Latest news with #DigitalOperationalResilienceAct
Business Wire
24-07-2025
- Business
- Business Wire
Continuous Protection for the Cloud Era: Veracode Spotlights Latest Innovations for Advanced Software Security
BURLINGTON, Mass.--(BUSINESS WIRE)--Veracode, a global leader in application risk management, today unveiled a suite of innovations that transform how enterprises approach security. The enhanced platform cuts vulnerability remediation time by up to 92 percent, while using proactive defense to prevent 60 percent of critical supply chain risk from ever entering organizations. These latest enhancements to Veracode's Package Firewall and Risk Manager provide assurance, context, and continuity across the software development lifecycle. Security teams are drowning in vulnerability alerts while missing the risks that actually matter. With our latest innovations, instead of endless firefighting, teams can now prevent threats proactively and focus remediation efforts on maximum impact. Share 'Security teams tell us they're drowning in vulnerability alerts while missing the risks that actually matter. Our latest innovations flip the script—instead of endless firefighting, teams can now prevent threats proactively and focus remediation efforts where they'll have maximum business impact,' said Derek Maki, Head of Product at Veracode. Redefining Application Risk Management with End-to-End Risk Visibility The latest enhancements to Veracode's Application Risk Management platform enable security teams to identify and remediate vulnerabilities with greater speed and precision than ever before. Veracode Risk Manager sets a new standard for application security posture management (ASPM), featuring six new integrations with industry leaders, including Wiz. By aggregating and prioritizing issues across all sources, Risk Manager reduces vulnerability remediation time by up to 92 percent. This holistic view empowers security teams to act on the Best Next Action™—the actions that reduce the most risk—with precision. Securing the Software Supply Chain With 70 percent of critical security debt stemming from third-party code, enterprises are under unprecedented pressure to safeguard their software supply chains. Regulations like the European Union's Digital Operational Resilience Act (DORA) highlight the vital role of open-source security in maintaining software supply chain integrity. Veracode Package Firewall redefines supply chain security with an automated solution that blocks untrusted packages, before they can infiltrate development pipelines. Powered by advanced AI analysis, Package Firewall identifies and blocks 60 percent more malicious packages than competing solutions, effectively preventing vulnerabilities, malware, and policy violations from entering organizational systems. Paired with Software Composition Analysis (SCA) and Malicious Package Detection, Veracode Package Firewall significantly reduces the risk of supply chain attacks by finding and neutralizing libraries harboring malicious code. 'Veracode Package Firewall represents a fundamental shift in how we think about supply chain security. While others are still alerting malicious packages after they're in your codebase, we're blocking them at the gate. This means security teams can finally get ahead of supply chain threats instead of scrambling to respond when legitimate packages get compromised or malicious packages slip through,' said Maki. Built on proprietary threat intelligence, the product automates real-time risk management to ensure nefarious files and programs never make it into an organization's codebase. Empowering Developer Productivity with Frictionless Security According to Gartner, Inc., organizations with a high-quality developer experience are 33 percent more likely to attain their business goals and 31 percent more likely to improve delivery flow. Veracode continues to champion developer productivity through an enhanced platform experience, featuring improved Integrated Developer Environment (IDE) plugins and new Git integrations that embed enterprise-level security directly into workflows. 'Developer productivity isn't just a nice-to-have; it directly impacts your ability to ship secure software at market speed. Our IDE integrations deliver enterprise-grade security insights without the context switching that kills developer flow. This is why we're seeing 35 percent faster remediation times with our IDE plugins and integrations, including Visual Studio, IntelliJ IDEA, and Eclipse, as well as GitHub, GitLab, and Azure DevOps,' said Maki. Veracode's latest developer-focused innovations eliminate operational inefficiencies and simplify workflows, removing unnecessary complexity from day-to-day DevSecOps processes. Additional innovations include: AI-Assisted Login for Dynamic Application Security Testing (DAST): Automates complex authentication flows, reducing script setup time by 50 percent and expanding dynamic testing coverage. Automates complex authentication flows, reducing script setup time by 50 percent and expanding dynamic testing coverage. Container and Infrastructure-as-Code (IaC) Results: Centralizes container and IaC findings in the Veracode Platform, streamlining vulnerability management. Centralizes container and IaC findings in the Veracode Platform, streamlining vulnerability management. Veracode Fix Usage Analytics: Provides a dashboard that tracks usage and Common Weakness Enumerations (CWEs) addressed, offering insights by IDE, project, and source file to optimize remediation. Availability Veracode's latest product innovations are available to customers today. To find out more about the company's application risk management platform and solutions, visit the website. About Veracode Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world's leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, and Penetration Testing. Learn more at on the Veracode blog, and on LinkedIn and X. Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands, or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
TECHx
17-07-2025
- Business
- TECHx
Veeam Reveals 96% EMEA Financial Firms Struggle.
