DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Globenewswire | March 24, 2023
Virtru, the global leader in data-centric security and privacy, today announced the immediate availability of the Virtru Private Keystore, allowing organizations to leverage the power of industry-leading cloud collaboration platforms with the confidence that their data is completely private and shielded from their cloud provider.
The Virtru Private Keystore gives businesses a simple way to encrypt their cloud data and store the keys in an environment separate from their cloud provider. It is available for Google Workspace, Google Cloud, and all of Virtru’s products.
Privacy-preserving technology has become a top priority for businesses and individuals alike, as evidenced by Google’s rapid expansion of Client-Side Encryption for Google Workspace and customer-managed encryption keys for Google Cloud. Google has undertaken these efforts to win and retain privacy- and compliance-sensitive customers. Virtru is one of a select number of Google-recommended private encryption key management partners to support these initiatives.
Paris-based HR tech firm, Maki People, uses Virtru as its key management solution provider for Google Cloud, and views the Virtru Private Keystore as a way to build trust with its customers. “The Virtru Private Keystore is super seamless,” said Benjamin Chino, CPO and Co-Founder, Maki People. “Everything is running smoothly. From a customer standpoint, it really makes a difference – they now feel that they're much more in control, and that Google will not be able to access their data.”
“Safeguarding data privacy and control is our top priority, and the Virtru Private Keystore plays a crucial role in helping us achieve this objective,” said Ali Umana, Network Administrator, Kulite Semiconductor Products, Inc.
Around the world, regulatory requirements continue to tighten. The Virtru Private Keystore helps organizations meet compliance and data sovereignty obligations such as the International Traffic in Arms Regulations (ITAR) and the EU’s General Data Protection Regulation (GDPR).
“Our customers choose Virtru because our products are easy to use, and they integrate seamlessly with the apps they work in every day,” said Bill Bauman, Product Marketing, Virtru. “The Virtru Private Keystore does that, too. It simplifies key management for our customers and runs seamlessly in the background. It does more than just key exchanges, though: It adds policies to the keys and has audit capabilities. So, everyone can collaborate more confidently in the cloud and have final decision over who can access their data.”
The Virtru Private Keystore supports the full suite of Virtru products, including Virtru for Microsoft Outlook 365, Virtru for Gmail, Virtru Secure Share, and Virtru Data Protection Gateway, and is a trusted solution for Google Workspace Client-Side Encryption (or CSE, including CSE for Gmail) and Google Cloud External Key Manager (EKM). It can be deployed in a public or private cloud, or a private or co-hosted data center, and supports hardware security modules (HSM), with additional support for HSM Proxy Connector.
About Virtru
Virtru is a global leader in data privacy and protection. At Virtru, we equip our customers to take control of their data—everywhere it’s shared—through end-to-end encryption for Google, Microsoft, and other data sharing platforms.
Our team is creative, collaborative, and passionate about creating a brighter future for data privacy. Above all, we support our colleagues and empower each other to do our best work.
Read More
PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY
Prnewswire | May 09, 2023
Waratek, an industry leader making Java security achievable for every mission-critical application and API, today introduced API security to its Java Security Platform, giving customers the ability to scale strategic risk mitigation in the enterprise. This unique combination provides turnkey protection against bytecode and serialization vulnerabilities, classpath manipulation, and sandbox escapes that are unique to the Java Virtual Machine.
Additionally, Waratek released today its Log4J Vulnerability Scanner, giving users an in-depth view of any remaining issues in their IT systems. The scanner makes it simple to quickly scan all applications for Log4shell vulnerabilities, then sends out non-invasive payloads to a company's libraries, automatically building a table of remaining instances of Log4J and where to find them.
"In 2022, we were the first company that released a Log4j patch, even faster than Oracle. Today, researchers warn that the infamous Log4j vulnerability is still present in far too many systems worldwide, and that attackers will be successfully exploiting it for years. With 80 percent of Log4shell-impacted companies remaining vulnerable today, we recognized the immediate need to offer this security innovation to our customers," said Doug Ennis, CEO of Waratek.
Signature-based security approaches have worked well for non-complicated languages, but languages like Java that are compiled into bytecode require expert-level domain knowledge to secure due to the unique characteristics of the Java programming language and its execution environment. When API security is added to the mix, the issue is exasperated. Now companies can solve this problem by combining the domain expertise of a Java software engineer and the knowledge of a security engineer in one platform.
According to a recent survey, more than 60 percent of enterprise companies that use Java were affected by Log4j vulnerabilities, with 41 percent of those companies stating that between 51 and 75 percent of their apps were affected. Today, 81 percent of companies report still having problems as a result of Log4j, and 70 percent of companies surveyed still have not put a patch in place.
