DATA SECURITY

Neosec Integrates its API Security Platform With Kong's API Gateway to Protect Enterprises from Business Abuse, Fraud and Data Theft

Neosec | December 07, 2021

Neosec_Integrates
Neosec, the pioneer in discovering and protecting APIs using behavioral analytics, today announced that it has formed a strategic partnership with Kong Inc. to integrate its API security platform with Kong Gateway to provide a complete enterprise-class solution for managing and securing APIs and microservices. Kong provides the world's most popular API gateway, built for hybrid, multi-cloud environments optimized for microservices and distributed architectures. Neosec enables Kong customers to easily gain enterprise API security capabilities to protect their critical business processes. Neosec continuously discovers all APIs, and using API behavioral analytics, detects abuse and automatically orchestrates conditional responses on specific consumer entities into the Kong API gateway. The technology integration is the first API security solution with closed loop feedback into an API gateway.

"As more enterprises embrace digital transformation initiatives and expose APIs, core aspects of business processes are increasingly put at risk. In this modern environment, API security cannot only create alerts for a security team to evaluate, but it must also work with existing API technologies in creating automated responses,Our strategic partnership with Kong enables the platforms to natively work together using their existing Kong Gateway Enterprise deployment without requiring any changes to the production pipeline."

Giora Engel, chief executive officer, Neosec

With this integration, Kong Gateway provides an excellent way to manage the complexities of deploying and using APIs, while the Neosec platform augments the security posture with API discovery, risk assessment, and AI-powered behavioral analysis, detection and response. As a result of security incidents, the Neosec integration automatically creates security policies in Kong Gateway and enables automated responses. Kong Gateway includes API authentication, authorization, logging, traffic control, caching and administration. Neosec ingests access logs from popular technologies like CDNs, Web app firewalls and API gateways. The Neosec platform enables API discovery and automatically flags meaningful anomalous behaviors within them. The combined solution enables enterprises to embrace the power of digital business while minimizing the risks without any changes to the production pipeline.

"The stakes for API exposure continue to climb as companies rely more heavily on open infrastructure and connecting applications, systems and data with each other as well as  with customers and partners," said Reza Shafii, vice president of products at Kong Inc. "We are excited to partner with Neosec and have its platform natively integrated with Kong Gateway and exclusively available to our customers with an Enterprise subscription. Offering the world's most popular API gateway and the leading service connectivity platform, Kong has vastly eased the burden of using microservices and APIs for distributed applications, and the combined solution now more fully addresses the risks and exposure running within APIs."

Neosec is strategically forming technology partnerships with leading providers of digital business infrastructure including CDNs and API gateways and management solutions. Neosec API Security is available for all Kong enterprise customers to protect their existing APIs.

About Kong Inc.
Kong creates software and managed services that connect APIs and microservices natively across and within clouds, Kubernetes, data centers and more using intelligent automation. Built on an open source core, Kong's service connectivity platform enables digital innovation by allowing organizations to reliably and securely manage the full lifecycle of APIs and services for modern architectures, including microservices, serverless and service mesh. By providing developer teams with unprecedented architectural freedom, Kong accelerates innovation cycles, increases productivity, and seamlessly bridges legacy and modern systems and applications.

About Neosec
Neosec is reinventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security.

Spotlight

Forrester Research, Inc. evaluated Aprimo among the 14 most significant DAM providers based on 28 criteria. Aprimo received the highest scores possible in 20 criteria, including Metadata & Taxonomy, Workflow & Approvals, Content Performance Analytics, Scalability, and Product Vision.

Spotlight

Forrester Research, Inc. evaluated Aprimo among the 14 most significant DAM providers based on 28 criteria. Aprimo received the highest scores possible in 20 criteria, including Metadata & Taxonomy, Workflow & Approvals, Content Performance Analytics, Scalability, and Product Vision.

Related News

DATA SECURITY

Cyware Achieves SOC 2 Type 2 Compliance for Data Security

Cyware | June 24, 2022

Cyware, the industry's leading provider of the technology platform for building Cyber Fusion Centers for businesses and threat intelligence sharing for ISACs and ISAOs, announces the successful completion of the System and Organization Controls (SOC) 2 Type 2 Audit for the trust services criteria relevant to Security ("applicable trust services criteria") set forth in TSP section 100, Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Integrity, Confidentiality, and Integrity, Confident (AICPA, Trust Services Criteria). The result demonstrates the company's dedication to the highest levels of data protection. The American Institute of Certified Public Accountants (AICPA) developed SOC 2 as a reporting framework that establishes guidelines for Software-as-a-Service (SaaS) enterprises that manage customer and user data. The accreditation confirms that the organization's internal systems and controls are in ongoing conformity with the SOC 2 audit criteria. Schellman & Company, a worldwide-recognized attestation and compliance services provider, performed the audit for Cyware. “Commitment to the highest levels of data security has always been one of our foremost business priorities. The SOC 2 Type 2 certification process is not easy to achieve but our team was fully committed and prepared to ensure we check all the required boxes. The new milestone will further strengthen the confidence of our current and future customers in our robust compliance with industry benchmark data security standards including SOC 2 (Type 1 and Type 2) and ISO/IEC 27001:2013.” Anuj Goel, CEO, Cyware Cyware unifies previously compartmentalized security operations, allowing firms to more efficiently automate and exchange threat data, as well as cooperate on threat response inside their security divisions and with other enterprises within their network.

