The benefits of exercise are clear, and this extends to practising a cyber incident response plan. While practise might not make perfect, it does build resilience. An organisation that rehearses their incident response plan is better placed to respond to cyber attacks and can get back up and running again quicker than those who don’t.

Organisations wishing to join the CIE scheme will be assessed against the NCSC CIE Standard. CREST and IASME will both manage the assessment, onboarding, monitoring and offboarding of providers assured under the Cyber Incident Exercising scheme on behalf of the NCSC. The organisations were selected for this role because they both meet the NCSC’s high standards and offer a choice for potential providers and different routes into the scheme.

Dr Emma Philpott MBE, CEO of IASME says, “We are really looking forward to working with companies of all sizes and in all areas of the UK to deliver this important scheme. We feel strongly about ensuring that the scheme is accessible for smaller cyber security companies to become assured providers and we encourage you to contact us to discuss becoming a provider if this is something that interests you.”

Rowland Johnson President at CREST explains “We are delighted to be helping deliver this important new scheme for the NCSC by assessing and onboarding Assured Service Providers.  With rising cyber attacks on enterprises of all types, effective cyber incident response is one of the most important parts of building cyber resilience. This will give all organisations who want to test their incident response, access to Assured Service Providers who can support them.”

The Cyber Incident Exercising scheme provides assurance of companies which deliver two types of cyber exercises to organisations that want to test their existing cyber incident response plans:

Table-Top – discussion-based sessions where participants talk about their roles and responsibilities, activities and key decision points (following their organisation’s incident response plan) in relation to a pre-agreed scenario.

Live-Play – more in-depth sessions in which participants execute their roles and responsibilities to respond to events in a real world cyber scenario. Activities are tailored to the organisation and take place in close to real-time, providing a realistic simulation of a cyber event. Live play exercises are best suited to mature organisations looking for in-depth validation of plans.

The scope of the CIE standard covers exercises designed to simulate incidents which have a significant impact on a single client organisation. It does not cover incidents spanning multiple organisations or Category 1 and Category 2 incidents as defined by the UK’s Cyber Attack categorisation system.

The new CIE scheme will launch officially later this year when exercising providers have been assured and on-boarded, ready to offer services.

Notes for editors

For more information from the NCSC go to CIE Scheme standard

For more information about the scheme and how to apply go to:

https://iasme.co.uk/cyber-incident/

https://www.crest-approved.org/membership/ncsc-cyber-incident-exercise-scheme/

The first Assured Service Providers for the scheme will be available soon. They will be listed on the website of the relevant Delivery Partner and on the NCSC website once they are available.

The post CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme appeared first on IT Security Guru.

The significance of secure access on business performance is paramount. Seamless connectivity to applications instils operational efficiency, enabling workforces to function at their best. cyberelements.io ensures rapid setup and access to IT/OT systems, a process that takes mere minutes for end users and IT service providers. The platform seamlessly integrates remote access for regular users and PAM for critical users, whether internal or external to the organisation.

“cyberelements brings a new era in access security by making it not only effective but also accessible to businesses of all sizes,” comments, Chris Walsh, Managing Director of ABC Distribution. “This partnership underscores our commitment to delivering innovative solutions that empower organisations to enhance their security posture.”

Traditional cybersecurity tools often present challenges in configuration and integration, leading to gaps in protections. While detection and response solutions are vital, the cornerstone of defence lies in Zero Trust principles. Industry experts agree that Identity and Access Management (IAM) and Privileged Access Management (PAM) should converge in a unified platform to ensure the enforcement of robust Zero Trust security policies.

Jonathan Fussner, Head of cyberelements, said, “After a decade in the cybersecurity domain, our team is proud to introduce the first Zero Trust access security SaaS Platform in Europe. We understand the daily challenges faced by CISOs and CIOs, and our platform addresses these concerns head-on. Easy, swift, and secure access is pivotal to driving business performance.”

With cyberelements, businesses can establish secure access for all users, both regular and privileged, in a matter of minutes. This approach embraces the Zero Trust paradigm, considering identity and context as the new security perimeter, revolutionising access security in the European market.

ABC Distribution brings a wealth of experience in supporting vendors from initial market entry to mainstream adoption. The company’s expertise extends to working with both innovative startups and established challengers in the technology landscape. 

