Prnewswire | April 26, 2023
Second Front Systems, a public-benefit software company focused on accelerating the delivery of mission-critical software-as-a-service (SaaS) solutions to government, is collaborating with Snowflake to offer a comprehensive DevSecOps capability to organizations serving the U.S. Department of Defense (DoD) and Intelligence Community markets.
"Second Front™ is proud to be partnering with Snowflake, the leader in the data cloud industry. This collaboration expands the impact of both company's solutions and positions us to jointly enable secure, streamlined delivery of innovative technology to the DoD, Intelligence Community, and beyond," said Tyler Sweatt, Chief Revenue Officer of Second Front. "By combining components of Data Cloud and the Game Warden® platform, SaaS companies can leverage a best-in-breed offering that positions them for both initial adoption and long-term success with the federal government."
Snowflake enables every organization to mobilize their data with Snowflake's Data Cloud. Customers use the Data Cloud to unite siloed data, discover and securely share data, and execute diverse analytic workloads. Wherever data or users live, Snowflake delivers a single data experience that spans multiple clouds and geographies.
"Snowflake is excited to be collaborating with our partner and mission-driven innovator, Second Front. Our combined technologies create a unique solution that better serves the federal government by reducing friction around access to and adoption of cutting-edge technologies," said Winston Chang, Snowflake's Global Public Sector CTO. "Working directly with Second Front on this DevSecOps initiative positions Snowflake to continue enabling data as a strategic asset in a variety of relevant national defense workloads."
Second Front will continue to expand its partnerships with other defense innovation enablers like Snowflake, AWS, and Carahsoft in order to provide our commercial customers the best available solutions for delivery to the DoD and Intelligence Community market.
About Second Front Systems
Second Front Systems (2F) fast-tracks government access to disruptive, commercially-proven software as a service (SaaS) applications for national security missions. Leading software providers—ranging from publicly traded defense contractors to startups—and government agencies trust 2F's Game Warden DevSecOps platform and secure cloud hosting environment to accelerate their delivery and harness the cloud revolution at scale. Founded by former U.S. Marines, this public benefit, venture-backed software company is driven by firsthand experience of the dangers outdated technology poses in combat. For more information, visit https://secondfront.com/
Snowflake enables every organization to mobilize their data with Snowflake's Data Cloud. Customers use the Data Cloud to unite siloed data, discover and securely share data, and execute diverse analytic workloads. Wherever data or users live, Snowflake delivers a single data experience that spans multiple clouds and geographies. Thousands of customers across many industries, including 573 of the 2022 Forbes Global 2000 (G2K) as of January 31, 2023, use Snowflake Data Cloud to power their businesses. Learn more at snowflake.com.
Businesswire | May 30, 2023
Tidelift, a provider of solutions for improving the security and resilience of the open source software powering modern applications, today announced that it has been awarded three U.S. government contracts worth over $3.5 million, and is expanding its public sector organization in response to increased demand for innovative solutions that help the U.S. government improve its cybersecurity supply chain risk management (C-SCRM) capabilities.
High-profile software supply chain vulnerabilities including Log4Shell and SolarWinds have dramatically increased attention on the need for improved software security, both in the public sector and beyond. In the U.S., this effort began in May, 2021 with White House Executive Order 14028: Improving the Nation’s Cybersecurity, and since then a variety of policy and legislative initiatives around cybersecurity have gained traction.
In September, 2022, the U.S. government’s Office of Management and Budget released memorandum M-22-18 on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. M-22-18 formalizes the guidance provided in the NIST Secure Software Development Framework and NIST Software Supply Chain Security Guidance documents as the government requirements for developing secure software, and mandates federal government agencies comply with these guidelines.
This memorandum sets aggressive deadlines for compliance with specific dates for both government agencies and organizations selling software to the government to comply with NIST guidelines. Among other stipulations, it requires that any organization selling software to the government must self-attest that their software is compliant with the NIST SSDF by June 2023 for critical software or by September 2023 for all other software.
