Web Security Tools, Cloud Security
GlobeNewswire | September 01, 2023
Tenable®, the Exposure Management company, today announced web application and API scanning in Tenable Nessus Expert, new features that provide simple and comprehensive vulnerability scanning for modern web applications and APIs.
Web application and API scanning in Nessus Expert are dynamic application security testing (DAST) features that enable security practitioners to proactively identify and assess web applications and APIs for known vulnerabilities. This includes OWASP Top 10 vulnerabilities in custom application code and known vulnerabilities found in third-party components.
Backed by Tenable Research, Nessus provides broad and accurate vulnerability coverage for web applications and APIs – spanning web application servers, content management systems, web frameworks, programming languages and JavaScript libraries. The result is fewer false positives and negatives, ensuring security practitioners know the true risks in their applications.
“Web applications are under siege and the security practitioners in charge of protecting them face numerous challenges,” said Glen Pendley, chief technology officer, Tenable. “With Nessus Expert – the gold standard in vulnerability assessment – we’re tackling the crux of these challenges head on by widening visibility into web applications and APIs. Whether the apps are running on-prem or in the public cloud, Nessus Expert assesses their exposures and provides security practitioners, consultants and pentesters with actionable results quickly.”
Nessus Expert is the industry’s first vulnerability assessment solution that spans traditional IT assets and the dynamic modern attack surface, including the external attack surface, cloud infrastructure and now, web applications and APIs. This new feature and functionality enables security practitioners to:
Set-up new web app and API scans and easily generate comprehensive results
Rapidly discover known vulnerabilities and cyber hygiene issues using predefined scan templates for SSL/TLS certificates and HTTP header misconfigurations
Identify all web applications, APIs and underlying components owned by a given organization
Confidently and safely scan environments without disruptions or delays
About Tenable
Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.
Read More
Enterprise Security
Yahoo Finance | July 12, 2023
Menlo Security, a leader in cloud security, and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced its partnership. Under the agreement, Carahsoft will serve as Menlo Security’s Public Sector distributor, making its products available to the Public Sector through Carahsoft’s reseller partners and GSA Schedule, NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), National Cooperative Purchasing Alliance (NCPA) and OMNIA Partners contracts.
“We selected Carahsoft as our partner because of their extensive experience in the Federal Government and Public Sector markets,” said Darrin Curtis, Vice President, Public Sector, Menlo Security. “Providing the products that prevent attacks before they can happen is Menlo’s priority. By working with Carahsoft and its reseller partners, we can help ensure our Federal, State, and Local Governments and agencies are secure from attack.”
Earlier this year, Menlo Security received Authorization to Operate (ATO) at the moderate level under the Federal Risk and Authorization Management Program (FedRAMP). Instead of a detect and response approach, Menlo’s FedRAMP-authorized, Isolation Platform, powered by a patented Isolation Core™ stops threats before they can happen. This means safe browsing of all content from anywhere, all the time.
According to DISA’s Requirement and Analysis office, Cloud-Based Internet Isolation (CBII) will improve cybersecurity and avoid $300 million in future spending across the Defense Department. Menlo Security’s isolation-powered platform securely connects users to websites and applications from anywhere, while scaling elastically to meet user demand without sacrificing the user experience.
Today, Menlo Security cloud security solutions are deployed by more than 100 Government agencies, including the United States Department of Defense (DoD), mission partners, international Governments, State and Local Governments, and educational institutions across the United States.
Menlo Security products are designed with a Zero Trust focus. The company’s Cloud Security platform eliminates malware threats, including ransomware. In addition to these threats, Menlo Security has identified a surge in cyberthreats termed Highly Evasive Adaptive Threats (HEAT) that bypass traditional security defenses. HEAT attacks are a very common class of cyber threats targeting the web browser as a highly vulnerable web attack vector used for 75% of the working day. HEAT attacks employ techniques to evade detection by multiple layers in the current security stack including firewalls, Secure Web Gateways, sandboxing, URL Reputation and phishing detection.
“We are pleased to add Menlo Security’s products to our solutions portfolio and offer our customers a modernized, cloud-based approach to cybersecurity,” said Troy Meraw, who leads the Menlo Security Team at Carahsoft. “Together with Menlo Security and our reseller partners, we are committed to helping the Public Sector stay ahead of evolving threats in today’s digital landscape.”
Menlo Security’s cloud-based cybersecurity offerings are now available through Carahsoft’s GSA Schedule No. 47QSWA18D008F, SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042, NCPA Contract NCPA01-86, and OMNIA Partners Contract #R191902.
The dedicated Cybersecurity team at Carahsoft specializes in providing Federal, State and Local Government agencies and Education and Healthcare organizations with security solutions to safeguard their cyber ecosystem.
About Menlo Security
Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s patented Isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. The company is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase.
Read More
Enterprise Security, Platform Security, Software Security
Globenewswire | July 21, 2023
ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, highlights its recent contributions to the OWASP Amass Project in an ongoing effort to give businesses and government entities better visibility to their full external attack surface asset ecosystem. The recent additions to the project from the ZeroFox team provide more advanced tool sets for analysts to discover and catalog their internet-facing assets and exposures. The contributions create a new standard framework to lead the industry in a more cohesive approach to attack surface management.
As organizations face increasingly sophisticated cyber threats, understanding and managing their external attack surface has become paramount. By leveraging its expertise in external cybersecurity, ZeroFox identified a critical gap in the attack surface management landscape and responded by spearheading the development of the Open Asset Model and Asset Database within the OWASP Amass Project.
The Open Asset Model and Asset Database contributions offer security analysts a unified and structured approach to identifying and managing potential vulnerabilities outside the perimeter. The Open Asset Model provides a new standard for asset definitions, representing a comprehensive framework for describing and categorizing diverse internet-facing assets. The Amass community can quickly adapt the model to include new types of assets exposed on the Internet, and their relationships to each other, for more accurate discovery, tracking, monitoring, and management. The Asset Database implements this model, offering the database interaction layer to store discovered assets in the popular sqlite3 and PostgreSQL database management systems. The Asset Database will foster the development of an ecosystem of scanning and analysis tools, allowing them to store and analyze assets from the Open Asset Model and their relationships.
These contributions directly benefit both existing Amass users and the broader attack surface management community in an effort to standardize asset definitions. The new standards now provide the information security community with a consistent and predictable format when transferring data describing external attack surfaces.
"We are thrilled to contribute to the OWASP Amass Project and provide the security community with cutting-edge tools for Attack Surface Management," said Jeff Foley, VP of Research at ZeroFox. "By leveraging the power of open source, we aim to expand access to advanced cybersecurity capabilities, helping organizations proactively defend against emerging threats."
These engineering contributions represent a continued commitment by ZeroFox to the open source community, OWASP, and the Amass Project. ZeroFox will continue to contribute to the Amass Project in an effort to enable the discovery, management, and protection of the external attack surface. By sharing its expertise and resources, ZeroFox aims to foster collaboration and innovation within the information security community, ultimately making the digital landscape safer for all users.
About ZeroFox
ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit www.zerofox.com for more information.
Read More