Data Security

75% of IT Leaders are Unconvinced About the Security of their Web Applications

Cymatic | April 12, 2021

Today, Cymatic released new research on the state of web application security. While IT leaders tend to be somewhat confident in their existing solutions, relying on various products renders smooth adoption of emerging tools—and therefore overall cyber threat prevention—a major task.

Pulse conducted a study of C-suite and VP-level executives in information technology and cybersecurity and discovered that the most common approaches to web application safety fail to engender the trust necessary for effective cyber attack protection. Among the key findings are:

• While 91% of executives spend up to a third of their web app technology budget on security, privacy, and compliance activities, they continue to rely heavily on strong password standards to protect against cyber threats.

• MFA, WAFs, and CAPTCHAs are the top technologies used to protect web apps, with 75%, 74%, and 63%, respectively.

• Account takeovers are the threat scenarios that most concern 73% of respondents.

“After spending twenty-five years spending time and money cleaning up after breaches and hackers whose creativity was still at least one step ahead of network protections, I was able to see where all the security holes are,” said Cymatic Founder and CEO Jason Hollander. “We created the CymaticONE platform to fill those holes and reduce the complexity of existing web application solutions, making it simpler and easier to defend against modern-day attack vectors.”

The Cymatic platform provides universal in-session visibility and control to minimize risk across web applications, networks, and users, while also reducing network traffic loads and removing user friction. Unlike standard WAFs, which only defend against network-based threats, Cymatic employs advanced artificial intelligence and machine-learning algorithms to detect page mutations and user anomalies. The platform protects against user-generated and device-based risks such as poor credential hygiene, dark web vulnerabilities, and potentially risky devices. It is completely invisible to users, deploys in minutes, and has an absolute time-to-value.

Although many respondents defined obstacles to change their existing web application firewall (WAF) installations, nearly 90% expect to reconsider their investments within the next six to 18 months.

Cymatic provides the first web application firewall to combine client-side WAF protection with a proprietary vulnerability, awareness, detection, and response (VADRTM) AI engine to avoid user- and app-based threats in their tracks, making it simple for any company to bridge gaps in their installations. Unlike other products that make static decisions based on siloed threat signals, Cymatic correlates and evaluates thousands of signals around a dozen threat vectors in real-time to provide a higher level of security accuracy without compromising user experience or application efficiency. Only Cymatic provides full real-time visibility and protection against all code-injection attacks, user risk, and session fraud—all with a single line of javascript.

About Cymatic

Cymatic is the only company that provides a web application firewall (WAF) solution that combines client-side WAF protections with a proprietary vulnerability, awareness, detection, and response (VADRTM) engine to provide immediate and continuous in-session intelligence regarding devices, users, and locations. Cymatic's first-look, the first-strike capability is the first in the kill chain, reducing risk across applications, networks, and users while ensuring organizations comply with today's security-driven regulations. The solution is undetectable to users, deploys in minutes, and operationalizes in seconds. Cymatic is based in Raleigh, North Carolina, and has branches in California and New York.

Spotlight

Threat actors are using social media to target enterprises and their customers with fraudulent accounts. The nature of instant sharing on social media means organizations can face swift reputation damage or financial loss if they fall victim to one of the many threat types used on these platforms. In order to effectively protect


Other News
Software Security

Keeper Security’s Latest Update Improves Android and User Interface

Keeper Security, Inc. | September 25, 2023

Keeper Security, a prominent cybersecurity software provider specializing in zero-trust and zero-knowledge solutions safeguarding credentials, privileged access, secrets, and remote connections, has announced the unveiling of a new, contemporary User Interface (UI) for the Keeper Password Manager application on Android. This awaited release introduces enhanced usability, intelligent search capabilities, and quicker synchronization times. With a focus on a polished appearance and user-friendly interactions, these enhancements are designed to simplify the utilization of Keeper's robust password and passkey management features, offering improved clarity and search functionality. Keeper has adopted an incremental approach to enhancing the user experience, consistently refining the appearance, usability, and overall feel of its applications while staying mindful of the importance of consistency, familiarity and the world-class security and functionality that Keeper users have come to expect. With this update, Keeper's new user experience has been effectively implemented across all platforms, encompassing desktop, web browsers, and iOS. Android users can also anticipate an upcoming dark mode experience soon. Android users of Keeper will encounter refreshed themes, including a default Light Mode and improved user-selectable themes. Additionally, new features include: Streamlined Usability Friendlier Interface Accessibility and Inclusion Advanced Search Craig Lurey, CTO and Co-Founder of Keeper Security, said, We are excited to introduce these enhancements to our Android app, completing the rollout of our stunning new user interface (UI) to every Keeper user. [Source – Cision PR Newswire] Lurey stated that the update represented their ongoing commitment to delivering the best possible user experience while maintaining the highest security standards. He mentioned that with the improved usability, modernized interface, and lightning-fast sync times, Keeper Password Manager for Android continued to be a go-to solution for organizations and individuals looking to secure their digital identities. About Keeper Security Keeper Security is revolutionizing the way to secure passwords, confidential data, and secrets for individuals and organizations worldwide. The company's user-friendly cybersecurity platform is built on the foundation of zero-trust and zero-knowledge security, providing protection for users on all devices. Its solution is quick to deploy and seamlessly integrates with any technology stack, effectively preventing breaches, lowering help desk expenses, and ensuring compliance. Trusted by millions of individuals and numerous global organizations, Keeper leads in top-tier password management, privileged access, secrets management, secure remote access, and encrypted messaging solutions.

