For - All Articles - CISO Platform2024-03-29T05:28:33Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/ForCybersecurity Policy for the Banks|RBI Cyber Security Framework – Key Takeawayshttps://www.cisoplatform.com/profiles/blogs/rbi-cyber-security-framework-key-takeaways2016-07-26T18:30:00.000Z2016-07-26T18:30:00.000ZAmit, CISO Platformhttps://www.cisoplatform.com/members/AmitCISOPlatform<div><p align="center" style="text-align:left;"><span class="font-size-3">In its June 2, 2016 notification, RBI has issued new <a href="https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10435&Mode=0" target="_blank">cybersecurity guidelines</a>, which says that scheduled commercial banks (private, foreign and nationalized banks listed in the schedule of RBI Act, 1934) must proactively create or modify their policies, procedures and technologies based on new security developments and concerns. As per RBI, use of information technology and their constituents has grown rapidly and is now an integral part of banks' operational strategies; hence the need for a board-approved cyber-security policy.</span></p><p style="text-align:left;"><span class="font-size-3"> </span></p><p style="text-align:left;"><span class="font-size-3">As per the guidelines, Banks should immediately put a cyber security policy, separate from their IT policy, and get it approved by board. Banks need to send a confirmation to RBI, at the earliest, and in any case not later than September 30, 2016. <a href="#_msocom_1"></a></span></p><p style="text-align:left;"><span class="font-size-3"><span id="docs-internal-guid-3db729e7-286f-8a8a-da60-7d802409afeb">(</span> <b><span><span>Read More:</span> <span><a href="http://www.cisoplatform.com/profiles/blogs/incident-response-how-to-respond-to-security-breach-first-24-hour">Incident Response: How To Respond To A Security Breach During First 24 Hours (Checklist)</a> </span></span></b><span>)</span></span></p><p style="text-align:left;"></p><p style="text-align:left;"></p><p style="text-align:left;"></p><p style="text-align:left;"><span class="font-size-5"><b>8 Key Takeaways From RBI Cyber Security Guidelines<br /> <br /></b></span></p><p style="text-align:left;"><span class="font-size-3">Within this notification, RBI asks banks to immediately put in place a cybersecurity policy duly approved by their board, containing an appropriate approach to combat cyber threats. Some of the key takeaways from the report are as following:<br /> <br /></span></p><ul style="text-align:left;"><li><span class="font-size-3"><b>Cybersecurity policy to be distinct from the broader IT policy/IS security policy</b> of a bank<br /> <br /></span></li><li><span class="font-size-3">Need of a <b>board approved cyber security policy</b>, which needs to be confirmed to RBI by September 30, 2016<br /> <br /></span></li><li><span class="font-size-3">SOC (Security Operations Centre) needs to be in place at the earliest (if not already in place) and <b>arrangements need to be made for continuous surveillance<br /> <br /></b></span></li><li><span class="font-size-3">A <b>Cyber Crisis Management Plan (CCMP)</b> should be immediately evolved and should be a part of the overall Board approved strategy<br /> <br /></span></li><li><span class="font-size-3"><b>Cyber security preparedness indicators</b> to assess the level of risk/preparedness<br /> <br /></span></li><li><span class="font-size-3">Sharing of information on cyber-security incidents with RBI<br /></span></li></ul><ul style="text-align:left;"><li><span class="font-size-3"><b>Supervisory Reporting framework</b> to collect both summary level information as well as details on information security incidents including cyber-incidents (is a template provided, if yes mention it)<br /> <br /></span></li><li><span class="font-size-3"><b>Cyber-security awareness among stakeholders / Top Management / Board</b></span></li></ul><p style="text-align:left;"><span class="font-size-3"> </span></p><p style="text-align:left;"><span class="font-size-3">This notification has got attentions of CISOs across banking sector as well as others. In response to this notification, some security practitioners say that taking boards’ cognizance while drafting security policy is going to be a challenging task. Because board members may not be very inclined to know about the security and technical information, therefore translating security information in business terms will be a challenging task. – plz check</span></p><p style="text-align:left;"><span class="font-size-3">RBI has listed 24 requirements which should be put in place by banks to achieve baseline cyber security and resilience requirements. They are mentioned below:</span></p><p style="text-align:left;"><span class="font-size-3"><span id="docs-internal-guid-3db729e7-2870-8587-774b-da8b510c1105">(</span> <b><span><span>Read More:</span> <span><a href="http://www.cisoplatform.com/profiles/blogs/9-top-features-to-look-for-in-next-generation-firewall">9 Top Features To Look For In Next Generation Firewall (NGFW)</a> </span></span></b><span>)</span></span></p><p style="text-align:left;"></p><p style="text-align:left;"></p><p style="text-align:left;"></p><p style="text-align:left;"><span class="font-size-3"><b><span class="font-size-5">Baseline Controls</span><br /> <br /></b></span></p><ol><li><span class="font-size-3">Inventory Management of Business IT Assets</span></li><li><span class="font-size-3">Preventing execution of unauthorized software<br /> <br /></span></li><li><span class="font-size-3">Environmental Controls - for securing location of critical assets providing protection from natural and man-made threats, and mechanisms for monitoring of breaches / compromises of environmental controls relating to temperature, water, smoke, access alarms, service availability alerts (power supply, telecommunication, servers), access logs, etc.<br /> <br /></span></li><li><span class="font-size-3">Network Management and Security</span></li><li><span class="font-size-3">Secure Configuration<br /> <br /></span></li><li><span class="font-size-3">Application Security Life Cycle (ASLC)<br /> <br /></span></li><li><span class="font-size-3">Patch/Vulnerability & Change Management<br /> <br /></span></li><li><span class="font-size-3">User Access Control / Management<br /> <br /></span></li><li><span class="font-size-3">Authentication Framework for Customers<br /> <br /></span></li><li><span class="font-size-3">Secure mail and messaging systems<br /> <br /></span></li><li><span class="font-size-3">Vendor Risk Management<br /> <br /></span></li><li><span class="font-size-3">Removable Media<br /> <br /></span></li><li><span class="font-size-3">Advanced Real-time Threat Defence and Management<br /> <br /></span></li><li><span class="font-size-3">Anti-Phishing<br /> <br /></span></li><li><span class="font-size-3">Data Leak prevention strategy<br /> <br /></span></li><li><span class="font-size-3">Maintenance, Monitoring, and Analysis of Audit Logs<br /> <br /></span></li><li><span class="font-size-3">Audit Log settings<br /> <br /></span></li><li><span class="font-size-3">Vulnerability assessment and Penetration Test and Red Team Exercises<br /> <br /></span></li><li><span class="font-size-3">Incident Response & Management<br /> <br /></span></li><li><span class="font-size-3">Risk based transaction monitoring<br /> <br /></span></li><li><span class="font-size-3">Metrics<br /> <br /></span></li><li><span class="font-size-3">Forensics<br /> <br /></span></li><li><span class="font-size-3">User / Employee/ Management Awareness<br /> <br /></span></li><li><span class="font-size-3">Customer Education and Awareness</span></li></ol><p></p><p style="text-align:left;"><span class="font-size-3">As per the framework, Banks should set up and operationalize cyber security operation center (C-SOC). Because threats are changing rapidly, and reactive methodology which can deal with known threats, will not work here. So, banks should adopt for proactive methodology to deal with the unknown threats.</span></p><p style="text-align:left;"><span class="font-size-3">To help banks strengthen their cybersecurity initiatives, and cyber security preparedness RBI has also set up its new IT subsidiary, appointing a new CEO Nandkumar Sarvade, retired IPS officer and an expert in bank fraud and terrorism cases.</span></p><p style="text-align:left;"></p><p style="text-align:left;"></p><p style="text-align:left;"><span class="font-size-3">Want To Join Top Banks and Implement The Mandatory RBI Cyber Security Framework? <a href="http://event.cisoplatform.com/reserve-bank-of-india-security-guidelines/" target="_blank">Click Here</a> To Show Interest</span></p><p style="text-align:left;"></p><p style="text-align:left;"><span class="font-size-3"><a href="http://event.cisoplatform.com/reserve-bank-of-india-security-guidelines/" target="_blank"><img width="676" src="{{#staticFileLink}}8669813283,original{{/staticFileLink}}" class="align-center" alt="8669813283?profile=original" /></a></span></p><div><div><div><p style="text-align:left;"></p></div></div></div><p><br /> <br /> <br /> <br /> <a href="http://goo.gl/uhuF4Q"><br /></a></p></div>Top Cyber security assessment frameworks for Banks around the Globehttps://www.cisoplatform.com/profiles/blogs/top-security-frameworks-for-banks-around-the-globe2016-08-18T06:30:00.000Z2016-08-18T06:30:00.000ZAmit, CISO Platformhttps://www.cisoplatform.com/members/AmitCISOPlatform<div><p><span class="font-size-3">Cyber security is an increasing concern for every business. And especially for banks who held a lot of confidential data and transaction details, it is utmost important for banks to have required cyber security solution and processes at the place.</span></p><p><span class="font-size-3">Many regulatory bodies like RBI in India, FFIEC in U.S., monetary authority of Singapore (MAS), etc. have made it compulsory for banks to follow some specific guidelines and created the frameworks to help them in finding the gaps in the existing system.</span></p><p><span class="font-size-3">In this article, I will be covering some of the top security frameworks for the banks around the globe.</span></p><p></p><p><span class="font-size-3"><strong><a href="https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_CEO_Board_Overview_June_2015_PDF1.pdf" target="_blank">FFIEC Cybersecurity Assessment Tool:</a></strong></span></p><p><span class="font-size-3">FFIEC stands for Federal Financial Institutions Examination Council. FFIEC has taken numerous initiatives to raise the awareness of the cybersecurity risks and the need to identify, assess, and mitigate these risks among financial institutions and their critical third-party service providers.</span></p><p><span class="font-size-3">In June 2013, the FFIEC announced the creation of the Cybersecurity and Critical Infrastructure Working Group to enhance communication among the FFIEC member agencies and help in strengthening the activities of other interagency and private sector groups related to cyber security by assessing and enhancing the state of the industry preparedness and identifying gaps in the regulators' examination procedures and training.