DATA SECURITY

Salt Security to Launch Salt Labs to Increase Global Awareness of API Security Threats

Salt Security | July 16, 2021

The leading API security company, Salt Security, has announced today the launch of a now-public forum for publishing research on API vulnerabilities, Salt Labs. It will be a resource for enterprises looking to harden infrastructure against API risk through its vulnerability and threat research and industry reports. In addition, advancing the operation of Salt Security to offer complete API security and accelerate business improvement by making APIs attack-proof will also be a basis of more widespread public consciousness of API safety threats.

API security concerns are a significant inhibitor of business modernization. For example, 66% of establishments have delayed the placement of a new application because of API security anxieties, according to the Salt Security State of API Security Report. To counter these concerns, Salt Labs will provide research and reports that organizations can use to progress their API security pose and alleviate threats affecting API-centric businesses.

Several API security gaps are highlighted in today's inaugural vulnerability research at a large financial institution. Salt Labs researchers identified inadequate authorization for function access, susceptibility to parameter tampering, insufficient data access, and improper input filtering across the financial platform used by thousands of financial partners and customers. The Salt Labs researchers exploit these vulnerabilities to demonstrate that:

1. Any user could launch an application-level denial of service attack that would render entire applications unavailable.
2. Any user could read any financial records of any customer, despite lacking the proper authorization.
3. Any user could tamper with authentication parameters and take over any account.
4. Any user could delete any customer's user accounts across the financial platform.

About Salt Security

Salt Security was originated in 2016 by alumni of the Israeli Defense Forces (IDF) and serial businessperson executives in the cybersecurity field and is based in Silicon Valley and Israel. Salt Security protects the APIs that form the core of every new application. Its API Security Platform is the industry's first patented solution to stop the next generation of API attacks, using machine learning and AI to mechanically and unceasingly recognize and protect APIs.

Spotlight

Answer the Demand for Certified Professionals Prepping for an (ISC)² credential, like the CISSP, is a big commitment. Maybe you’ve started, but life got in the way of your goal… We get it. That’s why we created the (ISC)² Exam Action Plan to help keep you on track for success. Because we need talented, skilled people like you w

Spotlight

Answer the Demand for Certified Professionals Prepping for an (ISC)² credential, like the CISSP, is a big commitment. Maybe you’ve started, but life got in the way of your goal… We get it. That’s why we created the (ISC)² Exam Action Plan to help keep you on track for success. Because we need talented, skilled people like you w

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BigID Automates Data Minimization & Accelerates Data Cleanup with Industry-First ML for Finding Duplicate and Similar Data Content

Prnewswire | April 12, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today announced a breakthrough in data cleanup with the launch of its industry-first ML-powered solution for finding duplicate and similar data content. The innovative technology uses groundbreaking AI to locate both similar and duplicate data on any data set, enabling organizations to easily identify duplicate data as well as redundant, obsolete, or trivial (ROT) data. These transformative capabilities mean that organizations can reduce their storage cost, accelerate compliance, and improve cybersecurity across their environment. Duplicate and redundant data are a treasure trove for cybercriminals - exponentially increasing the risk of data leaks, data breaches, and compromised data. By reducing the attack surface and reducing duplicate and redundant data, organizations can improve their system hygiene, reduce insider risk, and get more value from their data. With BigID's powerful data minimization and cleanup capabilities, organizations can now automatically find duplicate data quickly and delete it in accordance with retention policies - enabling full data lifecycle management across all of their data, everywhere. This not only helps reduce risk and improve security posture, but also saves time and resources that would otherwise be spent manually sorting through large amounts of data. With BigID's data minimization capabilities, organizations can: Quickly and accurately identify duplicate, similar, and redundant data Automatically discover dark data and shadow data Manage and de-risk their data by type, sensitivity, and policy Implement data retention and remediate duplicate, sensitive, and redundant data Deleted data that's no longer needed Streamline data lifecycle management from collection to destruction "Data minimization is critical to any data management strategy, and BigID's ML-powered solution makes it easier and faster than ever before," said Dimitri Sirota, CEO of BigID. "By automating the process of identifying and deleting duplicate data, we're helping our customers reduce their risk and improve their overall security posture." The ML-powered solution is a key component of BigID's comprehensive data management platform, which provides a range of capabilities including data discovery, classification, compliance, risk management, privacy, and governance. About BigID BigID's data intelligence platform enables organizations to know their enterprise data and take action for privacy, security, and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, a Business Insider 2020 AI Startup to Watch, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Dashlane Introduces Passwordless Login