Read More

API Security

Salt Security, CrowdStrike Expands Partnership with New Integration

Salt Security | September 20, 2023

Salt Security, a prominent API security company, has announced the expansion of its partnership with CrowdStrike, a leading cybersecurity technology company providing cloud workload and endpoint security, cyberattack response, and threat intelligence services. This expansion involves the integration of the Salt Security API Protection Platform with the widely recognized CrowdStrike Falcon Platform. Roey Eliyahu, Co-founder and CEO of Salt Security, stated, Protecting against API threats requires deep visibility and robust runtime protection. We’re excited to bring our unique strengths in API security to the CrowdStrike customer base with this new integration. Together with CrowdStrike, Salt can provide organizations with extended runtime protections and posture management across the cloud and application landscapes. [Source – Cision PR Newswire] Through this integration, customers gain access to a comprehensive 360-degree view of API security risks, particularly focusing on the application-layer attack surface. This integration is accessible via the CrowdStrike Marketplace and provides valuable API threat intelligence. It also enhances cross-organization API security capabilities by streamlining and enhancing the workflows related to API auditing, monitoring, and enforcement. The partnership between Salt Security, offering top-notch API runtime monitoring and AI-driven insights, and CrowdStrike, renowned for its award-winning AI-powered protection, provides organizations with complete visibility into their API attack surface. This integration also offers valuable context regarding the severity of threats in relation to business-critical aspects. With this partnership, customers benefit from: API vulnerability and threat context API threat mitigation API threat management automation The patented Salt API security platform stands out for its utilization of cloud-scale big data, artificial intelligence (AI), and machine learning (ML). These technologies work in tandem to automate the process of discovering and cataloging an organization's entire set of APIs. Salt plays a crucial role in pinpointing areas where APIs might expose sensitive data. This proactive approach aids enterprises in recognizing and mitigating potential API threats while also reinforcing their overall API security. Gur Talpaz, Head of Falcon Fund and Vice President of Corporate Development at CrowdStrike, said, With APIs now a prime target for malicious actors, securing them requires a comprehensive and diligent approach. Through this joint integration, we can harness the mature AI-driven intelligence of the Salt API security platform with our widely deployed Falcon platform, giving organizations complete visibility into their application-layer attack surface and a detailed understanding of their application threat landscape. [Source – Cision PR Newswire] About Salt Security Salt Security is a leading API security company that safeguards the APIs at the core of all modern applications. Its API Protection Platform is the sole API security solution that integrates the power of cloud-scale big data with time-tested machine learning and artificial intelligence to detect and prevent API attacks. Salt provides extensive context, real-time analysis, and continuous insights for API discovery, hardening APIs, and attack prevention by correlating the activities of millions of APIs and users over time.

Read More

Platform Security

BeyondID Introduces Identity-First Model for Zero Trust Maturity

PR Newswire | October 04, 2023

BeyondID, a leading managed identity solutions provider, today announced the industry's first solution that accurately conveys the true nature of identity within the zero trust security framework. BeyondID's Identity Fabric Model for Zero Trust promises optimal threat detection, investigation, and round-the-clock remediation via the BeyondID Security Operations Center (SOC). The Zero Trust Maturity Model by CISA has gained widespread acceptance and acknowledges the importance of identity as a pillar in modern security, but it undervalues the critical role of identity in ensuring security, stated Arun Shrestha, co-founder and CEO of BeyondID. The effectiveness of your security posture depends on how quickly and accurately you can detect behavioral discrepancies, as recent high-profile security breaches demonstrate. Zero trust cannot be achieved without identity as the fabric. BeyondID is the first managed identity services provider delivering a holistic approach to zero trust. Its Identity Fabric Model supports seamless user experience outcomes by implementing a strong digital identity strategy across the board from devices to network, to apps and workload, to data. This holistic approach ensures optimal threat detection, continuous compliance, risk mitigation, and a high return on IT and security investments. The company also announced that it can provide organizations with the breach protection they need, including a service that can identity, isolate and remediate threats in as little as seven days. Utilizing BeyondID's SOC enables companies to get their zero trust solution up and running quickly, offering 24x7 protection from the persistent threat of cybersecurity attacks. As an esteemed Okta Apex Partner and Okta's most trusted implementation ally, BeyondID is committed to modernizing identity management and digital transformation. BeyondID is launching its next-gen zero trust services at Oktane23. Oktane23 attendees will be offered an exclusive, complimentary Zero Trust Assessment. About BeyondID BeyondID is a leading managed identity services provider that the most successful brands trust to bring their digital identity strategies to life. BeyondID helps organizations streamline their adoption process and ensure their implementations are secure, agile, and future proof. A few of the valued customers that trust BeyondID to keep their organizations secure include ATN International, Discount Tire, Johnson Financial Group, Major League Baseball, Mayo Clinic, Northern Trust, TDECU, and VF Corp. More information about BeyondID can be found at www.BeyondID.com.

