Veza | July 20, 2022
Veza, the data security platform built on the power of authorization, announces today that the company has entered a partnership with Google Cloud, including product integration that enables Google Cloud customers to harness the capabilities of Veza’s data security platform across their multi-cloud ecosystem.
Veza, which recently launched in April 2022 after two years of building in stealth, makes it easy to understand, manage, and control who can and should take what action on what data. With this new integration, Google Cloud customers can now directly access the capabilities of Veza’s authorization-based data security platform integrated with Google Cloud Policy Analyzer to identify, manage, and control external identities and service accounts to Google Cloud services (Looker, BigQuery, and more). This partnership furthers the relationship between Google and Veza, which began in 2021 when GV led the Series B investment in Veza and GV Partner Karim Faris joined Veza Board of Directors.
“The cloud is quickly becoming the primary footprint for organizations. By prioritizing and investing in security, Google Cloud has earned a differentiated position in the market,” said Tarun Thakur, Co-founder and CEO, Veza. “The initial product integration between Veza and Google Cloud, publicly demonstrated at the Google Cloud Security Summit in May this year, is a powerful example of how intelligence from Veza’s Authorization Graph can bolster the data security of Google Cloud customers. It shows how identity-to-data relationship insights from the Veza platform can be pulled directly into the Google Cloud Policy Analyzer, allowing customers to secure both Google Cloud data (Looker, BigQuery, Google Storage Buckets, etc.) to which multi-cloud identities (AD, Azure AD, Okta, etc.) have permissions and multi-cloud data (AWS, Snowflake, etc.) that is being accessed by Google Cloud identities.”
“Securing cloud environments and data from cybercrime and threats is a key priority of organizations across the globe. “With Veza’s platform now available alongside Google Cloud’s secure and global infrastructure, customers will be able to quickly deploy the solutions they need to better understand, control, and securely take action on their data across their multi-cloud environments.”
Sunil Potti, General Manager and Vice President, Cloud Security, Google Cloud
Veza’s data security platform aggregates identity information from humans, service accounts, and cloud IAM entities, and authorization data from apps and data systems, giving organizations a centralized, SaaS-based control plane to visualize, manage, and control data access controls through Veza’s Authorization Graph. Veza integrates with cloud identity providers, SaaS and custom apps, and data systems, and translates system-specific entitlements and permissions into a common, human-understandable business language, visualized in the platform as effective permissions. The platform brings a novel approach to data security by enabling organizations to address key data security use cases across access reviews and certifications for SaaS apps and data systems, privileged access management to data and apps, data lake security and governance, management of cloud entitlements, and much more. It delivers prioritized insights, provides access workflows, and actionable recommendations for remediation of over-privileged accounts, enabling security and IT teams to correct anomalies and right-size their organization’s permissions to protect against ransomware and other data breaches.
As organizations continue to adapt to the evolving demands of hybrid remote and in-office work, multi-cloud and hybrid-cloud environments — those with multiple providers of disparate data, app, compute, and infrastructure systems — are becoming the norm. According to the Flexera 2022 State of the Cloud Report, 89% of companies surveyed are multi-cloud, with only 2% operating in single private clouds and 9% in single public clouds. This trend is leading to a distributed web of data, relationships, and access points that are changing and difficult to track and secure.
Veza and Google Cloud already have a number of joint customers deployed across the industries of SaaS software, marketing technology, and media, including Vox Media.
“To support Vox Media’s growth and increasing M&A activity without compromising security, we need to ensure that across all of our brands, the right users have access only to the data they need access to, and that we have full visibility over what they can do with that data,” says Ateeb Ahmad, Senior Director, IT Infrastructure, Vox Media. With Veza and Google Cloud working together, we’ve been able to seamlessly manage access controls over our data for our largest merger to date, and tightly scope identity-to-data permissions even as our footprint with Google Cloud and other technologies grows.”
“The greatest gifts of the multi-cloud and the generational architectural shift of the modern data systems are also its greatest risks: securing data, scalability, flexibility, and seamless collaboration,” says Thakur. “When organizations enable workers to reach from one cloud to another to leverage data across their entire multi-cloud ecosystem, they foster growth, enable more intelligence, and promote agility. However, such apps and data systems are also more porous and are at increased risk of cybercrime and ransomware. We purpose-built Veza’s Core Authorization Platform for the multi-cloud so that organizations can implement strong access governance policies - Veza continuously evaluates these policies and enables both automated workflows for access reviews, automated access removal for toxic and stale combinations, and facilitates access grant and request for any app, data, and service.”
Veza is the data security platform built on the power of authorization. Our platform is purpose-built for hybrid multi-cloud environments to help you use and share your data safely. Veza makes it easy to understand, manage, and control who can and should take what action on what data. We organize authorization metadata across identity providers, data systems, cloud service providers, and SaaS applications — all to address the toughest data security challenges of the modern era. Founded in 2020, the company is funded by top-tier investors including Accel, Bain Capital, Ballistic Ventures, Blackstone, GV, Norwest Venture Partners, and True Ventures
DATA SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS
Phosphorus | September 26, 2022
Phosphorus, the leading provider of advanced and full-scope security for the extended Internet of Things (xIoT), today announced a partnership with Dewpoint. The IT and security solutions provider will act as a value-added reseller (VAR) for Phosphorus in the US market.
