Enterprise Security, Platform Security, Software Security
Prnewswire | July 24, 2023
Checkmarx, the global leader in application security solutions, has introduced Codebashing 2.0, its latest developer AppSec learning solution, equipping development teams with all the right skills to write secure code based on their roles and needs. Now offering an enhanced integration within the Checkmarx One™ Application Security Platform, Codebashing makes learning and developer adoption of application security (AppSec) frictionless and fully integrated into the development life cycle.
With digital transformation increasing demands on software development teams, AppSec has become a critical area for large enterprises to reduce business risk even as less time is available for finding and fixing vulnerabilities in applications. In the interest of productivity and speed, most development teams work within integrated development environments (IDEs) and require security teams to prioritize and focus them on fixing key vulnerabilities.
"The competing pressures of application time-to-deployment and AppSec risk reduction have long plagued and challenged development teams and CISOs," said Sandeep Johri, CEO at Checkmarx. "This new version of Codebashing is a game-changer for security teams to enable and provide knowledge and trust in handling vulnerabilities fixes. Its updated integration to the Checkmarx One platform solves some of the main challenges we constantly hear from CISOs and security teams seeking to improve the developer experience while also ensuring a secure and rapid pipeline of applications. These are critical elements of a successful digital transformation as enterprises continue their migration to the cloud."
Learning key concepts within their familiar workspaces and applying those concepts from the first line of code to the last across all applications can significantly lower AppSec risk while boosting productivity.
Codebashing 2.0 integrates fluidly into a developer's daily routine and workflow by offering "bite-sized" learning modules through Checkmarx One plugins within the developer's IDE. Designed by some of the industry's leading AppSec security researchers and engineers, Codebashing modules upskill developers' ability to write secure code from the very first line.
Codebashing 2.0 offers a new way for security teams to better engage developers for AppSec adoption through a whole new experience and new gamified user interface. It includes a new Learning Path, which is a tailored professional skill tree that enables developers to continuously cultivate their expertise, stepping beyond the confines of one-time training sessions. The Learning Path is designed to be adaptive and personalized. Developers can select their unique path based on their specializations: Back-end, Front-end, or DevOps. This custom-tailored approach ensures that each developer is guided through the secure coding learning most pertinent to their specific role and responsibilities.
Security Champion Program
With Codebashing 2.0, Checkmarx has introduced the first in-market program to allow large enterprises to scale its AppSec program by training and certifying personnel from the engineering team as security champions. This certificate is backed by almost 20 years of AppSec expertise and includes a predefined training and certification including:
Hours of gamified and comprehensive content such as quizzes and assessments to obtain and measure knowledge transfer
Best practices critically needed by Security Champions.
"The CISOs of global enterprise companies among our clients have repeatedly told us that two things are critical to building trust and collaboration between security and development teams: implementation of a proper framework of AppSec skills and methodologies and creating security champions among their developers. This is why we developed the first Security Champion Program in the market," said Ramon Herzlinger, General Manager of Codebashing at Checkmarx. "We invested extensively to ensure that all the relevant aspects are taught, including front-end, back-end, and DevOps-related knowledge and certification and based on feedbacks with customers who trailed it already, we are confident it is a major breakthrough in generating trust between security and development teams."
Codebashing 2.0 includes a completely revamped user experience, new learning paths, and the most up to date AppSec learning content on the market covering the latest challenges and needs of development and security teams. With Codebashing 2.0, CISOs can identify gaps in knowledge about secure code capabilities fixes within their developers and help drive secure code awareness. For more information and to request the latest Codebashing 2.0 demo, visit this page.
About Checkmarx
Checkmarx is the leading application security provider, offering the industry's most comprehensive and innovative cloud-native platform, Checkmarx One™. Fueled by intelligence from our industry leading AppSec security research team, our products and services enable enterprises to shift everywhere in order to secure every phase of development for every application while simultaneously balancing the dynamic needs of CISOs, security teams, and development teams. We are honored to serve more than 1,800 customers, including 60 percent of Fortune 100 organizations, and are committed to moving forward with an unwavering dedication to the safety and security of our customers and the applications that power our day-to-day lives. Checkmarx. Make Shift Happen.
Read More
Cloud Security
Google | September 18, 2023
Google reveals its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco.
Alphabet and Google CEO Sundar Pichai's keynote emphasizes Google's AI-first approach and the transformative impact of AI across industries.
Google introduces innovative security updates and trends, highlighting its commitment to enhancing cybersecurity capabilities.
Google Cloud extends Duet AI to three key products in preview mode, empowering security teams to address complex cybersecurity challenges more efficiently.
Google unveiled its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. This significant revelation follows the broader accessibility of generative AI, made possible earlier this year by technologies like ChatGPT. Google's strategic endeavor aims to harness the potential of AI to combat cybersecurity challenges. Additionally, the event featured a keynote address by Alphabet and Google CEO Sundar Pichai, who underscored the transformative influence of AI across sectors and emphasized Google's extensive history of adopting an AI-first approach.
