Cybersecurity
Business Wire | September 12, 2023
Semperis, a pioneer in identity-driven cyber resilience, and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced a partnership. Under the agreement, Carahsoft will serve as Semperis’ Public Sector Distributor, making the company’s industry-leading identity resilience platform available to the Public Sector through Carahsoft’s reseller partners and National Association of State Procurement Officials (NASPO) ValuePoint, National Cooperative Purchasing Alliance (NCPA), and OMNIA Partners contracts.
Active Directory (AD) and Azure AD (now Entra ID), used by 90% of organizations worldwide to authenticate and access critical applications and services, are under sustained attack in the Public Sector by numerous threat actors. The Semperis and Carahsoft partnership will accelerate delivery of comprehensive identity threat detection and response (ITDR) solutions for protecting hybrid AD environments across U.S. Public Sector entities.
“Our partnership with Carahsoft will further expand adoption of our identity-first security solutions designed to help Federal, State and Local Government agencies protect their critical identity systems from ransomware and other directory-related attacks,” said Jared Vichengrad, Vice President, Public Sector at Semperis. “We are excited to join Carahsoft’s trusted partner network of Government IT solution providers to prevent, detect and mitigate proliferating identity attacks that are disrupting operations in the Public Sector.”
Identity-related attacks on Public Sector entities are intensifying in scale and severity amidst an expanding digital attack surface and increasingly sophisticated attack techniques. Verizon’s 2023 DBIR reveals that from November 1, 2021, through October 31, 2022, public administration entities faced 3,273 incidents—and of those, 584 with confirmed data disclosure.
The Public Sector is a high-value target for cyber criminals who seek to disrupt State and Local Governments, schools and public utilities in record numbers. These attacks can steal or encrypt data, disturb services and jeopardize public safety. Public Sector organizations are particularly vulnerable to AD attacks because of legacy infrastructure, lack of identity security expertise and limited resources. With a multi-layered defense approach that spans the identity attack lifecycle, Semperis offers the industry’s most comprehensive security and recovery solutions for hybrid AD environments, combined with deep incident response expertise.
“We are thrilled to partner with Semperis and our reseller network to offer its identity resilience platform, provide advanced ITDR solutions and protect Public Sector customers’ hybrid AD systems from attacks,” said Brian O’Donnell, Vice President of Cybersecurity solutions at Carahsoft. “We repeatedly see how vital it is to prevent bad actors from infiltrating Government systems and how having the right solutions on board can make a significant impact in remediation. We are committed helping Public Sector organizations get access to Semperis solutions to safeguard citizens’ data and facilitate uninterrupted Public Sector services.”
Semperis’ technology and services are available through Carahsoft’s NASPO ValuePoint Master Agreement #AR2472, NCPA Contract NCPA01-86, and OMNIA Partners Contract #R191902. For more information, contact the Semperis team at Carahsoft at (703) 889-9808 or Semperis@carahsoft.com.
The dedicated Cybersecurity team at Carahsoft specializes in providing Federal, State and Local Government agencies and Education and Healthcare organizations with security solutions to safeguard their cyber ecosystem. To learn more about Carahsoft’s Cybersecurity solutions, visit www.carahsoft.com/solve/cybersecurity.
About Carahsoft
Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider®, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator® for our vendor partners, we deliver solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and Engagement, and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles.
About Semperis
For security teams charged with defending hybrid and multi-cloud environments, Semperis ensures the integrity and availability of critical enterprise directory services at every step in the cyber kill chain and cuts recovery time by 90%. Purpose-built for securing hybrid Active Directory environments, Semperis’ patented technology protects over 50 million identities from cyberattacks, data breaches, and operational errors. The world’s leading organizations trust Semperis to spot directory vulnerabilities, intercept cyberattacks in progress, and quickly recover from ransomware and other data integrity emergencies. Semperis is headquartered in Hoboken, New Jersey, and operates internationally, with its research and development team distributed throughout the United States, Canada, and Israel.
Read More
Emerging Technology, Cybersecurity
PR Newswire | August 18, 2023
Axiad, a leading provider of organization-wide passwordless orchestration, today announced a new Unified Credential Management System (UCMS) package calledPasswordless for Air Gapped and Critical Environmentsto meet the phishing-resistant requirements of The White House Executive Order (EO) 14028. This package brings passwordless authentication and end user self-service capabilities to air gapped and critical infrastructure environments that integrate Microsoft Security solutions. Overall, the package helps government agencies as well as critical infrastructure and defense industrial base (DIB) organizations maximize security and end-user acceptance and minimize security overhead.
In the United States, critical infrastructure systems continue to be a top target for cybercriminals. In fact,Microsoft reportedthat critical infrastructure cyberattacks doubled in 2022 from 20% to 40% of nation-state-sponsored attacks. Because of this, the U.S. government, via EO 14028 on improving the nation's cybersecurity, has mandated security measures, including strong passwordless multi-factor authentication (MFA), for government agencies and is strongly recommending the use of this technology for critical infrastructure.
