DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
SlashNext | March 01, 2023
On February 28, 2023, SlashNext, a leading SaaS-based Integrated Cloud Messaging Security solutions provider across web, email and mobile, announced the release of Generative HumanAI™, the industry's first artificial intelligence solution using generative AI to defend against advanced business email compromise (BEC), executive impersonation, supply chain attacks, and financial fraud. Adding Generative HumanAI ensures that customers have peace of mind, despite threat actors utilizing widely available AI tools to aid their efforts. The solution already has a 99.9% detection rate with its existing AI capabilities.
Generative HumanAI predicts vast numbers of potential AI-generated BEC threats by utilizing AI data augmentation and cloning technologies to evaluate a core threat and then produce thousands of other versions of that same core threat, which allows the system to train itself on possible variations.
This new solution joins SlashNext's existing HumanAI capabilities, which imitate human threat researchers by combining computer vision, natural language processing, and machine learning with relationship graphs and deep contextualization to thwart sophisticated multichannel messaging attacks.
Features of HumanAI consist:
Relationship Graphs & Contextual Analysis establish a baseline of known-good writing styles and communication patterns for each employee and supplier to detect unusual conversation and communication styles.
BEC Generative AI Augmentation automatically generates thousands of new BEC variants from today's threat to stop tomorrow's attacks.
Natural Language Processing analyzes text in the email body and attachments for tone, emotion, topic, intent and manipulation triggers related to social engineering tactics.
Computer Vision Recognition leverages SlashNext's LiveScan™ to inspect URLs in real-time for any visual divergence, such as layouts and images, to detect credential phishing webpages.
Sender Impersonation Analysis evaluates headline details and email authentication results to stop impersonation attacks.
File Attachment Inspection analyzes social engineering traits of attachments and malicious codes to stop ransomware.
SlashNext has been developing this patent-pending solution internally for over two years and is at the forefront of multichannel messaging security. Its threat researchers recognized that generative AI would soon change the face of BEC attacks.
About SlashNext
SlashNext is a leading cloud-based messaging security solutions provider to safeguard against malicious messages across all digital channels. Its integrated messaging security platform, called SlashNext Complete™, is equipped with patented HumanAI™ technology having a detection accuracy rate of 99.9% and is capable of detecting real-time threats across various messaging channels such as mobile, email and web-based messaging applications like LinkedIn, M365, Gmail, WhatsApp, Slack, Telegram, Teams, and others. By taking advantage of SlashNext's Integrated Cloud Messaging Security, businesses can safeguard their sensitive information from data theft and financial fraud breaches. The company's solution is designed to detect and prevent zero-hour threats in real-time to ensure their customers' highest level of security.
Read More
PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION
Wallarm | January 23, 2023
Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak.
Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data.
With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach:
Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute.
Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio.
Control - Wallarm also continuously monitors and prevents the use of leaked API secrets.
The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation.
About Wallarm
Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.
Read More
DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY
DoControl | February 03, 2023
On February 2, 2023, DoControl, a leading automated software-as-a-service (SaaS) security provider, announced the release of its no-code SaaS security platform on AWS Marketplace, an online catalog that simplifies the provisioning, procurement, and governance of third-party data, software and services. The platform enables joint customers to better protect their business-critical assets by setting up a foundational layer of preventative data access security controls directly through the AWS Marketplace.
Individual SaaS applications' native security features are usually poor and do not provide a consistent way to apply data access controls across all SaaS application types. DoControl provides a single security strategy that centralizes the enforcement of least privilege - beyond the network, identity, and device levels - across the entire estate of an enterprise's SaaS applications. Customers with AWS deployments may now use DoControl solutions to safeguard all shared data and files accessed by every identity or entity, including internal employees, third-party collaborators, and third-party OAuth applications.
On average, an enterprise has approximately 200 applications in use, with hundreds or thousands of internal and external collaborators. Therefore, data security is of utmost importance across these applications (file-sharing, file storage, messaging, and so on), as breaches can result in lost revenue, severe brand damage, regulatory fines and other financial consequences.
DoControl offers SaaS asset management, continuous monitoring, and automated security workflows to security and IT teams to prevent data breaches. In addition, DoControl lowers the physical toil and complexity that security and IT professionals face on a daily basis by replacing manual effort with automation.
About DoControl
Founded in 2020, DoControl is a No-Code SaaS Security Platform that provides organizations with automated, self-service tools needed for SaaS applications data access monitoring, orchestration, and remediation. It takes a distinctive, customer-focused approach to the labor-intensive challenge of security risk management and data exfiltration prevention in popular SaaS applications. DoControl helps lower the work overload and complexity that Security and IT teams face on a daily basis by replacing manual work with automation. The company is backed by investors, including StageOne Ventures, Insight Partners, RTP Global, Cardumen Capital, and CrowdStrike's CrowdStrike Falcon Fund.
Read More