Q&A with Matt Amundson, VP of Marketing at Everstring

MEDIA 7 | November 14, 2019

Q&A with Matt Amundson
Matt Amundson, VP of Marketing at EverString has over 10 years of sales and marketing experience. Matt has held roles in Demand Generation and Sales Development at TIBCO, Marketo, FGXI and Red Bull. His primary focus has been on creating processes that generate a consistent, pipeline.

MEDIA 7: Could you tell us about your mantra “Go for the run”?
MATT AMUNDSON:
On December 29th of 2017, I decided to change my lifestyle habits and decided that I’m going to run a minimum of one mile every single day. So, every day since that day I’ve got up and ran. It’s been a seminal moment where my approach on life and work has changed dramatically. And as a result of that, it’s become a personal mantra, which is to not be afraid of where you might be today. If you’ve got some lofty goals or if you want to try something new, just get out there and give it a try and see what the results of it could be. On a personal level, whether you’re physically tired or don’t feel like doing it, just give it a shot and go for it. On a professional level, if it’s something that can benefit you or your brand give it a try, go for it and see what happens.

M7: What is your favorite part about working at EverString?
MA:
I really love the people that I work with and I’ve been at the organization for about four and a half years. Some of the folks that I’ve worked with since the beginning are still here and it’s just been an awesome journey to be on with some incredible colleagues and that’s just on a personal level. On a professional level, I think we’re all solving a major problem that a lot of organizations are suffering from – which is related to data. As a marketer who has existed in the mar tech space for the broader part of my career, we often think of our process improvements and workflow improvements to gain more efficiency. Whether that’s marketing automation system or a cool new technology like conversational AI most people fall into two camps when it comes to data, either they’re just not conscious of data or they are. The data that they purchase or the data they acquire ultimately powers everything they do from a marketing perspective or they’re used to the status quo of current data providers that provide low quality of data and are sort of mired in the “well I guess that’s the way it is and that’s just the quality level that I have to deal with”. The fact that we’re changing that for some of the world’s biggest brands like Capital One, FedEx, Staples, Autodesk, Oracle as well as the smaller brands is really exciting to me.


"The world’s largest businesses do really large contracts with much bigger deals because they are so data focused and we can provide not only the data but also data science to go along with that."

M7: How does EverString’s data platform stand out from the rest in delivering high coverage as well as accuracy for data vendors?
MA:
The high-quality of our data lies in the way that we collect data versus the way that traditional data vendors collect. The traditional route for collecting data is by using a couple of different ways, but the most traditional would be to have a call from somewhere where people are just dialing into an organization and asking them for data about their companies. That’s problematic for a lot of reasons, one being – you’re essentially relying on people to give you accurate answers to the frequency at which you’re updating. This is fairly sparse because you’re not always going to get a hold of somebody as businesses are changing.

The way EverString does it is by taking a more digital approach to it – we use machine learning and artificial intelligence not only to go out and scrape and collect data and update that data on a monthly basis but we also use artificial intelligence to say, if these companies are similar, the likelihood that they have the same attributes or technology or number of sales employees or engineering employees is probably true as well. So, we’re able to predict that type of data and then feed it back through people to go in and verify. So essentially, we’re able to collect data on a much broader set of companies in a much faster fashion and we’re able to update that data much more frequently than any of our competitors. 

M7: What marketing channels do you use and which ones do you see as the most promising given your target customers?
MA:
We have a fairly small marketing department; we only have five people on the team. But I think the team that we have here is very efficient, and the channels that we generally lean into are the traditional channels of email, digital marketing through both PPC display advertising as well as using platforms like LinkedIn and Facebook which have actually been successful for us.

One of the things that we do is we’re very heavy direct mail marketers and we’ve found a lot of efficiency gain from that. We’re also very well–known for doing really great events, we did a party at Marketo summit in 2016 that had about 3000 people there and luckily, we had Will Smith as the keynote presenter from Marketo summit come and perform in the party. So, that was an amazing event that we’ve been very well known for.


