Data Security, Platform Security, Software Security

AdaCore Launches RecordFlux

AdaCore Launches RecordFlux

AdaCore, a trusted provider of software development and verification tools, today announced the launch of its new RecordFlux technology, designed to ease the development and security of binary communication protocols. The technology comprises a Domain Specific Language (DSL) to precisely describe complex binary data formats and communication protocols, and a toolset to verify specifications and generate provable SPARK code that can be executed on a target CPU.

Through RecordFlux, users can define and implement complex communication protocols and prove security properties, such as memory safety, at much less cost and effort than would be possible with a manual approach. The precision of the RecordFlux DSL ensures that the specifications are unambiguous, the high-level nature of the DSL makes the specifications easily understandable by domain experts, and the expressive power of the DSL can capture the most complex real-world protocols. And since the RecordFlux code generator produces source code in the formal methods-based SPARK language, users can obtain automated proofs of a wide range of security properties in the resulting software. The net effect is more secure and reliable code, at lower cost.

“Interaction between software components is governed by protocol and format specifications. Unfortunately, most specification documents are complex texts written in English which need to be translated to software implementations manually, leaving room for human error,” said Alex Senier, AdaCore’s RecordFlux Team Lead. “Logic errors and critical flaws are often poorly mitigated by the widespread use of unsafe programming languages, resulting in severe security vulnerabilities. With RecordFlux, we aim to provide a solution that saves time and money by automating provable code generation while ensuring the absence of low-level vulnerabilities like buffer overflows that attackers could exploit.”

About RecordFlux

RecordFlux is a toolset for creating high-assurance implementations of binary data formats and communication protocols. The technology includes a Domain Specific Language, a comprehensive toolset, and customized expert support. By using SPARK Pro, developers can take the SPARK code generated from RecordFlux specifications and automatically prove that the code is free of run-time errors and respects the original specification.

Code generated by RecordFlux is also compatible with GNAT Pro Assurance, AdaCore’s complete solution for projects with the most stringent requirements for reliability, long-term maintenance, or certification. The compiler-hardening options provided by GNAT Pro Assurance can be used to mitigate further attacks on network-facing protocol-handling code.

About AdaCore

Founded in 1994, AdaCore supplies software development and verification tools for mission-critical, safety-critical, and security-critical systems.

Over the years, customers have used AdaCore products to field and maintain a wide range of critical applications in domains such as commercial and military avionics, defense systems, automotive, railway, space, air traffic management/control, medical devices, and financial services.

Spotlight

The challenges and risks of an everywhere world Every day, enterprise technology leaders are expected to support the digital imperative to work, develop, and deliver everything, everywhere — by bringing together distributed workforces, devices, clouds, systems, applications, and networks. But, there’s a problem. Technology teams

Spotlight

The challenges and risks of an everywhere world Every day, enterprise technology leaders are expected to support the digital imperative to work, develop, and deliver everything, everywhere — by bringing together distributed workforces, devices, clouds, systems, applications, and networks. But, there’s a problem. Technology teams