In response to this growing need, Axiad's Passwordless for Air Gapped and Critical Environments provides a seamless way for organizations to integrate government-grade, phishing-resistant passwordless authentication as well as key functional and operational support into on-premises air gapped environments.
The new package provides full interoperation with a range of Microsoft products – including Microsoft Active Directory Federation Services and Microsoft Certificate Authority – to ensure authentication is highly secure and consistent and customers get maximum value out of their existing environments. Additionally, it provides credential management and self-service credential enrollment and account recovery (CEAR), which are critical capabilities due to the high costs or the complete lack of on-site IT support in air gapped environments.
"Organizations with air gapped and critical infrastructure environments need passwordless authentication and a range of physical and platform authenticators to help prevent cyber-attacks," said Jerome Becquart, chief operating officer at Axiad. "With this new package, Axiad is the first company to provide all these elements plus the critical missing ingredient – self-service authentication management, including enrollment and account recovery – and bring them to the on-premises Microsoft ecosystem."
Axiad's Passwordless for Air Gapped and Critical Environments provides the following unique capabilities:
Strong Authentication:The package provides government-grade FIPS 140 validated passwordless authentication with the flexibility needed to accommodate the full range of needs of employees, contractors, vendors and suppliers. For example, it offers a range of passwordless options, including both physical (YubiKeys, smart cards, PIV cards, USB keys, etc.) and platform (virtual smart cards).
Powerful Self-Service Capabilities:Axiad AirLock, which provides help desk automation by eliminating temporary passwords, provides self-service credential enrollment, and Axiad MyCircle provides self-service account recovery within a trusted circle of colleagues rather than waiting for the help desk to respond – both of which help to increase operational efficiencies for frontline workers and reduce IT costs.
Ready Implementation:The package's architecture is made to operate in air gapped environments and to seamlessly interoperate with existing authentication and infrastructure investments without requiring upgrades. This package fully leverages and extends the life of Microsoft authentication (e.g., Microsoft Active Directory) and infrastructure (e.g., Microsoft Windows Server) investments.
"Axiad's integration with Microsoft empowers critical infrastructure, government and defense industrial base to easily upgrade their existing Microsoft on-premises infrastructure to become passwordless," said Ehud Itshaki, principal product manager at Microsoft. "With phishing-resistant, passwordless authentication, they can enhance their security posture and comply with the recent EO mandating phishing-resistant MFA – all while getting more out of their existing Microsoft authentication and infrastructure investments."
About Axiad
Axiad delivers organization-wide passwordless orchestration to secure people, machines, and interactions for enterprise and public sector organizations that must optimize their cybersecurity posture while navigating underlying IT complexity. The company's flagship product, Axiad Cloud, is a comprehensive, secure and integrated authentication platform that allows customers to move to a passwordless future without the friction and risk of fragmented solutions. Axiad supports the widest range of credentials in the industry including FIDO, mobile MFA, Windows Hello for Business, YubiKeys, smart cards, TPM and biometrics, and is trusted by public sector organizations and Fortune 500 companies across aerospace & defense, financial services, insurance, healthcare, oil & energy and more.
For more information visitaxiad.comand follow us onTwitterandLinkedIn.
Read More
Cybersecurity
PR Newswire | September 01, 2023
Aquia Inc., a Service-Disabled Veteran-Owned Small Business (SDVOSB) specializing in cloud and cybersecurity professional services, today announced it has been awarded a subcontract from Omni Federal to support its 3-year contract with the United States Department of Defense's (DoD's) Platform One Cloud Native Access Point (CNAP).
CNAP is a cloud-based enterprise security framework with a zero trust architecture core that enables collaboration across the DoD landscape. The solution allows for simplified access to Amazon Web Services (AWS) GovCloud (IL 2/4/5) environments through a device-based zero trust approach to access. The platform removes the need for additional Virtual Private Networks (VPNs), Non-Classified Internet Protocol Router Network (NIPRNet) routing, and Defense Information Systems Agency Cloud Access Point (DISA CAP). It also enables the United States Air Force (USAF) to continue to advance its zero trust maturity, aligning with the cybersecurity executive order (EO) 14028 and federal and DoD zero trust strategies.
"We feel privileged to support Platform One's CNAP team as they spearhead the transformation of cybersecurity practices within the U.S. government," said Savannah Burke, associate security engineer, Aquia. "During my time at AWS, I provided guidance and technical insight on cloud best practices to enterprise customers, and I look forward to bringing that expertise to the United States Air Force."
This effort is one of several of Aquia's projects supporting Platform One services. Aquia also supports Platform One's Party Bus and Big Bang teams.
About Aquia Inc.
Aquia Inc. is a developer-centric company passionate about the intersection of security and velocity. We maintain a strong bias towards transformational work that disrupts the status quo — delivering elegant, modern solutions to cutting-edge cybersecurity problems.
Founded by military veterans in 2021, we are a Service-Disabled, Veteran-Owned Small Business (SDVOSB). Our team has decades of experience driving transformational change across the public sector, enterprise businesses, and top-tier technology companies.
Read More