DATA SECURITY,ENTERPRISE IDENTITY,SOFTWARE SECURITY
Wib | November 08, 2022
Wib, the fast-growth cybersecurity startup pioneering a new era in API security, today announced a $16 million investment led by Koch Disruptive Technologies (KDT), the growth and venture arm of Koch Industries, Inc, with participation from Kmehin Ventures, Venture Israel, Techstars and existing investors. The investment will be used to enhance Wib's pioneering holistic API security platform and accelerate international growth as it expands operations across the Americas, UK and EMEA.
API security is one of the biggest challenges facing CIOs today. Traditional API security solutions are siloed and fragmented, leaving CIOs with a choice of multiple point products or bolt-on integrations to create a patchworked solution. This results in increased cost and complexity, reduced visibility and control, and greater exposure to risk.
Wib's holistic API security platform is the only solution to provide complete visibility across the entire API landscape, from code to production, helping unify software developers, cyber defenders, and CIOs around a single holistic view of their complete API domain. By delivering rigorous real-time inspection, management, and control at every stage of the API lifecycle, Wib can automate inventory and API change management; identify rogue, zombie and shadow APIs and analyse business risk and impact, helping organisations to reduce and harden their API attack surface.
"APIs have become the Achilles heel of cyber defenses and the number one threat vector for cyber-attacks. "APIs account for 91% of today's internet traffic with over 50% being invisible to business IT and security teams. These unknown, unmanaged, and unsecured APIs are creating massive blind spots for CIOs that expose critical business logic vulnerabilities and increase risk.
Gil Don, CEO and Co-Founder of Wib
"What's more, traditional and legacy web security approaches, like WAFs and API Gateways, were never designed to protect against modern logic-based vulnerabilities. The Wib platform has been purposely built for an API driven world creating a new category of API native security."
A recent report by industry research firm GigaOm, placed Wib as a "fast mover" in the "leaders" category, stating, "Wib is a new company but brings a strong enough offering to jump straight into the leaders category" and "Wib is a new entrant in this space, but it offers a comprehensive solution." Wib was also called out for its capability in "source code analysis with an eye toward API weaknesses is Wib's greatest strength." The report ranks Wib's API Runtime Protection, Monitoring and Reporting as exceptional in its focus and execution. This is a real testament to the Wib's innovative API security platform and approach.
Wib is pioneering a new era in API security with its industry first holistic API security platform. Providing continuous and complete visibility and control across the entire API ecosystem, Wib enables developers to code with confidence and security teams to secure with surety.
DATA SECURITY, PLATFORM SECURITY
BigID | October 11, 2022
BigID, the leading data intelligence platform for privacy, security, and governance, today announced that it has been awarded “Compliance Software Solution of the Year” in the 6th annual CyberSecurity Breakthrough Awards program conducted by CyberSecurity Breakthrough, a leading independent market intelligence organization that recognizes the top companies, technologies and products in the global information security market today.
“This recognition from CyberSecurity Breakthrough highlights our commitment to providing customers with security and compliance solutions that are designed for today and tomorrow’s data challenges. “We designed BigID to be an actionable data intelligence platform built for enterprise scale - all while meeting continuously shifting compliance requirements.”
Dimitri Sirota, CEO and co-founder of BigID
The mission of the CyberSecurity Breakthrough Awards is to honor excellence and recognize the innovation, hard work and success in a range of information security categories, including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Email Security and many more. This year’s program attracted more than 4,100 nominations from over 20 different countries throughout the world.
“Organizations need to be able to find, classify, inventory, and manage all of their sensitive data, regardless of where or what it is. It's a momentous task and requires addressing common challenges including, but not limited to: Siloed data, lack of visibility and accurate insight, and balancing legacy systems with cloud data. All while meeting a litany of compliance requirements,” said James Johnson, managing director, CyberSecurity Breakthrough. “BigID is purpose-built to discover and manage all enterprise data - business, regulated, sensitive, critical, and personal data. A hearty congratulations on winning the ‘Compliance Software Solution of the Year’ award.”
With BigID, customers can automate alerts on cross-border data-sovereignty violations, and ensure compliance with CCPA, GDPR, HIPAA, PCI and other data privacy and protection regulations and security frameworks.
BigID's data intelligence platform enables organizations to know their enterprise data and take action for privacy, security, and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, a Business Insider 2020 AI Startup to Watch, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com.
About CyberSecurity Breakthrough
Part of Tech Breakthrough, a leading market intelligence and recognition platform for global technology innovation and leadership, the CyberSecurity Breakthrough Awards program is devoted to honoring excellence in information security and cybersecurity technology companies, products and people. The CyberSecurity Breakthrough Awards provide a platform for public recognition around the achievements of breakthrough information security companies and products in categories including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Web and Email Security, UTM, Firewall and more.
PLATFORM SECURITY, SOFTWARE SECURITY
Vicarius | October 18, 2022
Vicarius, creators of vsociety, the open and independent social community for research and security professionals, has announced the publication of novel security research detailing multiple new exploits for popular developer tools. The publication comes in an effort to amplify safe hygiene practices during CISA’s Cybersecurity Awareness Month.