A long-term Waratek customer, one of the top five semiconductor businesses in the world, expressed Log4j vulnerability concerns and worried that hundreds of hours would be required to resolve the issues. Utilizing Waratek's Java Security Platform with API capabilities, 2,500 of the company's applications were fully remediated of Log4j vulnerabilities without code changes or application redeployments in under four hours.
"For Java applications and APIs our unprecedented Java Security Platform helps security teams fill the knowledge gap on Java and address its unique security nuances, such as Insecure Deserialization, accurately and instantly," said Ennis.
"Waratek's Java Security Platform has become the essential line item in our security budget," said a CISO at one of the top three largest global hotel chains. "We originally implemented it to fix insecure deserialization across our applications. Since then, it's scaled to 2,500 applications without introducing new headcount, because to date it's never generated a false-positive."
ABOUT WARATEK
Waratek is the industry pioneer making Java security achievable for every mission-critical application and API. Headquartered in Chicago, IL and Dublin, Ireland, Waratek's multiple-award winning solution is trusted by some of the world's most recognizable brands including IBM, Google, Amazon, Microsoft, and more. The company has been recognized and awarded for its innovation in security deployment by CRN, CDM, Gartner Group, RSA, FinTech Innovation Lab, Computer Technology Review, and Government Computer News. For more information visit www.waratek.com or connect with us on LinkedIn, Twitter, or YouTube.
Read More
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Globenewswire | April 06, 2023
Noname Security, the leading provider of complete and proactive API security, today announced Noname Public Sector’s Hardened Virtual Appliance making the API security platform available to the U.S. Federal Government, highly regulated industry customers, and FedRAMP-authorized vendors. The appliance is the first of its kind in the comprehensive API security space and is designed to deliver a drop-in, secure, and scalable system for discovering, monitoring, and protecting mission-critical APIs and data.
“Governments and highly regulated industries have unique security needs. Having worked closely with many Federal agencies during my career, I know how impactful it will be to provide this level of security and insight into APIs and provide options that make it easy to meet government standards,” said Dean Phillips, Executive Director of Public Sector Programs at Noname Security. “The government and regulated industries are not immune from cyber criminals, they are targeted as much if not more than most organizations. We’re excited to arm them with the tools they need to protect their assets.”
Federal agencies can use the Noname API Security Platform to protect their APIs in real-time and detect vulnerabilities before they are exploited. Noname Security’s Hardened Virtual Appliance makes the API security platform available completely offline with no reliance on internet connectivity, perfect for isolated and controlled environments. It is a finely tuned package of advanced software and premium support built and secured to Federal Government specifications, enabling customers to comply with the most rigorous standards, including Federal Information Processing Standards (FIPS)1 and Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIGs)2. Noname collaborated with a FedRAMP 3PAO, The MindPoint Group, on the development of the Noname Hardened Virtual Appliance.
Noname Security’s Hardened Virtual Appliance enables access to a powerful, complete, and easy-to-use API security platform that helps:
Discover all APIs, data, and metadata - Unlike other API solutions that only look at traffic sources, Noname Security discovers more APIs by combining traffic sources with the configuration of infrastructure and applications. The end result: visibility into more APIs and deeper insights into customers’ API security posture.
Analyze API behavior and detect all API threats - The Noname API Security Platform uses AI-based detection to identify the broadest set of API vulnerabilities, including data leakage, data tampering, misconfigurations, data policy violations, suspicious behavior, and cyber attacks.
Prevent attacks and remediate API vulnerabilities - Noname Security allows federal customers to prevent attacks in real-time, fix misconfigurations, automatically update firewall rules, webhook into their WAFs and gateways to create new policies against suspicious behavior, and integrate with existing workflows (ticketing and SIEMs).
Noname Public Sector LLC has made it easier to deploy, configure and manage the platform via the new Noshell(™) interface. The shell offers innovative features such as the ability to perform on-demand STIG audits of the internal system itself, while aiming to reduce the overall attack surface of the system.
About Noname Security & Noname Public Sector LLC
Noname Public Sector LLC empowers the world’s most critical organizations to protect their most important data. With decades of military and civilian public sector experience, Noname Public Sector combines a deep understanding of government agency requirements with leading expertise on their unique API security considerations. Government agencies using Noname’s complete, proactive API security solutions can securely harness their data to serve the public and stay ahead of adversaries. Noname Public Sector LLC is privately-held and based in Herndon, VA.
Noname Security is the leading provider of complete, proactive API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Security, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.
Read More