ENTERPRISE SECURITY, SOFTWARE SECURITY, CLOUD SECURITY
Prnewswire | June 02, 2023
Safe Security (SAFE), the leader in AI-based cyber risk management SaaS platform, announced today the industry's first Cyber Risk Cloud of Clouds for predicting and preventing cyber breaches. In contrast to the rest of the industry that takes a reactive approach, SAFE's Cyber Risk Cloud of Clouds enables organizations to make informed and predictive dynamic security decisions to reduce risk.
Real-Time, Data-Driven, Aggregated Risk in a Single Place
SAFE's Cyber Risk Cloud of Clouds provides organizations with a granular and aggregated view of enterprise security risk by bringing together multiple disparate cyber signals, including Crowdstrike, Wiz, AWS, Azure, Google Cloud Provider, Qualys, Tanium, Rapid7, ServiceNow, and more in a single view. This provides organizations with visibility across their entire attack surface ecosystem, including technology, people, and third parties.
AI Breach Predictions and Prioritized Actions to Prevent Breaches
Using SAFE's predictive AI data models, co-developed with MIT, SAFE generates breach likelihood for different risk scenarios like ransomware. For example, accurately answer questions like:
How likely are you to be hit by a ransomware attack in the next 12 months?
What is your likelihood of being hit by the latest malware like "Snake" malware?
What is your dollar impact for that attack?
What prioritized actions can you proactively take to reduce the ransomware breach likelihood and reduce dollar risk?
"The CISO is facing an unprecedented level of pressure and the role has evolved into a major business decision maker. With SAFE, CISOs can gain a new level of visibility with higher confidence, through real-time access into their cybersecurity posture, to make the most impactful strategy to decrease cyber risk," said Saket Modi, CEO and Co-Founder of SAFE. "The new release of SafeGPT, a generative AI interface, powered by LLM models is a game-changer. It helps CISOs get the right answers a hundred times faster."
SafeGPT Drives Easy Access and Risk Reducing Decisions
SAFE's generative AI chat interface powered by LLM models, SafeGPT, offers an intuitive platform for managing cyber risk with ease, providing stakeholders with a clear and comprehensible overview of the organization's cybersecurity posture. With its user-friendly dashboard and natural language processing capabilities, SafeGPT enables users to ask targeted questions of their cyber risk data, determine the most effective strategies for mitigating risk, and respond confidently to inquiries from regulators and other key stakeholders.
"The market transitions going on now are going to affect every industry and vertical worldwide," said John Chambers, former Executive Chairman and CEO of Cisco and current founder and CEO of JC2 Ventures." AI is going to have a tremendous impact on cybersecurity, which is why I am excited about the launch of SafeGPT. It simplifies complex problem-solving for board members and C-level executives."
About Safe Security
Safe Security is the leader in cyber risk management SaaS platforms. It has redefined cyber risk measurement and management with its real time, data driven approach that empowers enterprises, boards, regulators and cyber insurance carriers to understand cyber risk in an aggregated and granular manner.
Using SAFE's predictive AI driven data models, co-developed with MIT, customers are now empowered to translate the bits and bytes of cyber risk into dollars and cents so that they can prioritize their cyber investments to most effectively mitigate their risk and understand the return on security investments. Having raised over $100m, SAFE is growing over 200% year-over-year and serves some of the largest global enterprises.
Read More
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Businesswire | May 08, 2023
Dashlane, the security-first password manager, today introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in that evolution. With Passwordless Login, users will be able to securely access their Dashlane account without having to create and remember a single password.
As digital profiles have multiplied both professionally and personally, it’s become increasingly difficult to securely manage credentials. Gartner reported that as many as 20-50% of all helpdesk calls are related to password resets. Password managers have helped simplify this process, though users have still needed to create and remember a master password to access their vaults.
By eliminating the master password, Dashlane will empower users to create new phishing-resistant, passwordless accounts that don’t suffer from the vulnerabilities of traditional passwords and multifactor authentication (MFA). Not only does this strengthen overall security posture, it removes user friction and provides a more accessible way for people to access their accounts and protect their personal information.
“Our business has long been about helping users and organizations manage their passwords and logins. But the digital password was born in the 1960s and despite technological advancements, many people still use the same username and password format for most of their online lives,” said John Bennett, CEO at Dashlane. “While our business model has relied on users having one strong, unique master password, it’s still a password that can be weak, reused, phished, or breached. Unveiling today’s passwordless technology marks a significant milestone in our journey towards a future with no passwords.”
