WEB SECURITY TOOLS

Indusface Enhances its Web Application & API Protection (WAAP) platform AppTrana with Industry's First Risk-Based Protection to APIs

Indusface | May 19, 2022

Indusface
Indusface, a leading application security SaaS company that continually detects security risks, provides real-time protection, and improves the performance of Websites and Applications, today announced that it is adding Risk-Based API Protection to its WAAP platform, AppTrana.

APIs are the lifeline of the digital economy with many companies adopting the API-first approach. However, the growth of APIs is also opening up new risk vectors that they are not aware of. According to Gartner, more than 90% of applications have more attack surface exposed through API than UI and by 2022, API Abuse will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.

Indusface is revolutionizing the API security space by building on its API Protection capabilities. The company is doing so through the most comprehensive API protection to date by extending its risk-based approach to the same.

"AppTrana's risk-based approach is unique and something that resonates with our customers. What customers are really interested in is knowing how well their application is protected based on the risk posture of their application. Building on this, we are now enhancing our API Protection capabilities by providing a risk-based approach to API security which we believe would revolutionize the market. With this, customers will be able to identify vulnerabilities found in their public APIs and quickly correlate how these are protected through API-specific policies and positive security policies applied in AppTrana providing the most comprehensive protection for APIs."

Ashish Tandon, Founder and CEO, Indusface

As with any security, you can protect only what you know and protection is as strong as the weakest link. The major challenges with APIs are discoverability and the ability to understand the context of APIs so that security can be tailored accordingly. It is to address these challenges that Indusface is enhancing its API protection in AppTrana. Collectively through a multi-step approach, customers get to discover APIs, understand risk posture and ensure comprehensive protection of APIs.

With Indusface AppTrana's Risk-based API Protection, you get:

  • To understand the risk posture of the APIs through unlimited automated API scans including manual tests for identifying business logic vulnerabilities. This enables organization to understand the weakest links of the APIs and get clear visibility around how these links are protected.
  • Visibility into API traffic patterns and discovery of shadow APIs, so that you are no longer blindsided by what you don't know
  • To protect APIs with API-specific rules written specifically to protect against OWASP Top 10 API vulnerabilities
  • Behavioral-based protection against DDoS attacks on APIs by analyzing API traffic pattern
  • Behavioral-based protection against BOT attacks
  • Positive security for APIs through analysis of swagger (OpenAPI 2.0) files and creation of automated positive security policies 
  • Accurate, real-time view of vulnerabilities blocked by API specific rules, positive security policies, custom rules, and those that need fixes in the application

About Indusface
Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 3000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.

Indusface has been funded by Tata Capital Growth Fund II, is the only vendor to be named Gartner Peer Insights™ Customers' Choice' in all the 7 segments for Voice of Customer WAAP (Web Application and API Protection) Report 2022, is a "Great Place to Work" certified SaaS product company, is PCI, ISO27001, SOC 2, GDPR certified, and has been the recipient of many prestigious start-up awards such as the Economic Times Top 25, NASSCOM DSCI Top Security Company, Deloitte Asia Top 100, among others.

Spotlight

In 2018, a large manufacturing organization experienced a ransomware attack resulting in a material security breach. The incident highlighted the need for a comprehensive cybersecurity program with greater visibility. The challenge was to implement a solution that was easy to manage and cost-effective while ensuring their sensit

Spotlight

In 2018, a large manufacturing organization experienced a ransomware attack resulting in a material security breach. The incident highlighted the need for a comprehensive cybersecurity program with greater visibility. The challenge was to implement a solution that was easy to manage and cost-effective while ensuring their sensit

