Home > News > featured news > DigitSec and UST Announce Partnership to Offer Continuous Application Security Testing for Salesforce DevSecOps

SOFTWARE SECURITY

DigitSec and UST Announce Partnership to Offer Continuous Application Security Testing for Salesforce DevSecOps

DigitSec and UST | August 27, 2021

DigitSec, provider of the most comprehensive AppSec testing platform purpose-built for Salesforce, and UST, a leading digital transformation solutions company, today announced a partnership to provide full-spectrum application security testing as part of a comprehensive Salesforce portfolio for enterprise customers.

UST will offer its clients the DigitSec SaaS Security Scanner™- S4 for Salesforce��� as part of its plan to deliver more secure and resilient solutions for testing and remediation.

DigitSec S4 is a continuous application security testing platform for Salesforce DevSecOps that integrates multiple security tools, empowering developers and administrators to accurately identify security issues faster and with far fewer false positives than traditional AppSec testing solutions. It offers an automated penetration testing solution combining static source code analysis (SAST), interactive runtime testing (IAST), software composition analysis (SCA), and cloud security configuration review for a truly comprehensive Salesforce security assessment.

Commenting on the partnership, Prasan Vyas, General Manager and Global Head of SFDC Practice, UST, said, "At UST, we are constantly improving our value proposition for our Global 2000 and Fortune 500 customers by leveraging our platform expertise and working together with best-of-breed partners to help build secure and robust solutions. For our Salesforce customers, DigitSec presents a digital-age tool to secure applications against potential security threats early on in the build process. The partnership underwrites UST's deep commitment to the Salesforce platform and helping our customers identify and remediate security risks in their Salesforce orgs."

"Given the mission-critical and sensitive nature of customer personally identifiable information (PII) and other data, it's critical that developers consider security first in their Salesforce projects. Our S4 platform provides a continuous and automated 360-degree view of potential threats and now is available to UST clients as they create and update their Salesforce applications," said DigitSec CEO Waqas Nazir.   

S4 for Salesforce can quickly and accurately identify thousands of potential security vulnerabilities with the lowest rate of false positives in the industry. The DigitSec platform also supports compliance framework requirements including GDPR, HIPAA, ISO-27001, SOX, PCI DSS, CCPA, and APPI.

About DigitSec
DigitSec provides the most comprehensive application security testing platform purpose-built for Salesforce, including automated penetration testing. Its patented SaaS Security Scanner, S4, quickly assesses Salesforce security posture, allowing developers to easily identify potential issues before deployment while supporting compliance requirements.

About UST
For more than 20 years, UST has worked side by side with the world's best companies to make a real impact through transformation.  Powered by technology, inspired by people, and led by our purpose, we partner with our clients from design to operation. Through our nimble approach, we identify their core challenges and craft disruptive solutions that bring their vision to life. With deep domain expertise and a future-proof philosophy, we embed innovation and agility into our clients' organizations—delivering measurable value and lasting change across industries and around the world. Together, with over 26,000 employees in 25 countries, we build for boundless impact—touching billions of lives in the process.

Spotlight

Business Value of VMware Horizon [EN]

As organizations consider their future of work and the technologies that will make them successful, understanding the value of their investments will be crucial. Download this whitepaper, IDC created in conjunction with VMware, to learn how organizations have realized a return on investment (ROI) by supporting their employees an

More featured news

Spotlight

Business Value of VMware Horizon [EN]

As organizations consider their future of work and the technologies that will make them successful, understanding the value of their investments will be crucial. Download this whitepaper, IDC created in conjunction with VMware, to learn how organizations have realized a return on investment (ROI) by supporting their employees an

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Noname Security Announces the Industry’s First Comprehensive, Hardened API Security Platform

