news
Skybox Security and
Indegy integrate
to strengthen
cybersecurity in
critical infrastructure
kybox Security, a global leader
in cyber-risk management,
has announced its integration
with Indegy, a leader in industrial
cybersecurity, to help organisations
better understand the security posture
of hybrid IT and operational technology
(OT) networks. The integration between
Skybox and Indegy provides customers
with seamless visibility of their IT and OT
networks. The combination of Indegy’s
passive and active data collection
from the OT network is relayed to
Skybox where OT assets, services and
vulnerabilities are modelled alongside
those from the IT environment. With
Skybox’s understanding of the hybrid
network topology and security controls,
it can simulate access between and
within networks, and determine the
reachability of vulnerable assets. Skybox
also provides more context to Indegy’s
vulnerability data, highlighting exposed
and exploitable vulnerabilities, prioritising
their remediation and generating tickets
to kick off the workflow.
S
Amrit Williams, VP of Products, Skybox
Security, said OT networks have been a
mystery to IT security teams but CISOs
are now being tasked with getting a
handle on security in OT environments.
He said: “Our integration with Indegy
further strengthens the visibility and
insight we give customers with hybrid
IT–OT networks, so they can accurately
prioritise and respond to those risks.”
6
PLANS ANNOUNCED TO INTRODUCE
NEW LAWS FOR INTERNET-
CONNECTED DEVICES
lans to ensure that millions
of household items that
are connected to the
Internet are better protected from
cyberattacks have been launched by
the UK government’s Digital Minister,
Margot James.
P
Options that the government will be
consulting on include a mandatory
new labelling scheme. The label
would tell consumers how secure
their products such as ‘smart’ TVs,
toys and appliances are. The move
means that retailers will only be
able to sell products with an Internet
of Things (IoT) security label. The
consultation focuses on mandating
the top three security requirements
that are set out in the current
‘Secure by Design’ code of practice.
These include that:
• IoT device passwords must be
unique and not resettable to any
universal factory setting
• Manufacturers of IoT products provide
a public point of contact as part of a
vulnerability disclosure policy
• Manufacturers explicitly state the
minimum length of time for which the
device will receive security updates
through an end-of-life policy
Following the consultation, the security
label will initially be launched as a
voluntary scheme to help consumers
identify products that have basic security
features and those that don’t.
Digital Minister, Margot James, said the
new proposals will help to improve the
safety of Internet-connected devices and
are another milestone in the UK’s bid to
be a global leader in online safety.
Issue 14
|
www.intelligentciso.com