"There’s just a lot of in accuracy and incompleteness in data so modelling that data to try to predict outcomes is problematic."

M7: Since you joined the company EverString in 2015, what paradigm shift do you see in the company today?
MA:
 In the early days of the business we really focused on being primarily a data science company where we wanted to roll out our customer’s data to essentially model and predict outcomes. And the problem with that was a lot of what I talked about at the top of our conversation. There’s just a lot of inaccuracy and incompleteness in data so modelling that data to try to predict outcomes was problematic. And what we realized three years ago was we couldn’t just be a data science company we also had to be a data company and so we set out on this journey to become the data company and realistically about 18 months ago we saw the fruit of that work. For about the last six quarters we’ve been able to go into some of the world’s largest businesses and do really large contracts with much bigger deals because they are so data focused and we can provide not only the data but also data science to go along with that. So, it’s not just that they consume raw data from us but also let us use our own internal data science capabilities to make sense of that data to help marketers do better segmentation, for sales people to have better insights into why they should be reaching out to an account when they should be reaching out to an operations teams to be able to provide their go-to-market teams with just a much higher quality of data.



"Everstring makes sense of data to help marketers do better segmentation and for sales people to have better insights into why they should be reaching out to an account or operations teams."

M7: How old were you when you had your first paying job?
MA:
 I think I was about 10 years old and I fall into like the fairly regular category of a lot of people that I know in the professional world who began their careers as adolescents with a paper route. So, I was like the neighborhood paperboy for a number of years and that was interesting because that taught me a lot of lessons and how to ask people for money which is fairly difficult. It also taught me discipline and building routines and processes around making sure you get up early making sure papers are delivered on time. So, it was a great learning lesson for me. I didn’t necessarily think about it in the time I just kind of thought about the 50 bucks a month that I was getting to go spend on candy and toys.

ABOUT EVERSTRING

EverString’s AI SaaS solution is designed for B2B sales and marketing professionals to drive pipeline growth, help close new customers, expand into new markets, prioritize accounts, and provide actionable insights – all without the need for an administrator.

EverString is backed by leading investors including Lightspeed Venture Partners, Sequoia Capital, IDG Ventures and Lakestar. For more information, visit www.everstring.com.

More THOUGHT LEADERS

‘The toughest part is making the content both timely and relevant,’ says Stel Valavanis

Media 7 | June 6, 2023

Discover insights from Stel Valavanis, as he shares his journey, highlights that shaped his career as well as his perspective on online advertising and content syndication. Gain valuable knowledge on network security and business goals and learn about Zecurion's advanced solutions in data loss prevention and panoptic security information and event management....

Read More

‘Pay special attention to customer loyalty, retention and customer happiness,’ says Alexey Raevsky

Media 7 | June 6, 2023

Alexey Raevsky talks about prevention of cyberattack, data protection, mobile device security and data classification in this exclusive interview. Read on to know about data loss prevention solutions offered by Zecurion and Alexey's invaluable insights on risk management, compliance, and protection against threats....

Read More

‘Marketing can be the oxygen to a company’s growth,’ says Shashi Kiran

Media 7 | April 19, 2023

Shashi Kiran has a growth mind-set and enjoy driving results that make an effect, add value, and give people a good time. Integrity, authenticity, and staying away from politics are important parts of my identity. He has worked in marketing, sales, business development, and product management at both big global companies with global teams and multi-billion dollar sales and multi-stage startups. Read more to know his thoughts on role of marketing in IT industry....

Read More

‘The toughest part is making the content both timely and relevant,’ says Stel Valavanis

Media 7 | June 6, 2023

Discover insights from Stel Valavanis, as he shares his journey, highlights that shaped his career as well as his perspective on online advertising and content syndication. Gain valuable knowledge on network security and business goals and learn about Zecurion's advanced solutions in data loss prevention and panoptic security information and event management....

