Software Security
PR Newswire | October 20, 2023
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, today announces a new open source project for software developers and DevOps to easily and securely sign git commits with their Keeper vault. Through Keeper Secrets Manager (KSM), users can now use Secure Shell (SSH) keys stored in their Keeper Vault to digitally sign commits to confirm the authenticity of their code.
Git is a version control system that tracks changes in your software projects, and a git commit is a snapshot of these changes at a specific point in time, accompanied by a brief message describing the modifications. Keeper and developers at The Migus Group teamed up to create the open-source solution to sign git commits using the SSH keys stored in a user's Keeper Vault. The integration provides developers with a secure and encrypted repository for their SSH keys and removes the practice of storing them on disk, both increasing security and streamlining DevOps workflows.
The rise in software supply chain attacks highlights the need for organizations to prioritize security around the software supply chain. Signing git commits is a recommended best practice for developers to confirm the authenticity and integrity of code releases. As developers sign commits with SSH keys, they are provided with cryptographic proof of authorship, which helps secure the supply chain by assuring users the software originates from a legitimate source and remains unaltered since its signing. Digital signatures can also feed into a Software Bill of Materials (SBOM) to indicate whether a line-item in the SBOM is trusted, depending on the code signature status.
The ability to store SSH keys and other credentials in Keeper Vault offers a layer of protection and ease-of-use that hasn't been the standard, said Craig Lurey, CTO and Co-founder of Keeper Security. Our integration enables developers to validate the software code with a cryptographic digital signature and transparent logging, making what historically has been a complex process into a simple one. In the future, all code will be signed, and the software supply chain will have one source of truth that will reduce supply chain attacks.
"Our customers are asking for help insulating themselves from supply chain attacks, so we were already working to do that, often using Keeper," said Adam Migus, Founder and CEO of The Migus Group. "So, we thought working with them to make the git commit-signing process both safer and easier would be a win-win-win. Our customers can now seamlessly sign commits with keys that never leave their vaults. However, the broader community also gains an example of secure commit signing with benefits of central key management."
The SSH keys for signing commits are secured in KSM, a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, SSH keys, certificates and any type of confidential data. KSM eliminates secrets sprawl by removing hard-coded credentials from source code, config files and CI/CD systems. The fully managed, cloud-based and IT friendly solution was named an overall leader on the 2023 KuppingerCole Leadership Compass for Secrets Management. KSM is supported on Windows, MacOS and Linux. It utilizes a zero-knowledge security architecture and is highly secure withISO 27001 and SOC 2 compliance, as well as FedRAMP and StateRAMP Authorization, among numerous other certifications.
Keeper's integration helps support a broader government and industry effort to bring increased security and visibility to the open source community. The ease of providing a cryptographic digital signature allows developers to validate that the software in use is exactly what it is claiming to be and enhances security for both developers and end-users alike.
About Keeper Security
Keeper Security is transforming cybersecurity for organizations around the world with next-generation privileged access management. Keeper's zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by thousands of organizations to protect every user on every device, Keeper is the industry leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.
Read More
API Security
Wallarm | October 13, 2023
Wallarm has announced the availability of Application and API Security policies seamless integration with the MuleSoft AnyPoint Platform, providing essential protection for apps and APIs in various deployment scenarios. This integration of Wallarm and MuleSoft presents a compelling choice for organizations dedicated to comprehensively safeguarding and managing their API security management, ensuring robust protection for their digital assets.
In the digital age, enterprises heavily depend on APIs to facilitate application connections and drive their digital transformation. Wallarm's latest offering seamlessly integrates with the MuleSoft API management and integration platform, bolstering cloud security and compliance to meet the evolving needs of modern businesses.
Effective API management is paramount for organizations, and the market offers numerous commercial solutions, each with its unique features. Whether opting for well-known platforms such as MuleSoft, Kong, or Apigee, or exploring external tools like Akamai Edge and Azion Edge, the decision on how to deploy and manage crucial APIs depends on factors such as scalability, performance, and existing infrastructure. Regardless of the chosen approach, the demand for robust API security that effortlessly aligns with these varied deployment methods remains a top priority.
CEO and Co-founder of Wallarm, Ivan Novikov, said,
Wallarm is keen to unveil a cutting-edge cloud-based security policy that is agile and fully integrated with MuleSoft, a leading integration and API management platform in the market.
[Source – Business Wire]
About Wallarm
Wallarm is a leading provider of robust protection for APIs, microservices, web applications, and serverless workloads in cloud-native environments. Trusted by numerous Security and DevOps teams, Wallarm excels in comprehensive web app and API endpoint discovery, shielding against emerging threats across their API portfolio, and automating incident response for enhanced risk management. The platform is designed to support modern tech stacks, offering a myriad of deployment options in both cloud and Kubernetes-based environments, including a full cloud solution. Based in San Francisco, California, Wallarm is backed by prominent investors like Y Combinator, Toba Capital, Partech, and others.
Read More
Software Security
Lacework | September 15, 2023
Lacework, a company specializing in data-driven cloud security, and Snowflake, a prominent Data Cloud company, have jointly announced an expanded partnership. This partnership aims to propel the evolution of cloud infrastructure while enhancing cloud security automation at scale. Through this extended collaboration, security teams gain direct access to their Lacework cloud security data using Snowflake's secure data sharing, thus enabling unified visibility and tailored automation.
Ulfar Erlingsson, Chief Architect, Lacework, said,
Snowflake has been a dedicated platform partner as Lacework has scaled our business to support over 900 customers — ranging from small, early-stage startups to some of the most sophisticated enterprises running in the cloud space today — whose operations result in tremendous volume, variety, and velocity of security-relevant data.
