Cloud Security
PR Newswire | October 19, 2023
Checkmarx, the industry leader in cloud-native application security for the enterprise, today announced its Checkmarx Technology Partner program, enabling organizations to easily extend the leading AppSec platform with a wide range of technology partner capabilities.
The combination of best-of-breed technology partners with the leading enterprise AppSec platform helps organizations shift everywhere, from code to cloud, with a unified AppSec posture integrated into the software development life cycle (SDLC). Checkmarx' Technology Partner Program helps organizations simplify management across their AppSec programs, get more value out of existing AppSec solutions and drive better security outcomes.
Providing broad support for greater AppSec maturity throughout the entire SDLC, the Checkmarx Technology Partner program enables partners and their customers to centralize and simplify discovery in these key areas through Checkmarx One:
Vulnerability and risk management systems: Aggregate, normalize and prioritize vulnerabilities and risks with a unified, holistic view with partners like ArmorCode, Brinqa and ServiceNow.
SDLC tools: Integrate AppSec at all stages of the software development lifecycle within the environments and tools used daily by analysts, developers and testers with partners like GitLab, JetBrains and Security Compass.
Cloud and runtime security: Match cloud assets at runtime with application source code projects so that vulnerabilities found in the developer source code are enriched with runtime context, and runtime cloud security inventories are enriched with AppSec findings – all possible through partners like AWS, Cisco Panoptica and Sysdig.
Emerging technologies: Work with the most innovative startups and technologies including AI and GenAI to shape tomorrow's AppSec solutions landscape with partners like Mobb.ai.
Expanding this ecosystem simplifies the process of mitigating AppSec risk for our partners' customers, making their applications exponentially more secure during a time of escalating threats, said Kobi Tzruya, Chief Research and Development Officer at Checkmarx. From protecting AI-generated code to helping build trust between developers and security teams, Checkmarx One is already the AI-driven, enterprise-ready AppSec platform of choice. Now working with other leading technology companies to meet the need for streamlined, consolidated solutions will make life easier and applications safer for everyone.
Checkmarx recently announced Sysdig as its latest technology partner, bringing runtime container insights into Checkmarx One so organizations can prioritize vulnerabilities associated with container packages that are actually running and that pose the most risk.
"The top application security vendors have a responsibility to team up to provide more robust and complete solutions for the world's enterprises," said Bryan Smoltz, VP of Technology Alliances at Sysdig. "By delivering runtime insights within Checkmarx One, customers have clear visibility into the workloads that are running in production so they can make better-informed security decisions. Together, we're helping to bring maximum protection at cloud speed."
Technology partners also benefit from the program with new marketing and sales opportunities, and by making their solution readily accessible to Checkmarx' more than 1,800 customers, including 60% of the Fortune 100. The Checkmarx One platform scans more than 100 billion lines of code monthly and its world-renowned Checkmarx Labs security research team provides ongoing threat intelligence to inform product development and to advise customers of their best defenses in today's threat landscape. For more information about becoming a Checkmarx Technology Partner, visit this page. Click here to explore the Checkmarx One partnership ecosystem.
About Checkmarx
Checkmarx is the enterprise application security leader and the provider of Checkmarx One™, the industry-leading cloud-native AppSec platform that helps enterprises build #DevSecTrust. Powered by the intelligence from our industry-leading AppSec security research team, and our AI-driven technology and services, our platform is designed to enable CISOs, AppSec and development leaders to prioritize their teams' focus on what impacts their business. Our offerings secure every phase of development for every application, from the very first line of code through production, while simultaneously balancing the dynamic needs of security and development teams. It's no longer just about shifting left or right - it's about shifting everywhere. We are honored to serve more than 1,800 customers, which includes 60 percent of all Fortune 100 organizations. We are committed to moving forward with unwavering dedication to the safety and security of our customers, and the applications that power our day-to-day lives. Checkmarx. Make Shift Happen.
