In The News

 

Business Computing World, November 17, 2017

The Traditional Security Stack Must Evolve To Face Predatory Malware

When it comes to security, we are in a state of flux. Firewalls combined with other solutions, which make up the typical security stack today, are being neutralised and investments made irrelevant by the level of predatory malware being used in cyberattacks.

 

Security Middle East, November 1, 2017

Vidder Make Plans to Build Traction in EMEA Market

After opening a UK base earlier this year, the appointment of Paul Darby as Regional Manager at Vidder is a further move by Vidder to drive expansion.

 

Finance Digest, October 31, 2017

Combatting Cyber-Attacks Means Thinking Outside The Box

One way to control access and address growing cyber threats is to put in place more advanced trust criteria. Trusted Access Control powered by software defined perimeter (SDP) and trust assessment technology, will allow banks, clearing houses, insurance companies and all other organisations with critical financial data, to secure their networks with a single layer of protection that combines access enforcement with trust assessment.

 

Newsweek, October 29, 2017

Putin Starts Aiming His Cyberweapons Against Individuals

Since 2014, Russia has used Ukraine as a testing ground for its hybrid warfare doctrine, underscoring what some security experts say is a case study for the new kinds of security threats the U.S. and its Western allies can anticipate from Moscow.

 

The Daily Signal, October 27, 2017

Russia Field-Tested Hybrid Warfare in Ukraine. Why That Cyberthreat Matters for US.

California-based Vidder has put together a team of cybersecurity experts to comprise the core of a proposed U.S.-Ukraine cybersecurity center with offices in Kyiv, Washington, and Silicon Valley

 

Digitalisation World, October 2017

Dealing With the Dark Side of the Digital World – Cyber War by Stealth

Security attacks have become commonplace in recent years, with the number of breaches rising exponentially and the nature of the events evolving over time.

American Security Today, October l6, 2017

Vidder Named Finalist in the American Security Today Homeland Security Awards

The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.

 cso

CSO Online, October 6, 2017

Cybersecurity Technology: Everything is Transforming and in Play

Changing requirements and constant innovations are making security technology options more confusing.

 

SiliconANGLE, September 29, 2017

It’s Time for a Cybersecurity Reboot, Says Vidder CTO

“We have to rethink how we share information on a worldwide basis of our solutions,” said Islam, who pointed out that at many high-profile cybersecurity conferences held every year, people attend from the same countries that are attacking the U.S.

 

The Cube, September 21, 2017

The Cube Asks Junaid Islam “Is Security a Do Over?”

The Cube’s John Furrier and Junaid Islam, Vidder discuss the Cyber War and a “Generational Shift” in Cyber Security.

 

Tech Target/Search SDN, September 21, 2017

Managed SDP Security from Verizon, Vidder Addresses Enterprise Security

Verizon has added managed software-defined perimeter security to its enterprise networking service portfolio. The service uses security software from Vidder Inc., headquartered in Campbell, Calif.

 

Computer Weekly, September 21, 2017

Gas Distribution Network SGN Invests in Software-defined Perimeter

SGN, the gas company that serves homes in the south of England and Scotland, has begun using next-generation access control from Vidder, based on the concept of a software-defined perimeter (SDP).

 

FierceTelecom, September 20, 2017

Verizon Taps Vidder for Software-defined Managed Security Offering

Verizon Enterprise Solutions has introduced a new Software Defined Perimeter (SDP) offering, a service that provides connectivity at the application layer instead of using traditional network-based access controls.

 

Security News Desk, September 20, 2017

Verizon Enterprise Solutions Selects Vidder for Managed Services

Vidder has been specially chosen by Verizon Enterprise Solutions for its new Software Defined Perimeter Managed Service Offering, which will support global enterprises increase agility, control costs and limit cyber risks.

 

Digitalization World, September 20, 2017

Vidder Selected by Verizon Enterprise Solutions

Vidder technology provisions connectivity at the application layer, as opposed to using traditional network-based access controls. Servers are hidden from users until trust is established.

 

SDx Central, September 19, 2017

Verizon Adds Software-Defined Perimeter Security from Vidder

Verizon plans to add software-defined perimeter (SDP) security to its Virtual Network Services (VNS). The security software will be supplied by Vidder.

 

Market Watch, September 19, 2017

Vidder Selected by Verizon Enterprise Solutions for New Software Defined Perimeter Managed Service Offering

Vidder, Inc., a market leader in Trusted Access Control, today announced that its technology is a core part of the Verizon Enterprise Solutions Software Defined Perimeter (SDP) offering.

 

Light Reading, September 19, 2017

Verizon & Vidder Put SD-Perimeter Around Enterprise Security

Verizon Enterprise Solutions has launched a new managed security service for enterprises, the Software Defined Perimeter (SDP) platform, that establishes connectivity at the application layer and verifies user and device identities before allowing access to protected servers.

 

Water Active, September 18, 2017

Cyber Threats Necessitate Zero-trust Approach for Water Companies

Whilst it’s more common to hear about cyberattacks in the private sector, on banks, corporate institutions and retail, or even, recently, on our beleaguered National Health Service, the threat is also increasing for utilities companies.