Read More

‘Pay special attention to customer loyalty, retention and customer happiness,’ says Alexey Raevsky

Media 7 | June 6, 2023

Alexey Raevsky talks about prevention of cyberattack, data protection, mobile device security and data classification in this exclusive interview. Read on to know about data loss prevention solutions offered by Zecurion and Alexey's invaluable insights on risk management, compliance, and protection against threats....

Read More

‘Marketing can be the oxygen to a company’s growth,’ says Shashi Kiran

Media 7 | April 19, 2023

Shashi Kiran has a growth mind-set and enjoy driving results that make an effect, add value, and give people a good time. Integrity, authenticity, and staying away from politics are important parts of my identity. He has worked in marketing, sales, business development, and product management at both big global companies with global teams and multi-billion dollar sales and multi-stage startups. Read more to know his thoughts on role of marketing in IT industry....

Read More

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

CyberArk Introduces First Identity Security-Based Enterprise Browser

iTWire | May 30, 2023

CyberArk (NASDAQ: CYBR), the Identity Security company, today introduced CyberArk Secure Browser. This first-of-its-kind Identity Security web browser enables organisations to better protect against attacks with a flexible, identity-based approach to securing employee and third-party access to enterprise resources. By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.1 Browsers provide a vital connection between identities, applications and data, making them a prominent attack vector and a target for cybercriminals – especially in distributed, work-from-anywhere environments. A rise in post-MFA authentication attacks targeting session cookies reinforces the need for defense-in-depth strategies. Now, CyberArk is applying its deep cybersecurity experience, history of Identity Security innovation and intelligent privilege controls to web browsing. Part of the CyberArk Identity Security Platform, the Chromium-based CyberArk Secure Browser supports enterprise Zero Trust initiatives with integrated security, centralised policy management and productivity tools while delivering a familiar user experience. The CyberArk Identity Security Platform delivers the most robust, layered approach to address the number one area of cybersecurity risk: credential access.2 CyberArk Secure Browser is designed to eliminate existing security gaps between consumer-focused browsers and SaaS applications, endpoint-based controls and identity providers. By extending the CyberArk Identity Security Platform to the browser itself, CyberArk makes it easy for IT teams to tailor security, privacy and productivity controls on managed and unmanaged devices. Key features include: Cookieless Browsing: Cookieless browsing is a key differentiating feature that allows users to access and use web-based resources without exposing cookie files to attackers. The cookies will be stored remotely on CyberArk servers enabling secure and seamless web browsing without saving cookie files on the endpoints. This approach makes it difficult for attackers or third parties to steal, forge, alter or manipulate cookies to gain unauthorised access to sensitive resources and helps ensure that users’ web sessions, data and accounts remain confidential and secure. Data Exfiltration Protections: Companies can control the browsing experience with fine-grained policies designed to prevent data exfiltration attempts that can compromise corporate data. Password Replacement: CyberArk Secure Browser features patent-pending password replacement functionality. Instead of showing stored credentials for privileged resources or websites, the browser displays a one-time alphanumeric string. This string works only once, only in CyberArk Secure Browser and only for intended targets – eliminating the possibility that end users will see these privileged credentials in plain text. Extensibility: Third-party identity providers and out-of-the-box integrations are supported with the CyberArk Identity Security Platform solutions, including CyberArk Workforce Password Management and CyberArk Secure Web Sessions. This allows companies to customise session protections, access controls and credential management to each user based on their roles. It also works in conjunction with CyberArk Endpoint Privilege Manager to mitigate potentially risky web access and vulnerable endpoints. Quick Access Bar: The built-in quick access sidebar helps ensure end users can utilise their Single Sign-On (SSO) credentials to securely access frequently used apps, third-party tools and CyberArk privileged access management resources directly from CyberArk Secure Browser with the click of a button. “CyberArk is constantly innovating – working to protect our customers against current cybersecurity risk and emerging threats. Based on trends impacting hybrid work environments and research generated by our CyberArk Labs and Red Team, developing an enterprise browser – with an identity-first, security-first approach – was a natural progression for our business,” said Gil Rapaport, general manager, Access at CyberArk. “CyberArk Secure Browser represents a new era of web browsing, where security, privacy and productivity are the top priorities.” Dynamically mirroring controls and access policies existing on Chrome and Edge browsers that are already deployed on the end user’s device, CyberArk Secure Browser reduces IT overhead and accelerates the deployment timeline for employees, contractors and vendors. Planned availability for CyberArk Secure Browser on Windows endpoints is by the end of 2023. To learn more about CyberArk Secure Browser, please visit https://lp.cyberark.com/secure-browser-early-access.html. About CyberArk CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

