Chetu, a global software solutions and support services provider, today announced it has received its 14th consecutive System and Organization Controls for Service Organizations’ ICFR Type 2 SOC 1^® accreditation. This milestone is a testament to Chetu’s unwavering dedication to upholding the highest information security and data integrity standards.

This rigorous, independent audit, conducted in accordance with the American Institute of Certified Public Accountants (AICPA) standards, confirms that Chetu’s internal controls for security, availability, and processing integrity are operating effectively. It further demonstrates the company’s dedication to safeguarding customer data.

“Earning our 14th consecutive Type 2 SOC 1^® certification is evidence of our team’s relentless pursuit of excellence,” said Prem Khatri, Vice President of Operations at Chetu. “It showcases our dedication to maintaining a robust security posture and adapting our controls to the ever-evolving technology landscape. Our clients can rest assured that their data is safe with Chetu.

“We are proud to offer our clients the peace of mind that comes with knowing their data is protected by a trusted partner,” Khatri added.

A Gold Standard in Information Security

The Type 2 SOC 1^® certification is a globally recognized benchmark for service organizations, demonstrating that they have undergone a thorough examination of their service activities and meet the rigorous standards for controls over information technology and related security processes.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Chetu achieves 14th Consecutive Type 2 SOC 1® Certification first appeared on AI-Tech Park.

Zentera Systems, Inc., the leader in Zero Trust Security for the digitally-transformed enterprise, today announced the appointment of Rino Peruzzi to its Board of Directors.

“We are excited to welcome Rino to our Board,” said Jaushin Lee, President and CEO of Zentera Systems. “Rino brings a stellar reputation for success in growing and managing global strategic accounts. With Zero Trust security being rapidly adopted by the largest enterprises for its effectiveness in protecting critical assets and workloads, Rino’s insight and experience will be invaluable. His addition bolsters our go-to-market strategy and will accelerate adoption of our Zero Trust security solutions throughout Fortune 500 enterprises.”

“As companies continue to invest in digital transformation and new technologies like AI, the potential for productivity gains is accompanied by increased risk of cyber attacks and data leaks,” added Rino Peruzzi. “Zentera’s Cyber Overlay empowers information security professionals to instantly apply Zero Trust principles and mitigate cyber threats to business. I am excited to contribute to Zentera’s efforts in realizing the full potential of its pioneering solutions.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Zentera Systems Appoints Industry Veteran Rino Peruzzi to BOD first appeared on AI-Tech Park.

Dan joins ModMed from Horizon Blue Cross Blue Shield of New Jersey, where he served as Vice President and Chief Information Security Officer. In this role, he was instrumental in advancing the company’s cybersecurity posture and ensuring the protection of critical information assets.

Before his tenure at Horizon Blue Cross Blue Shield, Dan held the position of Chief Product and Information Security Officer at a leading fintech firm. He also served as Chief Information Security Officer and Associate CIO at Penn Medicine, one of the United States’ top academic medical institutions, where he oversaw comprehensive information security and IT infrastructure programs.

Throughout his career, Dan has co-managed multiple cybersecurity consulting practices, advising clients ranging from startups to Fortune 500 corporations. His expertise encompasses CISO and CIO consulting, product management, and strategic planning for IT and cybersecurity initiatives.

Dan’s leadership in cybersecurity has been recognized with numerous accolades, including multiple CSO50 Awards, CSO of the Year, and the Best U.S. Security Team award at the SC Awards 2020. He has also contributed his expertise to the boards of Health-ISAC, Symantec Healthcare, and VMware Healthcare Security.

Dan holds a Bachelor of Science degree in Information Systems Security from American Military University and an MBA from the Jack Welch Management Institute.

“We are thrilled to welcome Dan Costantino to the ModMed team,” said Daniel Cane, ModMed co-founder and co-CEO. “His extensive experience and proven track record in information security and IT infrastructure will be invaluable as we continue to innovate and enhance our technology solutions for the healthcare industry.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post ModMed Appoints Chief Information Security Officer, Dan Costantino first appeared on AI-Tech Park.

