Home > News > featured news > Contrast Security Achieves AWS DevSecOps Competency Status

PLATFORM SECURITY

Contrast Security Achieves AWS DevSecOps Competency Status

Contrast Security | May 13, 2022

Contrast Security
Contrast Security (Contrast), the leader in code security that empowers developers to secure-as-they code, announced today that it has achieved Amazon Web Services (AWS) DevOps Competency for development, security, and operations (DevSecOps) garnered by demonstrating technical proficiency and proven customer success specializing in DevSecOps. Contrast was selected as one of the official launch partners of the DevSecOps Competency by AWS, which is an extension of the DevOps category.

Achieving the AWS DevOps Competency for DevSecOps differentiates Contrast Security as an AWS Partner with deep domain expertise in delivering software products that integrate security across every stage of the development and delivery cycles, including pre-, during, and post-deployment. Contrast Security is part of a small group of innovative security technologies to achieve the AWS DevSecOps Competency in its inaugural year.

"We're honored to achieve AWS DevSecOps Competency status on top of the DevOps Competency status that we received last year. It is a true testament to our efforts in helping large enterprises ensure security and compliance across the entire lifecycle of their web applications and APIs running on AWS. We're looking forward to expanding our AWS capabilities so that organizations garner continuous visibility and centralized point-of-control for software risk through a single platform."

Surag Patel, Chief Strategy Officer at Contrast Security

By using instrumentation technology, Contrast Security is embedding self-assessment and self-protection capabilities directly into AWS applications during run-time. This enables DevSecOps teams to detect accurate code-level vulnerabilities (both custom code and open source libraries) in development and quality assurance (QA) environments, and monitor and block production applications from threats and attacks in real-time.

Envestnet | Yodlee, the leading data aggregation and data analytics platform, helps consumers live better financial lives through innovative products and services created for more than 1,400 financial institutions and financial technology (FinTech) companies. The company revolutionizes financial services with its intelligent APIs, innovative applications, and advanced analytics products. With the help of Contrast Security and AWS, the company was able to seamlessly integrate new applications and accelerate its time-to-market. The AWS offerings have helped Envestnet | Yodlee launch products to market quickly and effectively. By implementing Contrast as part of their DevSecOps initiatives, Envestnet | Yodlee further secured its financial software solutions and by adopting a DevSecOps methodology, security and development teams are jointly responsible for bolstering security by essentially bringing development and operations together.

"Envestnet | Yodlee requires an application security framework that is repeatable, scalable, and can find and remediate vulnerabilities by using the best software security solutions," said Saran Makam, Director of Application Security at Envestnet | Yodlee. "My team chose Contrast Security because their solution was well received by our development and security teams and because it works continuously and in real-time."

About Contrast Security
Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Spotlight

Fujitsu PRIMERGY Server Security Overview

During the last few years server security has become a key building block for end-to-end security. We see strongly increasing cyber-attacks on server infrastructure, which results in an intense need for server security. This whitepaper presents an overview of the security features which are available for PRIMERGY server.

More featured news

Spotlight

Fujitsu PRIMERGY Server Security Overview

During the last few years server security has become a key building block for end-to-end security. We see strongly increasing cyber-attacks on server infrastructure, which results in an intense need for server security. This whitepaper presents an overview of the security features which are available for PRIMERGY server.

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Dashlane Introduces Passwordless Login