</span></p><p></p><p><span class="font-size-3"><strong><a href="http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf" target="_blank">NIST Cyber Security Framework:</a></strong></span></p><p><span class="font-size-3">The National Institute of Standards and Technology (NIST) is a measurement standards laboratory and a non-regulatory agency of the United States Department of Commerce with a mission of promoting innovation and industrial competitiveness.</span></p><p><span class="font-size-3">The NIST Cybersecurity Framework provides a common language and mechanism for organizations to:</span> <br /> <span class="font-size-3">1) describe current cybersecurity posture;</span> <br /> <span class="font-size-3">2) describe their target state for cybersecurity;</span> <br /> <span class="font-size-3">3) identify and prioritize opportunities for improvement within the context of risk management;</span> <br /> <span class="font-size-3">4) assess progress toward the target state; 5) foster communications among internal and external stakeholders.</span></p><p><span class="font-size-3">The Interesting thing about NIST Cybersecurity Framework is that it complements, and does not replace, an organization’s existing business or cybersecurity risk management process and cybersecurity program. Rather, the organization can use its current processes and leverage the NIST Cybersecurity Framework to identify opportunities to improve an organization’s cybersecurity risk management. It also provides a consensus description of what's needed for a comprehensive cybersecurity program.</span></p><p></p><p><span class="font-size-3"><strong><a href="http://www.bankofengland.co.uk/financialstability/fsc/Documents/cbestimplementationguide.pdf" target="_blank">The Bank of England's CBEST vulnerability testing framework:</a></strong></span></p><p><span class="font-size-3">CBEST vulnerability testing framework is an intelligence-led testing framework, which was devised by the UK Financial Authorities in conjunction with CREST (the Council for Registered Ethical Security Testers) and Digital Shadows.</span></p><p><span class="font-size-3">The official launch of CBEST was done on 10 June</span><span class="font-size-3"> 2013.</span></p><p><span class="font-size-3">CBEST uses intelligence from government and accredited commercial providers to identify potential attackers to a particular financial institution. It then replicates the techniques these potential attackers use in order to test the extent to which they may be successful in penetrating the defenses of the institution, allowing a firm to understand where they are vulnerable and prepare and implement remediation plans.</span></p><p><span class="font-size-3">The aim of this framework is to assist the boards of financial firms and infrastructure providers, and regulators, in improving their understanding of the types of cyber-attack that could undermine financial stability in the UK, and the extent to which the UK financial sector is vulnerable to those attacks.</span></p><p></p><p><span class="font-size-3"><strong><a href="http://cipherproject.eu/wp-content/uploads/2014/05/CIPHER_D2.3_final1.pdf" target="_blank">Cyber security and privacy framework for Privately Held Information Systems (the CIPHER framework):</a></strong></span></p><p><span class="font-size-3">PHIS (Privately Held Information Systems) are defined as computer systems that are owned by organisations, both public and private, and that contain private data collected from their customers.</span></p><p><span class="font-size-3">The CIPHER framework addresses digitalised types of information, electronic systems</span>, <span class="font-size-3">and means for data exchange, processing, and maintenance (not paper documents).</span></p><p><span class="font-size-3">The main objective of the CIPHER methodological framework is to propose a set of methods and best practices for cyber security of Privately Held Information Systems (PHIS).</span><br /> <span class="font-size-3">The key characteristics of the CIPHER methodological framework are:</span></p><p></p><ul><li><span style="font-size:12pt;">Technology independent (versatility) – This means applicable for every organisation operating in every domain, can be applied even if technologies are getting older or are replaced by new ones. </span></li></ul><ul><li><span class="font-size-3">User-centric – explicitly focuses on the key users, namely: PHIS owners, PHIS developers, and citizens. </span></li></ul><ul><li><span style="font-size:12pt;">Practicality –lists practical guidelines and controls to follow in order to enhance or check if the organisation is protecting the data from cyber threats. </span></li></ul><ul><li><span style="font-size:12pt;">Easy to use and user-friendly – not requiring a special expertise from organisations and individuals.</span></li></ul><p><span class="font-size-3">Some of the other security frameworks which may be useful for CISOs who are implementing cyber security guidelines, are as following:</span></p><p><span class="font-size-3"><a href="http://www.bsa.org/~/media/Files/Policy/Security/EU/study_eucybersecurity_en.pdf" target="_blank">EU Cybersecurity Dashboard</a></span><br /> <span class="font-size-3"><a href="https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map" target="_blank">National cyber security strategy (NCSS) by ENISA (European Union agency for Network and Information Security)</a></span><br /> <span class="font-size-3"><a href="https://www.enisa.europa.eu/publications/an-evaluation-framework-for-cyber-security-strategies-1" target="_blank">An evaluation framework for Cyber Security Strategies</a></span></p><p><span class="font-size-3">There are frameworks issued by the local regulatory bodies of a country like Reserve Bank of India (RBI) issued <a href="https://rbidocs.rbi.org.in/rdocs/notification/PDFs/NT41893F697BC1D57443BB76AFC7AB56272EB.PDF" target="_blank">cyber security framework in banks</a>, <a href="http://www.mas.gov.sg/~/media/MAS/Regulations%20and%20Financial%20Stability/Regulatory%20and%20Supervisory%20Framework/Risk%20Management/TRM%20Guidelines%2021%20June%202013.pdf" target="_blank">Technology Risk Management (TRM) Guidelines by Monetary Authority of Singapore (MAS)</a>, <a href="http://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20160524e1.pdf" target="_blank">Cybersecurity Fortification Initiative by Hong Kong Monetary Authority (HKMA)</a>. You can find the overview of these frameworks as following:</span></p><p></p><p><span class="font-size-3"><strong><a href="https://rbidocs.rbi.org.in/rdocs/notification/PDFs/NT41893F697BC1D57443BB76AFC7AB56272EB.PDF" target="_blank">RBI’s Cyber Security Framework in Banks:</a></strong></span></p><p><span class="font-size-3">Information security talks about the confidentiality, integrity, and availability of information. While cyber security means securing the information from the cyber-attacks in the cyber world. These two words are very confusing and people use them synonymously. To find the difference between these words you can refer “<a href="http://www.cisoplatform.com/profiles/blogs/understanding-difference-between-cyber-security-information?xg_source=activity" target="_blank">Cyber security vs. Information security</a>” article.</span></p><p><span class="font-size-3">RBI has mandated banks to follow specific guidelines based on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds (G.Gopalakrishna Committee) vide Circular DBS.CO.ITC.BC.No.6/31.02.008/2010-11 dated April 29, 2011.</span></p><p><br /> <span class="font-size-3">As per the guidelines, measures suggested for implementation cannot be static and banks need to pro-actively create/fine-tune/modify their policies, procedures, and technologies based on new developments and emerging concerns.</span></p><p><br /> <span class="font-size-3">You can refer</span><span class="font-size-3"> our article “<a href="http://www.cisoplatform.com/profiles/blogs/rbi-cyber-security-framework-key-takeaways" target="_blank">Key takeaways from RBI cyber security framework</a>” for the highlights of the RBI cyber security framework.</span></p><p></p><p><strong><span class="font-size-3"><a href="http://www.mas.gov.sg/~/media/MAS/Regulations%20and%20Financial%20Stability/Regulatory%20and%20Supervisory%20Framework/Risk%20Management/TRM%20Guidelines%2021%20June%202013.pdf" target="_blank">Technology Risk Management (TRM) Guidelines by Monetary Authority of Singapore (MAS):</a></span></strong></p><p><span class="font-size-3">TRM Guidelines published by The Monetary Authority of Singapore (MAS) has a strong regional and global impact. These guidelines are not just limited to banks.</span> <br /> <span class="font-size-3">Types of organizations included are:</span></p><ul><li><span style="font-size:12pt;">Finance Companies</span></li><li><span style="font-size:12pt;">Insurance Companies</span></li><li><span style="font-size:12pt;">Financial Advisers</span></li><li><span style="font-size:12pt;">Securities Exchanges</span></li><li><span style="font-size:12pt;">Futures Exchanges</span></li><li><span style="font-size:12pt;">Clearing Houses</span></li></ul><p><br /> <span class="font-size-3">While these Guidelines are not mandatory, they do provide good direction to financial institutions on tackling cybersecurity and cyber threats. </span></p><p></p><p><span class="font-size-3"><strong><a href="http://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20160524e1.pdf" target="_blank">Cybersecurity Fortification Initiative (CFI) by Hong Kong Monetary Authority (HKMA):</a></strong></span></p><p><span class="font-size-3">Cybersecurity Fortification Initiative (CFI) is being pursued by the Hong Kong Monetary Authority (HKMA) in collaboration with the banking industry.</span></p><p><span class="font-size-3">To enhance the cyber resilience of the banking sector, the HKMA has been working closely with the banking sector to develop the CFI, which is underpinned by three pillars outlined below</span></p><ol><li><span style="font-size:12pt;"><strong>Cyber Resilience Assessment Framework:</strong> It is a risk-based framework for Authorized Institutions to assess their own risk profiles and benchmark the level of defence and resilience required for appropriate protection against cyber attacks.</span></li><li><span style="font-size:12pt;"><strong>Professional Development Programme:</strong> It seeks to increase the supply of qualified professionals in cybersecurity domain. </span></li><li><span style="font-size:12pt;"><strong>Cyber Intelligence Sharing Platform:</strong> It provides an effective infrastructure for sharing intelligence on cyber attacks.</span></li></ol><p><span class="font-size-3">I hope this article has helped you to know some of the best frameworks for banking industry around the globe. This article might be useful for people who want to implement cybersecurity framework and do risk assessment in their organizations.