Globenewswire | April 06, 2023

Noname Security, the leading provider of complete and proactive API security, today announced Noname Public Sector’s Hardened Virtual Appliance making the API security platform available to the U.S. Federal Government, highly regulated industry customers, and FedRAMP-authorized vendors. The appliance is the first of its kind in the comprehensive API security space and is designed to deliver a drop-in, secure, and scalable system for discovering, monitoring, and protecting mission-critical APIs and data. “Governments and highly regulated industries have unique security needs. Having worked closely with many Federal agencies during my career, I know how impactful it will be to provide this level of security and insight into APIs and provide options that make it easy to meet government standards,” said Dean Phillips, Executive Director of Public Sector Programs at Noname Security. “The government and regulated industries are not immune from cyber criminals, they are targeted as much if not more than most organizations. We’re excited to arm them with the tools they need to protect their assets.” Federal agencies can use the Noname API Security Platform to protect their APIs in real-time and detect vulnerabilities before they are exploited. Noname Security’s Hardened Virtual Appliance makes the API security platform available completely offline with no reliance on internet connectivity, perfect for isolated and controlled environments. It is a finely tuned package of advanced software and premium support built and secured to Federal Government specifications, enabling customers to comply with the most rigorous standards, including Federal Information Processing Standards (FIPS)1 and Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIGs)2. Noname collaborated with a FedRAMP 3PAO, The MindPoint Group, on the development of the Noname Hardened Virtual Appliance. Noname Security’s Hardened Virtual Appliance enables access to a powerful, complete, and easy-to-use API security platform that helps: Discover all APIs, data, and metadata - Unlike other API solutions that only look at traffic sources, Noname Security discovers more APIs by combining traffic sources with the configuration of infrastructure and applications. The end result: visibility into more APIs and deeper insights into customers’ API security posture. Analyze API behavior and detect all API threats - The Noname API Security Platform uses AI-based detection to identify the broadest set of API vulnerabilities, including data leakage, data tampering, misconfigurations, data policy violations, suspicious behavior, and cyber attacks. Prevent attacks and remediate API vulnerabilities - Noname Security allows federal customers to prevent attacks in real-time, fix misconfigurations, automatically update firewall rules, webhook into their WAFs and gateways to create new policies against suspicious behavior, and integrate with existing workflows (ticketing and SIEMs). Noname Public Sector LLC has made it easier to deploy, configure and manage the platform via the new Noshell(™) interface. The shell offers innovative features such as the ability to perform on-demand STIG audits of the internal system itself, while aiming to reduce the overall attack surface of the system. About Noname Security & Noname Public Sector LLC Noname Public Sector LLC empowers the world’s most critical organizations to protect their most important data. With decades of military and civilian public sector experience, Noname Public Sector combines a deep understanding of government agency requirements with leading expertise on their unique API security considerations. Government agencies using Noname’s complete, proactive API security solutions can securely harness their data to serve the public and stay ahead of adversaries. Noname Public Sector LLC is privately-held and based in Herndon, VA. Noname Security is the leading provider of complete, proactive API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Security, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Blackpoint Launches New Product Expanding Security Ecosystem

Prnewswire | May 26, 2023

Blackpoint Cyber, the elite technology-focused cybersecurity company providing its streamlined security suite via managed service providers (MSPs), announced today the launch of its newest product, Managed Application Control, continuing Blackpoint's investment in building out the most comprehensive MSP security ecosystem available. The new solution goes beyond traditional approaches to application control, simplifying security management and improving productivity for MSPs and the businesses they serve. Threat actors often evade endpoint protection systems by "living off the land," or misusing legitimate IT tools native to the target environment. Managed Application Control protects from these attacks with a uniquely curated, constantly updated block list of applications by Blackpoint's threat intelligence team. The approach stands in contrast to pure zero-trust or deny-all methods of application control, which produce operational bottlenecks. With Managed Application Control, organizations can still create custom rules and allow exceptions. But with Blackpoint's newest offering, IT administrators can reduce time spent on allowlists and endless verification requests. "Our team knows the attacker tradecraft, so introducing another layer of security to our already robust ecosystem through Managed Application Control, at no additional cost, just makes sense," said Jon Murchison, CEO and founder of Blackpoint Cyber. "Protecting our partners and their customers is our primary goal, and we are committed to providing MSPs with an easily accessible bundle of solutions. It comes down to providing our partners with the most value on the market, including this new product, so they can protect their customers and focus on their margins and operations. It's extra productivity with no extra cost." Blackpoint's team of top-tier experts and products focus on blocking risky and malicious applications. When an application is blocked, Blackpoint's security operations center (SOC) intervenes to investigate and stop any intrusion attempts, providing unparalleled protection and peace of mind for MSPs and their clients. "At Blackpoint, we have always focused on threat actor mentality so we can stop threats as early in the attack cycle as possible," said David Rushmer, director of Blackpoint Cyber's Adversary Pursuit Group. "With Managed Application Control, the ability to dynamically respond to potential intrusions across the threat landscape means improved protection for our customers." The offering is the latest addition to Blackpoint Response, a packaged bundle of integrated cybersecurity solutions that includes Managed Detection and Response (MDR), Managed Defender for Endpoint, Vulnerability Management, and Cloud Response for a unified defense against cyber threats. ABOUT BLACKPOINT CYBER Blackpoint Cyber offers a world-class, nation-state-grade cybersecurity ecosystem serving the MSP community. Using its own software and Security Operations Center (SOC), Blackpoint's true 24/7 Managed Detection & Response (MDR) service not only detects breaches earlier than any other solution on the market, but also provides an actual response rather than just an alert to keep MSPs and their clients' networks safe from widespread damage.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Aqua Security Launches Industry First Real-Time CSPM

