Platform Security, Software Security, API Security
Businesswire | June 28, 2023
Cequence Security, the leader in API Protection, today announced new updates to the Unified API Protection (UAP) platform that strengthen customers’ ability to discover, manage risk and protect APIs. With the latest capabilities, organizations can rapidly deploy API Security Testing with built-in generative AI automation, protect users from online fraud and operationalize security findings with low-code/no-code workflows.
“We are always exploring ways to further automate and improve our UAP solution and help our customers consolidate the tools required to stay ahead of the threat actors,” said Ameya Talwalkar, founder and CEO. “The updates to our platform continue to set us apart from other point solution vendors in the API security space as we are providing our customers with the only integrated best-of-suite approach to discover, comply, test and protect their APIs.”
“Today, we are also excited to share we are the first API security vendor to take advantage of the game-changing Generative AI and no-code security automation within our UAP solution to better protect users from online fraud and simplify security findings,” continued Talwalkar.
Enhance API Security Testing with Generative AI
With the enormous potential of generative AI tools like ChatGPT and Google Bard, Cequence is one of the first cybersecurity companies and the first API Protection company to leverage its power to protect data and users from bad actors. Cequence has added several new capabilities to API Security Testing, including Test Plan generation using a new feature called Intelligent Mode that helps automate the generation of API Security Test Plans using plain English, extending the low-code/no-code approach to test case generation. Cequence UAP's Intelligent Mode automatically associates the appropriate APIs with the right test cases, given the functionality of that API. This not only drastically reduces the time needed to create a test plan to minutes, as compared to months with other solutions, it also ensures consistent experience across a customer's entire applications and environments.
Several other enhancements include detailed insights and remediation workflows into test failures. The test catalog now has test cases for the latest OWASP API Top 10 2023. Cequence also empowers InfoSec teams to run API tests outside of CI/CD pipelines, and instead, point attack test suites directly against staging or even production servers.
New Fraud Prevention Capabilities
To enable organizations to protect their APIs from online fraud, Cequence has introduced the Fraud Prevention module in API Spartan. The new module enables organizations to protect their end-customers from online fraud and instantly take action, including blocking transactions and generating enterprise-grade notifications to relevant teams.
Protecting applications and users against online fraud complements the existing capabilities of Cequence to detect and block business logic abuse, account takeover (ATO) attempts, common OWASP API Top 10 security risks and automated malicious traffic.
Operationalize API Protection with Low-Code/No-Code Security Automation
Cequence has introduced out-of-the-box integrations with over 300 third-party apps, including ServiceNow, PagerDuty, JIRA and Slack. Using off-the-shelf connections to these apps, security analysts can ensure security risks or threats are routed promptly to their business teams for remediation.
Security analysts can use a low-code/no-code approach within Cequence to implement the equivalent of an API Security Orchestration and Response (SOAR) workflow, wiring together multiple third-party connections to achieve their desired outcomes. Using this approach, analysts can operationalize workflows that promptly remediate critical API security risks, such as the discovery of shadow APIs that have access to sensitive data and new security risks of weak authentication or non-conformance to OpenAPI specifications in newly built pre-production CI/CD pipelines.
Enhanced Visibility of External Facing APIs with API Spyder
New enhancements to API Spyder enable customers to easily identify APIs that are externally accessible, but not entirely protected by Cloud Security Posture Management (CSPM) infrastructure. Additionally, this approach offers a seamless complement to API Sentinel's deep insights into runtime API inventory and compliance checking using the OWASP API Security Top 10 and other custom risk categories.
With the latest Unified API Protection platform updates, organizations can now protect their users from online fraud, operationalize security findings with low-code/no-code API SOAR-like workflows and rapidly deploy API Security Testing with built-in Generative AI automation. These capabilities continue to set Cequence apart from other point API security, bot management, anti-fraud and WAF vendors by having the industry’s first and only Unified API Protection platform that covers the entire API lifecycle. With UAP, customers can discover with API Spyder, comply with API Sentinel and protect with API Spartan.
About Cequence Security
Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory, compliance, dynamic testing with real-time detection and native mitigation to defend against fraud, business logic attacks, exploits and unintended data leakage. Cequence Security secures more than 6 billion API transactions a day and protects more than 2 billion user accounts across our Fortune 500 customers. Learn more at www.cequence.ai.