</span></p></div>Classification of IoT Deviceshttps://www.cisoplatform.com/profiles/blogs/classification-of-iot-devices2017-02-18T09:00:00.000Z2017-02-18T09:00:00.000ZNagasaihttps://www.cisoplatform.com/members/Nagasai<div><p></p><p><span class="font-size-3"><a href="{{#staticFileLink}}8669812656,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669812656,original{{/staticFileLink}}" width="668" class="align-full" alt="8669812656?profile=original" /></a></span><span style="font-size:12pt;"><br /> A typical architecture of an IoT solution consists of constrained devices, gateways or border routers and the cloud platform. On a high level architecture perspective there are two types of devices: constrained devices and gateway-like devices.</span></p><p><span class="font-size-3">The <strong>gateway</strong>-like devices use powerful processors, extendable memories and no constraints on power source. They can route data to the cloud servers or aggregate/store data to deal with network latencies. Typically they run Linux operating system with application containers and provision for remote management.</span></p><p><span class="font-size-3">The <strong>constrained devices</strong> are end nodes with sensors/actuators that can handle a specific application purpose. They are usually connected to gateway-like devices, low power lossy network, and in-turn communicates with the IoT cloud platforms. Typically they communicate via low power wireless protocols like BLE, 802.15.4 (6LoWPAN, Zigbee, Thread, WirelessHART etc), LPWAN etc and mostly battery powered with low data rate.</span></p><p><span class="font-size-3"><a href="{{#staticFileLink}}8669812471,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669812471,original{{/staticFileLink}}" width="392" height="213" class="align-center" alt="8669812471?profile=original" /></a></span></p><p><span class="font-size-3">The constraints of these devices are</span></p><ul><li><span class="font-size-3">Code complexity (ROM/Flash), Size of state and buffers (RAM)</span></li><li><span class="font-size-3">Processing power</span></li><li><span class="font-size-3">Available power source and that has limits on reachability over time, if battery powered.</span></li><li><span class="font-size-3">User interface and accessibility in deployment</span></li><li><span class="font-size-3">Bitrate/Throughput</span></li><li><span class="font-size-3">Highly asymmetric link characteristics</span></li><li><span class="font-size-3">Cost</span></li><li><span class="font-size-3">Physical size</span></li></ul><p><span style="font-size:1.5em;" class="font-size-3">In order to simplify the overwhelming variety of constrained devices that could be connected to the internet, IETF has published an RFC 7228 that classifies the constrained devices into three categories as shown in the table below.</span></p><p style="text-align:center;"><span style="font-size:1.5em;" class="font-size-3">Classes of Constrained Devices</span></p><p><span class="font-size-3"><a href="{{#staticFileLink}}8669812500,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669812500,original{{/staticFileLink}}" width="556" alt="8669812500?profile=original" /></a></span></p><p><span class="font-size-3"><span style="font-size:12pt;"><strong>Class 0:</strong> Class 0 devices have constraints in memory(<<10KiB of RAM and <<100KiB of Flash) and processing capabilities. These devices has severe constraints to communicate securely with internet, so they typically pre-configured and are connected to </span><span style="font-size:12pt;">proxies, gateways, or servers for internet communication.</span></span></p><p><span class="font-size-3">An open source IoT OS like Contiki takes around 8-20 KiB of RAM and ~100 KiB of flash. </span><span style="font-size:12pt;">In table 1 and table 2, by Oikonomou, G et al, the code and memory footprint for various components of the Contiki operating system were listed. Table 1 consists of message generation and handling and does not include routing table processing or packet forwarding. So the complete stack (without security and routing) needs around 90 kiB of flash and 5.5 kiB of RAM. Enabling TCP increases the code by 11 KiB and RAM usage by about 600 bytes.</span></p><p style="text-align:center;"><span class="font-size-2">Table 1</span></p><p><span style="font-size:12pt;" class="font-size-3"><a href="{{#staticFileLink}}8669813064,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669813064,original{{/staticFileLink}}" width="334" class="align-center" alt="8669813064?profile=original" /></a></span></p><p></p><p><span class="font-size-3">As the number of nodes increases, the size requirements for the routing and neighbour tables increases in Contiki. As shown in Table 2, it takes from 5.5 KiB to 9 KiB of RAM size.</span></p><p style="text-align:center;"><span class="font-size-2">Table 2</span></p><p><span style="font-size:12pt;" class="font-size-3"><a href="{{#staticFileLink}}8669812886,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669812886,original{{/staticFileLink}}" width="353" class="align-center" alt="8669812886?profile=original" /></a></span></p><p><span class="font-size-3">From the above tables, minimal network stack takes up most of the resources of class 0 devices and it is tough to fit anything more like security layer and application layer protocols like MQTT, CoAP, EXI etc</span></p><p><strong><span class="font-size-3">Class 1: </span></strong><span style="font-size:12pt;">Class 1 devices can have low power IoT stack [UDP, CoAP, leight weigh security protocols like DTLS etc] but </span><span style="font-size:12pt;">quite constrained in code space and processing capabilities to employing a full protocol stack such as using HTTP, TLS, and related security protocols and data representations with out a gateway. </span></p><p><span style="font-size:12pt;" class="font-size-3"><strong>Class 2:</strong> Class 2 devices are less constrained and can perform at par with mobiles phones/notebooks in</span><span style="font-size:12pt;"> supporting most the protocol stacks. They have to be</span><span style="font-size:12pt;"> lightweight with energy-efficient protocols and less bandwidth consumption. Using Class 2 devices might reduce development costs and increase the interoperability.</span></p><p><span style="font-size:12pt;text-decoration:underline;">References:</span></p><p><span class="font-size-3">1. C. Bormann, M. Ersue and A. Keranen , “Terminology for Constrained Node Networks” <a href="https://tools.ietf.org/html/rfc7228">https://tools.ietf.org/html/rfc7228</a></span></p><p><span class="font-size-3">2. Eclipse IoT White Paper, "The Three Software Stacks Required for IoT Architectures"</span></p><p><span class="font-size-3">3. Oikonomou, G., Phillips, I., Experiences from porting the Contiki operating system to a popular hardware platform.</span></p><p></p><p></p></div>Top Cyber Security Mistakes Startups Makehttps://www.cisoplatform.com/profiles/blogs/top-cyber-security-mistakes-startups-make2019-11-28T10:00:00.000Z2019-11-28T10:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span>Here We are going to discuss about some of the top cyber security mistakes startups make. Thanks to the flourishing start-up ecosystem, there is a surge of entrepreneurs coming up with innovative and bright ideas and delivering great products and services.</span></p>
<p> </p>
<p><span>Today in the DevOps world, the startup philosophy is to try to get the product out in the market as quickly as possible. This is due to fact that startups during their early stages aim for rapid growth. However, Cybersecurity today is a growing challenge among big and small companies alike. For small business information protection is even more important as it can adversely affect the business and even force the company out of business in some cases.</span></p>
<h2><span> </span></h2>
<p><span><strong>List of the top cyber security mistakes startups make :</strong></span></p>
<ul>
<li><h3><span><b>Security an Afterthought:</b></span></h3>
<p><span><b>Security is always an afterthought for startups. Most startups go for security assessment because either some customer has specifically asked for it or they want to comply with some industry regulations. Startups security approach is in most cases reactive.</b></span></p>
</li>
</ul>
<p> </p>
<ul>
<li><h3><span><b>No Security testing and security architecture review of product and services: </b></span></h3>
<p><span>Startups primary focus is on how to make their idea work. All they think about is faster product development, frequent feature releases and fast time to market. In this case security takes a backseat. In this process, the final product is inherently insecure and has many common security loopholes. Cost of fixing a vulnerability in production can be up to 30x of the cost of fixing it at earlier stages.</span></p>
</li>
</ul>
<p> </p>
<ul>
<li><h3><span><b>No process for timely system update and patching:</b></span></h3>
<p><span><b>Since there is no defined security roles in startups, the systems and platforms used to develop the product are left unpatched for critical vulnerabilities for long time. This exposes the systems for external attacks and sometimes becomes victims of malware campaigns on internet.</b></span></p>
</li>
</ul>
<p> </p>
<ul>
<li><h3><span><b>No security awareness for employees:</b></span></h3>
<p><span><b>There is no security awareness to employees. Many startups employees use their personal devices to handle and manipulate and store sensitive data and files. Such devices are carelessly managed and company has no security oversight on them. This increases the possibility of data breaches through their devices. Employees must be educated of security implications of such incidents and must be trained in security best practices to maintain proper security hygiene</b></span></p>
</li>
</ul>
<p> </p>
<ul>
<li><h3><span><b>Use of public cloud for storage and delivery, without any security and risk oversight:</b></span></h3>
<p><span><b>Startups often use public cloud services like O365, Dropbox, Google drive etc. for collaboration and convenience of file sharing. They also use AWS and other public cloud services to host their applications and run critical business functions. While these services are cost-effective, they surely come with their own share of risk. Startups are required to assess and implement proper security measures before considering these services. Failing which they may violate compliance requirement or become victim of data breaches and cyber-attacks.</b></span></p>
</li>
</ul>
<p> </p>
<ul>
<li><h3><span><b>Ad-hoc Focus on Prevention, None on Detection & Response:</b></span></h3>
