DATA SECURITY

Elisity to Close $26-Million Round for Cognitive Trust CyberSecurity Platform

Elisity | June 17, 2021

The new platform for behavior and identity-based enterprise cybersecurity, Elisity, Inc., the pioneer of Cognitive Trust™, has announced a Series A funding round totaling $26 million. It is co-led by AllegisCyber Capital and Two Bear Capital. Atlantic Bridge, the previous seed investor, is participating.

The present subsidizing will scale Elisity to satisfy customer needs for its cloud-delivered cybersecurity stage that can investigate the identity and context of individuals, applications, and gadgets—including IoT and OT—any place they're working. The platform can comprehend, engage and progressively adjust security from the edge to the cloud by learning conduct to review hazards, consequently and constantly streamline security assurance.

Elisity is the principal organization to offer a solitary online protection stage that is adequately astute to see how resources and individuals associate past corporate edges and powerfully adjust security for each client, gadget, information, and application from the edge to the cloud. Elisity's Cognitive Trust stage wires character and AI-driven social insight to ceaselessly evaluate hazard and quickly upgrade access, availability, and security arrangements that follow resources and individuals any place they go. Elisity helps endeavor class associations, everything being equal, and ventures get through the present siloed systems administration and-security bunch difficulties by incorporating resource the board, availability, and security.

Three co-founders began Elisity: Burjiz Pithawala, chief product officer; Sundher Narayan, chief architect; and Srinivas Sardar, vice president of engineering, who all previously held leadership roles product development, engineering, and architecture at Cisco. The chief group is driven by James Winebrenner, CEO, who drove the go-to-market procedure for Viptela from pre-dispatch through the deal to Cisco in 2017, having additionally held influential leader positions at Cisco, Aviatrix, and Checkpoint Software.

Strategic advisors include security and networking leaders such as Greg Akers (former SVP Advanced Security Research and Governments at Cisco), Khalid Raza (co-founder of Viptela and CEO and founder of Graphient), Brian Long (co-founder and managing partner at Atlantic Bridge and on Elisity's Board of Directors), and Jeff Tantsura (Internet Architecture Board). Spencer Tall and Mike Goguen will join Brian Long on the Elisity board due to today's transaction.



About Elisity

Elisity understands behaviors and identity to simplify connectivity, asset and user access, and security from the initiative edge to the cloud. Elisity invented the AI-powered Cognitive Trust platform to learn behavior, measure risk enthusiastically, and promptly adapt apparent access policies for people, devices, data, and applications. Elisity is based in San Jose. The company is backed by AllegisCyber Capital, Two Bear Capital, and Atlantic Bridge.

Spotlight

Warum ist Zero Trust der effektivste Ansatz, um Unternehmen vor Ransomware zu schützen? Im Folgenden werden die wichtigsten Vorteile aufgeführt. Das Ebook „10 Vorteile einer Zero-Trust-Architektur beim Schutz vor Ransomware-Angriffen“ beschreibt, wie sich Unternehmen mithilfe von Zero Trust in jeder Phase eines Angriffs vor Rans

Spotlight

Warum ist Zero Trust der effektivste Ansatz, um Unternehmen vor Ransomware zu schützen? Im Folgenden werden die wichtigsten Vorteile aufgeführt. Das Ebook „10 Vorteile einer Zero-Trust-Architektur beim Schutz vor Ransomware-Angriffen“ beschreibt, wie sich Unternehmen mithilfe von Zero Trust in jeder Phase eines Angriffs vor Rans

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Neosec Introduces Automated Tokenization to Enable Full API Visibility Without Exposure of Sensitive Data

Neosec | November 16, 2022

Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to enable organizations to fully see and store API data, removing the possibility of keeping sensitive data at-rest. Today, many organizations are blind to the threats lurking within their API traffic. Even worse, organizations are forced to implement basic logging of its API traffic that doesn't contain the meaningful information about who accessed, what records were accessed or manipulated and how. There exists a justified fear of logging sensitive data or being out of compliance, and with the lack of technology that can perform it at scale, they prefer to log with low fidelity. Those logs tell you that "somebody modified or accessed a record" but typically don't disclose who accessed it, which record, or what action was performed. This decision also results in a downstream issue of "insufficient logging", which is noted by the Open Web Application Security Project as one of the top security problems in its 2021 OWASP API Top 10. "Insufficient logging" is poor for incident forensics and, in practice, means that you can't detect abuse or investigate a case, even if you know it happened. Tokenization is the process of substituting a sensitive data element, like a credit card number, for a non-sensitive equivalent that has no intrinsic or exploitable value or meaning. Neosec's automated tokenization is part of its 'privacy by design' philosophy and is already deployed successfully at customers around the world in financial services, insurance and hospitality companies among others. The process allows retaining tokenized API activity data for the purposes of performing true behavioral analytics over time, ensures that sensitive data is never stored at rest, and enables only the customer to de-tokenize, based on the strictest data privacy practices. "Solving API security starts with basic visibility and the ability to see how the APIs are used. The problem is that virtually every company logs API activity with low fidelity that doesn't enable this basic visibility. "In order to perform true behavioral analytics and investigate cases you must store and examine historical data. But if this analysis is performed on un-tokenized data you risk storing PII and creating compliance issues. Neosec successfully retains all API activity data, in the highest fidelity, and ensures it meets data privacy standards." Giora Engel, co-founder and chief executive officer, Neosec This focus on data and the visibility it brings is what previously defined the creation of the EDR (Endpoint Detection & Response) security space. "Trying to implement API security without enabling basic visibility of activity is like going back to the antivirus age before the advent of EDR. Visibility into API activity allows you to detect threats, understand behavior, investigate and remediate" said Engel. The Neosec API security solution discovers and maintains an up-to-date inventory of all APIs in use by an organization and then uses machine learning and behavioral analytics on tokenized data to find fraud and abuse by third parties and attackers. Neosec also enables proactive API threat hunting and investigations without storing any sensitive data. The automated API data tokenization is now a capability of the Neosec platform and is fully available. There is no extra cost for use of this unique capability. About Neosec Neosec is re-inventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities together with a team of expert threat hunters. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel.