The partnership between ABC Distribution and cyberelements sets a new standard in access security, offering organisations a streamlined and robust solution to protect their digital perimeters.

To discuss how you can secure your business with cyberelements, visit the team at International Cyber Expo 2023 (26-27 September 2023) at Olympia London on Stand L40.

The post Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe appeared first on IT Security Guru.

While remote work is becoming the new normal for businesses around the world, many struggle to secure an increasingly mobile-centric environment. According to The Global State of Mobile Phishing Report published by Lookout, 2022 saw the highest mobile phishing encounter rate ever, with more than 50% of personal devices exposed to a mobile phishing attack. Lookout estimates the potential annual financial impact of a mobile phishing attack to an organisation of 5,000 employees is nearly $4 million.

Lookout Mobile Endpoint Security provides visibility into mobile threats and state-sponsored spyware, while protecting against mobile phishing and credential theft. The platform analyses telemetry from more than 215 million devices, 269 million apps, and millions of web destinations to uncover hundreds of phishing domains each day.

“With the CrowdStrike Marketplace, we make it easy for customers to have flexibility and choice through integrations with best-of-breed security products into the CrowdStrike Falcon® platform,” said Daniel Bernard, Chief Business Officer, CrowdStrike. “Lookout’s Mobile Endpoint Security is a great example of an innovative partner security solution that addresses the critical security challenges that organisations face when employees connect their mobile devices to corporate networks.”

“The rapidly evolving threat landscape calls for a collaborative approach that brings together best-in-class solutions to secure the new hybrid workforce,” said Jim Dolce, Lookout CEO. “Being listed in the CrowdStrike Marketplace is a great opportunity for organisations to directly procure Lookout’s advanced mobile security solution to help execute a comprehensive security strategy.”

Lookout at Crowdstrike Fal.Con 2023

Today through September 21, Lookout will join CrowdStrike and thousands of cybersecurity’s best as a Platinum sponsor of CrowdStrike Fal.Con 2023 at Caesars Palace in Las Vegas. Attendees are invited to booth #802 to witness first-hand why Lookout Mobile Endpoint Security is the industry’s most advanced mobile threat defence platform.

On Tuesday, September 19 at 8:30 a.m. PDT in the Partner Theater @The Hub, Justin Albrecht, Lookout Director of Mobile Threat Intelligence, will host a speaking session titled “Phishing Tricks and Zero Clicks: Tracking Mobile Threats.” This session will shed light on the importance of viewing mobile devices as endpoints requiring protection, sharing trends, and reporting on mobile threats while offering unique insights into Lookout’s intelligence on APT activity targeting this often-overlooked sector.

To access Lookout Mobile Endpoint Security on the CrowdStrike Marketplace, click here.

The post Lookout Announces CrowdStrike Marketplace Availability of Mobile Threat Defense appeared first on IT Security Guru.

Through this partnership, new FutureBank customers can access the IDVerse software as part of its offering. IDVerse customers looking for a middleware platform can connect their API credentials to benefit from FutureBank’s platform.

Bank technology is clunky and rigid, and it needs forward-thinking technology partners to stay up to date. Middleware platforms offer technological flexibility that banks and fintechs can’t build themselves, thus preventing downstream fraud and supporting the full customer journey.

FutureBank is an integration platform for core banking providers that embeds finance services. It acts as the glue between a bank and a third-party provider they want to integrate with. It helps banks and fintechs launch new products better, faster and more securely.

IDVerse is the most certified Identity Service Provider (IDSP), with 20 certifications for the Right to Work, Right to Rent and Disclosure and Barring Service (DBS) from the United Kingdom’s Digital Identity & Attributes Trust Framework (DIATF).

Through its Zero Bias AI tested technology, IDVerse is pioneering the use of generative AI to train deep neural network systems to protect against discrimination on the basis of race, age and gender.

Sergio Barbosa, CEO at FutureBank, said, “Generative AI is breeding many different fraud types. With ChatGPT, fraudsters can create very authentic documents and profiles for people at a low cost. We were impressed by IDVerse’s capability to stop fake IDs from making their way through the system and its fully automated approach that works better than humans.”

