ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BreachLock Releases API Penetration Testing Service to Improve API Security Testing for Companies

Prnewswire | March 29, 2023 | Read time : 04:00 min

BreachLock Releases API Penetration Testing Service

BreachLock officially launched its API Penetration Testing Service today, making API security testing faster, more scalable, and more affordable compared to alternative pentesting providers. The company is best known for its human-led, AI-enabled Pen Testing as a Service (PTaaS) solution delivered via its award-winning client portal. API penetration testing will help organizations prevent cybercriminals from exploiting unpatched API vulnerabilities to perpetrate cybercrimes.

BreachLock is known for its innovative pentesting approach as a leader in the emerging PTaaS market. With a global reputation for delivering enterprise-grade penetration testing services, Breachlock leverages automation to ensure affordability and speed for clients held back by alternative pentesting options. With integrated remediation, companies can decrease their window of exposure to critical API vulnerabilities fast. Clients receive evidence-backed pentest reports with guided remediation on critical vulnerabilities, along with 12 months of access to retest, generate reports, and run scans inside the client portal.

Regarding its new security testing offering, BreachLock's Founder & CEO, Seemant Sehgal, comments, "With the rise in security breaches involving insecure APIs, it's our responsibility to enable clients to prevent similar incidents." Sehgal adds, "Staying ahead of cyber adversaries is the name of the game. With today's threat landscape, agile pentesting is the key to combatting security breaches, especially when done regularly."

BreachLock's API pentesting service is conducted by 100% in-house, certified expert pentesters (e.g., CREST, OSCE, OSCP, CISSP, CEH) that leverage AI and automation to accelerate the process and deliver more accurate results that closely correlate with OWASP best practices. Its security experts apply maximum business logic to every API pentest during a manual deep dive and ensure zero false positives by validating automated findings.

About BreachLock

BreachLock® is a global leader in cybersecurity and Penetration Testing services combining the power of human hackers, artificial intelligence, and automation. Engineered for agility and scalability for digital environments of any scale, on its cloud-native platform, BreachLock delivers full-stack, Human-led, AI-enabled, Pen Testing as a Service (PTaaS), enabling organizations to accelerate pentesting by 50% and reduce TCO by 50% in comparison to alternative penetration testing companies. BreachLock helps clients accelerate their security maturity, meet compliance requirements (i.e., PCI DSS, ISO 27001, HIPAA, GDPR, SOC 2), and conduct third party security vendor assessments.

Spotlight

Learn how you can identify undocumented and unmanaged APIs in the Wallarm console with our new and improved Shadow API Detection capability:

Spotlight

Learn how you can identify undocumented and unmanaged APIs in the Wallarm console with our new and improved Shadow API Detection capability:

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tessian Launches Advanced Email Threat Response Capabilities for Security Teams

Prnewswire | April 26, 2023

Tessian, a leading Integrated Cloud Email Security company, today announced the general availability of Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions. Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls, and spend too much investigating and remediating individual emails. Tessian Respond enables security teams to quickly identify and respond to all email threats by offering proactive threat hunting capabilities and enabling response and remediation for end-user reported emails. Security admins can now use powerful search queries that leverage intelligence and threat indicators from across the entire Tessian platform. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform which offers the industry's most complete set of capabilities required for cloud email security: Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach, in a simple to deploy model. "At Tessian, we are focused on helping our customers eliminate email based threats," said Allen Lieberman, Chief Product Officer of Tessian. "As customers pivot to cloud based email platforms, they are reconsidering their email security stack to prevent more threats and simplify operations. With the introduction of Tessian Respond, combined with our existing Defend, Protect, and Coach capabilities, Tessian has established a platform that can be deployed in minutes, dramatically reducing email based risk and greatly simplifying operations." "Tessian stops email threats, including Phishing, Business Email Compromise and attacks that could lead to Ransomware or Credential theft on a daily basis," said Jason Patterson, Senior Director of InfoSec, Compliance and Risk Management at Nasuni. "Without Tessian, these threats would have reached our end users. The platform is easy to use for both administrators and end users. However, Investigating the larger impact of an email threat used to take 20 minutes or longer, due to pivoting between multiple tools and powershell scripts. With Tessian Respond, we can now pivot directly from a security event to an investigation in the Tessian platform that allows us to quickly understand the broader risk and remediate the full attack campaign in just a few clicks." About Tessian Tessian's mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error - like data exfiltration, accidental data loss, business email compromise and phishing attacks - with minimal disruption to employees' workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.

