Home > News > featured news > CertiK Reaches for the Skies With the Release of Its New Security Services

Software Security

CertiK Reaches for the Skies With the Release of Its New Security Services

CertiK | July 16, 2022 | Read time : 3 min

CertiK
CertiK, the leading global Web3 and blockchain security firm, today announced the launch of several web3 Skynet security features to bolster end-to-end security for the web3 world. New features include:

  • Skynet Trust Score - a new scoring mechanism aimed at simplifying the definition of crypto project risk, increasing transparency into scoring mechanisms and demonstrating market health.
  • Skynet Cohort Analysis Panel - a way for projects to see how they rank against other similar projects in order to help users contextualize the risk of a project by displaying its performance against comparable projects.
  • Badges and honors for project achievements to strengthen credentials in their respective fields

The Skynet service, launched in June 2021, uses a comprehensive set of signals, curated from code scanning analysis, on chain security analytics, and machine learning to provide 24/7 monitoring of threats for crypto projects. To date, Skynet has helped to protect and monitor over 4 billion transactions.

As part of its strategy, CertiK set out on a mission to address both business and consumer value services through its security leaderboard found on its website. Delivering on this promise, CertiK’s release of new Skynet features provides further simplicity and transparency to consumers around project risk, while also giving credit to projects where needed through badges and honors.

“We’re very excited to launch these new Skynet features. “Through feedback from customers and the community, we’ve recognized the need to innovate around security risk in a simpler way that caters to both business and consumer needs. This is just the beginning of our journey as we continue to innovate in response to community needs and deliver on our promise of securing the web3 world.”

Kevin Liu, Chief Product Officer at CertiK

As part of its portfolio expansion, CertiK also recently released on its Twitter an autonomous security alert channel, which provides real-time alerts to the community on hacks, flash loan attacks, rugpulls and suspicious activity. To date, CertiK has flagged over $1.45 Billion in security incidents since the release of the service in February this year.

The growing demand for Web3 security has driven further development and operation of more innovative and data-driven security products for the blockchain industry. CertiK is meeting these demands through innovative products like Security Leaderboard, Code Auditing, KYC and now this next series of Skynet security features.

About CertiK
CertiK’s mission is to secure the Web3 world. Starting with blockchain, CertiK applies cutting-edge innovations from academia into Enterprise, enabling mission-critical applications to be built with security and accuracy. Headquartered in New York City, CertiK was founded by computer science professors Ronghui Gu and Zhong Shao. CertiK is backed by industry leaders, including Insight Partners, Tiger Global, Sequoia, Coatue Management, Advent International, Goldman Sachs, Lightspeed, SoftBank Vision Fund 2, Hillhouse Capital, Binance, Coinbase Ventures, and more.

Spotlight

Navigating Social Media Threats: A Digital Risk Protection Playbook

Threat actors are using social media to target enterprises and their customers with fraudulent accounts. The nature of instant sharing on social media means organizations can face swift reputation damage or financial loss if they fall victim to one of the many threat types used on these platforms. In order to effectively protect

More featured news

Spotlight

Navigating Social Media Threats: A Digital Risk Protection Playbook

Threat actors are using social media to target enterprises and their customers with fraudulent accounts. The nature of instant sharing on social media means organizations can face swift reputation damage or financial loss if they fall victim to one of the many threat types used on these platforms. In order to effectively protect

Related News

Data Security, Software Security, Cloud Security

Lookout Introduces Gen AI Assistant ‘Lookout SAIL’ to Transform Cybersecurity Operations