 

TDWI Upside, September 18, 2017

The Shift to Software-Defined Security

What’s behind the shift to software and service-centric operating models and solutions for enterprise security?

 

CloudExpo Journal, August 24, 2017

Keeping Digital Health Organizations Safe from Cyber Attack

For health organizations, breaches are a constant threat, due to the high value of healthcare data – Social Security Numbers, treatment records, credit information, and other sensitive personally identifiable information (PII).

 

CTOvision, August 21, 2017

Are You Ready for State-sponsored Zombie Malware Attacks?

On January 4, 2017 CTO Vision published a blog post titled “Are you ready for a state-sponsored cyber attack?” In hindsight, the blog post should have been titled “Are you ready for state-sponsored zombie malware attacks?”

 

Telco Transformation, August 11, 2017

Verizon’s Hakl: SDN Creates Virtualized World

Accordingly, Shawn Hakl, Verizon’s vice president of business networks and security solutions, paints a picture of the interconnection of everything by way of software-defined everything.

 

GNC, July 27, 2017

Containment Can Protect IoT and Cloud Infrastructure from Malware

We have already seen two major cyberattacks in the last year where malware was has crippled government computer systems. Anyone familiar with this space needs no reminder of the Shamoon2 cyber attack on the government systems in Saudi Arabia; that attack wiped out information on 50,000 servers and devices.

 

Datacenter Dynamics, July 12, 2017

Trust No One – Protecting Data Centers Against Cyber Espionage

Security concerns are rippling across the IT industry. The WannaCry ransomware attack which hit the NHS and data theft incidents like that experienced by Wonga, the payday loan company, leave a sense of unease that traditional security measures are failing to allay.

 

CloudTweaks, July 10, 2017

Malware Will Cripple Cloud and IOT Infrastructure if Not Contained

This year we’ve had two cyber attacks in which malware was used to cripple government computer systems. Unless counter-measures are deployed, similar malware attacks can be used against cloud and IoT infrastructure.

 

CloudTweaks, June 27, 2017

Cloud Migration and Cyberwar

This last week the Washington Post published a bombshell story on the recent attacks on the US election infrastructure ironically under their motto “Democracy dies in darkness.” On the Vidder blog Thursday I said that we were at cyberwar. My case was simple…

 

Atlanta Business Chronicle, June 23, 2017

Officials Push to Stop Cyber Fraud

As financial services has become high tech and mobile, so has the fraud that has long plagued consumers and institutions.

Help Net Security, June 16, 2017

New Infosec Products of the Week

Vidder added endpoint trust assessment to its PrecisionAccess solution, which now allows only trusted clients to access enterprise applications – isolating compromised devices from accessing them.

Gartner

Gartner, June 14, 2017

Gartner Identifies the Top Technologies for Security in 2017

Gartner predicts that through the end of 2017, at least 10 percent of enterprise organizations will leverage software-defined perimeter (SDP) technology to isolate sensitive environments.

IT Security News, June 14, 2017

Vidder Beefs Up Cloud Security Product with Protection Compromised Devices

The move of enterprises to the cloud has opened up a new world of productivity and cost savings, but it has also opened up the corporate application infrastructure to greater risks.

 

Vigilance Security Magazine, June 13, 2017

New Capabilities Enhance Access Control Security While Reducing Complexity

Vidder, Inc. has announced the addition of endpoint trust assessment to its PrecisionAccess™ solution.

 

Global Security Magazine, June 13, 2017

Vidder Now Protects Applications from Compromised Devices and Backdoors

With trust assessment, PrecisionAccess allows only trusted clients to access enterprise applications – isolating compromised devices from accessing them – a first for access control solutions.

 

Tolly, June 13, 2017

Spotlight: Vidder, PrecisionAccess

Tolly recently spoke with Greg Ness, VP of Marketing and Junaid Islam, President and CTO at Vidder. regarding their recent release of PrecisionAccess, which they define as Access Control without compromise.

 

SiliconANGLE Media, June 12, 2017

Security Firm Vidder Can Now Foil Attackers at the Application Level

Vidder Inc. has added endpoint trust assessment to its PrecisionAccess software-defined perimeter product, which provides access protection at the software application level.

 

CGN Magazine, June 9, 2017

Cloud Solutions Can Transform Network Security

It was only a few years ago when one survey after another listed “concerns about security” as a top reason why organizations were hesitant to host their critical applications and services in the cloud.

 

ESG, May 5, 2017

Are Next-generation Firewalls Legacy Technology?

A few years ago, next-generation firewalls (NGFWs) came out of nowhere to become a network security staple. These devices combined traditional L3/L4 packet filtering with deep packet inspection, IPS, and other network security services along with knowledge about users and applications.

 

SDX Central, May 4, 2017

Verizon Open Source White Box ‘Coming Soon,’ VP Says

Verizon will soon launch an open source white box solution that runs services from multiple vendors, according to Shawn Hakl, Verizon’s vice president of new products and innovation.