Businesswire | May 08, 2023

Dashlane, the security-first password manager, today introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in that evolution. With Passwordless Login, users will be able to securely access their Dashlane account without having to create and remember a single password. As digital profiles have multiplied both professionally and personally, it’s become increasingly difficult to securely manage credentials. Gartner reported that as many as 20-50% of all helpdesk calls are related to password resets. Password managers have helped simplify this process, though users have still needed to create and remember a master password to access their vaults. By eliminating the master password, Dashlane will empower users to create new phishing-resistant, passwordless accounts that don’t suffer from the vulnerabilities of traditional passwords and multifactor authentication (MFA). Not only does this strengthen overall security posture, it removes user friction and provides a more accessible way for people to access their accounts and protect their personal information. “Our business has long been about helping users and organizations manage their passwords and logins. But the digital password was born in the 1960s and despite technological advancements, many people still use the same username and password format for most of their online lives,” said John Bennett, CEO at Dashlane. “While our business model has relied on users having one strong, unique master password, it’s still a password that can be weak, reused, phished, or breached. Unveiling today’s passwordless technology marks a significant milestone in our journey towards a future with no passwords.” By relying on the strength of local device security, which includes PINs and biometrics, Dashlane is able to securely authenticate and provide access to a user’s encrypted vault, which allows Dashlane to be resistant to phishing attacks. Additionally, Dashlane uses cryptographic keys generated with Elliptic-curve Diffie-Hellman (ECDH) to assist with securely exchanging secrets between devices, making setting up a new device fast and secure and regaining access simple. Dashlane is introducing a new mechanism to let users recover their data if they lose their device. This new Dashlane Account Recovery Key will also be made available to our existing users who still use a master password to log in to Dashlane. Dashlane’s Passwordless Login is a cross-platform solution that is agnostic to the state of a user’s hardware and software. The technology also enables: Faster device setup flow using a registered device The ability to set up device-specific PIN codes and biometrics (like fingerprint or facial recognition) to create an account on a mobile iOS or Android device The ability to regain access to an account with a recovery key, in the event of a total device loss Dashlane recently became a board-level member of the FIDO Alliance, doubling down on its commitment to work with industry partners to advance the passwordless future through the widespread adoption of passkeys and phishing-resistant authentication. New Dashlane users will be able to sign up for an account without a master password in the coming months on their mobile device, and the capability will be rolled out to existing customers later this year. For more information on Passwordless Login for Dashlane and to see a demo of how the experience will work, please visit Dashlane’s Passwordless hub. About Dashlane Dashlane is a password management solution that removes complexity by pairing comprehensive security with ease of use. We are closely attuned to the needs of our users, balancing simple tools with an uncompromising approach to security–a game changer for anyone, but especially for IT admins working to secure their organization. Our team in Paris, New York, and Lisbon is united by a strong sense of community and passion for improving the digital experience. Over 18 million users and 20,000 businesses globally use Dashlane for a faster, simpler, and more secure internet.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

Conceal Announces Strategic Partnership with White Rock Cybersecurity

Businesswire | May 23, 2023

Conceal, a global leader in Zero Trust browser isolation technology, has announced a new strategic partnership with White Rock Cybersecurity, an industry-recognized Value Added Reseller specializing in comprehensive IT and network security solutions. "White Rock Cybersecurity is committed to delivering innovative, scalable, and manageable solutions in information technology," said James Range, CEO of White Rock Cybersecurity. "With the inclusion of Conceal's Zero Trust isolation technology in our offerings, we are significantly boosting the defense capabilities of our customers against both existing and emerging cyber threats at the edge." ConcealBrowse, Conceal's flagship product, is a lightweight browser extension that turns any existing browser into a Zero Trust, secure browser. By monitoring and detecting new and potentially malicious URLs, ConcealBrowse can accurately determine if the activity at the edge is safe to continue via the organization's network. This layer of protection effectively blocks potentially malicious activity, minimizing the success of credential theft and ransomware that bypass other cybersecurity controls. In cases where the safety of a URL cannot be immediately determined, ConcealBrowse isolates the session, protecting the user's identity and the organization's network from potential threats. "White Rock Cybersecurity has a proven track record of delivering top-tier IT and cybersecurity solutions to their customers," said Gordon Lawson, CEO of Conceal. "We are excited to work closely with them to enhance their capabilities further and ensure their clients benefit from our innovative Zero Trust isolation technology." The partnership presents a tremendous opportunity for the security partner community. With ConcealBrowse, partners can now provide their customers with a comprehensive malware protection solution for any browser, enhancing the overall cyber resilience of organizations and protecting their digital assets at the edge. About Conceal Conceal enables organizations of all sizes globally to protect users from credential theft, malware, and ransomware at the edge. The ConcealBrowse Platform uses Zero Trust isolation technology to defend against sophisticated cyber threats, ensuring users and IT operations remain secure and isolated from attacks. For more information, visit https://conceal.io/.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tenable Delivers Cloud Security Posture Management for Multi-cloud and Hybrid Environments

