DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Businesswire | March 28, 2023
AdaCore, a trusted provider of software development and verification tools, today announced the launch of its new RecordFlux technology, designed to ease the development and security of binary communication protocols. The technology comprises a Domain Specific Language (DSL) to precisely describe complex binary data formats and communication protocols, and a toolset to verify specifications and generate provable SPARK code that can be executed on a target CPU.
Through RecordFlux, users can define and implement complex communication protocols and prove security properties, such as memory safety, at much less cost and effort than would be possible with a manual approach. The precision of the RecordFlux DSL ensures that the specifications are unambiguous, the high-level nature of the DSL makes the specifications easily understandable by domain experts, and the expressive power of the DSL can capture the most complex real-world protocols. And since the RecordFlux code generator produces source code in the formal methods-based SPARK language, users can obtain automated proofs of a wide range of security properties in the resulting software. The net effect is more secure and reliable code, at lower cost.
“Interaction between software components is governed by protocol and format specifications. Unfortunately, most specification documents are complex texts written in English which need to be translated to software implementations manually, leaving room for human error,” said Alex Senier, AdaCore’s RecordFlux Team Lead. “Logic errors and critical flaws are often poorly mitigated by the widespread use of unsafe programming languages, resulting in severe security vulnerabilities. With RecordFlux, we aim to provide a solution that saves time and money by automating provable code generation while ensuring the absence of low-level vulnerabilities like buffer overflows that attackers could exploit.”
About RecordFlux
RecordFlux is a toolset for creating high-assurance implementations of binary data formats and communication protocols. The technology includes a Domain Specific Language, a comprehensive toolset, and customized expert support. By using SPARK Pro, developers can take the SPARK code generated from RecordFlux specifications and automatically prove that the code is free of run-time errors and respects the original specification.
Code generated by RecordFlux is also compatible with GNAT Pro Assurance, AdaCore’s complete solution for projects with the most stringent requirements for reliability, long-term maintenance, or certification. The compiler-hardening options provided by GNAT Pro Assurance can be used to mitigate further attacks on network-facing protocol-handling code.
About AdaCore
Founded in 1994, AdaCore supplies software development and verification tools for mission-critical, safety-critical, and security-critical systems.
Over the years, customers have used AdaCore products to field and maintain a wide range of critical applications in domains such as commercial and military avionics, defense systems, automotive, railway, space, air traffic management/control, medical devices, and financial services.
Read More
PLATFORM SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS
Prnewswire | May 09, 2023
AnChain.AI, a leading Web3 digital asset security, and risk monitoring firm, today announced its integration with Stellar, the pioneering decentralized open-source blockchain network for cross-border payments and asset issuance. This integration paves the way for Stellar's thriving developer community to leverage AnChain.AI's AI-powered Web3 risk management and security solutions to enhance their security posture as they drive innovation.
As digital assets and cross-border payments continue to rise, the need for fraud prevention solutions has become increasingly apparent. AnChain.AI's CISO Investigation platform provides an additional layer of trust to institutions developing on Stellar. By utilizing AnChain.AI's Open Blockchain Ecosystem Intelligence (OpenBEI), Stellar developers can prioritize security and customer safety from the earliest phases of building.
"As the Web3 ecosystem continues to expand, it's becoming increasingly clear that security is not a luxury, but a necessity," said Dr. Victor Fang, CEO & Co-founder of AnChain.AI. "We are committed to providing cutting-edge security and risk monitoring solutions that enable Web3 platforms to operate with confidence. We're excited to build a more secure and sustainable Web3 future on Stellar."
AnChain.AI utilizes AI digital asset risk assessment and early detection of suspicious activity. AnChain.AI's technology solutions underpin the regulatory efforts of leading government agencies, financial institutions, and enterprises worldwide, including the United States Securities and Exchange Commission (SEC). Through this integration, AnChain.AI continues demonstrating its commitment to a more secure blockchain ecosystem, ensuring that all participants in the Stellar community can confidently engage.
"Having AnChain.AI integrate with Stellar is a breath of fresh air for the thriving community of Stellar projects," said Mark Heynen, Vice President of Partnerships at Stellar Development Foundation. "These types of solutions help equip developers and enterprises with the necessary tools to prioritize security and compliance from the get-go. This integration lays a sturdy foundation for Stellar ecosystem innovators to create more secure cross-border payment and asset issuance solutions."
