DATA SECURITY

To prevent cyber attacks caused by compromised passwords, Enzoic and OneLogin partner

businesswire | November 18, 2020

Enzoic, a main supplier of bargained certification screening arrangements, today reported an association with OneLogin, a cloud-based character and access the board supplier. The joint effort will see Enzoic's qualifications screening administration incorporated into OneLogin's SmartFactor Authentication item, guaranteeing that accreditations uncovered in an earlier break can't be utilized.

Verizon's 2020 Data Breach Investigations Report distinguished that taken certifications are associated with 29 percent of information breaks and that 80% of hacking-related penetrates include bargained and feeble qualifications. These discoveries underscore that forestalling the utilization of uncovered qualifications is basic to diminish the probability of an effective assault.

The Enzoic and OneLogin association is intended to dispose of the danger of bargained accreditations. Through the arrangement, OneLogin will coordinate Enzoic's API so that each time a client makes a secret phrase, it will naturally be screened against Enzoic's live information base of different billions of uncovered username and secret phrase mixes. On the off chance that the qualifications are uncovered, it will request that the client make another exceptional secret phrase. This altogether decreases the danger of fruitful accreditation stuffing, account takeover or different types of information break occurring without adding superfluous contact.

“Preventing the use of exposed credentials is the key to shoring up password vulnerabilities,” said Josh Horwitz, COO, Enzoic. “As the number of breaches and cyber attacks show no sign of abating, it's critical that organizations take steps to protect against this threat by screening credentials. We are excited to partner with OneLogin to deliver this peace of mind to its customers that use SmartFactor Authentication."

“Cybersecurity threats are a part of our digital world,” said Venkat Sathyamurthy, Chief Product Officer OneLogin.“By integrating Enzoic’s intelligent technology, we’re preventing our users from inadvertently deploying credentials that have already been breached and exposed on the Dark Web. As a result, the risk of account takeover from compromised credentials is reduced while ensuring that the authentication process remains smooth for our customers.”

About Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed username and password combinations to identity accounts at risk and mitigate unauthorized access. Enzoic is a profitable, privately held company in Colorado.


About OneLogin
OneLogin is the number one value-leader in Identity and Access Management. Our Trusted Experience Platform provides everything you need to secure your workforce, customers, and partners at a price that works with your budget. Headquartered in San Francisco, OneLogin secures over 2,500 customers worldwide, including Airbus, Stitch Fix, and AAA.

Spotlight

This presentation contains forward-looking statements. Forward-looking statements are statements that are not historical facts. These statements include projections and estimates and their underlying assumptions, statements regarding plans, objectives, intentions and expectations with respect to future financial results, events, operations, services, product development and potential, and statements regarding future performance or events. Forwardlooking statements are generally identified by the words “expects”, “anticipates”, “believes”, “intends”, “estimates”, “plans”, “projects”, “may”, “would” “should” and similar expressions.

Spotlight

This presentation contains forward-looking statements. Forward-looking statements are statements that are not historical facts. These statements include projections and estimates and their underlying assumptions, statements regarding plans, objectives, intentions and expectations with respect to future financial results, events, operations, services, product development and potential, and statements regarding future performance or events. Forwardlooking statements are generally identified by the words “expects”, “anticipates”, “believes”, “intends”, “estimates”, “plans”, “projects”, “may”, “would” “should” and similar expressions.

