Platform Security, Software Security, Cloud Security
Businesswire | July 26, 2023
Lookout, Inc., the endpoint-to-cloud security company, today announced new Windows and macOS endpoint agents for its Zero Trust Network Access (ZTNA) solution, Lookout Secure Private Access, that facilitate the full replacement of overextended virtual private networks (VPNs) with cloud-delivered security. Businesses can now fully realize the benefits of a zero trust architecture while dramatically simplifying network design. According to Gartner, at least 70% of new remote access deployments will be served mainly by ZTNA instead of VPN services by 2025 – up from less than 10% at the end of 2021.1
Early ZTNA products offer only limited traffic forwarding capabilities. Legacy VPN solutions, on the other hand, support an expansive set of protocols and complex use cases, making full VPN replacement impractical in many enterprise environments. IT security teams are often forced to run both ZTNA and VPN architectures simultaneously in support of certain legacy applications, such as VoIP phones. This constraint leads to a complex network design that's costly to operate and maintain.
Lookout's new endpoint agents for Windows and macOS facilitate the full transition to zero trust architecture with support for traffic steering at both the network and application levels. When deployed in conjunction with cloud-delivered Lookout Secure Private Access, IT security teams can now fully replace the myriad of use cases supported by legacy VPNs, taking full advantage of the benefits a Zero Trust Architecture offers.
The core principle behind Zero Trust is “never trust, always verify.” All users and devices are considered potential threats and must be continuously verified and restricted to only the resources needed to complete a required task. VPNs, on the other hand, take an all-or-nothing approach to connectivity by allowing users to authenticate only once and roam freely throughout the network thereafter. This full network-level access sets the stage for lateral attacks. If a bad actor, or malware, can make it past the VPN, they have full access to all applications and sensitive data on the corporate network.
Lookout Secure Private Access with Windows and macOS endpoint agents provide important security benefits, including:
Unparalleled visibility into private application traffic: IT security teams can better understand how their users interact with private applications, with visibility up and including actual data accessed.
Advanced Data security: The agent helps facilitate the use of advanced data security controls for private enterprise apps, including our data loss prevention (DLP) and enterprise digital rights management (EDRM).
Granular traffic steering to meet heterogeneous environments: The agent can be configured to steer traffic to specific destinations, based on user, device, and location. This helps to ensure only authorized users have access to sensitive data.
Enhanced user experience with multi-tunnel traffic steering: The agent steers traffic to one of Lookout's many cloud-edge locations distributed worldwide, providing the shortest path between the user and the enterprise.
Highly available redundant multi-path routing: The agent leverages our globally distributed Cloud Security Platform to offer end users a highly available security service edge (SSE) experience by leveraging advanced path selection and routing algorithms.
Consistent zero-trust enforcement with integrated endpoint security: The agent continuously monitors endpoint posture when integrated with endpoint protection platforms (EPPs), OS security centers and other endpoint security products.
“For more than two decades, VPNs have been the go-to technology for enterprise remote access. While their effectiveness has declined as applications have shifted to the cloud, the alternatives have been limited because of the myriad of complex use cases they support," said Sundaram Lakshmanan, Chief Technology Officer, Lookout. "Now, with the introduction of Windows and macOS endpoint agents on our Cloud Security Platform, Lookout facilitates full VPN replacement while filling inherent security gaps in these legacy architectures."
About Lookout
Lookout, Inc. is the endpoint-to-cloud cybersecurity company that delivers zero trust security by reducing risk and protecting data wherever it goes, without boundaries or limits. Our unified, cloud-native platform safeguards digital information across devices, apps, networks and clouds and is as fluid and flexible as the modern digital world. Lookout is trusted by enterprises and government agencies of all sizes to protect the sensitive data they care about most, enabling them to work and connect freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter.
Read More
Enterprise Identity, Security Audit and Compliance
PR Newswire | August 29, 2023
Malwarebytes, a global leader in real-time cyber protection, announced the acquisition of Cyrus, a disruptive innovator in online privacy solutions. This strategic acquisition reinforces Malwarebytes' commitment to privacy by giving users more control over their information, no matter where or how they choose to browse and interact online. The Cyrus team and technology will also help Malwarebytes strengthen its mobile privacy solutions.
"We firmly believe that data privacy is a human right. Hackers, trackers, location data, and even browsing history are information that individuals should control," said Marcin Kleczynski, co-founder and CEO of Malwarebytes. "The innovative technology Cyrus has built will allow us to better advise our customers on the intersection of privacy and security while also providing us the tools to safeguard their personal data and online privacy."
"By leveraging Cyrus' cutting-edge technology, we can provide an even more holistic, mobile-first, experience that provides context to when, why and how users may be at risk," said Mark Beare, the General Manager of Malwarebytes' Consumer Business Unit. "The acquisition underscores our mission to provide world-class cybersecurity and privacy solutions and is a logical continuum for our portfolio expansion from Premium Security to Privacy VPN and Browser Guard."
The Cyrus technology looks at security and privacy in a new way, exploring the kill chain for consumer threats – considering social media, dark web content and overall online presence to form a correlated view of threats specific to each individual, helping flag early indicators that something is awry.
"In an era where the digital landscape is increasingly dangerous for consumers, joining forces with Malwarebytes is a pivotal step toward realizing our mission and vision," said Oren Arar, CEO of Cyrus. "Through this powerful collaboration, we are uniquely positioned to protect millions of people across the world from cybercrime. Our combined strengths will empower individuals to navigate the digital realm with newfound confidence and security."
