Digital Defense, Inc - Experts & Thought Leaders
Latest Digital Defense, Inc news & announcements
HelpSystems announced the acquisition of Digital Defense, a provider of vulnerability management and threat assessment solutions. Digital Defense’s cloud-native vulnerability scanning engine gives organisations in healthcare, legal, financial services, and other industries the ability to proactively detect infrastructure security gaps and take effective remediation steps to safeguard against internal and external cyber threats. As part of HelpSystems’ cyber security portfolio, Digital Defense joins Core Security and Cobalt Strike to establish a comprehensive, best-in-class security assessment toolkit. “Every day we have customers who want to know what they can do to strengthen their security postures and protect their employees, customers, and sensitive information from malicious actors,” said Kate Bolseth, CEO, HelpSystems. Vulnerability management technology “The addition of Digital Defense offers threat-weary IT teams the capabilities they need to increase infrastructure security on two fronts: via leading-edge vulnerability management technology as well as seasoned pen testing resources to broaden our existing expertise. We are so happy to welcome the team and the award-winning products they’ve developed to HelpSystems.” The vulnerability scanning engine is noteworthy for its ability to enable pen-testers to focus their efforts on identified issues The Digital Defense platforms encompass enterprise security needs across penetration testing, employee training, cyber security defence, enterprise risk assessment, and physical security testing. The vulnerability scanning engine is noteworthy for its ability to enable pen-testers to focus their efforts on identified issues rather than blindly testing the network. For companies that lack the internal bandwidth or expertise necessary to carry out this critical function, Digital Defense’s team of US-based pen testers is a trusted resource to conduct the tests. Address information security “Digital Defense will continue to protect the ever-expanding IT underpinnings of thousands of organisations as part of HelpSystems,” said Larry Hurtado, President and CEO, Digital Defense. “This powerful combination not only enables our customers to take advantage of HelpSystems’ broad security and automation solutions, but it also gives us more horsepower to continue to advance how organisations around the world understand and address information security.” KPMG Corporate Finance LLC (“KPMG CF”) acted as exclusive investment banking advisor to Digital Defense, and Norton Rose Fulbright was the exclusive legal advisor to Digital Defense.
Digital Defense, Inc. announced the integration of their Frontline.Cloud™ vulnerability management and threat assessment platform with the Cherwell IT Service Management (ITSM) platform. The union of the two security technologies enables joint customers to automate the process of ticketing, enabling organisations to quickly and efficiently address security vulnerabilities and threats, improving their overall security posture. "Through the integration, organisations can leverage the benefits of Digital Defense's next-generation security assessment system and Cherwell's powerful ITSM solution for exceptionally accurate host identification and management," states Gordon MacKay, EVP/chief technology officer at Digital Defense. "Our Frontline.Cloud incorporates patented scan-to scan host correlation technology to ensure users can precisely track and correlate assets across assessments and over time simplifying the burden of manually tracking and managing network assets." Vulnerability and threat assessment solutions "For the most effective and efficient IT service desks, interoperability is key," said Michael Euperio, director, technology alliances at Cherwell. "With Cherwell's ITSM solution acting as the hub for managing all IT tickets, including security vulnerabilities and threats, the integration with Digital Defense is important progress for our common customers." Frontline.Cloud offers software security systems focused on hardening business-critical assets from being breached Founded in 1999, Digital Defense, Inc. is an industry-recognised provider of security assessment solutions. Digital Defense provides vulnerability and threat assessment Software-as-a-Service (SaaS) solutions and services purpose-built to operate in today's hybrid cloud enterprise environments. Digital Defense's proprietary platform, Frontline.Cloud, incorporates patented technologies and offers multiple software security systems focused on pro-actively hardening business-critical assets from being compromised and breached. Operating on-premise The Frontline. Cloud platform supports Frontline Vulnerability Manager™ (Frontline VM™), Frontline Web Application Scanning™ (Frontline WAS™), and Frontline Active Threat Sweep™ (Frontline ATS™) that provide agent-less discovery, vulnerability and threat assessment of dynamic assets, while eliminating manual processes and integrating with market-leading 3rd party security and IT offerings to eliminate gaps invisibility and enable faster remediation. Frontline.Cloud is the only solution in the market that is built to scale across any size organisation and operate on-premise, in the cloud or hybrid network-based implementations.