Read More
Enterprise Security
Skybox Security | September 14, 2023
Skybox Security, a leading Exposure Management solutions provider, has unveiled the next generation of its prestigious Continuous Exposure Management Platform. This 13.0 release introduces significant enhancements to its solution for Attack Surface and Vulnerability Management, which revolutionizes the manner businesses manage and mitigate cyber exposure risk.
Attack Surface Management Delivers Complete Visibility
Skybox's Surface Management solution provides an extensive inventory and map of users' assets and applications. It evaluates and simulates attack paths. The result is a dynamic security model for the hybrid attack surface. Version 13.0 introduces significant new features, including:
New Attack Surface Map
Enhanced Attack Path Analysis
LDAP Integration
Cloud Infrastructure Integration
Vulnerability Management Deepens Exposure Insights
Skybox's Vulnerability Management solution combines more than 25 third-party threat intelligence feeds with its own Skybox Threat Intelligence feed in order to prioritize threats based on exposure risk and remediate vulnerabilities with prescriptive guidance. With Version 13.0, businesses are able to:
Import Vulnerability Data
New Business-Focused' Solutions View'
Celebrity Vulnerabilities
SOAR Integration
Mordecai Rosen, CEO of Skybox Security, said,
In today's complex threat landscape, organizations need to continuously manage their threat exposure based on the prioritized risks to their business.
[Source – Business Wire]
Rosen stated that the Skybox platform now supports every stage of an enterprise's continuous exposure management (CEM) program, from mapping the attack surface through contextualization and risk-based prioritization to final remediation. It was also mentioned that the latest enhancements enable organizations to further improve their security posture and substantially reduce the risk of a successful attack.
About Skybox
Skybox is trusted by over 500 of the world's largest and most security-conscious enterprises for providing insights and assurance to stay ahead of dynamically changing attack surfaces. Its Exposure Management Platform provides complete analytics, visibility, and automation to quickly prioritize, map, and remediate vulnerabilities across organizations. The vendor-agnostic solution optimizes security policies, actions, and change processes across all cloud environments and corporate networks. With Skybox, security teams can emphasize the most strategic business initiatives while ensuring enterprises remain protected.
Read More
Data Security
Netskope | September 11, 2023
Netskope, an industry-leading secure access service edge (SASE) provider, has announced that it has been chosen as the preferred cloud access security broker vendor for the Canadian Federal Government under the cybersecurity procurement vehicle (CSPV) of Shared Services Canada (SSC). The objective of the SSC cloud access security broker CSPV is to provide government users with secure access to cloud-based applications, including all software-as-a-service (SaaS) applications, regardless of their location.
The Government of Canada (GC) selected Netskope after a competitive bidding process for a commercially available cloud access security broker service to fulfill its business requirements across various government organizations and agencies.
The cloud access security broker service aims to facilitate the continued adoption, utilization, and delivery of SaaS cloud services by GC departments. The cloud access security broker service will improve the security posture of GC applications, services, and data as they are migrated to public cloud environments, permitting complete visibility and monitoring of GC cloud environments to detect, prevent, and respond rapidly to cyber threats; and ensuring the privacy, confidentiality, and protection of GC data in accordance with GC policies.
As an integral part of Netskope Intelligent Security Service Edge (SSE), Netskope's market-leading cloud access security broker enables agencies to detect and manage the usage of cloud applications rapidly, irrespective of whether they are managed or unmanaged, and safeguard sensitive data from being stolen by malicious cybercriminals or risky insiders who have compromised the technology environment.
A cloud access security broker is a cloud-based or on-premises security policy enforcement point situated between cloud service providers and consumers to combine and insert enterprise security policies when cloud-based resources are accessed. With a cloud access security broker solution, agencies can manage the unintentional or unauthorized transfer of sensitive data between cloud application instances while expediting security workflows with simple policy controls and incident response management.
Paul Tanasi, Federal Regional Manager, Netskope, said,
With the hybrid workforce becoming the new normal, Canadian government departments and agencies are relying more and more on giving their users direct-to-cloud access to SaaS applications and to web applications in general.