GlobeNewswire | March 23, 2023

Tenable®, the Exposure Management company, today announced significant advancements to Tenable Cloud Security, a unified and scalable Cloud Security Posture Management (CSPM) and vulnerability management solution delivered on the Tenable One exposure management platform, and expanded availability of Tenable Agentless Assessment for Microsoft Azure. Hybrid and multi-cloud strategies enable organizations to satisfy unique business requirements and accelerate innovation. But managing highly complex and distributed cloud environments – each with its own security tools, processes and specialized skill requirements – is neither easy nor straightforward. As a result, security issues such as simple misconfigurations and excessive privileges – the root cause of the majority of cloud breaches – can go unseen. Tenable Cloud Security enables organizations to achieve consistent cloud security and compliance by bringing all cloud vulnerabilities, misconfigurations and drift across multi-cloud and cloud-native environments to the forefront, providing organizations with a unified cloud security solution that simplifies and scales cloud security posture management. Tenable Cloud Security’s built-in best practices consistently enforce security posture and compliance across environments, detecting and preventing risky configurations from ever reaching cloud runtimes. When deployed as part of Tenable One, customers gain advanced vulnerability prioritization capabilities and automated remediation workflows, enabling security and DevOps teams to prioritize remediation efforts where they can have the biggest impact on security and compliance posture. “Cloud environments are in a constant state of change, meaning that security, compliance and governance is a ‘never-done’ job,” said Nico Popp, chief product officer, Tenable. “With more than half of data breaches occurring in the cloud, organizations are racing against the clock and cannot afford for weak code to go into runtime. To effectively scale security at the speed and scale of the cloud, the pendulum must swing from reactive threat detection and response to exposure management and preventive cloud security posture management.” Additional new and enhanced CSPM features include: Continuous Discovery and Assessment - Improved cloud account onboarding enables organizations to continuously discover and assess both managed and unmanaged cloud accounts, limiting blind spots and minimizing risks. Most Comprehensive Policy Portal, Views and Content - New policy portal makes it easy to view and customize over 1,500 out-of-the-box policies spanning 20 industry benchmarks and regulations. Enriched by the expertise and speed of Tenable Research, including the industry’s most comprehensive library of 71,000 known vulnerabilities, Tenable Cloud Security has 2.6 times more cloud Center for Internet Security (CIS) certifications than any other cloud security vendor. Organizations can visualize misconfiguration details, impacted resources and all the context needed to quickly remediate issues. With the new low code policy group editor, organizations can create custom policy groups enabling security teams to build custom policy groups leveraging existing policies. Automated Cloud-to-Cloud Drift Detection - New drift detection enables organizations to maintain compliance by detecting configuration drift in runtime and between Infrastructure-as-Code (IaC), automating pull requests including corrected code or step-by-step instructions to the right owner, or applying remediation code automatically to significantly reduce mean-time-to-remediation. Enhanced Reporting and Collaboration: Enhanced reporting capabilities enable security teams to accurately report on key metrics to executive leadership while increasing cross functional collaboration between security operations and compliance teams. Report and share security posture findings by role, function or by industry benchmarks and regulatory frameworks – such as CIS, SOC 2 and 20+ others. About Tenable Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Dashlane Introduces Passwordless Login

