CLOUD INFRASTRUCTURE MANAGEMENT

Authentic8's Silo is The First Cloud-Native Web Isolation Platform to be given FedRAMP Authorization

Authentic8 | April 06, 2021

Authentic8, the developers of the Silo Web Isolation Platform, announced today that its Silo product suite and cloud technology have been granted FedRAMP authorization, a comprehensive certification proving that its products and services follow regulatory standards for hosting the US government data.

FedRAMP is the only third-party credential program accredited by the United States government for ensuring the integrity of private cloud providers. Authentic8 is one of approximately 215 vendors that have earned FedRAMP clearance.

“FedRAMP authorization is the gold standard for cloud-based services, and Silo is the only web isolation platform that has it.” Unlike self-certification, FedRAMP allows certified third parties to determine and verify compliance with a codified series of federal risk management requirements,” said Scott Petry, CEO of Authentic8. “With FedRAMP approval, Authentic8 has been validated as sufficiently safe to host U.S. government data, regardless of agency. Any entity, public or private, benefits directly from FedRAMP's intrinsic protection as well as the quality improvement process.”

The Silo Web Isolation Platform is used by government departments and Fortune 500 companies to harden and automate their security architectures; to provide safe and anonymous web access to staff; to monitor high-value workflows, sensitive data, and web-based applications; and to perform web analysis with no risk of attribution back to the system or network.

"By using Silo's FedRAMP authorization, customers who need to function under some compliance system benefit immediately," said Michael Fledderjohann, Authentic8's Director of Security and Compliance. “Our security safeguards, in conjunction with key Silo technologies such as access management, privacy policy enforcement, and encrypted logging, assist our customers in ensuring their compliance with other requirements such as HIPAA, CCPA/CPRA, GDPR, SOX, GLB, PCI, and others.”

Authentic8's patented Silo Web Isolation Platform operates by separating users from the web by running all web code off-site in a removable container in the cloud, preventing it from accessing the network environment or end computer. Silo integrates confidentiality, identity, and data policy into the browser. It liberates the site's strength and removes the threats of unregulated third-party web content, unauthorized access, employee abuse of unmanaged devices, and malicious intent by hackers or state-sponsored actors.

About Authentic8

The world's most at-risk organizations depend on Authentic8 to eliminate the risk of accessing the internet. More than 500 government agencies and commercial companies depend on Authentic8's cloud-based Silo Web Isolation Platform to isolate the stuff they care about — like applications, data, and devices — from the things they can't trust, like external websites, users, and unmanaged devices.

Authentic8 challenges the decades-old approach to web access. Customers have the assurance they require that their web use is safe and compliant in every session through its proactive security and policy control.

Spotlight

Anand Iyengar, CTO of CloudVelox (formerly CloudVelocity) demonstrates the One Hybrid Cloud platform software. One Hybrid Cloud allows you to move existing systems into the cloud, leveraging the agility, efficiency, and persistency of cloud computing systems.


Other News
CLOUD DEPLOYMENT MODELS

eSentire Announces Global Partnership with Lacework to Reduce Cloud Security Risk