Read More

Software Security

Cyolo Unveils Key Insights into OT Cybersecurity Threat Landscape from KuppingerCole and Releases Cyolo 4.3 for Enhanced Security

Business Wire | September 27, 2023

Today, Cyolo, provider of the fastest and most secure zero-trust access and connectivity solution for hybrid organizations with IT and OT, in partnership with KuppingerCole, released an industry analysis focused on zero trust and remote access for operational technology (OT) environments. The analysis reveals key insights about the OT cybersecurity threat landscape, outlines high-level security architecture for OT, critical infrastructure systems (CIS) and industrial control systems (ICS), and evaluates key requirements of security regulations and frameworks. OT environments experience the same kinds of threats as enterprise IT – including ransomware, account takeovers, APTs, and Supply Chains as vectors – while experiencing expanded OT-specific threats. While traditional IT security tools may be adapted, developing robust security architectures for OT environments is inherently complex compared to their IT counterparts. Its unique nature, from equipment and software to communication protocols requires dedicated OT security solutions. Cyolo can help organizations with OT infrastructure to define and manage access control to those complex environments, said John Tolbert, Lead Analyst at KuppingerCole. Overall key insights include: OT Threat Landscape. Heightened geopolitical factors have intensified attacks on OT and ICS, posing significant consequences ranging from operational disruptions and service denial to financial repercussions and potential harm to human well-being. Core Cybersecurity Regulations. The risks and consequences of cyber-attacks against critical infrastructure advanced regulations globally mandating secure architectures and technical controls. KRITIS and the follow-on IT Security Act 2.0 are related examples of such regulations, as well as the NIST Cybersecurity Framework. OT Security Architectures and Key Functionalities. There are eight areas of functionality that are central to effective OT security architectures. Cybersecurity architectures for OT must address asset discovery, access control, IT security tool integration, detection and response capabilities, and OT protocol level threats. As the analysis breaks down, within critical infrastructure interruptions and downtime are not an option. To address the increasing need for secure access in OT environments, Cyolo introduced Cyolo 4.3, which expands key capabilities with more layers of security and making the product easier than ever to use for both administrators and end users in the industrial space. With Cyolo 4.3, industrial organizations will be able to extend their multi-factor authentication (MFA) across environments through an integration with Duo Security to support their physical tokens as required. Additionally, the company has implemented another layer of security for file transfer within the OT/ICS environment, through query anti-virus software to scan files before they are delivered to their destination. Cyolo is also adapting for further usability, allowing teams to securely invite external users by generating a secure one-time password; and import groups from existing IdPs, using SCIM. “Ensuring the security of critical infrastructure and industrial processes has become increasingly critical as organizations unite their IT and OT systems. This convergence has expanded the OT threat landscape and introduced significant cybersecurity challenges, as the once-isolated OT networks are now vulnerable to the same threats that have targeted IT networks for years” said Joe O'Donnell, Vice President ICS/OT of Cyolo. “With Cyolo 4.3, industrial entities can confidently navigate the complexities of the modern threat landscape and fortify their defenses against evolving cyber threats.” The announcement of Cyolo 4.3 highlights the company’s commitment to advancing zero-trust capabilities and it comes on the heels of Cyolo being listed as a Representative Vendor in the 2023 Gartner® “Market Guide for Zero Trust Network Access” report for the second consecutive year and recognized by Frost & Sullivan with the 2023 North American New Product Innovation Award for Secure Remote Access to Operational Infrastructure and Industrial Control Systems (OT/ICS). As the threats to critical infrastructure continue to evolve, Cyolo zero-trust access solution continues to provide the utmost protection and ease of use. To learn more about Cyolo 4.3, visit here. Access the report for a full view of the industry here. Register here to attend the joint webinar from Cyolo and KuppingerCole on how to achieve secure remote access for OT environments, to be held on Tuesday, October 10 at 7 a.m. PT. About Cyolo Cyolo helps hybrid organizations in the IT and OT spaces to stay safe, secure and productive in an era of distributed workforces and unprecedented cyberthreats. Cyolo’s next-generation zero-trust access solution enables all users, including employees, third parties as well as remote and on-site workers, to connect to their working environments seamlessly and securely via modern identity-based access. Providing one unified solution that integrates with the existing tech stack and deploys easily in the cloud, on-premises or in a hybrid model, Cyolo empowers the global workforce to securely access anything from anywhere.

Read More

Spotlight

Threat actors are using social media to target enterprises and their customers with fraudulent accounts. The nature of instant sharing on social media means organizations can face swift reputation damage or financial loss if they fall victim to one of the many threat types used on these platforms. In order to effectively protect

Resources