Home > News > featured news > CyberArk Workforce Password Management to Provide Advanced Protection

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

CyberArk Workforce Password Management to Provide Advanced Protection

CyberArk | March 15, 2023 | Read time : 04:00 min

CyberArk Workforce Password Management to Provide Advanced Protection

On March 14, 2023, CyberArk, the world leader in Identity Security, announced advancements to Workforce Password Management. The cloud-based business password management solution from CyberArk allows businesses to capture, store, and manage password-based apps and other secrets in a secure manner. Added features offer administrators with increased flexibility and power to minimize risk and enhance security for web-based applications.

Workforce Password Management is developed for business environments and offers the privacy, availability and security organizations require, including support for current corporate directories and passwordless authentication controls, unlike personal password managers. Some of the new things are:

  • Application Access Controls Based on Usernames
  • Support for CAPTCHA-Enabled Web Apps
  • Enhanced Reporting for User-Added Applications

CyberArk Secure Web Sessions and Workforce Password Management can be used together to further fortify access to critical systems. With the newest release, Secure Web Sessions provides an additional layer of defense called Session Control. Session Control enables administrators to define notification and enforcement rules for specific text fields in business applications that are accessed with credentials stored in Workforce Password Management. For example, administrators can set up a rule to stop users from transferring more than pre-set threshold within their corporate banking applications and notify the IT security team of the attempt.

Gil Rapaport, General Manager, Access Management at CyberArk, said, “Traditional password managers typically lack controls and functionalities that enterprises need to secure end-user credentials, which are constantly targeted by attackers.” He added, “Password management must be dynamic to evolve with attacker innovation. We are continuously investing in new features and functionalities for Workforce Password Management to deliver greater usability, security and control for all users within an organization – from developers and business users to IT administrators.”

(Source – Business Wire)

About CyberArk

Founded in Newton, MA, CyberArk is the worldwide leader in identity security solutions. The company is the most comprehensive security solution for any identity, machine or human, across business apps, remote employees, hybrid cloud workloads, and the complete DevOps lifecycle, thanks to its emphasis on privileged access management. The world’s largest organizations entrust CyberArk to help secure their most vital assets.

Spotlight

How this Pharmaceuticals Company Consolidated Their Security Tools and Established Better Visibility into its Security Environment with Difenda

In 2018, a large manufacturing organization experienced a ransomware attack resulting in a material security breach. The incident highlighted the need for a comprehensive cybersecurity program with greater visibility. The challenge was to implement a solution that was easy to manage and cost-effective while ensuring their sensit

More featured news

Spotlight

How this Pharmaceuticals Company Consolidated Their Security Tools and Established Better Visibility into its Security Environment with Difenda

In 2018, a large manufacturing organization experienced a ransomware attack resulting in a material security breach. The incident highlighted the need for a comprehensive cybersecurity program with greater visibility. The challenge was to implement a solution that was easy to manage and cost-effective while ensuring their sensit

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BIgID Introduces Secrets Detection Capabilities to Mitigate Risk

BigID | March 17, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors. With BigID's native secrets detection capabilities, organizations can: Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment Detect secrets faster and more accurately using patented AI and ML-based data classification techniques Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure "Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

DirectDefense and Claroty Partner to Secure Customers’ Cyber-Physical Systems

Businesswire | April 13, 2023

DirectDefense, Inc., a leading information security services company, today announced its partnership with Claroty, the cyber-physical systems protection company. Claroty empowers organizations with unmatched visibility, protection, and threat detection to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. As digital transformation efforts have intensified over the last decade, a broad range of XIoT assets – including operational technology (OT), the Internet of Medical Things (IoMT), building management systems (BMS) and enterprise IoT – are now interconnected. While this drives innovation, resilience, sustainability and numerous other business benefits, the XIoT can also increase organizations’ attack surface area and risk exposure if not properly secured, and solutions intended solely for OT, IT, or any other specific use case are insufficient. Without holistic, comprehensive visibility and security, organizations may face costly downtime, as well as negative impacts on critical outcomes such as patient care and manufacturing process integrity. “By adding Claroty to our services offering, customers in the industrial, healthcare and commercial industries can better secure their XIoT environments,” said Jim Broome, President and CTO of DirectDefense. “Time and time again we hear the challenges these industries face with the proliferation of connected devices and the difficulty managing and securing them. The Claroty platform provides the required visibility and protection and with our 24x7 SOC managing those alerts in partnership with our Connected Systems team, customers will elevate their security posture and increase their cyber resiliency.” Claroty tackles the risks posed by the explosion of connectivity between the cyber and physical worlds with its flagship product, the Claroty Platform. This unified XIoT cybersecurity solution is tailored to the requirements of healthcare, industrial, and public sector environments, deployable via on-premise, hybrid, or cloud/SaaS options, and integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. “When it comes to securing cyber-physical systems, the number one priority is cyber and operational resilience,” said CJ Radford, Global Vice President of Channel & Alliances for Claroty. “With the strength of Claroty’s technology and the support of DirectDefense’s 24x7 managed services, customers are equipped to proactively secure assets and devices, quickly respond to and recover from incidents, and preserve operational continuity and safety within their XIoT environments.” About DirectDefense, Inc. DirectDefense provides enterprise risk assessments, penetration testing, ICS/SCADA security services, and 24/7 managed security services for companies of all sizes. Focused on building security resiliency, the firm offers comprehensive security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Its team of highly talented consultants has worked with the majority of the Fortune 100 companies, in industries such as power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and technology. More information can be found at www.directdefense.com. About Claroty Claroty empowers organizations to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. The company’s cyber-physical systems protection platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, network segmentation, threat detection, and secure remote access. Backed by the world’s largest investment firms and industrial automation vendors, Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America. To find out more about Claroty, visit claroty.com.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Appdome Launches Build-to-Test, New Automated Testing Option for Protected Mobile Apps