eSentire | November 02, 2022

eSentire Inc., the Authority in Managed Detection and Response (MDR), announced today its global partnership with Lacework®, the data-driven cloud security company, advancing its protection of cloud workloads, containers, applications, and Kubernetes with 24/7 Multi-Signal MDR and Cloud Security Posture Management (CSPM) services, utilizing the Lacework Polygraph® Data Platform. eSentire is Lacework’s first global MDR partner. With 95% of organizations leveraging at least one cloud service1 and 70% running more than two containerized applications by 20232, security leaders must seek out partners who align cloud protection to each organization’s business strategy. Widespread adoption of cloud Infrastructure (IaaS), Platform (PaaS), and Software as a Service (SaaS) models demonstrate an undisputed business ambition to innovate and scale quickly. eSentire uniquely embraces the balance between business strategy and cloud security, delivering first and foremost on the mission to protect the risk in order to prevent business disruption. “eSentire understands that cloud security isn’t a journey to shift left for every organization. It’s about protecting what matters most to your business because a risk is a risk, no matter where your users and data reside, This partnership with Lacework demonstrates our commitment to driving the most proactive threat response outcomes forward on behalf of our global customer base. Our message to security leaders is that you’re in the cloud, and we’re all-in to protect you.” Rahul Bakshi, Chief Product Officer, eSentire Using machine learning, artificial intelligence, and cloud behavioral analytics, the Lacework Polygraph® Data Platform automatically learns and understands behaviors across an organization’s cloud environment. eSentire’s new partnership with Lacework expands its deep expertise across AWS, Azure and Google Cloud with further visibility, differentiated behavior-based threat detection, and context-rich insights to fuel its multi-signal investigations. From there, eSentire’s 24/7 SOC analysts and renowned Threat Response Unit (TRU) stop active threats before they spread to become business disrupting, with a Mean Time to Contain of less than 15 minutes. eSentire’s Cyber Risk Advisors act as an extension of the customer’s team, supporting their risk-based strategy with the contextual industry and business awareness required to provide actionable recommendations to improve cyber resilience across on-premise, cloud, and hybrid environments. Additional eSentire and Lacework mutual service benefits include: Identified and prioritized misconfigurations across the three major cloud providers – Azure, AWS, and Google Cloud Findings mapped against recognized industry frameworks, including HIPAA, CIS, and SOC 2 Complete multi-signal threat investigation visibility within eSentire’s Atlas Insight Portal Detection, investigation, and containment of threats to virtual machine (VM) workloads and containers up to 10x faster A 342% return on investment, 100:1 alert reduction, and 80% faster investigation capability “As threats continue to increase in speed and sophistication, customers are looking for security solutions which can help them continue to innovate quickly with the confidence they’re prioritizing security and compliance,” said Brian Lanigan, VP, Worldwide Channels and Alliances, Lacework. “Together with eSentire, we’re delivering a fully managed solution that provides complete cloud detection, investigation, and proactive threat response. This puts the customer’s protection at the forefront, mitigating cloud security risks with transparent visibility and co-management capabilities.” eSentire MDR for Cloud and Cloud Security Posture Management protection with Lacework is available now. eSentire and Lacework will be hosting an executive fireside chat on Thursday, December 7, 2022, with industry experts Tia Hopkins (Field CTO and Chief Cyber Risk Strategist, eSentire) and Erin K. Banks (Senior Director of Product Marketing, Partners & Alliances, Lacework) entitled: Risk is Risk - Is Cloud Security The Journey or The Destination? To register and participate in this engaging conversation, visit: mdr.esentire.com/lacework. About eSentire eSentire, Inc. is the Authority in Managed Detection and Response, protecting the critical data and applications of 1,500+ organizations in 80+ countries, representing 35 industries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts, Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services.

Read More

CLOUD INFRASTRUCTURE MANAGEMENT

Datadog Acquires Cloudcraft to Create Live Cloud Architecture Diagrams

Datadog | November 10, 2022

Datadog, Inc. the monitoring and security platform for cloud applications, today announced it has acquired Cloudcraft, a visualization service for cloud and system architects to create real-time diagrams of their cloud infrastructures. A well-designed cloud architecture is essential in order to ensure the underlying infrastructure stays operational, in budget and compliant over time. Modeling cloud environments helps organizations accomplish these goals. However, traditional modeling and design tools are static, meaning they are outdated as soon as the documentation is published. Cloudcraft addresses this problem by providing real-time visualization of cloud infrastructures. Cloudcraft instantly analyzes service relationships within customers' AWS environments, reverse engineers a system architecture diagram and automatically updates that diagram in line with infrastructure changes. Datadog plans to continue to offer Cloudcraft to existing and new customers and enhance its capabilities by integrating with the Datadog platform. "Our goal is to help organizations make better cloud architecture decisions by creating real-time visualizations built on data and metrics, The acquisition by Datadog will enable us to further this mission through richer models, actionable insights and multi-cloud support." Tomas Junnonen, Founder and CEO of Cloudcraft "Hundreds of thousands of engineers have designed their cloud infrastructure with Cloudcraft's clear and readable diagrams," said Michael Gerstenhaber, VP of Product at Datadog. "Combining Datadog's real-time observability data with Cloudcraft will allow us to shift monitoring further left and support our customers' success with cloud migrations, container adoptions or other structural changes engineers consider every day." About Datadog Datadog is the monitoring and security platform for cloud applications. Our SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration, drive collaboration among development, operations, security and business teams, accelerate time to market for applications, reduce time to problem resolution, secure applications and infrastructure, understand user behavior and track key business metrics.

