DATA SECURITY

ProtectedBy.AI to Launch a unique Defence system Against Cyberattacks

ProtectedBy.A | June 09, 2021

A world leader in artificial intelligence driven solutions, ProtectedBy.AI, is launching CodeLock. This has been designed as its patented revolutionary approach to prevent insertion attacks that may occur in a software supply chain.

The recent cyberattacks with Colonial Pipeline, with SolarWinds, and JBS have destroyed many organizations globally. Globally, including the attacks on multiple U.S. government agencies could have prevented by using CodeLock™.

CodeLock™ has the competence to stop the most dangerous and latest criminal malware. CodeLock's™ revolutionary approach creates an inviolable network of security sensors that can be embedded into any software running on an organization's servers and systems.

CodeLock™ perfectly protects each line of produced code. From minor utility functions to multi-million-character functioning systems, CodeLock™ can save any software from attacks and threats. The two primary dimensions of CodeLock™ are a Developer Interface and an Alert Monitor.

According to president and co-founder of ProtectedBy.AI, Brian Gallagher, creative new forms of cyberattacks, ransomware, and malware are becoming more and more common globally. He also said that they have created a defence technology for automating detecting process of an attack. CodeLock™ is becoming a critical component in making all the organizations cyber safe.

About ProtectedBy.AI

ProtectedBy.AI makes solutions that protect and advance the security and economic objectives of countries and companies incorporating human intelligence in it. ProtectedBy.AI is well known in providing effective solutions and has served a wide range of organizations such as Central Intelligence Agency (CIA), Department of Homeland Security, and United States Department of Defence.

Spotlight

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

Spotlight

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Spin.AI Expands SpinOne Platform with New SaaS Security Capabilities: SaaS SPM, SaaS DLP and SaaS Ransomware Protection

Businesswire | April 20, 2023

Spin.AI, developer of the SpinOne SaaS security platform for mission-critical SaaS apps, today announced the significant expansion of its platform with new solutions to help enterprises proactively respond to the growing challenge of protecting SaaS data. This includes new capabilities around SaaS security posture management (SSPM), SaaS data leak prevention and data loss protection (SDLP), and SaaS ransomware detection and response (SRDR), as well as new integrations with JIRA and ServiceNow, and backup support for Slack. "The rising adoption of mission-critical SaaS applications, such as collaboration tools and CRMs, has resulted in a massive amount of new SaaS data that must be safeguarded for compliance, regulatory, and business continuity purposes,” said Dmitry Dontov, CEO and founder of Spin.AI. “The most recent enhancements to the SpinOne platform protect SaaS applications, automate manual processes, and minimize business downtime for organizations that rely on SaaS apps and SaaS data. With SpinOne, teams can reduce the time it takes to identify and remediate SaaS application risks from days and months to minutes and seconds." SpinOne is an all-in-one, SaaS security platform that protects SaaS data for mission-critical SaaS applications, including Google Workplace, Microsoft 365, Salesforce and now Slack, by delivering full visibility and fast incident response. It eliminates fundamental security and management challenges associated with protecting SaaS data by reducing the risk of data leak and loss, saving time for SecOps teams through automation, reducing downtime and recovery costs from ransomware attacks, and improving compliance. The new platform updates include: SSPM (SaaS Security Posture Management) – Offers automated security operations to help companies quickly detect and respond to misconfigurations while also providing inventory and assessment of unsanctioned third-party apps and extensions. This reduces security and compliance risks while minimizing manual workloads. SpinOne provides full visibility and control over SaaS apps, Cloud apps, Mobile apps, and browser extensions with OAuth access to collaboration tools. Additionally, SpinOne provides access to a database of 300,000+ apps and extensions assessed by its AI-driven algorithms, reducing risk assessment time from months to seconds. SaaS DLP (SaaS Data Leak Prevention and Loss Protection) – Mitigates unauthorized access to sensitive SaaS data with configurable access management and advanced reporting. Recovers lost data in a matter of minutes or hours (instead of the typical weeks or months) with integrated, automated SaaS backup and rapid incident response. SaaS Ransomware Detection and Response – Quickly detects and responds to in-progress ransomware attacks, minimizing downtime from an average of one month to up to 2 hours and preventing further encryption. Provides 24/7 ransomware monitoring and automated incident alerting, and can recover SaaS data in minutes, reducing recovery costs by 90%. This patented technology gives organizations the unique capability to limit files impacted and avoid throttling and API limits on recovery. JIRA and ServiceNow – Integrates with JIRA and ServiceNow to create alerts and incidents automatically, streamlining security operations processes for enterprise teams by eliminating the need for manual alert creation. SpinOne for Slack – Helps protect an organization’s Slack channels and messages to meet data protection and compliance requirements, ensure business continuity, and decrease recovery costs. You can easily set up automated 3x a day backup of your Slack data on AWS, GCP, Azure or BYOS. Enterprises use multiple point products to meet their security requirements, making it challenging to manage various dashboards, invoices, and support channels. Consequently, enterprises are consolidating on platforms that address significant issues in a single solution. This all-in-one SaaS security solution is what SpinOne provides. SpinOne can efficiently substitute existing vendors or complement an enterprise’s existing security stack, reducing overhead and complexity. “SaaS applications, such as Google Workspace and Microsoft 365 for example, have a significant number of controls and configurations,” said Davit Asatryan, Director of Product at Spin.AI. “One of the biggest challenges administrators face is configuring these applications for the best security posture. This new SpinOne update delivers the visibility needed to better understand configuration issues, set better policies, and respond faster, while aligning with existing regulations such as NIST, ISO, and SOC 2.” SpinOne protects the SaaS applications enterprises use on a daily basis, reducing the risk of downtime due to business disruptions, ensuring business continuity, and improving compliance. For more information including a deeper technical overview of the new SpinOne capabilities, please visit www.spin.ai/platform/spinone or request a demo at www.spin.ai/demo. About Spin.AI Spin.AI is a SaaS security company protecting enterprises against the risk of shadow IT, data leak and loss, ransomware, and non-compliance. SpinOne, the all-in-one SaaS security platform for mission-critical SaaS apps, protects SaaS data for Google Workspace, Microsoft 365, Salesforce, and Slack. SpinOne provides SaaS security posture management, SaaS DLP, and SaaS ransomware protection for more than 1,600 organizations worldwide to reduce downtime and recovery costs, improve compliance, and save time for SecOps teams. For more information, please visit: https://www.spin.ai/

