DATA SECURITY, NETWORK THREAT DETECTION, PLATFORM SECURITY

Pathlock Expands SAP Capabilities with Acquisition of Grey Monarch

Pathlock | September 27, 2022 | Read time : 02:50 min

Pathlock
Pathlock, the leading provider of application security and controls automation for critical business applications, today announced the acquisition of Grey Monarch, a UK-based specialist SAP Partner dedicated to SAP Process Automation. The acquisition will strengthen Pathlock's vision of providing the industry's most complete 360-degree platform for application security and controls automation for the SAP ecosystem.

Since 2008, Grey Monarch has developed expertise in SAP Security, Segregation of Duties, SAP Licence Optimization, SAP Background Processing Automation and Secure Managed File Transfer. With this acquisition, the SAP community will benefit from the very best SAP Process Automation advice, implementation skills, and software and training capabilities, improving levels of security, enhancing their users' experience and streamlining audit, compliance and control procedures.

"It's now more imperative than ever for organizations to utilize a holistic view of user access and privileges so they can be managed, monitored and controlled to ensure the maximum protection of data, business processes and intellectual property," said David Lloyd, Director and Co-Founder, Grey Monarch. "Combining Grey Monarch's capabilities with the Pathlock family of expertise, resources and product portfolio will provide our customers, existing and new, with an unsurpassed visibility into their business applications."

"We're thrilled to complete the acquisition of Grey Monarch. "We continue to see a strong demand for our globally recognized application security and controls automation solutions, and know that with Grey Monarch's specialization in SAP process automation we can continue to enable our global customers to revolutionize the way they secure their sensitive financial and customer data."

Piyush Pandey, CEO of Pathlock

In May 2022, Pathlock announced a $200M capital raise sponsored by Vertica Capital Partners alongside a merger with Appsian and Security Weaver and the acquisition of Belgium-based CSI Tools and Germany-based SAST SOLUTIONS. The company has successfully doubled in size in terms of revenue and employees and is now servicing over 1,400 customers across all major industries on a global scale with offices across the United States, Belgium, the UK, Germany, Israel and India.

About Pathlock
Pathlock is the leader in application security and controls automation. With Pathlock, enterprises can manage all aspects of access governance via a single platform, across applications, including user provisioning, ongoing User Access Reviews, segregation of duties, control testing, and audit preparation. Today, many of the world's most respected, global 2000 companies rely on Pathlock to protect their critical digital assets from financial, operational, regulatory and security threats, ensure corporate compliance and improve performance. Our customers have saved millions in employee productivity, labor costs, audit fees and data loss prevention.

Spotlight

Moving to the cloud presents challenges for any organisation. Fortunately, enterprises of all sizes have already made the move and are sharing lessons they’ve learned along the way. Companies are quickly realising the benefits of an integrated cloud productivity solution and how it improves security, inspires collaboration and s

Spotlight

Moving to the cloud presents challenges for any organisation. Fortunately, enterprises of all sizes have already made the move and are sharing lessons they’ve learned along the way. Companies are quickly realising the benefits of an integrated cloud productivity solution and how it improves security, inspires collaboration and s

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Security Compass Releases New Developer-Centric Threat Modeling Capabilities in SD Elements in Support of New Secure Software Development Guidelines

Security Compass | October 19, 2022

Security Compass, a leading cybersecurity solution provider, today announced the release of SD Elements 2022.3, which offers new capabilities that make it easier for software developers to identify software application security threats and exactly where to implement countermeasures to mitigate the risks. The latest version of SD Elements also includes new security content that allows software development organizations to demonstrate compliance with the latest threat modeling and secure development best practices from the National Institute of Standards and Technology (NIST) referenced in Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity.” The new SD Elements capabilities help organizations comply with the latest NIST software threat modeling and secure development standards, even when security knowledge and availability of security experts is limited. Other benefits include improved collaboration among security, software development, hardware engineering, and DevOps teams, and reduced time and costs associated with software threat modeling and demonstrating compliance with multiple security standards and regulations such as EO 14028 as well as with more than 80 other secure development industry regulations and guidelines. Key updates to SD Elements 2022.3 include: Developer-centric threat modeling diagram enhancements: Surfacing threats is important, but knowing where threats are and how to prioritize and mitigate them is even more important. New threat modeling diagram enhancements help software development and application security teams better understand where the threat exists, which threats to prioritize for remediation first, and exactly where countermeasures should be applied. New customizable dashboards in Advanced Reporting: New dashboards enable application security teams to identify the most prevalent threats and weaknesses across the organization’s software portfolio, as well as perform in-depth analyses of their software security and compliance posture on both a per-project basis, as well as across their entire software portfolio. New security content: New security content helps organizations meet U.S. federal government security requirements in accordance with Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity;” new Ansible infrastructure as code (IaC) and automotive supply chain (UNECE WP.29 / R155) security content helps ensure software development teams have the guidance they need to ensure the code they write complies with secure development best practices. New integrations: The extensive SD Elements integration ecosystem now includes a new integration for Micro Focus Fortify on Demand. New just-in-time training content: 34 new Terraform Infrastructure as Code (IaC) and Payment Card Industry (PCI) Software Security Framework (SSF) just-in-time training micro-modules have been added to the existing library of over 800 just-in-time training micromodules already included in SD Elements. New developer-centric eLearning courses: New eLearning courses for Terraform, PCI SSF, the OWASP top 10, and OAuth Security Fundamentals have been added to the existing library of more than 40 Security Compass eLearning courses focused on application security, operational security, compliance, and secure coding best practices. “The importance of software threat modeling continues to grow. “NIST now recommends that software developers follow secure software development best practices and perform software threat modeling multiple times during development, especially when developing new capabilities. All companies that sell (or want to sell) software to the U.S. federal government, whether directly or through resellers or other channels, must comply with EO 14028 by September 15, 2023, and should therefore quickly begin assessing their compliance with the latest NIST guidance and develop action plans to address any gaps.” Trevor Young, Chief Product Officer, Security Compass For more details about the latest capabilities in SD Elements, click here, or register to attend the upcoming webinar, “How to Speed Up Software Threat Modeling, Threat Remediation, and NIST Software Supply Chain Security Compliance” on Nov. 16, 2022 at 1:00pm ET. About Security Compass Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries.