Business Wire | August 11, 2023

Lookout, Inc., the endpoint-to-cloud security company, today announced the launch of Lookout SAIL, the Company’s new generative artificial intelligence (gen AI) assistant that will reshape the way cybersecurity professionals interact with Lookout Mobile Endpoint Security and Lookout Cloud Security solutions and conduct cybersecurity analysis and data protection. In the rapidly evolving landscape of cybersecurity, companies are engaged in an ongoing battle against cyber criminals who are constantly innovating new tactics. As cyber threats become increasingly sophisticated, every organization faces challenges such as a growing skills gap and resource constraints that hinder the operational efficiency of cyber defenders. Lookout SAIL’s functionalities focus on security education, platform navigation and security telemetry analysis. This gen AI assistant serves as a valuable companion, offering insights and assistance to users, ultimately streamlining tasks such as administration, policy creation, incident response and threat hunting. Lookout SAIL allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. Through its integration into Lookout's existing user experience, Lookout SAIL also enhances workflow and accelerates user interactions, leading to increased productivity and effectiveness. Lookout SAIL capabilities include: Platform navigation and operational efficiency: Speeds up onboarding to the Lookout platform, guiding new users through relevant platform features and answering onboarding questions within the chat feature. Users can easily “sail” around the platform to obtain answers, visualize results, and perform desired actions. Example: “Help me add a new admin to the system.” Security status: Allows users to ask questions about specific tenants and investigate their organization’s security posture. Example: “Find high and medium-risk iOS devices that have anti-phishing features enabled.” Security education: Equips users with up-to-date industry knowledge on basic and emerging topics. Example: “What is the difference between Secure DNS and On-Device VPN?” “Lookout SAIL is a force multiplier for cyber defenders. It allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. It’s the start of a journey that fundamentally transforms how people interact with systems and information, touching everything from onboarding to training, as well as cybersecurity tasks like administration, policy creation, incident response, and threat hunting,” said Aaron Cockerill, Chief Strategy Officer, Lookout. “Think of Lookout SAIL as a helpful companion, providing useful information to the user and taking them directly where they need to be, even performing actions for the user on demand.” Lookout has a storied history with AI and machine learning. Since its founding 15 years ago, Lookout has treated mobile cybersecurity and anti-phishing as a Big Data problem — and one that requires machine learning to solve. The Company also applied the same strategy to security against insider threats and account takeovers, pioneering the use of machine learning to monitor user behavior to prevent data leakage and exfiltration. The Company now has the world’s largest mobile security dataset. Lookout platform analyzes telemetry from 215 million Android and iOS devices, 269 million apps from app stores worldwide and hundreds of millions of web destinations to uncover hundreds of phishing sites every day. This enables Lookout customers the ability to detect and respond to security threats in real-time on mobile endpoints and in the cloud. About Lookout Lookout, Inc. is the endpoint-to-cloud security company purpose-built for the intersection of enterprise and personal data. We safeguard data across devices, apps, networks and clouds through our unified, cloud-native security platform — a solution that's as fluid and flexible as the modern digital world. By giving organizations and individuals greater control over their data, we enable them to unleash its value and thrive. Lookout is trusted by enterprises of all sizes, government agencies and millions of consumers to protect sensitive data, enabling them to live, work and connect — freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter.

Read More

Data Security, Platform Security, Software Security

Laminar Adds SaaS and Deepens Data Warehouse Support for its Data Security Platform

Businesswire | July 20, 2023

Laminar, the leading agile data security platform provider, today announced it has added Microsoft SharePoint Online and Google BigQuery to its existing support for Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, and Snowflake. The additions make the Laminar Data Security Platform the first and only cloud-native data security solution to support all major cloud service providers (CSPs), leading data warehouses, and common software-as-a-service (SaaS) applications used by today’s top enterprises. The cloud’s limitless potential is rooted in the data that an organization has, and what they do with it. To power innovation, 94% of enterprises use cloud services and applications. Microsoft SharePoint is the third most popular enterprise application, with 65% of its users adopting the cloud version, SharePoint Online. Employees routinely collaborate on shared content, and developers work with it as well to automate business processes, track progress, and share information across departments or with partners. Similarly, Google BigQuery is one of the top three data warehouse solutions. It is a powerful analytics platform that excels at processing and analyzing massive volumes of data quickly and efficiently. With its scalable architecture and advanced querying capabilities, BigQuery enables organizations to gain valuable insights from their data in real time, empowering data-driven decision-making and accelerating business growth. Both solutions enable developers, data scientists, and other innovators to be creative and extract the maximum value from their operational data. For instance, business intelligence staff may use these tools to analyze customer purchase patterns or sales trends, while data scientists may look out for hidden associations within the data to inform new strategies. Unfortunately, these same activities also open organizations up to significant risk by generating unknown or “shadow” data — a top concern for 93% of data security and governance professionals. Data security needs to be agnostic to the infrastructure in which data resides. Security posture must also travel with the data, as it moves through the cloud and the related data warehouses and applications. By adding support for Microsoft SharePoint Online and Google BigQuery, customers using the Laminar Data Security Platform can now discover, classify, and secure data in even more environments. Thus, data security and governance teams can see and secure their organizations’ data consistently across the entire digital landscape. "Data security is different, and more challenging in the cloud. Shadow data is everywhere and data security pros want to know where their sensitive data is, how it is accessed, used, and protected. Whether its structured, unstructured, managed, in SaaS, data warehouse, or embedded database” said Amit Shaked, CEO and Co-Founder, Laminar. “They are not experts in SaaS/PaaS/IaaS and certainly not individual data storage services. They want visibility into all their cloud data from a single source. Our continued support for the diversity of cloud environments, including now SaaS, means customers can have a unified, consistent approach to data security.” The news continues Laminar’s ongoing product innovation, following the announcement of support for GCP and Snowflake, as well as data detection and response (DDR) and data access governance (DAG) capabilities. About Laminar Laminar is the leading agile data security platform and provides organizations with the visibility and control they need to achieve data security, governance, and privacy in the cloud. Our cloud-native data security solution continuously discovers and classifies all cloud data, structured and unstructured, across managed and self-hosted data stores, including unknown shadow data, without the data ever leaving your environment. It analyzes access, usage patterns, and security posture, and provides actionable, guided remediation for data security risk. Laminar connects to your multi-cloud environment including AWS, Azure, GCP, Snowflake, BigQuery and SaaS applications via APIs and is agentless, asynchronous, and completely autonomous.