Obsidian Security, the pioneer of SaaS security, announces the appointment of Sunil Seshadri to its Board of Directors. Sunil joins the board at a time when the Obsidian platform has become essential to Incident Response providers around the world as they respond to a 300 percent rise in SaaS breaches over the last 12 months.

Partners like Crowdstrike, Kroll, Guidepoint, Wipro, and GroupIB use Obsidian to significantly shorten the time needed to normalize identities and activities in SaaS, and map out the kill-chain events that led to a SaaS breach. Obsidian’s understanding of SaaS breaches has allowed it to develop the most efficacious AI models that proactively prevent and detect advanced threats to SaaS and PaaS applications.

“We started our incident response engagements by partnering with CrowdStrike in mid-2022, and in less than two years, we’ve accumulated the largest collection of SaaS breach data, giving us deep insights into the SaaS threat landscape,” says Hasan Imam, CEO at Obsidian Security. “It is also immensely gratifying to have someone like Sunil Seshadri on our team. His extensive experience at leading global security organizations, coupled with his unique insights into security challenges faced by enterprises and an unparalleled network of peers, significantly strengthens our ability to deliver robust, innovative solutions that safeguard our customers’ expanding SaaS environments.”

Mr. Seshadri joins the Obsidian board, bringing over 28 years of expertise in technology and information security leadership. His distinguished experience includes roles as Chief Information Security Officer (CISO) at major financial institutions, including Wells Fargo, NYSE, Visa, and Intercontinental Exchange.

“I’m thrilled to join the Obsidian journey,” states Sunil Seshadri. “Throughout my tenure as a CISO, I’ve encountered numerous threats and breaches. The one constant truth is that threat actors invariably target data. As data increasingly migrates to SaaS platforms, these become the new frontline. Addressing these threats effectively requires a combination of technological innovation, real-world breach insights, and a desire to partner with customers to develop the right solutions. That is what has separated the best from the rest. And SaaS security will be no different.”

Obsidian Security was founded with the goal to tackle the unaddressed blind spot in SaaS security. Trusted by leading Fortune 1000 and Global 2000 enterprises, Obsidian shields SaaS applications from advanced identity threats, 3rd- and 4th-party integrations and data movement risks, and automates SaaS security posture management and compliance.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Sunil Seshadri Joins Board of Directors at Obsidian Security first appeared on AI-Tech Park.

“As a global leader in cyber safety and online wellbeing, security, privacy and customer trust are non-negotiable,” says Tim Levy, CEO of Qoria. “Michael’s leadership will ensure that Qoria’s products remain trusted and competitive in the global marketplace.”

Michael’s proven leadership combined with his background as an accomplished ethical hacker positions him well to understand and continuously improve the security of Qoria and its products. 

“Qoria has one of the most important charters of the 21st century; supporting parents and schools with the ability to provide safe access to technology and it is a great privilege to play a pivotal role in this mission,” says Michael Hyndman, CISO at Qoria. 

Michael’s appointment will ensure Qoria continues to navigate the ever changing cyber security landscape maintaining the company’s position on the leading edge of innovation and resilience.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Linewize by Qoria Announces Appointment of Michael Hyndman as CISO first appeared on AI-Tech Park.

Sourcepass, an innovative IT Services (MSP) and Cyber Security Provider, joins the supplier network of ARG, a technology consulting and advisory firm. Together we will provide our joint clients with a broad suite of technology products and services to best meet their business outcomes.

Sourcepass is transforming the way companies buy, manage, and use IT services. Through their proprietary Quest portal, clients receive on-demand support, reporting, and self-service for their IT environment to drive business decisions from their IT investment. This translates directly to customer experience and retention which align with the core values for ARG’s supplier network.

“Sourcepass is driven by a customer-obsessed culture” said Chuck Canton, Founder and CEO of Sourcepass. “We see tremendous alignment with ARG, not only in delivering best-in-class technology and security solutions, but in our passion for delivering the highest quality client experience.”

“ARG clients want to better align business units to IT in order to use technology as a competitive advantage. Focusing in-house resources where they drive the most value can speed time to market and make a big impact on organizational success. Enabling that type of focus through strategic outsourcing to highly qualified partners like Sourcepass helps us deliver business outcomes to our clients,” said Jim Begley, ARG CTO.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Sourcepass Joins ARG Supplier Network for Providing Cyber Security first appeared on AI-Tech Park.