 

Verizon, May 2, 2017

Verizon Launches Software-Defined Perimeter Service to Help Enterprises Proactively Prevent Cyberattacks

Verizon Enterprise Solutions has launched a new Software-Defined Perimeter (SDP) service that enables enterprise customers to proactively identify and block cyberattacks by creating a virtual boundary around their network.

American Security Today, May 1, 2017

Vidder’s PrecisionAccess in ‘ASTORS’ Homeland Security Awards (video)

PrecisionAccess, the industry’s first service based on a breakthrough security architecture called the Software Defined Perimeter, has been nominated to compete in the 2017 ‘ASTORS’ Homeland Security Awards program.

Business Solutions, April 18, 2017

The Growing Case For New Approaches To Access Control

Large organizations are in the midst of several transformative IT initiatives including cloud computing, mobile applications, and opening internal networks to a growing population of third-party business partners.

TechTarget, April 2017

Identity and Access Management Strategy: Time to Modernize?

More likely than not, your company’s identity and access management strategy needs an update. Learn how to decide if that’s the case and, if so, what you should do now.

 

IEEE, March 2017

Software-Defined Perimeters: An Architectural View of SDP

Software Defined Perimeters (SDP) is an emerging security architecture that restricts network access and connections between allowed elements. With origins in the defense IT infrastructure and spreading to enterprise use, it promises to help mitigate a broad set of security vulnerabilities that afflict IT infrastructure protected by conventional perimeter security.

LinkedIn, March 29, 2017

Ukraine: A Newcomer’s View of the State of Cybersecurity

Cybersecurity is one of the fastest growing technology sectors in the United States, with companies popping up weekly, yet on my visit to Kyiv the US embassy indicated only 4 inquires have been received in the past 2 years from US firms interested in entering the Ukrainian market to protect IT assets and systems.

GCN Magazine, March 28, 2017

It’s Time to Repeal and Replace Network Access Control

Network access-control solutions enjoyed growing enterprise adoption 10 years ago, thanks to the rise of wireless local-area networks and the proliferation of internet worms.

channele2e_logo

Enterprise Strategy Group, February 14, 2017

RSA Conference 2017:Anticipating Network Security Chatter

What are the key network security trends at RSA Conference 2017? ESG’s Jon Oltsik offers this preview.

Help Net Security, February 7, 2017

It’s Time to Rethink Using Remote Access VPNs for Third-Party Access

No longer safely operating behind the traditional corporate perimeter, business productivity today depends on integrating external members of the extended enterprise into the work processes.

TalkMarkets, February 6, 2017

RSA: Time To Admit Security Is Broken

Security infrastructure leaders may be about to experience a disruption similar to one already underway in the network infrastructure space.

ChannelPro Network, February 2, 2017

Understanding Software-defined Perimeters

Security devices are increasingly being defined by software rather than hardware, and the latest advancement is SDP. So what is it?

CIO Today, February 1, 2017

Vidder Named a Global Excellence Awards Finalist

Vidder’s PrecisionAccess recognized for unique approach to securing Business-Critical Applications, being the most widely deployed Software Defined Perimeter solution.

CTO Vision, January 27, 2017

Vidder: Securing Business Critical Apps, Transparently

The biggest challenge corporations have today is stopping the cyberattack in cost-effective ways. Vidder has created a single service that mitigates broad ranges of attacks in very smart, well designed ways.

tmcnet-logo

TMCnet, December 16, 2016

Interview with Vidder

Rich Tehrani speaks with Mark Hoover with Vidder about security solutions.

nfv_logo_n

NFV Zone, November 28, 2016

Vidder Expands on PrecisionAccess with Automation, Channel Efforts, Etc.

Vidder offered a fresh perspective on security when it introduced its PrecisionAccess software-defined perimeter service. Its PrecisionAccess solution is used to protect assets with a book value of $1 billion or more. PrecisionAccess automatically connects PKI systems to identity systems and leverages that ID to set up secure links. It configures VPNs per person, and nothing during this process is cached.

CloudExpo Blog, September 16, 2016

Enabling Trust for Healthcare IT Security

The technology called Software Defined Perimeters (SDP) is gaining traction in healthcare. SDP does not attempt to regulate traffic at the network level. It operates at the TCP level, which means it can be deployed anywhere and is transparent to network-level issues such as addressing, ownership, and changing topologies. Since data can’t be accessed unless a TCP connection is established, SDP enables a medical system to completely control who gets to connect to what over their entire extended health network.

cloud-security-alliance

Cloud Security Alliance, August 30, 2016

Cloud Security Alliance Honors Inaugural Research Fellows

The Cloud Security Alliance (CSA) announced the list of inaugural members who are being awarded the CSA Research Fellow designation. Included is CTO and founder Junaid Islam.

 computerworld

Computerworld, August 29, 2016

How Software-Defined Everything Will Change Outsourcing

Software-defined everything (SDE) — the use of software to provision and manage pretty much all IT infrastructure — will have an impact on Management and Security. CTO Junaid Islam describes the concept of the software-defined perimeter (SDP) as a way to secure remote access to applications hosted in the cloud.

