DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY
Beyond Identity | March 16, 2023
Beyond Identity, the industry leader in providing phishing-resistant, passwordless MFA, has announced the official launch of 'Zero Trust Authentication' as a subcategory of zero trust technology, along with the introduction of the Zero Trust Leadership series of events worldwide, which will be held throughout 2023.
Combining industry-leading security integrators and technologies, such as Beyond Identity, CrowdStrike, Palo Alto Networks, Optiv, World Wide Technology, BeyondTrust, Climb Channel SolutionsPing Identity, and Guidepoint Security will enable organizations to move toward secure authentication designed to improve the zero-trust strategies of the Fortune 5000.
Zero Trust Authentication was created in response to the failure of conventional authentication methods, a problem that has been compounded by the rise of cyberattacks. Implementing Zero Trust Authentication will enable businesses to surpass the constraints of legacy multi-factor authentication (MFA) and passwords and deploy more effective security strategies.
To achieve this, the Zero Trust Authentication strategy incorporates components like Beyond Identity's risk scoring and continuous authentication functionalities, which greatly increase the given level of security.
Tom Jermoluk, Co-Founder and Chief Executive Officer of Beyond Identity, mentioned, "In working with leaders across the security ecosystem, it became apparent to us that the industry needs to formally bring identity and access management into the security fold to continuously deliver the highest level of security around users and devices."
(Source – Business Wire)
He added, "We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling. Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an 'always on' zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities."
(Source – Business Wire)
About Beyond Identity
Beyond Identity is redefining digital access for companies seeking to enhance protection against cyber assaults and provide the greatest levels of security for their customers, employees, and developers. The company's phishing-resistant, passwordless, and Zero Trust Authentication technologies enhance both security and the user experience.
The platform provides continuous risk-based authentication that incorporates signals from the zero-trust ecosystem to guarantee that only valid users and secure devices get or keep access to vital resources. Snowflake, Roblox, and Unqork rely on Beyond Identity's highly accessible cloud-native platform to deter assaults and advance their zero-trust strategy.
Read More
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Globenewswire | April 06, 2023
Noname Security, the leading provider of complete and proactive API security, today announced Noname Public Sector’s Hardened Virtual Appliance making the API security platform available to the U.S. Federal Government, highly regulated industry customers, and FedRAMP-authorized vendors. The appliance is the first of its kind in the comprehensive API security space and is designed to deliver a drop-in, secure, and scalable system for discovering, monitoring, and protecting mission-critical APIs and data.
“Governments and highly regulated industries have unique security needs. Having worked closely with many Federal agencies during my career, I know how impactful it will be to provide this level of security and insight into APIs and provide options that make it easy to meet government standards,” said Dean Phillips, Executive Director of Public Sector Programs at Noname Security. “The government and regulated industries are not immune from cyber criminals, they are targeted as much if not more than most organizations. We’re excited to arm them with the tools they need to protect their assets.”
Federal agencies can use the Noname API Security Platform to protect their APIs in real-time and detect vulnerabilities before they are exploited. Noname Security’s Hardened Virtual Appliance makes the API security platform available completely offline with no reliance on internet connectivity, perfect for isolated and controlled environments. It is a finely tuned package of advanced software and premium support built and secured to Federal Government specifications, enabling customers to comply with the most rigorous standards, including Federal Information Processing Standards (FIPS)1 and Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIGs)2. Noname collaborated with a FedRAMP 3PAO, The MindPoint Group, on the development of the Noname Hardened Virtual Appliance.
Noname Security’s Hardened Virtual Appliance enables access to a powerful, complete, and easy-to-use API security platform that helps:
Discover all APIs, data, and metadata - Unlike other API solutions that only look at traffic sources, Noname Security discovers more APIs by combining traffic sources with the configuration of infrastructure and applications. The end result: visibility into more APIs and deeper insights into customers’ API security posture.
Analyze API behavior and detect all API threats - The Noname API Security Platform uses AI-based detection to identify the broadest set of API vulnerabilities, including data leakage, data tampering, misconfigurations, data policy violations, suspicious behavior, and cyber attacks.
Prevent attacks and remediate API vulnerabilities - Noname Security allows federal customers to prevent attacks in real-time, fix misconfigurations, automatically update firewall rules, webhook into their WAFs and gateways to create new policies against suspicious behavior, and integrate with existing workflows (ticketing and SIEMs).
Noname Public Sector LLC has made it easier to deploy, configure and manage the platform via the new Noshell(™) interface. The shell offers innovative features such as the ability to perform on-demand STIG audits of the internal system itself, while aiming to reduce the overall attack surface of the system.