Globenewswire | May 17, 2023

Aqua Security, the pioneer in cloud native security, today announced the launch of Real-Time CSPM, a next-gen cloud security posture management (CSPM) solution, offering the best visibility and context in the industry. Real-Time CSPM provides a complete view of multi-cloud security risk, pinpoints threats that evade agentless detection, and dramatically reduces noise so security practitioners can rapidly identify, prioritize, and remediate the most important cloud security risks, saving time and money. “Customers have told us that they are bogged down by too much noise from current CSPM offerings,” said Amir Jerbi, CTO and co-founder, Aqua Security. “They receive too many findings yet lack complete visibility and therefore the ability to properly prioritize. Simply put, they fix the wrong things and end up compromised. This is where Aqua comes in. We are introducing Real-Time CSPM so security practitioners can pinpoint the most significant cloud risks and remediate them quickly.” With Real-Time CSPM, teams have a complete view of cloud security risk and surface the most critical findings. This includes the ability to match correlated findings across multi-cloud environments, deduplicate findings and focus on identifying real cloud risks with smarter insights. Instead of wasting time on issues with low effective risk, customers can focus on what truly matters most and provide the context needed for resource owners to remediate quickly and secure their cloud applications. “One of the world’s largest telcos turned to Aqua to provide better visibility and context. They went from 120M risk findings to 50k and they saw a reduction in their attack surface by 99% in just months. If everything is a priority, then nothing is – that’s why they chose Aqua,” said Jerbi. Detailed context also allows teams to connect issues found in their cloud to their respective code repositories. With better prioritization and the ability to identify risk ownership, Real-Time CSPM then allows for rapid remediation of those most critical issues. Security professionals can focus their limited resources to manage, investigate and respond faster. Identify Attacks That Agentless Solutions Cannot See Point-in-time scanning opens the door for increased attacks. According to the IDC report, “The State of Cybersecurity Maturity in Vulnerability Management Among U.S. Organizations,” 74% of organizations scan less than 85% of their IT assets when they do scan, leaving an opportunity for many vulnerabilities to go undiscovered until an attacker makes use of them. By then it is too late. Aqua Real-Time CSPM eliminates that risk and delivers real-time visibility and risk prioritization in a single, unified platform for faster, more effective risk management. Unlike point-in-time scanning solutions, Aqua Real-Time CSPM provides a deeper layer of visibility for better context, leading to the ability to prioritize the most critical cloud security risks. “Other CSPM solutions give you a false sense of security. Whether you scan daily or monthly, you’re only seeing a portion of the risks with a point-in-time scan. And that’s not true security,” said Jerbi. Further data from Aqua Nautilus, Aqua’s cloud security research team, supports the need for real-time scanning. Nautilus uses an extensive honeypot network to detect and analyze over 80,000 attacks a month. Of those attacks, one in three do not leave a footprint and would be missed by point-in-time scanning solutions. Similarly, zero-day attacks are missed, whilst other standard operating procedures like ephemeral containers and transient attacks raise that number to 50%. Real-Time CSPM is part of the Aqua Cloud Security Platform, a cloud native application protection platform (CNAPP). The Aqua Platform is composed of a fully integrated set of security and compliance capabilities to discover, prioritize, and eliminate risk in minutes across the full software development life cycle. Aqua improves operational efficiency by connecting cloud to code and tracing runtime risks to the code and developer who can fix them. By connecting CSPM to runtime, it shields risks that cannot be immediately addressed with a code fix. For more information on Aqua’s Real-Time CSPM, visit the blog. About Aqua Security Aqua Security stops cloud native attacks and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Noname Security Announces the Industry’s First Comprehensive, Hardened API Security Platform