Barbosa continued, “Cybercrime is currently the third biggest economy in the world, and predictions show that in the next 18 months, it will be the biggest economy in the world. We are delighted to partner with IDVerse to protect our customers from unwanted attacks.”

Russ Cohn, General Manager EMEA at IDVerse, added, “It is already very easy to create a realistic fake person in as little as 15 minutes using online tools readily available on the internet. Synthetic media is becoming the new tool of choice for fraudsters looking to make money. We estimate that there is a 400 percent year-on-year increase in the use of deepfakes in creating fake identities.”

Cohn continued, “Our fully automated identity verification system can offer FutureBank customers a reliable solution to spot deepfake accounts that fraudsters are increasingly trying to create. IDVerse’s cutting-edge technology maps the facial genome and can detect below-the-skin activities, such as a heartbeat changing the colour of the skin, which the human eye cannot see. These natural yet invisible patterns from faces help verify that an image is of a real human, not a deepfake.”

For more information, visit www.idverse.com

The post FutureBank and IDVerse Partner to Fight Cybercrime appeared first on IT Security Guru.

Aston Business School is one of the 1% of schools in the world bearing a triple crown of accreditations, including AMBA, AACSB, and EQUIS. It is one of the few in the Top 100 QS ranking. Aston launched a Cyber MBA as well as MSc in Cyber Risk Management, recognising the importance of cybersecurity at the executive level in organisations.

Aston CSI Centre has been working with ISACA for a number of years and is now authorised by ISACA to deliver Cybersecurity Fundamentals, AI, Data Privacy Solutions Engineer, CRISC, CISA and CISM, providing high-quality virtual and face to face, instructor-led training and helping delegates to achieve exam success and to get the best out of their ISACA membership.

ISACA-accredited instructors at Aston are working consultants with a wealth of experience as CISOs, risk managers and IT audit directors, so can bring the topic to life using real examples and practical knowledge to enrich the experience of Aston MBA and MSc in Cyber students.

On the partnership, Erik Prusch, CEO of ISACA commented: 
“Early-career professionals have the chance to propel their careers while making a real impact on their organizations, and ISACA is committed to supporting them in every stage of their professional journey. A cybersecurity or risk management certification makes them more differentiated to prospective employers, as organizations recognize that these individuals have the knowledge and skills they need.”

Chris Dimitriadis, Global Chief Strategy Officer at ISACA added: 

“It’s no secret that today’s workforce is suffering from a cyber skills gap. Filling this needs to be a priority for businesses to protect their employees and customers from rising cyber threats. Young professionals with cybersecurity and risk management skills and accreditations are an essential part of the teams that give businesses the best chance of defending themselves and setting themselves up for long-term success.” 

Professor Zoe Radnor, Pro-Vice-Chancellor and Executive Dean of the College of Business and Social Sciences at Aston University, said:

“Taking our executive education in the cyber security direction is a strategic priority as Aston University has positioned itself as leader in digital technologies. The CSI Centre of Excellence underscores this priority.”

Dr Anitha Chinnaswamy, a senior lecturer in cyber security management at the CSI Centre at Aston Business School, said:

“There is an acute shortage of skills in the cyber security sector, and we are delighted to be leading the field of executive education of future professionals under the recognition of a Centre of Excellence.”

Professor Helen Higson, deputy dean of Aston Business School, said:

“The CSI Centre academics are always forward looking at the new demands in education and have created a dynamic set of postgraduate offering highly relevant in the market.”

Professor Aleks Subic, Chief Executive and Vice-Chancellor of Aston University, said:

“In line with our 2030 strategy focused on establishing Aston University as a leader in digital innovation, the Centre of Excellence represents an important step towards making Aston University a sector leader in cyber security.”

The post Aston University partners with ISACA to offer credentials in cybersecurity and risk management to graduates appeared first on IT Security Guru.

Southampton Football Club is a professional football club that plays in the EFL Championship, the second tier of English football. The club chose Acronis Cyber Protect because it provides fast and reliable backup, AI-based anti-malware, and is accessible from a single intuitive console. While using a patchwork of five-star solutions for separate aspects of cybersecurity will still leave gaps in a system’s defences, Acronis’ integrated approach ensures such gaps are eliminated, delivering superior resiliency for organisations like Southampton FC.