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

ActZero Teams with UScellular to Secure Mobile Devices from Ransomware Attacks

Prnewswire | May 18, 2023

ActZero®, a leading cybersecurity provider for small and mid-sized enterprises, announced it is teaming with UScellular, making it the first and only wireless carrier to offer the ActZero Managed Detection and Response (MDR) service. Together the two organizations make it easier for businesses to secure mobile devices from ransomware and phishing attacks. UScellular Business Ultimate and Business Premium unlimited handset plans now include ActZero MDR for Mobile. "UScellular and ActZero share a common goal: to bring better performance and better security to businesses at a fair price," said Sameer Bhalotra, chief executive officer for ActZero. "With ActZero's on-device cyberdefense technology plus 24x7 security operations staff, UScellular business customers can stop mobile threats quickly, before they spread into the corporate network." With 24/7 threat coverage, ActZero stops breaches on mobile devices and networks, with a 90% block rate and response time of 15 minutes for critical alerts. Customers can easily deploy ActZero MDR for Mobile within minutes to their employees' iOS, Android, or Chrome mobile phones, tablets, and laptops. On-device protection and real-time notifications eliminate delays if a mobile device is compromised. ActZero's patent-pending AI means better cyberdefense and fewer false alarms. "ActZero delivers a powerful and affordable cybersecurity service businesses need to prioritize threat and vulnerability management," said Kim Kerr, senior vice president, enterprise sales and operations for UScellular. "Our customers often don't have the IT resources to ensure they are protecting their network and devices from malware, phishing, and ransomware attacks. The unique artificial intelligence and machine learning from ActZero intelligently pinpoints threats so less time is spent filtering noise and more time is focused on the action that should be taken, when it's truly important." About ActZero ActZero is a Gartner-recognized provider of Managed Detection and Response (MDR) services that delivers a powerful and affordable cybersecurity service to protect small and mid-sized enterprises against ransomware attacks. By continuously testing defenses against the latest attack techniques and variants, ActZero ensures AI detections and human threat hunters quickly stop threats. The company brings deep roots and expertise in cybersecurity to deliver measurable ransomware defense, reducing false alerts and responding quickly on a customer's behalf. Combined with exceptional service, ActZero empowers businesses with confidence that the company and customers are protected. For more information, please visit actzero.com. About UScellular Business UScellular is the fourth-largest full-service wireless carrier in the United States, providing national network coverage and industry-leading innovations designed to elevate the customer experience. The Chicago-based carrier provides a strong, reliable network supported by the latest technology and plays a critical role in helping businesses of all sizes navigate the wireless ecosystem, delivering advanced technology, increased network security and reliability. To learn more about UScellular's business solutions, visit one of its retail stores or uscellular.com/business.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

AnChain.AI Integrates with Stellar to Bring Enhanced Security and Compliance to Developers

Prnewswire | May 09, 2023

AnChain.AI, a leading Web3 digital asset security, and risk monitoring firm, today announced its integration with Stellar, the pioneering decentralized open-source blockchain network for cross-border payments and asset issuance. This integration paves the way for Stellar's thriving developer community to leverage AnChain.AI's AI-powered Web3 risk management and security solutions to enhance their security posture as they drive innovation. As digital assets and cross-border payments continue to rise, the need for fraud prevention solutions has become increasingly apparent. AnChain.AI's CISO Investigation platform provides an additional layer of trust to institutions developing on Stellar. By utilizing AnChain.AI's Open Blockchain Ecosystem Intelligence (OpenBEI), Stellar developers can prioritize security and customer safety from the earliest phases of building. "As the Web3 ecosystem continues to expand, it's becoming increasingly clear that security is not a luxury, but a necessity," said Dr. Victor Fang, CEO & Co-founder of AnChain.AI. "We are committed to providing cutting-edge security and risk monitoring solutions that enable Web3 platforms to operate with confidence. We're excited to build a more secure and sustainable Web3 future on Stellar." AnChain.AI utilizes AI digital asset risk assessment and early detection of suspicious activity. AnChain.AI's technology solutions underpin the regulatory efforts of leading government agencies, financial institutions, and enterprises worldwide, including the United States Securities and Exchange Commission (SEC). Through this integration, AnChain.AI continues demonstrating its commitment to a more secure blockchain ecosystem, ensuring that all participants in the Stellar community can confidently engage. "Having AnChain.AI integrate with Stellar is a breath of fresh air for the thriving community of Stellar projects," said Mark Heynen, Vice President of Partnerships at Stellar Development Foundation. "These types of solutions help equip developers and enterprises with the necessary tools to prioritize security and compliance from the get-go. This integration lays a sturdy foundation for Stellar ecosystem innovators to create more secure cross-border payment and asset issuance solutions." This integration represents a significant step towards increasing community awareness of the risks associated with rapidly evolving Web3 technology, particularly as regulatory scrutiny in the digital asset space intensifies. By solidifying a shared commitment to sustainable and secure development, this integration lays the foundation for the next-generation Web3 innovation on the Stellar network. Join the growing number of enterprises, financial institutions, government agencies, and users and developers who trust AnChain.AI for their Web3 and digital asset security needs. If you're a user or developer on Stellar looking to enhance your security and compliance posture, get started today. About AnChain.AI AnChain.AI (HQ in San Francisco) is an award-winning AI-powered cybersecurity company enhancing Web3 security, risk, and compliance strategies. AnChain.AI was founded in 2018 by cybersecurity and enterprise cloud veterans. Backed by both Silicon Valley and Wall Street VCs, and selected in the Berkeley Blockchain Xcelerator, we are trusted by 100+ customers from over 10+ countries in sectors: VASPs, financial institutions, and government, including the U.S. SEC (Securities and Exchange Commission). AnChain.AI Web3 Security Suite protects over $50 billion Web3 crypto assets. RSA Innovation Sandbox Finalist 2023. CNBC Top Startups Award 2022.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Veza introduces new solution to deliver SaaS access security and governance for the enterprise