Read More

Enterprise Security, Platform Security, Software Security

Contrast Security Releases Assess Feature for LLMs to Protect Against AI Security Threats

PR Newswire | August 07, 2023

Contrast Security (Contrast), the code security platform built for developers and trusted by security, today announced it will extend its market-leading application security testing (AST) platform to support testing of Large Language Models (LLMs) from OpenAI. In this first release, Contrast rules help teams that are developing software using the OpenAI application programming interface (API) set to identify and mitigate weaknesses that could expose an organization to prompt injection vulnerabilities: i.e., attacks involving injection of a prompt that deceives the application into executing unauthorized code. Prompt injection was identified as the top risk for LLM applications by the just-released OWASP 10 Top for Large Language Model Applications project. Contrast has continued to support OWASP's mission to improve Application Security (AppSec): In fact, Contrast's Chief Product Officer Steve Wilson led the 400-person volunteer team that created the OWASP Top 10 for LLMs. "As project lead for the new OWASP Top 10 for LLMs, I can say our group looked deeply at many attack vectors against LLMs. Prompt Injection repeatedly rose to the top of the list in our expert group voting for the most important vulnerability," said Wilson. "Contrast is the first security solution to respond to this new industry standard list by delivering this capability. Organizations can now identify susceptible data flows to their LLMs, providing security with the visibility needed to identify risks and prevent unintended exposure." According to the OWASP Top 10 for LLMs, a prompt injection vulnerability allows an attacker to craft inputs that can manipulate the operation of a trusted LLM. This results in the LLM acting as a "confused deputy" on behalf of the attacker. Given the high degree of trust usually associated with an LLM's output, the manipulated responses may go unnoticed and may even be trusted by the user, allowing the attack to potentially poison search results, deliver incorrect or malicious responses, produce malicious code, circumvent content filters, or to leak sensitive data. Prompt injections can be introduced via various avenues, including websites, emails, documents or any other data source that an LLM might rely on. Contrast is ideal for identifying all types of injection accurately, including this new form of AI prompt injection. Contrast uses runtime security to monitor actual application behavior and detect vulnerabilities, rather than scanning source code or simulating attacks. This approach is fast, easy and highly accurate, ensuring that developers are instantly notified of issues and provided all the information they need to correct problems. User input sent through OpenAI's official Python API to an LLM in a Python agent-instrumented application triggers the prompt injection rule. About Contrast Security Contrast is a world-leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete Software Development Life Cycle (SDLC) with Contrast to protect against today's targeted AppSec attacks. Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today's pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of Common Vulnerabilities and Exposures (CVEs). This allows security teams to avoid spending time focusing on false positives, leaving them more time to remediate true vulnerabilities faster. Contrast's platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance. Contrast protects against major cybersecurity attacks for its customer base, which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, Sompo Japan and the American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM, GuidePoint Security, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers. The growing demand for the world's only platform for code security has landed the company on some of the most prestigious lists, including the Inc. 5000 List of America's Fastest-Growing Companies and the Deloitte Technology Fast 500 List of fastest-growing companies.