Home » Emerging technologies » Cyber Security » Veeam Reveals 96% EMEA Financial Firms Struggle Six months after the EU's Digital Operational Resilience Act (DORA) came into effect, Veeam® Software, the Data Resilience, announced findings from a Censuswide survey. The survey revealed that 96% of EMEA financial services organizations still feel their data resilience falls short. The study gathered insights from senior IT decision makers in the UK, France, Germany, and the Netherlands. It highlighted the challenges the sector faces in adapting to DORA, which was introduced in January 2025 to strengthen defenses against cyberthreats and ICT disruptions. 'It's promising to see that most organizations have embraced and feel confident about meeting DORA's requirements,' said Edwin Weijdema, Field CTO EMEA at Veeam. 'Achieving compliance is an important first step in ensuring your organization is resilient but given today's complex threat landscape there's more to do. New Veeam research shows that many financial institutions still see a gap in their overall resilience and face challenges in securing the necessary budget, even as DORA grows in strategic importance. The journey to operational resilience is ongoing, and it's clear that prioritizing data resilience remains critical for organizations' long-term success.' While 94% of organizations reported that DORA is now a higher priority than before the deadline, 40% called it their top digital resilience focus. Half said DORA requirements are part of their wider resilience programs. However, many continue to face obstacles: 41% reported increased stress on IT and security teams. 37% dealt with higher ICT vendor costs. 22% saw digital regulations as barriers to innovation. Despite the focus on compliance, many firms have yet to complete key requirements such as recovery testing, incident reporting, and third-party risk oversight, which 34% cited as the hardest to implement. Andre Troskie, Field CISO EMEA at Veeam said, 'It's interesting to see that third-party oversight has emerged as a particular pain point for organizations. Over a third named it the most challenging to implement, and many called for additional guidance on establishing it in the first place. An often-overlooked facet of data resilience, it's promising to see that organizations are interrogating their defences to this degree which is exactly what it was designed to do. Of course, meeting the requirements is key, but DORA was also about getting organizations to assess their resilience holistically and in that aspect, it seems to be succeeding.' Veeam's experts stressed that while compliance is crucial, true operational resilience requires ongoing effort and holistic data resilience strategies. The company also highlighted its Data Resilience Maturity Model (DRMM), developed with McKinsey, which helps firms assess and improve their resilience against evolving risks. This research emphasizes the growing importance of digital operational resilience for financial institutions across EMEA as they navigate the new regulatory landscape.