Related News

Platform Security

SentinelOne to Expand Cloud Security Capabilities with Acquisition of PingSafe

SentinelOne | January 05, 2024

SentinelOne (NYSE: S), a global leader in AI-powered security, today announced that it has agreed to acquire PingSafe. The acquisition of PingSafe’s cloud native application protection platform (CNAPP), when combined with SentinelOne’s cloud workload security and cloud data security capabilities, is expected to provide companies with a fully integrated platform that drives better coverage, hygiene and automation across their entire cloud footprint. The planned integration of PingSafe’s CNAPP into SentinelOne's Singularity™ Platform signifies a paradigm shift in cloud security. Rather than relying on point solutions or a standalone cloud security platform, companies can now access a unified, best-of-breed security platform complete with advanced, real-time, AI-powered security operations to protect the entire enterprise across endpoints, identities, and clouds. “With the addition of PingSafe, we intend to redefine cloud security by fusing best-of-breed cloud workload protection, AI and analytics capabilities with a modern and comprehensive CNAPP,” said Ric Smith, Chief Product and Technology Officer, SentinelOne. “This new approach to cloud security will eliminate the need for companies to navigate the complexity of multiple-point solutions, triage and investigate with incomplete context, or pipe data between disparate data silos. Instead, they can comprehensively manage their entire attack surface from a single platform that, unlike legacy CNAPP and standalone providers, delivers the full context, real-time interaction and analytics needed to correlate, detect and stop multi-stage attacks in a simple, automated way.” Transforming Cybersecurity SentinelOne has been steadily extending its cloud security capabilities beyond cloud workload security, and the acquisition of PingSafe will accelerate this strategy. The move also aligns with the Singularity Unity Release strategy SentinelOne announced in November to transform security operations centers. “SentinelOne is a pioneer and leader in AI-powered security, and we share a common mission to secure the cloud and make the Internet a safer place,” said Anand Prakash, founder and CEO of PingSafe and one of the world’s top five white hat hackers. “The combination of our cutting-edge CNAPP capabilities with SentinelOne’s market-leading AI security platform will supercharge cloud security by providing world-class protection for multi-cloud infrastructure, from development to deployment.” Leading Cloud Security with Enterprise-Wide AI and Analytics PingSafe is a robust CNAPP solution that delivers dynamic, real-time monitoring of multi-cloud workloads, simple setup and configuration and low false positive rates. And customers view it as superior to alternative solutions in the market. “With more than $100 billion in transactions flowing through our network, nothing is more important than ensuring the security of our environment,” said Ashwath Kumar, Principal Security Engineer at Razorpay, one of the largest payment processors in India. “With PingSafe, we can cut through the noise delivered by many CNAPP solutions to identify and prioritize the most critical threats and take an offensive approach to preventing them before they impact our business.” “We operate in a regulated but growing industry. It is an industry where one needs to adapt to change at lightning speed, and ensuring compliance in doing so is a key requirement,” said Prajal Kulkarni, CISO Groww. “We must be able to quickly identify, prioritize and respond to cloud misconfiguration seamlessly and correlate issues across our large cloud environment, and PingSafe provides us with a centralized dashboard that makes this easy and cost-effective to do.” With the acquisition of PingSafe, SentinelOne will offer differentiated capabilities such as advanced secrets scanning of runtime and build-time environments and an attack surface management rules engine that runs breach and attack simulation scenarios against Internet-exposed cloud assets to identify how an adversary could compromise those assets. These capabilities will be in addition to core CNAPP capabilities like cloud security posture management, Kubernetes security posture management, agentless vulnerability scanning, and shift-left Infrastructure as code scanning. “Combined with our Singularity Data Lake, Purple AI, endpoint security, and identity security capabilities, PingSafe will enable us to provide a compelling and cost-effective alternative to standalone CNAPP offerings unlike anything else in the market and a superior, more integrated user experience,” Smith said. About SentinelOne SentinelOne is a global leader in AI-powered security. SentinelOne’s Singularity™ Platform detects, prevents, and responds to cyber attacks at machine speed, empowering organizations to secure endpoints, cloud workloads, containers, identities, and mobile and network-connected devices with speed, accuracy and simplicity. Over 11,500 customers, including Fortune 10, Fortune 500, and Global 2000 companies, as well as prominent governments, trust SentinelOne to secure the future today. To learn more, visit www.sentinelone.com

