Cybersecurity Services, First attack matrix for software supply chain security is launched by cybersecurity leaders

The first attack matrix for software supply chain security is launched by cybersecurity leaders. "OX Security" is leading the open framework movement, which has already attracted current and former cybersecurity professionals from "Microsoft, Google, GitLab, Check Point, OWASP, Fortinet, and other organizations."




On February 1st, 2023, "OX Security," the first end-to-end software supply chain security solution, announced the release of OSC&R (Open Software Supply Chain Attack Reference), the first and only open framework for comprehending and assessing current threats to the security of the entire software supply chain.

OX Security's stance is that security needs to be a primary consideration throughout the software development process, not an afterthought. OX is the first end-to-end software supply chain security solution, and it was created by "Neatsun-Ziv" and Lior Arzi, who oversaw "Check Point's Security Group" earlier. The automation, visibility, and risk analytics that DevSecOps teams require to provide security and integrity to every level of the supply chain, from early planning stages through deployment to production, are provided by OX. Cybersecurity services solutions offer a wide range of benefits for small business owners. These include comprehensive protection from cyber threats, comprehensive threat detection and prevention, regular security updates and patches, proactive monitoring to identify and respond to suspicious activity, as well as robust protection against data theft, malware attacks, ransomware attacks, phishing attempts, and other cyber threats.

David Cross, a former Microsoft and Google cloud security executive, Lior Arzi, Neatsun Ziv, OX Security Co-Founder and CEO, Hiroki Suezawa, Senior Security Engineer at GitLab, Eyal Paz, Head of Research at OX Security, Phil Quade, former CISO at Fortinet, Shai Sivan, CISO at Kaltura, Naor Penso, Head of Product Sec, and Dr. Chenxi Wang are among the founding group of cybersecurity.

There was a very real need for a MITRE-like framework that would enable specialists to more accurately assess and evaluate supply chain risk, a process that up until now could only be relied on intuition and experience, according to conversations with hundreds of industry executives. In order to comprehend and analyze the tactics, methods, and procedures (TTPs) employed by attackers to breach the security of software supply chains, OSC&R is created to give a standard language and framework.

Before starting OX, Neatsun Ziv was Check Point's VP of Cyber Security. He remarked, "Trying to talk about supply chain security without a clear understanding of what defines the software supply chain isn't helpful. Security methods are frequently compartmentalized without a consensus definition of the software supply chain. Security teams may now make use of OSC&R to assess current defenses, identify risks that need to be prioritized, and specify how existing coverage handles those threats. OSC&R can also be used to follow the actions of attacker groups.

Senior security engineer at Gitlab "Hiroki-Suezawa" remarked, "OSC&R helps security teams create their security strategy with confidence. We wanted to provide the security community with a single point of reference so they could evaluate and compare their own approaches to safeguarding their software supply chains."

As new strategies and methods develop, the OSC&R architecture will be updated. It will also aid with red-teaming operations by assisting in defining the parameters of a pentest or red team activity, acting as a scorecard both during and after the test. Additionally, the framework is now accessible to other authorities and professionals in cybersecurity who wish to contribute to OSC&R. Cybersecurity services solutions offer a wide range of benefits for small business owners. These include comprehensive protection from cyber threats, comprehensive threat detection and prevention, regular security updates and patches, proactive monitoring to identify and respond to suspicious activity, as well as robust protection against data theft, malware attacks, ransomware attacks, phishing attempts, and other cyber threats.

According to "Naor-Penso," Head of Product Security at FICO, "I think the OSC&R methodology will assist enterprises in lowering their attack surface." I'm honored to contribute to a project that might significantly alter the landscape of future security and offer our knowledge and experience.

Visit our website here: msphub.io
Contact us here: https://msphub.io/contact-us

Visit our social media pages via,
LinkedIn: https://www.linkedin.com/company/mssphub/?viewAsMember=true
Twitter: https://twitter.com/HubMsp
Facebook: https://www.facebook.com/profile.php?id=100090749499438

Comments

Post a Comment

Popular posts from this blog

CSOC Services delivered by MspHub

Image
Essentially, the term “SOCaaS” implies a kind of supervised security organization this is cloud-based, in view of a software-as-a-service (SaaS) platform, level, and goes past the regulated security organization (MSS) commitments of conventional directed security master centers (MSSps). Like MSS, SOCaaS joins all the checking and the leading body of interference notoriety systems, firewalls, antivirus, and antispam structures, computerized individual gatherings (VPNs), endpoint inclusion (EPP), and endpoint personality and response (EDR). Though the time span, SOCaaS will, as a rule, be upheld by utilizing brisker expert centers, more snared affiliations will infamously give organizations that meet the which method for SOCaaS as a thing of their MDR commitments. Be that as it could,  For what reason does your business undertaking wants “ SOC ” as help? Wellbeing inside the robotized time demands that offices show their whole homegrown and settle all alerts, yet for certain affili...
Read more

The Importance of "Penetration Testing" for the long-term success of your business organization

Image
Uninitiated individuals might think it's strange, yet businesses all throughout the world pay people to hack into their systems and get crucial data. Because you have to think like a thief to capture one, they do this. To make sure they have someone who is one step ahead of the strategies that criminals employ, organizations engage ethical hackers, also known as penetration testers. Regarding an organization's cyber defenses, penetration testing has a special and crucial role. It offers organizations a practical understanding of the efficacy of their security procedures, unlike other safeguards. It's critical that you have a strategy in place to safeguard your business as the cost of cyber assaults rises. According to Cisco's 2022 Cybersecurity Almanac, organizations might wind up shelling out up to $10.5 trillion (about £8.9 trillion) by 2025 to cope with security events. How does penetration testing work? Penetration testing is essentially a controlled kind of hacking...
Read more

Does your organization need XDR? What exactly is XDR? What is the value of XDR for businesses?

Image
  Does your organization need XDR? Large enterprises are increasingly being advised to use XDR (Extended Detection and Response) solutions to secure their infrastructure. However, many individuals are unaware of what XDR is and what it actually performs. In this piece, I'll answer some fundamental XDR questions to assist you to determine whether your firm will benefit from deploying it. What's the problem with traditional defense? Endpoints servers and workstations were traditionally the first to be protected from cyber threats, and this eventually became a critical step in combatting sophisticated assaults. Organizations also utilized simple network security or installed sophisticated protection solutions to shut down only one possible attack vector, such as on endpoints ( EDR solution ) or the network (NTA solution), and so on. However, today's cybercriminals are increasingly leveraging various access points to the infrastructure, lateral movement via the network, a ran...
Read more