DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY
CyberArk | March 15, 2023
On March 14, 2023, CyberArk, the world leader in Identity Security, announced advancements to Workforce Password Management. The cloud-based business password management solution from CyberArk allows businesses to capture, store, and manage password-based apps and other secrets in a secure manner. Added features offer administrators with increased flexibility and power to minimize risk and enhance security for web-based applications.
Workforce Password Management is developed for business environments and offers the privacy, availability and security organizations require, including support for current corporate directories and passwordless authentication controls, unlike personal password managers. Some of the new things are:
Application Access Controls Based on Usernames
Support for CAPTCHA-Enabled Web Apps
Enhanced Reporting for User-Added Applications
CyberArk Secure Web Sessions and Workforce Password Management can be used together to further fortify access to critical systems. With the newest release, Secure Web Sessions provides an additional layer of defense called Session Control. Session Control enables administrators to define notification and enforcement rules for specific text fields in business applications that are accessed with credentials stored in Workforce Password Management. For example, administrators can set up a rule to stop users from transferring more than pre-set threshold within their corporate banking applications and notify the IT security team of the attempt.
Gil Rapaport, General Manager, Access Management at CyberArk, said, “Traditional password managers typically lack controls and functionalities that enterprises need to secure end-user credentials, which are constantly targeted by attackers.” He added, “Password management must be dynamic to evolve with attacker innovation. We are continuously investing in new features and functionalities for Workforce Password Management to deliver greater usability, security and control for all users within an organization – from developers and business users to IT administrators.”
(Source – Business Wire)
Founded in Newton, MA, CyberArk is the worldwide leader in identity security solutions. The company is the most comprehensive security solution for any identity, machine or human, across business apps, remote employees, hybrid cloud workloads, and the complete DevOps lifecycle, thanks to its emphasis on privileged access management. The world’s largest organizations entrust CyberArk to help secure their most vital assets.
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
BigID | March 17, 2023
BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks.
Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors.
With BigID's native secrets detection capabilities, organizations can:
Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment
Detect secrets faster and more accurately using patented AI and ML-based data classification techniques
Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure
"Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline."
BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.
DATA SECURITY, ENTERPRISE SECURITY, PLATFORM SECURITY
Prnewswire | April 28, 2023
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, privileged access, secrets and remote connections, is excited to announce the launch of its latest feature, the 24-word recovery phrase. This new and more secure method of account recovery is designed to provide Keeper users with the highest level of protection against emerging threats.
The 24-word recovery phrase replaces the current user-customizable security question and answer recovery method. It serves as a break-glass method of recovering a Keeper Vault in the event that a user forgets their master password. The recovery phrase generates a unique 256-bit AES key that decrypts a copy of the user's 256-bit AES data key. The data key then decrypts each individual record key, which in turn decrypts each vault record.
Keeper has implemented recovery phrases using the same BIP39 word list used to protect crypto wallets. The word list used in BIP39 is a set of 2,048 words used to generate an encryption key with 256 bits of entropy. This method of recovery is commonly used in popular bitcoin and cryptocurrency wallets. Each word in the BIP39 list is carefully selected to improve visibility and make the recovery process less error-prone.
"We are thrilled to introduce this revolutionary new feature to our users," said Darren Guccione, CEO and co-founder of Keeper Security. "At Keeper, we are committed to providing our customers with the most advanced and secure password management solutions available. The 24-word recovery phrase is just one example of our ongoing investment in new and more robust technologies to counter emerging cyber threats."
Users who have security questions enabled on their vaults will be prompted to replace their security answer with a strong 24-word recovery phrase. It is important for users to store this recovery phrase in a safe place such as a physical safe, and not on a computer, phone or other device. To recover the account and reset the master password, users must have the recovery phrase and also provide an email verification code. For users with 2FA enforced, they must additionally pass the two-factor authentication step.
Keeper administrators for business and enterprise accounts have the option of disabling account recovery for their users in the role enforcement policy section of the Keeper Admin Console. Account recovery can be used with SSO-enabled accounts, if enforced by the Keeper administrator.
It is important to note that if a user forgets their master password and loses their recovery phrase, they will not be able to access their Keeper vault. Due to Keeper's zero-knowledge architecture, the Keeper team cannot help recover a lost recovery phrase.
To utilize this new capability, users are encouraged to ensure that all of their Keeper applications are up to date.
For more information about Keeper's password management platform and the 24-word recovery phrase, please visit Keeper's Documentation Portal and Release Notes.
About Keeper Security
Keeper Security is transforming the way people and organizations around the world secure their passwords, secrets and confidential information. Keeper's easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations globally, Keeper is the leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Protect what matters at KeeperSecurity.com.