Director of IT, Huw Fielding, comments: “Southampton FC takes cyber protection very seriously. Global organisations like ours often come under fire from cyberattacks targeting our sensitive data, including information on thousands of fans. Protecting the data we have been entrusted with is a significant priority for us, and we have the utmost confidence that Acronis’ solution, delivered by Tailor Made Technologies will help us do so.

Acronis’ solutions are developed based on the Five Vectors of Cyber Protection— Safety, Accessibility, Privacy, Authenticity, and Security (SAPAS). This means that Acronis solutions are designed to provide the highest level of security possible and ensure that data is easily accessible to those with authorised permission and that it is both authentic and tamper-free. While security and accessibility are often considered polarised concepts in data security, Acronis solutions prove that you can have the best of both worlds.

Building on its existing partnerships with both Acronis and Southampton FC, the solution will be delivered by TMT as the Official Acronis Delivery Partner. As experts in managed IT, cyber security, and communication solutions, TMT brings a wealth of experience from over 29 years of providing managed technologies that power SMEs to achieve their business goals.

Darren Scott-Healey, CEO at TMT said: “As CEO of TMT and a lifelong Saints fan, I am thrilled to announce our partnership with Southampton FC as their Acronis CyberFit Partner. We are excited to work alongside the club to meet their cyber security needs with the most innovative managed solutions. This partnership is a great opportunity for us to leverage our industry-leading expertise, local focus, and technical support to help Southampton FC defend its operations, enhance its performance and push for promotion.”

“We are proud to be renewing our partnership with Southampton FC, one of the best known and liked clubs in English football. We are thankful that the team shares our vision and passion for cyber protection, and we are excited to work with TMT who will deliver our first-class cyber protection solutions to protect the workloads of the club”, added Ronan McCurtin, Vice President of Sales Europe, Turkey and Israel at Acronis.

For more information about Acronis #CyberFit Sports Partnerships, visit https://acronis.sport/

The post Southampton FC Renews Partnership with Acronis appeared first on IT Security Guru.

“Cato Networks is the poster child for ZTE and SASE,” notes the report. “Founded by Shlomo Kramer of Check Point Software Technologies and Imperva fame, Cato Networks started with a strong security pedigree and built a global platform of distributed PoPs from which to deliver security as a service. Cato has a strong strategy paired with a truly unified networking and security solution and has shown real security innovation within its single-pass architecture platform.”

“We are honoured to be recognized by Forrester as a “Leader” in this Wave. Cato architected a platform that was purpose-built for ZTE and SASE, one that is valued by our thousands of customers and partners for its simplicity, agility, security posture, and optimal performance,” says Shlomo Kramer, CEO and co-founder of Cato Networks. “We are happy to see their excitement reflected by leading industry analysts’ reports.”

ZTE Converges Networking and Security as a Unified Service 

The Forrester report found that early-adopting reference customers were enthusiastic about the Cato SASE Cloud. “Multinationals, financials, and firms looking to consolidate security functions and replace MPLS will find Cato a compelling choice,” according to the report. “Cato has a strong strategy paired with a truly unified networking and security solution and has shown real security innovation within its single-pass architecture platform,” writes Forrester.

Zero Trust edge architectures merge and deliver networking and security functions as a service. Forrester recommends customers look for ZTE solution providers that meet three criteria:

Have unified and centralized cloud management. Achieving higher levels of trust and automation requires ruthless standardization. This applies to ZTE solutions. Customers should ensure that their ZTE provider has a single, cloud-based interface that provides standard and consistent methods to create and deploy both network and security policies. The configurations and monitoring data should reside in a single data lake to eliminate data duplication, multiple security policies, and poor collaboration.

Build a resilient backbone with sophisticated controls. Business wide networking fabrics need more than first- and last-mile connectivity controls. ZTE vendors have recognized the value of optimizing and conditioning application traffic throughout the application’s journey by including managed backbones as part of their ZTE offering. The number of points of presence (PoPs) that connect to the backbones, the types of links between backbone nodes, and the amount of services (such as traffic optimization or virtual fires) at node and PoP can vary dramatically. Some ZTE vendors have developed backbones with a richer set of controls than vendors using infrastructure-as-a-service (IaaS) networks exclusively.