About Noname Security & Noname Public Sector LLC
Noname Public Sector LLC empowers the world’s most critical organizations to protect their most important data. With decades of military and civilian public sector experience, Noname Public Sector combines a deep understanding of government agency requirements with leading expertise on their unique API security considerations. Government agencies using Noname’s complete, proactive API security solutions can securely harness their data to serve the public and stay ahead of adversaries. Noname Public Sector LLC is privately-held and based in Herndon, VA.
Noname Security is the leading provider of complete, proactive API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Security, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.
Read More
PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY
Businesswire | June 06, 2023
Traceable AI, the industry's leading API security company, today announced the release of the industry's first API Security Reference Architecture for Zero Trust. This groundbreaking reference architecture serves as a guide for security leaders as the industry addresses the urgency of integrating API Security into Zero Trust Security initiatives.
Zero Trust, a cybersecurity framework that emphasizes continuous verification and helps to minimize the attack surface, has proven effective in enhancing security for many organizations, from large enterprises, to the US Government. However, traditional Zero Trust approaches have primarily focused on network-level controls and identity access management, neglecting the critical API layer.
Traceable’s API Security Reference Architecture is aligned with the NIST Zero Trust Architecture, a publicly available, vendor-neutral framework widely adopted by government entities such as CISA, DoD, DISA, NSA, GSA and NCCoE, as well as by many leading cybersecurity vendors. By leveraging the NIST framework, Traceable ensures compatibility, interoperability, and adherence to industry standards, making it a reliable and trusted guide for organizations implementing Zero Trust for their APIs.
The extensive reference architecture provides organizations with a prescriptive methodology to operationalize Zero Trust for APIs:
Advanced API Security: The reference architecture gives organizations a way to implement robust security measures specifically designed for APIs, including eliminating implied or persistent trust for APIs, thereby minimizing the risk of API-related vulnerabilities, attacks, and data breaches.
Comprehensive Risk Management: The reference architecture recommends incorporating automatic user authentication and authorization, granular data access policies, and asset risk assessments, can organizations can effectively manage and mitigate risks associated with API access and usage.
Increased Visibility and Control: The architecture explains why organizations should obtain granular visibility, which allows organizations to monitor and record all API transactions, enabling better analysis, threat detection, and incident response capabilities.
Improved Compliance and Data Protection: The automatic identification and classification of sensitive data sets ensure compliance with data protection regulations such as HIPAA, GDPR, and PCI-DSS, reducing the risk of regulatory penalties and reputational damage.
Seamless Automation and Orchestration: The reference architecture recommends integration with XDR, SIEM, and SOAR solutions, so organizations can enhance their overall security posture, automate response actions, and streamline security operations.
Scalability and Flexibility: The architecture offers a flexible distribution model for PEPs and data collection points, allowing organizations to scale their API security infrastructure based on their unique requirements and architecture.
Future-Proofing: By aligning with the NIST Zero Trust Architecture and industry standards, organizations adopting the API Security Reference Architecture can ensure compatibility, interoperability, and the ability to evolve alongside emerging technologies and security best practices.
Traceable’s API Security Reference Architecture for Zero Trust introduces a new approach to secure APIs using Zero Trust concepts, acknowledging their unique security requirements. It provides organizations with a comprehensive framework to implement Zero Trust controls specifically tailored to APIs, ensuring the protection of digital assets and mitigating the risk of data breaches.
Dr. Chase Cunningham weighs in on Traceable’s approach: "APIs provide a new means of applying controls across enterprise applications, " says Dr. Cunningham, “However, the security practices for APIs have not yet matured, leaving a significant gap in the overall attack surface. Traceable has developed their own API Security Reference Architecture to help fill this gap by providing organizations with a methodical way to secure their APIs with Zero Trust principles. By combining Zero Trust strategic concepts with API-specific security measures, Traceable can help organizations protect their digital assets effectively."
Throughout the past year, Traceable has continued to reaffirm its commitment to extending Zero Trust methodologies to API Security. With the addition of Zero Trust creator John Kindervag and Dr. Zero Trust, Chase Cunningham as Traceable advisors, Traceable continues to strengthen its expertise in this space. To date, Traceable has become a valuable partner to a number of large enterprises as the industry turns its eyes toward the importance of API security. With the rollout of their Zero Trust API Access solution alongside this reference architecture, Traceable continues to lead the industry toward the advancement of API security.
This reference architecture is now available for organizations to explore and implement, empowering them to achieve complete API security in a Zero Trust world.
About Traceable
Traceable is the industry’s leading API Security company that helps organizations achieve API protection in a cloud-first, API-driven world. With an API Data Lake at the core of the platform, Traceable is the only intelligent and context-aware solution that powers complete API security – security posture management, threat protection and threat management across the entire Software Development Lifecycle – enabling organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, book a demo with a security expert.
Read More