As part of the acquisition, all Cyrus employees joined Malwarebytes, ensuring a seamless transition for customers and continuous innovation in the areas of mobile and online privacy.
About Cyrus
Founded in 2020 by cybersecurity experts Oren Arar, Jonathan Livneh and Shahak Shalev, Cyrus emerges as a leader in shielding individuals and businesses from the increasing threats of cybercrime and fraud. The platform, crafted to provide an easy and seamless experience, interweaves cutting-edge technology with the battle-hardened insights of its founders. Cyrus stands not only as a guardian but as an ally, resolute in its mission to safeguard the digital journey of its customers. www.cyrus.app
About Malwarebytes
Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes' award-winning endpoint protection, privacy and threat prevention solutions along with a world-class team of threat researchers protect millions of individuals and thousands of businesses across the globe daily. Malwarebytes solutions are consistently recognized by independent tests including MITRE Engenuity, MRG Effitas, AVLAB and AV-TEST (consumer and business). Customers award Malwarebytes for being the most implementable and most usable endpoint protection product with the best results on G2 and Gartner Peer Insights. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.
Read More
Platform Security, Software Security, API Security
Businesswire | June 28, 2023
Cequence Security, the leader in API Protection, today announced new updates to the Unified API Protection (UAP) platform that strengthen customers’ ability to discover, manage risk and protect APIs. With the latest capabilities, organizations can rapidly deploy API Security Testing with built-in generative AI automation, protect users from online fraud and operationalize security findings with low-code/no-code workflows.
“We are always exploring ways to further automate and improve our UAP solution and help our customers consolidate the tools required to stay ahead of the threat actors,” said Ameya Talwalkar, founder and CEO. “The updates to our platform continue to set us apart from other point solution vendors in the API security space as we are providing our customers with the only integrated best-of-suite approach to discover, comply, test and protect their APIs.”
“Today, we are also excited to share we are the first API security vendor to take advantage of the game-changing Generative AI and no-code security automation within our UAP solution to better protect users from online fraud and simplify security findings,” continued Talwalkar.
Enhance API Security Testing with Generative AI
With the enormous potential of generative AI tools like ChatGPT and Google Bard, Cequence is one of the first cybersecurity companies and the first API Protection company to leverage its power to protect data and users from bad actors. Cequence has added several new capabilities to API Security Testing, including Test Plan generation using a new feature called Intelligent Mode that helps automate the generation of API Security Test Plans using plain English, extending the low-code/no-code approach to test case generation. Cequence UAP's Intelligent Mode automatically associates the appropriate APIs with the right test cases, given the functionality of that API. This not only drastically reduces the time needed to create a test plan to minutes, as compared to months with other solutions, it also ensures consistent experience across a customer's entire applications and environments.
Several other enhancements include detailed insights and remediation workflows into test failures. The test catalog now has test cases for the latest OWASP API Top 10 2023. Cequence also empowers InfoSec teams to run API tests outside of CI/CD pipelines, and instead, point attack test suites directly against staging or even production servers.
New Fraud Prevention Capabilities
To enable organizations to protect their APIs from online fraud, Cequence has introduced the Fraud Prevention module in API Spartan. The new module enables organizations to protect their end-customers from online fraud and instantly take action, including blocking transactions and generating enterprise-grade notifications to relevant teams.
Protecting applications and users against online fraud complements the existing capabilities of Cequence to detect and block business logic abuse, account takeover (ATO) attempts, common OWASP API Top 10 security risks and automated malicious traffic.
Operationalize API Protection with Low-Code/No-Code Security Automation
Cequence has introduced out-of-the-box integrations with over 300 third-party apps, including ServiceNow, PagerDuty, JIRA and Slack. Using off-the-shelf connections to these apps, security analysts can ensure security risks or threats are routed promptly to their business teams for remediation.
Security analysts can use a low-code/no-code approach within Cequence to implement the equivalent of an API Security Orchestration and Response (SOAR) workflow, wiring together multiple third-party connections to achieve their desired outcomes. Using this approach, analysts can operationalize workflows that promptly remediate critical API security risks, such as the discovery of shadow APIs that have access to sensitive data and new security risks of weak authentication or non-conformance to OpenAPI specifications in newly built pre-production CI/CD pipelines.
Enhanced Visibility of External Facing APIs with API Spyder
New enhancements to API Spyder enable customers to easily identify APIs that are externally accessible, but not entirely protected by Cloud Security Posture Management (CSPM) infrastructure. Additionally, this approach offers a seamless complement to API Sentinel's deep insights into runtime API inventory and compliance checking using the OWASP API Security Top 10 and other custom risk categories.
With the latest Unified API Protection platform updates, organizations can now protect their users from online fraud, operationalize security findings with low-code/no-code API SOAR-like workflows and rapidly deploy API Security Testing with built-in Generative AI automation. These capabilities continue to set Cequence apart from other point API security, bot management, anti-fraud and WAF vendors by having the industry’s first and only Unified API Protection platform that covers the entire API lifecycle. With UAP, customers can discover with API Spyder, comply with API Sentinel and protect with API Spartan.
About Cequence Security
Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory, compliance, dynamic testing with real-time detection and native mitigation to defend against fraud, business logic attacks, exploits and unintended data leakage. Cequence Security secures more than 6 billion API transactions a day and protects more than 2 billion user accounts across our Fortune 500 customers. Learn more at www.cequence.ai.
Read More