Uptycs Integrates with Amazon Security Lake to Enable the Correlation of its CNAPP and XDR Security Telemetry with a Vast Ecosystem of Security Tools

Prnewswire | June 01, 2023

Uptycs, provider of the first unified CNAPP and XDR platform, today announced an integration with Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes security data from across AWS environments, leading SaaS providers, on-premises, and cloud sources into a purpose-built data lake. Amazon Security Lake manages data throughout its lifecycle with customizable data retention settings and converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF) open standard, making it easier to automatically collect, combine, and analyze security data from AWS, security partners, and analytics providers. The integration with Uptycs helps organizations speed up threat detection and incident response by correlating Uptycs telemetry and events with data from a vast number of other security tools. With the proliferation of technologies and environments, security teams need to spend time setting up one-to-one integrations between their tools to correlate threat activity. This is expensive and delays response to security threats. In contrast, a shift up approach to cybersecurity does not need complex integrations and intermediary systems to connect the dots. The premise involves getting the data in a standardized format right out of the gate, and streaming it up into a data lake so security teams can do cross-correlations that speed up threat detection and response. The OCSF project offers a consistent approach towards cybersecurity telemetry by providing a standard schema for common security events, defining versioning criteria to facilitate schema evolution, and including a self-governance process for security log producers and consumers. This enables organizations to easily bring together data from multiple security tools. "We are excited to bring the security telemetry from Uptycs into Amazon Security Lake," says Ganesh Pai, CEO and co-founder of Uptycs. "A key tenet of the shift up approach to cybersecurity is to stream normalized security telemetry into a data lake, moving security analytics processing power to the cloud. Uptycs and AWS customers can now enjoy enhanced protection and faster reaction time as they benefit from standardized OCSF-based telemetry across their on-prem and cloud workloads." Using the OCSF format, Uptycs and Amazon Security Lake allow organizations to have a consistent telemetry, enabling them to easily correlate data from a variety of security, SIEM, and SOAR tools. Uptycs, an AWS Security Competency Partner, will send a wealth of OCSF-formatted data from on-premises and cloud assets to Amazon Security Lake, including behavioral threat detections from endpoints and cloud workloads, anomaly detections, policy violations, risky policies, misconfigurations, and vulnerabilities. Uptycs prospects and customers can get started with the Amazon Security Lake integration by contacting Uptycs. About Uptycs Your developer's laptop is just a hop away from cloud infrastructure. Attackers don't think in silos, so why would you have siloed solutions protecting public cloud, private cloud, containers, laptops, and servers? Uptycs reduces risk by prioritizing your responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across your modern attack surface—all from a single platform, UI, and data model. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY

Traceable AI Announces the Industry’s First API Security Reference Architecture for a Zero Trust World

