DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Contrast Security | February 24, 2023
On February 23, 2023, Contrast Security, a leading code security platform, announced the expansion of its contrast serverless application security tool, Contrast Serverless, to support Microsoft Azure Functions and allow customers to quickly scan for security vulnerabilities across multi-cloud environments.
While serverless and cloud-native development gains popularity, organizations struggle to determine which applications are fully secured due to the 'shared responsibility security model' of public cloud providers, particularly in the case of multi-cloud IT strategies.
Contrast Serverless addresses the needs of such organizations by providing a new security tool that is specifically designed to evaluate serverless risks while identifying common vulnerabilities (CVEs), detecting misconfigurations, and revealing user privilege issues, all within a single interface.
"Data shows 74% of infrastructure decision-makers at firms that are adopting public cloud use two or more public clouds and 17% are using five or more. Therefore, it's no surprise that 82% of cloud users have experienced security events due to confusion over shared responsibility security models."
(Avoid the Security Inconsistency Pitfalls Transitioning to Serverless 2022 Report)
The addition of Microsoft Azure Functions support to the Contrast Serverless platform allows organizations to evaluate the risk of their serverless applications across Microsoft and Amazon Web Services (AWS) from a single offering.
The tool provides complete visibility of cloud-native serverless functions, allowing the AppSec team to continuously monitor the organization's serverless posture. It also allows organizations to scan open source dependencies for vulnerabilities in applications and custom code, detect misconfigurations, and identify the least privilege issues based on Microsoft Azure function policy roles and active directory configurations.
Additionally, the tool can generate a contextual Microsoft Azure Functions risk score based on the abovementioned methods, enabling teams to address the most significant risk issues first. It also has the ability to apply remediation on function code in both AWS and Microsoft Azure environments.
About Contrast Security
Contrast Security is a renowned platform for code security, purposefully designed for developers to ensure swift and secure code movement while being trusted by security teams to safeguard business applications. It allows developers, security, and operations teams can quickly secure code across the entire Software Development Life Cycle (SDLC) and protect against targeted Application Security (AppSec) attacks. The company was founded in 2014 by cybersecurity industry veterans with the aim of replacing legacy AppSec solutions that cannot protect modern enterprises. The company's clientele includes some of the most prominent brands, such as BMW, Sompo Japan, DocuSign, AXA, Zurich, American Red Cross, and numerous other Fortune 500 enterprises globally.
Read More
DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY
Arkose Labs | January 30, 2023
Arkose Labs™, one of the worldwide leaders in bot management and account security, announced the launch of Arkose Email Intelligence™. This new tool prevents bots and bad actors from using fraudulent or dangerous email addresses to target online services and apps.
Legacy email intelligence systems are not optimized and are too costly to utilize in high-volume applications such as new account registration that are targets of bot-driven assaults. Arkose Email Intelligence combines email risk discovery with the industry-leading Arkose Protect, a bot detection and challenge platform, to create the first email intelligence solution.
This solution prevents bots and bad actors from using fake, throw-away, and other high-risk email addresses to develop synthetic online accounts and launch volumetric account takeover (ATO) attacks. In the second half of 2022, the creation of bogus accounts increased by 81% compared to the first half. Additionally, 11% of all attack attempt sessions were ATOs in 2022 and were of the same severity.
Extremely high market demand exists for an email intelligence service that is both highly effective and reasonably priced. Existing services are exorbitantly costly, often compelling CISOs and product teams to use email intelligence at restricted locations more profoundly in the user flow of an application, such as during the payment transaction. This trade-off leaves important occasions, such as the creation of a new account, exposed to assault and misuse by email addresses that are fake or high-risk.
Arkose Email Intelligence is meant to provide robust abuse protection at a much lower cost than previous industry solutions. This allows businesses to afford email intelligence beyond standard transactions.
In addition to combating automated and fraud farm attacks, Arkose Email Intelligence offers organizations over forty relevant data insights. These extensive data points and signals give a multidimensional perspective of the risk connected with the email address, allowing for additional threat assessment and decision-making.
About Arkose Labs
Arkose Labs is one of the industry leaders in bot management. Its novel method identifies genuine user intent and mitigates threats in real time. In addition, risk assessments and interactive authentication difficulties degrade the return on investment (ROI) behind attacks, ensuring long-term security and enhancing consumer throughput. The firm, headquartered in San Mateo, California, with operations in Brisbane and Sydney, Australia, San Jose, Costa Rica, and London, United Kingdom, placed 106th on the North American Deloitte Fast 500 list for 2022.
Read More
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
FileCloud | January 11, 2023
On January 10, 2023, FileCloud announced the addition of Zero Trust File Sharing, bringing another layer of hyper-security to the market's most robust content collaboration platform. The latest, Zero Trust File Sharing, enables users to collaborate securely with employees along with other personnel, including external partners, vendors and clients.
This functionality extends beyond modulating share permissions or setting Data Loss Prevention (DLP) policies. Zero Trust File Sharing will become increasingly crucial for enterprises and organizations that handle sensitive or protected data, such as Personally Identifiable Information (PII) and Confidential Unclassified Information (CUI).
The emergence of cloud service technologies, remote access applications, and disappearing network edges have revealed multiple vulnerabilities in perimeter-based IT security models. The Zero Trust framework, built on a system of least privilege, provides a more resilient and adaptable approach that imposes identity authentication, regardless of where or how the request for access gets derived.
The U.S. Department of Defense has recently come up with a Zero Trust Strategy and Roadmap to eventually cover all U.S. government departments, which is likely to be adopted by the private sector. As a result, critical infrastructure sectors are ideal candidates for integrating Zero Trust File Sharing to protect their information systems from increasingly sophisticated cyberattacks launched by nation-states.
FileCloud's Zero Trust support enables enterprises to have an added layer of security on top of FileCloud's built-in access controls. The data within the environment is secured using a Zip file structure and password protection. The user can also set a Zero Trust password and create a sharing link to a file or folder.
The data remains inaccessible without this password, even with a shared direct link or in case of a data breach. Furthermore, the data remains protected by password-based encryption even if the Zero Trust protected folder is accessed via unauthorized means, including social engineering techniques.
Users who access the data with the Zero Trust password will also be restricted in their ability to edit or manipulate the data contained within the Zero Trust folder based on the share permissions.
About FileCloud
Headquartered in Austin, Texas, FileCloud is a leading hyper-secure content collaboration platform (CCP) providing data governance, industry-leading compliance, data leak protection, data retention and digital rights management capabilities to millions of users worldwide. Its complete CCP stack includes workflow automation and granular control of content sharing across most enterprise platforms. The platform offers powerful file sharing, mobile access and synchronization capabilities on public, private, and hybrid clouds to customers, including top Global 1000 enterprises, government organizations, educational institutions and managed service providers.
Read More