DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Businesswire | May 16, 2023
Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today extended its single-vendor SASE platform, Cloudflare One, to generative artificial intelligence (AI) services. Cloudflare One for AI, a suite of Zero Trust security controls, will enable enterprises to safely and securely use the latest generative AI tools without putting intellectual property and customer data at risk.
With every transformative step forward in technology, from mobile phones to cloud computing, there are new security threats that rise to the surface. Major companies have banned the use of popular generative AI chat apps because of sensitive data leaks, and Italy instituted a temporary ban on generative AI tools for inadequate user data protections. According to a KPMG survey on generative AI, AI is expected to have an enormous impact on business, but the majority of US executives surveyed are years away from implementing it; cyber security (81%) and data privacy (78%) are the most top of mind concerns for leaders. CISOs and CIOs need to strike a balance between enabling transformative innovation through AI and still maintaining compliance with data privacy regulations. Whether it’s an employee experimenting with AI, or a company initiative, once proprietary data is exposed to AI, there is no way to reverse it.
"AI holds incredible promise, but without proper guardrails it can create significant risks for businesses. It is far too easy, by default, to upload sensitive internal or customer data to AI tools. Once the data is used for training AI, it is virtually impossible to get it out," explained Matthew Prince, co-founder and CEO of
Cloudflare. "If you were going to let a class of university students rummage around in your internal data, you'd of course put clear rules in place on what data they can access and how it can be used in their education. Cloudflare's Zero Trust products are the first to provide the guard rails for AI tools, so businesses can take advantage of the opportunity AI unlocks while ensuring only the data you want to expose gets shared."
Cloudflare One for AI provides a simple, fast, and secure way for companies to safely build using the latest generative AI technologies, without compromising security or performance. With Cloudflare One, companies can gain visibility into and measure AI tool usage, prevent data loss, and manage integrations:
Cloudflare Gateway helps companies observe how many employees are experimenting with AI services, and adds context when planning for budgets and enterprise licensing.
Service tokens give administrators a clear log of API requests, control over the specific services that can access AI training data, and the ability to revoke tokens with a single click when building ChatGPT plugins for internal and external use.
Cloudflare Tunnel provides an encrypted, outbound-only connection to Cloudflare’s network. Every request will be checked against the access rules configured for services protected by Cloudflare One or when teams are ready to allow an AI service to connect to their infrastructure.
Cloudflare’s Data Loss Prevention (DLP) service provides a safeguard to close the human gap in how employees may share data. Simple pre-configured options can check for data that looks like social security numbers or credit card numbers, and custom scans can look for patterns based on data configurations for a specific team. More granular rules can even allow select users to experiment with projects containing sensitive data, with stronger limitations on the majority of teams and employees.Cloudflare's cloud access security broker (CASB) service gives comprehensive visibility and control over SaaS apps. Soon, Cloudflare CASB will be able to scan the AI tools that your team uses to detect misconfiguration and misuse.
Generative AI is an exciting technology with the promise to transform how we work. As this technology evolves and new tools and plugins are developed, Cloudflare’s platform approach to security will ensure that enterprises everywhere can embrace these productivity enhancements without creating bottlenecks and ensure compliance with the latest regulations.
Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was awarded by Reuters Events for Global Responsible Business in 2020, named to Fast Company's Most Innovative Companies in 2021, and ranked among Newsweek's Top 100 Most Loved Workplaces in 2022.
NETWORK THREAT DETECTION, SOFTWARE SECURITY
Globenewswire | April 11, 2023
Delivering on its mission to make the digital world a safer place, ZeroFox, a leading external cybersecurity provider is partnering with Google Cloud to disrupt phishing campaigns by quickly warning users of malicious URLs and fake websites. ZeroFox is utilizing the Google Cloud Web Risk Submission API, a service that verifies unsafe URLs and shows warnings across 5 billion devices using browser, social media, and other technology integrations.
According to APWG, there has been an almost 75% increase in unique phishing websites detected in the last year. As the recognized leader in digital risk protection and domain takedowns serving over 2,000 global enterprises and brands, ZeroFox leverages deep expertise and advanced AI to rapidly uncover and take down malicious domains used in phishing attacks. With this new integration, ZeroFox automatically detects phishing domains for customers and submits verified, malicious URLs through Google Cloud’s Web Risk Submission API, disrupting attacks and warning users of malicious content on billions of devices using browser warnings. ZeroFox finds what others miss by leveraging global intelligence collection and analysis across a broad set of data sources, delivering continuous domain monitoring to accurately detect instances of phishing and fraud. Combined with the scope and scale of Web Risk, which warns users of malicious domains across five billion devices, users will have unmatched protection against a wide range of digital threats.
“Partnering with an industry leader such as Google Cloud to support the Google Cloud Web Risk Submission API further demonstrates that ZeroFox is an innovative leader in protecting organizations beyond the perimeter,” said James C. Foster, Founder and CEO of ZeroFox. “External cyber threats are only growing more prevalent as the world becomes increasingly digital, creating an increased need for external cybersecurity. This partnership aligns well with our strategy of partnering with a global network of partners to defend against these threats and accelerate the disruption of malicious actors from hours and days to minutes.”
“Securing cloud environments and devices from cyber threats is critical,” said Jenn Buchanan, Product Manager at Google Cloud. “We are happy to partner with ZeroFox to protect against malicious digital activity and make the internet a safer place.”
ZeroFox will be onsite at RSAC, visit Booth #1527 to learn more about this partnership and our unified external cybersecurity platform. This partnership with ZeroFox and Google Cloud’s Web Risk Submission API service is operational as of January 2023.
ZeroFox, an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks.
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
BigID | March 17, 2023
BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks.
Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors.
With BigID's native secrets detection capabilities, organizations can:
Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment
Detect secrets faster and more accurately using patented AI and ML-based data classification techniques
Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure
"Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline."
BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.