HITRUST, the leader in enterprise risk management, information security, and compliance assurances, today announced a groundbreaking partnership with Trium Cyber, a specialty insurance underwriter. This collaboration introduces a new cyber insurance product exclusively available to HITRUST-certified customers, setting a new standard in the alignment of information risk assurances and insurance underwriting.

The innovative insurance product, initially available for HITRUST r2 certified entities, is designed to address the growing complexities and inconsistencies in the cyber insurance market. Organizations seeking insurance face increasing difficulties with qualifying, fluctuating rates, and a burdensome application process. In contrast, insurers have struggled to accurately understand and underwrite cyber risks due to inadequate and non-standardized assessment approaches.

Trium’s decision to partner with HITRUST is based on the program’s robust controls framework and assurance methodology which provides relevant and proven controls that are regularly tested against the current threat landscape along with highly reliable implementation verification and measurements.

“Trium found in HITRUST not just a certification, but a partnership that brings clarity and confidence to cyber risk underwriting, something our industry has been struggling with,” said Josh Ladeau, CEO of Trium Cyber. “By integrating HITRUST’s rigorous standards and comprehensive third-party validations, we can fully understand the residual risk to insure and thereby offer a superior insurance product that accurately reflects the actual risks businesses face.”

This partnership represents a pivotal development in the insurance industry. For the first time, underwriters like Trium Cyber can access HITRUST’s assessment results, with its Results Distribution System (RDS) which enables a secure API enhancing the efficiency and security of the underwriting process.

“Our collaboration with Trium Cyber is a testament to HITRUST’s commitment to innovation and excellence in information security and risk management,” stated Daniel Nutkis, CEO of HITRUST. “This alliance not only validates HITRUST’s model and methodologies but also marks a significant step forward in aligning cybersecurity assessment with real-world insurance needs as essential tools for risk management.”

Enhancing Cyber Risk Management through Strategic Partnerships
Reliable cyber assurances and comprehensive insurance solutions are essential for organizations to manage the risks of breaches and attacks effectively. This partnership exemplifies how integrating these two critical solutions can significantly benefit the market by providing more consistent, measurable, and reliable risk management tools. As these sectors converge more closely, both the assurance and insurance industries stand to gain from enhanced predictability and efficacy in their services, ultimately benefiting the entire business ecosystem.

HITRUST’s recent Trust Report highlights the effectiveness of its assurance program, revealing that certified organizations have a breach rate of only 0.64% over two years, underscoring the relevance of the company’s controls, informed by its Cyber Threat Adaptive Engine, and the reliability of its validation and certification methodologies in mitigating cyber risks.

Trium leads a growing number of Lloyd’s syndicates that are intrigued by HITRUST’s robust framework and the secure, efficient ingestion of relevant underwriting data through the HITRUST RDS; this shared risk facility and novel partnership set a new precedent for cyber insurance. Looking ahead, Trium plans to expand this offering to HITRUST i1 and e1 certified customers, broadening the impact and reach of this crucial initiative. 

For more information about Trium Cyber’s insurance for HITRUST customers please contact your commercial insurance broker or visit www.triumcyber.com.

For more information about HITRUST and its innovative approaches to cybersecurity and compliance assurance, please visit www.hitrustalliance.net.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post HITRUST’s New Cyber Insurance Product available for its Customers first appeared on AI-Tech Park.

Kandji, the Apple device management and security platform, today announced it is now part of the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for organizations who provide software solutions that run on or integrate with AWS. The program helps partners drive new business and accelerate sales cycles by connecting the participating ISVs with the AWS Sales organization.

Through the AWS ISV Accelerate Program, Kandji receives focused co-selling support from AWS, access to further sales enablement resources, reduced AWS Marketplace listing fees, and incentives for AWS Sales teams. The program provides better customer outcomes and assures mutual commitment from AWS and Partners.

Kandji’s acceptance into the program also allows the company to better meet its customers’ needs and empower enterprise IT and InfoSec teams to keep every Apple user secure and productive using connected intelligence and automation.