Read More

Data Security, Software Security, Cloud Security

Lookout Introduces Gen AI Assistant ‘Lookout SAIL’ to Transform Cybersecurity Operations

Business Wire | August 11, 2023

Lookout, Inc., the endpoint-to-cloud security company, today announced the launch of Lookout SAIL, the Company’s new generative artificial intelligence (gen AI) assistant that will reshape the way cybersecurity professionals interact with Lookout Mobile Endpoint Security and Lookout Cloud Security solutions and conduct cybersecurity analysis and data protection. In the rapidly evolving landscape of cybersecurity, companies are engaged in an ongoing battle against cyber criminals who are constantly innovating new tactics. As cyber threats become increasingly sophisticated, every organization faces challenges such as a growing skills gap and resource constraints that hinder the operational efficiency of cyber defenders. Lookout SAIL’s functionalities focus on security education, platform navigation and security telemetry analysis. This gen AI assistant serves as a valuable companion, offering insights and assistance to users, ultimately streamlining tasks such as administration, policy creation, incident response and threat hunting. Lookout SAIL allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. Through its integration into Lookout's existing user experience, Lookout SAIL also enhances workflow and accelerates user interactions, leading to increased productivity and effectiveness. Lookout SAIL capabilities include: Platform navigation and operational efficiency: Speeds up onboarding to the Lookout platform, guiding new users through relevant platform features and answering onboarding questions within the chat feature. Users can easily “sail” around the platform to obtain answers, visualize results, and perform desired actions. Example: “Help me add a new admin to the system.” Security status: Allows users to ask questions about specific tenants and investigate their organization’s security posture. Example: “Find high and medium-risk iOS devices that have anti-phishing features enabled.” Security education: Equips users with up-to-date industry knowledge on basic and emerging topics. Example: “What is the difference between Secure DNS and On-Device VPN?” “Lookout SAIL is a force multiplier for cyber defenders. It allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. It’s the start of a journey that fundamentally transforms how people interact with systems and information, touching everything from onboarding to training, as well as cybersecurity tasks like administration, policy creation, incident response, and threat hunting,” said Aaron Cockerill, Chief Strategy Officer, Lookout. “Think of Lookout SAIL as a helpful companion, providing useful information to the user and taking them directly where they need to be, even performing actions for the user on demand.” Lookout has a storied history with AI and machine learning. Since its founding 15 years ago, Lookout has treated mobile cybersecurity and anti-phishing as a Big Data problem — and one that requires machine learning to solve. The Company also applied the same strategy to security against insider threats and account takeovers, pioneering the use of machine learning to monitor user behavior to prevent data leakage and exfiltration. The Company now has the world’s largest mobile security dataset. Lookout platform analyzes telemetry from 215 million Android and iOS devices, 269 million apps from app stores worldwide and hundreds of millions of web destinations to uncover hundreds of phishing sites every day. This enables Lookout customers the ability to detect and respond to security threats in real-time on mobile endpoints and in the cloud. About Lookout Lookout, Inc. is the endpoint-to-cloud security company purpose-built for the intersection of enterprise and personal data. We safeguard data across devices, apps, networks and clouds through our unified, cloud-native security platform — a solution that's as fluid and flexible as the modern digital world. By giving organizations and individuals greater control over their data, we enable them to unleash its value and thrive. Lookout is trusted by enterprises of all sizes, government agencies and millions of consumers to protect sensitive data, enabling them to live, work and connect — freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter.

Read More

Data Security, Platform Security, Software Security

Laminar Adds SaaS and Deepens Data Warehouse Support for its Data Security Platform

Businesswire | July 20, 2023

Laminar, the leading agile data security platform provider, today announced it has added Microsoft SharePoint Online and Google BigQuery to its existing support for Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, and Snowflake. The additions make the Laminar Data Security Platform the first and only cloud-native data security solution to support all major cloud service providers (CSPs), leading data warehouses, and common software-as-a-service (SaaS) applications used by today’s top enterprises. The cloud’s limitless potential is rooted in the data that an organization has, and what they do with it. To power innovation, 94% of enterprises use cloud services and applications. Microsoft SharePoint is the third most popular enterprise application, with 65% of its users adopting the cloud version, SharePoint Online. Employees routinely collaborate on shared content, and developers work with it as well to automate business processes, track progress, and share information across departments or with partners. Similarly, Google BigQuery is one of the top three data warehouse solutions. It is a powerful analytics platform that excels at processing and analyzing massive volumes of data quickly and efficiently. With its scalable architecture and advanced querying capabilities, BigQuery enables organizations to gain valuable insights from their data in real time, empowering data-driven decision-making and accelerating business growth. Both solutions enable developers, data scientists, and other innovators to be creative and extract the maximum value from their operational data. For instance, business intelligence staff may use these tools to analyze customer purchase patterns or sales trends, while data scientists may look out for hidden associations within the data to inform new strategies. Unfortunately, these same activities also open organizations up to significant risk by generating unknown or “shadow” data — a top concern for 93% of data security and governance professionals. Data security needs to be agnostic to the infrastructure in which data resides. Security posture must also travel with the data, as it moves through the cloud and the related data warehouses and applications. By adding support for Microsoft SharePoint Online and Google BigQuery, customers using the Laminar Data Security Platform can now discover, classify, and secure data in even more environments. Thus, data security and governance teams can see and secure their organizations’ data consistently across the entire digital landscape. "Data security is different, and more challenging in the cloud. Shadow data is everywhere and data security pros want to know where their sensitive data is, how it is accessed, used, and protected. Whether its structured, unstructured, managed, in SaaS, data warehouse, or embedded database” said Amit Shaked, CEO and Co-Founder, Laminar. “They are not experts in SaaS/PaaS/IaaS and certainly not individual data storage services. They want visibility into all their cloud data from a single source. Our continued support for the diversity of cloud environments, including now SaaS, means customers can have a unified, consistent approach to data security.” The news continues Laminar’s ongoing product innovation, following the announcement of support for GCP and Snowflake, as well as data detection and response (DDR) and data access governance (DAG) capabilities. About Laminar Laminar is the leading agile data security platform and provides organizations with the visibility and control they need to achieve data security, governance, and privacy in the cloud. Our cloud-native data security solution continuously discovers and classifies all cloud data, structured and unstructured, across managed and self-hosted data stores, including unknown shadow data, without the data ever leaving your environment. It analyzes access, usage patterns, and security posture, and provides actionable, guided remediation for data security risk. Laminar connects to your multi-cloud environment including AWS, Azure, GCP, Snowflake, BigQuery and SaaS applications via APIs and is agentless, asynchronous, and completely autonomous.