Read More

DATA SECURITY, PLATFORM SECURITY, SECURITY AUDIT AND COMPLIANCE

Skybox Security Unveils Industry's First SaaS Solution for Security Policy and Vulnerability Management Across Hybrid Environments

Skybox Security | October 12, 2022

Skybox Security today announced the next generation of its award-winning Security Posture Management Platform – including the industry's first Software-as-a-Service (SaaS) solution for Security Policy and Vulnerability Management. Propelling its global customer base into the next era of proactive cybersecurity, major innovations advance its platform that continuously tests attack feasibility, exposure, remediation options, and compliance across hybrid environments. "Today, we're delivering on our mission of building the world's leading Security Posture Management platform. "Skybox equips customers with the hybrid network modeling, path analysis, and automation they need to reduce the risk of a significant data breach by 55%. Our latest innovations are significant for customers that deploy on-prem, as well as customers that will benefit from our new SaaS solution. The new Skybox Cloud Edition offering capitalizes on the speed, scale, innovation, and productivity benefits powered by the cloud to drive the pursuit of broader digital business opportunities." Skybox Security CEO and Founder Gidi Cohen Expansion into Cyber Asset Attack Surface Management Challenging the status quo through a dynamic, fresh approach to Cyber Asset Attack Surface Management (CAASM), Skybox visualizes all assets through API integrations, identifies and prioritizes vulnerabilities using proprietary threat intelligence, sees gaps in security controls, and automatically provides remediation options. In addition, significant advancements to the proprietary Skybox network model enable customers to dynamically model operational technology, IT, and hybrid cloud environments – including all networking and security data related to a specific asset. According to Gartner Research: "CAASM enables security teams to improve basic security hygiene by ensuring security controls, security posture, and asset exposure are understood and remediated. Organizations that deploy CAASM reduce dependencies on homegrown systems and manual collection processes, and remediate gaps either manually or via automated workflows. Organizations can visualize security tool coverage, support attack surface management (ASM) processes, and correct systems of record that may have stale or missing data."1 Industry's first solution to automatically map vulnerabilities to malware type Skybox also introduced the industry's first Security Posture Management solution that connects Vulnerability Management with Threat Hunting. Building on its Exposure Management process that emphasizes publicly known vulnerabilities and identifies control gaps, Skybox now also associates vulnerabilities to malware by name, category, and distinct classes – including ransomware, Remote Access Trojans (RATs), botnets, cryptocurrency miners, trojans, and more. "Executives and board members want to know if their cybersecurity teams are staying ahead of the latest celebrity malware such as TrickBot, REMCOS, FormBook, AZORult, Ursnif, Agent Tesla, and NanoCore," said Ran Abramson, Threat Intelligence Analyst, Skybox Research Lab. "Powered by Skybox threat intelligence, CISOs have automated analysis that can prove they retired millions of malware and exploits. No other cybersecurity solution can provide customers with our advanced vulnerability prioritization and threat trend reporting." Expanded integrations eliminate complexity, reduce administrative burden, and provide more effective cybersecurity With over 150 integrations, Skybox Security is the only solution that builds an extensive model of a customer's unique hybrid environment, including all of the customer’s L3 devices. Expanded integrations include: Amazon Web Services (AWS): Expanded cloud capabilities include support of AWS firewalls in distributed mode. Reduce risk while validating compliance by eliminating permissive, obsolete, shadowed, and redundant rules. Cisco Application Centric Infrastructure (ACI): Adding new capabilities to its Cisco ACI integration, Skybox now delivers granular visibility into ACI Fabric tenants across spanning networking, micro-segmentation policies, and device attributes. Palo Alto Networks Prisma Cloud: Furthering its commitment to shift-left security practices, vulnerabilities in container images across DevOps toolchains can now be identified and prioritized for remediation via the Skybox multi-factor risk scoring algorithm. Skybox Cloud Edition accelerates customer value with increased flexibility, scalability, business agility, and resiliency Skybox Cloud Edition delivers the capabilities of the Skybox Security Posture Management Platform in a Software-as-a-Service (SaaS) offering to unlock additional business agility and resiliency benefits. First SaaS solution for Security Policy Management: Leapfrogging the competition, Cloud Edition capabilities reduce software installation maintenance tasks. Streamlined licensing and deployment are designed to meet customer demand. Advanced Vulnerability and Exposure Management: With the industry's most flexible deployment options for Vulnerability and Exposure Management (both on-premises and SaaS versions), customers can select the deployment model that aligns with their corporate and regulatory requirements. Limitless scalability: Manage security policies, prioritize vulnerabilities, and remediate exposures across the most complex on-premises, cloud, operational technology (OT), and hybrid environments. Automate, verify, and operationalize risk reduction. Faster deployment options: Cuts deployment time and reduces the need for procuring hardware, performing testing, and installing updates – enabling customers to unlock value faster. Customers with vast, global environments will reap huge benefits due to the size and diversity of their attack surface. Instant automatic updates: Customers benefit immediately from the latest product innovations and platform updates. Upgrades are much less disruptive, with no need for change management resources. Seamless, automated upgrades are critical given the dynamic threat and regulatory landscapes. Guaranteed availability: The solution is hosted in AWS for outstanding stability, performance, and guaranteed availability. Additionally, 24/7 monitoring of the tenants, across both the Network Operations Center (NOC) and Security Operations Center (SOC), maintains optimal network performance and performs real-time analysis for continuous threat mitigation. About Skybox Security Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics, and automation to quickly map, prioritize and remediate vulnerabilities across your organization. The vendor-agnostic solution intelligently optimizes security policies, actions, and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Neosec Introduces Automated Tokenization to Enable Full API Visibility Without Exposure of Sensitive Data