<p><span>Most organisations take an ad-hoc approach to implementing security controls, primarily focusing on prevention (e.g.: Endpoint Security / Antivirus, Firewall etc.), but have not thought about detecting or responding to breaches in a timely manner. Detection & response should be a key component of any security program in a startup.</span></p>
</li>
</ul>
<p></p>
<p> </p></div>Top Emerging Cyber Security Vendors To Look Out For In 2018https://www.cisoplatform.com/profiles/blogs/top-emerging-cyber-security-vendors-to-look-out-for-in-20182019-11-28T11:30:00.000Z2019-11-28T11:30:00.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div><ul>
<li><span>Looking for Top Emerging Companies in the Cyber Security Industry? FireCompass presents 50 Emerging Cyber Security Vendors to look out for in 2018. We don’t claim this is exhaustive list because there might be a possibility that we might have missed some of the products. But still we gave our best to give you the top guns who are uniquely innovative in their area of expertise.</span></li>
<li><span>Lets have a look at 50 Emerging Cyber Security Vendors for year 2018:</span></li>
</ul>
<p> </p>
<p><a href="https://www.firecompass.com/security/vendors/acalvio-technologies"><strong><span style="font-size:12pt;">Acalvio T</span><span style="font-size:12pt;">echnologies</span></strong></a></p>
<p><a href="https://www.firecompass.com/security/vendors/acalvio-technologies"><img class="acalvio-firecompass-emerging-vendors-2018 aligncenter wp-image-7455 size-medium align-center" title="acalvio-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/04/acalvio_1_-300x107.jpg" alt="acalvio-firecompass-emerging-vendors-2018" width="300" height="107" /></a></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/acalvio-technologies"><strong>Acalvio</strong></a> is an innovator in delivering Advanced Defense solutions using a combination of Distributed Deception and Data Science technologies. Led by a seasoned team of security, networking, data science professionals, Acalvio allows security practitioners in detecting, engaging and responding to malicious activity with high precision in a timely and cost-effective fashion. Acalvio was selected as one of the top cyber security company at RSA Innovation Sandbox 2018. To know more:<a href="https://www.firecompass.com/security/vendors/acalvio-technologies"> https://www.firecompass.com/security/vendors/acalvio-technologies</a></li>
</ul>
<p></p>
<p> </p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Aporeto</strong></span></p>
<p><img class="aporeto-firecompass-emerging-vendors-2018 aligncenter wp-image-7984 size-medium align-center" title="aporeto-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Aporeto-300x70.png" alt="aporeto-firecompass-emerging-vendors-2018" width="300" height="70" /></p>
<ul>
<li><span><strong>Aporeto</strong> is a Zero Trust security solution for microservices, containers and the cloud. Fundamental to Aporeto’s approach is the principle that everything in an application is accessible to everyone and could be compromised at any time. Aporeto uses identity context, vulnerability data, threat monitoring and behavior analysis to build and enforce authentication, authorization and encryption policies for applications. With Aporeto, enterprises implement a uniform security policy decoupled from the underlying infrastructure, enabling workload isolation, API access control and application identity management across public, private or hybrid cloud.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/aqua-security-inc-"><strong>Aqua Security</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/aqua-security-inc-"><img class="aqua-firecompass-emerging-vendors-2018 aligncenter wp-image-7985 size-medium align-center" title="aqua-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/aqua_security-300x108.png" alt="aqua-firecompass-emerging-vendors-2018" width="300" height="108" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/aqua-security-inc-">Aqua Security</a></strong> provides scalable security for the complete development-to-deployment lifecycle of containerized applications. It enable companies to use containers for their many benefits without compromising their application and data security.</span> <span>It helps enterprises to secure their virtual container environments from development to production, accelerating container adoption and bridging the gap between DevOps and IT security.</span><span>Aqua’s Container Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks, providing transparent, automated security while helping to enforce policy and simplify regulatory compliance. </span> </li>
</ul>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Armis</strong></span></p>
<p><img class="armis-firecompass-emerging-vendors-2018 aligncenter wp-image-7988 size-medium align-center" title="armis-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/armis-1-300x86.png" alt="armis-firecompass-emerging-vendors-2018" width="300" height="86" /></p>
<ul>
<li><span><strong>Armis Security</strong> is an agentless IoT security solution that lets enterprises see and control any device or network. It eliminates the IoT security blind spot, letting enterprises instantly see and control unmanaged or rogue devices and networks. It specializes in IoT Security, network security, mobile security, DDoS, wireless security, Botnets, and Ransomware.</span></li>
</ul>
<p> </p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/attivo-networks">Attivo Networks</a></strong></span><a href="https://www.firecompass.com/security/vendors/attivo-networks"><img class="attivo-firecompass-emerging-vendors-2018 aligncenter wp-image-7990 size-full align-center" title="attivo-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Attivo_Corp_Logo-e1530009474879.png" alt="attivo-firecompass-emerging-vendors-2018" width="204" height="102" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/attivo-networks">Attivo Networks®</a></strong> is an award-winning leader in deception technology for real-time detection, analysis, and acceleration of incident response to cyber-attacks. The Attivo ThreatDefend™ Deception and Response Platform provides early detection of advanced, stolen credential, ransomware, and phishing attacks that are inside user networks, data centers, clouds, IoT and ICS-SCADA environments. By deceiving attackers into revealing themselves, comprehensive attack analysis is efficiently gathered, actionable alerts raised, and response actions automated with prevention system integrations. </span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/avanan-inc-">Avanan</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/avanan-inc-"><img class="avanan-firecompass-emerging-vendors-2018 aligncenter wp-image-7991 size-medium align-center" title="avanan-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/avanan--300x104.png" alt="avanan-firecompass-emerging-vendors-2018" width="300" height="104" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/avanan-inc-">Avanan</a></strong> operates a cloud-based platform to provide security solutions for public, SaaS-based applications. The product is designed for organizations that need to monitor and protect their employees’ use of the cloud.</span> <span>AVANAN protects your data in the cloud with the same industry-leading security you trust in your datacenter. The cloud-based platform is completely out-of-band, requires no proxy, and can be deployed in just 10 minutes. It provides seamless policy governance across users and data in the cloud. </span></li>
</ul>
<p> </p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Awake Security</strong></span></p>
<p><img class="awake-firecompass-emerging-vendors-2018 aligncenter wp-image-7992 size-medium align-center" title="awake-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/awake-security-300x64.png" alt="awake-firecompass-emerging-vendors-2018" width="300" height="64" /></p>
<ul>
<li><span>The <strong>Awake Security</strong> Investigation Platform enables rapid, iterative and conclusive alert investigations as well as threat hunting by placing the context that security teams need at their fingertips. Gathering this context manually, if even possible, can take hours of combing through dozens of data sources. Awake reduces time-to-truth to mere minutes with a quick-to-deploy, no tuning required, platform that builds on more than two years of R&D with over 200 security teams.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><strong>Balbix</strong></span></p>
<p><img class="balbix-firecompass-emerging-vendors-2018 aligncenter wp-image-8078 size-medium align-center" title="balbix-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/balbix-300x114.png" alt="balbix-firecompass-emerging-vendors-2018" width="300" height="114" /></p>
<ul>
<li><strong>Balbix</strong>’s predictive breach risk platform is the industry’s first system to leverage predictive analytics and AI to provide enterprises with a comprehensive and continuous risk and resilience calculation visualized via a searchable and clickable heat map. We designed our platform for CIOs, CISOs and IT security teams who wish to proactively understand their breach risk and cyber-resilience. The Balbix system can predict critical breach scenarios, help users prioritize security operations and projects, and ultimately improve cyber-resilience.</li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/bastille"><strong>Bastille</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/bastille"><img class="bastille-firecompass-emerging-vendors-2018 aligncenter wp-image-7993 size-medium align-center" title="bastille-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/bastille-300x105.png" alt="bastille-firecompass-emerging-vendors-2018" width="300" height="105" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/bastille">Bastille</a></strong> is revolutionizing the way Enterprises approach security. As new threats emerge from the Internet of Things, Bastille is the only solution offering full spectrum scanning of the entire corporate airspace, delivering an unprecedented view of wireless risks before they have a chance to impact networks, people or assets. This visibility, combined with machine learning and behavioral analytics, provides a holistic view of wireless environments, complimenting Wi-Fi and traditional security architectures. </span></li>
</ul>
<p></p>