Read More

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Living Security Announces Partnership Agreement with GuidePoint Security

Living Security | January 02, 2023

Living Security, the pioneer in human risk management, announced entering into a strategic partnership with GuidePoint Security, a renowned value-added reseller (VAR) that enables enterprises to make more informed cybersecurity decisions and reduce their risk exposure. The partnership will combine GuidePoint Security's ecosystem with Living Security's industry-leading human risk management products and security awareness training. "According to the Computer Emergency Response, cyberattacks have been ranked as the fifth most significant danger for the year 2020 and have become the standard in both the public and private sectors." Each day, the number of cybersecurity events continues to rise, and the vast majority of these problems can be traced back to human action. Using a data-driven methodology, Living Security enables security directors to identify the most vulnerable elements of their workforce in order to decrease human risk exposure, control the contribution to overall risk over time, and alter organizational behavior. About Living Security Living Security's objective is to transform human risk in order to generate a dramatic increase in human behavior, organizational security culture, and information security program efficacy. With the company's Human Risk Management platform, Living Security connects each employee with creative and pertinent context and content while simultaneously enabling management to recognize, report on, and proactively mitigate the risk posed by human behavior. Living Security is trusted by security-conscious firms such as MasterCard, MassMutual, Verizon, Biogen, Hewlett Packard, AmerisourceBergen, and Target. About GuidePoint Security GuidePoint Security offers dependable cybersecurity insights, solutions, and services that enable businesses to make risk-averse decisions. The company's specialists serve as trusted advisors by evaluating the cybersecurity posture and ecosystem in order to identify risks, maximize resources, and deploy the most appropriate solutions. GuidePoint's unparalleled knowledge has enabled a third of Fortune 500 organizations and over half of U.S. cabinet-level agencies to enhance their security posture and decrease risk.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Legit Security Discovers New Class of Development Pipeline Vulnerabilities; Open-Source Rust Programming Language Found Vulnerable

Legit Security | December 12, 2022

Legit Security, a cyber security company with an enterprise platform that protects an organization's software supply chain from attack and ensures secure application delivery, today announced that it discovered a new class of software supply chain vulnerabilities that leverage artifact poisoning to attack underlying software development pipelines. The vulnerability was found in GitHub Actions, a platform for orchestrating and automating software development pipelines, and the vulnerability was identified in the highly popular programming language Rust. Many other GitHub Action projects remain potentially vulnerable and a technical disclosure blog including information to protect organizations from attack is available on Legit Security’s website. The discovered pipeline vulnerability could allow any GitHub user to replace legitimate development artifacts with malicious ones, enabling attackers to modify source code, steal secrets and create CodeCov-like wide-reaching software supply chain attacks. Rust, an extremely popular programming language used by millions of developers, acknowledged and fixed the vulnerability after initial disclosure by the Legit Security Research Team. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization’s software supply chains and used by software developers globally. The vulnerability affects the GitHub Actions artifacts storage mechanism, which is used to store and transfer build artifacts between software development build jobs. Due to a limitation in the cross-workflow artifact communication mechanism, vulnerable workflows cannot distinguish between legitimate project artifacts and artifacts that were created by the project’s forks or copies, allowing any user to create a fork, and then craft a malicious artifact that will be treated as a legitimate one. “This is a different class of vulnerability that can lead to attacks and modification of the development pipeline itself, not just modification of the code. “A simple analogy could be made to a car assembly line. This is an attack on the assembly line itself that could include stealing sensitive parts, turning off certain steps, or substituting any valid part for a malicious one. It’s a powerful attack vector that gives cyber criminals a lot of options to inflict damage. In this case, the vulnerable targets are software supply chains that use GitHub Action.” Liav Caspi, co-founder and CTO, Legit Security The Legit Security Research Team also disclosed the security issue to the GitHub security team. GitHub responded by simply updating their API to include information that could help prevent this vulnerability. It should be noted that GitHub didn’t address the root cause of the issue, thus leaving many other GitHub Action projects vulnerable to the aforementioned software supply chain attacks. Legit Security’s technical disclosure blog includes important information on how to protect organizations from this type of attack. More information about general GitHub security best practices can also be found here. Legit Security Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments, and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More