Businesswire | June 06, 2023

Traceable AI, the industry's leading API security company, today announced the release of the industry's first API Security Reference Architecture for Zero Trust. This groundbreaking reference architecture serves as a guide for security leaders as the industry addresses the urgency of integrating API Security into Zero Trust Security initiatives. Zero Trust, a cybersecurity framework that emphasizes continuous verification and helps to minimize the attack surface, has proven effective in enhancing security for many organizations, from large enterprises, to the US Government. However, traditional Zero Trust approaches have primarily focused on network-level controls and identity access management, neglecting the critical API layer. Traceable’s API Security Reference Architecture is aligned with the NIST Zero Trust Architecture, a publicly available, vendor-neutral framework widely adopted by government entities such as CISA, DoD, DISA, NSA, GSA and NCCoE, as well as by many leading cybersecurity vendors. By leveraging the NIST framework, Traceable ensures compatibility, interoperability, and adherence to industry standards, making it a reliable and trusted guide for organizations implementing Zero Trust for their APIs. The extensive reference architecture provides organizations with a prescriptive methodology to operationalize Zero Trust for APIs: Advanced API Security: The reference architecture gives organizations a way to implement robust security measures specifically designed for APIs, including eliminating implied or persistent trust for APIs, thereby minimizing the risk of API-related vulnerabilities, attacks, and data breaches. Comprehensive Risk Management: The reference architecture recommends incorporating automatic user authentication and authorization, granular data access policies, and asset risk assessments, can organizations can effectively manage and mitigate risks associated with API access and usage. Increased Visibility and Control: The architecture explains why organizations should obtain granular visibility, which allows organizations to monitor and record all API transactions, enabling better analysis, threat detection, and incident response capabilities. Improved Compliance and Data Protection: The automatic identification and classification of sensitive data sets ensure compliance with data protection regulations such as HIPAA, GDPR, and PCI-DSS, reducing the risk of regulatory penalties and reputational damage. Seamless Automation and Orchestration: The reference architecture recommends integration with XDR, SIEM, and SOAR solutions, so organizations can enhance their overall security posture, automate response actions, and streamline security operations. Scalability and Flexibility: The architecture offers a flexible distribution model for PEPs and data collection points, allowing organizations to scale their API security infrastructure based on their unique requirements and architecture. Future-Proofing: By aligning with the NIST Zero Trust Architecture and industry standards, organizations adopting the API Security Reference Architecture can ensure compatibility, interoperability, and the ability to evolve alongside emerging technologies and security best practices. Traceable’s API Security Reference Architecture for Zero Trust introduces a new approach to secure APIs using Zero Trust concepts, acknowledging their unique security requirements. It provides organizations with a comprehensive framework to implement Zero Trust controls specifically tailored to APIs, ensuring the protection of digital assets and mitigating the risk of data breaches. Dr. Chase Cunningham weighs in on Traceable’s approach: "APIs provide a new means of applying controls across enterprise applications, " says Dr. Cunningham, “However, the security practices for APIs have not yet matured, leaving a significant gap in the overall attack surface. Traceable has developed their own API Security Reference Architecture to help fill this gap by providing organizations with a methodical way to secure their APIs with Zero Trust principles. By combining Zero Trust strategic concepts with API-specific security measures, Traceable can help organizations protect their digital assets effectively." Throughout the past year, Traceable has continued to reaffirm its commitment to extending Zero Trust methodologies to API Security. With the addition of Zero Trust creator John Kindervag and Dr. Zero Trust, Chase Cunningham as Traceable advisors, Traceable continues to strengthen its expertise in this space. To date, Traceable has become a valuable partner to a number of large enterprises as the industry turns its eyes toward the importance of API security. With the rollout of their Zero Trust API Access solution alongside this reference architecture, Traceable continues to lead the industry toward the advancement of API security. This reference architecture is now available for organizations to explore and implement, empowering them to achieve complete API security in a Zero Trust world. About Traceable Traceable is the industry’s leading API Security company that helps organizations achieve API protection in a cloud-first, API-driven world. With an API Data Lake at the core of the platform, Traceable is the only intelligent and context-aware solution that powers complete API security – security posture management, threat protection and threat management across the entire Software Development Lifecycle – enabling organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, book a demo with a security expert.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