[Source – Cision PR Newswire]
Paul Tanasi further mentioned that there is a requirement to ensure these users' security and regain some of the visibility and control they were accustomed to when everyone worked from the office. A solution is required to tackle risks associated with cloud services, enforce security policies, and adhere to regulations, mainly when dealing with cloud services that are located outside their network perimeter and beyond their direct control. Netskope's CASB solution would offer the capability to adopt cloud applications and services confidently without compromising security or performance.
About Netskope
Netskope, an industry leader in SASE, assists organizations in implementing zero trust principles and AI/ML innovations to safeguard data and defend against cyber threats. The company's platform offers optimized access and real-time security for devices, people, and data, regardless of their location. Netskope assists customers in mitigating risk, accelerating application performance, and gaining unparalleled visibility into cloud, web, and private application activity. Thousands of clients rely on Netskope and its robust NewEdge network to combat evolving threats, technology shifts, new risks, organizational and network changes, and others.
Read More
Software Security
PR Newswire | October 20, 2023
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, today announces a new open source project for software developers and DevOps to easily and securely sign git commits with their Keeper vault. Through Keeper Secrets Manager (KSM), users can now use Secure Shell (SSH) keys stored in their Keeper Vault to digitally sign commits to confirm the authenticity of their code.
Git is a version control system that tracks changes in your software projects, and a git commit is a snapshot of these changes at a specific point in time, accompanied by a brief message describing the modifications. Keeper and developers at The Migus Group teamed up to create the open-source solution to sign git commits using the SSH keys stored in a user's Keeper Vault. The integration provides developers with a secure and encrypted repository for their SSH keys and removes the practice of storing them on disk, both increasing security and streamlining DevOps workflows.
The rise in software supply chain attacks highlights the need for organizations to prioritize security around the software supply chain. Signing git commits is a recommended best practice for developers to confirm the authenticity and integrity of code releases. As developers sign commits with SSH keys, they are provided with cryptographic proof of authorship, which helps secure the supply chain by assuring users the software originates from a legitimate source and remains unaltered since its signing. Digital signatures can also feed into a Software Bill of Materials (SBOM) to indicate whether a line-item in the SBOM is trusted, depending on the code signature status.
The ability to store SSH keys and other credentials in Keeper Vault offers a layer of protection and ease-of-use that hasn't been the standard, said Craig Lurey, CTO and Co-founder of Keeper Security. Our integration enables developers to validate the software code with a cryptographic digital signature and transparent logging, making what historically has been a complex process into a simple one. In the future, all code will be signed, and the software supply chain will have one source of truth that will reduce supply chain attacks.
"Our customers are asking for help insulating themselves from supply chain attacks, so we were already working to do that, often using Keeper," said Adam Migus, Founder and CEO of The Migus Group. "So, we thought working with them to make the git commit-signing process both safer and easier would be a win-win-win. Our customers can now seamlessly sign commits with keys that never leave their vaults. However, the broader community also gains an example of secure commit signing with benefits of central key management."
The SSH keys for signing commits are secured in KSM, a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, SSH keys, certificates and any type of confidential data. KSM eliminates secrets sprawl by removing hard-coded credentials from source code, config files and CI/CD systems. The fully managed, cloud-based and IT friendly solution was named an overall leader on the 2023 KuppingerCole Leadership Compass for Secrets Management. KSM is supported on Windows, MacOS and Linux. It utilizes a zero-knowledge security architecture and is highly secure withISO 27001 and SOC 2 compliance, as well as FedRAMP and StateRAMP Authorization, among numerous other certifications.
Keeper's integration helps support a broader government and industry effort to bring increased security and visibility to the open source community. The ease of providing a cryptographic digital signature allows developers to validate that the software in use is exactly what it is claiming to be and enhances security for both developers and end-users alike.
About Keeper Security
Keeper Security is transforming cybersecurity for organizations around the world with next-generation privileged access management. Keeper's zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by thousands of organizations to protect every user on every device, Keeper is the industry leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.
Read More