 mercury

The Mercury News, July 19, 2016

Campbell: West Point Cadets Logged into the Frontline of Cyber Security

Two United States Military Academy (West Point) cadets recently spent three weeks with a start-up tech company in Campbell, learning the ins and outs of cyber security. Hosting cadets was a first for the company, but one Vidder chief technology officer Junaid Islam welcomed. “They’re in the hub of the tech industry here,” Islam said. “I’m hoping we have given them some practical skills.”

 cloud-security-alliance

Cloud Security Alliance, July 15, 2016

An Enterprise View of Software Defined Perimeter

Software Defined Perimeter (SDP) looks to accelerate the implementation of virtual controls to make organizations more secure without losing the agility cloud and mobility offer. Kirk House, who is an SDP Working Group leader as well as Global Director, Enterprise Architecture at The Coca Cola Company, provides an enterprise view of how we need to rethink security with SDP. By starting with zero trust, the ability to achieve application segmentation, eliminate a wide variety of intermediate attack vectors and achieve greater overall security is compelling.

 computer-technology-review-logo_150

Computer Technology Review, July 12, 2016

Software Defined Perimeter: The Secret Service of TCP/IP Networks

If we give the visibility and access to the president the way TCP/IP does to application servers, could you imagine what the results would be? We’d need a new president every week. It’s a horrible security model because, as you can see, the sequence of protections is completely backward. But, this is how TCP/IP works in both the Internet and in every corporate network!

 GCN_logo

GCN Magazine, July 11, 2016

West Point Cadets Gain Cyber Experience in Silicon Valley Internships

As cybersecurity becomes integral to military operations, learning the basics is imperative for the next generation of cyber warriors, signals intelligence analysts and network operators.  While cadets at the service academies receive coursework in these subjects, gaining practical, real-world experience is especially valuable.  That’s where Vidder, a small Silicon Valley-based network security startup, comes in.

 Politico-Logo

Politico, July 6, 2016

Morning Cybersecurity – From West Point to West Coast

The United States Military Academy at West Point is sending army cadets to Silicon Valley to learn about cybersecurity. By showing West Point students “the whole lifecycle” of cybersecurity research, design and implementation, said Junaid Islam, president and CTO of security firm Vidder, “the idea is that this lifecycle will go back into the Army’s thinking about how they should think about cybersecurity.”

 channele2e_logo

Channel e2e, July 6, 2016

Software Defined Perimeter (SDP) Security Essentials

I’ve written about SDP (software-defined perimeter) security a few times, as I think this model is a strong fit for today’s IT cocktail made of mobile applications, public cloud infrastructure, and pervasive security threats. Several vendors, including Cryptzone and Vidder, actively market SDP offerings, while Google’s BeyondCorp is a homegrown SDP project that Google has made public and highly-visible.

 DarkReading

Dark Reading, July 5, 2016

West Point Trains Female Cadets For Cyber Branch

It’s new for [West Point] to be working directly with Silicon Valley startups, and new to be sending their cadets right to Silicon Valley companies so they directly understand everything from how do product works, how do they invent it, how do we identify cyberattacks, how do we figure out how to stop them,” Islam [CTO of Vidder Inc.] says. The cadets get to see “the whole lifecycle, and the idea is that this lifecycle will go back into the army’s thinking about how they should think about cybersecurity,” he says.

 cso

CSO Magazine, June 30, 2016

IT Internship Brings Women from West Point to Silicon Valley

West Point Academy sent cadets to Vidder in Silicon Valley to learn about key cyber security technologies such as cryptography, public key infrastructure and software defined perimeter, as well as hacking methods.

 IT-Harvest

IT Harvest, May 14, 2016

Vidder’s Junaid Islam Explains How its Software Defined Perimeter Prevents Malicious Attacks

Hackers are no longer limited in what they can accomplish. The world has transformed from an in-office corporate structure to a flexible environment that allows individuals to work for companies that are thousands of miles away. This is great for enterprises and for employees, but it has opened the door to new vulnerabilities. Vidder wanted to create a new security architecture that addressed the problems brought on by the evolving business world.

 DarkReading

Dark Reading, April 21, 2016

Mea Culpa: Time To Build Security Into Connectivity

How those of us who spent decades developing faster, easier, and more scalable networking technology have made the lives of our security counterparts a living hell,” said Mark Hoover, Vidder’s CEO.

 techCrunch

Tech Crunch, April 16, 2016

Making Sense of Enterprise Security

…there are countless moving parts in enterprise security. A natural corollary to this point is that because the challenge is so dynamic, committing technological, organizational and financial resources to a specific tactic is counterproductive — and bound to fail.

 networkworld

Network World, April 13, 2016

Fave Raves: 29 Tech Pros Share Their Favorite IT Products

Comtrade uses PrecisionAccess to protect applications from access by unauthorized users, regardless of where they are—inside or outside the corporate network.

 networkworld

Network World, April 11, 2016

Learning about SDP via Google BeyondCorp

Google’s software-defined perimeter (SDP) architecture can act as a model that enterprise organizations can emulate and enhance over time.

 odbms

Operational Database Management Systems, March 31, 2016

Securing Your Largest USB-Connected Device: Your Car

Automobiles present a worst-case scenario in the number of attack surfaces they bring. While the attack surface is large, it promises to get ever larger as an increasing number of wireless interfaces for vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I, V2X), and vehicle-to-Internet-of-Things (V2IoT) communications are brought online.

 cloud-security-alliance

Cloud Security Alliance, March 31, 2016

Cloud Security Alliance Releases Results of Software-Defined Perimeter Hackathon

CSA, The World’s Leading Cloud Organization Collaborated with Verizon and Vidder To Validate Security and Feasibility of High Availability Public Cloud Architecture at Fourth Annual CSA Hackathon at the RSA Conference 2016.

