CISA

Verkada Establishes Federal Advisory Board, Continues to Build on Offerings for Government Customers

Retrieved on: 
Thursday, March 14, 2024
CISA, Federation, Philosophy, Trust, General Services Administration, FedRAMP, Legislation, Navy, Special Operations Command, Congress, Commissioner, Coalition, SAN, Bureau, Software, AWS, NASA, USSOCOM, EFA, Senate, Federal, HQ, Intelligence, Georgetown University, Data, MacDill Air Force Base, Student, Commission, FED, Computer security, Public sector, Engineering, CRI, Government, Entrepreneurship, School, FIPS, Office of Legislative Affairs, Administration

SAN MATEO, Calif., March 14, 2024 /PRNewswire/ -- Verkada, a pioneer in cloud-based physical security solutions, today announced the appointment of four leaders to its newly formed Federal Advisory Board. The board, which brings together experts with extensive experience across the public sector, will provide counsel to Verkada as it continues to expand its product offering for the Federal Government. Board members include: Kiersten Todt, former Chief of Staff of the Cybersecurity and Infrastructure Security Agency (CISA); Vice Admiral Timothy Szymanski (Retired), former Deputy Commander of United States Special Operations Command; Dan Mathews, former Commissioner of the US Public Buildings Service; and Robert Efrus, Founder and CEO of federal consulting firm, Efrus Federal Advisors LLC.

Key Points: 
  • The board, which brings together experts with extensive experience across the public sector, will provide counsel to Verkada as it continues to expand its product offering for the Federal Government.
  • Today, Verkada offers Federal Government-Grade models that are FIPS 140-2 validated, and, earlier this month, announced FIPS cameras, and visitor management solution Verkada Guest, are supported in AWS GovCloud .
  • "Our approach to building has always been first to deeply understand the needs of our customers," said Filip Kaliszan, Co-Founder and CEO at Verkada.
  • "Our new Federal Advisory Board is critical to helping us continue to do that in a thoughtful way when it comes to engineering our products for the evolving needs of federal customers."

Linux Foundation and US Government to Host "6G Innovation Day" at ONE Summit in Silicon Valley on Open Source, Open RAN and AI Efforts

Retrieved on: 
Wednesday, March 13, 2024
DISA, CISA, Commercialization, National Science Foundation, DHS, Internet of things, SAN, National Security Agency, Telstra, NTIA, AI, Session, NIST, NSF, NSA, Linux, LFN, Security, OUSD, Defense Information Systems Agency, Linux Foundation, Fragmentation, Medical device

SAN FRANCISCO, March 13, 2024 /PRNewswire/ -- Linux Foundation Networking (LFN) , the de-facto collaboration ecosystem for Open Source Networking projects, has announced OpenGovCon 6G Innovation Day , taking place Wednesday, May 1 in San Jose, Calif., co-located with Open Networking & Edge (ONE) Summit 2024.

Key Points: 
  • SAN FRANCISCO, March 13, 2024 /PRNewswire/ -- Linux Foundation Networking (LFN) , the de-facto collaboration ecosystem for Open Source Networking projects, has announced OpenGovCon 6G Innovation Day , taking place Wednesday, May 1 in San Jose, Calif., co-located with Open Networking & Edge (ONE) Summit 2024.
  • 6G Innovation Day is a focused experience built to accelerate and harmonize various networking and edge initiatives across public-private domains through roundtable discussions, lightning talks, and hands-on experiences.
  • "We are pleased to gather thought leaders from across US government agencies & commercial partners working to advance Open RAN and AI," said Arpit Joshipura, general manager, Networking, Edge and IoT, the Linux Foundation.
  • "Looking towards NextG through the lens of Open RAN and AI, it's imperative we work together to ensure secure infrastructure and agile development."

63% of Known Vulnerabilities Tracked by CISA are on Healthcare Organization Networks, Claroty's Team82 Finds

Retrieved on: 
Tuesday, March 12, 2024
Probability, Diagnosis, Failure, Research, CISA, Conference, Risk management, CPS, Medicine, MRI, Health, National Vulnerability Database, Internet of things, Patient, Hospital, Health care, Wi-Fi, Computer security, EPSS, Defibrillation, Oss, NVD, Pump, Medical device

NEW YORK and ORLANDO, Fla. , March 12, 2024 /PRNewswire/ -- Claroty, the cyber-physical systems (CPS) protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning data about the security of medical devices connected to healthcare organization networks such as hospitals and clinics. The State of CPS Security Report: Healthcare 2023 discovered a staggering 63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) on these networks, and that 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one KEV.