Read More

Enterprise Security, Platform Security, Software Security

Contrast Security Releases Assess Feature for LLMs to Protect Against AI Security Threats

PR Newswire | August 07, 2023

Contrast Security (Contrast), the code security platform built for developers and trusted by security, today announced it will extend its market-leading application security testing (AST) platform to support testing of Large Language Models (LLMs) from OpenAI. In this first release, Contrast rules help teams that are developing software using the OpenAI application programming interface (API) set to identify and mitigate weaknesses that could expose an organization to prompt injection vulnerabilities: i.e., attacks involving injection of a prompt that deceives the application into executing unauthorized code. Prompt injection was identified as the top risk for LLM applications by the just-released OWASP 10 Top for Large Language Model Applications project. Contrast has continued to support OWASP's mission to improve Application Security (AppSec): In fact, Contrast's Chief Product Officer Steve Wilson led the 400-person volunteer team that created the OWASP Top 10 for LLMs. "As project lead for the new OWASP Top 10 for LLMs, I can say our group looked deeply at many attack vectors against LLMs. Prompt Injection repeatedly rose to the top of the list in our expert group voting for the most important vulnerability," said Wilson. "Contrast is the first security solution to respond to this new industry standard list by delivering this capability. Organizations can now identify susceptible data flows to their LLMs, providing security with the visibility needed to identify risks and prevent unintended exposure." According to the OWASP Top 10 for LLMs, a prompt injection vulnerability allows an attacker to craft inputs that can manipulate the operation of a trusted LLM. This results in the LLM acting as a "confused deputy" on behalf of the attacker. Given the high degree of trust usually associated with an LLM's output, the manipulated responses may go unnoticed and may even be trusted by the user, allowing the attack to potentially poison search results, deliver incorrect or malicious responses, produce malicious code, circumvent content filters, or to leak sensitive data. Prompt injections can be introduced via various avenues, including websites, emails, documents or any other data source that an LLM might rely on. Contrast is ideal for identifying all types of injection accurately, including this new form of AI prompt injection. Contrast uses runtime security to monitor actual application behavior and detect vulnerabilities, rather than scanning source code or simulating attacks. This approach is fast, easy and highly accurate, ensuring that developers are instantly notified of issues and provided all the information they need to correct problems. User input sent through OpenAI's official Python API to an LLM in a Python agent-instrumented application triggers the prompt injection rule. About Contrast Security Contrast is a world-leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete Software Development Life Cycle (SDLC) with Contrast to protect against today's targeted AppSec attacks. Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today's pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of Common Vulnerabilities and Exposures (CVEs). This allows security teams to avoid spending time focusing on false positives, leaving them more time to remediate true vulnerabilities faster. Contrast's platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance. Contrast protects against major cybersecurity attacks for its customer base, which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, Sompo Japan and the American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM, GuidePoint Security, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers. The growing demand for the world's only platform for code security has landed the company on some of the most prestigious lists, including the Inc. 5000 List of America's Fastest-Growing Companies and the Deloitte Technology Fast 500 List of fastest-growing companies.

Read More

More featured news