Arabian Business
16-07-2025
- Business
- Arabian Business
Proactively managing AI risk and building trust – a C-suite challenge
When it comes to risk, the stakes are strikingly higher than just a few years ago. As AI becomes a core part of business operations, leaders are under pressure to move fast whilst remaining compliant, secure, and in control. Regulations like the EU's Digital Operational Resilience Act (DORA) are already changing the rules. At the same time, organisations are shifting to fully digital models and facing a surge in cyberattacks. With generative and agentic AI now in use, managing risk and building trust has never been more urgent. AI risk has outgrown the CIO's remit, it's now a boardroom issue. With AI embedded across a business, risks around data privacy, trust, security, and compliance touch every corner of the organisation. According to Forrester, AI risk and data privacy now rank as the second-highest enterprise risk. Yet managing them is far from straightforward: 29 per cent of employees cite a lack of trust in AI systems as the biggest barrier to adoption. Therefore, the C-suite must lead from the front—building trust, engaging teams, and tackling resistance head-on. Navigating AI regulations and governance As AI regulations emerge across regions, organisations must not only comply but also turn to AI tools themselves to help manage this evolving governance landscape. It's a circular advantage: the right technology can help businesses stay ahead of the very systems that govern it. AI governance is becoming increasingly critical, meaning effective change management will be essential to help employees embrace the technology. Business leaders must also not lose sight of third-party risks, which are often more complex when AI is involved. Just as importantly, they need to ensure AI use is aligned with the organisation's values, ethics, and strategic objectives. A clear governance structure is key. There should be a well-defined owner of AI governance within the organisation. This role can sit with legal, compliance, the chief data officer, or the chief procurement officer and as third-party AI tools are introduced, this person holds responsibility for implementing consistent frameworks to assess and manage associated risks. Trust starts with transparency and data Trust is fundamental to successful AI adoption. Clear communication with both customers and consumers about how AI is being used helps drive acceptance and confidence in the technology. Transparency should be at the heart of every AI initiative. A cautious, phased approach is wise, starting with low-risk use cases and expanding as the organisation builds internal expertise and stakeholder trust. Regulatory compliance should be seen not just as an obligation, but as a trust-building opportunity. Crucially, building trust starts with the data itself. Leaders should seek to address the challenges of disparate systems and prioritise establishing a unified data taxonomy. Strong data quality, visibility and sound practices are the foundation of reliable, ethical, and explainable AI. An enterprise view Centralised software platforms are becoming increasingly important for gathering a real-time enterprise view of these interrelated risks. Unified software platforms offer an enterprise-level view of operational risk postures across the key assets needed to run an organisation, namely people, technology, facilities, third parties, and data. Real-time software platforms also offer the capacity to manage risks in an unobtrusive way. Controls can be embedded in workflows, so employees have no idea they are actually mitigating risk. To the employees concerned, they are simply changing a password or completing a training module, all in response to controls within the platform. Strong employee training and AI literacy programs will be fundamental to implementing AI safely and legally. End-to-end software platforms can also help to manage AI models, particularly in regulated industries. For example, in financial services, there is a significant amount of regulation around AI models, with models requiring regulatory sign-off before they can be put into production. With an end-to-end software platform, models can be managed within the platform, ensuring they align with policies, remain within boundaries, and meet regulatory standards. A proactive approach In the past, the C-suite may have focused on operational resilience, where they react and respond to adverse conditions. However, given today's changing demands, there's a need to shift towards a new kind of resilience: proactive resilience. This involves a predictive management environment, where organisations aim to 'see around corners' to anticipate and mitigate risks, including those related to AI. This is why integrating governance tools into existing software is becoming increasingly important. Threats can take many forms. Some are straightforward, like expiring software licenses, which can potentially halt a critical service. Others are far less predictable, such as the CrowdStrike incident, where a third-party software update caused widespread disruption globally. In the past, predicting such threats was challenging due to siloed systems and the difficulty of having an organisation-wide view. Transitioning to integrated software platforms allows the C-suite to understand the full picture and take this proactive approach. For instance, who is responsible for maintaining and repairing specific systems. This visibility is critical for effective risk management. Mastering risk For the C-suite, mastering AI risk is imperative. AI is already embedded across many of today's operations, and business leaders must now prioritise building trust in the technology, ensuring its use aligns with organisational values, and proactively managing emerging risks. Complying with regulations in advance presents a valuable opportunity. It allows businesses to stay ahead of legal requirements, reinforce stakeholder trust, strengthen governance, and future-proof operations. Integrated software platforms are essential enablers, providing a comprehensive, real-time view of risk and resilience across the enterprise. Ultimately, the C-suite must lead the way by embedding AI governance, championing transparency, and investing in the tools and processes needed to support a safe, scalable, and trustworthy AI future.
