DATA SECURITY

DoControl Integrates with Box to Transform SaaS Data Access Security

DoControl | August 03, 2022 | Read time : 03:00 min

DoControl
DoControl, the automated Software as a Service (SaaS) security company, today announced an expanded integration with Box, the leading Content Cloud, that adds a foundational layer of granular controls to protect sensitive data and provide comprehensive data access security. The solution further secures cross-application, business-critical data, and files accessed by every identity and entity, both internal employees and external collaborators, allowing for content collaboration to be achieved securely.

Recent research found that nearly half of enterprise tech leaders find too much time is spent on manually provisioning and managing apps. In addition, it found other pain points around managing SaaS, including a lack of visibility, data exposure, and unmanageable access. DoControl No-Code SaaS Security Workflows Engine supports organizations in mitigating ongoing risk consistently, with the customization level required to effectively balance security with business enablement.

"By partnering with Box, we will help customers confidently maintain business continuity and mitigate the risk of data breaches, overexposure, and exfiltration. "Security teams can effectively extend least privilege to the SaaS data layer and utilize a risk-based approach in securing their Box instances through the prioritization of identities that present higher levels of risk."

Adam Gavish, CEO and Co-Founder of DoControl

"Organizations today need products that are inherently secure to support employees working from anywhere," said Fred Klein, Vice President of Business and Corporate Development at Box. "At Box, we continuously strive to improve our integrations with third-party apps so that it's easier than ever for customers to use Box alongside best-in-class solutions. With today's integration with DoControl, we are taking that mission one step further to enable our joint customers to have more granular security controls over who has access to their business-critical content."

Key joint solution capabilities include:

  • Comprehensive asset management: Gain full awareness of every entity that is accessing corporate data within Box to identify what needs to be protected;
  • Real-time monitoring and control: Monitor every user activity in real-time, with self-service tooling to detect and respond to immediate threats;
  • Automated remediation: Establish data access control workflows that are future-proofed, consistently enforced, and allow for secure file sharing between all internal and external users.

About DoControl
Founded in 2020 and headquartered in New York, DoControl is an automated data access controls platform for SaaS applications, improving security and operational efficiency with ease for enterprises. DoControl is backed by investors Insight Partners, StageOne Ventures, Cardumen Capital, RTP Global and global cybersecurity leader CrowdStrike's early stage investment fund, the CrowdStrike Falcon Fund. The company's leadership team combines product, engineering and sales experience across cybersecurity, enterprise and SaaS innovators.

Spotlight

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

Spotlight

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Blackpoint Launches New Product Expanding Security Ecosystem

Prnewswire | May 26, 2023

Blackpoint Cyber, the elite technology-focused cybersecurity company providing its streamlined security suite via managed service providers (MSPs), announced today the launch of its newest product, Managed Application Control, continuing Blackpoint's investment in building out the most comprehensive MSP security ecosystem available. The new solution goes beyond traditional approaches to application control, simplifying security management and improving productivity for MSPs and the businesses they serve. Threat actors often evade endpoint protection systems by "living off the land," or misusing legitimate IT tools native to the target environment. Managed Application Control protects from these attacks with a uniquely curated, constantly updated block list of applications by Blackpoint's threat intelligence team. The approach stands in contrast to pure zero-trust or deny-all methods of application control, which produce operational bottlenecks. With Managed Application Control, organizations can still create custom rules and allow exceptions. But with Blackpoint's newest offering, IT administrators can reduce time spent on allowlists and endless verification requests. "Our team knows the attacker tradecraft, so introducing another layer of security to our already robust ecosystem through Managed Application Control, at no additional cost, just makes sense," said Jon Murchison, CEO and founder of Blackpoint Cyber. "Protecting our partners and their customers is our primary goal, and we are committed to providing MSPs with an easily accessible bundle of solutions. It comes down to providing our partners with the most value on the market, including this new product, so they can protect their customers and focus on their margins and operations. It's extra productivity with no extra cost." Blackpoint's team of top-tier experts and products focus on blocking risky and malicious applications. When an application is blocked, Blackpoint's security operations center (SOC) intervenes to investigate and stop any intrusion attempts, providing unparalleled protection and peace of mind for MSPs and their clients. "At Blackpoint, we have always focused on threat actor mentality so we can stop threats as early in the attack cycle as possible," said David Rushmer, director of Blackpoint Cyber's Adversary Pursuit Group. "With Managed Application Control, the ability to dynamically respond to potential intrusions across the threat landscape means improved protection for our customers." The offering is the latest addition to Blackpoint Response, a packaged bundle of integrated cybersecurity solutions that includes Managed Detection and Response (MDR), Managed Defender for Endpoint, Vulnerability Management, and Cloud Response for a unified defense against cyber threats. ABOUT BLACKPOINT CYBER Blackpoint Cyber offers a world-class, nation-state-grade cybersecurity ecosystem serving the MSP community. Using its own software and Security Operations Center (SOC), Blackpoint's true 24/7 Managed Detection & Response (MDR) service not only detects breaches earlier than any other solution on the market, but also provides an actual response rather than just an alert to keep MSPs and their clients' networks safe from widespread damage.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY

Waratek Introduces World's First Java Security Platform with API Security Capabilities