Read More

DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

CertiK Launches Skynet for Community Web3 Due Diligence Tool

Globenewswire | April 04, 2023

CertiK, the leading provider of blockchain security solutions, is excited to announce the launch of Skynet for Community, an all-in-one security, due diligence, and insights platform for the Web3 ecosystem. Skynet for Community empowers users, investors, and community members to make informed decisions about Web3 projects by providing a comprehensive set of tools for research, analysis, and monitoring. With thousands of Web3 projects creating millions of points of data every day, it's easy to get lost in the noise. Skynet for Community’s rich data-driven insights help users to discover new projects, conduct due diligence on projects of interest, and keep up to date on the latest news and developments in the Web3 space. The platform aggregates a vast amount of data into Web3's most accessible due diligence tool. Skynet for Community puts security front and center, with the Security Leaderboard ranking projects according to their Security Score and market performance. The Verified Teams (KYC) Leaderboard lists and ranks projects based on the status of their CertiK KYC Badge, which is awarded to project teams that undergo a rigorous background investigation. Skynet for Community evaluates the security of Web3 projects through both manual and automated measures. The platform covers the majority of all Web3 projects using transparent metrics, regardless of their relationship with CertiK. Manual Signal Scores are determined by CertiK’s research analysts and security experts, who evaluate factors such as the quality of whitepapers, documentation, and other fundamental aspects of the project. Automatic Signal Scores are calculated in real-time by the underlying software and monitoring systems, which evaluate website cybersecurity, security incidents, and other factors. The signals are weighted based on their severity or potential impact, and the aggregate of qualitative and quantitative insights makes up the project’s final Security Score. Skynet for Community also includes tools such as Exchange Analyzer, which allows users to conduct due diligence on centralized exchanges by displaying their on-chain asset holdings; Skynet Alerts, a system that provides timely notifications on rugpulls and exploits in the cryptocurrency space; and Wallet Analyzer, which provides insights on wallet addresses and makes it easy to visualize and decipher on-chain transactions between wallets. "Skynet for Community is a revolutionary product that leverages CertiK's expertise in blockchain security to provide an independent, transparent, and comprehensive evaluation of Web3 projects," said Professor Ronghui Gu, co-founder and CEO of CertiK. "We are excited to launch this product and offer the Web3 community a powerful tool that makes it easy to do your own research." The launch of Skynet for Community marks a new era of transparency and accountability for the Web3 world as it provides a comprehensive evaluation of projects' security in real-time. With its uniquely comprehensive approach of combining manual and automated measures, CertiK's Security Score provides an independent lens through which all Web3 projects can be evaluated. To learn more about Skynet Community and to try out the suite of due diligence tools, visit skynet.certik.com or follow along on Twitter at @CertiK and @CertiKCommunity. About CertiK CertiK is a pioneer in blockchain security, leveraging best-in-class AI technology and expert manual review to protect and monitor blockchain protocols and smart contracts. Founded in 2018 by professors from Yale University and Columbia University, CertiK secures the Web3 world, by applying cutting-edge innovations from academia to enterprise, enabling mission-critical applications to scale with safety and correctness. CertiK has audited more than 3,900 Web3 projects and secured hundreds of billions of dollars of market capitalization.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Noname Security Expands API Security Platform To Help Organisations Increase Cyber Resilience