<p></p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/bigid-inc-">BigID</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/bigid-inc-"><img class="bigid-firecompass-emerging-vendors-2018 aligncenter wp-image-2307 align-center" title="bigid-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2017/04/BigID-e1530620508451.jpg" alt="bigid-firecompass-emerging-vendors-2018" width="244" height="106" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/bigid-inc-">BigID</a> </strong>is transforming enterprise protection and privacy of personal data. Organizations are facing record breaches of personal information and proliferating global privacy regulations with fines reaching 4% of annual revenue. Today enterprises lack dedicated purpose-built technology to help them track and govern their customer data for regulations like GDPR. By bringing data science to data privacy, BigID aims to give enterprises the software to safeguard and steward the most important asset organizations manage: their customer data. To know more </li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/bricata">Bricata</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/bricata"><img class="bricata-firecompass-emerging-vendors-2018 aligncenter wp-image-7996 align-center" title="bricata-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Bricata-Blog-Header-e1530010164181-300x55.png" alt="bricata-firecompass-emerging-vendors-2018" width="404" height="74" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/bricata">Bricata</a></strong> network security solutions deliver innovative next generation intrusion prevention, advanced threat detection and analysis, and threat hunting to enable large organizations to actively pursue and identify advanced, persistent, and coordinated attacks. A specialized component-based approach to today’s attacks has left organizations with a stack of tools to manage that provide a patchwork of uncorrelated data, leaving penetrable gaps and inconsistent security policies. The Bricata platform provides organizations with process automation, streamlining operations with the most effective, affordable solution for situational awareness and proactive threat defense, reducing complexity, dwell time and time to containment. To know more: </span></li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><strong>Capsule8</strong></span></p>
<p><img class="capsule8-firecompass-emerging-vendors-2018 aligncenter wp-image-7997 size-medium align-center" title="capsule8-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/capsule8-300x90.png" alt="capsule8-firecompass-emerging-vendors-2018" width="300" height="90" /></p>
<ul>
<li><span><strong>Capsule8</strong> is developing the industry’s first and only threat prevention and response platform purpose-built for cloud-native environments. Founded in 2016 by experienced hackers and seasoned security entrepreneurs, and funded by Bessemer Venture Partners, Capsule8 is making it possible for Linux-powered enterprises to modernize without compromise.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/cato-networks">Cato Networks</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/cato-networks"><img class="cato-firecompass-emerging-vendors-2018 aligncenter wp-image-8080 size-medium align-center" title="cato-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/download-300x125.png" alt="cato-firecompass-emerging-vendors-2018" width="300" height="125" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/cato-networks">Cato Networks</a></strong> provides organizations with a cloud-based and secure global SD-WAN. They deliver an integrated networking and security platform that securely connects all enterprise locations, people and data. The Cato Cloud reduces MPLS connectivity costs, eliminates branch appliances, provides direct, secure Internet access everywhere, and seamlessly integrates mobile users and cloud infrastructures into the enterprise network. Based in Tel Aviv, Israel, Cato Networks was founded in 2015 by cyber security luminary Shlomo Kramer, who previously cofounded Check Point Software Technologies and Imperva, and Gur Shatz, who previously cofounded Incapsula. </li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/cryptomove-inc-">CryptoMove</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/cryptomove-inc-"><img class="cryptomove-firecompass-emerging-vendors-2018 aligncenter wp-image-8081 size-medium align-center" title="cryptomove-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/cryptomove-300x115.png" alt="cryptomove-firecompass-emerging-vendors-2018" width="300" height="115" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/cryptomove-inc-">CryptoMove</a></strong> provides decentralized moving target data protection as a service. The #1 risk to data is that it is a centralized and stationary target. Today’s data at rest protection methods have not changed in decades, are too difficult to implement, suffer from poor UX, don’t deliver value to end-users, and fail to address many threats to data including exfiltration, corruption, destruction, and ransomware. CryptoMove’s patented platform flips attack-defense asymmetry and provides crown jewel protection as a service.</li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/cryptomove-inc-"><strong>Cyber adapt</strong></a></span></p>
<p><img class="cyberadapt-firecompass-emerging-vendors-2018 aligncenter wp-image-7999 align-center" title="cyberadapt-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Cyber-adAPT-300x51.png" alt="cyberadapt-firecompass-emerging-vendors-2018" width="412" height="70" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/cryptomove-inc-"><strong>Cyber adAPT®</strong></a>’s technology aims at protecting critical business assets by helping companies detect the presence of sophisticated adversaries hiding inside enterprise networks.Since the majority of available security tools have been deployed to safeguard against anticipated threats rather than alerting on suspicious “inside” activities, Cyber adAPT® is on a mission to not only educate about the growing scope of the threat ecosystem, but also to help ensure that the security postures and practices companies around the world adopt are sufficient and work holistically to protect their digital property as well as their reputation.<a href="https://www.firecompass.com/security/vendors/cryptomove-inc-"></a></li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/cybergrx"><b>CyberGRX</b></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/cybergrx"><img class="cyberGRX-firecompass-emerging-vendors-2018 aligncenter wp-image-7459 size-full align-center" title="cyberGRX-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/04/cybergrx_finallogo_stacked_fullcolor.jpg" alt="cyberGRX-firecompass-emerging-vendors-2018" width="268" height="137" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/cybergrx">CyberGRX</a> </strong>provides enterprises and their third parties with the most cost-effective and scalable approach to third-party cyber risk management today. Built on the market’s first third-party cyber risk Exchange, CyberGRX arms organizations with a dynamic stream of third party-data and advanced analytics so they can efficiently manage, monitor and mitigate risk in their partner ecosystems. Based in Denver, CO, CyberGRX was designed with partners including ADP, Aetna, Blackstone and Mass Mutual, and is backed by Allegis Capital, Bessemer Venture Partners, Blackstone, ClearSky, GV (formerly Google Ventures), MassMutual Ventures, Rally Ventures and TenEleven Ventures. CyberGRX is chosen among top cyber security company as finalists at RSA Innovation Sandbox 2018 for showcasing innovative excellence.<a href="https://www.firecompass.com/security/vendors/cybergrx"></a></li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/deep-instinct"><strong>Deep Instinct</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/deep-instinct"><img class="deepinstinct-firecompass-emerging-vendors-2018 aligncenter wp-image-8002 size-medium align-center" title="deepinstinct-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Deepinstict-300x60.png" alt="deepinstinct-firecompass-emerging-vendors-2018" width="300" height="60" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/deep-instinct">Deep Instinct</a></strong> is the first company to apply deep learning to cyber security. It’s artificial brain learns to detect any type of cyber threat, its prediction capabilities become instinctive. As a result, zero-day and APT attacks are detected and prevented in real-time with unmatched accuracy. They bring a completely new approach to cyber security that is proactive and predictive. Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices. </span> </li>
</ul>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/ensilo"><strong>ensilo</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/ensilo"><img class="ensilo-firecompass-emerging-vendors-2018 aligncenter wp-image-8003 size-medium align-center" title="ensilo-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/enSilo-logo-300x145-300x145.jpg" alt="ensilo-firecompass-emerging-vendors-2018" width="300" height="145" /></a></p>
<ul>
<li><span><a href="https://www.firecompass.com/security/vendors/ensilo"><strong>enSilo</strong></a> delivers the first complete endpoint security platform providing pre- and post-infection protection in real-time, defending endpoint devices from data tampering and breaches caused by advanced malware. enSilo provides security operators with an intuitive way to manage, orchestrate and automate prevention, detection, response and remediation tasks. A single lightweight agent combines enSilo’s Next Generation AntiVirus (NGAV) and automated Endpoint Detection and Response (EDR) with real-time blocking to deliver a multi-layered defense strategy that can be managed from the cloud or on premise. enSilo strives to make self-defending endpoint security cost-effective so virtually any enterprise can ensure business continuity. </span></li>
</ul>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/exabeam"><strong>Exabeam</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/exabeam"><img class="exabeam-firecompass-emerging-vendors-2018 aligncenter wp-image-8005 size-medium align-center" title="exabeam-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/exabeam-e1530011172294-300x71.png" alt="exabeam-firecompass-emerging-vendors-2018" width="300" height="71" /></a></p>
<ul>
<li><span><a href="https://www.firecompass.com/security/vendors/exabeam"><strong>Exabeam</strong></a> provides security intelligence and management solutions to help organizations of any size protect their most valuable information. The Exabeam Security Intelligence Platform uniquely combines unlimited data collection at a predictable price, machine learning for advanced analytics, and automated incident response into an integrated set of products. The result is the first modern security intelligence solution that delivers where legacy SIEM vendors have failed.</span> </li>
</ul>
<p></p>
<p></p>
<p><span style="font-size:12pt;"><strong>Fortanix</strong></span></p>
<p><img class="fortanix-firecompass-emerging-vendors-2018 aligncenter wp-image-8006 size-medium align-center" title="fortanix-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/fortanix-300x66.png" alt="fortanix-firecompass-emerging-vendors-2018" width="300" height="66" /></p>
<ul>
