DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Traceable AI | September 02, 2022
Traceable AI, the industry's leading API security and observability company, today announced the general availability of its API Security Testing (xAST) solution in its API Security Platform. This comprehensive and seamless testing ability enables any API in pre-production to be tested for vulnerabilities, accuracy, reliability, and overall security — ensuring organizations are aligned with the highest API security standards before releasing APIs into production.This announcement reinforces Traceable's commitment to helping organizations ensure the highest level of API security throughout the entire software development lifecycle (SDLC).
Traceable's API Security Testing offering is built to make the testing of APIs fast, easy, and a seamless experience for both development and security teams. It supports organizations' shift left initiatives, including providing remediation insights from runtime back to development, so developers can further harden their APIs. It is API focused providing complete vulnerability analysis that leverages functional testing, as well as API DNA and user attribution for improved detection and coverage. It offers extensive coverage for the OWASP API top 10, top CVEs (such as Java, Go, Node JS, AuthN, AuthZ, and many more), business logic vulnerabilities, and sensitive data exposure. Uniform API testing is based on dynamic payloads for standard tests, and dynamic Traceable payloads for business logic vulnerabilities such as BOLA – all with virtually zero false positives. Its DevSecOps focus enables companies to identify API security gaps between prod and pre-prod, perform fast scans for actionable results in CI/CD pipelines, scan at a granularity from every pull request with API spec changes, and utilize integrations with application security tools, including SCA, SAST, DAST and IAST.
"Because of our comprehensive approach to API security, the testing component was the logical evolution. It is key to enable development teams to identify security weaknesses and vulnerabilities in the build itself, in addition to the capability of providing runtime insights back to development teams, so they can further harden their APIs. "It's an important step to enable teams to seamlessly fit API security testing into their development cycles. It is based on a simple logic: prevent breaches by eliminating the flaws at the very beginning."
CTO of Traceable AI, Sanjay Nagaraj
Traceable's API security testing is built to both reduce the risk of vulnerable APIs early in the SDLC, and enable development teams to move fast. Additional benefits include:
Eliminating the Risk of Vulnerable APIs: Find and fix API vulnerabilities early in the SDLC.
Cost Reduction: Reduce costs associated with finding vulnerabilities in APIs in production.
Rapid Scans that Maintain the Speed of Innovation: With Traceable, development teams can perform fast scans with virtually no change in dev-release cadences – eliminating friction for both dev and security teams.
Comprehensive Reporting: Traceable produces a "scan summary" report of vulnerabilities found while testing the APIs. This includes the OWASP API top 10 vulnerabilities, language and library vulnerabilities like Log4shell, misconfigurations, data exposure, and broken authentication/authorization. The information, including CVSS/CWE scores for overall risk assessment and recommendations for remediation is provided to development and security teams, so they can correct the security issues in APIs before those APIs are pushed to production.
Operational Effectiveness: Traceable's API security testing is easy to deploy and reduces complexity, with numerous CI/CD and appsec tooling integrations that allow for operational effectiveness. It also enables targeted API security testing which takes actual payloads from real time traffic into account for a concise set of actionable findings.
Extensive and Effortless Integrations: Traceable allows for numerous integrations with CI/CD pipelines, notifications, ticketing and application security testing solutions.
"Whether an API is in the development cycle or is in production, being accessed by thousands of users, Traceable's API Security Platform protects companies' most vulnerable attack vector from threats at every juncture" added Nagaraj.
About Traceable AI
Traceable is the industry's leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire development lifecycle. Visual depictions provide insight into user and API behaviors to understand anomalies and block API attacks, enabling organizations to be more secure and resilient.
Read More
DATA SECURITY
Cribl | August 04, 2022
Cribl, the leader in enabling open observability, today announced a new partnership with SentinelOne, an autonomous cybersecurity platform company. The partnership enables SentinelOne customers to leverage Cribl's observability product suite to streamline cybersecurity triage, optimize data collection, and provide security teams control of their data.
By integrating Cribl's observability product suite with Singularity XDR, SentinelOne customers can now unlock the value of all observability data. Key benefits include the ability to: 1) Operationalize endpoint and extended detection and response (EDR & XDR) of data sources in joint customer environments, 2) Streamline for triage and investigative functions in the Security Operations Center (SOC), and 3) Progress cybersecurity programs with enhanced threat intelligence, threat hunting, and adversary simulation.
"Today's cybersecurity risk levels are increasingly associated with the ability to understand data across enterprise assets. "Our partnership with Cribl helps optimize data collection at scale, enabling security teams to minimize risk and save time."
Chuck Fontana, SVP Business Development at SentinelOne
"We're excited to partner with the SentinelOne team," said Zac Kilpatrick, VP of Channel and Alliances at Cribl. "To keep up with persistent threats and the ever-changing security landscape, SOC activity must move from reactivity to proactivity. SentinelOne's autonomous and proactive approach to cybersecurity is differentiated in the market and aligns with Cribl's objective of optimizing analytics platform cost and performance."