Prnewswire | May 24, 2023

Appdome, the mobile app economy's one and only Cyber Defense Automation platform, today announced Build-to-Test which enables mobile developers to streamline the testing of cybersecurity features in mobile apps. The new capability allows Appdome-protected mobile apps to recognize when automated mobile app testing suites are in use and securely completed without interruption by a vendor, logging all security events for the developer to track and monitor. The Build-to-Test service is part of Appdome's Dev2Cyber initiative and will accelerate the delivery of secure mobile apps globally. In continuous integration, continuous delivery (CI/CD) pipelines, mobile app quality assurance is done via automated testing services so the functionality of the mobile app can be validated across hundreds of real-world mobile devices and OS versions. However, automated testing services can also leverage methods and tools that violate cybersecurity policies or that cybersecurity professionals find problematic and dangerous such as emulators, virtualization, resigning, debugging, dual spaces, Magisk and more. Once protections are added to a mobile app, security features detect these methods and tools, and the resulting cyber defense may prevent testers from using parts of these testing services. The new Build-to-Test option on Appdome extends Appdome's support for automated mobile app testing services and allows Appdome-protected mobile applications to recognize the testing vendor and securely complete testing runs without interruption. "We've always supported automated testing," said Chris Roeckl, Chief Product Officer at Appdome. "Build-to-Test solves one of the last operational challenges of testing mobile applications at scale and maintains end-to-end security in the mobile DevSecOps pipeline." Appdome-protected mobile apps have always been testable on devices made available through automated mobile application testing vendors. Advantages of the new Build-to-Test feature include: Fully automated testing for Appdome-protected mobile apps; Fully automated mobile app testing services to validate cyber defenses in Appdome protected mobile apps; Reduced complexity when testing protected mobile apps in automated environments; Eliminate the need to test protected and unprotected builds separately; and Protect test builds with Appdome defenses to ensure improved DevSecOps compliance. "Mobile developers want to test complete Android and iOS builds that include cyber and anti-fraud defenses," said Jamie Bertasi, Chief Customer Officer at Appdome. "Our goal is to remove every ounce of friction that stands in the way of protecting the mobile app economy." Appdome's Built-to-Test option is available with Appdome-DEV and Appdome-SRM licenses and compatible with all major mobile app testing services including Microsoft App Center, Sauce Labs, BitBar, LambdaTest and BrowserStack to reduce time to market, improve app quality and increase pipeline efficiency. For more information on how to use Appdome Build-to-Test, please see this knowledge base article. About Appdome Appdome's mission is to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry's only mobile application Cyber Defense Automation platform, powered by a patented artificial-intelligence based coding engine, Threat-Events™ Threat-Aware UX/UI Control and ThreatScope™ Mobile XDR. Using Appdome, mobile brands eliminate complexity, save money, and deliver 300+ Certified Secure™ mobile app security, anti-malware, anti-fraud, mobile anti-bot, anti-cheat, MiTM attack prevention, code obfuscation and other protections in Android and iOS apps with ease, inside the mobile DevOps and CI/CD pipeline. Leading financial, healthcare, government and m-commerce brands use Appdome to protect Android and iOS apps, mobile customers and mobile businesses globally. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BIgID Introduces Secrets Detection Capabilities to Mitigate Risk

BigID | March 17, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors. With BigID's native secrets detection capabilities, organizations can: Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment Detect secrets faster and more accurately using patented AI and ML-based data classification techniques Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure "Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