 PHP-journal

PHP Journal, March 9, 2016

Control the Flow for Security – Why is TCP/IP great for networking but problematic for security?

The technology called Software Defined Perimeters (SDP) has been created to address all of the issues cited above. SDP does not attempt to regulate traffic at the network level. It operates at the TCP level, which means it can be deployed anywhere and is transparent to network-level issues such as addressing, ownership, changing topologies, etc.

 internet_telephony

Internet Telephony, March 8, 2016

The Rental IT Trend

Whether it is homes, cars, or videotapes, the trade-off between buying and renting has been thoroughly discussed and analyzed. Enterprise IT also has to continually make similar decisions. Spend capex or opex? Build and depreciate an asset base or rent and return? Exclusive use or shared use? Of course, enterprises have to look professional so they don’t use the consumer-centric term renting. Instead they call it outsourcing.

 techhive

TechHive, March 4, 2016

Behind the scenes of Vidder’s $10K hacking contest

CSO Magazine’s Steve Ragan chats with president and CEO of Vidder, Junaid Islam, at the 2016 RSA Conference about their $10,000 hacking contest, and how the company’s software-defined perimeter technology, PrecisionAccess, secures access to high value applications for enterprises.

 newsfactor

NewsFactor, March 3, 2016

Vidder PrecisionAccess Wins 2016 InfoSec Award at RSA

Vidder PrecisionAccess Hailed as Industry’s Most Innovative Access Control Solution, Wins Cyber Defense Magazine’s 2016 InfoSec Award at RSA Conference — Advanced Access Control Solution Delivers a Common Platform Proven to Secure Enterprise Applications Anywhere.

 cloud-security-alliance

Cloud Security Alliance, March 2, 2016

Cloud Security Alliance Software Defined Perimeter Working Group Announces New SDP for IaaS Initiative

CSA announced a new initiative to address how SDP can solve security, compliance and administration challenges for infrastructure as a service (IaaS).

 infosecurity-magazine

InfoSecurity Magazine, February 17, 2016

Defending Against the APT Paradigm

The best way to detect attacks is by putting the application with sensitive intellectual property on a segmented network and only allowing access through a single, secure system – such as the Software Defined Perimeter (SDP).

 cloud-security-alliance

Cloud Security Alliance, February 4, 2016

Cloud Security Alliance to Host Fourth Software Defined Perimeter Hackathon; Top Prize of $10,000 up for Grab

“With the first three SDP Hackathons being resounding successes, it’s exciting to take this to the next level by attempting to create the first disruption tolerant application infrastructure by fusing together multiple public clouds.  We’re truly at the cutting edge of researching what is possible,” said Junaid Islam, CTO of Vidder and SDP Workgroup Co-Chair.

 e-security-digest

eSecurity Planet, January 11, 2016

Startup Spotlight: Vidder’s Application Security

Vidder offers a multi-pronged approach to application security based on a solution its founder created for the Department of Defense.

 sc-magazine

SC Magazine, December 15, 2015

Getting workers to ‘buy-in’ to cybersecurity

“What if instead of using APT (Advanced Persistent Threat) it were called the same stupid attack that happened last time,” said Junaid Islam, president and CTO of Vidder, explaining that IT departments generally see the same problem happening over and over and that cycle needs to be broken.

 computer-technology-review-logo_150

Computer Technology Review, December 15, 2015

A Brave, New Cybersecurity World: Evaluating Trust Before Allowing Connectivity

We all know that TCP/IP-based networking has proven to be hugely scalable and flexible. There are several reasons for that… This has created great scale. But … it has also led to almost all of the network-related cybersecurity issues we struggle with today. Let’s illustrate why…

 infotech-spotlight

InfoTECH, December 10, 2015

The Threat is Real; Don’t Be the Catalyst for Hacker Success

The instant access we have to information, entertainment and individuals comes with a price – the networks we use are attractive to others and under attack. It makes sense; if we’re using the same networks to transfer information that could potentially put millions in the hands of the individual with the best hacking skills, why wouldn’t they try?

 vmblog_com_logo

VM Blog, December 10, 2015

Fixing Virtual Silos and Securing the New Virtual IT

Software-Defined Perimeter is a new approach to this problem… This approach overlays both the traditional IT infrastructure and the new to give enterprises complete control over who can connect to what, no matter where the applications are, where the users are, or what device they are using. New solutions addressing the new virtual IT, including SDP, is my prediction as one of the key growth trends for 2016.

