PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY
Prnewswire | June 01, 2023
Uptycs, provider of the first unified CNAPP and XDR platform, today announced an integration with Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes security data from across AWS environments, leading SaaS providers, on-premises, and cloud sources into a purpose-built data lake. Amazon Security Lake manages data throughout its lifecycle with customizable data retention settings and converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF) open standard, making it easier to automatically collect, combine, and analyze security data from AWS, security partners, and analytics providers. The integration with Uptycs helps organizations speed up threat detection and incident response by correlating Uptycs telemetry and events with data from a vast number of other security tools.
With the proliferation of technologies and environments, security teams need to spend time setting up one-to-one integrations between their tools to correlate threat activity. This is expensive and delays response to security threats. In contrast, a shift up approach to cybersecurity does not need complex integrations and intermediary systems to connect the dots. The premise involves getting the data in a standardized format right out of the gate, and streaming it up into a data lake so security teams can do cross-correlations that speed up threat detection and response.
The OCSF project offers a consistent approach towards cybersecurity telemetry by providing a standard schema for common security events, defining versioning criteria to facilitate schema evolution, and including a self-governance process for security log producers and consumers. This enables organizations to easily bring together data from multiple security tools.
"We are excited to bring the security telemetry from Uptycs into Amazon Security Lake," says Ganesh Pai, CEO and co-founder of Uptycs. "A key tenet of the shift up approach to cybersecurity is to stream normalized security telemetry into a data lake, moving security analytics processing power to the cloud. Uptycs and AWS customers can now enjoy enhanced protection and faster reaction time as they benefit from standardized OCSF-based telemetry across their on-prem and cloud workloads."
Using the OCSF format, Uptycs and Amazon Security Lake allow organizations to have a consistent telemetry, enabling them to easily correlate data from a variety of security, SIEM, and SOAR tools. Uptycs, an AWS Security Competency Partner, will send a wealth of OCSF-formatted data from on-premises and cloud assets to Amazon Security Lake, including behavioral threat detections from endpoints and cloud workloads, anomaly detections, policy violations, risky policies, misconfigurations, and vulnerabilities.
Uptycs prospects and customers can get started with the Amazon Security Lake integration by contacting Uptycs.
Your developer's laptop is just a hop away from cloud infrastructure. Attackers don't think in silos, so why would you have siloed solutions protecting public cloud, private cloud, containers, laptops, and servers?
Uptycs reduces risk by prioritizing your responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across your modern attack surface—all from a single platform, UI, and data model. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture.
PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY
Businesswire | June 06, 2023
Traceable AI, the industry's leading API security company, today announced the release of the industry's first API Security Reference Architecture for Zero Trust. This groundbreaking reference architecture serves as a guide for security leaders as the industry addresses the urgency of integrating API Security into Zero Trust Security initiatives.
Zero Trust, a cybersecurity framework that emphasizes continuous verification and helps to minimize the attack surface, has proven effective in enhancing security for many organizations, from large enterprises, to the US Government. However, traditional Zero Trust approaches have primarily focused on network-level controls and identity access management, neglecting the critical API layer.
Traceable’s API Security Reference Architecture is aligned with the NIST Zero Trust Architecture, a publicly available, vendor-neutral framework widely adopted by government entities such as CISA, DoD, DISA, NSA, GSA and NCCoE, as well as by many leading cybersecurity vendors. By leveraging the NIST framework, Traceable ensures compatibility, interoperability, and adherence to industry standards, making it a reliable and trusted guide for organizations implementing Zero Trust for their APIs.
The extensive reference architecture provides organizations with a prescriptive methodology to operationalize Zero Trust for APIs:
Advanced API Security: The reference architecture gives organizations a way to implement robust security measures specifically designed for APIs, including eliminating implied or persistent trust for APIs, thereby minimizing the risk of API-related vulnerabilities, attacks, and data breaches.
Comprehensive Risk Management: The reference architecture recommends incorporating automatic user authentication and authorization, granular data access policies, and asset risk assessments, can organizations can effectively manage and mitigate risks associated with API access and usage.
Increased Visibility and Control: The architecture explains why organizations should obtain granular visibility, which allows organizations to monitor and record all API transactions, enabling better analysis, threat detection, and incident response capabilities.
Improved Compliance and Data Protection: The automatic identification and classification of sensitive data sets ensure compliance with data protection regulations such as HIPAA, GDPR, and PCI-DSS, reducing the risk of regulatory penalties and reputational damage.
Seamless Automation and Orchestration: The reference architecture recommends integration with XDR, SIEM, and SOAR solutions, so organizations can enhance their overall security posture, automate response actions, and streamline security operations.
Scalability and Flexibility: The architecture offers a flexible distribution model for PEPs and data collection points, allowing organizations to scale their API security infrastructure based on their unique requirements and architecture.
Future-Proofing: By aligning with the NIST Zero Trust Architecture and industry standards, organizations adopting the API Security Reference Architecture can ensure compatibility, interoperability, and the ability to evolve alongside emerging technologies and security best practices.
Traceable’s API Security Reference Architecture for Zero Trust introduces a new approach to secure APIs using Zero Trust concepts, acknowledging their unique security requirements. It provides organizations with a comprehensive framework to implement Zero Trust controls specifically tailored to APIs, ensuring the protection of digital assets and mitigating the risk of data breaches.
