DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Neosec | November 16, 2022
Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to enable organizations to fully see and store API data, removing the possibility of keeping sensitive data at-rest.
Today, many organizations are blind to the threats lurking within their API traffic. Even worse, organizations are forced to implement basic logging of its API traffic that doesn't contain the meaningful information about who accessed, what records were accessed or manipulated and how. There exists a justified fear of logging sensitive data or being out of compliance, and with the lack of technology that can perform it at scale, they prefer to log with low fidelity. Those logs tell you that "somebody modified or accessed a record" but typically don't disclose who accessed it, which record, or what action was performed.
This decision also results in a downstream issue of "insufficient logging", which is noted by the Open Web Application Security Project as one of the top security problems in its 2021 OWASP API Top 10. "Insufficient logging" is poor for incident forensics and, in practice, means that you can't detect abuse or investigate a case, even if you know it happened.
Tokenization is the process of substituting a sensitive data element, like a credit card number, for a non-sensitive equivalent that has no intrinsic or exploitable value or meaning. Neosec's automated tokenization is part of its 'privacy by design' philosophy and is already deployed successfully at customers around the world in financial services, insurance and hospitality companies among others.
The process allows retaining tokenized API activity data for the purposes of performing true behavioral analytics over time, ensures that sensitive data is never stored at rest, and enables only the customer to de-tokenize, based on the strictest data privacy practices.
"Solving API security starts with basic visibility and the ability to see how the APIs are used. The problem is that virtually every company logs API activity with low fidelity that doesn't enable this basic visibility. "In order to perform true behavioral analytics and investigate cases you must store and examine historical data. But if this analysis is performed on un-tokenized data you risk storing PII and creating compliance issues. Neosec successfully retains all API activity data, in the highest fidelity, and ensures it meets data privacy standards."
Giora Engel, co-founder and chief executive officer, Neosec
This focus on data and the visibility it brings is what previously defined the creation of the EDR (Endpoint Detection & Response) security space. "Trying to implement API security without enabling basic visibility of activity is like going back to the antivirus age before the advent of EDR. Visibility into API activity allows you to detect threats, understand behavior, investigate and remediate" said Engel.
The Neosec API security solution discovers and maintains an up-to-date inventory of all APIs in use by an organization and then uses machine learning and behavioral analytics on tokenized data to find fraud and abuse by third parties and attackers. Neosec also enables proactive API threat hunting and investigations without storing any sensitive data.
The automated API data tokenization is now a capability of the Neosec platform and is fully available. There is no extra cost for use of this unique capability.
Neosec is re-inventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities together with a team of expert threat hunters. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel.
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
BigID | September 23, 2022
BigID, the leading data intelligence platform that enables organizations to know their enterprise data and take action for privacy, security, and governance, today announced native data security controls for Snowflake, alongside becoming the first Snowflake partner to achieve Snowflake Ready Technology Validation in both" Data Security" and "Data Cataloging".
BigID provides Snowflake customers with simplified access control, a data-centric approach to data masking, and accelerated security controls to better manage and protect their data. With Snowflake Ready Technology Validation, these integrations make it easier than ever for joint customers to manage and protect their sensitive data in Snowflake Data Cloud.
As a validated solution in both data security and data cataloging, customers can:
Gain continuous control of their snowflake data and automatically detect new and changed data
Automatically find and classify all types of data - including dark data - alongside sensitive, regulated,critical, and personal data
Streamline access policy definitions with a data-driven approach
Apply intelligent tag-based data masking based on sensitivity and type
"With this validation, our customers gain the trust and confidence that BigID has been battle tested against Snowflake best practices across deployment, performance, security, compliance, and more. "We're thrilled to continue to deepen our relationship with Snowflake, and drive innovation together across the modern tech stack."
Nimrod Vax, Head of Product at BigID
BigID's data intelligence platform enables organizations to know their enterprise data and take action for privacy, security, and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, a Business Insider 2020 AI Startup to Watch, and an RSA Innovation Sandbox winner.
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Malwarebytes | October 13, 2022
Malwarebytes™, a global leader in real-time cyber protection, today launched Malwarebytes Managed Detection and Response (MDR), which combines EDR technology and human-delivered security expertise to provide 24/7 threat hunting, monitoring, and response.
Amid a shortage of skilled cybersecurity professionals, many organizations lack the time and expertise to monitor and validate security alerts around-the-clock. Teams also struggle to fully utilize the forensics and threat hunting tools provided by EDR platforms and can miss identifying hidden threats before they become infections. Without the time for thorough incident investigations of the scope and root cause of an event, organizations are left with ineffective remediation plans and risk repeating the incident cycle.
By providing world-class security analysts, third-party intelligence, and threat analysis tools, Malwarebytes MDR can extend the capabilities of existing teams or completely fill the need of organizations lacking dedicated security staff. The Malwarebytes MDR analysts are constantly monitoring and triaging alerts, hunting for hidden threats, and either directly remediating or providing customized guidance to organizations. For any SMB or MSP with more alerts than they can handle, Malwarebytes MDR enables organizations to prioritize critical alerts, detect advanced malware attacks, analyse past indicators-of-compromise, and bolster ongoing resiliency.
"There simply aren't enough hours in the day for most organizations to adequately address a barrage of alerts. But they don't have to do it alone. "We've recruited an incredible team of dedicated experts across the globe and empowered them with our award-winning tools and AI-based threat modeling to be a powerful force-multiplier for SMBs and MSPs. This is just the beginning as we continue to accelerate product innovation and deliver new services to secure chronically underserved SMBs and empower MSPs to be their heroes."
Bob Shaker, Vice President of Managed Services at Malwarebytes
Specifically, Malwarebytes MDR will:
Supplement security expertise: Augments security staff with an instant team of experts to correlate threat data, enrich alerts and respond to threats 24/7.
Expedite threat response: Bolsters cyber resilience with effective protection and flexible remediation options to detect and respond to attacks as they occur.
Reduce security costs: Quick time-to-value and improved efficiency for security operations with technology-supported, expert services that significantly reduce security costs.
Advance security posture: Built upon Malwarebytes' industry-tested and proven Malwarebytes EDR which applies advanced data analytics and near real-time threat intelligence to detect zero-day and other hidden threats.
Provide rapid time-to-value: Automated onboarding that gets SMBs and MSPs from purchase to service operation fast and easy.
Assist in meeting compliance requirements: Prevents threats to security, availability, integrity, and privacy of customer data in support of compliance with the broad range of regulatory requirements.
Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, that mission has expanded to provide cyber protection for everyone. Malwarebytes provides consumers and organizations with device protection, privacy, and prevention through effective, intuitive, and inclusive solutions in the home, on-the-go, at work, or on campus. A world-class team of threat researchers and security experts enable Malwarebytes to protect millions of customers and combat existing and never-before-seen threats using artificial intelligence and machine learning to catch new threats rapidly. These capabilities have been lauded by independent third parties including, among others, MITRE Engenuity, MRG Effitas, AV-TEST (consumer and business), G2 Crowd and CNET. With threat hunters and innovators across the world, the company is headquartered in California with offices in Europe and Asia.