Enterprise Security, Platform Security, Software Security
Business Wire | August 08, 2023
SecurityScorecard today announced new partner-focused Managed Cyber Risk Services designed to help customers of all types and sizes operationalize third-party cyber risk management. With 98% of organizations having a relationship with at least one-third party that experienced a breach, SecurityScorecard combines its industry-leading platform and experts to solve the third-party cyber risk puzzle.
“Many CISOs are challenged with manual third-party risk approaches that are inconsistent and focused on checkbox compliance. Customers consistently shared that they need a way to operationalize third- and fourth-party cyber risk management,” said Aleksandr Yampolskiy, CEO and Co-Founder, SecurityScorecard. “Today, SecurityScorecard is meeting that customer need. The next evolution of security ratings will focus on operationalizing cyber risk management and threat intelligence to directly impact our customers’ ability to deliver on their mission.”
Industry-first integrated security ratings platform + third-party managed cyber risk services approach
SecurityScorecard’s offering is unique in the market as the only solution of its kind to combine Managed Cyber Risk Services with a complete, battle-tested product suite of solutions.
With over 3,000 customers across the globe, SecurityScorecard Managed Cyber Risk Services was developed with customers and will be delivered by partners to achieve strategic business and security outcomes, including:
Identifies and mitigates third-party cyber risk: Dynamically discovers risk across a customer’s attack surface, including their third- and fourth-party ecosystem, to dramatically reduce the risk of a compromise. Verifies that vendors’ vulnerabilities or other security issues are remediated.
Addresses cybersecurity skills gap: Improves the capacity of customers’ security teams. SecurityScorecard works hand-in-hand with customers or through partners to deliver the strategic and tactical capabilities needed to maximize the value of the SecurityScorecard platform.
Manages third- and fourth-party risk portfolio: Continuous monitoring, investigation, and analysis of risk indicators with centralized threat intelligence. Proactively identifies cyber threats across a customer’s unique attack surface. Manages alerts for customers.
Makes security ratings more actionable: Incorporates business context to drive decisions. Deploys best practices to improve security posture. Proven playbooks proactively protect customers and support incident response if an incident occurs.
Verifies contract compliance: Streamlines contract security compliance through a defensible, traceable process. Proactively manages vendor communication, questionnaires, and escalation management.
Tracks issues resolved: Measures results based on trusted analysis, timely delivery, and empowering guidance. Estimates time saved to demonstrate return on investment.
Enhances board reporting: Effectively communicates third-party cyber risk and benchmarks against peers. Customers also have the flexibility to run their own research, reports, and investigations.
Delivers peace of mind: Ensures customers’ third-party risk management program is handled by the best and brightest minds in the industry. SecurityScorecard solves complex customers’ challenges by evaluating, improving, and implementing their third-party cyber risk programs.
SecurityScorecard Managed Cyber Risk Services are directly connected to the SecurityScorecard Platform, allowing drill down into specific portfolios, companies, findings, and issues. Built on an API-first architecture, data can be directly ingested into their own security stack and reporting tools or integrate into their preferred MSSP or services provider to achieve improved security and business outcomes.
SecurityScorecard adds former Mandiant leader to the executive team
With the acquisition of LIFARS in 2022, SecurityScorecard gained a team of elite cybersecurity risk experts. Then in July 2023, the company appointed cybersecurity veteran and former Mandiant leader Jeff Laskowski as Senior Vice President and General Manager of Professional Services.
“Over the past year, SecurityScorecard has delivered several innovative solutions to the market: The world’s first third-party focused attack surface management solution. Automatic vendor detection to identify unknown third- and fourth parties connected to their business. Risk quantification technology that helps risk management teams understand their financial exposure,” said Jeff Laskowski, Senior Vice President & General Manager, Professional Services, SecurityScorecard. “As we consolidate adjacent solutions into our platform, combined with expert services, we not only help our customers build economic efficiencies but also effectively mitigate third-party risk.”
Partner-focused approach closes third-party cyber risk gaps for customers
SecurityScorecard’s partner-focused managed services approach enables customers to leverage SecurityScorecard experts and a broad ecosystem of service delivery partners. This approach amplifies the benefits of the SecurityScorecard platform, gaining the economic benefits of scale and further enhancing customer relationships with service providers.
In addition, partners that leverage the “Powered by SecurityScorecard" brand will deliver the fastest time to value to their customers and ensure they are providing the gold standard of service based on SecurityScorecard’s decade of experience in third-party cyber risk management.