Key Points: 
  • Vulnerabilities and implementation weaknesses frequently surface in Team82's research, and a direct line can be drawn to potentially negative patient outcomes in each of these cases.
  • "However, the increase in connectivity requires proper network architecture and an understanding of the exposure to attackers that it introduces.
  • Healthcare organizations and their security partners must develop policies and strategies that stress the need for resilient medical devices and systems that can withstand intrusions.
  • The State of CPS Security Report: Healthcare 2023 is a snapshot of healthcare cybersecurity trends, medical device vulnerabilities, and incidents observed and analyzed by Team82, Claroty's threat research team, and our data scientists.

Security Journey Releases Secure Coding Training Program Guide to Address Industry Needs and Regulatory Requirements

Retrieved on: 
Wednesday, March 6, 2024
Workload, Holocene, Guide, CISA, Research, Culture, White, Walking, Organization, Security (finance), Face, Medical device

Pittsburgh, PA, March 06, 2024 (GLOBE NEWSWIRE) -- Today, best-in-class application security education company, Security Journey, releases its Ideal Secure Coding Training Program Guide to support organizations in building out a long-term, sustainable approach to application security.

Key Points: 
  • Pittsburgh, PA, March 06, 2024 (GLOBE NEWSWIRE) -- Today, best-in-class application security education company, Security Journey, releases its Ideal Secure Coding Training Program Guide to support organizations in building out a long-term, sustainable approach to application security.
  • The 14-page, 7 step Guide shares actionable best practices for planning, implementing, and maintaining an effective secure code training program, complete with guidance around gaining executive buy-in and utilizing gamification.
  • The Guide also includes sample training plans, purpose-built to help admins ensure their program delivers quick impact on knowledge gain and proof of compliance and eases their workload.
  • This Program Guide is designed to make the commitment to a continuous training program pain-free so that organizations can quickly improve skills and foster a culture of security awareness.”
    Topics covered in the Guide include:

Tenable Introduces Groundbreaking Visibility Across IT, OT and IoT Domains to Fully Illuminate Attack Vectors and Risks

Retrieved on: 
Thursday, February 29, 2024
HVAC, Security agency, Research, CISA, SVP, Georg Wilhelm Friedrich Hegel, Internet of things, Risk, NSA, OT, Organization, FBI, Environment

It is the first and only exposure management platform that provides holistic visibility into assets across IT and operational technology (OT) environments.

Key Points: 
  • It is the first and only exposure management platform that provides holistic visibility into assets across IT and operational technology (OT) environments.
  • As IT, OT and IoT assets become increasingly interconnected, cyber attacks are often originating in IT systems and then spreading into OT environments, with potentially devastating results.
  • Tenable One for OT/IoT extends visibility beyond IT, to include OT and IoT, and helps security leaders gain a clear picture of true exposure across their entire attack surface.
  • The Tenable One for OT/IoT license includes not only Tenable One, but a companion license of Tenable OT Security and Tenable Security Center.

Phosphorus' Cyber-Physical System (CPS) Protection Platform Empowers Federal Agencies to Meet – and Exceed – OMB Mandates for IoT/OT Cybersecurity

Retrieved on: 
Thursday, February 29, 2024
HVAC, CISA, Comprehensive, OEM, Management, Internet of things, Computer security, Government, Catalog, OMB, Metadata, OT, CNI, NIST, Organization, CPS, Destroy Lonely

It also aligns with recent CISA and NIST efforts to enhance cybersecurity practices and resilience across the nation’s critical infrastructure.

Key Points: 
  • It also aligns with recent CISA and NIST efforts to enhance cybersecurity practices and resilience across the nation’s critical infrastructure.
  • However, discovering and assessing the broad array of IoT and OT assets can be particularly daunting, not just for government agencies, but for any sizable organization.
  • These legacy systems are difficult to integrate with modern cybersecurity frameworks, unless your platform is specifically attuned to them.
  • Continuous Compliance Monitoring : The platform offers continuous monitoring and reporting features that ensure agencies remain compliant with federal cybersecurity standards over time.