Integration with SentinelOne's Cloud Funnel
Cribl's product suite now integrates with SentinelOne's Cloud Funnel, a data subscription enabling XDR data to be stored locally in an enterprise's data lake. This solution works with any data type, such as file, process, DNS, flow, behavioral, registry, commands, scripts, and more. Cloud Funnel's flexibility provides SentinelOne customers the ability to choose which data type they need, optimize it to find the right signal, and route it for maximum efficiency - all at machine speed.
Integration with DataSet
Cribl Stream now supports SentinelOne's DataSet as a destination to seamlessly route data from legacy log analytics solutions. DevOps and IT teams choose DataSet to analyze data in real-time, effortlessly scale to petabytes, and cost-effectively retain data for longer periods of time for compliance and audit purposes. The new integration enables Cribl customers to pipeline their data to DataSet without changing their data instrumentation, collection, and ingestion.
SentinelOne and Cribl will also continue bringing new offerings to market, including integrating Cribl Stream into SentinelOne's Singularity XDR platform.
About Cribl
Cribl makes open observability a reality for today's tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It's enterprise software that doesn't suck, enables tech professionals to do what they need to do, and gives them the ability to say "Yes." With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future. Founded in 2017, Cribl is a remote-first company with an office in San Francisco, CA.
Read More
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
CyberRes | September 06, 2022
CyberRes, a Micro Focus (LSE: MCRO; NYSE: MFGP) line of business, today announced a new version of Voltage File Analysis Suite (FAS), a cloud platform that combines the latest in data discovery and data protection. Among the new features in Voltage FAS is SmartScan, a tool for intelligent sampling and dynamic tagging for petabyte scale data discovery, enabling data analysts to find the areas of higher data risk faster.
"The new CyberRes Voltage File Analysis Suite takes data security to the next level with its data discovery and protection capabilities within one solution. "Since it is delivered as a SaaS solution, it possesses the scalability needed to meet the needs of any user's data estate. Furthermore, the dynamic Voltage SmartScan tool provides users with the resources needed to conduct more prescriptive, deeper scans of their data infrastructure and take more focused protective actions."
Reiner Kappenberger, Director Product Management, Voltage Data Privacy and Protection
Voltage FAS is not limited by the constraints of geographic or political boundaries, enabling users to achieve and maintain compliance standards for the growing number of privacy regulations around the world. Voltage FAS enhances global privacy awareness with dynamic data masking, contextually aware entity detection for thirty-nine-plus countries and economic regions.
Also with this release, Voltage FAS is now available as a managed security services provider (MSSP) offering, which goes hand-in-hand with its availability as a software-as-a-service (SaaS) platform. Voltage FAS works with cloud, on-premise and all hybrid models by understanding and managing data in place. As some regions require data residency for organizations, Voltage FAS can also be deployed on private clouds, enabling organizations to effectively find and protect their sensitive data without having any data leave the region.
"The release of our Voltage as a Service MSP/MSSP offering is designed to enable managed security services providers with flexible go-to-market options, pay-as-you-grow models, unified data discovery use cases to build managed services catalog offerings, thereby solving customer requirements for outcome-driven data discovery and protection with extremely quick time to value," said Marianne Van der Pluym, VP Global MSSP Strategy and Sales.
One MSSP that has capitalized on the flexibility of Voltage FAS is Advania Sweden. "At Advania, we built our Data Management as a Service on the Voltage/FAS platform in our own data center and are able to be compliant with strict governmental rules and GDPR," said Tomas Wanselius, CEO of Advania Sweden.
The new version of Voltage FAS is also receiving high marks from end users. "File Analysis Suite has a pivotal role in our environment, not only supporting Turkish Data Protection Regulation and PCI/DSS but also helping us to understand the other critical/sensitive data should be protected," Olcay Nisanoglu, IT Operations Director, BELBIM. "Since this project was a priority for the management team, we took an immediate action to start the project. Thanks to SmartScan's functionality with File Analysis Suite, all critical folders were quickly identified, allowing us to efficiently focus on these areas."
Voltage FAS' data discovery capabilities can go deeper and broader across unstructured data repositories than most in the market. Voltage FAS supports more than 1,000 file types and discovery across the most common sources of unstructured data and collaboration platforms on premises and in the cloud including Microsoft 365, SharePoint, Exchange, Azure file and object stores, Google Workspaces, SMB (Samba), Amazon S3 object stores, as well as other source via a custom connector API. Voltage FAS includes the latest Optical Character Recognition (OCR) technology to enable users to discover sensitive data in images, such as scans of identifications and contracts.
About CyberRes
CyberRes is a Micro Focus line of business. We bring the expertise of one of the world's largest security portfolios to help our customers navigate the changing threat landscape by building both cyber and business resiliency within their teams and organizations. CyberRes is part of a larger set of digital transformation solutions that fight adverse conditions so businesses can continue to run today, keep the lights on, and transform to grow and take advantage of tomorrow's opportunities.
Read More