Prnewswire | March 30, 2023

Noname Security, the leading provider of complete API security solutions, today announced major enhancements to its market-leading API security platform to help organisations protect their API ecosystem, secure their applications, and increase cyber resilience. With the fastest, most flexible, and most comprehensive solution on the market, Noname Security continues to define API security. Noname Enables Secure Growth with API Security Innovation Today, APIs drive business, delivering value to customers, clients, patients, users, shareholders, and more. However, securing APIs – and all of the critical assets they connect – has become more difficult than ever as APIs attacks have increased exponentially. IBM Security X-Force reported that two-thirds of its analysed incidents were due to unsecure APIs. "APIs are the connective tissue for the digital world, but the explosion in API use has created new and rapidly growing threats to organisations across the globe. We created the Noname API Security Platform to uniquely address the modern API ecosystem, with discovery, insight, protection, and testing capabilities," said Shay Levi, Co-Founder and CTO at Noname Security. "Doing so means not only securing APIs and their use, but also improving the speed at which our customers can expand their business." The Noname API Security Platform Continues to Define API Security Noname's latest major release delivers new capabilities across the entire platform – covering discovery, posture management, runtime protection, pre-production testing, and deployment – to help customers: Discover More & Strengthen Security Posture Noname Security's Discovery and Posture Management solutions locate and provide insight to every API in an organisation's ecosystem, uncovering vulnerabilities (including the most recent OWASP API Top Ten), protecting sensitive data, and proactively monitoring for changes, including in OpenAPI and other specifications. New capabilities enable customers to: Gain complete visibility and detailed insights to protect APIs with customisable discovery, flexible tagging, and datatype assignments – including PII, PCI, PHI, and custom categories – for grouping APIs by application, business unit, and more. Understand APIs in rich context with visualisations of business logic, physical network infrastructure, and API traffic to understand specific interactions and behaviour patterns. Secure containerised applications with enhanced discovery and detection for Kubernetes (k8s). Prioritise resources and eliminate blind spots with extensive infrastructure inventories for AWS and Azure, enabling organisations to find unprotected APIs, map the connections between APIs and infrastructure resources, pinpoint resources that could increase the attack surface, and resolve potential issues with full context. Stop Attacks with Runtime Protection Noname Security Runtime Protection detects and blocks API attacks with real-time traffic analysis, out-of-band monitoring, inline remediation options, and workflow integrations to increase SOC effectiveness. New capabilities enable customers to: Identify business-logic-based attacks immediately with updates to the industry's most advanced anomaly detection engine using artificial intelligence & machine learning (AI/ML), including unsupervised online learning. Reduce Mean-Time-To-Resolution (MTTR) with more context on issue records, including detailed remediation guidance and tools for deeper investigation. Fully align with security operations center (SOC) processes with automation, custom workflows, and integrations with existing systems such as ITSM, SIEM, SOAR, and more. Deliver Secure APIs Faster with Active Testing Noname Security Active Testing is a purpose-built API security testing solution that helps organisations easily add security into the CI/CD pipeline without sacrificing speed. The newest version of Active Testing enables customers to: Shift left with integrations into the entire software development lifecycle (SDLC). Teams get dynamic API visibility across multiple states and environments throughout the CI/CD process. Leave no API untested with a unique ability to find and test every API based on an understanding of the application's business logic. Empower developers with best-in-class usability such as simple setup & automation, in-line test results, and contextual guidance for request failure mitigation. Continuously Adapt to Changing Environments Noname Security offers the most flexible and comprehensive set of deployment and integration options available. New capabilities enable customers to: Rapidly realise value with simplified step-by-step onboarding and in-app guidance. Meet any deployment requirement with both agentless and agent-based options, including eBPF, and both out-of-band and inline protection options. Easily manage complex deployments with automatic updates across cloud-hosted, self-hosted, hybrid, and distributed deployments. Maintain data residency and reduce overhead with remote engines to aggregate traffic into a centralised console, allowing you to keep data within your control and reducing traffic. Meet strict public-sector compliance requirements with a new hardened virtual appliance. See the entire attack surface with additional integrations and improvements to Akamai, AWS ECS, Cloudflare, Oracle Cloud Infrastructure, Citrix, and other connectors. Staying Ahead of Attackers Built by the largest team of API security researchers and developers in the industry, the Noname API Security Platform helps organisations proactively find vulnerabilities, stop attacks, reduce the risk of costly incidents, and ensure business continuity. "Improving security posture and shifting from reactive to proactive does more than reduce risk. It allows the entire enterprise to change its position in the market from follower to leader," said Oz Golan, CEO and Co-Founder of Noname Security. About Noname Security Noname Security is the only company taking a complete, proactive approach to API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Protection, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.

Read More