Security News

Virtustream announced xStreamCare Services for Security and Compliance, bringing together advanced security management and monitoring, expert consulting services, and its innovative Trust Platform - a unified, security and compliance management platform. Virtustream's latest security solutions provide near real-time visibility into security alerts, intrusion attempts, open vulnerabilities, log analytics, policy management and entitlements across Virtustream's Enterprise Cloud and Healthcare Cloud platforms, enabling enterprises to achieve a more proactive security posture to protect their business' IT assets, applications and data.

With many companies struggling to retain qualified CISOs or security managers, the lack of long-term security thinking is severely impacting sustained compliance within the Payment Card Industry Data Security Standard. Additional findings shine a spotlight on security testing where only 51.9 percent of organizations successfully test security systems and processes as well as unmonitored system access and where approximately two-thirds of all businesses track and monitor access to business critical systems adequately.

After several months of working from home, with no clear end in sight, financial risk and regulatory compliance professionals are struggling when it comes to collaborating with their teams - particularly as they manage increasingly complex global risk and regulatory reporting requirements. "During the pandemic, financial firms quickly adapted to major changes, although not without some operational and technology weaknesses emerging," said Alex Tsigutkin, CEO AxiomSL. "Indeed, businesses might never return to the 'old normal', and that has made building data- and technology-driven resilience much more pressing than before the crisis. Our clients have been experiencing heightened regulatory pressures," he continued.

Phishers are using a bogus GDPR compliance reminder to trick recipients - employees of businesses across several industry verticals - into handing over their email login credentials. "The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action. For many who are not versed in GDPR regulations, this phish could be merely taken as more red tape to contend with rather than being identified as a malicious message," Area 1 Security researchers noted.

JupiterOne announced $19 million in venture funding to help companies automate asset discovery, visibility and compliance as a critical foundation for cyber security. JupiterOne closes an important gap for CISOs, security operations, and compliance officers by providing automated, accurate and actionable visibility to their global asset inventory.

Calendars for security and compliance audits are largely unchanged despite COVID-19, but the pandemic is straining security teams as they work remotely, according to the findings of a recent survey by automated audit prep provider Shujinko. The survey of North American CISOs documented the challenges facing security and compliance professionals preparing for a wave of upcoming audits and was conducted by Pulse in late June 2020.

The thing is, compliance requirements are often being poorly written, vague and confusing. In my opinion, the confusion around compliance comes from the writing, so it's no surprise companies are struggling, especially when they have to comply with multiple requirements simultaneously.

BAE Systems announced a new offering created on Amazon Web Services to deliver complete anti-money laundering regulatory compliance solutions. The solution is supported by the availability, reliability and security of AWS and offers banks and financial institutions the opportunity to quickly stand up an affordable integrated financial crime regulatory compliance solution.

SOX & Internal Controls Professionals Group released a survey which measures the costs, execution, challenges and priorities faced by companies that comply with the Sarbanes-Oxley Act. "In its fifth year, our survey reflects the broad experience of SOX professionals over time and presents a balanced perspective of the current state of SOX and internal controls management," said Camille Kearns Rudy, National Director of the SOX & Internal Controls Professionals Group.

Which works to detect and compare configuration changes to servers, databases, and applications, now integrates a policy compliance engine aimed at helping IT teams simplify and more efficiently achieve compliance and compliance reporting, with an initial focus on the federal space. By integrating a policy compliance engine focused on select STIG policies, makes it easier for federal IT pros to automatically check systems and applications for STIG compliance, deliver clear and quick compliance results for auditing purposes, and identify non-compliant elements for more efficient remediation.