CyberArk Introduces First Identity Security-Based Enterprise Browser

iTWire | May 30, 2023

CyberArk (NASDAQ: CYBR), the Identity Security company, today introduced CyberArk Secure Browser. This first-of-its-kind Identity Security web browser enables organisations to better protect against attacks with a flexible, identity-based approach to securing employee and third-party access to enterprise resources. By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.1 Browsers provide a vital connection between identities, applications and data, making them a prominent attack vector and a target for cybercriminals – especially in distributed, work-from-anywhere environments. A rise in post-MFA authentication attacks targeting session cookies reinforces the need for defense-in-depth strategies. Now, CyberArk is applying its deep cybersecurity experience, history of Identity Security innovation and intelligent privilege controls to web browsing. Part of the CyberArk Identity Security Platform, the Chromium-based CyberArk Secure Browser supports enterprise Zero Trust initiatives with integrated security, centralised policy management and productivity tools while delivering a familiar user experience. The CyberArk Identity Security Platform delivers the most robust, layered approach to address the number one area of cybersecurity risk: credential access.2 CyberArk Secure Browser is designed to eliminate existing security gaps between consumer-focused browsers and SaaS applications, endpoint-based controls and identity providers. By extending the CyberArk Identity Security Platform to the browser itself, CyberArk makes it easy for IT teams to tailor security, privacy and productivity controls on managed and unmanaged devices. Key features include: Cookieless Browsing: Cookieless browsing is a key differentiating feature that allows users to access and use web-based resources without exposing cookie files to attackers. The cookies will be stored remotely on CyberArk servers enabling secure and seamless web browsing without saving cookie files on the endpoints. This approach makes it difficult for attackers or third parties to steal, forge, alter or manipulate cookies to gain unauthorised access to sensitive resources and helps ensure that users’ web sessions, data and accounts remain confidential and secure. Data Exfiltration Protections: Companies can control the browsing experience with fine-grained policies designed to prevent data exfiltration attempts that can compromise corporate data. Password Replacement: CyberArk Secure Browser features patent-pending password replacement functionality. Instead of showing stored credentials for privileged resources or websites, the browser displays a one-time alphanumeric string. This string works only once, only in CyberArk Secure Browser and only for intended targets – eliminating the possibility that end users will see these privileged credentials in plain text. Extensibility: Third-party identity providers and out-of-the-box integrations are supported with the CyberArk Identity Security Platform solutions, including CyberArk Workforce Password Management and CyberArk Secure Web Sessions. This allows companies to customise session protections, access controls and credential management to each user based on their roles. It also works in conjunction with CyberArk Endpoint Privilege Manager to mitigate potentially risky web access and vulnerable endpoints. Quick Access Bar: The built-in quick access sidebar helps ensure end users can utilise their Single Sign-On (SSO) credentials to securely access frequently used apps, third-party tools and CyberArk privileged access management resources directly from CyberArk Secure Browser with the click of a button. “CyberArk is constantly innovating – working to protect our customers against current cybersecurity risk and emerging threats. Based on trends impacting hybrid work environments and research generated by our CyberArk Labs and Red Team, developing an enterprise browser – with an identity-first, security-first approach – was a natural progression for our business,” said Gil Rapaport, general manager, Access at CyberArk. “CyberArk Secure Browser represents a new era of web browsing, where security, privacy and productivity are the top priorities.” Dynamically mirroring controls and access policies existing on Chrome and Edge browsers that are already deployed on the end user’s device, CyberArk Secure Browser reduces IT overhead and accelerates the deployment timeline for employees, contractors and vendors. Planned availability for CyberArk Secure Browser on Windows endpoints is by the end of 2023. To learn more about CyberArk Secure Browser, please visit https://lp.cyberark.com/secure-browser-early-access.html. About CyberArk CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