Read More

DATA SECURITY, INFOSEC PROJECT MANAGEMENT

LogRhythm Announces Partnership with Zscaler to Address Cloud Access Security Challenges Faced by the Modern SOC

Businesswire | April 24, 2023

LogRhythm, the company empowering security teams to navigate the ever-changing threat landscape with confidence, announced its partnership with Zscaler, the leader in cloud security. LogRhythm and Zscaler work together to help organizations around the globe increase network insight and address a variety of cloud access security challenges faced by the modern SOC. LogRhythm SIEM and the Zscaler Zero Trust Exchange™ platform provide unparalleled visibility and security to facilitate a modern Zero Trust architecture. Zscaler secures all user, workload, and device communications over any network, anywhere. The integration with LogRhythm provides visibility into everything occurring in your network, and the websites and cloud-based resources employees are using. This level of visibility is crucial to protecting organizations. With a Zero Trust approach on many organizations’ minds, it’s imperative to have the right tools to defend against cyber threats. The LogRhythm SmartResponse™ for Zscaler Internet Access (ZIA)™ enables remediation actions from the LogRhythm console. As logs are ingested from Zscaler’s Nanolog Streaming Service (NSS) into the LogRhythm SIEM platform, the LogRhythm SmartResponse™ for Zscaler can also automatically denylist the URL in Zscaler when a banned keyword or URL is detected. “Securing an organization’s systems and networks begins with high-fidelity and trustworthy log data. LogRhythm’s expertise in turning log data into actionable insights delivered through dashboards and analytics is unrivaled in the industry,” said Andrew Hollister, Chief Information Security Officer at LogRhythm. “The combined benefits of LogRhythm SmartResponse™ and Zscaler Internet Access facilitate modern Zero Trust architecture that is the security backbone of companies across the globe.” The LogRhythm SmartResponse™ for Zscaler performs several actions including denylisting a URL, getting policy information, and adding a URL category. It simplifies running actions between the SIEM and Zscaler by centralizing day-to-day security tasks to a single console. Other key benefits of this integration include: Simplified ingestion and contextualization of Zscaler log data Accelerated detection of unwanted or denylisted URLs Use of a single console to investigate and block suspicious website access Faster response with enhanced investigative capabilities “Zscaler’s Zero Trust Exchange reduces the attack surface and enforces cybersecurity policies, and this new integration with LogRhythm can help security teams with richer insights," said Amit Raikar, VP of Technology Partnerships at Zscaler. "By leveraging Zscaler APIs for cloud-to-cloud log streaming, LogRhythm customers can gather threat and policy telemetry across a hybrid workforce accessing multicloud and SaaS applications, giving analysts a complete picture from the depth of information in Zsacler logs for optimal threat hunting and investigations." This new announcement continues LogRhythm’s impressive momentum from 2022 into this year. In addition to announcing a series of expanded capabilities and integrations for its security operations solutions, which included updates to the company’s cloud-native LogRhythm Axon platform, LogRhythm also announced its integration with SentinelOne. The integration streamlines security operations and improves response workflow, helping overwhelmed security teams cut through the noise and gain precise insights into cybersecurity threats. About LogRhythm LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency. With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

ReliaQuest Announces Launch of GreyMatter Phishing Analyzer

ReliaQuest | March 08, 2023

On March 7, 2023, ReliaQuest, a leading firm specializing in security operations, announced the addition of Phishing Analyzer to its GreyMatter platform, which is now available globally. This capability automates the entire abuse-mailbox management process, reducing the risk of phishing attacks by analyzing suspicious emails, taking remedial action, and sending follow-up notifications to users. Phishing attacks are a persistent and time-consuming issue, and although many organizations have Secure Email Gateways (SEGs) to combat email-based threats, malicious emails still manage to get through. Most phishing emails trick users into sharing valuable information, leading to costly Business Email Compromise (BEC) incidents that have cost organizations over $43 billion since 2016. In response, organizations are increasing their phishing awareness programs to empower contractors, employees and partners to help the security team battle against email phishing. However, the constant need for vigilance and alertness can lead to alert fatigue and burnout among employees. Even when users spot phishing emails, they need a way to notify security teams to prevent email-based attacks. GreyMatter Phishing Analyzer automates this process, allowing security teams to evaluate email-based threats in order to determine how they are gaining access and who has been affected, potentially saving thousands of hours and reducing employee dissatisfaction. GreyMatter Phishing Analyzer removes the burden of the abuse-mailbox by automatically analyzing reported emails to determine whether they are malicious or benign. If malicious, the reported email is removed from the user's inbox, as well as other matching emails from across the organization. Additionally, the tool enables security teams to see the full scope of the phishing attack without leaving the platform, and ReliaQuest's machine-learning capabilities speed up the analysis process, identifying phishing campaigns targeting the organization by matching against duplicate and similar emails across the organization. Once thoroughly analyzed, the tool automatically sends an analysis report to the security team and an analysis decision (benign or malicious) to the reporter, enabling security teams to add security controls for stronger protection. Overall, GreyMatter Phishing Analyzer can help organizations reduce the risk of phishing attacks and allow their employees to protect their organization better. About ReliaQuest ReliaQuest is a leading firm that boosts security operations. Its platform, GreyMatter, automates detecting, investigating, and responding to security threats across different tools and applications, including cloud, endpoint, and on-premise environments. The company has established a global presence, serving more than 700 customers, with 1,200 professionals spread across six operating centers worldwide. Its primary objective is to enable businesses to achieve their security goals. Trusted by numerous Fortune 1000 organizations, ReliaQuest supports risk management and initiative acceleration. It maintains a significant international footprint as a privately held entity headquartered in Tampa, Florida.

Read More