 

CloudExpo Blog, November 22, 2015

Reinventing the Handshake

We all know that TCP/IP-based networking has proven to be hugely scalable and flexible… But … it has also led to almost all of the network-related cybersecurity issues we struggle with today. This is why the concept of brokered or arbitrated connection management has taken hold in the form of the connectivity model. Named Software Defined Perimeter (SDP), this model is being promoted by Cloud Security Alliance.

 WSJ

Wall Street Journal, November 3, 2015

Survey Roundup: Casual Attitudes Toward Revenue Recognition Rules

A survey of around 400 information security professionals by application access firm Vidder found 60% of respondents said their companies don’t require multifactor authentication for non-employees who are accessing their enterprise applications—while 42% said their firms don’t make non-employees adhere to BYOD policies.

 homeland-security

Homeland Security, November 2, 2015

Survey: Companies Lack Security Controls For Accessing Enterprise Applications

Despite the persistent onslaught of widespread and high-profile security breaches over the past several years, an alarming number of companies and government agencies still lack sufficient security controls for access to enterprise applications.

Help Net Security, November 2, 2015

Software-Defined Perimeter enables application-specific access control

Back in the early 1990s enterprises migrated away from proprietary protocols such as DECnet, SNA, and Novell IPX to common standards such as IP. The motivation was the open nature of IP and access to all of the investment and innovation in and around IP. But, enterprises still wanted complete control over their network. To achieve that, the concept of IP Firewalls was introduced so that enterprises could create a unique IP network—such as internal addressing, internal routing, and internal DNS—connected to the Internet only via a firewall under their control. For the past 25 years, the term “behind the firewall” has been used as synonym for enterprise network or Intranet.

 crif

Cyber Risk & Insurance Forum, October 31, 2015

Three New DDoS Reflection Techniques Appear in the Wild

Three new reflection distributed denial of service (DDoS) attacks have burst on the scene in recent months: NetBIOS name server reflection, RPC portmap reflection and Sentinel reflection.

 eweek

eWeek, October 28, 2015

Businesses lack security controls for accessing enterprise applications

“Although our survey respondents indicated that stringent access controls are highly useful, their execution in this regard is still lagging,” Ross King, principal analyst of King Research, told eWEEK. “We know this because when we asked these InfoSec professionals about the authentication methods they use to provide access to enterprise applications, the most frequently mentioned method they use is simple passwords.”

 telematics

Telematics News, October 27, 2015

Comtrade and Vidder partner for Connected Car security

Comtrade’s Automotive Division, a leading provider of Mobility-as-a-Service (MaaS), and Vidder have announced a collaborative effort to protect connected cars by providing best-in-class network security to the automotive industry. The joint initiative takes mobile security to the next level, by combining Comtrade’s Mobility-as-a-Service solutions built on its expertise in software platforms, automotive protocols and backend technology, with Vidder’s PrecisionAccess, the industry-first secure connectivity solution that “shrinks” the perimeter to create a new layer of defense around individual applications and services.

 biz-reporter

Business Reporter, October 26, 2015

Enterprise application access controls may be insufficient security measures

Access controls used by enterprise applications to determine which parties are allowed to access company infrastructure may not adequately protect firms from security risks, according to a new report.

 infosecurity-magazine

InfoSecurity Magazine, October 25, 2015

Enterprise Application Access Controls Sorely Lacking

Despite widespread and highly publicized security breaches, most companies still fail to require necessary security controls for accessing enterprise applications, including those applications behind the corporate firewall. According to the Enterprise Application Security Market Research Report from King Research, survey respondents ranked a number of solutions as “highly useful,” including those that: enforce multifactor authentication (MFA) across all users at all times; hide app servers from all devices and unauthenticated users; ensure end-to-end encryption and integrity; and give complete control of who can connect to what, independent of app location, device type and user affiliation

 securityasia

Security Asia, October 22, 2015

Alarming number of companies still lack security controls for accessing enterprise apps

Despite widespread and highly publicized security breaches, most companies still fail to require necessary security controls for accessing enterprise applications, including those applications behind the corporate firewall, according to the results of the Enterprise Application Security Market Research Report, an independent study conducted by King Research.

 fierceITsecurity

FierceITSecurity, October 22, 2015

Firms are failing to implement strong security controls for contractor access to enterprise apps, survey finds

Many companies are failing to require adequate security controls for contractors and other nonemployees accessing enterprise applications, found a survey of 408 information security professionals about app security by King Research on behalf of cloud security firm Vidder.

 infotech-spotlight

InfoTECH, October 22, 2015

Study: Enterprise Applications Face Major Security Lapses

The security threat landscape in the connected world is getting more dangerous for consumers and enterprises alike. An independent study conducted by King Research revealed 60 percent of organizations don’t require non-employee multifactor authentication to access enterprise applications.

Help Net Security, October 21, 2015

Companies still lack security controls for accessing enterprise applications

Despite widespread and highly publicized security breaches, most companies still fail to require necessary security controls for accessing enterprise applications, including those applications behind the corporate firewall, according to a new study by Vidder and King Research.