DirectDefense and Claroty Partner to Secure Customers’ Cyber-Physical Systems

Businesswire | April 13, 2023

DirectDefense, Inc., a leading information security services company, today announced its partnership with Claroty, the cyber-physical systems protection company. Claroty empowers organizations with unmatched visibility, protection, and threat detection to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. As digital transformation efforts have intensified over the last decade, a broad range of XIoT assets – including operational technology (OT), the Internet of Medical Things (IoMT), building management systems (BMS) and enterprise IoT – are now interconnected. While this drives innovation, resilience, sustainability and numerous other business benefits, the XIoT can also increase organizations’ attack surface area and risk exposure if not properly secured, and solutions intended solely for OT, IT, or any other specific use case are insufficient. Without holistic, comprehensive visibility and security, organizations may face costly downtime, as well as negative impacts on critical outcomes such as patient care and manufacturing process integrity. “By adding Claroty to our services offering, customers in the industrial, healthcare and commercial industries can better secure their XIoT environments,” said Jim Broome, President and CTO of DirectDefense. “Time and time again we hear the challenges these industries face with the proliferation of connected devices and the difficulty managing and securing them. The Claroty platform provides the required visibility and protection and with our 24x7 SOC managing those alerts in partnership with our Connected Systems team, customers will elevate their security posture and increase their cyber resiliency.” Claroty tackles the risks posed by the explosion of connectivity between the cyber and physical worlds with its flagship product, the Claroty Platform. This unified XIoT cybersecurity solution is tailored to the requirements of healthcare, industrial, and public sector environments, deployable via on-premise, hybrid, or cloud/SaaS options, and integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. “When it comes to securing cyber-physical systems, the number one priority is cyber and operational resilience,” said CJ Radford, Global Vice President of Channel & Alliances for Claroty. “With the strength of Claroty’s technology and the support of DirectDefense’s 24x7 managed services, customers are equipped to proactively secure assets and devices, quickly respond to and recover from incidents, and preserve operational continuity and safety within their XIoT environments.” About DirectDefense, Inc. DirectDefense provides enterprise risk assessments, penetration testing, ICS/SCADA security services, and 24/7 managed security services for companies of all sizes. Focused on building security resiliency, the firm offers comprehensive security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Its team of highly talented consultants has worked with the majority of the Fortune 100 companies, in industries such as power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and technology. More information can be found at www.directdefense.com. About Claroty Claroty empowers organizations to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. The company’s cyber-physical systems protection platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, network segmentation, threat detection, and secure remote access. Backed by the world’s largest investment firms and industrial automation vendors, Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America. To find out more about Claroty, visit claroty.com.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Appdome Launches Build-to-Test, New Automated Testing Option for Protected Mobile Apps

Prnewswire | May 24, 2023

Appdome, the mobile app economy's one and only Cyber Defense Automation platform, today announced Build-to-Test which enables mobile developers to streamline the testing of cybersecurity features in mobile apps. The new capability allows Appdome-protected mobile apps to recognize when automated mobile app testing suites are in use and securely completed without interruption by a vendor, logging all security events for the developer to track and monitor. The Build-to-Test service is part of Appdome's Dev2Cyber initiative and will accelerate the delivery of secure mobile apps globally. In continuous integration, continuous delivery (CI/CD) pipelines, mobile app quality assurance is done via automated testing services so the functionality of the mobile app can be validated across hundreds of real-world mobile devices and OS versions. However, automated testing services can also leverage methods and tools that violate cybersecurity policies or that cybersecurity professionals find problematic and dangerous such as emulators, virtualization, resigning, debugging, dual spaces, Magisk and more. Once protections are added to a mobile app, security features detect these methods and tools, and the resulting cyber defense may prevent testers from using parts of these testing services. The new Build-to-Test option on Appdome extends Appdome's support for automated mobile app testing services and allows Appdome-protected mobile applications to recognize the testing vendor and securely complete testing runs without interruption. "We've always supported automated testing," said Chris Roeckl, Chief Product Officer at Appdome. "Build-to-Test solves one of the last operational challenges of testing mobile applications at scale and maintains end-to-end security in the mobile DevSecOps pipeline." Appdome-protected mobile apps have always been testable on devices made available through automated mobile application testing vendors. Advantages of the new Build-to-Test feature include: Fully automated testing for Appdome-protected mobile apps; Fully automated mobile app testing services to validate cyber defenses in Appdome protected mobile apps; Reduced complexity when testing protected mobile apps in automated environments; Eliminate the need to test protected and unprotected builds separately; and Protect test builds with Appdome defenses to ensure improved DevSecOps compliance. "Mobile developers want to test complete Android and iOS builds that include cyber and anti-fraud defenses," said Jamie Bertasi, Chief Customer Officer at Appdome. "Our goal is to remove every ounce of friction that stands in the way of protecting the mobile app economy." Appdome's Built-to-Test option is available with Appdome-DEV and Appdome-SRM licenses and compatible with all major mobile app testing services including Microsoft App Center, Sauce Labs, BitBar, LambdaTest and BrowserStack to reduce time to market, improve app quality and increase pipeline efficiency. For more information on how to use Appdome Build-to-Test, please see this knowledge base article. About Appdome Appdome's mission is to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry's only mobile application Cyber Defense Automation platform, powered by a patented artificial-intelligence based coding engine, Threat-Events™ Threat-Aware UX/UI Control and ThreatScope™ Mobile XDR. Using Appdome, mobile brands eliminate complexity, save money, and deliver 300+ Certified Secure™ mobile app security, anti-malware, anti-fraud, mobile anti-bot, anti-cheat, MiTM attack prevention, code obfuscation and other protections in Android and iOS apps with ease, inside the mobile DevOps and CI/CD pipeline. Leading financial, healthcare, government and m-commerce brands use Appdome to protect Android and iOS apps, mobile customers and mobile businesses globally. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.

Read More

More featured news