Neosec | November 16, 2022

Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to enable organizations to fully see and store API data, removing the possibility of keeping sensitive data at-rest. Today, many organizations are blind to the threats lurking within their API traffic. Even worse, organizations are forced to implement basic logging of its API traffic that doesn't contain the meaningful information about who accessed, what records were accessed or manipulated and how. There exists a justified fear of logging sensitive data or being out of compliance, and with the lack of technology that can perform it at scale, they prefer to log with low fidelity. Those logs tell you that "somebody modified or accessed a record" but typically don't disclose who accessed it, which record, or what action was performed. This decision also results in a downstream issue of "insufficient logging", which is noted by the Open Web Application Security Project as one of the top security problems in its 2021 OWASP API Top 10. "Insufficient logging" is poor for incident forensics and, in practice, means that you can't detect abuse or investigate a case, even if you know it happened. Tokenization is the process of substituting a sensitive data element, like a credit card number, for a non-sensitive equivalent that has no intrinsic or exploitable value or meaning. Neosec's automated tokenization is part of its 'privacy by design' philosophy and is already deployed successfully at customers around the world in financial services, insurance and hospitality companies among others. The process allows retaining tokenized API activity data for the purposes of performing true behavioral analytics over time, ensures that sensitive data is never stored at rest, and enables only the customer to de-tokenize, based on the strictest data privacy practices. "Solving API security starts with basic visibility and the ability to see how the APIs are used. The problem is that virtually every company logs API activity with low fidelity that doesn't enable this basic visibility. "In order to perform true behavioral analytics and investigate cases you must store and examine historical data. But if this analysis is performed on un-tokenized data you risk storing PII and creating compliance issues. Neosec successfully retains all API activity data, in the highest fidelity, and ensures it meets data privacy standards." Giora Engel, co-founder and chief executive officer, Neosec This focus on data and the visibility it brings is what previously defined the creation of the EDR (Endpoint Detection & Response) security space. "Trying to implement API security without enabling basic visibility of activity is like going back to the antivirus age before the advent of EDR. Visibility into API activity allows you to detect threats, understand behavior, investigate and remediate" said Engel. The Neosec API security solution discovers and maintains an up-to-date inventory of all APIs in use by an organization and then uses machine learning and behavioral analytics on tokenized data to find fraud and abuse by third parties and attackers. Neosec also enables proactive API threat hunting and investigations without storing any sensitive data. The automated API data tokenization is now a capability of the Neosec platform and is fully available. There is no extra cost for use of this unique capability. About Neosec Neosec is re-inventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities together with a team of expert threat hunters. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel.

Read More