Latest news with #Coalfire
Business Wire
21 hours ago
- Business
- Business Wire
Forescout Partners with Coalfire to Deliver FedRAMP-Authorized Cybersecurity Solutions for U.S. Public Sector Agencies
SAN JOSE, Calif.--(BUSINESS WIRE)-- Forescout Technologies, Inc., a global cybersecurity leader, today announced a strategic partnership with Coalfire to accelerate the FedRAMP Authorization to Operate (ATO) processes for Forescout Cloud Services. 'Our partnership with Coalfire positions Forescout Cloud Services to meet the highest security standards and accelerate the path to FedRAMP authorization," said Mike Walsh, President of Forescout Government Systems. This collaboration builds on Forescout's 20-year track record of providing cost-effective security solutions for US federal civilian and DoD agencies to support them in modernizing their cybersecurity posture in line with the Federal Zero Trust Strategy, including the DoD's device requirements and evolving cloud security mandates. Forescout Cloud delivers scalable, intelligent, and integrated cybersecurity for all connected edge devices, as well as IT, Operational Technology (OT), and Internet of Things (IoT). Leveraging Coalfire's deep FedRAMP expertise, Forescout can rapidly meet the rigorous security and compliance requirements of all U.S. federal agencies. 'Federal agencies can't afford delays when it comes to cloud modernization and Zero Trust for IT devices and the future of Zero Trust for OT security,' said Mike Walsh, President of Forescout Government Systems. 'Our partnership with Coalfire positions Forescout Cloud Services to meet the highest security standards and accelerate the path to FedRAMP authorization. Together, we're enabling agencies to strengthen cyber resilience and maximize ROI.' The Forescout 4D Platform™ is built for high-stakes federal networks that reflect real-world deployments in DoD, DHS, and other federal agencies. Unlike other network security vendors that create vendor lock-in and limit flexibility in environments with diverse network gear, Forescout is the alternative and strategic enhancement to CISOs and cyber managers who have a deliberate approach to network vendor competition. With Forescout Cloud Services, federal agencies will be able to: Form the foundation of Zero Trust security with enterprise-wide asset intelligence and deployment health monitoring. Take the next steps in Zero Trust enforcement, including network segmentation and real-time policy simulation. Eliminate the need for manual reports with automated reporting powered by generative AI that helps prove adherence to executive orders and mandates. Deploy advanced threat detection and response, with full Security Orchestration, Automation, and Response (SOAR) and Security Operations Center (SOC) integration across hybrid and cloud environments. Benefit from native support for IPv6 addressing that aligns with federal modernization mandates. 'Coalfire's FastRAMP accelerator services are designed to help cloud innovators like Forescout navigate and succeed in the FedRAMP process with confidence,' said Karen Laughton, Executive Vice President at Coalfire. 'This partnership reflects our shared mission of securing critical federal infrastructure and bringing trusted cloud capabilities to government customers, faster.' Join the Conversation Forescout will host a webinar, led by its cloud leadership team, to share the company's vision and roadmap for delivering FedRAMP-authorized cloud services on July 15 at 11 a.m. CT. Register here. About Forescout The Forescout 4D Platform™ provides complete asset intelligence and control across IT, OT, and IoT environments. For more than 20 years, Fortune 100 organizations, government agencies, and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance, and mitigate threats. With seamless context sharing and workflow orchestration across more than 100 full-featured security and IT product integrations, Forescout makes every cybersecurity investment more effective. Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout's platform. About Coalfire Coalfire is a global services and solutions company that specializes in cyber advisory, assessment, and security. The company also develops cutting-edge technology platforms that automate defenses against security threats for the world's leading enterprises, cloud providers, and SaaS companies. Coalfire is the foremost provider of FedRAMP compliance assessments and penetration testing services in the United States. For more information, visit and follow on LinkedIn.