Digital Defense, Inc. announces Frontline Network Map, an innovative feature offering IT security and operations professionals enhanced visibility of vulnerabilities and threats found on small, medium, and large networks. Frontline Network Map is accessible within Frontline.Cloud, the company’s SaaS security assessment platform and is being demonstrated at Black Hat 2019 conference currently underway in Las Vegas, Nevada. Risk network segments Through the Network Map capability, Fronline.Cloud users are able to view the relationships and interconnectivity of assets through a variety of clustering algorithms to pinpoint at risk network segments and areas of key vulnerability and active threat. “Our Network Map feature is a powerful tool for information security blue team members to quickly visualise the security of the networks and connected assets for which they defend from cybercriminal attacks,” states Mike Cotton, SVP, Engineering. “Frontline.Cloud users receive an accurate graphic depiction of their risk that enables rapid response to those assets or network clusters that present the greatest exposure.” Learn more about Frontline Network Map by visiting the Digital Defense booth #2411 at Black Hat and request for a demonstration.
Insights & Opinions from thought leaders at Digital Defense, Inc
At an Oldsmar, Fla., water treatment facility on Feb. 5, an operator watched a computer screen as someone remotely accessed the system monitoring the water supply and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. The chemical, also known as lye, is used in small concentrations to control acidity in the water. In larger concentrations, the compound is poisonous – the same corrosive chemical used to eat away at clogged drains. The impact of cybersecurity attacks The incident is the latest example of how cybersecurity attacks can translate into real-world, physical security consequences – even deadly ones.Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. The computer system was set up to allow remote access only to authorised users. The source of the unauthorised access is unknown. However, the attacker was only in the system for 3 to 5 minutes, and an operator corrected the concentration back to 100 parts per million soon after. It would have taken a day or more for contaminated water to enter the system. In the end, the city’s water supply was not affected. There were other safeguards in place that would have prevented contaminated water from entering the city’s water supply, which serves around 15,000 residents. The remote access used for the attack was disabled pending an investigation by the FBI, Secret Service and Pinellas County Sheriff’s Office. On Feb. 2, a compilation of breached usernames and passwords, known as COMB for “Compilation of Many Breaches,” was leaked online. COMB contains 3.2 billion unique email/password pairs. It was later discovered that the breach included the credentials for the Oldsmar water plant. Water plant attacks feared for years Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. Florida’s Sen. Marco Rubio tweeted that the attempt to poison the water supply should be treated as a “matter of national security.” “The incident at the Oldsmar water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers, but also from malicious actors with unknown motives and goals,” comments Mieng Lim, VP of Product Management at Digital Defense Inc., a provider of vulnerability management and threat assessment solutions.The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online “Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasises the need to ensure the systems are defended against any adversary,” Mieng Lim adds. “Proactive security measures are crucial to safeguard critical infrastructure systems when perimeter defences have been compromised or circumvented. We have to get back to the basics – re-evaluate and rebuild security protections from the ground up.” "This event reinforces the increasing need to authenticate not only users, but the devices and machine identities that are authorised to connect to an organisation's network,” adds Chris Hickman, Chief Security Officer at digital identity security vendor Keyfactor. “If your only line of protection is user authentication, it will be compromised. It's not necessarily about who connects to the system, but what that user can access once they're inside. "If the network could have authenticated the validity of the device connecting to the network, the connection would have failed because hackers rarely have possession of authorised devices. This and other cases of hijacked user credentials can be limited or mitigated if devices are issued strong, crypto-derived, unique credentials like a digital certificate. In this case, it looks like the network had trust in the user credential but not in the validity of the device itself. Unfortunately, this kind of scenario is what can happen when zero trust is your end state, not your beginning point." “The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organisations bring systems online for the first time as part of digital transformation projects,” says Gareth Williams, Vice President - Secure Communications & Information Systems, Thales UK. “While the move towards greater automation and connected switches and control systems brings unprecedented opportunities, it is not without risk, as anything that is brought online immediately becomes a target to be hacked.” Operational technology to mitigate attacks Williams advises organisations to approach Operational Technology as its own entity and put in place procedures that mitigate against the impact of an attack that could ultimately cost lives. This means understanding what is connected, who has access to it and what else might be at risk should that system be compromised, he says. “Once that is established, they can secure access through protocols like access management and fail-safe systems.” “The cyberattack against the water supply in Oldsmar should come as a wakeup call,” says Saryu Nayyar, CEO, Gurucul. “Cybersecurity professionals have been talking about infrastructure vulnerabilities for years, detailing the potential for attacks like this, and this is a near perfect example of what we have been warning about,” she says. Although this attack was not successful, there is little doubt a skilled attacker could execute a similar infrastructure attack with more destructive results, says Nayyar. Organisations tasked with operating and protecting critical public infrastructure must assume the worst and take more serious measures to protect their environments, she advises. Fortunately, there were backup systems in place in Oldsmar. What could have been a tragedy instead became a cautionary tale. Both physical security and cybersecurity professionals should pay attention.
The key to unlocking K12 school safety grants
Download5 surprising findings from OT vulnerability assessments
DownloadPhysical access control
DownloadHoneywell GARD USB threat report 2024
DownloadPalm vein recognition
Download