Utilize Zero Trust network access for remote access, replacing VPNs. All ZTE solutions have a combination of Zero Trust network access (ZTNA), secure web gateways (SWGs), and cloud security gateways (CSGs, aka CASBs). Look to providers offering a strong ZTNA capability to reduce your organization’s threat surface and protect your critical data. The best of these solutions can also help discover the applications that you need to protect.

Cato SASE Cloud Excelled in Core ZTE Criteria  

Cato SASE Cloud earned the highest score possible in sub-criteria aligned with all three of these areas. In terms of management, Forrester found that Cato delivered:

• Centralized network and security management. “A cloud-delivered portal with a clean, intuitive interface manages all networking and security capabilities. The management plane and data lake are unified,” according to the criteria description.
• Administrative experience. “The solution is not just centrally managed but provides superior UX. Common workflows are easy to get to and streamlined; they guide the user to make correct policy.” according to the criteria description.

In terms of a resilient backbone with sophisticated controls, Forrester found that Cato delivered:

• Network reach and function. “The vendor has 80 or more sites that host ZTE services. PoP sites sit in colocation facilities allowing the solution to choose the best paths across the backbone,” according to the criteria description.
• Best path selection and performance across their backbone. “The solution has traffic control over the links in its backbone and can route traffic over the best paths. The vendor has site reliability engineers continuously evaluating the backbone,” according to the criteria description.

And in terms of utilizing ZTNA for remote access, Forrester found that Cato delivered:

• Zero Trust Network Access (ZTNA): “The vendor’s agent authenticates and authorizes the user and provides multiple advanced features such as universal ZTNA, interception of all ports and protocols, TCP acceleration, application discovery, microsegmentation or auto quarantine,” according to the criteria description.

For more information about Cato Networks’ ranking, download The Forrester Wave: Zero Trust Edge Solutions Report, Q3 2023 here.

The post Cato Networks Named a “Leader” in Zero Trust Edge (ZTE) Report by Leading Research Firm appeared first on IT Security Guru.

“We were looking to move from several regional service providers with fragmented technical solutions to one integrated network and security stack with an end-to-end managed service,” says Laurent Gaertner, Global Director of Networks at the Carlsberg Group. “The Cato SASE Cloud and service offering perfectly matched our requirements.” 

“The same challenges faced by Carlsberg — optimal security posture, improved global performance, and enhanced business agility everywhere — confront enterprises worldwide every day,” says Shlomo Kramer, co-founder and CEO of Cato Networks. “Cato was explicitly built to help companies of all sizes meet those needs. We’re excited to work with Carlsberg and see their adoption of Cato as just the latest evidence that large enterprises can best meet today’s security and networking challenges with a single-vendor SASE cloud platform.” 

Legacy Network Leads to Security Risks and Application Disruptions  

Established in 1847, the Carlsberg Group is the world’s third largest brewer with $10.6B in revenue spanning over 140 brands. Carlsberg’s network connects 200+ sites across Western & Central Europe and the Asia regions. 

The legacy network, built from different regional point solutions and technologies, proved to be challenging to manage for Carlsberg. Opening new locations took too long. VPN performance into China was a problem. And across regions, the Internet-based SD-WAN connecting locations was unsuitable for the company’s VoIP and fully utilizing all Microsoft Office 365 features. “We had to retain MPLS just to ensure proper voice quality,” says Gaertner. “And with Microsoft Teams, it doesn’t take a lot of latency for the application collaboration features to become unusable.”  

The mix of appliances also created security problems. With multiple firewall appliances, visibility was fragmented. Multiple sets of security policies had to be maintained, which increased complexity and risk. Carlsberg’s Cyber Security Group wanted zero-trust to be implemented consistently, which also wasn’t possible with the legacy network.  

Legacy Network Problems Led to Strategic IT Challenges  

From a strategic perspective, building the legacy network from different providers and technologies prevented IT from delivering consistent service levels worldwide. “Some users would receive higher availability and others better capabilities, but we couldn’t bring it all together to create an à la   carte set of services that could apply to any office anywhere and facilitate our global IT development,” says Gaertner. 

Day-to-day management was also compromised. Change requests took too long in part because of the different management interfaces, which complicated problem identification and resolution. Coordinating the different layers of the solution with different service providers became a real challenge. 