Businesswire | May 08, 2023

Dashlane, the security-first password manager, today introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in that evolution. With Passwordless Login, users will be able to securely access their Dashlane account without having to create and remember a single password. As digital profiles have multiplied both professionally and personally, it’s become increasingly difficult to securely manage credentials. Gartner reported that as many as 20-50% of all helpdesk calls are related to password resets. Password managers have helped simplify this process, though users have still needed to create and remember a master password to access their vaults. By eliminating the master password, Dashlane will empower users to create new phishing-resistant, passwordless accounts that don’t suffer from the vulnerabilities of traditional passwords and multifactor authentication (MFA). Not only does this strengthen overall security posture, it removes user friction and provides a more accessible way for people to access their accounts and protect their personal information. “Our business has long been about helping users and organizations manage their passwords and logins. But the digital password was born in the 1960s and despite technological advancements, many people still use the same username and password format for most of their online lives,” said John Bennett, CEO at Dashlane. “While our business model has relied on users having one strong, unique master password, it’s still a password that can be weak, reused, phished, or breached. Unveiling today’s passwordless technology marks a significant milestone in our journey towards a future with no passwords.” By relying on the strength of local device security, which includes PINs and biometrics, Dashlane is able to securely authenticate and provide access to a user’s encrypted vault, which allows Dashlane to be resistant to phishing attacks. Additionally, Dashlane uses cryptographic keys generated with Elliptic-curve Diffie-Hellman (ECDH) to assist with securely exchanging secrets between devices, making setting up a new device fast and secure and regaining access simple. Dashlane is introducing a new mechanism to let users recover their data if they lose their device. This new Dashlane Account Recovery Key will also be made available to our existing users who still use a master password to log in to Dashlane. Dashlane’s Passwordless Login is a cross-platform solution that is agnostic to the state of a user’s hardware and software. The technology also enables: Faster device setup flow using a registered device The ability to set up device-specific PIN codes and biometrics (like fingerprint or facial recognition) to create an account on a mobile iOS or Android device The ability to regain access to an account with a recovery key, in the event of a total device loss Dashlane recently became a board-level member of the FIDO Alliance, doubling down on its commitment to work with industry partners to advance the passwordless future through the widespread adoption of passkeys and phishing-resistant authentication. New Dashlane users will be able to sign up for an account without a master password in the coming months on their mobile device, and the capability will be rolled out to existing customers later this year. For more information on Passwordless Login for Dashlane and to see a demo of how the experience will work, please visit Dashlane’s Passwordless hub. About Dashlane Dashlane is a password management solution that removes complexity by pairing comprehensive security with ease of use. We are closely attuned to the needs of our users, balancing simple tools with an uncompromising approach to security–a game changer for anyone, but especially for IT admins working to secure their organization. Our team in Paris, New York, and Lisbon is united by a strong sense of community and passion for improving the digital experience. Over 18 million users and 20,000 businesses globally use Dashlane for a faster, simpler, and more secure internet.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

Conceal Announces Strategic Partnership with White Rock Cybersecurity

Businesswire | May 23, 2023

Conceal, a global leader in Zero Trust browser isolation technology, has announced a new strategic partnership with White Rock Cybersecurity, an industry-recognized Value Added Reseller specializing in comprehensive IT and network security solutions. "White Rock Cybersecurity is committed to delivering innovative, scalable, and manageable solutions in information technology," said James Range, CEO of White Rock Cybersecurity. "With the inclusion of Conceal's Zero Trust isolation technology in our offerings, we are significantly boosting the defense capabilities of our customers against both existing and emerging cyber threats at the edge." ConcealBrowse, Conceal's flagship product, is a lightweight browser extension that turns any existing browser into a Zero Trust, secure browser. By monitoring and detecting new and potentially malicious URLs, ConcealBrowse can accurately determine if the activity at the edge is safe to continue via the organization's network. This layer of protection effectively blocks potentially malicious activity, minimizing the success of credential theft and ransomware that bypass other cybersecurity controls. In cases where the safety of a URL cannot be immediately determined, ConcealBrowse isolates the session, protecting the user's identity and the organization's network from potential threats. "White Rock Cybersecurity has a proven track record of delivering top-tier IT and cybersecurity solutions to their customers," said Gordon Lawson, CEO of Conceal. "We are excited to work closely with them to enhance their capabilities further and ensure their clients benefit from our innovative Zero Trust isolation technology." The partnership presents a tremendous opportunity for the security partner community. With ConcealBrowse, partners can now provide their customers with a comprehensive malware protection solution for any browser, enhancing the overall cyber resilience of organizations and protecting their digital assets at the edge. About Conceal Conceal enables organizations of all sizes globally to protect users from credential theft, malware, and ransomware at the edge. The ConcealBrowse Platform uses Zero Trust isolation technology to defend against sophisticated cyber threats, ensuring users and IT operations remain secure and isolated from attacks. For more information, visit https://conceal.io/.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tenable Delivers Cloud Security Posture Management for Multi-cloud and Hybrid Environments