Related News

PLATFORM SECURITY

Deloitte Launches Zero Trust Access, a New Managed Security Service

Deloitte | July 12, 2022

To help organizations adopt zero trust more quickly and efficiently, Deloitte is launching a new managed service – Zero Trust Access— that offers a cloud-native approach to securing communications between users, on any device, and enterprise applications, wherever they may reside. The Zero Trust concept commits to removing implicit trust within an information technology (IT) ecosystem and replacing it with a risk-based approach to accessing organizational resources across identities, workloads, data, networks and devices. This trend is gaining momentum, given legacy approaches to security architecture are no longer suitable to secure the ubiquitous nature of the modern enterprise. Part of the newly expanded Zero Trust by Deloitte, Zero Trust Access facilitates zero trust adoption and the evolving needs of organizations in protecting their applications, infrastructure, and data. Following the integration of recently acquired talent and technology into existing Deloitte services, the Zero Trust Access managed service connects users to applications through a frictionless cloud-native solution that is inherently scalable, resilient, agile, and secure. Further, the managed service is available standalone, integrated with other Deloitte offerings, or as part of a broader solution leveraging technologies from Deloitte's alliances ecosystem. "As perimeter-based approaches are no longer suitable to secure the modern enterprise, many organizations are working to enhance protection for their IT ecosystems via zero trust. "Zero Trust Access was built as a turnkey managed service helping ourselves and our clients accelerate adoption of this transformative security framework. Our goal was to create a cost-effective solution that can be delivered standalone or complementary to a broader ecosystem and ultimately help decrease the burden on IT and security teams who likely need to manage multiple heterogenous solutions to achieve similar outcomes." Andrew Rafla, Deloitte Risk & Financial Advisory's zero trust offering leader and principal, Deloitte & Touche LLP With innovative data protection leveraging device-level secure microcontainer technology, Zero Trust Access helps protect infrastructure while also enabling organizations to protect sensitive enterprise data and enforce least privilege through dynamic access control to enterprise assets. The managed service can replace remote access solutions inclusive of virtual private network (VPN), virtual desktop infrastructure (VDI), and desktop as a service (DaaS), all of which typically require significant capital expenditure for infrastructure, high operating costs, and technology management overhead. Zero Trust Access includes features such as ephemeral connectivity built upon secure peer-to-peer (P2P) communication, conditional access and continuous authorization, as well as robust data protection for data at-rest, in-use, and in-transit are consistently applied to each session, regardless of the type or location of the applications being accessed (e.g., legacy hosted applications, software as a service (SaaS), thick-client, web-based applications). Implementation of Zero Trust Access can help organizations leverage outcome-based solutions that improve business agility, enhance user productivity, and reduce cost and complexity of security operations. "Beginning zero trust adoption isn't simple, fast or easy for most organizations," Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP. "We're launching Zero Trust Access as the first in many adoption-enabling services and solutions to come, so that our clients are better able to modernize their security programs, enable agile operations and confidently advance with emerging technologies and transformative risk management principles that can build more resilient security practices." About Deloitte Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them.

Read More

SOFTWARE SECURITY

Aqua Launches the Industry’s First Out-of-the-Box Runtime Security with Advanced Protection Against the Most Sophisticated Threats

Aqua Security | July 26, 2022

Aqua Security, the leading pure-play cloud native security provider, today announced the launch of out-of-the-box runtime protection with minimal configuration to stop attacks in real time on running workloads. Protection is composed of new curated and optimized default security controls, as well as advanced threat intel from observations of real attacks on cloud native environments. Both the controls and threat intel are the result of knowledge gained through years of securing customers’ live production environments. Customers can now apply this knowledge to achieve trusted and advanced runtime protection in minutes without requiring in-depth knowledge of their applications and environments. Using eBPF technology and threat intel from cyber research team Aqua Nautilus to identify advanced threats, Aqua surfaces the most critical issues in real time while also implementing a set of controls to protect running workloads immediately, without disrupting the business. “Aqua is transforming the runtime security paradigm. “Traditional runtime security requires security teams to have a great deal of cloud native knowledge, and as a result has been slow to adopt. Aqua is removing this barrier to adoption by making cloud workload threat protection immediately effective and easy for security professionals.” Amir Jerbi, CTO and co-founder, Aqua Security Stopping Attacks in Real Time with Runtime Security Recent data from Nautilus shows that one in three live attacks could be missed when relying exclusively on snapshot scanning of running workload images. Nautilus also found tens of thousands of instances of in-memory attacks and fileless attacks in a one-month period—attacks that would not be seen or stopped without kernel-level visibility. Aqua’s detection of anomalous behavior goes beyond point-in-time snapshots and catches malicious behavior of known and unknown threats in real time—this includes both known CVEs and zero-day exploits that have yet to be discovered. The new default runtime controls are based on ongoing recommendations from Aqua Nautilus, who detect and analyze 80,000 attacks a month using Aqua’s open source eBPF-based threat detection engine, Aqua Tracee. The result is real-time visibility at the kernel level that alerts customers the moment an attacker breaches a running workload, reducing attackers’ dwell time from months to milliseconds. Aqua’s Runtime Protection solution is part of Aqua’s fully integrated Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. Customers of the Aqua Platform also have access to the entire, full set of customizable, advanced runtime capabilities if and when they decide to define and implement more stringent policies. Key benefits of Aqua Runtime Protection include: Discover attacks immediately with continuously updated kernel-level behavioral detection. Updates are based on cloud native threat research from Aqua Nautilus along with years of experience securing customer workloads in production. Respond faster and reduce attacker dwell time by stopping attacks with pattern-based anti-malware in production and the option to block or delete malware on access. Simplify incident investigation and rapidly determine the impact and attack path of a security incident with a detailed incident timeline including rich contextual information. “Unlike overly complex runtime solutions, legacy solutions not designed for cloud-native applications, or solutions that can’t detect in real time, our goal with this release is to provide runtime security that is simple to deploy, giving you effective real-time security out-of-the-box,” said Jerbi. “What this boils down to is that, unlike alternative solutions, Aqua’s Platform will both detect sophisticated attacks and stop them in real time.” Aqua’s out-of-the-box Runtime Protection is now available and will make an industry debut at AWS re:Inforce on July 26-27 in Boston at Booth 104. To learn more, visit Aqua’s YouTube. About Aqua Security Aqua Security stops cloud native attacks and is the only company with a $1 Million Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry’s most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston and Ramat Gan, Israel, with Fortune 1000 customers in over 40 countries.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

BeyondTrust Introduces New Intelligent Identity and Access Security Platform

BeyondTrust | August 23, 2022

BeyondTrust, the leader in intelligent identity and access security, today announced the BeyondTrust Platform, featuring a modern architecture that delivers unprecedented visibility of identities and access across an organization’s entire digital estate, from on-premises to cloud, hybrid and operational technology environments. The BeyondTrust Platform delivers the most powerful intelligent identity and access security through an elegant, unified platform and interface that removes friction and drives unparalleled insights for organizations of all sizes. Today, organizations are being asked to do more with less, while facing an expanding threat landscape. They know they cannot solve emerging security problems with a disjointed patchwork of solutions or a poorly integrated ecosystem. “Our customers have told us they want a single platform that removes complexity and the risk created by fragmented infrastructure,” said Raj Cherukuri, Chief Product Officer at BeyondTrust. “They need solutions that accelerate time to value with easy deployments and deliver a robust set of common capabilities to reduce security risk, while accelerating their digital transformation initiatives.” The BeyondTrust Platform leverages a single interface to discover, manage, and protect identities, control access, as well as proactively detect anomalous activity. This new solution reduces complexity and management burden through a revolutionary single agent approach and unified management console across all BeyondTrust apps. Along with the platform, BeyondTrust also announced: BeyondTrust’s new Endpoint Security App, a modern privilege management solution that enables better policy management, access control, aggregated application monitoring, and threat detection; these integrated capabilities prevent attackers from elevating privileges, mitigating cyberattacks. The initial release of BeyondTrust’s new Cloud Privilege Manager App, which provides visibility and management of entitlements across multicloud environments from a single pane of glass. Together, with the Endpoint Security App, it enables broad visibility of identities across an organization’s on-premises and cloud footprint. By adopting a natively integrated and unified solution for identity and access security, organizations can better tackle existing use cases and expand to emerging ones, further reducing their attack surface. The BeyondTrust Platform provides a unified view of an organization’s identity landscape. This visibility helps organizations: Better manage, control, and protect their identity landscape More effectively control access to critical resources Easily meet security and compliance targets Key features and benefits include: Breakthrough User Experience – Unprecedented ease of use by leveraging natively integrated common capabilities, which can be activated as needed with a new trial and self-service approach Unified Management – A single console and unified dashboard deliver navigation, management, and reporting across all apps A Universal Agent – Streamlined deployment and straightforward maintenance with automatic installs and upgrades with no reboot required Asset Discovery – Gain unified cross domain visibility with scanning across the entire environment Unified Policy Management - Proactively manage drift with a policy advisor, a common policy framework, out-of-the-box policy templates and version control Centralized Reporting - Leverage information holistically across apps to support better decision-making, with easy customization options Holistic Visibility – Gain insight into privileges in use across the entire IT environment – on-premises, cloud, hybrid Identity Security Insights – Use identity-centric and cross app analytics for better decision making and prevent problems before they happen Health Monitoring – Keep track of the health and status of your endpoints and assets with proactive analytics Multitenant Deployment – Create multiple tenants within a deployment with complete isolation to match the organization’s structure About BeyondTrust BeyondTrust is the worldwide leader in intelligent identity and access security, empowering organizations to protect identities, stop threats, and deliver dynamic access to empower and secure a work-from-anywhere world. Our integrated products and platform offer the industry's most advanced privileged access management (PAM) solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.

Read More