DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
iTWire | May 30, 2023
CyberArk (NASDAQ: CYBR), the Identity Security company, today introduced CyberArk Secure Browser. This first-of-its-kind Identity Security web browser enables organisations to better protect against attacks with a flexible, identity-based approach to securing employee and third-party access to enterprise resources.
By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.1 Browsers provide a vital connection between identities, applications and data, making them a prominent attack vector and a target for cybercriminals – especially in distributed, work-from-anywhere environments.
A rise in post-MFA authentication attacks targeting session cookies reinforces the need for defense-in-depth strategies. Now, CyberArk is applying its deep cybersecurity experience, history of Identity Security innovation and intelligent privilege controls to web browsing. Part of the CyberArk Identity Security Platform, the Chromium-based CyberArk Secure Browser supports enterprise Zero Trust initiatives with integrated security, centralised policy management and productivity tools while delivering a familiar user experience. The CyberArk Identity Security Platform delivers the most robust, layered approach to address the number one area of cybersecurity risk: credential access.2
CyberArk Secure Browser is designed to eliminate existing security gaps between consumer-focused browsers and SaaS applications, endpoint-based controls and identity providers. By extending the CyberArk Identity Security Platform to the browser itself, CyberArk makes it easy for IT teams to tailor security, privacy and productivity controls on managed and unmanaged devices. Key features include:
Cookieless Browsing: Cookieless browsing is a key differentiating feature that allows users to access and use web-based resources without exposing cookie files to attackers. The cookies will be stored remotely on CyberArk servers enabling secure and seamless web browsing without saving cookie files on the endpoints. This approach makes it difficult for attackers or third parties to steal, forge, alter or manipulate cookies to gain unauthorised access to sensitive resources and helps ensure that users’ web sessions, data and accounts remain confidential and secure.
Data Exfiltration Protections: Companies can control the browsing experience with fine-grained policies designed to prevent data exfiltration attempts that can compromise corporate data.
Password Replacement: CyberArk Secure Browser features patent-pending password replacement functionality. Instead of showing stored credentials for privileged resources or websites, the browser displays a one-time alphanumeric string. This string works only once, only in CyberArk Secure Browser and only for intended targets – eliminating the possibility that end users will see these privileged credentials in plain text.
Extensibility: Third-party identity providers and out-of-the-box integrations are supported with the CyberArk Identity Security Platform solutions, including CyberArk Workforce Password Management and CyberArk Secure Web Sessions. This allows companies to customise session protections, access controls and credential management to each user based on their roles. It also works in conjunction with CyberArk Endpoint Privilege Manager to mitigate potentially risky web access and vulnerable endpoints.
Quick Access Bar: The built-in quick access sidebar helps ensure end users can utilise their Single Sign-On (SSO) credentials to securely access frequently used apps, third-party tools and CyberArk privileged access management resources directly from CyberArk Secure Browser with the click of a button.
“CyberArk is constantly innovating – working to protect our customers against current cybersecurity risk and emerging threats. Based on trends impacting hybrid work environments and research generated by our CyberArk Labs and Red Team, developing an enterprise browser – with an identity-first, security-first approach – was a natural progression for our business,” said Gil Rapaport, general manager, Access at CyberArk. “CyberArk Secure Browser represents a new era of web browsing, where security, privacy and productivity are the top priorities.”
Dynamically mirroring controls and access policies existing on Chrome and Edge browsers that are already deployed on the end user’s device, CyberArk Secure Browser reduces IT overhead and accelerates the deployment timeline for employees, contractors and vendors.
Planned availability for CyberArk Secure Browser on Windows endpoints is by the end of 2023. To learn more about CyberArk Secure Browser, please visit https://lp.cyberark.com/secure-browser-early-access.html.
CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.
ENTERPRISE IDENTITY, SOFTWARE SECURITY, CLOUD SECURITY
Businesswire | June 05, 2023
Lookout, Inc., the endpoint-to-cloud security company, today announced it has closed the previously announced sale of its consumer mobile security business to F-Secure, a global provider of consumer security products and services. With this strategic divestiture Lookout will focus on expanding its core enterprise business, built around the Lookout Cloud Security Platform.
The sale of Lookout’s consumer mobile security business represents a deliberate and strategic decision to optimize its enterprise product portfolio and concentrate its product innovation and go-to-market on the expansion of these core competencies. The divestiture sets Lookout up for long-term growth and further positions the Company to address the security transformation impacting organizations today, including the increase in remote work, the shift to cloud-based delivery models and the transition to zero trust architectures.
“We are pleased to announce the successful divestiture of our mobile consumer security business, which represents a significant milestone in our strategic transformation to become a pure-play enterprise cybersecurity company,” Jim Dolce, CEO at Lookout. “With this refined focus, we will continue to drive innovation, invest in the development of cutting-edge solutions and drive greater value for our customers.”