<li><span><strong>Fortanix</strong> is building a new category Runtime Encryption using Intel SGX. Just like encryption today protects data at rest and data during motion, Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats including malicious insiders, cloud providers, OS-level hacks and network intruders. Customer gets deterministic security, unlike existing leaky security, which means their applications and data remain completely protected regardless of how the attacks originate and how root credentials are compromised.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/greathorn"><strong>GreatHorn</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/greathorn"><img class="greathorn-firecompass-emerging-vendors-2018 aligncenter wp-image-8082 size-medium align-center" title="greathorn-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/greathorn-300x56.png" alt="greathorn-firecompass-emerging-vendors-2018" width="300" height="56" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/greathorn">GreatHorn</a></strong> has cloud-native security platform for post-perimeter threat detection and response, natively integrated into G Suite, Office 365, Slack, and more. Provides enterprise security solutions for email, chat, and threat detection across multiple communication channels.Attacks on cloud email, chat, and collaboration tools are responsible for more than 90% of all data breaches. GreatHorn helps companies secure these platforms from advanced threats, simplify governance and compliance requirements, and communicate with confidence. </li>
</ul>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Hysolate</strong></span></p>
<p><img class="hysolate-firecompass-emerging-vendors-2018 aligncenter wp-image-8008 align-center" title="hysolate-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/hysolate_1_-300x34.jpg" alt="hysolate-firecompass-emerging-vendors-2018" width="309" height="35" /></p>
<ul>
<li><span><strong>Hysolate</strong> is re-architecting enterprise endpoints, resolving the conflict between security and productivity.</span> <span>With roots in the elite technology units of Israeli defense and in world-class enterprise software companies, the Hysolate team knows all about cyber security offense/defense and the daily challenges of enterprise IT. They’ve been building enterprise software for decades and are passionate about disrupting the traditional thinking about endpoints, cyber security and IT.</span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>iguazio</strong></span></p>
<p><img class="iguazio-firecompass-emerging-vendors-2018 aligncenter wp-image-8009 size-medium align-center" title="iguazio-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/iguazio-logo-1-e1530011601419-300x95.png" alt="iguazio-firecompass-emerging-vendors-2018" width="300" height="95" /></p>
<ul>
<li><span><strong>iguazio</strong> digitally transforms business value by streamlining data volumes to create actionable insights. Through its Continuous Data Platform for Real-time Applications, iguazio simplifies the development and deployment of data-driven applications to extend the cloud experience at the edge and on-premises. iguazio is a driving force in industries pertaining to manufacturing, smart mobility, the Internet of Things, media and cyber security.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/illumio"><strong>illumio</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/illumio"><img class="illumio-firecompass-emerging-vendors-2018 aligncenter wp-image-8017 size-medium align-center" title="illumio-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Illumio_logo-300x75.png" alt="illumio-firecompass-emerging-vendors-2018" width="300" height="75" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/illumio">Illumio</a></strong>, the leader in micro-segmentation, prevents the spread of breaches inside data center and cloud environments. Enterprises such as Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite use Illumio to reduce cyber risk and achieve regulatory compliance. The Illumio Adaptive Security Platform® uniquely protects critical information with real-time application dependency and vulnerability mapping coupled with micro-segmentation that works across any data center, public cloud, or hybrid cloud deployment on bare-metal, virtual machines, and containers. </span></li>
</ul>
<p></p>
<p></p>
<p><a href="https://www.firecompass.com/security/vendors/illusive-networks"><strong><span style="font-size:12pt;">Illusive Networks</span></strong></a></p>
<p><a href="https://www.firecompass.com/security/vendors/illusive-networks"><img class="illusive-firecompass-emerging-vendors-2018 aligncenter wp-image-8084 size-medium align-center" title="illusive-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/download-300x154.jpg" alt="illusive-firecompass-emerging-vendors-2018" width="300" height="154" /></a></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/illusive-networks"><strong>Illusive Networks</strong></a>, the leader in deception-based cyber security solutions, empowers security teams to preemptively harden their networks against advanced attackers, stop targeted attacks through early detection of lateral movement, and resolve incidents quickly. Agentless and intelligence-driven, Illusive technology significantly increases proactive defense capability with almost no operational overhead. Illusive’s Deceptions Everywhere® approach was pioneered by experts with decades of experience in cyber warfare and cyber intelligence. By proactively intervening in the attack process, technology-dependent organizations protect critical business assets and function with greater confidence in today’s complex, hyper-connected world.</li>
</ul>
<p></p>
<p><span style="font-size:14pt;"><strong><a href="https://www.cisoplatform.com/profiles/blogs/key-program-metrics-of-vulnerability-assessment" target="_blank">READ MORE >> Key Program Metrics of Vulnerability AssessmentIntsights</a></strong></span></p>
<p></p>
<p></p>
<div><span style="text-decoration:underline;font-size:12pt;"><strong>insights</strong></span></div>
<p><img class="wp-image-8143 size-medium aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/07/intsights-e1532004359225-300x103.jpg" alt="" width="300" height="103" /></p>
<ul>
<li>INTSIGHTS is an intelligence driven security provider, established to meet the growing need for rapid, accurate cyber intelligence and incident mitigation. Their founders are veterans of elite military cybersecurity and intelligence units, where they acquired a deep understanding of how hackers think, collaborate and act.They partner with organizations to boost their cybersecurity and remediate their cyberthreats. This is achieved through a subscription-based service which infiltrates the cyberthreat underworld to detect and analyze planned or potential attacks and threats that are specific to their partners.</li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Jask</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/jask"><img class="jask-firecompass-emerging-vendors-2018 aligncenter wp-image-8018 size-medium align-center" title="jask-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/JASK_logo-300x71.jpg" alt="jask-firecompass-emerging-vendors-2018" width="300" height="71" /></a></p>
<ul>
<li><span>Headed by industry leaders from ArcSight, Carbon Black, Cylance and the counter-intelligence community, JASK brings together decades of experience solving real-world SOC issues. Founded to address the technology gaps that restrict security modernization efforts, JASK is revolutionizing security operations to reduce organizational risk and improve efficiency through technology consolidation, enhanced AI and machine learning. JASK is backed by Dell Technologies Capital, TenEleven Ventures, Battery Ventures and Vertical Venture Partner. </span></li>
</ul>
<p></p>
<p> </p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Karamba Security</strong></span></p>
<p><img class="size-medium wp-image-8222 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/07/KarambaLogo-300x107.png" alt="" width="300" height="107" /></p>
<ul>
<li><span><strong>Karamba Security</strong> is a software company that focuses on securing automotive controllers and IoT devices from hackers in a simple, yet hermetic manner. It is led by a team comprised of security experts, serial entrepreneurs and business savvy executives with a track record of multiple IPOs and M&As.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/menlo-security">Menlo Security</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/menlo-security"><img class="menlosecurity-firecompass-emerging-vendors-2018 aligncenter wp-image-8020 size-medium align-center" title="menlosecurity-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/menlo-security-300x134.png" alt="menlosecurity-firecompass-emerging-vendors-2018" width="300" height="134" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/menlo-security">Menlo Security</a></strong>‘s patented Isolation Platform protects organizations from cyber attack by eliminating the threat of malware. The Platform isolates and executes all Web content in the cloud, enabling users to safely interact with websites, links and documents online without compromising security. Menlo Security is trusted by some of the world’s largest enterprises, including Fortune 500 companies and financial services institutions. </span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Obsidian Security</strong></span></p>
<p><img class="obsidian-firecompass-emerging-vendors-2018 aligncenter wp-image-8022 size-medium align-center" title="obsidian-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/obsidian-security-300x83.png" alt="obsidian-firecompass-emerging-vendors-2018" width="300" height="83" /></p>
<ul>
<li><span>Led by former founding team members of Cylance and Carbon Black, Obsidian Security is a Southern California technology company living at the intersection of cybersecurity, artificial intelligence, and hybrid-cloud environments. Backed by Greylock Partners, Obsidian Security is based in Newport Beach, CA.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>PerimeterX</strong></span></p>
<p><img class="perimeterx-firecompass-emerging-vendors-2018 aligncenter wp-image-8086 size-medium align-center" title="perimeterx-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/logo-300x75.png" alt="perimeterx-firecompass-emerging-vendors-2018" width="300" height="75" /></p>
<ul>
<li><strong>PerimeterX</strong> is a cyber security company that prevents automated web and mobile application attacks by detecting & protecting against malicious web behavior. To separate the actions of bots from those of normal users, PerimeterX uses artificial intelligence & machine learning to identify behaviors that are unlikely to represent human actions. This behavior based technology allows PerimeterX to detect and block the most sophisticated new forms of bot attacks in real-time with unparalleled accuracy. PerimeterX was named a Gartner Cool Vendor, and an AI 100 company by CBInsights, and was selected by DarkReading as Top 20 Cyber security Companies to Watch.</li>
</ul>
<p></p>