Read More

CLOUD SECURITY

Lightspin Democratizes Cloud Security with Launch of Free Product Tier

Lightspin | September 12, 2022

Lightspin, the #1 cloud security solution for SaaS companies of all sizes, today announced free access to its Cloud Native Application Protection Platform (CNAPP). The platform prioritizes and remediates cloud security risks in minutes powered by the industry's only Attack Path Engine. There are more than 25,000 SaaS companies, with an estimated market size of more than $272 billion. These cloud-native SaaS companies looking to secure their data and workloads in the cloud have historically had two choices: a noisy legacy solution or expensive modern software designed for the enterprise market. Lightspin is meeting SaaS market demand for a robust and comprehensive cloud security solution that covers cloud-native companies from build to runtime. Driven by strong market interest - 600% increase in sign-ups since the free trial was announced less than 9 months ago - Lightspin created a model to empower customers and allow the organization to scale as the need grows. Lightspin now offers a self-serve experience that aligns with how SaaS security and engineering leaders want to discover and procure best-in-class tools. Lightspin's transparent pricing eliminates the guessing game of the traditional software buying process. "Great cloud security products should not just be for the enterprise, We know that security buyers want to explore products, they want to get immediate value from the solutions they are considering purchasing, and importantly they want transparency in pricing. There are many tools in the market, but Lightspin offers the undisputed best value." Vladi Sandler, co-founder and CEO of Lightspin Lightspin provides immediate tangible value via its Attack Path Engine which generates contextualized cloud risks from an attacker's perspective. Efficiently built on a Neo4j graph database and powered by proprietary graph algorithms developed by experienced cloud security researchers, Lightspin's CNAPP needs no configuration or custom queries to get started. Users can be up in minutes and ready to identify the fastest path to damage that an attacker could take to breach their cloud environment. Lightspin's pricing tiers include: Free Tier Lightspin's IaC scanning engine for up to 10 repositories. Expanded daily scan access for attack surface discovery capabilities with award-winning Recon.Cloud for public exposure information or through Lightspin's IaC security tool. Premium Tier: Built to be the most accessible and robust cloud native application protection platform: CSPM, KSPM, CWPP, IaC, and more starting at only $15,000 per year. Unlimited access to the proprietary Attack Path Engine: attack path analysis, root cause analysis, and dynamic remediation. SSO is included. API support. Access to all tool integrations. Enterprise Tier: All premium tier offerings, plus increased limits. Complete runtime protection for Kubernetes clusters. Dedicated white glove technical support from cloud experts. Free self-serve access to the Lightspin platform will be available in Q4. Visit www.lightspin.io/pricing to learn more. About Lightspin Lightspin is the #1 cloud security solution for SaaS companies of all sizes. Agentless and easy to deploy, Lightspin's Cloud Native Application Protection Platform (CNAPP) efficiently prioritizes and remediates cloud security risks in minutes using the industry's only Attack Path Engine built on the graph. Supporting Amazon Web Services, Google Public Cloud, Microsoft Azure and Kubernetes, Lightspin simplifies cloud security and compliance via its self-serve offering and graph-based algorithms. Based in New York and Tel Aviv, Lightspin is backed by Dell Technologies Capital and Ibex Investors. Leading SaaS companies such as Imperva, OutSystems, PageUp and Riskified trust Lightspin to protect their data and workloads in the cloud.

