System Integrity and Complete Malware Protection
Today, cybersecurity firms Avanan, Cigent, PC Matic, and Strategic Solutions Unlimited announced they have joined forces to provide a “one-stop shop” for those seeking Cybersecurity Maturity Model Certification (CMMC) by the U.S. Department of Defense (DoD).
Last year, in January, we wrote about the DoD releasing their first manual for CMMC. As a refresher, “CMMC guidelines regulate organizations looking to do work on government contracts. Therefore, it’ll decrease the likelihood or severity of a breach in data. Eventually these guidelines will be required to work on government projects.”
File share security has been in the news repeatedly with data theft and ransomware attacks. Third party agencies, the ones the DoD is looking to regulate with CMMC guidelines, are the main culprits of many of these incidents. A healthy security stack is needed to prevent ransomware and security breaches. The partnership between PC Matic and these other cybersecurity firms aims to do just that.
Cyber Hygiene
The CMMC program was established to enhance the protection of sensitive information through five cyber hygiene levels. Each level builds on the previous one and has its own domain requirements. The DoD specifies the required level needed for suppliers to participate in specific contracts that require them to handle both Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). CMMC compliance also requires vendors to have an approved “technology stack” – a set of cybersecurity products that, along with other hygiene requirements, protect CUI and FCI. Developing the stack and achieving compliance can prove difficult for many organizations which led to the formation of the “one-stop-shop” approach.
Through the partnership, Avanan, Cigent, PC Matic and Strategic Solutions provide affordable, cloud managed security solutions that target exact requirements for any desired level of compliance. The partnership also enables organizations to efficiently put technology stacks in place that are compatible and properly integrated. This approach enables organizations to affordably achieve compliance at the highest of CMMC levels without the burden of searching for, deploying, and managing one-off solutions.
The Breakdown
Each firm will have its own responsibilities within the partnership.
Avanan – Email and File Share Security
The number one breach threat for users is phishing emails that aim to steal sensitive information. Malware incidence also occurs often where viruses hide in emails and act upon opening. Avanan recognizes these urgent dangers and tackles cyber-attacks through proactive email security that captures, scans, and remediates targeted issues before attacks get to a user’s inbox. If the email is not malicious, it gets delivered. To ensure users are not exposed from any angle, these security measures extend to internal, inbound, and outbound emails, as well as collaboration on file share apps. Avanan’s “Complete Malware” service option covers level three email protections and sandboxing for the following domain: System and Information Integrity (SI)
Cigent – CUI Protection and Network Security Monitoring
Cigent’s Dynamic Data Defense Engine
(D³E): Protection of CUI is a critical requirement of CMMC level three. Cigent’s Dynamic Data Defense Engine (D³E) Zero Trust file access controls utilize multi-factor authentication to protect CUI from data theft and ransomware, even if a system is compromised. Its authentication capabilities also allow individuals or organizations of all sizes to encrypt and control access to sensitive files. Those files can be securely stored in any location and shared with only trusted users.
Cigent Secure SSD: Cigent Secure SSDs also protect CUI. This first and only family of self-defending storage devices have cybersecurity built into the firmware itself. They include a dedicated security processor that relies on machine learning to detect and respond to ransomware, a keep-alive sensor that automatically encrypts sensitive files if security software is bypassed, and a “safe room” that makes data invisible to any attacker. When paired withD³E, sensitive data stays protected throughout the entire device lifecycle
Affordable Security for Networks
Cigent for Networks (C4N): The C4N service offers network security monitoring and features several layers of advanced network detection and response technology, fully managed by Cigent cybersecurity experts 24/7. Best of all, C4N is affordable, easy to install, and immediately effective.
Cigent technology meets CMMC controls for levels one through three and addresses the following domains: Access Control (AC), Audit and Accountability (AU), Security Assessment (CA), Configuration Management (CM), Identification and Authentication (IA), Incident Response (IR), Maintenance (MA), Media Protection (MP), Risk Management (RM), System and Communications Protection (SC), System and Information Integrity (SI).
PC Matic – Whitelist Management
What is whitelisting for ransomware and cyber threats? Similar to how a firewall uses a deny-all, allow-by-exception approach to only allow approved traffic onto a network, whitelisting is the act of employing a deny-all, allow-by-exception security posture at the endpoint. A deny-all approach is the only way to proactively prevent threats; all other detect-and-respond approaches (e.g., EDR, MDR, TDR, XDR, etc.) require the threat to occur before they can counter it.
Thanks to its global and patented digital-code-signing-certificate lists, PC Matic’s whitelisting removes deployment and maintenance headaches that are common with other whitelisting technologies. PC Matic is available as a complete endpoint protection product or as a bolt-on complimentary product. It meets CMMC controls for levels 1-3 and addresses the following domains: Access Control (AC), Audit and Accountability (AU), Configuration Management (CM), Media Protection (MP), Risk Assessment (RM) and System and Information Integrity (SI). Learn more about how PC Matic’s whitelist antivirus and ransomware protection products can help keep you safe.
SSU – Physical Security
Physical security protects physical assets that may reside in server rooms, private areas, or even in a home. If security measures are not up to par, there’s no way to target threats and see their origination point. SSU understands physical security concerns and specializes in finding the right solutions for information systems and maintaining CMMC requirements. Through awareness training in security concepts such as situational response and threat analysis, SSU teaches organization how to mitigate risks. SSU also demonstrates how to develop programs to execute for finding and managing threats. SSU’s services meet CMMC controls for levels 1-3 and address the following domains: Access Control (AC), Awareness and Training (AT), Media Protection (MP), Physical Protection (PE), Personnel Security (PS)
What About PC Matic
For those of you reading who are wondering what this means for all PC Matic products, be assured that PC Matic standalone products are not changing. If you’re a consumer or business customer who is using standalone products, don’t worry. This partnership is part of a security stack for contractors needing complete CMMC compliance.
PC Matic, the top Cyber Security company whose products are made in the USA, will continue to provide the protection you’ve come to appreciate. Learn more about the best ransomware prevention software available.
Cigent, Secure SSD, D³E, and Dynamic Data Defense Engine are registered trademarks of Cigent Technology, Inc. in the United States, and other jurisdictions. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.
The Cigent products mentioned in this release may be covered by one or more patents including at least U.S. Patent Nos. 10437983, 10521611, 10282117, and 10095431 with additional patents pending in the U.S., Europe, Japan, Israel, and other jurisdictions.