Read More

Software Security

Keeper Streamlines Compliance Processes With Granular Sharing Enforcements

Keeper Security, Inc. | January 11, 2024

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, announces Granular Sharing Enforcements will soon be available for all products in the Keeper® platform. Granular Sharing enables administrators to enforce detailed creating and sharing permissions at the user level. By implementing these permissions, organizations can ensure employees only have access to the resources necessary for their roles, minimizing the risk of unauthorized access, data breaches and lateral movement within a network. "It's critical for organizations to have security solutions that help them adhere to increasing regulations and compliance requirements," said Craig Lurey, CTO and Co-founder of Keeper Security. "Granular permission control helps organizations enhance their security posture by restricting access to sensitive information and systems. With Granular Sharing Enforcements, it's easier than ever for IT administrators to better control the principle of least privilege and streamline operations within their organizations." Keeper's added Granular Sharing Enforcement policies provide more detailed restrictions that administrators can apply to users for both creating and sharing records. Most employees do not need access to all of the data or functionalities within an organization, and many industries and geographical regions have specific regulations and compliance requirements regarding data protection and privacy, including HIPAA, GDPR, PCI DSS and SOX. Granular permission controls enable organizations to align with local and industry regulations by allowing them to define and enforce access policies. This helps in ensuring the organization is compliant with industry standards and legal requirements. Key features of Keeper's Granular Sharing Enforcements include: Auditing: Keeper provides clear alerting and reporting on over 100 different event types. Version control: Only a small subset of users have permissions to update or share records, helping teams ensure information is consistent and accurate. Seamless access on any device: Keeper provides the same user experience across platforms, ensuring cross functionality and ease of use, whether on web, desktop or mobile. Encryption: Keeper provides secure sharing with elliptic curve encryption, ensuring cybercriminals cannot intercept passwords or other shared records in transit. Keeper Administrators can easily customize permissions to best suit the compliance needs of their organization. Administrators modify permissions in the Enforcement Policies section of the Admin Console for the chosen role by selecting Creating and Sharing. Most permissions are activated by default for maximum security. Enforcements have been designed to be simple and powerful, allowing admins to choose the appropriate settings for their unique needs. Granular Sharing Enforcements will be available for all sharing needs within Keeper's Enterprise Password Manager, Keeper Secrets Manager and KeeperPAM. With Keeper's zero-knowledge password management and security platform, IT administrators have complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies, including strong, unique passwords, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and other security policies. Keeper Secrets Manager® is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data. Its latest offering, KeeperPAM™, provides next-generation Privileged Access Management (PAM) that is disrupting the traditional PAM market. KeeperPAM delivers enterprise-grade password, secrets and privileged connection management within a unified SaaS platform that is cost-effective, easy to use and simple to deploy. KeeperPAM enables least-privilege access with zero-trust and zero-knowledge security. Enterprises select Keeper because of its strong security architecture, ability to support federated and passwordless authentication with any identity provider, seamless integration into on-premises, cloud or hybrid environments and ease of use across desktop and mobile devices. About Keeper Security Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper's affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

Data Security

Boomi Strengthens Commitment to Data Security and Compliance by Achieving StateRAMP Authorization

Boomi | January 12, 2024

Boomi™, the intelligent connectivity and automation leader, today announced that the Boomi platform has achieved StateRAMP Authorization. This achievement reflects Boomi’s unwavering commitment to data security and compliance, and to delivering a secure and reliable solution that government agencies can rely on to safeguard their data and operations. “At Boomi, we are committed to democratizing modernization. Securing StateRAMP authorization for our platform was paramount, enabling public sector organizations to seamlessly and securely integrate and leverage cloud applications,” said Sean Wechter, Chief Information Officer at Boomi. “Through a strategic alliance with StateRAMP, Boomi actively collaborates with its leadership board, facilitating streamlined documentation and audit processes to expedite digital transformation within the public sector." According to the U.S. Government Accountability Office, government agencies plan to spend billions of dollars each year to support their IT and cybersecurity efforts, including transitioning IT resources to secure, cost-effective commercial cloud services.1 However, agencies are challenged to select secure cloud-based solutions, making it difficult for these organizations to modernize and improve constituent experiences. StateRAMP, a nationally recognized risk authorization management program that provides a standardized approach to assessing cloud products, improves security and simplifies procurement by building a pool of pre-authorized Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) solutions for public sector entities. As organizations more frequently implement cloud-based solutions, they also require validated access to integration platform as a service (iPaaS) to streamline application and resource integration. iPaaS integrates cloud-to-cloud, cloud-to-on premises, and on-premises-to-on-premises platforms, helping public sector organizations break down data silos to enhance information flow, improve citizen services, and increase operational effectiveness. About Boomi Boomi aims to make the world a better place by connecting everyone to everything, anywhere. The pioneer of cloud-based integration platform as a service (iPaaS), and now a category-leading, global software as a service (SaaS) company, Boomi touts the largest customer base among integration platform vendors and a worldwide network of approximately 800 partners – including Accenture, Capgemini, SAP, and Snowflake. Global organizations turn to Boomi’s award-winning platform to discover, manage, and orchestrate data, while connecting applications, processes, and people for better, faster outcomes. For more information, visit boomi.com.

Read More