EMERGING TECHNOLOGY, CYBERSECURITY
Trustwave | March 06, 2023
Trustwave Government Solutions, a global security leader in managed security services and the wholly-owned subsidiary of Trustwave Holdings, Inc., recently announced it has expanded its managed security services by becoming a partner of Palo Alto Network Cortex® XMDR Specialization.
Trustwave Government Solutions joins a select group of channel partners who have met operational capabilities, business requirements, sales enablement, technical, and specialization exams. The Cortex XMDR Specialization will allow TGS to combine response solutions with their managed services offerings and the power of best-in-class Cortex XDR™ detection. It will further help customers simplify security operations center (SOC) operations worldwide and rapidly mitigate cyber threats.
TGS replicated its award-winning Trustwave MDR into AWS GovCloud. With Palo Alto Networks' Cortex XDR-certified and Trustwave SpiderLabs' threat intelligence, TGS provides comprehensive detection and response. Additionally, as an XMDR Specialization partner, it offers 24/7 certified SOC analysts. The partnership combines TGS's analysts, processes, and support with Palo Alto Networks' security products for comprehensive threat visibility and response.
President of Trustwave Government Solutions, Bill Rucker, said, "We are thrilled to be expanding our managed security services collaboration with Palo Alto Networks to bring a whole new level of protection to government institutions," He also said, "This achievement confirms our commitment to providing our clients with next-generation security technology and services and offering the first-ever managed detection and response (MDR) service specifically built for the rigorous requirements of the federal government."
(Source – BusinessWire)
Trustwave is one of the global leaders in managed security services (MSS) and managed detection and response (MDR). Based in Chicago (Illinois) it enables, organizations and governments to conduct business securely. With over 2,000 world-class security professionals operating on behalf of clients through 96 countries, the company helps organizations worldwide detect and respond to threats around the clock in the hybrid multi-cloud world. Elite Trustwave services and products are infused with award-winning threat research and intelligence from Trustwave SpiderLabs to strengthen cyber resilience in the age of advanced threats.
EMERGING TECHNOLOGY, CYBERSECURITY
PR Newswire | May 23, 2023
OnSolve, a leading critical event management provider that enables organizations to mitigate physical threats and remain agile when a crisis strikes, today announced its Federal Risk and Authorization Management Program (FedRAMP) authorization, certifying its technology has successfully gone through a rigorous review and assessment process to meet stringent federally defined standards. With the news, OnSolve continues to offer federal agencies cloud-based, secure technology to keep them ahead of risk and streamline communication during a disruption or crisis.
"Government agencies are facing significant challenges from a dynamic risk landscape and need secure technology to help them mitigate all manner of threats," said OnSolve Chief Executive Officer Mark Herrington. "Our recent Global Risk Impact report found staggering increases across infrastructure, severe weather and transportation threats. Today's news reinforces our commitment to helping the public sector navigate this complexity and keep people, places and property as safe as possible."
FedRAMP authorization enables the federal government to accelerate the adoption of cloud-based vendors by creating transparent standards and processes for security authorizations, including a C-level security evaluation from the Department of Defense, the General Services Administration and the Department of Homeland Security. By achieving FedRAMP authorization, the public sector can rapidly deploy the OnSolve Platform at a time when physical threats are rapidly increasing, helping agencies strengthen their security posture and mitigate the impact of threats to their people and assets. Federal agencies will continue to use the OnSolve Platform to securely manage risks, communicate quickly and activate crisis teams from any location. OnSolve can be found on the FedRAMP Marketplace here.
"Government agencies have a duty to protect their employees and the missions they serve from physical threats that are becoming increasingly common," said Dustin Radtke, CTO, OnSolve. "There is a clear sense of urgency to support the public sector with secure solutions that keep organizations agile and resilient in today's dynamic threat landscape. Increasing the adoption of a solution like the OnSolve Platform will save lives, protect critical infrastructure and enable operational agility. We remain committed to deepening our partnerships within the public sector."
OnSolve's public sector customer base includes over 40 percent of authorized Integrated Public Alert & Warning Systems (IPAWS) authorities, cities and counties, 250 utility agencies and 50 federal agencies. Whether a severe weather event, natural disaster or power outage, the OnSolve Platform detects and shares timely updates on public safety emergencies and other public threats, with multi-modal delivery options including mobile, text, email, phone, social media and more.
OnSolve's recent release of the 2023 Global Risk Impact Report identifies three rising threats across the U.S. Infrastructure and technology failures (+807%), transportation accidents (+296%) and extreme weather (+42%) increased significantly in 2022 when compared to 2021. To read the 2023 OnSolve Global Risk Impact report, please visit www.onsolve.com/GRI.
OnSolve is a leading critical event management provider that proactively mitigates physical threats, allowing organizations to remain agile when a crisis strikes. Using the most trusted expertise and reliable AI-powered risk intelligence, critical communications and incident management technology, the OnSolve Platform enables enterprises, SMB organizations and all levels of government to detect, anticipate and mitigate physical threats that impact their people, places and property.
