PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION
Wallarm | January 23, 2023
Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak.
Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data.
With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach:
Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute.
Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio.
Control - Wallarm also continuously monitors and prevents the use of leaked API secrets.
The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation.
About Wallarm
Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.
Read More
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
FileCloud | January 11, 2023
On January 10, 2023, FileCloud announced the addition of Zero Trust File Sharing, bringing another layer of hyper-security to the market's most robust content collaboration platform. The latest, Zero Trust File Sharing, enables users to collaborate securely with employees along with other personnel, including external partners, vendors and clients.
This functionality extends beyond modulating share permissions or setting Data Loss Prevention (DLP) policies. Zero Trust File Sharing will become increasingly crucial for enterprises and organizations that handle sensitive or protected data, such as Personally Identifiable Information (PII) and Confidential Unclassified Information (CUI).
The emergence of cloud service technologies, remote access applications, and disappearing network edges have revealed multiple vulnerabilities in perimeter-based IT security models. The Zero Trust framework, built on a system of least privilege, provides a more resilient and adaptable approach that imposes identity authentication, regardless of where or how the request for access gets derived.
The U.S. Department of Defense has recently come up with a Zero Trust Strategy and Roadmap to eventually cover all U.S. government departments, which is likely to be adopted by the private sector. As a result, critical infrastructure sectors are ideal candidates for integrating Zero Trust File Sharing to protect their information systems from increasingly sophisticated cyberattacks launched by nation-states.
FileCloud's Zero Trust support enables enterprises to have an added layer of security on top of FileCloud's built-in access controls. The data within the environment is secured using a Zip file structure and password protection. The user can also set a Zero Trust password and create a sharing link to a file or folder.
The data remains inaccessible without this password, even with a shared direct link or in case of a data breach. Furthermore, the data remains protected by password-based encryption even if the Zero Trust protected folder is accessed via unauthorized means, including social engineering techniques.
Users who access the data with the Zero Trust password will also be restricted in their ability to edit or manipulate the data contained within the Zero Trust folder based on the share permissions.
About FileCloud
Headquartered in Austin, Texas, FileCloud is a leading hyper-secure content collaboration platform (CCP) providing data governance, industry-leading compliance, data leak protection, data retention and digital rights management capabilities to millions of users worldwide. Its complete CCP stack includes workflow automation and granular control of content sharing across most enterprise platforms. The platform offers powerful file sharing, mobile access and synchronization capabilities on public, private, and hybrid clouds to customers, including top Global 1000 enterprises, government organizations, educational institutions and managed service providers.
Read More
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
LogRhythm | December 20, 2022
LogRhythm, the company empowering security teams to defend against an ever-evolving threat landscape today announced its partnership with SentinelOne, an autonomous cybersecurity platform company. Together, LogRhythm and SentinelOne provide an integrated enterprise security solution to prevent, detect, and respond to threats in your environment. The combined solution streamlines security operations and improves response workflow, helping overwhelmed security teams cut through the noise and gain precise insights into cybersecurity threats.
Legacy solutions have been unable to keep up with the speed, sophistication, and scope of attacks, in which organizations lack the context and global visibility necessary to address these challenges, leaving them vulnerable to attacks. To remain on top of threats, it's essential for enterprises to understand what's occurring in their network and across their endpoints. However, without a centralized way to collect and action log data, that mission can be overwhelming for security teams.
“We are thrilled to formally announce our integration with SentinelOne. This partnership brings together two remarkable platforms that will provide our customers with incomparable visibility for analysts, allowing them to cut through the noise, and recognize and respond to incidents more quickly and effectively. “LogRhythm is committed to helping customers defend themselves against cyberattacks and we will continue to do so by partnering with leading and innovative cybersecurity companies to expand our offerings.”
Andrew Hollister, Chief Information Security Officer at LogRhythm
LogRhythm’s security analytics automatically incorporate rich endpoint telemetry from SentinelOne, enabling real-time threat protection and providing in-depth analytics for comprehensive security monitoring. LogRhythm SmartResponse™ capability leverages the SentinelOne API to effect automated response to malicious activities, such as automatically blacklisting hash values, or disconnecting affected machines from the network, as well as providing capabilities to collect additional information during an investigation. SmartResponse actions may be triggered directly by an Analytic running in LogRhythm’s patented Analytics Engine, or manually launched by an Analyst from the Web Console.
Key benefits of this integration include:
Expanded Visibility: Centralize data collection with events from SentinelOne managed user endpoints and cloud workloads
Focused automation: Initiate automatic endpoint mitigation with LogRhythm SmartResponse actions
Reduced Complexity: Prebuilt integrations and dashboards streamline SOC operations and improve ROI
“Our XDR strategy incorporates the integrations and technologies SentinelOne customers value. We’re excited about our partnership with LogRhythm,” said Yonni Shelmerdine, VP XDR Product Management at SentinelOne. “LogRhythm offers extensive support for - and integration across - the Singularity XDR platform, helping our customers from around the globe protect against modern cyberattacks and reduce risk.”
This announcement marks yet another milestone in the company’s momentous year. In addition to the release of LogRhythm Axon earlier this Fall, a groundbreaking, cloud-native security operations platform, LogRhythm also recently announced its integration with Gigamon that provides customers with a comprehensive view of network traffic.
About LogRhythm
LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.
LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps. Together, LogRhythm and our customers are ready to defend.
About SentinelOne
SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.
Read More