DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Traceable AI | September 02, 2022
Traceable AI, the industry's leading API security and observability company, today announced the general availability of its API Security Testing (xAST) solution in its API Security Platform. This comprehensive and seamless testing ability enables any API in pre-production to be tested for vulnerabilities, accuracy, reliability, and overall security — ensuring organizations are aligned with the highest API security standards before releasing APIs into production.This announcement reinforces Traceable's commitment to helping organizations ensure the highest level of API security throughout the entire software development lifecycle (SDLC).
Traceable's API Security Testing offering is built to make the testing of APIs fast, easy, and a seamless experience for both development and security teams. It supports organizations' shift left initiatives, including providing remediation insights from runtime back to development, so developers can further harden their APIs. It is API focused providing complete vulnerability analysis that leverages functional testing, as well as API DNA and user attribution for improved detection and coverage. It offers extensive coverage for the OWASP API top 10, top CVEs (such as Java, Go, Node JS, AuthN, AuthZ, and many more), business logic vulnerabilities, and sensitive data exposure. Uniform API testing is based on dynamic payloads for standard tests, and dynamic Traceable payloads for business logic vulnerabilities such as BOLA – all with virtually zero false positives. Its DevSecOps focus enables companies to identify API security gaps between prod and pre-prod, perform fast scans for actionable results in CI/CD pipelines, scan at a granularity from every pull request with API spec changes, and utilize integrations with application security tools, including SCA, SAST, DAST and IAST.
"Because of our comprehensive approach to API security, the testing component was the logical evolution. It is key to enable development teams to identify security weaknesses and vulnerabilities in the build itself, in addition to the capability of providing runtime insights back to development teams, so they can further harden their APIs. "It's an important step to enable teams to seamlessly fit API security testing into their development cycles. It is based on a simple logic: prevent breaches by eliminating the flaws at the very beginning."
CTO of Traceable AI, Sanjay Nagaraj
Traceable's API security testing is built to both reduce the risk of vulnerable APIs early in the SDLC, and enable development teams to move fast. Additional benefits include:
Eliminating the Risk of Vulnerable APIs: Find and fix API vulnerabilities early in the SDLC.
Cost Reduction: Reduce costs associated with finding vulnerabilities in APIs in production.
Rapid Scans that Maintain the Speed of Innovation: With Traceable, development teams can perform fast scans with virtually no change in dev-release cadences – eliminating friction for both dev and security teams.
Comprehensive Reporting: Traceable produces a "scan summary" report of vulnerabilities found while testing the APIs. This includes the OWASP API top 10 vulnerabilities, language and library vulnerabilities like Log4shell, misconfigurations, data exposure, and broken authentication/authorization. The information, including CVSS/CWE scores for overall risk assessment and recommendations for remediation is provided to development and security teams, so they can correct the security issues in APIs before those APIs are pushed to production.
Operational Effectiveness: Traceable's API security testing is easy to deploy and reduces complexity, with numerous CI/CD and appsec tooling integrations that allow for operational effectiveness. It also enables targeted API security testing which takes actual payloads from real time traffic into account for a concise set of actionable findings.
Extensive and Effortless Integrations: Traceable allows for numerous integrations with CI/CD pipelines, notifications, ticketing and application security testing solutions.
"Whether an API is in the development cycle or is in production, being accessed by thousands of users, Traceable's API Security Platform protects companies' most vulnerable attack vector from threats at every juncture" added Nagaraj.
About Traceable AI
Traceable is the industry's leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire development lifecycle. Visual depictions provide insight into user and API behaviors to understand anomalies and block API attacks, enabling organizations to be more secure and resilient.
DATA SECURITY,NETWORK THREAT DETECTION,PLATFORM SECURITY
NetSPI | August 18, 2022
NetSPI, the leader in enterprise penetration testing and attack surface management, today announced the launch of the NetSPI Partner Program which empowers its global channel and technology partners to deliver offensive security services during a time when it's needed most.
Partners within the program can offer end users NetSPI's proven vulnerability management technologies and human-delivered offensive security services, allowing both the partner and NetSPI to expand product and service offerings, further develop customer relationships, and enter new markets. Additionally, last month NetSPI joined the AWS Marketplace, simplifying the procurement process for enterprise organizations with existing AWS relationships by allowing them to purchase NetSPI's offerings directly via the marketplace.
The program is led by NetSPI's Vice President of Business Development and Strategic Alliances, Lauren Gimmillaro. Gimmillaro has a track record of launching four successful partner programs, consisting of working with channel, referral, reseller, and technology partners.
"As today's global attack surface evolves and cybercriminals become more sophisticated in nature, it's critical to provide end users with the tools, services, and skill sets they need to take an offensive approach to security," said Gimmillaro. "Centered around our customer-first approach, the NetSPI Partner Program will allow our team to extend our world-class pentesting capabilities to a variety of diverse and trusted partners, strengthening organizations' cyber security efforts across the globe."
