional Vice President of Governmental Affairs at Veracode. “Agencies need capabilities that allow them to protect the application layer. This authorization enables Veracode to support evolving state and local government security requirements. We look forward to assisting the StateRAMP mission of improving the cyber posture of public institutions and the citizens they serve.”
Veracode’s intelligent software security platform provides comprehensive application-layer protection to reduce risk in today’s dynamic threat environment. The platform supports a range of current and emerging cybersecurity requirements and best practices, including:
Securing the software supply chain through capabilities such as the generation of a Software Bills of Materials (SBOM), which provides visibility into the open-source code components that are contained in a software product Integrating security into software development from the beginning of the process (‘shifting left’) Providing a developer-friendly user experience to integrate security into the software development life cycle Supporting cloud-native development and managing risk across the application portfolio Uniting security and development teams to address cybersecurity challenges
The StateRAMP authorization enables Veracode to support state and local agencies’ cybersecurity initiatives at a time of increased risk. A shortage of skilled IT security professionals has depleted the security teams of many state agencies, and Chief Information Security Officers report risks arising from persistent malware, ransomware, and phishing attempts, according to a recent National Association of State Chief Information Officers (NASCIO) survey.
Veracode’s recent State of Software Security 2023 report revealed that, over the last 12 months, more than 74 percent of applications contained at least one security flaw. Due to variation in the types of flaws that compromise application security, security teams should use a variety of scan types to discover elusive flaws.
Bailey added, “Security teams should have confidence in the options available to secure their cyber infrastructure and make their digital landscape a safer place overall. StateRAMP makes this goal much more attainable for state and local agencies. Veracode’s platform provides a single view of an organization’s security posture and compliance via powerful reporting and analytics, restoring confidence in the digital infrastructure of agencies.”
State and local agencies can access Veracode’s comprehensive software security platform—including static analysis, software composition analysis (SCA), dynamic analysis, pipeline scanning, eLearning, container scanning, API scanning, and infrastructure as code (IaC) scanning—on the StateRAMP Marketplace.
About Veracode
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means.
Read More
EMERGING TECHNOLOGY, CYBERSECURITY
Businesswire | March 29, 2023
Trustwave Government Solutions (TGS), a Federally-focused cybersecurity provider and the wholly-owned subsidiary of Trustwave Holdings, Inc., today announced it has been awarded an expanded database security contract with the United States Patent and Trademark Office (USPTO). The expanded contract will allow USPTO to further build upon its robust Zero Trust Architecture (ZTA) with the expansion of DbProtect’s purpose-built database vulnerability management, Rights Management for advanced user rights review and Threat Monitoring.
“At USPTO, our mission to foster innovation through examination, granting high-quality patents and trademarks is crucial to American prosperity,” said Jamie Holcombe, Chief Information Officer of USPTO. “Part of our mission requires creating, deploying, and protecting the critical data in one of the world’s largest repositories of innovation which includes almost every conceivable creation for over the last 250 years. Our expanded contract with Trustwave Government Solutions is a key investment to ensure our mission is sustained in a secure way.”
As the central repository for U.S. Patent and Trademark data, actively monitoring and protecting American innovation and intellectual property data is essential to USPTO’s mission. In response, USPTO has become a pioneer in building and operationalizing Zero Trust Architecture across the five pillars of the federal Zero Trust framework: users, apps, data, networks, and devices. By providing real-time visibility of database assets, vulnerabilities, risk levels, user privileges, and anomalies, TGS will help USPTO security teams deliver on two of the five zero-trust pillars: users and data.
“USPTO is constantly at the forefront of Zero Trust Architecture innovation, and we’re thrilled to be a partner on this journey with them,” said Bill Rucker, President of Trustwave Government Solutions. “Data is at the heart of the Zero Trust conversation, and in order to operate securely today and in the future, databases need to be considered as critical assets with the appropriate security considerations applied. Gone are the days of ‘good enough’ scanning. Databases are just more important, and they should be protected at all costs.”
TGS’s Database Security offering proactively assesses threats to databases to help government entities gain visibility into the vulnerabilities in on-premises or cloud databases that could lead to a data breach. It automates the security of critical data by uncovering vulnerabilities that threat actors could exploit, limiting user access to the most sensitive data, and alerting on suspicious activities, intrusions, and policy violations. As a result, government clients can spend less time chasing database security alerts and more time on activities that drive value, like remediating risks and reducing attack surfaces.