GlobeNewswire | March 23, 2023

Tenable®, the Exposure Management company, today announced significant advancements to Tenable Cloud Security, a unified and scalable Cloud Security Posture Management (CSPM) and vulnerability management solution delivered on the Tenable One exposure management platform, and expanded availability of Tenable Agentless Assessment for Microsoft Azure. Hybrid and multi-cloud strategies enable organizations to satisfy unique business requirements and accelerate innovation. But managing highly complex and distributed cloud environments – each with its own security tools, processes and specialized skill requirements – is neither easy nor straightforward. As a result, security issues such as simple misconfigurations and excessive privileges – the root cause of the majority of cloud breaches – can go unseen. Tenable Cloud Security enables organizations to achieve consistent cloud security and compliance by bringing all cloud vulnerabilities, misconfigurations and drift across multi-cloud and cloud-native environments to the forefront, providing organizations with a unified cloud security solution that simplifies and scales cloud security posture management. Tenable Cloud Security’s built-in best practices consistently enforce security posture and compliance across environments, detecting and preventing risky configurations from ever reaching cloud runtimes. When deployed as part of Tenable One, customers gain advanced vulnerability prioritization capabilities and automated remediation workflows, enabling security and DevOps teams to prioritize remediation efforts where they can have the biggest impact on security and compliance posture. “Cloud environments are in a constant state of change, meaning that security, compliance and governance is a ‘never-done’ job,” said Nico Popp, chief product officer, Tenable. “With more than half of data breaches occurring in the cloud, organizations are racing against the clock and cannot afford for weak code to go into runtime. To effectively scale security at the speed and scale of the cloud, the pendulum must swing from reactive threat detection and response to exposure management and preventive cloud security posture management.” Additional new and enhanced CSPM features include: Continuous Discovery and Assessment - Improved cloud account onboarding enables organizations to continuously discover and assess both managed and unmanaged cloud accounts, limiting blind spots and minimizing risks. Most Comprehensive Policy Portal, Views and Content - New policy portal makes it easy to view and customize over 1,500 out-of-the-box policies spanning 20 industry benchmarks and regulations. Enriched by the expertise and speed of Tenable Research, including the industry’s most comprehensive library of 71,000 known vulnerabilities, Tenable Cloud Security has 2.6 times more cloud Center for Internet Security (CIS) certifications than any other cloud security vendor. Organizations can visualize misconfiguration details, impacted resources and all the context needed to quickly remediate issues. With the new low code policy group editor, organizations can create custom policy groups enabling security teams to build custom policy groups leveraging existing policies. Automated Cloud-to-Cloud Drift Detection - New drift detection enables organizations to maintain compliance by detecting configuration drift in runtime and between Infrastructure-as-Code (IaC), automating pull requests including corrected code or step-by-step instructions to the right owner, or applying remediation code automatically to significantly reduce mean-time-to-remediation. Enhanced Reporting and Collaboration: Enhanced reporting capabilities enable security teams to accurately report on key metrics to executive leadership while increasing cross functional collaboration between security operations and compliance teams. Report and share security posture findings by role, function or by industry benchmarks and regulatory frameworks – such as CIS, SOC 2 and 20+ others. About Tenable Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies.

Read More

More featured news