PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY
Prnewswire | May 09, 2023
Waratek, an industry leader making Java security achievable for every mission-critical application and API, today introduced API security to its Java Security Platform, giving customers the ability to scale strategic risk mitigation in the enterprise. This unique combination provides turnkey protection against bytecode and serialization vulnerabilities, classpath manipulation, and sandbox escapes that are unique to the Java Virtual Machine.
Additionally, Waratek released today its Log4J Vulnerability Scanner, giving users an in-depth view of any remaining issues in their IT systems. The scanner makes it simple to quickly scan all applications for Log4shell vulnerabilities, then sends out non-invasive payloads to a company's libraries, automatically building a table of remaining instances of Log4J and where to find them.
"In 2022, we were the first company that released a Log4j patch, even faster than Oracle. Today, researchers warn that the infamous Log4j vulnerability is still present in far too many systems worldwide, and that attackers will be successfully exploiting it for years. With 80 percent of Log4shell-impacted companies remaining vulnerable today, we recognized the immediate need to offer this security innovation to our customers," said Doug Ennis, CEO of Waratek.
Signature-based security approaches have worked well for non-complicated languages, but languages like Java that are compiled into bytecode require expert-level domain knowledge to secure due to the unique characteristics of the Java programming language and its execution environment. When API security is added to the mix, the issue is exasperated. Now companies can solve this problem by combining the domain expertise of a Java software engineer and the knowledge of a security engineer in one platform.
According to a recent survey, more than 60 percent of enterprise companies that use Java were affected by Log4j vulnerabilities, with 41 percent of those companies stating that between 51 and 75 percent of their apps were affected. Today, 81 percent of companies report still having problems as a result of Log4j, and 70 percent of companies surveyed still have not put a patch in place.
A long-term Waratek customer, one of the top five semiconductor businesses in the world, expressed Log4j vulnerability concerns and worried that hundreds of hours would be required to resolve the issues. Utilizing Waratek's Java Security Platform with API capabilities, 2,500 of the company's applications were fully remediated of Log4j vulnerabilities without code changes or application redeployments in under four hours.
"For Java applications and APIs our unprecedented Java Security Platform helps security teams fill the knowledge gap on Java and address its unique security nuances, such as Insecure Deserialization, accurately and instantly," said Ennis.
"Waratek's Java Security Platform has become the essential line item in our security budget," said a CISO at one of the top three largest global hotel chains. "We originally implemented it to fix insecure deserialization across our applications. Since then, it's scaled to 2,500 applications without introducing new headcount, because to date it's never generated a false-positive."
ABOUT WARATEK
Waratek is the industry pioneer making Java security achievable for every mission-critical application and API. Headquartered in Chicago, IL and Dublin, Ireland, Waratek's multiple-award winning solution is trusted by some of the world's most recognizable brands including IBM, Google, Amazon, Microsoft, and more. The company has been recognized and awarded for its innovation in security deployment by CRN, CDM, Gartner Group, RSA, FinTech Innovation Lab, Computer Technology Review, and Government Computer News. For more information visit www.waratek.com or connect with us on LinkedIn, Twitter, or YouTube.
Read More
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Prnewswire | March 30, 2023
Noname Security, the leading provider of complete API security solutions, today announced major enhancements to its market-leading API security platform to help organisations protect their API ecosystem, secure their applications, and increase cyber resilience. With the fastest, most flexible, and most comprehensive solution on the market, Noname Security continues to define API security.
Noname Enables Secure Growth with API Security Innovation
Today, APIs drive business, delivering value to customers, clients, patients, users, shareholders, and more. However, securing APIs – and all of the critical assets they connect – has become more difficult than ever as APIs attacks have increased exponentially. IBM Security X-Force reported that two-thirds of its analysed incidents were due to unsecure APIs.
"APIs are the connective tissue for the digital world, but the explosion in API use has created new and rapidly growing threats to organisations across the globe. We created the Noname API Security Platform to uniquely address the modern API ecosystem, with discovery, insight, protection, and testing capabilities," said Shay Levi, Co-Founder and CTO at Noname Security. "Doing so means not only securing APIs and their use, but also improving the speed at which our customers can expand their business."
The Noname API Security Platform Continues to Define API Security
Noname's latest major release delivers new capabilities across the entire platform – covering discovery, posture management, runtime protection, pre-production testing, and deployment – to help customers:
Discover More & Strengthen Security Posture
Noname Security's Discovery and Posture Management solutions locate and provide insight to every API in an organisation's ecosystem, uncovering vulnerabilities (including the most recent OWASP API Top Ten), protecting sensitive data, and proactively monitoring for changes, including in OpenAPI and other specifications. New capabilities enable customers to:
Gain complete visibility and detailed insights to protect APIs with customisable discovery, flexible tagging, and datatype assignments – including PII, PCI, PHI, and custom categories – for grouping APIs by application, business unit, and more.
Understand APIs in rich context with visualisations of business logic, physical network infrastructure, and API traffic to understand specific interactions and behaviour patterns.
Secure containerised applications with enhanced discovery and detection for Kubernetes (k8s).
Prioritise resources and eliminate blind spots with extensive infrastructure inventories for AWS and Azure, enabling organisations to find unprotected APIs, map the connections between APIs and infrastructure resources, pinpoint resources that could increase the attack surface, and resolve potential issues with full context.
Stop Attacks with Runtime Protection
Noname Security Runtime Protection detects and blocks API attacks with real-time traffic analysis, out-of-band monitoring, inline remediation options, and workflow integrations to increase SOC effectiveness. New capabilities enable customers to:
Identify business-logic-based attacks immediately with updates to the industry's most advanced anomaly detection engine using artificial intelligence & machine learning (AI/ML), including unsupervised online learning.