[Source – Cision PR Newswire]
Erlingsson mentioned that, over the past seven years, Lacework had successfully conducted timely and efficient data processing by utilizing the Snowflake Data Cloud, even among a highly skewed set of customers. He further explained that their extended partnership with Snowflake would enhance their ability to serve joint customers at a cloud scale. This would apply whether customers needed them to handle only a small amount of security data or data processing at rates as high as 10s of gigabytes per second.
As generative AI advances and becomes more accessible across various industries, the frequency and severity of cybersecurity threats are on the rise. This trend is driven by businesses accelerating their development processes and increasing cloud data generation. Addressing this new era of cloud security necessitates a fundamentally fresh approach, and Lacework's platform is designed to efficiently manage the substantial volume of data within an organization's cloud ecosystem. This includes data related to code, identities, containers, and multi-cloud infrastructure, with Snowflake serving as a critical platform partner.
Through the combined capabilities of Lacework's security platform and Snowflake's Data Cloud, customers gain the ability to extend the value of cloud security data throughout their organization. This enables organizations to thoroughly assess their security and compliance status.
Head of Cybersecurity Strategy at Snowflake, Omer Singer, said,
Among the many potential advantages of generative AI is the ability for enterprises to deploy new applications faster, which places even more emphasis on the need to have scalable infrastructure and solutions. The combination of Snowflake and Lacework will continue to assist organizations scale their cloud businesses securely in the new era.
[Source – Cision PR Newswire]
About Lacework
Lacework protects organizations in the cloud, enabling them to innovate with greater speed and assurance. Lacework's platform is designed to scale with the variety, volume, and velocity of cloud data across an organization's cloud environment, including code, containers, identities, and multi-cloud infrastructure. Only Lacework provides Security and Development teams with a connected and prioritized end-to-end view that identifies the most significant hazards and security events.
About Snowflake
The Snowflake enables all organizations to mobilize their data with its Data Cloud. Customers utilize the Data Cloud to integrate disparate data sources, power data applications, discover and securely share data, and implement a variety of AI/ML and analytic workloads. Snowflake provides a singular data experience that transcends multiple clouds and geographies, regardless of where data or users reside. Snowflake Data Cloud is used by thousands of customers across numerous industries, including 639 of the 2023 Forbes Global 2000 as of July 31, 2023.
Read More
Platform Security
Business Wire | October 31, 2023
Stellar Cyber, the innovator of Open XDR, announced today that a top 200 managed security service provider (MSSP), BLOKWORX, has added Stellar Cyber Open XDR Platform to its security stack to enhance context and increase the differentiation of its security offerings. Stellar Cyber’s Network Detection and Response (NDR) capabilities and unique ability to identify threats at the network layer played a pivotal role in BLOKWORX’s ultimate decision.
The Stellar Cyber Open XDR Platform enables MSSPs to produce consistent security outcomes with existing staff. In addition, Stellar Cyber complements security teams’ human expertise, making them more productive and efficient.
BLOKWORX is a leading MSSP delivering data-centric security services aimed at managed security providers (MSP) with limited in-house cybersecurity resources. BLOKWORX sets itself apart from other MSSPs with its extensive networking expertise. “Most MSSPs focus on the endpoint when it comes to threat detection, then broaden their efforts,” said Robert Boles, Founder & President of BLOKWORX. “While we can and do look at endpoints, together with Stellar Cyber, we take a more comprehensive approach, looking at all layers of the network, allowing us better to understand the real depth and breadth of a threat and more completely protect a client's network from cloud to edge to endpoint.”
We are delighted that BLOKWORX underscores how the Stellar Cyber Open XDR Platform accentuates the differentiation and value they offer their customers, said Jim O’Hara, Stellar Cyber Chief Revenue Officer. BLOKWORX is already a deeply valued partner, and we look forward to developing our relationship further.
BLOKWORX played a critical role in integrating Stellar Cyber and Deep Instinct. They invested significant cycles working with the dev teams from Stellar Cyber and Deep Instinct, ensuring the integration works as expected. The result is a resilient integration between the two products that protect enterprises globally. “BLOKWORX was an invaluable contributor to the integration work we completed with Deep Instinct,” said Andrew Homer, VP of Technology Alliances at Stellar Cyber. “When you see this type of dedication from a partner, you want to work harder to deliver the best possible outcomes, and that is what we did.”
“We will not bring anything into our stack that doesn’t pass our comprehensive vetting process, especially when a product claims to be multi-tenant. Stellar Cyber checked every box in our vetting process,” added Robert Boles.
Unlike other SecOps platforms requiring several multifaceted technical professionals to deploy, use, and maintain, the Stellar Cyber Open XDR Platform delivers NG-SIEM, NDR, UEBA, SOAR, and TIP capabilities in an efficient way that allows security analysts to focus on security operations. In addition, powered by deep learning AI and an “open” integration architecture, Stellar Cyber intelligently correlates alerts, logs, and telemetry data, providing security analysts with the holistic view of threats they need to mitigate them quickly.
About Stellar Cyber
Stellar Cyber delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.
About BLOKWORX
Most IT Managed Service Providers can’t keep up with all the security options and threats that come at their clients on their own. BLOKWORX simplifies security solutions and constantly prevents cyber threats before they become catastrophic events so MSPs can protect their clients, reduce their risks and have peace of mind growing their business, with a trusted and proven security partner watching their backs. We Defend. We Protect. You Grow. For more information, visit www.blokworx.com.
Read More