Cloud Security
Tenable | September 11, 2023
Tenable Holdings, Inc. is strengthening its focus on cloud security through the acquisition of Ermetic Ltd., a cloud-native application protection platform (CNAPP) company specializing in cloud infrastructure entitlement management (CIEM). This strategic move aims to enhance Tenable's Exposure Management Platform by providing improved risk visibility, prioritization, and remediation solutions for both cloud and on-premises environments.
Ermetic's CNAPP offers comprehensive contextual analysis, simplifying the identification of critical issues like privileged access to exposed, vulnerable workloads. The integration of Ermetic's capabilities into Tenable One will broaden Tenable's offerings for hybrid environments, addressing the complex challenge of managing identity-based threats in the cloud.
According to the Cloud Security Alliance's 2022 Top Cloud Threats report, identity-based threats are a top concern in cloud security. Tenable's acquisition of Ermetic seeks to simplify the process of understanding access risks and permissions in the cloud, making it more accessible for security professionals with varying levels of expertise.
“We will have an opportunity to put additional market-leading cloud security capabilities into the hands of tens of thousands of customers,” said Amit Yoran, Chairman and Chief Executive Officer, Tenable. “Together, we will be able to deliver a holistic view of the modern attack surface and help organizations reduce exposure and risk, using identity as an essential foundation,” he further added.
[Source: Globe News Wire]
The combined offerings of Tenable and Ermetic will include a unified CNAPP solution for asset discovery, risk analysis, remediation, and compliance, as well as a robust CIEM solution for managing human and service identities in cloud infrastructure. The integration will provide context-aware risk prioritization across all cloud and on-premises resources and simplify the remediation process.
The acquisition, valued at approximately $240 million in cash and $25 million in restricted stock and RSUs, is expected to close in early Q4 2023. Tenable will finance the cash portion of the acquisition using existing funds. However, Ermetic's financial results in Q4 2023 are not anticipated to significantly impact revenue or billings but are expected to increase non-GAAP operating expenses by $4–6 million.
The combination of Tenable and Ermetic is poised to offer unparalleled visibility and value in managing cloud environments, simplifying the complexity of cloud security management.
About Tenable
Tenable is a prominent player in the computer and network security industry, headquartered in Columbia, MD. With a global footprint, the company serves approximately 40,000 organizations worldwide, including Fortune 500 giants, Global 2000 firms, and government agencies. Leveraging its renowned Nessus vulnerability expertise, Tenable offers a pioneering platform for comprehensively securing digital assets across various computing platforms. Its specialties encompass vulnerability management, continuous network monitoring, compliance, and a range of security solutions for web applications, containers, the cloud, industrial technology, IoT, and more.
Read More
Cloud App Management
Business Wire | November 01, 2023
Cohesity, a leader in AI-powered data security and management, today announced the launch of Cohesity SmartFiles on the Snowflake Data Cloud. This new integration enables businesses to derive analytical insights from their on-premises and cloud data while maintaining data sovereignty and meeting compliance requirements.
Snowflake recognizes the critical importance of providing customers with advanced data security and management while mining their data for strategic insights, said Kit Beall, Chief Revenue Officer, Cohesity. As a leader in AI-powered enterprise data security and management, we seek partners equally dedicated to the secure storage and management of customer data. That is why we are delighted to partner with Snowflake to continue delivering innovative and secure solutions that our customers can confidently rely on.
By leveraging the Snowflake Data Cloud, Cohesity is joining Snowflake in mobilizing the world’s data to help organizations reap the benefits of their analytics capabilities without having to move their data to the cloud for analysis. With Cohesity SmartFiles, joint customers can store their data locally in SmartFiles and leverage Snowflake’s analytics capabilities with the flexibility to keep data either on-premises or in the cloud. This integration provides customers with broader access and choice while allowing them to adhere to strict internal policies.
Cohesity SmartFiles augments customers’ cloud-native Snowflake Data Cloud to include on-premises repositories and extends secure access to sensitive local data records. Cohesity SmartFiles also provides a secure platform for consolidating application data that is designed to improve storage efficiency and reduce overall cost of ownership for local Snowflake repositories.
“Cohesity’s commitment to helping Snowflake mobilize the world’s data can be seen through the launch of the SmartFiles integration,” said Tarik Dwiek, Head of Technology Alliances, Snowflake. “We look forward to partnering with Cohesity to allow access to SmartFiles in the cloud or on-premises through Snowflake’s single, integrated platform.”
This collaboration with Snowflake and Cohesity enables joint customers to gain more value from their data while optimizing cost, scale, and efficiency for their Snowflake data.
About Cohesity
Cohesity is a leader in AI-powered data security and management. Aided by an extensive ecosystem of partners, Cohesity makes it easier to protect, manage, and get value from data – across the data center, edge, and cloud. Cohesity helps organizations defend against cybersecurity threats with comprehensive data security and management capabilities, including immutable backup snapshots, AI-based threat detection, monitoring for malicious behavior, and rapid recovery at scale. Cohesity solutions can be delivered as a service, self-managed, or provided by a Cohesity-powered partner. Cohesity is headquartered in San Jose, CA, and is trusted by the world’s largest enterprises, including six of the Fortune 10 and 42 of the Fortune 100.