Businesswire | May 08, 2023

Dashlane, the security-first password manager, today introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in that evolution. With Passwordless Login, users will be able to securely access their Dashlane account without having to create and remember a single password. As digital profiles have multiplied both professionally and personally, it’s become increasingly difficult to securely manage credentials. Gartner reported that as many as 20-50% of all helpdesk calls are related to password resets. Password managers have helped simplify this process, though users have still needed to create and remember a master password to access their vaults. By eliminating the master password, Dashlane will empower users to create new phishing-resistant, passwordless accounts that don’t suffer from the vulnerabilities of traditional passwords and multifactor authentication (MFA). Not only does this strengthen overall security posture, it removes user friction and provides a more accessible way for people to access their accounts and protect their personal information. “Our business has long been about helping users and organizations manage their passwords and logins. But the digital password was born in the 1960s and despite technological advancements, many people still use the same username and password format for most of their online lives,” said John Bennett, CEO at Dashlane. “While our business model has relied on users having one strong, unique master password, it’s still a password that can be weak, reused, phished, or breached. Unveiling today’s passwordless technology marks a significant milestone in our journey towards a future with no passwords.” By relying on the strength of local device security, which includes PINs and biometrics, Dashlane is able to securely authenticate and provide access to a user’s encrypted vault, which allows Dashlane to be resistant to phishing attacks. Additionally, Dashlane uses cryptographic keys generated with Elliptic-curve Diffie-Hellman (ECDH) to assist with securely exchanging secrets between devices, making setting up a new device fast and secure and regaining access simple. Dashlane is introducing a new mechanism to let users recover their data if they lose their device. This new Dashlane Account Recovery Key will also be made available to our existing users who still use a master password to log in to Dashlane. Dashlane’s Passwordless Login is a cross-platform solution that is agnostic to the state of a user’s hardware and software. The technology also enables: Faster device setup flow using a registered device The ability to set up device-specific PIN codes and biometrics (like fingerprint or facial recognition) to create an account on a mobile iOS or Android device The ability to regain access to an account with a recovery key, in the event of a total device loss Dashlane recently became a board-level member of the FIDO Alliance, doubling down on its commitment to work with industry partners to advance the passwordless future through the widespread adoption of passkeys and phishing-resistant authentication. New Dashlane users will be able to sign up for an account without a master password in the coming months on their mobile device, and the capability will be rolled out to existing customers later this year. For more information on Passwordless Login for Dashlane and to see a demo of how the experience will work, please visit Dashlane’s Passwordless hub. About Dashlane Dashlane is a password management solution that removes complexity by pairing comprehensive security with ease of use. We are closely attuned to the needs of our users, balancing simple tools with an uncompromising approach to security–a game changer for anyone, but especially for IT admins working to secure their organization. Our team in Paris, New York, and Lisbon is united by a strong sense of community and passion for improving the digital experience. Over 18 million users and 20,000 businesses globally use Dashlane for a faster, simpler, and more secure internet.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Forcepoint Launches Global Managed Security Service Provider Program for Forcepoint ONE SSE

Businesswire | April 19, 2023

Global security leader Forcepoint today introduced its best-in-class Managed Security Service Provider (MSSP) program for service providers, distribution partners and other resellers. With managed services based on the Forcepoint ONE Security Service Edge (SSE) platform, Forcepoint partners can simplify Zero Trust security and gain predictable, repeatable revenue streams through cloud-first, hybrid-ready security. Forcepoint ONE also allows partners to quickly differentiate their security offerings with Data-first SASE, integrating SSE with connectivity through FlexEdge Secure SD-WAN solutions. Forcepoint MSSP partners can help enterprises and government agencies turn security into a competitive advantage by increasing productivity, streamlining costs and simplifying regulatory compliance. “As more and more organizations look to MSSPs for their cybersecurity solutions, the opportunity for partners is absolutely massive with market growth to $53.22B expected in the next several years. And every customer we speak to is on a path to SASE, with many looking to MSSPs for pay-as-you-go solutions that stop threats and data loss while letting users access information and apps securely on any device,” said Myles Bray, Chief Revenue Officer at Forcepoint. “Forcepoint ONE allows MSSP partners to fast forward their journey to Data-first SASE through the delivery of security convergence, subscription model and business tools that enable partners to reduce complexity for mutual customers, drive recurring revenue, and quickly scale their service offerings.” “Forcepoint’s data-centric focus on security aligns with our vision for proactive protection, detection and remediation,” said Raluca Saceanu, CEO of Smarttech247, a Forcepoint partner. “Smarttech247’s hosted and managed services centered on Forcepoint ONE SSE cloud-native and Forcepoint enterprise data security solutions allow today’s enterprises to manage risk holistically and simplify security operations. This is a game-changer when adversaries are constantly finding new ways to steal confidential data.” As a channel-first company, Forcepoint will help partners quickly incorporate SASE into their services through its MSSP program. Using the Forcepoint management portal, partners can update customer configurations and offer multi-tenant services with a few clicks. Subscriptions with simple billing help providers scale their profitability when end-user licensing needs change. With no significant up-front expenses, partners can offer Forcepoint ONE and Secure SD-WAN solutions quickly over the internet and customers can add more services anytime. Forcepoint also provides enablement and training support, including channel managers dedicated to building business plans with MSSPs and distribution partners. Additional Forcepoint MSSP benefits to partners include: Unified Management: the Forcepoint ONE all-in-one console offers a single set of policies for securing remote, hybrid, and office workers. Modern: strong Zero Trust data security delivered with a cloud-native SASE architecture. Global: available everywhere, with 300+ points of presence for managed devices and agentless support for BYOD. Reliable: 99.99% uptime since 2015. Profitable: cost competitive, higher margin services. About Forcepoint Forcepoint simplifies security for global businesses and governments. Forcepoint’s all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft or loss of sensitive data and intellectual property no matter where people are working. Based in Austin, Texas, Forcepoint creates safe, trusted environments for customers and their employees in more than 150 countries. Engage with Forcepoint on www.forcepoint.com, Twitter and LinkedIn. About Smarttech247 Smarttech247 is a multi-award-winning cybersecurity company that helps organizations reduce their risk. Trusted by global customers, our platform provides threat intelligence with managed detection and response to provide actionable insights, 24/7 threat detection, investigation, and response. Our service is geared towards proactive prevention and we do this by utilizing the latest in cloud, big data analytics and machine learning, along with our industry leading governance, risk and compliance team.

Read More