PLATFORM SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS
Skyhigh Security | December 28, 2022
Skyhigh security, a leading data security solutions provider, recently announced receiving Amazon Web Services (AWS) Security Competency accreditation in the infrastructure security industry. This distinction recognizes Skyhigh Security's extensive technical expertise in AWS and proven success in its ability to assist customers in achieving their cloud security objectives.
Achieving AWS Security Competency distinguishes Skyhigh Security as a member of the AWS Partner Network (APN) that offers specialized software to assist organizations in adopting, developing, and deploying complex security projects on AWS. To achieve the distinction, APN Partners must have in-depth knowledge of AWS and provide solutions on AWS effortlessly.
AWS delivers scalable, versatile, and cost-effective solutions to startups and large-sized organizations. To enable the seamless integration and implementation of these solutions, AWS launched the AWS Competency Program to assist customers in identifying consulting and technology APN Partners with extensive industry knowledge and expertise.
AWS users can buy the entire Security Service Edge (SSE) portfolio of Skyhigh Security through the AWS Marketplace, which enhances the efficiency of the procurement process and provides flexible licensing options. The company's SSE portfolio is cloud-native, designed from the bottom up with Zero Trust principles, and includes a unified data loss prevention and policy engine.
Skyhigh SSE contains, Skyhigh Cloud Access Security Broker, Skyhigh Secure Web Gateway, and Skyhigh Private Access, among other products, offering one of the most extensive portfolios in the market.
About Skyhigh Security
Based in California, U.S., Skyhigh Security, a provider of a complete, market-leading data security platform built on a modern cloud stack, focuses on helping customers protect the world's data. It protects businesses with data-aware and user-friendly cloud-native security solutions. Its industry-leading Security Service Edge (SSE) portfolio extends beyond data access and focuses on data use, enabling enterprises to communicate from any device and location without compromising security.
DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY
Veza | December 02, 2022
Veza today announced that its Open Authorization API (OAA) is now public on GitHub for community collaboration, extending the reach of identity-first security across the enterprise. Developers can now create and share connectors to extend the Veza Authorization Graph to all sensitive data, wherever it lives, including cloud providers, SaaS apps, and custom-built internal apps, accelerating their company’s path to zero trust security.
Security professionals espouse the principle of ‘Least Privilege’ to secure enterprise data, but the rush to a multi-cloud, multi-app environment has exploded the complexity and layers of interconnection for which access must be understood, monitored, and constantly remediated to achieve and maintain least privilege. Recent attacks on Okta and Twilio demonstrate that companies are allowing overly-broad access to data via constructs of groups, roles, policies, and system specific permissions. Veza connects the dots of effective permissions across cloud providers, SaaS apps and identity platforms, making it easy to visualize who can view or delete sensitive data. OAA allows organizations and the broader community to create their own integrations with Veza, extending visibility to any resource, including SaaS apps like GitLab and Jira as well as custom-built internal apps.
“The vast majority of cybersecurity failures are rooted in issues with the gap that exists between identity, access to data, and permissions,” said Tarun Thakur, co-founder and CEO, Veza. “Since our founding, we have been committed to protecting our customers from threats like ransomware, privilege abuse, and data breaches. With Veza Open Authorization API, we are extending our identity-first security approach broadly in the market and arming organizations with the tools they need to remediate undesirable and unnecessary data access at a granular level, and meet the requirements of access governance for enterprise systems, both on-premises and in the cloud."
With Veza's Open Authorization API, customers can translate and visualize authorization metadata from any SaaS app, custom and in-house applications. Users can explore identity-to-data relationships through the Authorization Graph, monitor for least privilege misconfigurations and violations, and conduct comprehensive entitlement reviews for all of their sensitive data.
“We specifically chose Veza because their Open Authorization API allowed us to connect to our custom internal applications. We follow the principle of least privilege, but with so many systems to review, we valued Veza’s unique ability to give us a comprehensive view quickly. They made it faster and easier for our team to review all permissions with confidence.”