Yahoo
11-05-2025
- Business
- Yahoo
Elon Musk's Plan for Americans' Sensitive Data Has Security Experts Terrified
Elon Musk's ever-alarming Department of Government Efficiency (DOGE) now wants to consolidate the federal government's vast data reserves. They're currently siloed across government agencies, and DOGE wants to merge them into a sprawling centralized database. Unsurprisingly, security experts told The Washington Post that's a terrible idea. It's not hard to see why. China hasn't upped its hacking efforts just for kicks; data is incredibly powerful, and hacking groups and foreign adversaries are always trying to get their hands on sensitive information about American citizens and residents, lawmakers, agencies, and companies. As conventional security wisdom goes, keeping that sensitive information in separate, protected piles across agencies not only makes it more difficult for hackers to find data, but if there's a breach, ensures that adversaries only get their hands on one small slice of a much bigger pie. In short, it's the difference between sending treasure hunters to find and collect individual coins that have been scattered across an ocean, or sending them after one big pot of gold. Which one would you rather track down? "Separation and segmentation is one of the core principles in sound cybersecurity," Charles Henderson, an executive at the security firm Coalfire, told WaPo. "Putting all your eggs in one basket means I don't need to go hunting for them — I can just steal the basket." Privacy and civil rights groups are also concerned about the cross-agency pooling of federal data, as combining data from across government agencies — from health services to immigration, social security, workforce-related agencies, and so on — can paint more holistic (and thus more targeted and exploitable) portraits of specific US citizens and residents. As Faith Williams, director of the Effective and Accountable Government Program at the Project on Government Oversight, told WaPo, you "want people to have the least amount of access that they absolutely need." "So if someone comes in and asks a question," she added, "it's not 'here's the master key.'" In a statement to WaPo, the White House severely downplayed valid security concerns, with a spokesperson urging that DOGE is comprised of "some of the brightest cybersecurity minds in the nation" and that "every action taken is fully compliant with the law." "President Trump is leading the charge to modernize the federal government and make it more efficient — and DOGE is playing a critical role in fulfilling that vision," said the spokesperson, per WaPo. "By advancing secure data-sharing across agencies, DOGE is enhancing accountability, eliminating fraud, and streamlining operations across the board." More on DOGE: Elon Musk Using Private Data to Build List of People to Deport
Techday NZ
27-04-2025
- Business
- Techday NZ
Qualys launches Policy Audit to slash compliance audit costs
Qualys has announced an enhancement to its policy compliance solution with the launch of Policy Audit, aiming to streamline audit efficiency, reduce compliance costs and lower regulatory risks for organisations. The increase in regulatory requirements has presented significant challenges for enterprises; according to the Compliance Digital Transformation Report by Coalfire, nearly 70% of service organisations are subject to six or more regulatory frameworks. These requirements stretch operational resources and often result in higher costs. The complexity is further complicated by system misconfigurations which can lead to instances of non-compliance and potential regulatory penalties. Policy Audit introduces several automated features designed to address these challenges by reducing the reliance on manual processes. Sandeep Khanna, Chief Information Security Officer at the Unique Identification Authority of India (UIDAI), commented on the integration of Policy Audit, stating: "Integrating Qualys Policy Audit into our workflows has transformed how we manage compliance. The seamless collaboration between teams, combined with real-time visibility across multiple mandates, has streamlined our operations and enabled proactive risk management. It's a game-changer for audit readiness." The Policy Audit solution works by automatically mapping collected evidence to major compliance frameworks such as PCI DSS 4.0, DORA, NIST, CMMC, and FedRAMP. It provides coverage across 450 technology types, includes over 1,000 out-of-the-box policies, and supports compliance with more than 90 frameworks. This is intended to foster continuous compliance and audit readiness while helping to mitigate the risk of audit failures. Among its features, the continuous audit readiness capability automates evidence collection and reduces the risk of human error, offering organisations a way to monitor audit gaps via real-time compliance posture dashboards. According to Qualys, the use of automated policy compliance can reduce audit failure rates by as much as 95%, allowing organisations to proactively address risks that could result in fines or penalties. Policy Audit also incorporates Qualys TruRisk, which maps compliance and data privacy risks automatically while identifying and prioritising critical misconfigurations according to business impact and asset and threat exposure. This functionality is intended to help organisations focus resources on the most significant vulnerabilities, and to understand the effect of these vulnerabilities across various regulatory mandates. With regard to operational workflow, Policy Audit includes automated IT Service Management (ITSM) workflows to connect silos between teams, ensuring necessary information moves efficiently to the relevant parties. Its integration with Governance, Risk, and Compliance (GRC) tools aims to improve visibility and streamline both compliance tracking and risk management. Policy Audit features automated remediation workflows to accelerate the response to compliance gaps and reduce the window of exposure to breaches. On the reporting side, the solution enables organisations to generate multiple customisable reports from a single data collection process, utilising more than 90 pre-mapped mandates. These reports can be adapted for audiences such as executives and stakeholders, facilitating audits on demand and reportedly cutting audit costs by up to 50%. Sumedh Thakar, President and Chief Executive Officer of Qualys, commented: "Organisations are facing a growing number of mandates, and audit readiness is more critical than ever. Yet many struggle with complex regulations, limited staff, tight budgets, and manual processes—making compliance costly and error-prone." "Policy Audit transforms audits from a source of stress into a streamlined, automated process that empowers teams to do more while keeping the organisation continuously audit ready." In conjunction with Policy Audit, Qualys has introduced Audit Fix, an optional feature designed to help limit breach exposure. Audit Fix allows users to remediate audit findings before they escalate into compliance issues using a library of pre-defined scripts and policies, which can be integrated into continuous integration and deployment (CI/CD) pipelines. Customisable remediation workflows further contribute to continuous compliance and risk reduction. Qualys Policy Audit is expected to be available in the second quarter of the year.