Businesswire | May 03, 2023

Veza, the authorization platform for data security, today announced Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations. With this solution, Veza secures the attack surface associated with SaaS apps while enabling continuous compliance with frameworks like Sarbanes-Oxley, ISO 27001, SOC 2, and GDPR. Organizations today maintain an average of 125 different SaaS applications, costing $1,040 per employee annually, according to Gartner’s 2022 Market Guide for SaaS Management. As SaaS grows in popularity, security and identity teams are under pressure to manage security risks associated with the spread of data in these apps. “SaaS applications are everywhere, holding sensitive data like customer lists, financials, and employee data. This is a new attack surface for the threat actors who misuse identity,” said Tarun Thakur, CEO and co-founder of Veza. “Conventional IAM techniques like authentication are not enough to secure access to data in SaaS apps. We are excited to introduce Veza for SaaS Apps to help our customers protect sensitive data against credential theft, malicious attacks and accidental exposure, putting SaaS access security within reach.” The Veza solution includes integrations to 15 popular SaaS applications, including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. Because Veza uses an out-of-band approach to integrate with apps and systems, customers can integrate in less than a day, unlocking unprecedented visibility and control in just hours. “Using Veza, we have been able to achieve end-to-end visibility over access permissions across our enterprise app stack, including Salesforce,” said Brian Miller, Director, Security Governance, Risk and Compliance at Achieve. “As our customer base continues to expand, Veza helps us maintain least privilege over sensitive financial customer data, giving us the confidence to adopt new apps at lightspeed.” Capabilities of the Veza solution include: Privileged Access Monitoring. Veza alerts security teams when there are new grants of privileged access and privilege drift in SaaS apps, such as new local admins in Salesforce. Veza monitors both human identities and machine identities like service accounts and third-party integrations. User Access Reviews and Entitlement Certifications. Veza automates the identity governance and administration process of periodic access reviews, using workflow rules to route requests for certification and providing decision-makers with authorization context to choose the least-permissive role. Veza makes it possible to graduate from periodic batches to “continuous compliance.” SaaS Misconfigurations. Veza monitors SaaS apps for administrative misconfigurations and policy violations with over 100 pre-built queries to monitor and detect common misconfigurations in permissions and access controls. For example, Veza alerts the security team when users have access to sensitive data but do not have MFA (multi-factor authentication) enabled. SaaS applications contain sensitive data. Securing the access to this data in SaaS apps is complicated given the application-specific RBAC (role-based access control) that grants permissions to humans and services. Because security teams can’t see the reality of who can do what with data, SaaS apps are vulnerable to privilege sprawl and risky misconfigurations. The Veza Authorization Platform creates a comprehensive graph of identity-to-data by ingesting and organizing the authorization metadata (RBAC) from SaaS apps, cloud providers, data systems, and identity providers. About Veza Veza is the authorization platform for data security. Identity and security professionals use Veza to modernize access governance for the new data and SaaS apps landscape. By automating the work of finding and fixing excessive permissions on a continuous basis, Veza helps organizations achieve Least Privilege. Veza’s unique approach ingests metadata from any SaaS app or data system, organizes it as an authorization graph, and makes it searchable in real-time. Global enterprises like Blackstone, Wynn Resorts, and Expedia trust Veza to protect sensitive data and automate access reviews. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures. Visit us at veza.com and follow us on LinkedIn, Twitter, and YouTube.

Read More