Security News

Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio. For Palo Alto, the deal is part of a strategy to spend big to snap up early-stage companies in the cloud security and DevOps workflow space.

IO. This is the second acquisition Rapid7 has made in the cloud security market in the past nine months, having acquired DivvyCloud, a leader in Cloud Security Posture Management this past April. Together, these acquisitions will enhance Rapid7's ability to provide a cloud native security platform to its customers and facilitate continuous management of risk and compliance across their cloud environments.

The Cloud Security Alliance announced the availability of version 4 of the Cloud Controls Matrix, CSA's cybersecurity framework for cloud computing. The CCM v4 includes additional cloud security and privacy-related controls and encompasses coverage of requirements deriving from new cloud technologies, improved control auditability, enhanced interoperability and compatibility with other standards, and expanded support offerings to navigate the cloud shared responsibility model.

Security in cloud environments is a far cry from securing on-premises infrastructure. To utilize Cloud Foundry effectively, DevOps, security, and R&D all have to understand the multi-tenant identity management service UAA, the Cloud Controller for directing the deployment of applications via REST API endpoints, and also the rules and best practices around service deployment.

So how do we solve this problem? It begins with a better vulnerability management system, a refocused commitment to cloud application security best practices and a realignment of our current security posture with the specific requirements of the cloud. Vulnerability assessments are conducted periodically to evaluate the existing security posture and help inform any necessary changes to the vulnerability management action plan.

Data protection and compliance solutions provider HITRUST has announced the release of new Shared Responsibility Matrices for Amazon Web Services and Microsoft Azure. Best known for the HITRUST CSF, the Texas-based company has worked with healthcare, technology and information security organizations to help organizations safeguard sensitive information and manage information risk.

Developed with Amazon Web Services and Microsoft Azure, each new HITRUST Shared Responsibility Matrix aligns with the cloud service provider's unique solution offering. Leading cloud service providers have long supported shared responsibility models, whereby the provider assumes some security responsibility for hosting applications and systems, while the organization deploying its solutions in the cloud assumes partial or shared responsibility for others.

Lacework, a five-year-old cybersecurity company that automates security across enterprise cloud deployments, has reached unicorn status with the closing of a $525 million round of Series D financing. The Silicon Valley company, which automates security across public and private cloud deployments, is now valued north of $1 billion.

The financing will be used to support the company's growth as organizations increasingly recognize iboss as the leading provider of cutting-edge network security through the cloud. Iboss seamlessly enables a consolidation of networking and cutting-edge security into a Secure Access Service Edge model that operates and provides cybersecurity protection in the cloud.

Cloud security startup Wiz on Wednesday emerged from stealth mode with $100 million in Series A funding. The money came from Index Ventures, Sequoia, Insight Partners and Cyberstarts, and Wiz says it plans on using it to scale and meet customer demand for its cloud security solutions.