Uptycs Integrates with Amazon Security Lake to Enable the Correlation of its CNAPP and XDR Security Telemetry with a Vast Ecosystem of Security Tools

Prnewswire | June 01, 2023

Uptycs, provider of the first unified CNAPP and XDR platform, today announced an integration with Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes security data from across AWS environments, leading SaaS providers, on-premises, and cloud sources into a purpose-built data lake. Amazon Security Lake manages data throughout its lifecycle with customizable data retention settings and converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF) open standard, making it easier to automatically collect, combine, and analyze security data from AWS, security partners, and analytics providers. The integration with Uptycs helps organizations speed up threat detection and incident response by correlating Uptycs telemetry and events with data from a vast number of other security tools. With the proliferation of technologies and environments, security teams need to spend time setting up one-to-one integrations between their tools to correlate threat activity. This is expensive and delays response to security threats. In contrast, a shift up approach to cybersecurity does not need complex integrations and intermediary systems to connect the dots. The premise involves getting the data in a standardized format right out of the gate, and streaming it up into a data lake so security teams can do cross-correlations that speed up threat detection and response. The OCSF project offers a consistent approach towards cybersecurity telemetry by providing a standard schema for common security events, defining versioning criteria to facilitate schema evolution, and including a self-governance process for security log producers and consumers. This enables organizations to easily bring together data from multiple security tools. "We are excited to bring the security telemetry from Uptycs into Amazon Security Lake," says Ganesh Pai, CEO and co-founder of Uptycs. "A key tenet of the shift up approach to cybersecurity is to stream normalized security telemetry into a data lake, moving security analytics processing power to the cloud. Uptycs and AWS customers can now enjoy enhanced protection and faster reaction time as they benefit from standardized OCSF-based telemetry across their on-prem and cloud workloads." Using the OCSF format, Uptycs and Amazon Security Lake allow organizations to have a consistent telemetry, enabling them to easily correlate data from a variety of security, SIEM, and SOAR tools. Uptycs, an AWS Security Competency Partner, will send a wealth of OCSF-formatted data from on-premises and cloud assets to Amazon Security Lake, including behavioral threat detections from endpoints and cloud workloads, anomaly detections, policy violations, risky policies, misconfigurations, and vulnerabilities. Uptycs prospects and customers can get started with the Amazon Security Lake integration by contacting Uptycs. About Uptycs Your developer's laptop is just a hop away from cloud infrastructure. Attackers don't think in silos, so why would you have siloed solutions protecting public cloud, private cloud, containers, laptops, and servers? Uptycs reduces risk by prioritizing your responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across your modern attack surface—all from a single platform, UI, and data model. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY

Traceable AI Announces the Industry’s First API Security Reference Architecture for a Zero Trust World