Finextra
14-07-2025
- Business
- Finextra
Survey suggests boom in banks' cloud adoption
The vast majority of financial services firms are accelerating their investment in cloud technology, suggests a recently released survey. 0 This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community. The report from London Stock Exchange Group (LSEG), which canvassed more than 450 financial services firms, shows that 87% of surveyed firms have increased cloud spending in the past two years and no longer see the technology as a way to cut costs but also as a way to increase agility and innovation, according to LSEG. More specifically, this spending has focused primarily on strategic outcomes such as scalability, revenue growth and AI enablement. A similar number (82%) now operate on a multi-cloud or hybrid-cloud strategy, which suggests a "shift toward flexibility and risk diversification", according to LSEG. But the study also shows there are some challenges, namely regulatory in nature - with firms having to adjust their cloud strategies in line with the EU's Digital Operational Resilience Act (DORA) and General Data Protection Regulation (GDPR). 'The results of our survey show that adopting cloud is no longer a technology or engineering led decision; it is a key business imperative," said Stuart Brown, group head of data & feeds, LSEG: "Companies are increasingly driving meaningful value from cloud, improving operational resilience, and preparing for the next wave of innovation. Over the next three years, that innovation will be driven by AI and machine learning, with financial institutions increasingly using cloud to power fraud detection, risk management, data analytics and generative AI.' A number of banks have announced major cloud deals in the last two years. LSEG has also signed some signififcant deals involving greater use of cloud technology. In April, the stock exchnage group extended its multi year cloud collaboration with AWS.
Channel Post MEA
25-06-2025
- Business
- Channel Post MEA
Barracuda Launches Managed Vulnerability Security
Barracuda Networks has announced the launch of Barracuda Managed Vulnerability Security. This fully managed service, powered by Barracuda's global Security Operations Center (SOC), extends the BarracudaONE platform to help organizations proactively identify, assess and prioritize vulnerabilities. This enables them to reduce risk and strengthen their security resilience. 'By proactively identifying vulnerabilities, we can better predict the likelihood of an attack, giving both Barracuda and our customers a decisive edge to stop threats before they're exploited and reduce cyber risk,' said Adam Khan, vice president of global security operations at Barracuda. 'Barracuda Managed Vulnerability Security delivers deep visibility into risks across environments – without the burden of managing additional tools or hiring hard to find and retain security operations specialists. With expert guidance and smart prioritization, it streamlines remediation and transforms how organizations manage vulnerabilities and defend against today's sophisticated attacks.' Barracuda Managed Vulnerability Security provides expert-led vulnerability scanning, analysis and contextual reporting across organizations' networks and cloud infrastructure. The service uncovers vulnerabilities across a broad range of hardware and software – including endpoints, servers, IoT devices, firewalls, and other network-connected systems – regardless of whether those vulnerabilities are associated with known exploits. Organizations receive detailed, actionable reports, including an audit summary and prioritized remediation plan. These insights help organizations clearly understand their risk exposure and make informed decisions aligned with both their security objectives and compliance requirements. Regular vulnerability scans play a critical role in helping organizations meet regulatory guidelines such as the Digital Operational Resilience Act (DORA), Network Information Security 2 (NIS2), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and others by supporting ongoing risk assessment, mitigation and audit readiness. Barracuda Managed Vulnerability Security is now available to both new and existing customers through Barracuda's global network of resellers and Managed Service Providers. The service can be deployed on its own or seamlessly integrated with Barracuda Managed XDR, a 24/7/365 threat detection and response offering that leverages advanced AI analytics and threat intelligence to prevent breaches. When combined, customers gain a unified, fully managed security experience that streamlines vendor management, accelerates vulnerability and threat detection and remediation, and enhances operational efficiency.