“By joining the AWS ISV Accelerate Program, Kandji can help more customers manage and secure Apple devices in the enterprise and at scale,” said Dustin Thompson, Global VP of Partnerships at Kandji. “This collaboration fortifies our existing position with AWS and furthers our ability to bring harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.”

This news comes on the heels of Kandji becoming available on AWS Marketplace, providing AWS clients access to Kandji to further help them manage their IT resources. Kandji also recently passed the AWS Foundational Technical Review, which means the company aligns with AWS Well-Architected Framework.

To learn more, please visit: https://blog.kandji.io/kandji-joins-amazon-web-services-isv-program

Helpful Links

• Learn more about Kandji’s Device Management
• Read Kandji Customer Stories
• Read the Kandji Blog
• Follow Kandji on X
• Follow Kandji on LinkedIn
• Follow Kandji on Facebook

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Kandji joins AWS ISV Accelerate Program first appeared on AI-Tech Park.

Cyber attackers are using increasingly sophisticated techniques to breach organizations’ defenses. As new threats and tactics are used, it’s becoming more challenging for organizations to keep up with the latest threats and implement effective defenses. DirectDefense’s ThreatAdvisor SOAR platform enabled its team to help clients launch key security initiatives and significantly improve their preparedness and overall security posture.

Primary threats from 2023

In 2023, DirectDefense helped its clients identify, respond to and remediate the following five primary threats:

Multi-factor authentication (MFA) abuse: Abusing and bypassing MFA became so prominent in 2023 that DirectDefense created custom alerts to catch more attacks. There has been a surge in identity-based attacks where attackers are being more interactive and using generative AI to be more targeted.

Social engineering: Social engineering attacks have become more impactful with AI. Attackers are using AI to localize their attacks and appear more familiar, so misspellings or language differences are no longer key ways to identify a social engineering attack. The combination of AI and the willingness of attackers to spend more money to commit a cybercrime make these attacks more automated.

Single sign-on (SSO) attacks: SSO gives attackers a single entry point for multiple environments. They can steal the sign-on information once and use it many times, so organizations should be aware of the vulnerabilities that exist when multiple environments can be accessed with the same login information.

Multi-cloud attacks: As people continue to push toward the cloud, there is a growing concern about the gaps in visibility that exist in cloud environments. In 2023, DirectDefense used newer technologies to see attacks taking place in real-time in multiple clouds, respond, and remediate using additional security solutions.

Living of the Land (LotL) abuse: Once threat actors are on a computer, they are able to use admin tools and permissions to move around freely. Attackers are using the same tools organizations use to protect their network to stay inside the environment.

Emerging threats for 2024

In looking at 2024, the DirectDefense team identified the five emerging threats that top the list for security concerns:

SIM Swapping: SIM swapping side-steps MFA measures by taking over phone accounts for key personnel and porting those phone numbers over to the attacker’s own SIM card on another device. Now, the attacker controls the victim’s phone and can receive SMS-based codes for MFA and gain access to corporate networks and services.

Use of Generative AI: AI has made it harder than ever for organizations to protect against social engineering attacks, even with security awareness. Threat actors are becoming a lot savvier about localizing attacks to fit the target region, and generative AI is making that tactic far more effective. Beyond localization, which includes using the right accents and terminology to appear safe and familiar, AI also allows attackers to go so far as to impersonate identities and craft believable emails.

Compromising Corporate AI Tools: In addition to using AI as an attack vector, threat actors are also using an organization’s own AI platform to gain network access. Organizations will have to implement policies and procedures for safely implementing and using AI tools to account for the vulnerabilities that exist.

Going Around Endpoints: Attackers are simply avoiding endpoints altogether and going right into an organization’s network to attack on-premise cloud environments. Endpoint avoidance works because there is little to no oversight for cloud product development and if an organization also has poor network segmentation, there are few if any barriers keeping an attacker from moving easily throughout a cloud-networked environment.

Infiltrating Incident Response Communications: Attackers are increasingly adding insult to injury by taking over incident response communication activities following their attack to make it harder for organizations to facilitate disaster recovery activities. If the attacker infiltrates an organization’s communication systems, it drastically undermines disaster recovery and incident response procedures, delaying the organization’s ability to notify the right people, get systems back online, recover data, and get back to business as usual.