Read More

CLOUD SECURITY

Lacework Brings Its CNAPP Solution To Google Cloud's Chronicle Security Operations

Lacework | October 27, 2022

Lacework, the data-driven cloud security company, today announced a new integration with Google Cloud's Chronicle Security Operations, bringing its cloud-native application protection platform (CNAPP) capabilities to Chronicle deployments. By tapping into rich multicloud runtime alerts from the Lacework Polygraph Data Platform, organizations using Chronicle Security Operations gain better insight into cloud threats, helping them understand, respond to, and remediate incidents more effectively than ever before. Lacework fully integrates multicloud runtime telemetry with Chronicle Security Operations. SOC teams that rely on legacy security solutions, which are based on static, manually-written rules, can't keep up with the rate and scale of changes in cloud environments. They are then forced to spend an increasing amount of analyst time and energy sifting through an overwhelming volume of low-context alerts. SOC teams need a modern threat management solution that can keep up with the constantly changing nature of the cloud, and allows them — and their company overall — to operate and innovate effectively at scale. With this integration, organizations using Chronicle Security Operations can now access runtime alerts and anomalous activity from multicloud environments, generated by the Lacework Polygraph Data Platform. The Lacework Polygraph Data Platform uses automation to provide teams with an improved signal-to-noise ratio compared to traditional solutions that are not built for the cloud, without the need for manual intervention. The addition of these high-context alerts allows SOC teams to quicken investigation and remediation, and closes the gap between SOC and security teams by embedding Lacework into security playbooks. "Enterprises transforming their security strategies for the cloud require technologies that easily deliver comprehensive visibility across their multicloud environments, Lacework's integration with Chronicle Security Operations enables organizations to detect and address the right threats via contextual insights that matter the most across their diverse environments." Sunil Potti, VP/GM of Security, Google Cloud Key capabilities of this integration include: Anomaly detections from Lacework, including the cloud control plane, audit logs, cloud, and container instances for Google Cloud, AWS, and Microsoft Azure are all shared with Chronicle Security Operations. Using Chronicle's Universal Data Model parsers, customers can easily onboard this integration within their existing Chronicle instance. Customers will be able to create automation, orchestration and response playbooks using Chronicle SOAR to quickly react to and address issues. "Cloud threats are only becoming more sophisticated over time, so it's critical for security teams to have the right context to make the right decisions to remediate issues quickly," said Jay Parikh, co-CEO, Lacework. "Through our continued partnership with Google Cloud, we're making it easier for joint customers to take advantage of the richness of Lacework data so they can get a better understanding of what's happening across their multicloud environments and continue to innovate with confidence." The Lacework integration with Chronicle Security Operations will be available to organizations via Google Cloud Marketplace About Lacework Lacework is the data-driven security company for the cloud. The Lacework Polygraph Data Platform automates cloud security at scale so our customers can innovate with speed and safety. Only Lacework can collect, analyze, and accurately correlate data across an organization's cloud and Kubernetes environments, and narrow it down to the handful of security events that matter. Customers all over the globe depend on Lacework to drive revenue, bring products to market faster and safer, and consolidate point security solutions into a single platform. Founded in 2015 and headquartered in San Jose, Calif., Lacework is backed by leading investors like Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners, Tiger Global Management, Counterpoint Global (Morgan Stanley), Franklin Templeton, Durable Capital, GV, General Catalyst, XN, Coatue, Dragoneer, Liberty Global Ventures, and Snowflake Ventures, among others.

Read More

Spotlight

Anand Iyengar, CTO of CloudVelox (formerly CloudVelocity) demonstrates the One Hybrid Cloud platform software. One Hybrid Cloud allows you to move existing systems into the cloud, leveraging the agility, efficiency, and persistency of cloud computing systems.

Resources