<p> </p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Preempt</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/preempt-security"><img class="preempt-firecompass-emerging-vendors-2018 aligncenter wp-image-8085 size-medium align-center" title="preempt-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/preempt-security_owler_20160302_205803_original-300x81.png" alt="preempt-firecompass-emerging-vendors-2018" width="300" height="81" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/preempt-security">Preempt</a></strong> was founded in 2014 by global security and networking experts with a passion for making IT security teams more effective in protecting their organizations from breaches and malicious insiders. They protects organizations by eliminating security threats. Threats are not black or white and the Preempt Platform is the only solution that preempts threats with continuous threat prevention that automatically adapts based on identity, behavior and risk. This ensures that both security threats and risky employee activities are responded to with the right level of security at the right time. The platform easily scales to provide comprehensive identity based protection across organizations of any size. </li>
</ul>
<p></p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/prevoty"><strong>Prevoty</strong></a></span><a href="https://www.firecompass.com/security/vendors/prevoty"><img class="prevoty-firecompass-emerging-vendors-2018 aligncenter wp-image-8023 size-medium align-center" title="prevoty-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/prevoty-300x80.png" alt="prevoty-firecompass-emerging-vendors-2018" width="300" height="80" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/prevoty">Prevoty</a></strong> provides a new RASP (runtime application self-protection) capability, enabling applications to protect themselves. Unlike traditional security approaches that try to defend against hackers at the network layer, Prevoty works inside the application itself and the analysis engine is smart enough to actively prevent anything malicious from executing. Prevoty is one of the most exciting new companies in the hot security market since, in addition to providing active protection and real-time threat intelligence, the technology can dramatically reduce the time and costs associated with implementation of a secure SDLC. </span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Qingteng</strong></span></p>
<p><img class="qinteng-firecompass-emerging-vendors-2018 aligncenter wp-image-8087 align-center" title="qinteng-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/04Qingteng-e1530688174675-300x78.jpg" alt="qinteng-firecompass-emerging-vendors-2018" width="331" height="86" /></p>
<ul>
<li><strong>Qingteng Cloud Security</strong> is a SaaS-based cloud security company in China. It is a China-based company that delivers server and cloud security based on Adaptive Security Architecture. Qingteng Cloud Security’s adaptive security platform can protect data on various cloud systems. Its technology can forecast, defend, and adapt to fend off new threats.</li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>ReFirm Labs </strong></span></p>
<p><img class="refirmlabs-firecompass-emerging-vendors-2018 aligncenter wp-image-7462 size-medium align-center" title="refirmlabs-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/04/rfl_1_-300x48.jpg" alt="refirmlabs-firecompass-emerging-vendors-2018" width="300" height="48" /></p>
<ul>
<li><strong>ReFirm Labs</strong> is an emerging leader in the IoT and connected device security space. With decades of experience securing devices for sensitive national security applications, our team has developed a new method for vetting and validating firmware that automates the process of detecting security flaws in connected devices and mitigating them. Our Centrifuge Platform is at the forefront of this approach and is the first to deliver this capability to the commercial market. Our technology is already helping global companies secure their products by testing their firmware during and after the development process, and monitor for new vulnerabilities.</li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/safebreach"><strong>SafeBreach</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/safebreach"><img class="safebreach-firecompass-emerging-vendors-2018 aligncenter wp-image-8088 align-center" title="safebreach-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/download-1-e1530688727292-300x58.png" alt="safebreach-firecompass-emerging-vendors-2018" width="357" height="69" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/safebreach">SafeBreach</a></strong> helps answer the questions security leaders are being asked by their CEO/boards today – Are we secure?” and “Can a breach happen to us?” Their platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does. SafeBreach automatically executes breach methods with an extensive and growing Hacker’s Playbook of research and real-world investigative data. SafeBreach is funded by Sequoia Capital, Deutsche Telekom Capital, Hewlett Packard Pathfinder and investor Shlomo Kramer. </li>
</ul>
<p></p>
<p></p>
<p><a href="https://www.firecompass.com/security/vendors/securityscorecard"><strong><span style="font-size:12pt;">Security ScoreCard</span></strong></a></p>
<p><a href="https://www.firecompass.com/security/vendors/securityscorecard"><img class="securityscorecard-firecompass-emerging-vendors-2018 aligncenter wp-image-8025 align-center" title="securityscorecard-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/security-scorecard-300x55.png" alt="securityscorecard-firecompass-emerging-vendors-2018" width="393" height="72" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/securityscorecard">SecurityScorecard</a></strong> grading service helps organizations in an increasingly hyper-connected world better identify, understand and manage all key risks their cloud-based information systems and those of their partners face every second of every day. Its patented solution is the only automated method to monitor all key risk factors on a continuous, real-time basis. This means users will always know the security levels of every organization they work with or share data and be able to take action, quickly and easily. </span> </li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Shieldx</strong></span></p>
<p><img class="shieldx-firecompass-emerging-vendors-2018 aligncenter wp-image-8028 align-center" title="shieldx-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/shieldx-300x61.jpg" alt="shieldx-firecompass-emerging-vendors-2018" width="369" height="75" /></p>
<ul>
<li><span><strong>ShieldX</strong> is redefining cloud security to better protect organizations against cyber threats—regardless of where sensitive data resides or how it moves across public, private or multi-cloud environments. Organizations are using APEIRO to scale security and micro-segmentation on demand, support business innovation, meet compliance requirements and protect against the latest cyberattacks.</span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Shiftleft</strong></span></p>
<p><img class="shiftleft-firecompass-emerging-vendors-2018 aligncenter wp-image-8029 size-medium align-center" title="shiftleft-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/shiftleft-300x63.png" alt="shiftleft-firecompass-emerging-vendors-2018" width="300" height="63" /></p>
<ul>
<li><strong>ShiftLeft.io</strong> is developing a new model for protecting software. We limit the attack surface proactively by understanding the Security DNA of each new version of any application or micro-service to strengthen it. This helps businesses increase the speed at which issues resulting from non-conformance with security DNA of their apps can be identified and automatically triaged.</li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/shocard-inc-"><b>Shocard</b></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/shocard-inc-"><img class="shocard-firecompass-emerging-vendors-2018 aligncenter wp-image-8030 align-center" title="shocard-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/shocard.png" alt="shocard-firecompass-emerging-vendors-2018" width="184" height="184" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/shocard-inc-">ShoCard</a></strong> is a digital identity and authentication platform built on a public blockchain data layer, using public/private key encryption and data hashing to safely store and exchange identity data, which includes biometrics such as fingerprint, facial, iris and voice. ShoCard’s approach to identity is different than existing solutions in that the user owns and carries her own data within her mobile app and is the sole person who decides with whom to share it with and which pieces of identification to share. The blockchain in then used to validate that information and confirm other third parties who have definitively certified the identity of the user. There is no privately held central location that holds user’s private information and pieces of a user’s identification does not need to be spread in other services in order to authenticate or prove ownership of an account. </span></li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Signal Sciences</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/signal-sciences"><img class="signalsciences-firecompass-emerging-vendors-2018 aligncenter wp-image-8031 align-center" title="signalsciences-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/SignalSciences-e1530689787996-300x62.jpg" alt="signalsciences-firecompass-emerging-vendors-2018" width="358" height="74" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/signal-sciences">Signal Sciences</a></strong> Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform. Built by practitioners, for practitioners, it is the only solution that works seamlessly across any cloud and infrastructure. Signal Sciences customers include Under Armour, Etsy, Yelp/Eat 24, Datadog, WeWork and more.</span></li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Signifyd</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/signifyd"><img class="alignnone wp-image-8032 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/06/signifyd-logo-normal-300x43.png" alt="" width="328" height="47" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/signifyd">Signifyd</a></strong> is the world’s largest provider of Guaranteed Fraud Protection and was founded on the belief that e-commerce businesses should be able to grow without fear of fraud. They solve the challenges that growing e-commerce businesses persistently face: billions of dollars lost in chargebacks, customer dissatisfaction from mistaken declines, and operational costs due to tedious, manual transaction investigation. They Guaranteed Payments protect online retailers in the case of chargebacks, supported by a full-service machine-learning engine that automates fraud prevention allowing businesses to increase sales and open new markets while reducing risk. </span></li>