More recently, the National Cybersecurity Strategy sets a new precedent for software security liability, with the government intending to hold software producers liable for damages caused by preventable security vulnerabilities and offer liability protections to organizations that can show they follow secure software development practices.
Tidelift awarded three U.S. government contracts worth over $3.5 million
In addition to efforts like those mentioned above, the U.S. government is increasingly investing directly in improving open source software security. Tidelift was recently awarded three separate innovation research awards as part of the U.S. government SBIR program. The SBIR program is designed to help U.S.-based businesses invest in their technical potential, while stimulating technology innovation and meeting specific research and development needs.
Through these SBIR Phase II awards, Tidelift is working with the Department of the Air Force and the Defense Advanced Research Projects Agency (DARPA) to help spur innovation in the systems and processes the U.S. government uses to improve open source software security and cybersecurity supply chain risk management. This investment will help Tidelift expand its industry-leading open source software management solution, including increasing its ability to partner with even more open source maintainers to validate their components meet important security, maintenance, and licensing standards required by government and industry users, and pay these maintainers for this critical work.
It will also help the U.S. government better address the requirements and deadlines emerging from Executive Order 14028, memorandum M-22-18, and the NIST Secure Software Development Framework, especially when it comes to the open source components in use in government applications. Tidelift is also helping address new requirements around software bills of materials (SBOMs) that U.S. government agencies are beginning to understand, interpret, plan for, and deploy. Along with Tidelift producing an SBOM from every application build, the company is actively working upstream with open source maintainers to validate and improve security, maintenance, and licensing metadata for their projects and capture this data using the TACOS (Trusted Attestation and Compliance for Open Source) attestation framework.
"The United States Air Force, and the Government as a whole, are among the largest consumers of open source software. With the increasing requirements around Software Supply Chain Risk Management (SCRM) and Software Bills of Materials (SBOM) initiatives, we are excited to partner with Tidelift to enhance cybersecurity resilience outcomes for open source software dependencies that support our most critical work," said Robert "Devo" DeVincent, Chief Software Officer, Air Force 309th Software Engineering Group.
Tidelift expands public sector organization to meet growing demand
Tidelift has named Matthew Arnow, a long-time veteran of Tidelift, to lead the newly expanded public sector team. Matthew heads up the team with extensive experience working with government and public sector clients.
“Tidelift looks forward to working more closely with our government and public sector customers and prospects to improve the resilience of our mission-critical open source infrastructure,” said Matthew Arnow, head of public sector for Tidelift. “Our unique approach of working directly with the maintainers behind thousands of important open source projects will help public sector customers comply with U.S. government security directives and meet necessary government and industry standards.”
Tidelift partners with Carahsoft to support public sector expansion
Tidelift has also partnered with Carahsoft, the leading government reseller partner, to help more quickly and effectively address the number of large public sector opportunities.
“Over the past year, we’ve seen increased demand from our customers for solutions that help improve open source software security and supply chain resilience,” said Natalie Gregory, vice president, Carahsoft. “We look forward to working with Tidelift and our reseller partners to deliver open source software supply chain risk management solutions to our government customers.”
Tidelift, a 2022 Gartner Cool Vendor, helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers the tools, data, and strategies powering an inclusive and organization-wide approach to improving the health and security of the open source software supply chain. Tidelift enables organizations to move fast and stay safe when building applications with open source, so they can create more incredible software, even faster. https://tidelift.com/
EMERGING TECHNOLOGY, CYBERSECURITY
Prnewswire | April 20, 2023
Cynamics, the AI-driven cybersecurity company, is partnering with Merlin Cyber to bring its novel, sample-based network detection and response (NDR) solution to the rapidly expanding US federal government market.
A new subsidiary launched with Merlin, Cynamics Federal, will be wholly dedicated to bringing this NDR solution to the federal market, helping US government agencies safeguard critical and sensitive information from ever-growing threats.