The new partnership will see the two companies jointly delivering a new generation of xIoT security solutions in the US to meet growing enterprise demand for xIoT attack surface management and remediation capabilities.
“xIoT security is a critical need for today’s enterprises, and these risks are left unaddressed by traditional IT security solutions. We look forward to working with Dewpoint to help expand our US sales channels and bring the world’s most advanced xIoT security platform to more organizations.”
Kal Gajera, Director of North America Channels at Phosphorus
Phosphorus’s Extended Enterprise xIoT Security Platform is the world’s first and only automated security platform capable of delivering xIoT Attack Surface Management, xIoT Hardening, and Remediation, and xIoT Detection and Response across the full range of IoT, OT, and Network-connected devices—spanning both new and legacy devices. This enables large organizations to scale xIoT technologies (which can amount to millions of devices per organization) without having to add any additional employees to find, fix, and monitor them.
Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things across the enterprise xIoT landscape. Our Extended Enterprise xIoT Security Platform delivers Attack Surface Management, Hardening & Remediation, and Detection & Response to bring enterprise xIoT security to every cyber-physical Thing in your enterprise environment. With unrivaled xIoT discovery and posture assessment, Phosphorus automates the remediation of the biggest IoT, OT, and Network device vulnerabilities—including unknown and inaccurate asset inventory, out-of-date firmware, default credentials, risky configurations, and out-of-date certificates.
Dewpoint has been bringing business and technology together since 1996. We make sure technology is solving all your business problems, providing transparency of spend for executives, and enhancing collaboration and flexibility. As the IT industry and businesses continue to change, Dewpoint provides the thought leadership and industry expertise to offer a new level of services in project management, digital innovation, infrastructure, security, cloud, and a range of tailored professional and managed service solutions for all our clients.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Traceable AI | September 02, 2022
Traceable AI, the industry's leading API security and observability company, today announced the general availability of its API Security Testing (xAST) solution in its API Security Platform. This comprehensive and seamless testing ability enables any API in pre-production to be tested for vulnerabilities, accuracy, reliability, and overall security — ensuring organizations are aligned with the highest API security standards before releasing APIs into production.This announcement reinforces Traceable's commitment to helping organizations ensure the highest level of API security throughout the entire software development lifecycle (SDLC).
Traceable's API Security Testing offering is built to make the testing of APIs fast, easy, and a seamless experience for both development and security teams. It supports organizations' shift left initiatives, including providing remediation insights from runtime back to development, so developers can further harden their APIs. It is API focused providing complete vulnerability analysis that leverages functional testing, as well as API DNA and user attribution for improved detection and coverage. It offers extensive coverage for the OWASP API top 10, top CVEs (such as Java, Go, Node JS, AuthN, AuthZ, and many more), business logic vulnerabilities, and sensitive data exposure. Uniform API testing is based on dynamic payloads for standard tests, and dynamic Traceable payloads for business logic vulnerabilities such as BOLA – all with virtually zero false positives. Its DevSecOps focus enables companies to identify API security gaps between prod and pre-prod, perform fast scans for actionable results in CI/CD pipelines, scan at a granularity from every pull request with API spec changes, and utilize integrations with application security tools, including SCA, SAST, DAST and IAST.
"Because of our comprehensive approach to API security, the testing component was the logical evolution. It is key to enable development teams to identify security weaknesses and vulnerabilities in the build itself, in addition to the capability of providing runtime insights back to development teams, so they can further harden their APIs. "It's an important step to enable teams to seamlessly fit API security testing into their development cycles. It is based on a simple logic: prevent breaches by eliminating the flaws at the very beginning."
CTO of Traceable AI, Sanjay Nagaraj
Traceable's API security testing is built to both reduce the risk of vulnerable APIs early in the SDLC, and enable development teams to move fast. Additional benefits include:
Eliminating the Risk of Vulnerable APIs: Find and fix API vulnerabilities early in the SDLC.
Cost Reduction: Reduce costs associated with finding vulnerabilities in APIs in production.
Rapid Scans that Maintain the Speed of Innovation: With Traceable, development teams can perform fast scans with virtually no change in dev-release cadences – eliminating friction for both dev and security teams.
Comprehensive Reporting: Traceable produces a "scan summary" report of vulnerabilities found while testing the APIs. This includes the OWASP API top 10 vulnerabilities, language and library vulnerabilities like Log4shell, misconfigurations, data exposure, and broken authentication/authorization. The information, including CVSS/CWE scores for overall risk assessment and recommendations for remediation is provided to development and security teams, so they can correct the security issues in APIs before those APIs are pushed to production.
Operational Effectiveness: Traceable's API security testing is easy to deploy and reduces complexity, with numerous CI/CD and appsec tooling integrations that allow for operational effectiveness. It also enables targeted API security testing which takes actual payloads from real time traffic into account for a concise set of actionable findings.
Extensive and Effortless Integrations: Traceable allows for numerous integrations with CI/CD pipelines, notifications, ticketing and application security testing solutions.
"Whether an API is in the development cycle or is in production, being accessed by thousands of users, Traceable's API Security Platform protects companies' most vulnerable attack vector from threats at every juncture" added Nagaraj.
About Traceable AI
Traceable is the industry's leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire development lifecycle. Visual depictions provide insight into user and API behaviors to understand anomalies and block API attacks, enabling organizations to be more secure and resilient.