The NetSPI Partner Program encompasses the following partnership types:
Channel Partners: NetSPI provides its full suite of security services and products through a global channel network of referral and reseller partners. To meet partners' requirements, the programs include a tier-based model consisting of referral fees, preferred client pricing, and reseller discounts.
Technology Partners: Security and third-party software companies help build meaningful integrations with NetSPI to improve overall customer experiences.
For both, NetSPI offers technical and sales support to help partners achieve their business and go-to-market goals.
"Through the NetSPI Partner Program, SecureLink has been able to provide enterprises in the Middle East and Africa region access to NetSPI's continuous and scalable suite of offensive security solutions. "With NetSPI, we are proud to offer unmatched sophistication, methodology, and value to our global customer base."
Manish Pardeshi, director of cybersecurity practices at SecureLink
"Apiiro is proud to be part of the NetSPI Partner Program. The partnership has provided our customers with next-gen, context aware pentesting capabilities and NetSPI customers with our ability to detect and fix critical risks in cloud-native applications," said John Leon, vice president of business development at Apiiro. "Being a member of the NetSPI Partner Program allows us to achieve our sales goals while providing mutual customers with industry leading services and expertise."
NetSPI is the leader in enterprise security testing and attack surface management, partnering with nine of the top 10 U.S. banks, three of the world's five largest healthcare companies, the largest global cloud providers, and many of the Fortune® 500. NetSPI offers Penetration Testing as a Service (PTaaS) through its Resolve™ penetration testing and vulnerability management platform. Its experts perform deep dive manual penetration testing of application, network, and cloud attack surfaces, historically testing over 1 million assets to find 4 million unique vulnerabilities. NetSPI is headquartered in Minneapolis, MN and is a portfolio company of private equity firms Sunstone Partners, KKR, and Ten Eleven Ventures.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
BeyondTrust | September 19, 2022
BeyondTrust, the leader in intelligent identity and access security, announced today a new strategic partnership with NCS Group, a leading technology services firm that provides services and solutions in consulting, digital, technology, cybersecurity and more. A strong player in identity security, NCS will be using the technology provided by BeyondTrust to offer companies best practice solutions in Privileged Access Management (PAM), a core component of enabling Zero Trust security.
Organisations today are evolving as a result of digital transformation, an accelerating shift to cloud, and an expanded remote workforce. However, these changes are also creating an increase in vulnerable endpoints and remote access, as well as a large number of digital identities that pose a significant cybersecurity risk if left unmanaged and unsecured. According to Gartner, unauthorised privileged access is now the primary method that threat attackers use to infiltrate an organisation's systems and network.
"From the rise of ransomware to an increased focus on digital transformation and Zero Trust strategies, it is a critical time for organisations to be equipped with solutions that can secure identities, safeguard access for remote employees, and strengthen endpoint security across hybrid environments. "Through this partnership, BeyondTrust and NCS will enable organisations in Asia Pacific with our Privileged Access Management (PAM) solutions to address these cybersecurity challenges."
Ben Wong, Director of Channel and Alliance for Asia Pacific & Japan at BeyondTrust
"When organisations think of access management, they may only think of traditional password management – and that should not be the case. There is an urgent need for organisations to implement more advanced endpoint security and access management solutions and many are still playing catch up in this area," said Mr. Wong. "This partnership with NCS enables us to provide tailored PAM solutions to customers across a wide range of industries from government to the commercial sectors. Combining the skills and experience of NCS with BeyondTrust's leading portfolio of PAM solutions will help their customers defend against the evolving threat landscape."
BeyondTrust is a leader in the 2022 Gartner Magic Quadrant for PAM for the fourth year running, with a comprehensive PAM portfolio that enables identity and access security that is monitored, managed, secured, and just-in-time, and includes these solutions::
Privileged Password Management
Secure Remote Access
Endpoint Privilege Management
Cloud Security Management
About NCS Group
NCS, a subsidiary of Singtel Group, is a leading technology services firm with presence in Asia Pacific and partners with governments and enterprises to advance communities through technology. Combining the experience and expertise of its 10,000-strong team across 55 specialisations, NCS provides differentiated and end-to-end technology services to clients with its NEXT capabilities in digital, cloud and platforms, as well as core offerings in application, infrastructure, engineering and cybersecurity. NCS also believes in building a strong partner ecosystem with leading technology players, research institutions and start-ups to support open innovation and co-creation. For more information, visit ncs.co.
BeyondTrust is the worldwide leader in intelligent identity and access security, empowering organisations to protect identities, stop threats, and deliver dynamic access to empower and secure a work-from-anywhere world. Our integrated products and platform offer the industry's most advanced privileged access management (PAM) solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.