Working closely with US government agencies, Cynamics last month identified a new range of critical vulnerabilities within current protection layers. These findings, along with Cynamics' state-of-the-art proven NDR technologies, will be showcased at the RSA conference on April 24-27 in San Francisco.
"Cynamics has already been working closely with government agencies across the US, and we are excited to introduce our low-touch, built-for-scale NDR solution to the federal government in cooperation with Merlin Cyber," said Eyal Elyashiv, CEO and Founder of Cynamics.
Analogous to the accuracy of taking a blood sample, Cynamics' cloud-based solution collects less than 1% of network flow samples and uses its AI technologies to provide 100% network coverage and threat prediction for any network size and environment.
Recently, Gartner highlighted Cynamics as an NDR "emerging vendor" leveraging packet sampling as a new data-collection approach. This unique method discovers network blind spots, exposes potential backdoors, identifies anomalous behavior, and enables quick and straightforward remediation. According to Elyashiv, no other solution currently has this capability while being built-to-scale for the US federal government and the largest and most complicated networks in the world.
The solution is deployed in a frictionless way within minutes, without installing a single appliance or agent, and begins to deliver valuable insights within hours from onboarding, using only network metadata and without collecting, processing, or analyzing any sensitive or private information, which is a key advantage for the federal audience. This vastly reduces supply chain vulnerabilities.
Cynamics has hundreds of clients across the public and private sectors, of different domains, sizes, and geographies. Deep cyber expertise is not required to use and manage the solution, which makes the technology easier for government agencies to deploy.
Casting light on a little-known vulnerability, Elyashiv said that the fact that legacy mDNS (multicast DNS) and LLMNR (Link-Local Multicast Name Resolution) are used to resolve hostnames to IP addresses, by sending highly vulnerable multicast messages across local networks, enabled sophisticated attackers to map out the networks and infect them more effectively.
"Cynamics' solution offers state-of-the-art protection quickly and with surgical precision for the most valuable assets in our network," said Jad Al-Bijaly, Information Technology and Cybersecurity Manager for Guilford County, North Carolina, a trusted Cynamics customer. Other customers include the cities of Rocky Mount, Urbandale, Saratoga Springs, and others.
According to Gartner, in 2022, "the industries with the most interest in NDR continued to be the government and finance industries."
Having generated more than $4 billion in contracts to date, Merlin Cyber partners with industry-recognized companies as well as startups, seeing them through all stages of their development and go-to-market execution. Merlin Ventures, the investment arm of Merlin Group, invests most of its capital in startups from Israel, a global hub of innovation in the cybersecurity sector, accelerating them from seed to scale.
"The partnership with Cynamics reflects Merlin's commitment to providing a gateway for the most promising global cybersecurity startups to help protect America's critical digital infrastructure," said Seth Spergel, Managing Partner of Merlin Ventures. "We've been tracking the success of Cynamics and are proud to join as both an investor and a partner in helping to bring their solutions to market. Their AI-based network detection and response solution is unique and ideal for how large government networks are architected."
About Merlin Cyber
Merlin Cyber is the go-to-market arm of Merlin Group, a powerful ecosystem of cybersecurity investment, technical expertise, and partner growth acceleration with 25 years of experience working with the US government. Through Merlin Cyber, federal civilian, defense, state, local and education customers access innovative, public sector-ready cybersecurity solutions that meet government requirements and mission priorities. Merlin does this by selectively partnering with best-in-class cybersecurity brands, investing in visionary emerging technologies, accelerating partner growth, and enabling the US government to successfully keep ahead of today's critical threats, accelerate modernization initiatives, and defend our nation. Learn more at merlincyber.com
Cynamics is the only Next Generation (NG) Cloud Network Detection and Response (NDR) solution on the market today using standard sampling protocols built-in to every gateway, patented algorithms, as well as AI and Machine Learning, to provide threat prediction and visibility at speed and scale. Built to protect networks of all sizes and complexity, its highly scalable approach discovers threats missed by competitors and provides clients and partners with an elite defense against cyberattacks, with little-to-no burden on their resources. To learn more visit: https://www.cynamics.ai/