Prnewswire | May 09, 2023

Waratek, an industry leader making Java security achievable for every mission-critical application and API, today introduced API security to its Java Security Platform, giving customers the ability to scale strategic risk mitigation in the enterprise. This unique combination provides turnkey protection against bytecode and serialization vulnerabilities, classpath manipulation, and sandbox escapes that are unique to the Java Virtual Machine. Additionally, Waratek released today its Log4J Vulnerability Scanner, giving users an in-depth view of any remaining issues in their IT systems. The scanner makes it simple to quickly scan all applications for Log4shell vulnerabilities, then sends out non-invasive payloads to a company's libraries, automatically building a table of remaining instances of Log4J and where to find them. "In 2022, we were the first company that released a Log4j patch, even faster than Oracle. Today, researchers warn that the infamous Log4j vulnerability is still present in far too many systems worldwide, and that attackers will be successfully exploiting it for years. With 80 percent of Log4shell-impacted companies remaining vulnerable today, we recognized the immediate need to offer this security innovation to our customers," said Doug Ennis, CEO of Waratek. Signature-based security approaches have worked well for non-complicated languages, but languages like Java that are compiled into bytecode require expert-level domain knowledge to secure due to the unique characteristics of the Java programming language and its execution environment. When API security is added to the mix, the issue is exasperated. Now companies can solve this problem by combining the domain expertise of a Java software engineer and the knowledge of a security engineer in one platform. According to a recent survey, more than 60 percent of enterprise companies that use Java were affected by Log4j vulnerabilities, with 41 percent of those companies stating that between 51 and 75 percent of their apps were affected. Today, 81 percent of companies report still having problems as a result of Log4j, and 70 percent of companies surveyed still have not put a patch in place. A long-term Waratek customer, one of the top five semiconductor businesses in the world, expressed Log4j vulnerability concerns and worried that hundreds of hours would be required to resolve the issues. Utilizing Waratek's Java Security Platform with API capabilities, 2,500 of the company's applications were fully remediated of Log4j vulnerabilities without code changes or application redeployments in under four hours. "For Java applications and APIs our unprecedented Java Security Platform helps security teams fill the knowledge gap on Java and address its unique security nuances, such as Insecure Deserialization, accurately and instantly," said Ennis. "Waratek's Java Security Platform has become the essential line item in our security budget," said a CISO at one of the top three largest global hotel chains. "We originally implemented it to fix insecure deserialization across our applications. Since then, it's scaled to 2,500 applications without introducing new headcount, because to date it's never generated a false-positive." ABOUT WARATEK Waratek is the industry pioneer making Java security achievable for every mission-critical application and API. Headquartered in Chicago, IL and Dublin, Ireland, Waratek's multiple-award winning solution is trusted by some of the world's most recognizable brands including IBM, Google, Amazon, Microsoft, and more. The company has been recognized and awarded for its innovation in security deployment by CRN, CDM, Gartner Group, RSA, FinTech Innovation Lab, Computer Technology Review, and Government Computer News. For more information visit www.waratek.com or connect with us on LinkedIn, Twitter, or YouTube.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

Malwarebytes Launches WorldBytes for Real-Life Threat Assessments

Prnewswire | April 03, 2023

Malwarebytes, a global leader in real-time cyber protection, is taking the next great leap in security with the launch of WorldBytes, a best-in-class, first-of-its-kind, next-generation mobile security application that takes the malware scanning technologies that customers know and love and applies them to the first frontier of human evolution: real life interactions. Powered by Malwarebytes and next-level AI technology, users can use their mobile devices to scan the world around them and get real-time threat assessments of anything and everything – including questionable Tinder dates, the unlabeled sauce at the back of their fridge and their neighborhood cat. The responses, powered by ChatGPT, humorously explain the potential cyber risks lurking within. "We're proud of our powerful malware scanning engine and the peace of mind it gives users by stopping threats on their devices," said Mark Beare, General Manager of Consumer, Malwarebytes. "We took that same idea and brought it to the physical world with WorldBytes. Users can reveal the hidden cyber threats around them in a humorous way, helping to make cybersecurity accessible and relevant for all." Malwarebytes believes that cybersecurity can be effective, yet simple and intuitive for users. A recently launched campaign, "Protection You Can Trust," leverages humor again to make cybersecurity engaging and accessible for all. The campaign's first two films poke fun at some of the internet's most notorious troublemakers and illustrate how — with just a few clicks in Malwarebytes — you can scan, clean and protect your device, shutting down cyber threats and scams. Watch them on YouTube. While we can't give users real threat intelligence on everyday objects, we hope they enjoy playing with WorldBytes. Consumers ready to protect their devices from malware, ransomware, spyware and other cyberthreats can learn more at www.malwarebytes.com/for-home. About Malwarebytes Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes' award-winning endpoint protection, privacy and threat prevention solutions and its world-class team of threat researchers protect millions of individuals and thousands of businesses across the globe. The effectiveness and ease-of-use of Malwarebytes solutions are consistently recognized by independent third parties including MITRE Engenuity, MRG Effitas, AVLAB, AV-TEST (consumer and business), Gartner Peer Insights, G2 Crowd and CNET. The company is headquartered in California with offices in Europe and Asia.

Read More