ThreatAdvisor, a single-platform SOAR solution for continuous security monitoring and management, is a critical piece of DirectDefense’s managed services offerings as it provides complete network visibility in a centralized location. It helped DirectDefense achieve an average time to respond to triaged critical security events of 8 minutes. Over 90% of standard managed detection and response (MDR) events were triaged by DirectDefense without engaging the client’s security team. Nearly one-third of events were promoted and triaged in collaboration with client security teams and 80% of those were custom alerts that go beyond standard MDR monitoring.

“Cybercrime is big business and it’s driving up the volume and sophistication of cyberattacks, making it impossible for organizations to stay on top of every threat,” said Jim Broome, President and Chief Technology Officer for DirectDefense. “Getting additional support from an MSSP can be invaluable to an organization’s security program by helping to ensure attackers can’t breach your network in the first place. Because once they’re in, they can do a significant amount of damage and cost your company millions.”

The full report can be found at: https://go.directdefense.com/2023-Security-Operations-Threat-Report

Follow DirectDefense
LinkedIn: https://www.linkedin.com/company/directdefense/
X (formerly Twitter): https://twitter.com/Direct_Defense
Blog: https://www.directdefense.com/resources/blog/

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post 2023 Security Operations Threat Report: DirectDefense first appeared on AI-Tech Park.

HITRUST, the leader in enterprise risk management, information security, and compliance assurances, is pleased to announce the release of version 11.3.0 of the HITRUST Framework (HITRUST CSF) on April 16, 2024. This update reaffirms HITRUST’s commitment to providing organizations with a comprehensive, up-to-date framework that addresses evolving cyber threats and regulatory requirements.

What is the HITRUST Framework?

The HITRUST Framework (HITRUST CSF®) is a comprehensive, scalable, reliable, and efficient framework for information risk management, cybersecurity, and regulatory compliance. It is designed to help organizations globally, in any sector, earn the trust of their customers and stakeholders by demonstrating their commitment to relevant and reliable information security standards.

What’s New in CSF v11.3.0

• Addition of FedRAMP, StateRAMP, and TX-RAMP authoritative sources, which provide a standardized approach to ensure that assessed entities doing business with the government comply with applicable information security requirements.
• Integration of NIST SP 800-172: Enhancing protections for Controlled Unclassified Information (CUI) and supporting organizations with high-risk profiles in their HITRUST r2 Assessment tailoring.
• Foundation for CMMC Level 3 Requirements: Preparing organizations for new compliance needs based on stringent NIST standards.
• Inclusion of MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (MITRE Atlas) mitigation. Addressing security requirements crucial for safeguarding AI systems.
• Streamlined Assessment Process: Reduced redundancy in requirement statements, significantly decreasing the average r2 assessment size without compromising control coverage.

Customer Benefits

• Staying Ahead of Regulations: By integrating and normalizing the latest industry standards and requirements, CSF v11.3.0 ensures organizations remain aligned with current and emerging regulations.
• Comprehensive Cyber Threat Adaptation: The inclusion of cutting-edge authoritative sources like NIST SP 800-172 and MITRE ATLAS ensures the framework meets the challenges of today’s dynamic threat landscape.
• Enhanced Efficiency: Consolidation efforts have streamlined the assessment process, reducing effort and time investment for organizations pursuing HITRUST certification while meeting one or many regulatory compliance requirements.

Transition Information

With the launch of v11.3.0, new e1 and i1 assessments will be aligned with the updated framework, ensuring organizations benefit from the latest cybersecurity and compliance advancements. Existing assessments under v11.2.0 can still proceed, providing flexibility and continuity for ongoing certification efforts.

Access and Implementation

HITRUST CSF v11.3.0 is available for download on the HITRUST website. New e1 and i1 assessment objects, including i1 rapid recertification assessments, using CSF v11.2 in MyCSF have been disabled.

Organizations are encouraged to transition to the updated framework to leverage the enhanced protections and efficiencies it offers.

For more information and to download the HITRUST CSF v11.3.0, visit https://hitrustalliance.net/hitrust-framework.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post HITRUST announces CSF v11.3.0 launch first appeared on AI-Tech Park.