 DarkReading

Dark Reading, October 21, 2015

Despite Breaches, Alarming Number of Companies Lack Security Controls for Accessing Enterprise Applications, According to Latest Research

Independent Study Respondents Recognize Need for More Stringent Access Controls, Yet 60 Percent of Organizations Do Not Require Multifactor Authentication for Non-Employees Accessing Enterprise Applications.

 g-blog

Gartner Blog, September 23, 2015

Software Defined Perimeter Technology is More than a Fancy VPN

I wanted to expand a bit on how Software Defined Perimeter technology works. The key reason that this technology helps reduce the network attack surface is that before SDP is deployed onto a host, the default TCP/IP stack will automatically strip, parse and process all headers/packets and then send payloads up to the Application Layer for reciept. In an SDP implementation, application connectivity is only provided once the user and device is authenticated and trust is established. This means that traditional attacks that rely on the default-trust flaws built into traditional TCP/IP will be thwarted when using SDP because any non-SDP trusted traffic is discarded prior to stack processing.

 networkworld

Network World, August 27, 2015

Vidder’s SDP puts tight security around high value assets

Reducing the surface that needs to be protected to a single application, makes it easier to apply very tight controls through Software Defined Perimeter techniques… What if we redefined perimeter to be extremely narrow; a layer of protection around just the most important assets, such as a high value business application? The protection is so tight that, not only are the bad guys kept out, but the good guys are as well. That is, until the good guys are carefully authorized and authenticated in a way that effectively locks out the bad guys for good.”

 SDX

SDX Central, August 3, 2015

Software-Defined Perimeter Remains Undefeated in Hackathon

In April, we reported on an emerging access control protocol from the Cloud Security Alliance, which offered a $10,000 prize to anyone who could crack former CIA spook Bob Flores’ account — and even provided his username and password. The protocol, known as software-defined perimeter (SDP) or “Black Cloud,” withstood tens of thousands of attacks to remain undefeated in the third annual Hackathon, according to contest data provided exclusively to SDxCentral by Vidder, which provides a commercial implementation of the open source security standard. Some of the attacks were incredibly sophisticated, indicating nation-state backing, Vidder founder and CTO Junaid Islam tells us. ”

 g-blog

Gartner Blog, April 30, 2015

Are Software Defined Perimeters (SDP) in your Future?

One method that seems interesting (at least to me) is endpoint software that helps define what some are calling a “software defined perimeter” to reduce the deployment friction involved with complex integration or orchestration. SDP is often deployed as an agent technology that basically creates a no-trust network stack.

 e-security-digest

eSecurity Planet, April 16, 2015

10 Trickiest Mobile Security Threats

Connection Hijacking: The man-in-the-middle attack is the most common example of connection hijacking, said Dennis Griffin, product manager of Vidder. “Your sales person sitting in a café is about to use a public Wi-Fi to access SharePoint behind the corporate firewalls. Unbeknownst to her, a nearby attacker has set up a rogue access point to conduct a man-in-the-middle attack. The sales person proceeds with the login. The attacker is able to watch and save the user’s traffic in real time, exposing massive amounts of sensitive data,” he said, adding that other forms of connection hijacking include certificate forgery and DNS poisoning.

 SDX

SDX Central, April 8, 2015

Cloud Security Alliance: $10K Prize to Hack Our Gibson

The Cloud Security Alliance is willing to bet that nobody can crack its software-defined perimeter, a security framework for protecting cloud infrastructure from network attacks.The industry group is offering $10,000 to the first person to break into former CIA Chief Technology Officer Bob Flores’ account, which is protected by the technology. As a sweetener, the organizers will publicly publish Flores’ username and password. Two previous challenges have yet to produce a breach, calling to mind the seemingly impossible-to-hack Gibson supercomputer from the 1995 film Hackers.

Help Net Security, April 8, 2015

CSA to hold hackathon featuring $10,000 prize

The Cloud Security Alliance (CSA) will hold its third Hackathon at the RSA Conference 2015 in San Francisco, to continue to test the CSA Software Defined Perimeter Specification V.1. A top prize of $10,000 is available to the first participant to gain access to a password provided account. The CSA’s Software Defined Perimeter (SDP) research project represents a breakthrough approach to security, and is a collaboration among more than 100 companies and U.S. government organizations.

 cloud-security-alliance

Cloud Security Alliance, April 7, 2015

Cloud Security Alliance to Host Third Software Defined Perimeter (SDP) Hackathon – Top Prize of $10,000 Available

The Cloud Security Alliance (CSA) announced it will hold its third Hackathon at the RSA Conference 2015 in San Francisco, to continue to test the CSA Software Defined Perimeter Specification V.1. A top prize of $10,000 is available to the first participant to gain access to a password provided account.

 computer-technology-review-logo_150

Computer Technology Review, April 1, 2015

CTR Most Valuable Product Award

Vidder’s PrecisionAccess stops cyber attacks before they start. It defeats credential theft, server exploitation, and connection hijacking by dynamically connecting only authenticated users to isolated servers and their protected applications. PrecisionAccess enables secure connectivity between users and applications across different companies, organizations, and zones of control. Enterprises can securely evolve revenue generating business ecosystems and confidently leverage major IT trends to reduce cost and enhance agility. PrecisionAccess is the industry’s first service based on a breakthrough security architecture called the Software Defined Perimeter.