Read More
AWS Management
Business Wire | October 17, 2023
CoreSite, a leading hybrid IT solutions provider and subsidiary of American Tower Corporation (NYSE: AMT) (“American Tower”), announced it will launch valuable enhancements to its CoreSite Open Cloud Exchange(OCX), the company’s leading software-defined networking platform, to deliver faster AWS Direct Connect Hosted Connections of up to 50 gigabits per second (Gbps). The new OCX capabilities will further enable businesses to support the next wave of high-bandwidth, low-latency hybrid applications such as artificial intelligence (AI), machine learning (ML) and digital media production.
AWS Direct Connect is a networking service that provides an alternative to using the internet to connect to Amazon Web Services (AWS). Using AWS Direct Connect, data that would have previously been transported over the internet is delivered through a private network connection between a customer’s facilities and AWS. Leveraging the 25G and 50G Hosted Connections, businesses will be able to ensure smooth and reliable data transfers at massive scale for real-time analysis, rapid data processing or broadcast media processing. Businesses deploying complex, data-intense workloads will also benefit from the simplified process offered through the OCX to rapidly scale network capacity between the enterprise edge and cloud providers. The OCX capabilities will allow clients to effortlessly scale their network to meet current and future business needs while reducing their operating expenses.
As businesses look to AI and other data-intense applications to gain competitive edge, they need a platform capable of supporting high-density power, high-performance compute and low-latency cloud interconnection, said Juan Font, President and CEO of CoreSite, SVP of U.S. Tower. We are delighted to be working with AWS to deliver faster virtual connections to our customers to enable them to compete in today’s always-on digital economy.
About CoreSite
CoreSite, an American Tower company (NYSE: AMT), provides hybrid IT solutions that empower enterprises, cloud, network, and IT service providers to monetize and future-proof their digital business. Our highly interconnected data center campuses offer a native digital supply chain featuring direct cloud onramps to enable our customers to build customized hybrid IT infrastructure and accelerate digital transformation. For more than 20 years, CoreSite’s team of technical experts has partnered with customers to optimize operations, elevate customer experience, dynamically scale, and leverage data to gain competitive edge. For more information, visit CoreSite.com and follow us on LinkedIn and Twitter.
Read More
Cloud Security
Business Wire | November 03, 2023
Sysdig, the leader in cloud security powered by runtime insights, today released at SANS CyberFest 2023 the 5/5/5 Benchmark for Cloud Detection and Response, a new framework that outlines how quickly organizations should detect, triage, and respond to attacks in the cloud. Operating securely in the cloud requires a mindset shift in regard to time, and with that, cloud security programs need to hold themselves to a modernized benchmark: five seconds to detect, five minutes to correlate insights and understand what’s happening, and five additional minutes to respond. Recent findings by the Sysdig Threat Research Team published in the 2023 Global Cloud Threat Report note that, after discovering an exploitable target, malicious actors require less than 10 minutes to execute an attack.
Cloud attacks are swift and sophisticated, requiring robust threat detection and response programs that move at the speed of the cloud. On-premises attacks take 16 days on average and antiquated frameworks challenge security teams to respond to a breach within 60 minutes, which is simply insufficient for the cloud. Bad actors are exploiting the automation and scale of the cloud, along with new techniques, to accelerate all stages of an attack and inflict damage within minutes. The 5/5/5 Benchmark guides organizations to detect and respond to cloud attacks faster than adversaries can complete them.
The Challenge
Detect threats within five seconds.Organizations should be able to gather detection signals from their cloud security tools in real time to ensure visibility into ephemeral assets.
Correlate and triage within five minutes.Teams should be able to gather full context for all correlated signals within five minutes of receiving the first relevant alert.
Initiate a response within five minutes.Organizations should be able to initiate a tactical response within five minutes of confirming that an attack is in progress.
What people are saying
People are always looking for security metrics, especially when the industry evolves into new operating models. We have plenty of 'best practices,' but no real way to quantify cloud security agility — until now, said Anna Belak, Director, Office of Cybersecurity Strategy at Sysdig. The 5/5/5 Benchmark, built in partnership with our customers, industry analysts, and the Sysdig Threat Research Team, sets a new standard for operating securely in the cloud.
“As organizations move to the cloud, traditional on-premises security standards become outdated and too slow. In the cloud, both innovation and attacks happen quickly – companies need security tools, processes, and standards designed to operate at the speed of cloud-native environments,” said Phil Bues, Research Manager for IDC Cloud Security.
“I don’t want to know 15 minutes after someone breached my system. I need to know instantly so that we can shut it down before the blast radius expands,” said Kuldeep Tomar, Head of Information Security at India’s leading digital skill games company and 5/5/5 Benchmark Advisor. “To move at the necessary speed, you need to not only be alerted to the right things, but also respond appropriately. Having a benchmark gives us a goal to hold ourselves to.”
About Sysdig
In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation. Sysdig. Secure Every Second.
Read More