DATA SECURITY

Datadog Launches Application Security Monitoring

Datadog | April 29, 2022

Datadog
Datadog, Inc., a cloud application monitoring and security platform, today announced the official release of its Application Security Monitoring (ASM) solution. ASM utilizes distributed tracing to assist security, development, and operations teams in precisely detecting code-level vulnerabilities like server-side request forgeries (SSRFs), SQL injections, cross-site scripting (XSS) assaults, and others.

Today, applications are a frequent cause of data breaches. According to Forrester's The State of Application Security, 2021, "applications continue to be a leading cause of external breaches, and the presence of open source, APIs, and containers further adds complexity to the security team."

Security risks are increasingly focusing on gaining access to data via an organization's apps by detecting and exploiting code-level flaws. These attacks get through outdated, perimeter-based security systems, which can't tell the difference between a legitimate application request and one that presents a security risk. As software architectures become more sophisticated, there is an increasing need for application security solutions that break through barriers between security, development, and operations teams.

Datadog ASM employs distributed tracing to give end-to-end context, allowing enterprises to identify threats more precisely and react more quickly. This comprehensive view, when combined with the Datadog Cloud Security Platform's additional features such as Cloud Security Posture Management (CSPM), Cloud Workload Security (CWS), and Cloud SIEM, offers teams with actionable insights that speed up remediation and increase collaboration.

"Applications are frequent sources of data breaches because security solutions have not kept pace with modern attacks, which focus on exploiting software code vulnerabilities. Legacy, perimeter-based security solutions cannot adequately address the complexity of today's advanced software architectures, which greatly increase the number of applications, APIs and services that must be monitored. We believe the answer is to use distributed tracing to more accurately detect attacks that expose organizations to risk. This approach helps teams get visibility on authenticated attacks and those that trigger code-level anomalies, ultimately helping them collaborate and respond to threats more quickly."

Pierre Betouin, VP of Product, Cloud Security Platform at Datadog

Application Security Monitoring expands on Datadog's acquisition of Sqreen in April 2021, which has been completely integrated into the Datadog Cloud Security Platform to give a uniform user experience and expanded capabilities. Customers may get their hands on the goods right now.

Spotlight

This paper examines cyberlaw as a growing field of legal practice and the roles that lawyers play in helping companies respond to cybersecurity threats. Drawing on interviews with lawyers, consultants, and academics knowledgeable in the intersection of law and cybersecurity, as well as a survey of lawyers working in general counsel’s offices, this study examines the broader context of cybersecurity, the current legal framework for data security and related issues.


Other News
DATA SECURITY,ENTERPRISE IDENTITY,SOFTWARE SECURITY

Wib Raises $16 Million Investment to Accelerate Growth and Tackle Rising API Security Problem

Wib | November 08, 2022

Wib, the fast-growth cybersecurity startup pioneering a new era in API security, today announced a $16 million investment led by Koch Disruptive Technologies (KDT), the growth and venture arm of Koch Industries, Inc, with participation from Kmehin Ventures, Venture Israel, Techstars and existing investors. The investment will be used to enhance Wib's pioneering holistic API security platform and accelerate international growth as it expands operations across the Americas, UK and EMEA. API security is one of the biggest challenges facing CIOs today. Traditional API security solutions are siloed and fragmented, leaving CIOs with a choice of multiple point products or bolt-on integrations to create a patchworked solution. This results in increased cost and complexity, reduced visibility and control, and greater exposure to risk. Wib's holistic API security platform is the only solution to provide complete visibility across the entire API landscape, from code to production, helping unify software developers, cyber defenders, and CIOs around a single holistic view of their complete API domain. By delivering rigorous real-time inspection, management, and control at every stage of the API lifecycle, Wib can automate inventory and API change management; identify rogue, zombie and shadow APIs and analyse business risk and impact, helping organisations to reduce and harden their API attack surface. "APIs have become the Achilles heel of cyber defenses and the number one threat vector for cyber-attacks. "APIs account for 91% of today's internet traffic with over 50% being invisible to business IT and security teams. These unknown, unmanaged, and unsecured APIs are creating massive blind spots for CIOs that expose critical business logic vulnerabilities and increase risk. Gil Don, CEO and Co-Founder of Wib "What's more, traditional and legacy web security approaches, like WAFs and API Gateways, were never designed to protect against modern logic-based vulnerabilities. The Wib platform has been purposely built for an API driven world creating a new category of API native security." A recent report by industry research firm GigaOm, placed Wib as a "fast mover" in the "leaders" category, stating, "Wib is a new company but brings a strong enough offering to jump straight into the leaders category" and "Wib is a new entrant in this space, but it offers a comprehensive solution." Wib was also called out for its capability in "source code analysis with an eye toward API weaknesses is Wib's greatest strength." The report ranks Wib's API Runtime Protection, Monitoring and Reporting as exceptional in its focus and execution. This is a real testament to the Wib's innovative API security platform and approach. About Wib Wib is pioneering a new era in API security with its industry first holistic API security platform. Providing continuous and complete visibility and control across the entire API ecosystem, Wib enables developers to code with confidence and security teams to secure with surety.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Noname Security Announces Ambitious EMEA Channel Strategy to Capitalise on Accelerating Demand for API Security