Associated Press
31-03-2025
- Business
- Associated Press
Precision AQ Earns HITRUST Implemented, 1-year i1 Certification for Data Protection and Cybersecurity Risk Management
HITRUST i1 certification confirms Precision AQ's commitment to protecting sensitive data with leading security practices. NEW YORK, March 31, 2025 /PRNewswire/ -- Precision AQ, a leader in guiding life science organizations through the complexities of product commercialization and empowering access to life-changing medicines for all, announced today that its PatientLens platform has achieved HITRUST certification for system and information security. PatientLens transforms healthcare insights and patient program design by reducing friction in patient services and by delivering timely, actionable information to support decision-making. The platform offers a detailed view of insurance coverage, out-of-pocket costs, and medical or medication history. By leveraging tokenized patient data and advanced analytics, PatientLens helps healthcare organizations optimize patient outreach, prioritize cases, and ensure compliance, driving improved outcomes and operational efficiency. The HITRUST Implemented, 1-Year i1 validated assessment and certification process confirms that the PatientLens platform applies a robust set of HITRUST-curated controls. These controls ensure the organization follows leading security practices and maintains a comprehensive cybersecurity program to defend against cyber threats. HITRUST continuously analyzes cyber threat intelligence to keep its control requirements relevant, helping organizations mitigate emerging risks like phishing, brute force attacks, and ransomware, and supporting organizational resilience. 'The HITRUST i1 validated assessment is a powerful tool for cyber-aware organizations, such as Precision AQ,' said Robert Booker, Chief Strategy Officer at HITRUST. 'This certification assures the measurement, implementation, and performance of robust information security controls. Congratulations to Precision AQ on achieving HITRUST i1 certification for their PatientLens platform, showcasing the operational maturity of their cybersecurity program.' Precision AQ successfully achieved HITRUST CSF certification through a strategic partnership with Coalfire Systems, a leading provider of cybersecurity and compliance solutions. By leveraging Coalfire's deep expertise and proven methodologies, Precision AQ navigated the rigorous certification process with confidence and efficiency. 'Healthcare data reveal some of the most intimate aspects of our lives,' said Aaron Reynolds, Vice President, Security, Data & Consumer Services at Coalfire. 'We are privileged to collaborate with Precision AQ, an organization devoted to advancing access to transformative medical solutions. Our evaluation of their cybersecurity program against HITRUST's rigorous criteria underscores Precision AQ's dedication to mitigating cyber threats and safeguarding sensitive healthcare information. Securing HITRUST i1 certification highlights their unwavering focus on data protection and fostering trust with patients.' To learn more about how Precision AQ is advancing data security and patient-centric solutions, visit About Precision AQ Precision AQ, formerly known as Precision Value & Health, is a trusted partner for life sciences companies, guiding them through the complexities of commercialization across a product's life cycle. With a team of life science experts, advisors, and creative professionals, Precision AQ is dedicated to ensuring patient access to transformative therapies. The company provides a comprehensive range of services, including global pricing and market access strategy, healthcare advertising and marketing, health economics and outcomes research, medical communications and medical affairs, managed markets marketing, market access and data-driven technology solutions, investor relations and external communications, international brand strategy, medical education, learning and development, public relations, patient insights services, and omnichannel engagement strategy and product solutions. For more information, visit