SpecterOps Brings Attack Path Management to Government Agencies to Help Reduce Risks Associated with Secure Identity Management

Retrieved on: 
Tuesday, March 5, 2024
Software, Networks, Internet, Data Management, Technology, IOT (Internet of Things), Other Technology, Security, ISO, BHE, CISA, Moses Austin, APM, ID, Woodside Energy, Federation, Government, Public sector, Capital Group Companies, University, Software as a service, IL5, Active Directory, Certification, Organization, Bloodhound, FedRAMP, Microsoft, SOC, Environment, Partnership, Audit

BHE is an Attack Path Management (APM) security solution for defending Microsoft Active Directory (AD) and Azure AD/Entra ID.

Key Points: 
  • BHE is an Attack Path Management (APM) security solution for defending Microsoft Active Directory (AD) and Azure AD/Entra ID.
  • SpecterOps is in the final stages of FedRAMP certification and BHE will soon be FedRAMP HIGH compliant.
  • “BHE provides the critical Attack Path Management capability that is sorely needed in the public sector.
  • BHE with FedRAMP meets the high security and compliance standards of the federal government and allows for faster adoption by government agencies seeking to secure their AD or Azure AD/Entra ID environments.

VulnCheck and Cyware Partner to Bolster Vulnerability Management

Retrieved on: 
Tuesday, March 5, 2024
Security, Defense, Technology, Other Technology, Internet, Other Defense, IAI, CISA, Intelligence, EVI, Catalog, Database, KEV, Partnership, Risk management

VulnCheck , the exploit intelligence company, today announced a partnership with Cyware, the leader in threat intelligence management, security collaboration, and orchestrated response.

Key Points: 
  • VulnCheck , the exploit intelligence company, today announced a partnership with Cyware, the leader in threat intelligence management, security collaboration, and orchestrated response.
  • Cyware will also ship with VulnCheck KEV , its recently launched catalog of known exploited vulnerabilities, featuring 80% more CVEs than the CISA KEV.
  • Together, VulnCheck and Cyware bring an unprecedented level of intelligence-powered defense to automate vulnerability management and correlate against threat feeds, enabling enterprise security teams to prevent and respond to the exploits that matter most.
  • “Cyware is an incredible partner, and excels at turning threat intelligence into action,” said Anthony Bettini, founder and CEO, VulnCheck.

Gigamon Charts Course to Help Organizations Worldwide Meet Zero Trust Architecture Requirements in Complex Hybrid Cloud Environments

Retrieved on: 
Thursday, February 29, 2024
Networks, Internet, Security, Data Management, Technology, Cloud, Zero trust security model, CISA, Government, Organization, White, Risk

Gigamon , a leading deep observability company, continues to help organizations worldwide define their Zero Trust strategies and drive their underlying initiatives.

Key Points: 
  • Gigamon , a leading deep observability company, continues to help organizations worldwide define their Zero Trust strategies and drive their underlying initiatives.
  • According to the Gigamon Hybrid Security Cloud report , visibility is a key step in the Zero Trust journey, with 100 percent of respondents believing that deep observability is required for Zero Trust.
  • Yet, today, only 34 percent believe they have achieved the visibility required to enable a Zero Trust framework.
  • Today we’re thrilled to bring leading experts on Zero Trust together to share critical insights and real-world best practices to help organizations build and implement their Zero Trust strategies and initiatives.”

VulnCheck Launches Catalog of Known Exploited Vulnerabilities Fused with Exploit Intelligence

Retrieved on: 
Tuesday, February 27, 2024
Security, Defense, Technology, Other Technology, Internet, Other Defense, CISA, Intelligence, Research, News, CVE, Growth, Catalog, KEV, Community, NVD, Risk management

VulnCheck , the exploit intelligence company, today announced the launch of the VulnCheck Known Exploited Vulnerabilities (KEV) catalog.

Key Points: 
  • VulnCheck , the exploit intelligence company, today announced the launch of the VulnCheck Known Exploited Vulnerabilities (KEV) catalog.
  • Currently, VulnCheck tracks 876 more (or 81.04%) vulnerabilities exploited in the wild than CISA, and alerts customers before missing exploits are added to the CISA KEV catalog an average of 27 days earlier.
  • “This is why we decided to offer a community resource that provides broader known exploited vulnerability intelligence and reference materials, all delivered at machine speed.”
    Key features of VulnCheck’s KEV catalog include:
    Comprehensive CVE Tracking: VulnCheck provides security teams with the largest real-time collection of known exploited vulnerabilities.
  • The catalog includes supplementary external links to exploit content available in VulnCheck XDB, referencing publicly-available exploit proof of concept code where possible.