Dr. Chase Cunningham weighs in on Traceable’s approach: "APIs provide a new means of applying controls across enterprise applications, " says Dr. Cunningham, “However, the security practices for APIs have not yet matured, leaving a significant gap in the overall attack surface. Traceable has developed their own API Security Reference Architecture to help fill this gap by providing organizations with a methodical way to secure their APIs with Zero Trust principles. By combining Zero Trust strategic concepts with API-specific security measures, Traceable can help organizations protect their digital assets effectively."
Throughout the past year, Traceable has continued to reaffirm its commitment to extending Zero Trust methodologies to API Security. With the addition of Zero Trust creator John Kindervag and Dr. Zero Trust, Chase Cunningham as Traceable advisors, Traceable continues to strengthen its expertise in this space. To date, Traceable has become a valuable partner to a number of large enterprises as the industry turns its eyes toward the importance of API security. With the rollout of their Zero Trust API Access solution alongside this reference architecture, Traceable continues to lead the industry toward the advancement of API security.
This reference architecture is now available for organizations to explore and implement, empowering them to achieve complete API security in a Zero Trust world.
Traceable is the industry’s leading API Security company that helps organizations achieve API protection in a cloud-first, API-driven world. With an API Data Lake at the core of the platform, Traceable is the only intelligent and context-aware solution that powers complete API security – security posture management, threat protection and threat management across the entire Software Development Lifecycle – enabling organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, book a demo with a security expert.
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Globenewswire | June 01, 2023
Pax8, the leading cloud commerce marketplace, announced today it has added Vade, a global cybersecurity company specializing in AI-based cybersecurity, to its cloud marketplace. Vade's Microsoft 365 (M365) security solutions combine AI and human-powered detection and response, designed specifically for Managed Service Providers (MSPs). This collaboration enables MSPs to offer a comprehensive suite of email security services to prevent advanced cyber-attacks and improve email security for their customers.
“According to Forbes, during the past 12 months, 34.5% of polled executives report their organizations' accounting and financial data were targeted by cyber adversaries. This is an alarming trend that opens the door for businesses to reprioritize cybersecurity as a business requirement and partner with an MSP to prevent and protect their customers’ email infrastructure,” said Nikki Meyer, CVP of Vendor Global Alliances at Pax8. “The cybersecurity space is growing, and Pax8 is committed to provide our partners with access to best-in-class cloud solutions like Vade, enabling them to proactively protect their customers from threats effectively.”
Established in 2009, Vade originated in the town of Hem, near the city of Lille in northern France. From its beginnings as a French startup specializing in email security for internet service providers (ISPs), Vade has evolved into a global cybersecurity company. Their extensive portfolio now includes AI-based cybersecurity solutions tailored for businesses of all sizes and industries. With a presence in seven locations worldwide, including the US, France, Japan, and Canada, Vade has established itself as an international leader in the cybersecurity field.
Vade for M365 is an AI-powered, collaborative security solution that is powered by AI, enhanced by people, and made for MSPs. Featuring Vade’s AI detection and response engine that protects 1.4 billion mailboxes worldwide, Vade for M365 blocks and remediates the advanced threats that slip through Microsoft's defenses. Combining powerful protection with integrated features, including automated awareness training, cross-tenant incident response, and auto-remediation, Vade combines powerful, AI-based protection with integrated, no-cost features that help MSPs save time, reduce administrative workload, and generate more ROI from cybersecurity.
“As a channel-first company, Vade recognized Pax8’s unique relationship with and commitment to the MSP community,” said Georges Lotigier, CEO of Vade. “Pax8 is not only the premier distributor for MSPs but also a trusted resource with significant cybersecurity expertise, making this partnership a perfect fit. We are thrilled to bring Vade for M365 to Pax8’s MSP community and look forward to the new partnerships the marketplace integration will bring.”
The integration of Vade into the Pax8 marketplace provides significant benefits to MSPs and their customers looking to enhance their email security posture. Customers will now have easy access to Vade's state-of-the-art email protection solutions, which can be seamlessly integrated into their existing email infrastructure.
Vade M365 offerings include:
Phishing, spear phishing, and malware/ransomware protection
Auto- and assisted remediation
Cross-tenant incident response
Automated user awareness training
Deploy in minutes
No MX record change
Layers with EOP/ATP
To learn more about Pax8 and Vade, please visit www.pax8.com.
Pax8 is the world’s favorite cloud marketplace for IT professionals to buy, sell, and manage best-in-class technology solutions. Pioneering the future of modern business, Pax8 has cloud-enabled more than 400,000 enterprises through its channel partners and processes one million monthly transactions. Pax8’s award-winning technology enables managed service providers (MSPs) to accelerate growth, increase efficiency, and reduce risk so their businesses can thrive. The innovative company has ranked in the Inc. 5000 for five years in a row. Join the revolution at pax8.com.
Vade is a global cybersecurity company that secures human collaboration with a combination of AI and human-powered detection and response. Vade’s products and solutions protect consumers, businesses, and organizations from email-borne cyberattacks, including malware/ransomware, spear phishing/business email compromise, and phishing. Vade is a fast-growing, channel-first company with a growing network of MSP and MSSP partners, as well as distribution agreements with leading distributors and aggregators in North America, EMEA, and Asia. Founded in 2009, Vade protects more than 1.4 billion corporate and consumer mailboxes and serves the ISP, SMB, and MSP markets with award-winning products and solutions that help increase cybersecurity and maximize IT efficiency. To learn more, please visit www.vadesecure.com.