DATA SECURITY

A Cybersecurity Startup Vulcan Cyber Raises $21 Million for Expansion of Vulnerability Remediation SaaS Platform

Vulcan Cyber | March 18, 2021

An Israel-based and cybersecurity start-up company, Vulcan Cyber, announced that it had raised a $21 million Series B funding round led by Dawn Capital. The company is into fixing security vulnerabilities has now participated with Wipro Ventures and existing Vulcan Cyber investors YL Ventures and Ten Eleven Ventures. The raised funds will support the novel vulnerability remediation solutions for cloud and application security teams. It will also deliver Vulcan Free, the industry's first free risk-based vulnerability management (RBVM) platform created for vulnerability and cyber risk prioritization.

With this new development, Vulcan Cyber’s overall funding up until presently is $35 million. The company experienced a 500% growth in annual recurring revenue. The new funding will also satisfy considerable demand for a SaaS solution that goes ahead with vulnerability scanning and management. This will help IT, and security teams accomplish vulnerability scanning and management in a fixed way.

The company’s focus has always been to warn its customers about potential vulnerabilities and prioritizing them based on the severity of the risk and the threat to a company’s business assets. After all, security teams are often inundated by alerts as not every scanner represents a high-priority risk for a business. Hence, the promise of Vulcan Cyber’s platform to build a vulnerable one will help teams to figure out where to focus their resources best.

In the end, with this new free offering, Vulcan’s freemium portfolio now includes Vulcan Free. This provides core prioritization and vulnerability management features to the company and its existing free vulnerability intelligence database.

Spotlight

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

Spotlight

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

Related News

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Beyond Identity Launches Zero Trust Series with Security Industry Leaders

Beyond Identity | March 16, 2023

Beyond Identity, the industry leader in providing phishing-resistant, passwordless MFA, has announced the official launch of 'Zero Trust Authentication' as a subcategory of zero trust technology, along with the introduction of the Zero Trust Leadership series of events worldwide, which will be held throughout 2023. Combining industry-leading security integrators and technologies, such as Beyond Identity, CrowdStrike, Palo Alto Networks, Optiv, World Wide Technology, BeyondTrust, Climb Channel SolutionsPing Identity, and Guidepoint Security will enable organizations to move toward secure authentication designed to improve the zero-trust strategies of the Fortune 5000. Zero Trust Authentication was created in response to the failure of conventional authentication methods, a problem that has been compounded by the rise of cyberattacks. Implementing Zero Trust Authentication will enable businesses to surpass the constraints of legacy multi-factor authentication (MFA) and passwords and deploy more effective security strategies. To achieve this, the Zero Trust Authentication strategy incorporates components like Beyond Identity's risk scoring and continuous authentication functionalities, which greatly increase the given level of security. Tom Jermoluk, Co-Founder and Chief Executive Officer of Beyond Identity, mentioned, "In working with leaders across the security ecosystem, it became apparent to us that the industry needs to formally bring identity and access management into the security fold to continuously deliver the highest level of security around users and devices." (Source – Business Wire) He added, "We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling. Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an 'always on' zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities." (Source – Business Wire) About Beyond Identity Beyond Identity is redefining digital access for companies seeking to enhance protection against cyber assaults and provide the greatest levels of security for their customers, employees, and developers. The company's phishing-resistant, passwordless, and Zero Trust Authentication technologies enhance both security and the user experience. The platform provides continuous risk-based authentication that incorporates signals from the zero-trust ecosystem to guarantee that only valid users and secure devices get or keep access to vital resources. Snowflake, Roblox, and Unqork rely on Beyond Identity's highly accessible cloud-native platform to deter assaults and advance their zero-trust strategy.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Noname Security Announces the Industry’s First Comprehensive, Hardened API Security Platform

Globenewswire | April 06, 2023

Noname Security, the leading provider of complete and proactive API security, today announced Noname Public Sector’s Hardened Virtual Appliance making the API security platform available to the U.S. Federal Government, highly regulated industry customers, and FedRAMP-authorized vendors. The appliance is the first of its kind in the comprehensive API security space and is designed to deliver a drop-in, secure, and scalable system for discovering, monitoring, and protecting mission-critical APIs and data. “Governments and highly regulated industries have unique security needs. Having worked closely with many Federal agencies during my career, I know how impactful it will be to provide this level of security and insight into APIs and provide options that make it easy to meet government standards,” said Dean Phillips, Executive Director of Public Sector Programs at Noname Security. “The government and regulated industries are not immune from cyber criminals, they are targeted as much if not more than most organizations. We’re excited to arm them with the tools they need to protect their assets.” Federal agencies can use the Noname API Security Platform to protect their APIs in real-time and detect vulnerabilities before they are exploited. Noname Security’s Hardened Virtual Appliance makes the API security platform available completely offline with no reliance on internet connectivity, perfect for isolated and controlled environments. It is a finely tuned package of advanced software and premium support built and secured to Federal Government specifications, enabling customers to comply with the most rigorous standards, including Federal Information Processing Standards (FIPS)1 and Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIGs)2. Noname collaborated with a FedRAMP 3PAO, The MindPoint Group, on the development of the Noname Hardened Virtual Appliance. Noname Security’s Hardened Virtual Appliance enables access to a powerful, complete, and easy-to-use API security platform that helps: Discover all APIs, data, and metadata - Unlike other API solutions that only look at traffic sources, Noname Security discovers more APIs by combining traffic sources with the configuration of infrastructure and applications. The end result: visibility into more APIs and deeper insights into customers’ API security posture. Analyze API behavior and detect all API threats - The Noname API Security Platform uses AI-based detection to identify the broadest set of API vulnerabilities, including data leakage, data tampering, misconfigurations, data policy violations, suspicious behavior, and cyber attacks. Prevent attacks and remediate API vulnerabilities - Noname Security allows federal customers to prevent attacks in real-time, fix misconfigurations, automatically update firewall rules, webhook into their WAFs and gateways to create new policies against suspicious behavior, and integrate with existing workflows (ticketing and SIEMs). Noname Public Sector LLC has made it easier to deploy, configure and manage the platform via the new Noshell(™) interface. The shell offers innovative features such as the ability to perform on-demand STIG audits of the internal system itself, while aiming to reduce the overall attack surface of the system. About Noname Security & Noname Public Sector LLC Noname Public Sector LLC empowers the world’s most critical organizations to protect their most important data. With decades of military and civilian public sector experience, Noname Public Sector combines a deep understanding of government agency requirements with leading expertise on their unique API security considerations. Government agencies using Noname’s complete, proactive API security solutions can securely harness their data to serve the public and stay ahead of adversaries. Noname Public Sector LLC is privately-held and based in Herndon, VA. Noname Security is the leading provider of complete, proactive API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Security, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY

Traceable AI Announces the Industry’s First API Security Reference Architecture for a Zero Trust World

Businesswire | June 06, 2023

Traceable AI, the industry's leading API security company, today announced the release of the industry's first API Security Reference Architecture for Zero Trust. This groundbreaking reference architecture serves as a guide for security leaders as the industry addresses the urgency of integrating API Security into Zero Trust Security initiatives. Zero Trust, a cybersecurity framework that emphasizes continuous verification and helps to minimize the attack surface, has proven effective in enhancing security for many organizations, from large enterprises, to the US Government. However, traditional Zero Trust approaches have primarily focused on network-level controls and identity access management, neglecting the critical API layer. Traceable’s API Security Reference Architecture is aligned with the NIST Zero Trust Architecture, a publicly available, vendor-neutral framework widely adopted by government entities such as CISA, DoD, DISA, NSA, GSA and NCCoE, as well as by many leading cybersecurity vendors. By leveraging the NIST framework, Traceable ensures compatibility, interoperability, and adherence to industry standards, making it a reliable and trusted guide for organizations implementing Zero Trust for their APIs. The extensive reference architecture provides organizations with a prescriptive methodology to operationalize Zero Trust for APIs: Advanced API Security: The reference architecture gives organizations a way to implement robust security measures specifically designed for APIs, including eliminating implied or persistent trust for APIs, thereby minimizing the risk of API-related vulnerabilities, attacks, and data breaches. Comprehensive Risk Management: The reference architecture recommends incorporating automatic user authentication and authorization, granular data access policies, and asset risk assessments, can organizations can effectively manage and mitigate risks associated with API access and usage. Increased Visibility and Control: The architecture explains why organizations should obtain granular visibility, which allows organizations to monitor and record all API transactions, enabling better analysis, threat detection, and incident response capabilities. Improved Compliance and Data Protection: The automatic identification and classification of sensitive data sets ensure compliance with data protection regulations such as HIPAA, GDPR, and PCI-DSS, reducing the risk of regulatory penalties and reputational damage. Seamless Automation and Orchestration: The reference architecture recommends integration with XDR, SIEM, and SOAR solutions, so organizations can enhance their overall security posture, automate response actions, and streamline security operations. Scalability and Flexibility: The architecture offers a flexible distribution model for PEPs and data collection points, allowing organizations to scale their API security infrastructure based on their unique requirements and architecture. Future-Proofing: By aligning with the NIST Zero Trust Architecture and industry standards, organizations adopting the API Security Reference Architecture can ensure compatibility, interoperability, and the ability to evolve alongside emerging technologies and security best practices. Traceable’s API Security Reference Architecture for Zero Trust introduces a new approach to secure APIs using Zero Trust concepts, acknowledging their unique security requirements. It provides organizations with a comprehensive framework to implement Zero Trust controls specifically tailored to APIs, ensuring the protection of digital assets and mitigating the risk of data breaches. Dr. Chase Cunningham weighs in on Traceable’s approach: "APIs provide a new means of applying controls across enterprise applications, " says Dr. Cunningham, “However, the security practices for APIs have not yet matured, leaving a significant gap in the overall attack surface. Traceable has developed their own API Security Reference Architecture to help fill this gap by providing organizations with a methodical way to secure their APIs with Zero Trust principles. By combining Zero Trust strategic concepts with API-specific security measures, Traceable can help organizations protect their digital assets effectively." Throughout the past year, Traceable has continued to reaffirm its commitment to extending Zero Trust methodologies to API Security. With the addition of Zero Trust creator John Kindervag and Dr. Zero Trust, Chase Cunningham as Traceable advisors, Traceable continues to strengthen its expertise in this space. To date, Traceable has become a valuable partner to a number of large enterprises as the industry turns its eyes toward the importance of API security. With the rollout of their Zero Trust API Access solution alongside this reference architecture, Traceable continues to lead the industry toward the advancement of API security. This reference architecture is now available for organizations to explore and implement, empowering them to achieve complete API security in a Zero Trust world. About Traceable Traceable is the industry’s leading API Security company that helps organizations achieve API protection in a cloud-first, API-driven world. With an API Data Lake at the core of the platform, Traceable is the only intelligent and context-aware solution that powers complete API security – security posture management, threat protection and threat management across the entire Software Development Lifecycle – enabling organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, book a demo with a security expert.

Read More