Reduce Mean-Time-To-Resolution (MTTR) with more context on issue records, including detailed remediation guidance and tools for deeper investigation.
Fully align with security operations center (SOC) processes with automation, custom workflows, and integrations with existing systems such as ITSM, SIEM, SOAR, and more.
Deliver Secure APIs Faster with Active Testing
Noname Security Active Testing is a purpose-built API security testing solution that helps organisations easily add security into the CI/CD pipeline without sacrificing speed. The newest version of Active Testing enables customers to:
Shift left with integrations into the entire software development lifecycle (SDLC). Teams get dynamic API visibility across multiple states and environments throughout the CI/CD process.
Leave no API untested with a unique ability to find and test every API based on an understanding of the application's business logic.
Empower developers with best-in-class usability such as simple setup & automation, in-line test results, and contextual guidance for request failure mitigation.
Continuously Adapt to Changing Environments
Noname Security offers the most flexible and comprehensive set of deployment and integration options available. New capabilities enable customers to:
Rapidly realise value with simplified step-by-step onboarding and in-app guidance.
Meet any deployment requirement with both agentless and agent-based options, including eBPF, and both out-of-band and inline protection options.
Easily manage complex deployments with automatic updates across cloud-hosted, self-hosted, hybrid, and distributed deployments.
Maintain data residency and reduce overhead with remote engines to aggregate traffic into a centralised console, allowing you to keep data within your control and reducing traffic.
Meet strict public-sector compliance requirements with a new hardened virtual appliance.
See the entire attack surface with additional integrations and improvements to Akamai, AWS ECS, Cloudflare, Oracle Cloud Infrastructure, Citrix, and other connectors.
Staying Ahead of Attackers
Built by the largest team of API security researchers and developers in the industry, the Noname API Security Platform helps organisations proactively find vulnerabilities, stop attacks, reduce the risk of costly incidents, and ensure business continuity.
"Improving security posture and shifting from reactive to proactive does more than reduce risk. It allows the entire enterprise to change its position in the market from follower to leader," said Oz Golan, CEO and Co-Founder of Noname Security.
About Noname Security
Noname Security is the only company taking a complete, proactive approach to API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Protection, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.
Read More
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Globenewswire | May 15, 2023
Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally announced today the expansion of its Check Point Harmony Endpoint protections solution by incorporating vulnerability and automated patch management capabilities. This enhancement addresses the mounting number of cyberattacks that exploit unpatched system vulnerabilities for unauthorized access. To deliver this advanced feature, Check Point has joined forces with Ivanti, integrating Ivanti Patch Management to assess and remediate software vulnerabilities from cloud to edge, into Check Point's Harmony Endpoint protection solution.
The National Vulnerability Database reported over 25,000 vulnerabilities in 2022, with this figure expected to rise. Furthermore, a recent Dark Reading report revealed that 57% of ransomware attacks capitalize on unpatched vulnerabilities, highlighting the necessity of addressing this issue to defend against such threats.
However, vulnerability patching is often a complex and time-consuming process. Many organizations lack insight into their environment's vulnerability status, and even when they do, patching takes an average of 97 days, according a report of the Ponemon Institute. This delay provides ample opportunities for attackers to exploit these weaknesses.
To tackle this challenge, Check Point is enhancing its endpoint security solution, Harmony Endpoint, with vulnerability assessment and automated patch management capabilities. This will equip Harmony Endpoint users with an intelligent, automated process that minimizes the attack surface and boosts operational efficiency by:
Automatically scanning organizational endpoints with minimal performance impact
Providing comprehensive visibility into the status of all devices, saving valuable time for IT and security teams
Auto-patching vulnerabilities and implementing security policies to ensure a secure and uninterrupted workflow.
"We are excited to enhance our endpoint security solution with vulnerability assessment and automated patch management capabilities," says Ofir Israel, VP of Threat Prevention at Check Point, "This added value complements Harmony Endpoint's existing offerings of Endpoint Protection Platform (EPP), Endpoint Detection and Response (EDR), and other advanced security features. Our customers now have the tools they need to swiftly identify and remediate vulnerabilities before they can be exploited, all from a unified platform."
“We are thrilled to partner with Check Point and collaborate to offer customers the highest level of endpoint protection,” said Michelle Hodges, Senior Vice President of Global Channels and Alliances at Ivanti. “We both understand that patch management is a critical component of any cybersecurity program and enhances the overall security posture for our customers by ensuring all systems are updated with the latest application updates, fixes, and patches. At Ivanti, we are committed to providing innovative solutions that empower our partners to strengthen their businesses and safeguard our customers.”
By delivering a comprehensive endpoint security solution, Check Point enables organizations to defend against a broad spectrum of cyber threats and stay ahead of the ever-evolving threat landscape.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to corporate enterprises and governments globally.
Check Point Infinity's portfolio of solutions protects enterprises and public organisations from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other threats. Infinity comprises three core pillars delivering uncompromised security and generation V threat prevention across enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and datacenters, all controlled by the industry’s most comprehensive, intuitive unified security management. Check Point protects over 100,000 organizations of all sizes.
About Ivanti
Ivanti elevates and secures Everywhere Work so that people and organizations can thrive. We make technology work for people, not the other way around. Today’s employees use a wide range of corporate and personal devices to access IT applications and data over multiple networks to stay productive, wherever and however they work. Ivanti is one of the only technology companies that finds, manages and protects each IT asset and endpoint in an organization. Over 40,000 customers, including 88 of the Fortune 100, have chosen Ivanti to help them deliver an excellent digital employee experience and improve IT and security team productivity and efficiency. At Ivanti, we strive to create an environment where all perspectives are heard, respected and valued and are committed to a more sustainable future for our customers, partners, employees and the planet. For more information, visit www.ivanti.com and follow @GoIvanti.
Read More