</ul>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Stackpath</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/stackpath"><img class="stackpath-firecompass-emerging-vendors-2018 aligncenter wp-image-8034 size-medium align-center" title="stackpath-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/stackpath-300x54.png" alt="stackpath-firecompass-emerging-vendors-2018" width="300" height="54" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/stackpath">StackPath</a></strong> is the intelligent web services platform for security, speed and scale. It is the first platform to unify enterprise security solutions by leveraging collaborative intelligence that makes each service smarter and more secure with every threat detected, in addition to vastly improving the customer experience. More than 30,000 customers, ranging from Fortune 100 companies to early stage startups already use StackPath technology. </span> </li>
</ul>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>StackRox</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/stackrox"><img class="stackrox-firecompass-emerging-vendors-2018 aligncenter wp-image-7464 size-medium align-center" title="stackrox-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/04/stackrox-300x95.jpg" alt="stackrox-firecompass-emerging-vendors-2018" width="300" height="95" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/stackrox">StackRox</a> </strong>helps enterprises secure their cloud-native applications at scale. It is the industry’s first detection and response platform that defends containers and microservices from new threats. StackRox enables security teams to visualize the container attack surface, expose malicious activity, and stop attacker activity. It combines a new security architecture, machine learning, and protective actions to disrupt attacks in real time and limit their impact. StackRox is the choice of Global 2000 enterprises and backed by Sequoia Capital, it is chosen among top cyber security companies as finalist at RSA Innovation Sandbox 2018. </li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Streamsets</strong></span></p>
<p><img class="streamsets-firecompass-emerging-vendors-2018 aligncenter wp-image-8035 size-medium align-center" title="streamsets-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/StreamSets-300x120.png" alt="streamsets-firecompass-emerging-vendors-2018" width="300" height="120" /></p>
<ul>
<li><span><strong>StreamSets</strong> is a big data startup that reinvents how enterprises deliver timely and trustworthy data to their critical applications. We’ve built the industry’s first data operations platform which makes it easy to both build and manage data movement architectures in the face of constant change. Our open source StreamSets Data Collector has been downloaded over 250,000 times and is in use at many of the world’s largest companies. We’re backed by top-tier Silicon Valley venture capital firms, including Accel Partners, Battery Ventures, Ignition Partners and New Enterprise Associates (NEA).</span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>ThreatQuotient</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/threatquotient"><img class="threatquotient-firecompass-emerging-vendors-2018 aligncenter wp-image-8016 align-center" title="threatquotient-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Threatquotient-300x101.jpg" alt="threatquotient-firecompass-emerging-vendors-2018" width="330" height="111" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/threatquotient">ThreatQuotient™</a></strong> understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQ™, and cyber security situation room solution. ThreatQ Investigations, empower security teams with the context, customization and prioritization needed to make better decisions, accelerate detection and response, and advance team collaboration. Leading global companies use ThreatQuotient solutions as the cornerstone of their security operations and threat management system. </span> </li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Trusona</strong></span></p>
<p><img class="trusona-firecompass-emerging-vendors-2018 aligncenter wp-image-8091 size-medium align-center" title="trusona-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/download-2-300x80.png" alt="trusona-firecompass-emerging-vendors-2018" width="300" height="80" /></p>
<ul>
<li><strong>Trusona</strong> is the leader in simply secure identity authentication. We developed the world’s first and only insured digital identity authentication solution and are leading a movement where there are no passwords to be created, remembered, stolen, or compromised. Where people are who they say they are – every time. Our solution takes a completely different approach. It is radically simple, and relies on patented technology that uses the unique nature of every interaction to assure the True Persona behind every digital interaction. Trusona. Simply Secured.</li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Twistlock</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/twistlock"><img class="twistlock-firecompass-emerging-vendors-2018 aligncenter wp-image-8011 align-center" title="twistlock-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/twistlock-300x72.png" alt="twistlock-firecompass-emerging-vendors-2018" width="317" height="76" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/twistlock">Twistlock</a></strong> is the leading provider of container and cloud native cyber security solutions for the modern enterprise. From precise, actionable vulnerability management to automatically deployed runtime protection and firewalls, Twistlock protects applications across the development lifecycle and into production. Purpose built for containers, serverless, and other leading technologies – Twistlock gives developers the speed they want, and CISOs the control they need. </span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>UnifyID</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/unifyid"><img class="aligncenter wp-image-8092 size-medium align-center" title="unifyid-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/download-3-300x64.png" alt="unifyid-firecompass-emerging-vendors-2018" width="300" height="64" /></a></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/unifyid"><strong>UnifyID</strong> </a> is building a revolutionary identity platform based on implicit authentication. Their solution allows people to identify themselves in a unique way that is extremely difficult to forge or crack. Best of all, they are doing it in a way that respects user privacy.They are developing a revolutionary new technique for authentication that relies on implicit authentication. These are factors that are unique to you but don’t require any user action, such as your location, your habits, and various signals from the devices you carry and the sensors around you. They use proprietary machine learning algorithms to discover what makes you unique and calculate a confidence level of how likely it is you based on these signals. </li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Zerofox</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/zerofox"><img class="aligncenter wp-image-8010 align-center" title="Zerofox-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/zerofox-e1530011746904-300x74.png" alt="Zerofox-firecompass-emerging-vendors-2018" width="308" height="76" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/zerofox">ZeroFOX</a></strong> protects organizations from the risks introduced by social networking and digital communication platforms. In an age of constant connectivity and social sharing, users have become the primary target for the adversary. By continuously monitoring social platforms for cyber attacks, ZeroFOX protects organizations from the next generation of digital threats. Leveraging cutting edge technology and proven security practices, ZeroFOX provides both targeted protection and global insights. </span></li>
</ul></div>(Webinar) Terry Cutler On Cyber Security For Studentshttps://www.cisoplatform.com/profiles/blogs/webinar-terry-cutler-on-cyber-security-for-students2019-12-17T10:15:22.000Z2019-12-17T10:15:22.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><a href="{{#staticFileLink}}8669829883,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8669829883,original{{/staticFileLink}}" class="align-full" width="584" height="306" alt="8669829883?profile=original" /></a></p>
<p>We are super excited to have Terry Cutler (voted #1 Top Influencer in CyberSecurity by IFSEC Global 2018) do a web conference as part of our Kids Cyber Safety Initiative. As a part of his talk he will talk about internet safety for students, social media safety & more</p>
<p>We would also request you to encourage your children, peers, colleagues to register and join us</p>
<p></p>
<p><span>This is a part of CISO Platform Kids Cyber Safety Initiative</span> <span>Children are amongst the most vulnerable in the Cyber world and we believe It is time for us to do something for our next generation.</span> <span>At CISO Platform community, we have taken on a mission to help the kids. We are creating "Kid's Cyber Safety Week" on June 4 -10 to help train kids and their parents.</span> <span>We need you to help to realize our vision. It would be great if you could indicate your interest by volunteering.</span> <span>Please feel to volunteer here : <a href="https://www.cisoplatform.com/page/kids-cyber-safety-initiative" target="_blank">https://www.cisoplatform.com/page/kids-cyber-safety-initiative</a></span></p>
<p><span>We look forward to as many helping hands as possible. Help us make this place a safer place for kids</span></p>
<p></p>
<p></p>
<p><span style="font-size:18pt;"><strong>Watch Webinar : </strong></span></p>
<p><iframe width="560" height="315" src="https://www.youtube.com/embed/Sn8NCEhcknM?wmode=opaque" frameborder="0" allowfullscreen=""></iframe>
</p></div>[Panel Discussion] Reference Architecture for a Multi-Cloud Environmenthttps://www.cisoplatform.com/profiles/blogs/panel-discussion-reference-architecture-for-a-multi-cloud2020-04-08T08:00:00.000Z2020-04-08T08:00:00.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform323<div><p>At CISO Platform Annual Summit 2020, we had a panel discussion on the topic of Reference Architecture for a Multi-Cloud Environment, including industry stalwart like Harshad Mengle [<span>Future Group] </span>(Moderator), Vijay Bharti [<span>Happiest Minds Technologies</span>] , Dharma Sarangi [<span>Alshaya</span> ], Satyavathi Divadari [<span>News Corp</span>], Kotni Srihari Rao [<span>Reliance Payment Solutions ltd</span>]</p>
<br />
<br />
<br />
<br />
<p></p>
<p><span>Here is the video of what was discussed during the Panel Discussion </span></p>
<p></p>
<p><iframe src="https://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2FCisoplatform%2Fvideos%2F196196571795434%2F&show_text=0&width=560" width="560" height="315" frameborder="0" allowfullscreen=""></iframe>
</p></div>