With billions of alerts sent annually and proven support for both the public and private sectors, OnSolve is used by thousands of entities to save lives, protect communities, safeguard critical infrastructure and enable agility for the organizations that power our economy. For more information, please visit www.onsolve.com.
Businesswire | May 30, 2023
Tidelift, a provider of solutions for improving the security and resilience of the open source software powering modern applications, today announced that it has been awarded three U.S. government contracts worth over $3.5 million, and is expanding its public sector organization in response to increased demand for innovative solutions that help the U.S. government improve its cybersecurity supply chain risk management (C-SCRM) capabilities.
High-profile software supply chain vulnerabilities including Log4Shell and SolarWinds have dramatically increased attention on the need for improved software security, both in the public sector and beyond. In the U.S., this effort began in May, 2021 with White House Executive Order 14028: Improving the Nation’s Cybersecurity, and since then a variety of policy and legislative initiatives around cybersecurity have gained traction.
In September, 2022, the U.S. government’s Office of Management and Budget released memorandum M-22-18 on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. M-22-18 formalizes the guidance provided in the NIST Secure Software Development Framework and NIST Software Supply Chain Security Guidance documents as the government requirements for developing secure software, and mandates federal government agencies comply with these guidelines.
This memorandum sets aggressive deadlines for compliance with specific dates for both government agencies and organizations selling software to the government to comply with NIST guidelines. Among other stipulations, it requires that any organization selling software to the government must self-attest that their software is compliant with the NIST SSDF by June 2023 for critical software or by September 2023 for all other software.
More recently, the National Cybersecurity Strategy sets a new precedent for software security liability, with the government intending to hold software producers liable for damages caused by preventable security vulnerabilities and offer liability protections to organizations that can show they follow secure software development practices.
Tidelift awarded three U.S. government contracts worth over $3.5 million
In addition to efforts like those mentioned above, the U.S. government is increasingly investing directly in improving open source software security. Tidelift was recently awarded three separate innovation research awards as part of the U.S. government SBIR program. The SBIR program is designed to help U.S.-based businesses invest in their technical potential, while stimulating technology innovation and meeting specific research and development needs.
Through these SBIR Phase II awards, Tidelift is working with the Department of the Air Force and the Defense Advanced Research Projects Agency (DARPA) to help spur innovation in the systems and processes the U.S. government uses to improve open source software security and cybersecurity supply chain risk management. This investment will help Tidelift expand its industry-leading open source software management solution, including increasing its ability to partner with even more open source maintainers to validate their components meet important security, maintenance, and licensing standards required by government and industry users, and pay these maintainers for this critical work.
It will also help the U.S. government better address the requirements and deadlines emerging from Executive Order 14028, memorandum M-22-18, and the NIST Secure Software Development Framework, especially when it comes to the open source components in use in government applications. Tidelift is also helping address new requirements around software bills of materials (SBOMs) that U.S. government agencies are beginning to understand, interpret, plan for, and deploy. Along with Tidelift producing an SBOM from every application build, the company is actively working upstream with open source maintainers to validate and improve security, maintenance, and licensing metadata for their projects and capture this data using the TACOS (Trusted Attestation and Compliance for Open Source) attestation framework.
"The United States Air Force, and the Government as a whole, are among the largest consumers of open source software. With the increasing requirements around Software Supply Chain Risk Management (SCRM) and Software Bills of Materials (SBOM) initiatives, we are excited to partner with Tidelift to enhance cybersecurity resilience outcomes for open source software dependencies that support our most critical work," said Robert "Devo" DeVincent, Chief Software Officer, Air Force 309th Software Engineering Group.
Tidelift expands public sector organization to meet growing demand
Tidelift has named Matthew Arnow, a long-time veteran of Tidelift, to lead the newly expanded public sector team. Matthew heads up the team with extensive experience working with government and public sector clients.
“Tidelift looks forward to working more closely with our government and public sector customers and prospects to improve the resilience of our mission-critical open source infrastructure,” said Matthew Arnow, head of public sector for Tidelift. “Our unique approach of working directly with the maintainers behind thousands of important open source projects will help public sector customers comply with U.S. government security directives and meet necessary government and industry standards.”
Tidelift partners with Carahsoft to support public sector expansion
Tidelift has also partnered with Carahsoft, the leading government reseller partner, to help more quickly and effectively address the number of large public sector opportunities.
“Over the past year, we’ve seen increased demand from our customers for solutions that help improve open source software security and supply chain resilience,” said Natalie Gregory, vice president, Carahsoft. “We look forward to working with Tidelift and our reseller partners to deliver open source software supply chain risk management solutions to our government customers.”
Tidelift, a 2022 Gartner Cool Vendor, helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers the tools, data, and strategies powering an inclusive and organization-wide approach to improving the health and security of the open source software supply chain. Tidelift enables organizations to move fast and stay safe when building applications with open source, so they can create more incredible software, even faster. https://tidelift.com/