Read More

INFOSEC PROJECT MANAGEMENT

CyberCube Partners With Kroll to Launch Response Service

CyberCube | May 31, 2022

CyberCube, a supplier of cyber risk analytics, has developed CAERS, a new cyber incident response service for customers of the company's SaaS products. CyberCube will collaborate with Kroll, the premier supplier of data, technology, and insights linked to risk, governance, and growth, to offer CyberCube's customers information and assistance on important cyber aggregation events via the Cyber Aggregation Event Response Service (CAERS). Kroll will deliver frontline risk information derived from thousands of incident response cases handled each year. Following a large cyber disaster, the CAERS team will provide the most recent information to CyberCube's customers, while CyberCube's SaaS tools, including Broker Manager, Account Manager, and Portfolio Manager, will aid in the reaction to any developing cyber calamity. “With cyber events becoming increasingly common, the speed and accuracy with which organisations respond to them is critical. That’s why we’ve launched this response service, specifically tailored to CyberCube’s growing client base. The pressure on our clients during a major cyberattack can be extreme. With CAERS, our team—comprising data scientists, actuaries, engineers, economists and cyber security experts—will become an extension of our clients’ teams, providing the updates they need and sharing both our expertise and data.” Darren Thomson, CyberCube’s Head of Cyber Intelligence Services Benedetto Demonte, Chief Operating Officer for Kroll’s Cyber Risk practice, said: “We’re pleased to be contributing to CAERS because effective incident response depends on the most current and relevant threat intelligence available. In our most recent Threat Landscape Report, we saw a 356% growth in the number of attacks quarter-on-quarter where the infection vector was a zero-day or freshly announced software exploit. Ransomware groups have also been found to be leveraging newly announced vulnerabilities just days after release. It is only with access to frontline intelligence that firms can prioritize resources, mitigate the risk of a cyberattack and react appropriately if the worst happens.”

Read More

SOFTWARE SECURITY

Bugcrowd Launches Reseller Partnership with SocialProof Security

Bugcrowd | June 27, 2022

Bugcrowd, the market leader in crowdsourced cybersecurity, announced today a strategic reseller collaboration with SocialProof Security, advancing the organization's objective to keep clients ahead of growing cyber threats. As part of the cooperation, Bugcrowd will resell SocialProof Security's services, including social engineering prevention training, protocol and practitioner seminars, and penetration testing. In addition to reselling social engineering services, Bugcrowd continues to innovate and invest in its award-winning Security Knowledge Platform, which provides the most comprehensive suite of security solutions such as bug bounty, vulnerability disclosure programs, attack surface management, and pen testing as a service. Bugcrowd, for example, allows consumers to buy pen tests from a single supplier for any sort of use case, from basic assurance of simple web apps and networks to continuous testing of cloud services and APIs, and now, social engineering. Due to their friendly hacker approach to boosting customer defenses against human-based assaults, SocialProof Security and CEO Rachel Tobac, the market leader in social engineering prevention services, have gained prominence. Twitter, PayPal, Uber, Prudential Insurance, Cisco Systems, WhatsApp, NATO, and the US Air Force are among the noteworthy clients of SocialProof Security. "We are excited to work with Bugcrowd on this reseller partnership as we move forward with our aligned mission to arm organizations with a proactive means to reduce social engineering risk through education, identity verification protocol improvements, technical tools, and measuring those updates with social engineering penetration testing. The majority of cyber attacks now start with some element of social engineering—manipulating people to take actions that could harm organizations. This partnership illustrates the priority Bugcrowd places on actionable and measurable social engineering risk mitigation in a well-rounded security program," said Tobac. "Even with current elevated threat levels, many organizations are surprisingly unprepared for the threats from social engineering attacks, as we repeatedly find low awareness across organizations, outdated or inconsistent identity verification, and limited practitioner skill sets. Fortunately, taking a multidimensional approach that combines prevention training and tools, human-based protocol updates, and pen testing can dramatically reduce the risk of social engineering attacks. We look forward to bringing this innovative solution to market as a part of our services." Ashish Gupta, CEO of Bugcrowd SocialProof specializes in defending against social engineering attacks, in which attackers deceive workers in order to get personally identifiable information (PII), passwords, and unauthorized access to accounts, money, or other sensitive information. Common attack vectors like phishing, impersonation, and pretexting can be used to carry out such manipulation. In fact, respondents to ISACA's 2021 State of Cybersecurity Survey rated social engineering as the #1 cyber threat.

Read More