-Riaz Lakhani, CISO of Barracuda Networks.
As an open-source project on GitHub, Veza’s Open Authorization API allows customers and partners to learn from, and build upon, each other’s work to create a control plane that reaches all data. By bringing OAA SDK and connectors available on GitHub Community, Veza empowers customers to ingest authorization metadata previously isolated in internal systems and SaaS applications. The OAA community has already created integrations for critical SaaS apps including GitHub, GitLab, Bitbucket, Jira, Zendesk, Slack, Coupa Software, Pagerduty, and Looker. These integrations are available now to all Veza customers.
“Veza solves the problem of aligning identities to data,” said Craig Rosen, Chief Security & Trust Officer at ASAPP. “Veza’s Open Authorization Platform helped us extend that visibility to all the apps and data that matter most to us, like GitHub and Jira. Now it is easy for our security professionals to understand (and remediate) who has access to our important intellectual property.”
Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to visualize, remediate, and control who can and should take what action on what data. We empower customers to take an identity-first approach to secure data by addressing critical business needs of streamlining identity and access governance, implementing data lake security, managing cloud entitlements, and modernizing privileged access. Our Authorization Graph connects identities to data across enterprise systems, enabling analysis, monitoring, and certification of end-to-end access. Global enterprises like Blackstone, ASAPP, Barracuda Networks, Choice Hotels, and a number of Fortune 500 and emerging organizations trust Veza to secure their enterprise data. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Neosec | November 16, 2022
Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to enable organizations to fully see and store API data, removing the possibility of keeping sensitive data at-rest.
Today, many organizations are blind to the threats lurking within their API traffic. Even worse, organizations are forced to implement basic logging of its API traffic that doesn't contain the meaningful information about who accessed, what records were accessed or manipulated and how. There exists a justified fear of logging sensitive data or being out of compliance, and with the lack of technology that can perform it at scale, they prefer to log with low fidelity. Those logs tell you that "somebody modified or accessed a record" but typically don't disclose who accessed it, which record, or what action was performed.
This decision also results in a downstream issue of "insufficient logging", which is noted by the Open Web Application Security Project as one of the top security problems in its 2021 OWASP API Top 10. "Insufficient logging" is poor for incident forensics and, in practice, means that you can't detect abuse or investigate a case, even if you know it happened.
Tokenization is the process of substituting a sensitive data element, like a credit card number, for a non-sensitive equivalent that has no intrinsic or exploitable value or meaning. Neosec's automated tokenization is part of its 'privacy by design' philosophy and is already deployed successfully at customers around the world in financial services, insurance and hospitality companies among others.
The process allows retaining tokenized API activity data for the purposes of performing true behavioral analytics over time, ensures that sensitive data is never stored at rest, and enables only the customer to de-tokenize, based on the strictest data privacy practices.
"Solving API security starts with basic visibility and the ability to see how the APIs are used. The problem is that virtually every company logs API activity with low fidelity that doesn't enable this basic visibility. "In order to perform true behavioral analytics and investigate cases you must store and examine historical data. But if this analysis is performed on un-tokenized data you risk storing PII and creating compliance issues. Neosec successfully retains all API activity data, in the highest fidelity, and ensures it meets data privacy standards."
Giora Engel, co-founder and chief executive officer, Neosec
This focus on data and the visibility it brings is what previously defined the creation of the EDR (Endpoint Detection & Response) security space. "Trying to implement API security without enabling basic visibility of activity is like going back to the antivirus age before the advent of EDR. Visibility into API activity allows you to detect threats, understand behavior, investigate and remediate" said Engel.
The Neosec API security solution discovers and maintains an up-to-date inventory of all APIs in use by an organization and then uses machine learning and behavioral analytics on tokenized data to find fraud and abuse by third parties and attackers. Neosec also enables proactive API threat hunting and investigations without storing any sensitive data.
The automated API data tokenization is now a capability of the Neosec platform and is fully available. There is no extra cost for use of this unique capability.
Neosec is re-inventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities together with a team of expert threat hunters. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel.