PLATFORM SECURITY

Uptycs consolidates cloud security with CNAPP

Uptycs | June 07, 2022

Uptycs
Uptycs, the first cloud-native security analytics platform that enables cloud and endpoint protection from a single solution, unveiled new capability to address critical cloud-native application protection platform (CNAPP) use cases today at the RSA Conference. In order to offer these functionalities, telemetry from the necessary attack surfaces is ingested into the Uptycs SQL-powered data lake for real-time and historical analysis. With a single data and control plane, this platform architecture allows enterprises to consolidate security tools as they progressively embrace cloud-native software development and operations.

Gartner estimates that by 2025, 70% of enterprises will reduce the number of providers safeguarding the life cycle of cloud-native apps to no more than three. Gartner advises security and risk management executives implementing a consolidation approach as follows: "Evaluate security platforms where data and control planes are shared; use this consolidation to develop common rules and close gaps and vulnerabilities across legacy silos."

"Security organizations face fast-changing threats while struggling to hire and retain technical talent. At the same time, organizations are accelerating digital transformation by adopting new cloud-native technologies and operations. Unlike other security vendors that take a portfolio approach—lightly integrating separately acquired products—Uptycs addresses these challenges by extending our SQL-powered analytics platform to cover key CNAPP use cases."

Ganesh Pai, CEO and co-founder of Uptycs

The Uptycs system generalizes telemetry at the collection point into SQL tables, allowing for real-time analysis and correlation as data flows into the cloud. This enables columnar compression as well as rapid query speeds over petabytes of data.

According to Gartner: "Securing cloud-native applications offers enterprises the opportunity to redesign security approaches. Rather than treat development and runtime as separate problems—secured and scanned with a collection of separate tools—enterprises should treat security and compliance as a continuum across development and operations. They should look to consolidate tools into cloud-native application protection platforms where possible."

Spotlight

HP Connected MX addresses the challenges of managing mobile information within a dispersed corporate environment. Organizations need a solution that delivers business assurance with corporate intelligence, control, security, and information analytics without compromising end-user productivity or conveniences. HP Connected MX enables organizations to confidently deliver information accessibility to their mobile workforce while facilitating organizational visibility, control, and protection of information at the edge.

Spotlight

HP Connected MX addresses the challenges of managing mobile information within a dispersed corporate environment. Organizations need a solution that delivers business assurance with corporate intelligence, control, security, and information analytics without compromising end-user productivity or conveniences. HP Connected MX enables organizations to confidently deliver information accessibility to their mobile workforce while facilitating organizational visibility, control, and protection of information at the edge.

Related News

SOFTWARE SECURITY

Cybersecurity Company Lumu Raises $8M, Signs Partnership with KnowBe4, the World's Largest Integrated Platform for Security Awareness Training

Lumu | August 08, 2022

Lumu, creators of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real time, today announced it has closed an $8 million investment round, bringing total funding to $15.5 million. Led by Panoramic Ventures, the investment will serve as growth capital for sales and marketing initiatives to further Lumu's mission of helping organizations operate cybersecurity proficiently. Other investors include KnowBe4 Ventures, Lane Bess, former Zscaler and Palo Alto Networks executive, and Tom Noonan, former CEO at Internet Security Systems and the SoftBank Group's SB Opportunity Fund. "We are excited to continue to support Lumu through this phase of hypergrowth, as organizations across all verticals are realizing the value of measuring compromise within their networks and acting on this factual data immediately," said Paul Judge, Managing Partner of Panoramic Ventures. "The innovation Lumu is bringing to the market is evident and a true game-changer for cybersecurity operations." Lumu's Continuous Compromise Assessment model enables any organization to measure and understand compromise to close the breach detection gap from months to minutes continuously and intentionally. Teams receive actionable information about who was impacted, when the incident took place and how best to respond before it escalates to a bigger problem. The company has experienced hyper-growth in 2021 and 2022 and now has more than 3,100 organizations using its technology. The Lumu platform has analyzed more than 1 trillion metadata and detected more than 345 million adversarial contacts. "With today's economy, hiring constraints and the non-stop cyber threats, companies need tools that enable an accurate understanding of, and swift response to, potential attacks. "Our platform provides context at the granular level to understand each and every incident and the specific techniques used by attackers so that cybersecurity operators can mitigate malicious incidents and overall improve their cybersecurity stack. With cybercriminals quick to take advantage of economic downturns, this funding round emphasizes just how critical of a time it is for enterprises to prioritize protection and defense mechanisms." Ricardo Villadiego, Founder and CEO of Lumu The capital will also be used to scale the company's initiative to consistently attract exceptional talent to amplify the reach of Lumu's cyber industry-leading resilience message and to build credibility with target audiences to help companies of all sizes and verticals proficiently operate cybersecurity functions. KnowBe4 is one of the key investors joining Lumu's funding round. The companies will join forces to further their missions of enabling employees and security teams to make smarter security decisions every day. Miami-based Lumu is founded and led by Ricardo Villadiego, a successful second-time founder who is part of the SB Opportunity Fund's community of visionary Black, Latinx, and Native American entrepreneurs. About Lumu Headquartered in Miami, Florida, Lumu is a cybersecurity company focused on helping enterprise organizations illuminate threats and isolate confirmed instances of compromise. Applying principles of Continuous Compromise Assessment, Lumu has built a powerful closed-loop, self-learning solution that helps security teams accelerate compromise detection, gain real-time visibility across their infrastructure, and close the breach detection gap from months to minutes.

Read More

PLATFORM SECURITY

Uptycs Unveils Advanced Container and Kubernetes Capabilities

Uptycs | May 27, 2022

Uptycs, the first cloud-native security analytics platform that enables both cloud and endpoint security from a single platform, today unveiled expanded container and Kubernetes security posture management (KSPM) features for its cloud workload protection platform (CWPP). These features enable real-time identification of containerized workloads, proactive scanning of container images in the CI/CD pipeline, constant compliance monitoring, and Kubernetes security policy audit and enforcement. According to Gartner, by 2026, over 90% of the world's enterprises will be operating containerized apps in production, up from less than 40% currently. Businesses, on the other hand, struggle to manage and maintain these transitory assets. Misconfigurations in the control plane and insecure policies at the single container layer are used by attackers to escalate permissions, conduct container escapes, and compromise nodes for executing code. "Organizations are rapidly scaling their Kubernetes environments and seeing tremendous gains in optimization, availability, and developer productivity, but too often Security teams are left playing catch up. With telemetry from Kubernetes systems supported by our analytics platform, Security teams know immediately what resources they have and the security posture of those resources—across public and private clouds, scaling to tens of thousands of pods. Combined with our industry-leading container security capabilities, this gives Security teams confidence that they have the proper controls in place to minimize risk while enabling innovation." Ganesh Pai, CEO and Co-founder of Uptycs Uptycs offers both fully managed (AWS EKS, Azure AKS, Google GKE) and self-managed Kubernetes environments, such as VMware Tanzu and Google Anthos. Uptycs contains a range of container runtimes (Docker, containerd, CRI-O). The latest KSPM capabilities offered by the Uptycs platform are now readily accessible and will be shown at the 2022 RSA Conference (booth #435) from June 6-9. Learn more about the Uptycs container and Kubernetes security service by visiting the Uptycs blog.

Read More

SOFTWARE SECURITY

WhiteSource Rebrands as Mend

Mend | May 30, 2022

WhiteSource, a pioneer in application security, has rebranded to Mend. Within the Mend Application Security Platform, the business is also delivering the industry's first automatic remediation for custom code security concerns, as well as integrating Mend Supply Chain Defender (previously WhiteSource Diffend) in its JFrog Artifactory plugin. Mend protects all parts of your program by automating repair, prevention, and protection from issue to solution, rather than just detection and proposed solutions. With revenue increasing by 800% in the previous three years and enterprise net retention reaching 127% in 2021, the firm recruited 350 new clients in the last year. Mend has over 1,000 clients, including more than 25% of the Fortune 100, and is committed to spending its most recent investment ($75 million series D announced in April 2021) on general development as it extends outside the Software Composition Analysis (SCA) industry. This includes the purchase of Diffend in April 2021, as well as the acquisitions of SAST companies Xanitizer and DefenseCode in February of this year. The Mend Application Security Platform is the result of strategic acquisitions and the company's unique automated remediation capabilities. The platform is the first to automatically detect and correct application security gaps including both open source and bespoke code, combining automated remediation for static application security testing (SAST) with Mend's current capacity to do so for software composition analysis (SCA). "Attackers are increasingly targeting applications as the weakest link to go after organizations, and at the same time, pressure to deliver software faster has never been higher. Organizations face undeniable tension to do both, better. Mend breaks the tradeoff between security and development delivery timelines by providing a solution that automates the reduction of the software attack surface while removing most of the burden of application security, allowing development teams to deliver quality, secure code, faster." Rami Sass, Co-founder and CEO of Mend Josh Johnson, Manager of Solutions Architecture, Defy Security said that "Whether open-source or proprietary code, the application security industry has mostly focused on vulnerability detection and management. Mend has an interesting approach of automating the remediation of code vulnerabilities. While the company is announcing this new name, as a partner of Mend, we are excited for it to further its commitment to solving code-based security challenges with automated-remediation. Defy Security looks forward to seeing Mend extend automation for closing security gaps."

Read More