Trustwave has been laser-focused on database security for more than 20 years and is currently protecting thousands of databases across the commercial and Federal Government spectrums. In fact, Trustwave’s DbProtect was the only database vulnerability scanner included in the original tools acquisition under the Department of Homeland Security (DHS) Continuous Diagnostic and Monitoring (CDM) program, and it is the only database security solution recognized by Marsh’s Cyber Catalyst program to have meaningful impact in reducing cyber risk by top global cyber insurers.
As the threat landscape evolves and adversaries find new ways to exfiltrate and manipulate data, the government has been finalizing Zero Trust adoption guidance to adhere to the Biden administration’s cybersecurity executive order to “advance toward Zero Trust Architecture.” USPTO is setting the example for other government entities to employ a database-specific security approach that includes continuous vulnerability and configuration assessments and remediation, database privileged access visibility and control, and continuous database activity monitoring to alert and respond to anomalous database activity.
About Trustwave
As a recognized global cyber defender that stops cyber threats all day, every day – we enable organizations and governments to conduct their business securely.
Trustwave detects threats that others can’t see, enabling us to respond quickly and protect our clients from the devastating impact of cyberattacks. We leverage our world-class team of security consultants, threat hunters and researchers, and our market-leading security operations platform to relentlessly identify and isolate threats with the right telemetry at the right time for the right response.
Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security. Our elite Trustwave SpiderLabs team provides award-winning threat research and intelligence, which is infused into Trustwave services and products to fortify cyber resilience in the age of advanced threats.
Read More
EMERGING TECHNOLOGY, CYBERSECURITY
Globenewswire | March 30, 2023
ConnectWise, the world’s leading software company dedicated to the success of IT solution providers (TSPs), is pleased to announce a new partnership with the Cybersecurity and Infrastructure Security Agency (CISA) Joint Cyber Defense Collaborative (JCDC) to enhance cybersecurity for MSPs.
The partnership aims to provide MSPs with the resources and tools necessary to strengthen their cybersecurity posture and protect their clients from cyber threats. As part of the collaboration, ConnectWise will work closely with CISA JCDC to develop new solutions and services that address the latest cybersecurity challenges faced by MSPs.
"We are thrilled to partner with CISA JCDC to help MSPs improve their cybersecurity practices," said Patrick Beggs, CISO of ConnectWise. "MSPs are on the frontlines of protecting businesses from cyber threats, and it's our responsibility to provide them with the best tools and resources to keep their clients safe."
CISA JCDC brings together experts from government, industry, and academia to collaborate on cybersecurity defense. Through this partnership, ConnectWise will have access to the latest threat intelligence, best practices, and training materials from CISA JCDC. In turn, ConnectWise will be well-positioned to share this information with MSPs to support ongoing efforts to defend against evolving cyber attacks. ConnectWise and CISA JCDC share a commitment to improving cybersecurity for businesses of all sizes, and this partnership is a significant step in achieving this goal.
The strength of ConnectWise’s leading Information Security (InfoSec) program is applied across its cyber defense practices and procedures. Ensuring a collaborative effort is in place across the digital landscape is a priority for the company; this partnership demonstrates their commitment to InfoSec principles and how it allows MSPs to connect with confidence.
About ConnectWise
ConnectWise is the world's leading software company dedicated to the success of IT solution providers (TSPs) through unmatched software, services, community, and marketplace of integrations. ConnectWise offers an innovative, integrated, and security-centric platform—Asio™—which provides unmatched flexibility that fuels profitable, long-term growth for partners. ConnectWise enables TSPs to drive business efficiency with automation, IT documentation, and data management capabilities and increase revenue with remote monitoring, cybersecurity, and backup and disaster recovery technologies.
About the Joint Cyber Defense Collaborative (JCDC)
Pursuant to new authority from Congress, the Cybersecurity and Infrastructure Security Agency (CISA) established JCDC in August 2021 to transform traditional public-private partnerships into real-time private-public operational collaboration and shift the paradigm from reacting to threats and vulnerabilities to proactively planning and taking steps to mitigate them. JCDC combines the visibility, insight, and innovation of the private sector with the capabilities and authorities of the federal cyber ecosystem to collectively drive down cyber risk to the nation at scale.
Read More