Businesswire | June 06, 2023

Traceable AI, the industry's leading API security company, today announced the release of the industry's first API Security Reference Architecture for Zero Trust. This groundbreaking reference architecture serves as a guide for security leaders as the industry addresses the urgency of integrating API Security into Zero Trust Security initiatives. Zero Trust, a cybersecurity framework that emphasizes continuous verification and helps to minimize the attack surface, has proven effective in enhancing security for many organizations, from large enterprises, to the US Government. However, traditional Zero Trust approaches have primarily focused on network-level controls and identity access management, neglecting the critical API layer. Traceable’s API Security Reference Architecture is aligned with the NIST Zero Trust Architecture, a publicly available, vendor-neutral framework widely adopted by government entities such as CISA, DoD, DISA, NSA, GSA and NCCoE, as well as by many leading cybersecurity vendors. By leveraging the NIST framework, Traceable ensures compatibility, interoperability, and adherence to industry standards, making it a reliable and trusted guide for organizations implementing Zero Trust for their APIs. The extensive reference architecture provides organizations with a prescriptive methodology to operationalize Zero Trust for APIs: Advanced API Security: The reference architecture gives organizations a way to implement robust security measures specifically designed for APIs, including eliminating implied or persistent trust for APIs, thereby minimizing the risk of API-related vulnerabilities, attacks, and data breaches. Comprehensive Risk Management: The reference architecture recommends incorporating automatic user authentication and authorization, granular data access policies, and asset risk assessments, can organizations can effectively manage and mitigate risks associated with API access and usage. Increased Visibility and Control: The architecture explains why organizations should obtain granular visibility, which allows organizations to monitor and record all API transactions, enabling better analysis, threat detection, and incident response capabilities. Improved Compliance and Data Protection: The automatic identification and classification of sensitive data sets ensure compliance with data protection regulations such as HIPAA, GDPR, and PCI-DSS, reducing the risk of regulatory penalties and reputational damage. Seamless Automation and Orchestration: The reference architecture recommends integration with XDR, SIEM, and SOAR solutions, so organizations can enhance their overall security posture, automate response actions, and streamline security operations. Scalability and Flexibility: The architecture offers a flexible distribution model for PEPs and data collection points, allowing organizations to scale their API security infrastructure based on their unique requirements and architecture. Future-Proofing: By aligning with the NIST Zero Trust Architecture and industry standards, organizations adopting the API Security Reference Architecture can ensure compatibility, interoperability, and the ability to evolve alongside emerging technologies and security best practices. Traceable’s API Security Reference Architecture for Zero Trust introduces a new approach to secure APIs using Zero Trust concepts, acknowledging their unique security requirements. It provides organizations with a comprehensive framework to implement Zero Trust controls specifically tailored to APIs, ensuring the protection of digital assets and mitigating the risk of data breaches. Dr. Chase Cunningham weighs in on Traceable’s approach: "APIs provide a new means of applying controls across enterprise applications, " says Dr. Cunningham, “However, the security practices for APIs have not yet matured, leaving a significant gap in the overall attack surface. Traceable has developed their own API Security Reference Architecture to help fill this gap by providing organizations with a methodical way to secure their APIs with Zero Trust principles. By combining Zero Trust strategic concepts with API-specific security measures, Traceable can help organizations protect their digital assets effectively." Throughout the past year, Traceable has continued to reaffirm its commitment to extending Zero Trust methodologies to API Security. With the addition of Zero Trust creator John Kindervag and Dr. Zero Trust, Chase Cunningham as Traceable advisors, Traceable continues to strengthen its expertise in this space. To date, Traceable has become a valuable partner to a number of large enterprises as the industry turns its eyes toward the importance of API security. With the rollout of their Zero Trust API Access solution alongside this reference architecture, Traceable continues to lead the industry toward the advancement of API security. This reference architecture is now available for organizations to explore and implement, empowering them to achieve complete API security in a Zero Trust world. About Traceable Traceable is the industry’s leading API Security company that helps organizations achieve API protection in a cloud-first, API-driven world. With an API Data Lake at the core of the platform, Traceable is the only intelligent and context-aware solution that powers complete API security – security posture management, threat protection and threat management across the entire Software Development Lifecycle – enabling organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, book a demo with a security expert.

Read More

Spotlight

Everstring

EverString’s AI SaaS solution is designed for B2B sales and marketing professionals to drive pipeline growth, help close new customers, expand into new markets, prioritize accounts, and provide actionable insights – all without the need for an administrator. EverString is backed by leading investors...

Events

Resources

resource image

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Zero Trust Maturity Model

Whitepaper

resource image

DATA SECURITY, ENTERPRISE SECURITY

Fujitsu PRIMERGY Server Security Overview

Whitepaper

resource image

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Zero Trust Maturity Model

Whitepaper

resource image

DATA SECURITY, ENTERPRISE SECURITY

Fujitsu PRIMERGY Server Security Overview

Whitepaper

Events