Globenewswire | April 06, 2023

Noname Security, the leading provider of complete and proactive API security, today announced Noname Public Sector’s Hardened Virtual Appliance making the API security platform available to the U.S. Federal Government, highly regulated industry customers, and FedRAMP-authorized vendors. The appliance is the first of its kind in the comprehensive API security space and is designed to deliver a drop-in, secure, and scalable system for discovering, monitoring, and protecting mission-critical APIs and data. “Governments and highly regulated industries have unique security needs. Having worked closely with many Federal agencies during my career, I know how impactful it will be to provide this level of security and insight into APIs and provide options that make it easy to meet government standards,” said Dean Phillips, Executive Director of Public Sector Programs at Noname Security. “The government and regulated industries are not immune from cyber criminals, they are targeted as much if not more than most organizations. We’re excited to arm them with the tools they need to protect their assets.” Federal agencies can use the Noname API Security Platform to protect their APIs in real-time and detect vulnerabilities before they are exploited. Noname Security’s Hardened Virtual Appliance makes the API security platform available completely offline with no reliance on internet connectivity, perfect for isolated and controlled environments. It is a finely tuned package of advanced software and premium support built and secured to Federal Government specifications, enabling customers to comply with the most rigorous standards, including Federal Information Processing Standards (FIPS)1 and Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIGs)2. Noname collaborated with a FedRAMP 3PAO, The MindPoint Group, on the development of the Noname Hardened Virtual Appliance. Noname Security’s Hardened Virtual Appliance enables access to a powerful, complete, and easy-to-use API security platform that helps: Discover all APIs, data, and metadata - Unlike other API solutions that only look at traffic sources, Noname Security discovers more APIs by combining traffic sources with the configuration of infrastructure and applications. The end result: visibility into more APIs and deeper insights into customers’ API security posture. Analyze API behavior and detect all API threats - The Noname API Security Platform uses AI-based detection to identify the broadest set of API vulnerabilities, including data leakage, data tampering, misconfigurations, data policy violations, suspicious behavior, and cyber attacks. Prevent attacks and remediate API vulnerabilities - Noname Security allows federal customers to prevent attacks in real-time, fix misconfigurations, automatically update firewall rules, webhook into their WAFs and gateways to create new policies against suspicious behavior, and integrate with existing workflows (ticketing and SIEMs). Noname Public Sector LLC has made it easier to deploy, configure and manage the platform via the new Noshell(™) interface. The shell offers innovative features such as the ability to perform on-demand STIG audits of the internal system itself, while aiming to reduce the overall attack surface of the system. About Noname Security & Noname Public Sector LLC Noname Public Sector LLC empowers the world’s most critical organizations to protect their most important data. With decades of military and civilian public sector experience, Noname Public Sector combines a deep understanding of government agency requirements with leading expertise on their unique API security considerations. Government agencies using Noname’s complete, proactive API security solutions can securely harness their data to serve the public and stay ahead of adversaries. Noname Public Sector LLC is privately-held and based in Herndon, VA. Noname Security is the leading provider of complete, proactive API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Security, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Blackpoint Launches New Product Expanding Security Ecosystem

Prnewswire | May 26, 2023

Blackpoint Cyber, the elite technology-focused cybersecurity company providing its streamlined security suite via managed service providers (MSPs), announced today the launch of its newest product, Managed Application Control, continuing Blackpoint's investment in building out the most comprehensive MSP security ecosystem available. The new solution goes beyond traditional approaches to application control, simplifying security management and improving productivity for MSPs and the businesses they serve. Threat actors often evade endpoint protection systems by "living off the land," or misusing legitimate IT tools native to the target environment. Managed Application Control protects from these attacks with a uniquely curated, constantly updated block list of applications by Blackpoint's threat intelligence team. The approach stands in contrast to pure zero-trust or deny-all methods of application control, which produce operational bottlenecks. With Managed Application Control, organizations can still create custom rules and allow exceptions. But with Blackpoint's newest offering, IT administrators can reduce time spent on allowlists and endless verification requests. "Our team knows the attacker tradecraft, so introducing another layer of security to our already robust ecosystem through Managed Application Control, at no additional cost, just makes sense," said Jon Murchison, CEO and founder of Blackpoint Cyber. "Protecting our partners and their customers is our primary goal, and we are committed to providing MSPs with an easily accessible bundle of solutions. It comes down to providing our partners with the most value on the market, including this new product, so they can protect their customers and focus on their margins and operations. It's extra productivity with no extra cost." Blackpoint's team of top-tier experts and products focus on blocking risky and malicious applications. When an application is blocked, Blackpoint's security operations center (SOC) intervenes to investigate and stop any intrusion attempts, providing unparalleled protection and peace of mind for MSPs and their clients. "At Blackpoint, we have always focused on threat actor mentality so we can stop threats as early in the attack cycle as possible," said David Rushmer, director of Blackpoint Cyber's Adversary Pursuit Group. "With Managed Application Control, the ability to dynamically respond to potential intrusions across the threat landscape means improved protection for our customers." The offering is the latest addition to Blackpoint Response, a packaged bundle of integrated cybersecurity solutions that includes Managed Detection and Response (MDR), Managed Defender for Endpoint, Vulnerability Management, and Cloud Response for a unified defense against cyber threats. ABOUT BLACKPOINT CYBER Blackpoint Cyber offers a world-class, nation-state-grade cybersecurity ecosystem serving the MSP community. Using its own software and Security Operations Center (SOC), Blackpoint's true 24/7 Managed Detection & Response (MDR) service not only detects breaches earlier than any other solution on the market, but also provides an actual response rather than just an alert to keep MSPs and their clients' networks safe from widespread damage.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Aqua Security Launches Industry First Real-Time CSPM