By relying on the strength of local device security, which includes PINs and biometrics, Dashlane is able to securely authenticate and provide access to a user’s encrypted vault, which allows Dashlane to be resistant to phishing attacks. Additionally, Dashlane uses cryptographic keys generated with Elliptic-curve Diffie-Hellman (ECDH) to assist with securely exchanging secrets between devices, making setting up a new device fast and secure and regaining access simple. Dashlane is introducing a new mechanism to let users recover their data if they lose their device. This new Dashlane Account Recovery Key will also be made available to our existing users who still use a master password to log in to Dashlane.
Dashlane’s Passwordless Login is a cross-platform solution that is agnostic to the state of a user’s hardware and software. The technology also enables:
Faster device setup flow using a registered device
The ability to set up device-specific PIN codes and biometrics (like fingerprint or facial recognition) to create an account on a mobile iOS or Android device
The ability to regain access to an account with a recovery key, in the event of a total device loss
Dashlane recently became a board-level member of the FIDO Alliance, doubling down on its commitment to work with industry partners to advance the passwordless future through the widespread adoption of passkeys and phishing-resistant authentication.
New Dashlane users will be able to sign up for an account without a master password in the coming months on their mobile device, and the capability will be rolled out to existing customers later this year. For more information on Passwordless Login for Dashlane and to see a demo of how the experience will work, please visit Dashlane’s Passwordless hub.
About Dashlane
Dashlane is a password management solution that removes complexity by pairing comprehensive security with ease of use. We are closely attuned to the needs of our users, balancing simple tools with an uncompromising approach to security–a game changer for anyone, but especially for IT admins working to secure their organization. Our team in Paris, New York, and Lisbon is united by a strong sense of community and passion for improving the digital experience. Over 18 million users and 20,000 businesses globally use Dashlane for a faster, simpler, and more secure internet.
Read More
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Globenewswire | April 06, 2023
Noname Security, the leading provider of complete and proactive API security, today announced Noname Public Sector’s Hardened Virtual Appliance making the API security platform available to the U.S. Federal Government, highly regulated industry customers, and FedRAMP-authorized vendors. The appliance is the first of its kind in the comprehensive API security space and is designed to deliver a drop-in, secure, and scalable system for discovering, monitoring, and protecting mission-critical APIs and data.
“Governments and highly regulated industries have unique security needs. Having worked closely with many Federal agencies during my career, I know how impactful it will be to provide this level of security and insight into APIs and provide options that make it easy to meet government standards,” said Dean Phillips, Executive Director of Public Sector Programs at Noname Security. “The government and regulated industries are not immune from cyber criminals, they are targeted as much if not more than most organizations. We’re excited to arm them with the tools they need to protect their assets.”
Federal agencies can use the Noname API Security Platform to protect their APIs in real-time and detect vulnerabilities before they are exploited. Noname Security’s Hardened Virtual Appliance makes the API security platform available completely offline with no reliance on internet connectivity, perfect for isolated and controlled environments. It is a finely tuned package of advanced software and premium support built and secured to Federal Government specifications, enabling customers to comply with the most rigorous standards, including Federal Information Processing Standards (FIPS)1 and Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIGs)2. Noname collaborated with a FedRAMP 3PAO, The MindPoint Group, on the development of the Noname Hardened Virtual Appliance.
Noname Security’s Hardened Virtual Appliance enables access to a powerful, complete, and easy-to-use API security platform that helps:
Discover all APIs, data, and metadata - Unlike other API solutions that only look at traffic sources, Noname Security discovers more APIs by combining traffic sources with the configuration of infrastructure and applications. The end result: visibility into more APIs and deeper insights into customers’ API security posture.
Analyze API behavior and detect all API threats - The Noname API Security Platform uses AI-based detection to identify the broadest set of API vulnerabilities, including data leakage, data tampering, misconfigurations, data policy violations, suspicious behavior, and cyber attacks.
Prevent attacks and remediate API vulnerabilities - Noname Security allows federal customers to prevent attacks in real-time, fix misconfigurations, automatically update firewall rules, webhook into their WAFs and gateways to create new policies against suspicious behavior, and integrate with existing workflows (ticketing and SIEMs).
Noname Public Sector LLC has made it easier to deploy, configure and manage the platform via the new Noshell(™) interface. The shell offers innovative features such as the ability to perform on-demand STIG audits of the internal system itself, while aiming to reduce the overall attack surface of the system.
About Noname Security & Noname Public Sector LLC
Noname Public Sector LLC empowers the world’s most critical organizations to protect their most important data. With decades of military and civilian public sector experience, Noname Public Sector combines a deep understanding of government agency requirements with leading expertise on their unique API security considerations. Government agencies using Noname’s complete, proactive API security solutions can securely harness their data to serve the public and stay ahead of adversaries. Noname Public Sector LLC is privately-held and based in Herndon, VA.
Noname Security is the leading provider of complete, proactive API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Security, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.
Read More