 WSJ

Wall Street Journal, March 23, 2015

Coca-Cola Looks to Secure Network Edge for Age of Cloud, Mobility

Coca-Cola Co., feeling the pressure to strengthen its digital security, is experimenting with a new approach that makes use of software virtualization, a concept that revolutionized computer servers during the last decade or so.

 tmcnet-logo

TMCnet, March 23, 2015

Wheelings & Dealings: Vidder Receives $12 Million Funding Round to Help Deliver Access Control Solution

The prevalence of cloud computing within the enterprise has led to a marked increase in cyber attacks and a need for companies to tighten their security measures and become more proactive. Vidder, a company that specializes in high-level access control for extended and distributed enterprises, understands the benefits and risks of the cloud and is stepping up its game.

 venturewire

Venturewire, March 19, 2015

Vidder Catches $12M to Arm Enterprises Against Cyberattacks

Cybersecurity company Vidder Inc. raised another $12 million for technology that protects companies against criminals using stolen online credentials.

The company has created a software-defined perimeter that controls connectivity to applications by granting access only to authorized users, rendering the stolen credentials irrelevant.

 ema

Enterprise Management Blog, November 7, 2014

Cloud Security Alliance Hack-A-Thon and the Software Defined Perimeter

… Just last week, CSA announced the results of a worldwide Hackathon against an implementation of their Software Defined Perimeter (SDP) to see what would happen. The results were very positive. Their SDP withstood over a month of pounding from individuals and groups representing amateurs, self-taught enthusiasts/hackers, as well as trained professionals from over 100 countries. They threw everything they had at it. Like McDonald’s, there were billions [of packets] served up, and in the end, none succeeded in breaching the SDP that protected the public cloud.

 cloud-security-alliance

Cloud Security Alliance, August 27, 2014

Hackathon On! Cloud Security Alliance Challenges Hackers to Break its Software Defined Perimeter (SDP) at CSA Congress 2014

The Cloud Security Alliance (CSA) announced it will hold its second Hackathon this year at the upcoming CSA Congress 2014, to validate the CSA Software Defined Perimeter (SDP) Specification to protect application resources distributed across multiple public clouds.

 cloud-security-alliance

Cloud Security Alliance, May 1, 2014

Cloud Security Alliance Releases Update to Software Defined Perimeter (SDP)

The Cloud Security Alliance (CSA) … today announced the release of two key documents related to the CSA’s Software Defined Perimeter (SDP), an initiative to create the next generation network security architecture. The SDP Version 1.0 Implementation Specification and SDP Hackathon Results Report provide important updates on the SDP security framework and deployment in protecting application infrastructures from network-based attacks. CSA will be providing press briefings about SDP developments at Infosecurity Europe.

 cloud-security-alliance

Cloud Security Alliance, February 26, 2014

Software Defined Perimeter (SDP) Yet To Be Hacked; CSA Ups the Ante on Virtual Hackathon

The Cloud Security Alliance (CSA) announced that it has upped the ante, as no one has yet been able to hack the Software Defined Perimeter (SDP) network since the contest began on Monday… The first participant to successfully capture the target information on the protected server will receive an expenses paid trip to both Black Hat and DEF CON ® 22 conference, including air and hotel, held in Las Vegas August 6-10, 2014.

 GCN_logo

GCN, January 13, 2014

CSA pushes software-defined perimeter network protection

For many years defense, intelligence and other government agencies have deployed secure networks that are invisible and inaccessible to outsiders. As a result, agencies are no strangers to “need-to-know” networks in which the posture and identity of devices are verified before access to the application is granted.

 cloud-security-alliance

Cloud Security Alliance, December 5, 2013

Cloud Security Alliance releases Software Defined Perimeter (SDP) framework details

The Cloud Security Alliance (CSA) announced the release of the Software Defined Perimeter Report, a new white paper report that explains the Software Defined Perimeter (SDP) security framework and how it can be deployed to protect application infrastructures from network-based attacks.

 TechTarget-gray

Search AWS, November 13, 2013

Industry group announces plans to address cloud security challenges

The Cloud Security Alliance, an organization that promotes best practices for securing cloud computing, has launched the Software Defined Perimeter initiative for securing access to the cloud.

 bcn

Business Cloud, November 13, 2013

CSA says Software Defined Perimeter will use cloud against hackers

The Cloud Security Alliance (CSA) has unveiled a new initiative called the Software Defined Perimeter, a project focusing on developing end-to-end network security for cloud-based applications. The CSA told Business Cloud News that the initiative will test novel security methods that, while making use of tried and tested techniques, have never been implemented.

 iot-agenda

IoT Agenda, November 13, 2013

CSA’s software-defined perimeter to secure BYOD, ‘Internet of Things’

The Cloud Security Alliance (CSA) today announced the formation of a new working group aimed at securing the proliferation of mobile devices and other nontraditional computers currently flooding enterprise networks.

 cloud-security-alliance

Cloud Security Alliance, November 13, 2013

Cloud Security Alliance announces Software Defined Perimeter (SDP) initiative

The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing, today announced the launch of the Software Defined Perimeter (SDP) Initiative, a project to develop an architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.