Globenewswire | May 17, 2023

Aqua Security, the pioneer in cloud native security, today announced the launch of Real-Time CSPM, a next-gen cloud security posture management (CSPM) solution, offering the best visibility and context in the industry. Real-Time CSPM provides a complete view of multi-cloud security risk, pinpoints threats that evade agentless detection, and dramatically reduces noise so security practitioners can rapidly identify, prioritize, and remediate the most important cloud security risks, saving time and money. “Customers have told us that they are bogged down by too much noise from current CSPM offerings,” said Amir Jerbi, CTO and co-founder, Aqua Security. “They receive too many findings yet lack complete visibility and therefore the ability to properly prioritize. Simply put, they fix the wrong things and end up compromised. This is where Aqua comes in. We are introducing Real-Time CSPM so security practitioners can pinpoint the most significant cloud risks and remediate them quickly.” With Real-Time CSPM, teams have a complete view of cloud security risk and surface the most critical findings. This includes the ability to match correlated findings across multi-cloud environments, deduplicate findings and focus on identifying real cloud risks with smarter insights. Instead of wasting time on issues with low effective risk, customers can focus on what truly matters most and provide the context needed for resource owners to remediate quickly and secure their cloud applications. “One of the world’s largest telcos turned to Aqua to provide better visibility and context. They went from 120M risk findings to 50k and they saw a reduction in their attack surface by 99% in just months. If everything is a priority, then nothing is – that’s why they chose Aqua,” said Jerbi. Detailed context also allows teams to connect issues found in their cloud to their respective code repositories. With better prioritization and the ability to identify risk ownership, Real-Time CSPM then allows for rapid remediation of those most critical issues. Security professionals can focus their limited resources to manage, investigate and respond faster. Identify Attacks That Agentless Solutions Cannot See Point-in-time scanning opens the door for increased attacks. According to the IDC report, “The State of Cybersecurity Maturity in Vulnerability Management Among U.S. Organizations,” 74% of organizations scan less than 85% of their IT assets when they do scan, leaving an opportunity for many vulnerabilities to go undiscovered until an attacker makes use of them. By then it is too late. Aqua Real-Time CSPM eliminates that risk and delivers real-time visibility and risk prioritization in a single, unified platform for faster, more effective risk management. Unlike point-in-time scanning solutions, Aqua Real-Time CSPM provides a deeper layer of visibility for better context, leading to the ability to prioritize the most critical cloud security risks. “Other CSPM solutions give you a false sense of security. Whether you scan daily or monthly, you’re only seeing a portion of the risks with a point-in-time scan. And that’s not true security,” said Jerbi. Further data from Aqua Nautilus, Aqua’s cloud security research team, supports the need for real-time scanning. Nautilus uses an extensive honeypot network to detect and analyze over 80,000 attacks a month. Of those attacks, one in three do not leave a footprint and would be missed by point-in-time scanning solutions. Similarly, zero-day attacks are missed, whilst other standard operating procedures like ephemeral containers and transient attacks raise that number to 50%. Real-Time CSPM is part of the Aqua Cloud Security Platform, a cloud native application protection platform (CNAPP). The Aqua Platform is composed of a fully integrated set of security and compliance capabilities to discover, prioritize, and eliminate risk in minutes across the full software development life cycle. Aqua improves operational efficiency by connecting cloud to code and tracing runtime risks to the code and developer who can fix them. By connecting CSPM to runtime, it shields risks that cannot be immediately addressed with a code fix. For more information on Aqua’s Real-Time CSPM, visit the blog. About Aqua Security Aqua Security stops cloud native attacks and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.

Read More

More featured news