Carlsberg Assesses Single-vendor SASE, Entrusts Cato with its Global Infrastructure  

To address those problems, the company began looking for a single, global SASE solution. After an extensive evaluation of six SASE approaches, Carlsberg selected Cato.  

Cato’s rich security capabilities meant Carlberg would have one platform and one security policy worldwide protecting all edges — sites with SD-WAN devices, the cloud with native cloud connectivity, and mobile users running the Cato Client. “The Cato security features are a significant step ahead in our Zero Trust implementation strategy and the future innovation will bring us even further,” says Tal Arad, Vice President of Global Security & Technology at Carlsberg.  

The Cato global private backbone underlying Cato SASE Cloud also met Carlsberg’s performance requirements globally. As such, Carlsberg expects to eliminate the remaining MPLS, relying on Cato for VoIP, ERP, and the rest of its applications. 

To learn more about Cato and other enterprises who’ve adopted the Cato SASE Cloud, visit https://www.catonetworks.com/customers.

The post Carlsberg Group Selects Cato Networks for Massive Global SASE Deployment appeared first on IT Security Guru.

DarkInvader is a channel first company, offering partners a way to add value to their customers by delivering real-time attack surface intelligence to help them understand the threat landscape and stay ahead of potential threats. Utilising human research and custom search technology, its services uncovers more risks when compared to automated tools.

Within the DarkInvader Portal, organisations can see their current exposure on the dark web, from files to credentials and company emails. These are graded based on the risk to the business and come with a remediation action outlined by its expert team of researchers.

One of the standout features of DarkInvader is its customisable portal. Understanding the importance of brand awareness, the portal can be customised to allow MSSPs to have full control over branding, ensuring a seamless experience for their customers. 

“Our customers are worried about publicly accessible private data, scams that can damage brand reputation and hidden IT infrastructure.  Darklnvader acts like a cyber criminal, collecting information across the dark and surface web that could be used to target our clients external attack surface.” comments Robin Hill, Co-Founder of DarkInvader. 

Hill continues; “Through strong partnerships, we’re dedicated to expanding our network to help businesses maintain their security. We empower our channel partners to diversify services and elevate their value to customers, providing access to cutting-edge tools, technologies, and expert support. By aligning with DarkInvader, partners can unlock additional revenue streams and enhance their market visibility.” 

To contact DarkInvader to find out more about becoming a partner, please visit: https://www.darkinvader.io/contact

The post DarkInvader Launches Channel Partner Recruitment Drive appeared first on IT Security Guru.

NATS handles over 2.5 million flights every year and the new long-term contract will strengthen its technology infrastructure by creating a future-fit strategic network architecture to support air traffic operations in the UK.

BT will take responsibility for the consolidation and modernisation of NATS’ critical data network as well as manage digital networking and cyber security across its sites. BT will also develop an enhanced cyber security capability with NATS, which will include a new proactive central coordination point for cyber resilience. Together, these services will enhance NATS’ technology programme into the future and provide leading support for the technical operations it relies on.

NATS provides air traffic services at 14 UK airports and manages all UK airspace from two air traffic control centres located at Swanwick in Hampshire, and Prestwick in Ayrshire. It also provides air traffic services at Gibraltar Airport and, more recently, Hong Kong International Airport.

Tim Bullock, Supply Chain & Facilities Management Director at NATS, said: “NATS is implementing a truly transformational technology programme to keep the skies safe and support our customers worldwide, so it is vital we have BT as industry leaders alongside us. We select organisations at the top of their game technically, to join our collaborative ecosystem of partners. I’m delighted with the partnership we have formed and look forward to working together for many years to come to deliver great solutions for our customers.”

Andy Rowe, Director of Central Government, at BT, said: “Secure, high-bandwidth connectivity is essential in keeping the UK’s air traffic moving in the future – so after many years of building world-class networks and cyber security for providers of critical national infrastructure, we are looking forward to delivering this now for NATS.

“Under the partnership we will be responsible for both network provision and cyber security within the NATS strategic supplier ecosystem, and will be embarking on consolidating and modernising the entire network to build a world-class digital infrastructure that is fit for the future of air traffic management.”

The post BT lands major network and cyber security deal with NATS appeared first on IT Security Guru.