“Operationalizing third-party cyber risk management requires a specialized and skilled workforce. Many organizations struggle with lack of visibility into their vendor landscape, questionnaires, threats, and financial impact of risks,” said Larry Slusser, Vice President, Global Head of Professional Services Delivery, SecurityScorecard. “By applying the principles of incident response to vendor risk management, customers can take charge with a turn-key, proactive, and comprehensive program designed to eliminate business disruption and drive cyber resilience.”
Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.
Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard makes the world safer by transforming how companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. SecurityScorecard is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
Enterprise Security, Platform Security, Software Security
Businesswire | July 05, 2023
Cyware, the leading provider of AI-powered Cyber Fusion platforms for enterprises and MSSPs, and automated threat intelligence sharing for information sharing networks, today announced a $30 million Series C financing round led by Ten Eleven Ventures, a leading multi-stage investment firm specializing in cybersecurity. Also participating are previous investors including Advent International, Zscaler, Emerald Development Managers, Prelude (the venture practice at Mercato Partners) and Great Road Holdings.
The Series C financing comes as Cyware has experienced strong year-over-year growth propelled by robust market adoption, excellent customer retention, and extraordinarily large market access. Since Series A financing, Cyware has shown growth of 6x and consolidated its position as an industry leader for threat intelligence automation, security orchestration, and collaborative threat response solutions. Earlier this year, Cyware achieved FedRAMP Ready status for its Cyber Fusion platform and was named one of the most innovative and promising cybersecurity companies by JMP Cyber 66, as well as being recognized in the 2022 Deloitte Technology Fast 500 as one of the Fastest Growing Technology Firms in North America.
Cyware’s cloud-based platform is leveraged by top Fortune 1000 and MSSP security teams to transform their legacy SOCs into Cyber Fusion Centers. The platform seamlessly integrates the AI-powered threat intelligence platform (TIP) with data orchestration and workflow automation (SOAR), to facilitate and synchronize actions between cloud and on-premises security tools and technologies. This enables security teams to connect the dots on emerging threats by correlating actionable threat intelligence with detection, threat hunting, vulnerability management, and incident response operations. Cyware’s Cyber Fusion platform is modular, and the underlying TIP, SOAR, and Collaborative Threat Response components can be leveraged in combination or individually by security teams providing them greater flexibility in transforming conventional SOCs.
The Cyware platform has become the backbone of global Threat Sharing Networks. Almost all major ISACs (Information Sharing and Analysis Centers), ISAOs, and CERTs use Cyware’s platform to automate threat intelligence sharing, analysis, and actioning for more than 30,000 enterprise members and government entities. The platform also enables large conglomerates, industry groups, and private communities to activate and share threat intelligence with their distributed businesses, clients, and suppliers, and benefit from automated collective defense against ransomware, supply chain attacks, and zero-day vulnerabilities.
“Security teams today face an overwhelming amount of data, but silos across data, processes, and technologies make it very challenging to see the bigger picture and proactively stop threats," said Anuj Goel, Cyware CEO and Co-founder. “Our mission at Cyware is to break down these silos, integrate threat intelligence into SOC operations, make it easy for teams to automate response, and act immediately to anticipate and stop threats.”
“Threat actors thrive because the rest of us don’t collaborate enough,” said Alex Doll, Founder and Managing Member of Ten Eleven Ventures. “Only Cyware allows overstretched security teams to expand their risk visibility beyond their borders with innovative threat intelligence collaboration while dramatically improving response with vendor-agnostic orchestration and low-code automation. As seasoned investors in the cybersecurity field, we recognize that Cyware’s remarkable platform, revenue growth, and vast customer base – including over 20 ISACs – puts them in an enviable market position.”
Cyware plans to leverage this new round of funding to fuel further growth and accelerate channel business and strategic alliances while expanding its global footprint.
Cyware delivers an innovative approach to cybersecurity that unifies threat intelligence, automation, threat response, and vulnerability management with data insights gleaned from assets, users, malware, attackers, and vulnerabilities. Cyware’s Cyber Fusion platform integrates SOAR and TIP technology, enabling collaboration across siloed security teams. Cyware is widely deployed by enterprises, government agencies, and MSSPs, and is the leading threat intelligence sharing platform for global ISACs and CERTs.