October 2022 marks the 19th anniversary of National Cybersecurity Awareness Month, with this year’s campaign theme — “See Yourself in Cyber” — demonstrating that while cybersecurity may seem like a complex subject itself, it’s really all about people. In alliance with the Cybersecurity and Infrastructure Security Agency (CISA), who leverages the month to spread awareness of good cyber hygiene, Vicarius looks to enhance the security posture of organizations by publishing new research along with steps to mitigate the risk.
Among the publications, which are provided to the community by independent researchers and validated by Vicarius, is a zero-day vulnerability for a popular Python developer tool called yacmmal. In the post, anonymous researcher “M” lays out the steps taken to compromise the application and execute code remotely, going further to warn “as this exploit is not known and no patches are available, usage of the package should be avoided until patches are public,” while providing a workaround for temporary protection.
In a few subsequent posts to the community, the same researcher details an exploit to a beloved developer resource called Flask as well as a method to exploit a deserialization vulnerability in a python library called Jsonpickle. Both of these examples illustrate the potential for remote code execution and the steps required to mitigate the threat. Vicarius stresses the importance of providing mitigation details for any exploit posted to vsociety. Research is only published on the platform if it follows responsible disclosure and is accompanied by remediation details and documentation.
“Our goal is to make organizations more aware of potential vulnerabilities in the wild and provide the steps necessary to protect against them. “With the growing popularity and prominence of Awareness Month, we aimed to go a step beyond the typical materials provided by other CISA partners, encouraging awareness of previously unpublished threats in the wild which all security teams should be cognizant of.”
Vicarius CEO Michael Assraf
Vicarius will release additional pieces of research that will be published to vsociety throughout the month.
Vicarius helps security teams protect their most critical apps and assets against software exploitation through TOPIA, the company’s end-to-end vulnerability remediation platform. Founded by three security experts and backed by tier one investors from Silicon Valley, Vicarius’ mission is to provide customers with problem-solving solutions that proactively reduce risk wherever computer software resides.
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Veristor Systems, Inc. | September 28, 2022
Veristor Systems, Inc., a trusted provider of transformative business technology solutions, and SANS Security Awareness, the global leader in providing security awareness training, today announce that Veristor has become a certified provider of SANS Security Awareness' comprehensive suite of products to enable a data-driven approach to cybersecurity training for an organization's end users.
"Researchers from Stanford University found that as much as 88% of all data breaches are caused by an employee mistake. "This shows that end users are the most critical vulnerability gap in today's enterprise. Yet if properly trained, they can also be the most resilient security defense – a human firewall. Together with the experts from SANS Security Awareness we are helping customers guard their environments with an army of well-trained employees. With proven training to spot and act when suspicious activity arises, users can take an active role in preventing the growing wave of cyberattacks."
Daniel Martin, Principal Security Consultant, vCISO, Veristor
The SANS Security Awareness suite of dynamic multilingual computer-based training, games, phishing simulations, and engagement materials teach vital security behaviors to effectively manage human cyber risk. With different training styles to match different corporate cultures, employee comprehension levels, and learning preferences, SANS Security Awareness training equips workforces to recognize and prevent current cyberattacks, including work-from-home threats. The platform delivers valuable metrics to measure the effectiveness of each program, and customization features to tailor training to meet specific organizational needs."
With some groups requiring even greater specialized training, in addition to addressing core human behavior risk topics, SANS Security Awareness also offers secure development and coding techniques, understanding NERC CIP compliance requirements, and handling Industrial Control Systems (ICS) incidents.
"We are very pleased to be partnering with the cybersecurity experts at Veristor to provide the SANS Security Awareness program to their customers," said Brad Stilling, Director of Global Sales for SANS Security Awareness. "Regular awareness training is an essential activity for organizations looking to ensure security and compliance. When employees feel informed and empowered to recognize and address cyber risks, they can protect the organization. With SANS Security Awareness, Veristor customers are now better positioned to detect and prevent cyber-attacks."
For organizations starting their awareness training journey, Veristor delivers a SANS Human Risk Insight assessment to identify program cost reductions, eliminate unneeded staff training, and create risk metrics to baseline and benchmark an organization's human cyber risk.
The SANS Security Awareness training solutions are now offered as a part of Veristor's suite of security solutions that are designed to solve business challenges through the intelligent application of next-generation security technology.
About Veristor Systems, Inc.
Veristor, which recently announced a merger with Anexinet, is a leading provider of transformative business technology solutions that helps its customers accelerate the time-to-value for the software, infrastructure and systems they deploy. We do this by harnessing deep expertise in today's most advanced data center, security, networking, hybrid cloud, and big data technologies and guiding businesses to the right solutions for their most pressing challenges. And with a full suite of design, deployment, support, and managed service offerings, we work shoulder-to-shoulder with our customers at every step of their technology journey to make technology truly work for them.
About SANS Security Awareness
SANS Security Awareness provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their human cybersecurity risk. SANS Security Awareness has worked with over 1,300 organizations and trained over 6.5 million people around the world. The SANS Security Awareness program offers globally relevant, expert authored tools and training to enable individuals to shield their organization from attacks and a fleet of savvy guides and resources to work with you every step of the way.