This integration represents a significant step towards increasing community awareness of the risks associated with rapidly evolving Web3 technology, particularly as regulatory scrutiny in the digital asset space intensifies. By solidifying a shared commitment to sustainable and secure development, this integration lays the foundation for the next-generation Web3 innovation on the Stellar network.
Join the growing number of enterprises, financial institutions, government agencies, and users and developers who trust AnChain.AI for their Web3 and digital asset security needs. If you're a user or developer on Stellar looking to enhance your security and compliance posture, get started today.
About AnChain.AI
AnChain.AI (HQ in San Francisco) is an award-winning AI-powered cybersecurity company enhancing Web3 security, risk, and compliance strategies. AnChain.AI was founded in 2018 by cybersecurity and enterprise cloud veterans. Backed by both Silicon Valley and Wall Street VCs, and selected in the Berkeley Blockchain Xcelerator, we are trusted by 100+ customers from over 10+ countries in sectors: VASPs, financial institutions, and government, including the U.S. SEC (Securities and Exchange Commission). AnChain.AI Web3 Security Suite protects over $50 billion Web3 crypto assets. RSA Innovation Sandbox Finalist 2023. CNBC Top Startups Award 2022.
Read More
DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY
Businesswire | May 03, 2023
Veza, the authorization platform for data security, today announced Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations. With this solution, Veza secures the attack surface associated with SaaS apps while enabling continuous compliance with frameworks like Sarbanes-Oxley, ISO 27001, SOC 2, and GDPR.
Organizations today maintain an average of 125 different SaaS applications, costing $1,040 per employee annually, according to Gartner’s 2022 Market Guide for SaaS Management. As SaaS grows in popularity, security and identity teams are under pressure to manage security risks associated with the spread of data in these apps.
“SaaS applications are everywhere, holding sensitive data like customer lists, financials, and employee data. This is a new attack surface for the threat actors who misuse identity,” said Tarun Thakur, CEO and co-founder of Veza. “Conventional IAM techniques like authentication are not enough to secure access to data in SaaS apps. We are excited to introduce Veza for SaaS Apps to help our customers protect sensitive data against credential theft, malicious attacks and accidental exposure, putting SaaS access security within reach.”
The Veza solution includes integrations to 15 popular SaaS applications, including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. Because Veza uses an out-of-band approach to integrate with apps and systems, customers can integrate in less than a day, unlocking unprecedented visibility and control in just hours.
“Using Veza, we have been able to achieve end-to-end visibility over access permissions across our enterprise app stack, including Salesforce,” said Brian Miller, Director, Security Governance, Risk and Compliance at Achieve. “As our customer base continues to expand, Veza helps us maintain least privilege over sensitive financial customer data, giving us the confidence to adopt new apps at lightspeed.”
Capabilities of the Veza solution include:
Privileged Access Monitoring. Veza alerts security teams when there are new grants of privileged access and privilege drift in SaaS apps, such as new local admins in Salesforce. Veza monitors both human identities and machine identities like service accounts and third-party integrations.
User Access Reviews and Entitlement Certifications. Veza automates the identity governance and administration process of periodic access reviews, using workflow rules to route requests for certification and providing decision-makers with authorization context to choose the least-permissive role. Veza makes it possible to graduate from periodic batches to “continuous compliance.”
SaaS Misconfigurations. Veza monitors SaaS apps for administrative misconfigurations and policy violations with over 100 pre-built queries to monitor and detect common misconfigurations in permissions and access controls. For example, Veza alerts the security team when users have access to sensitive data but do not have MFA (multi-factor authentication) enabled.
SaaS applications contain sensitive data. Securing the access to this data in SaaS apps is complicated given the application-specific RBAC (role-based access control) that grants permissions to humans and services. Because security teams can’t see the reality of who can do what with data, SaaS apps are vulnerable to privilege sprawl and risky misconfigurations. The Veza Authorization Platform creates a comprehensive graph of identity-to-data by ingesting and organizing the authorization metadata (RBAC) from SaaS apps, cloud providers, data systems, and identity providers.
About Veza
Veza is the authorization platform for data security. Identity and security professionals use Veza to modernize access governance for the new data and SaaS apps landscape. By automating the work of finding and fixing excessive permissions on a continuous basis, Veza helps organizations achieve Least Privilege. Veza’s unique approach ingests metadata from any SaaS app or data system, organizes it as an authorization graph, and makes it searchable in real-time. Global enterprises like Blackstone, Wynn Resorts, and Expedia trust Veza to protect sensitive data and automate access reviews. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures. Visit us at veza.com and follow us on LinkedIn, Twitter, and YouTube.
Read More