During the conference, Google seized the opportunity to introduce innovative security updates and trends, signifying its commitment to enhancing cybersecurity capabilities for its customers. These developments come at a time when the integration of AI technologies in addressing cybersecurity concerns has gained substantial attention and recognition. Alphabet and Google CEO Sundar Pichai, a prominent figure in the technology industry, initiated the conference, reiterating the profound influence of AI across various sectors, industries, and business functions. His emphasis on Google's decade-long dedication to an AI-first approach solidified the company's leadership position in this transformative era.
Furthermore, Google unveiled significant developments in the conference, including expanding Vertex AI with over 100 foundation models and introducing enhancements like PaLM 2, supercomputing capabilities, and the fifth-gen Tensor Processing Units. However, their commitment to democratizing AI was highlighted, demonstrated through customer stories and live demos. Google Cloud's developer advocate, Priyanka Vergadia, showcased Duet AI, an intelligent chatbot assistant that streamlines developers' tasks, saving time and enhancing security. Duet AI automates deployments, configures applications correctly, aids in debugging, and strengthens security. Its preview release marks a step towards achieving shift-left and DevSecOps goals, empowering developers to secure their code effectively and allowing security teams to scale their efforts.
The research conducted by ESG and ISSA highlights the challenges faced by cybersecurity professionals. A significant majority (63%) have found their roles increasingly complex over the past two years. A closer look reveals that the surge in complexity (81%), rising workloads, and growing cyberthreats (59%), as well as understaffing issues (46%), are the primary factors contributing to this challenge. In response to these evolving demands, Google Cloud has taken a proactive step by extending the application of Duet AI to three key products, now available in preview mode. These applications empower security teams with Mandiant Threat Intelligence for threat analysis, Google Chronicle for accelerated SecOps processes, and Google Security Command Center for risk mitigation. A live demonstration showcased how Duet AI streamlines security analysts' workflows, making threat detection and response more efficient and enhancing overall security posture management.
Google Cloud announced Mandiant Hunt for Chronicle Security Ops in preview, boosting threat hunting with expert Mandiant insights. Agentless vulnerability scanning (powered by Tenable) in preview detects OS, software, and network vulnerabilities on Google Compute Engine VMs. Custom posture findings and threat detectors are now available in the Security Command Center. Cloud Firewall Plus, in preview, enhances firewall service with advanced threat protection (Palo Alto Networks). These updates, utilizing Duet AI in preview, demonstrate Google Cloud's dedication to cybersecurity innovation, with specific availability details to come. The conference also highlighted partner offerings in the ever-evolving cloud security landscape.
Read More
Security Audit and Compliance, Software Security
Business Wire | August 25, 2023
Cyberint, the leader in impactful intelligence, is thrilled to announce its integration with Cyware, the leading provider of threat intelligence management, security collaboration, and cyber fusion solutions. The combined solution enables organizations to access and integrate contextual threat intelligence, enhance their threat-hunting capabilities, and automate collaborative response actions to potential attacks. The joint solution and use cases will be detailed in an upcoming webinar on August 29 at 1:00 pm EDT.
“By combining Cyware's advanced capabilities with Cyberint's deep and dark web intelligence, we empower organizations to connect the dots on security incidents, reduce response time, and elevate their security posture,” said Shahar Kodraty, Head of Technical Alliances at Cyware. “Together, we can make a tangible impact in the fight against cyber threats, benefiting enterprises, government agencies, and MSSPs globally."
With this collaboration, Cyberint's web intelligence seamlessly integrates with Cyware’s Threat Intel Exchange product enabling customers to:
Identify potential threats at an early stage by leveraging streamlined deep and dark web intelligence,
Receive contextual threat intelligence to enrich and enhance security tools, blocklists, threat research, and threat-hunting activities,
Aggregate threat intelligence from multiple sources to create clear visibility into threat patterns,
Automatically notify all stakeholders about critical intelligence,
Proactively build detection rules and automate response actions to reduce the risk of successful attacks.
"Our collaboration with Cyware will enable organizations to harness the power of streamlined deep and dark web intelligence, strengthening their security posture and ensuring continuous external protection from cyber threats," said Yochai Corem, CEO of Cyberint.
About Cyberint
Cyberint’s impactful intelligence solution fuses real-time threat intelligence with bespoke attack surface management, providing organizations with extensive integrated visibility into their external risk exposure. Leveraging autonomous discovery of all external-facing assets, coupled with open, deep & dark web intelligence, the solution allows cybersecurity teams to uncover their most relevant known and unknown digital risks - earlier. Global customers, including Fortune 500 leaders across all major market verticals, rely on Cyberint to prevent, detect, investigate, and remediate phishing, fraud, ransomware, brand abuse, data leaks, external vulnerabilities and more, ensuring continuous external protection from cyber threats. To learn more about Cyberint, visit the website: https://cyberint.com/.
About Cyware
Cyware helps enterprises transform security operations while breaking through silos for threat intelligence sharing, collaboration, and automated threat response. Its unique Cyber Fusion solutions enable lean security teams to proactively stop threats, connect the dots on security incidents, dramatically reduce response time, and reduce analyst burnout from repetitive tasks. Cyware improves security outcomes for enterprises, government agencies, and MSSPs, and provides threat intelligence-sharing platforms for the majority of ISAC/ISAO information-sharing communities globally. For more information, visit https://cyware.com/.
Read More