Lookout’s core enterprise business includes Lookout Mobile Endpoint Security and its security services edge (SSE) cloud-native solution, the Lookout Cloud Security Platform. The Company entered the cloud security market through its acquisition of CipherCloud in March 2021. Its Cloud Security Platform was recently scored among the highest three vendors in the 2023 Gartner Critical Capabilities for Security Service Edge (SSE)1 report in each of the four use cases. The Gartner Critical Capabilities for SSE – an essential companion to the Gartner Magic Quadrant™ for SSE2 in which Lookout was named a Visionary for the second year in a row – is a comparative analysis that scores products or services against a set of critical differentiators that every business needs, as identified by Gartner. These four use cases include Secure Web and Cloud Usage, Detect and Mitigate Threats, Connect and Secure Remote Workers and Identify and Protect Sensitive Information.
As part of the sale agreement, F-Secure acquires all of the Lookout consumer mobile security products and technology and assumes all responsibility for ongoing operations and customer relationships. Additionally, the Company’s consumer employees will become part of F-Secure.
Lookout, Inc. is the endpoint-to-cloud cybersecurity company that delivers zero trust security by reducing risk and protecting data wherever it goes, without boundaries or limits. Our unified, cloud-native platform safeguards digital information across devices, apps, networks and clouds and is as fluid and flexible as the modern digital world. Lookout is trusted by enterprises and government agencies of all sizes to protect the sensitive data they care about most, enabling them to work and connect freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter.
© 2023 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design®, and SIGNAL FLARE® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, SCREAM, the 4 Bar Shield Design, and the Lookout multi-color/multi-shaded Wingspan design.
PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY
Businesswire | May 31, 2023
SOC Prime, provider of the world’s largest and most advanced platform for collective cyber defense, today announced its integration with Amazon Security Lake, the AWS security service that enables organizations to automatically centralize security data from the cloud, on-premises, and custom data sources into a purpose-driven data lake stored in their account. SOC Prime drives a transformational change in cybersecurity relying on zero-trust & multi-cloud approach to empower smart data orchestration, dynamic attack surface visibility, and cost-efficient threat hunting. Backed by its advanced cybersecurity solutions, Uncoder AI, Attack Detective, and The Prime Hunt, SOC Prime enables organizations to boost their cyber defense capabilities at scale, unleashing the power of Amazon Security Lake.
Leveraging SOC Prime’s Uncoder AI, an Augmented Intelligence framework, security teams can save development time and migration costs with re-usable threat hunting queries automatically convertible to Amazon Athena and OpenSearch in the standard Open Cybersecurity Schema Framework (OSCF) format.
SOC Prime’s Attack Detective tool intelligently and automatically queries security logs in the customer's Amazon Security Lake account via Amazon Athena and Amazon OpenSearch to identify data sources and then scan them in real time with a curated set of threat hunting queries. By leveraging Attack Detective, security engineers can channel their efforts directly into incident investigation rather than analyzing overwhelming volumes of alerts and accelerate threat research by validating over 10,000 adversary behaviors against the stored log sources in a matter of hours. Attack Detective follows core Zero-Trust Architecture (ZTA) principles segregating the data plane and control plane to ensure that no SIEM or EDR access credentials are shared or inherited within the Company profile. The tool provides complete threat visibility based on the organization-specific logs by linking and correlating with SIEM and EDR on-premises data in its native location without the need to migrate it to the cloud, which contributes to significant cost savings and ensures compliance with zero-trust basic tenets.
Adding to investment optimization capabilities, The Prime Hunt open-source browser extension enables security professionals to extract valuable data from large datasets at a lower cost. Users can seamlessly run threat hunting queries on security logs within the Amazon Security Lake account via a web browser in both Athena and OpenSearch and automatically identify accounts and assets affected by the suspected activity.
About SOC Prime
Headquartered in Boston, SOC Prime operates the world’s largest and most advanced platform for collective cyber defense that cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules compatible with over 27 SIEM, EDR, and XDR platforms. SOC Prime’s innovation, backed by the vendor-agnostic and zero-trust cybersecurity approach, and cutting-edge technology leveraging Sigma language and MITRE ATT&CK® as core pillars are recognized by the independent research companies, credited by the leading SIEM, XDR & MDR vendors, and trusted by 8,000+ organizations, including 42% of Fortune 100 and 21% of Forbes Global 2000. Flexible subscriptions ensure that both organizations and individual operators can benefit from SOC Prime’s curated detection content and enhanced cyber defense capabilities. SOC Prime is backed by DNX Ventures, Streamlined Ventures, and Rembrandt Venture Partners, having received $11.5M in funding in October 2021. For more information, visit https://socprime.com or follow us on LinkedIn & Twitter.