Noname Security | November 02, 2022

Noname Security, the leading API security company, today shared its EMEA channel strategy, which builds on significant momentum achieved in the past six months and is led by Ides Vanneuville, recently appointed EMEA Channels & Alliances Director. Vanneuville is an experienced leader in the cybersecurity market with a strong track record in cybersecurity and solutions engineering, having held a number of senior positions at organisations such as Palo Alto Networks, Nutanix, and Aviatrix. Demand for API security solutions is accelerating throughout EMEA as businesses continue to transition to public cloud and are increasingly adopting cloud-native development strategies. High-profile API breaches have underlined the critical nature of API security and the need for advanced solutions such as the Noname API Security Platform that accelerate digital transformation while addressing API security risks and vulnerabilities. This offers a new and growing market for established cybersecurity resellers and new entrants alike. "I am excited to join Noname Security at a time when the channel is transforming to meet growing demand for the powerful yet easy-to-use API security that our platform delivers," comments Vanneuville. "We are building productive partnerships with traditional cybersecurity companies seeking to expand their offering into the DevSecOps market, along with the innovative application-centric resellers that are carving out opportunities in this space." Noname Security operates a 100% indirect sales model, and its channel strategy focuses on building out presence across EMEA by securing key partnerships with a range of cybersecurity resellers, consultancies, systems integrators, and distributors. Since March 2022, Noname Security has signed new partnerships with Oblivion, part of Xebia (Netherlands, Denmark & Germany), NewGens Pte (Singapore, Malaysia, Indonesia and Thailand), CyberGate Defense (UAE), Evanssion (Middle East & Africa), Aditinet (Italy), iSOC24 (Benelux) and HighPoint (UK & NL) . These partners join a diverse group of existing partners across Europe, the Middle East, and Africa. These partners will be supported by Noname Security's global partner program, which provides the resources they need to address key customer pain points in their region and build sizable revenue opportunities in the API security market. The program is tailored to reflect the variations in maturity and background of the API security market in each geographic area. "API security is a rapidly evolving area that wraps around the ways APIs are being used in different territories," adds Vanneuville. "For example, the increase in open banking in emerging regions like Turkey is driving demand for API security in that region, and we have new Noname Security partners in place to meet that need. Similarly, the booming m-commerce market in Africa is a valuable target for our partners to focus on. Our program helps partners target these key vertical markets and build a reputation for excellence." API Security Workshops Provide Essential Partner and Market Education Noname Security is running a series of workshops to educate the market and channel partners about the importance of protecting APIs against attacks and how to go about it. These are currently available, both virtually and in-person in a variety of worldwide cities, and will help Noname's channel partners as well as their end-users to understand: The underlying security risks when deploying APIs Emerging threats facing applications and APIs Techniques used to exploit vulnerable APIs How Noname Security monitors API traffic for anomalies. "These educational workshops form an important part of Noname's go-to-market strategy," concludes Vanneuville. "An educated market is a receptive market, and with these workshops we aim to ensure that customers and partners fully understand the urgency of securing APIs in order to protect core revenue streams against disruptive attackers. This is a relatively new area, but one that is of critical importance for the success and stability of modern enterprises as the cloud transition continues and born-in-the-cloud businesses ramp up innovation and expansion." About Noname Security Noname Security is the only company taking a complete, proactive approach to API security. Noname works with 20% of the Fortune 500 and covers the entire API security scope across three pillars: posture management, runtime security and API security testing. Noname Security is privately held, remote-first with headquarters in Palo Alto, California, and offices in Tel Aviv and Amsterdam.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Fordefi Raises $18M Seed Round to Launch Institutional DeFi Wallet and Security Platform

Fordefi | November 09, 2022

Fordefi, a financial technology and software company, today announced an $18 million seed round and the public launch of its institutional MPC wallet built for transacting on decentralized applications (dApps). Led by Lightspeed Venture Partners, the investors of the firm's initial capital raise also include Electric Capital, Alameda Research, Jump Crypto, Castle Island, Pantera Capital, Illuminate Financial, PayPal Alumni Fund, Nima Capital, Digital Currency Group, Defiance Capital and StarkWare. "The Fordefi team is bringing to market a solution that addresses two of the biggest challenges in DeFi today: institutional-grade security and smart contract transparency," said Sam Harrison, Senior Advisor at Lightspeed Venture Partners and Managing Partner at Faction. "We are excited to support an experienced team bringing a powerful solution to market that directly solves pain points that have held institutions back from achieving the full potential of decentralized finance." "Wallet hacks made major headlines this year. Until now, decentralized finance was missing a secure, stable, and seamless way to connect to dApps," said Ken Deeter, Partner at Electric Capital. "Fordefi's single-browser extension paired with a top-notch institutional grade MPC wallet platform will unlock opportunities across DeFi for all crypto-native institutions. We're excited to be part of Fordefi's journey, as an investor, design partner and customer." Introducing the Fordefi Platform Co-founders Josh Schwartz, CEO, Dima Kogan, CTO, and Michael Volfman, Vice President of Research and Development, began developing the Fordefi platform in 2021, an unprecedented year for crypto adoption, as institutions took notice of the explosive growth and massive volumes of digital assets moved into the markets. A boom in the development of new blockchains and decentralized applications created opportunities for investing that institutions could not safely participate in, as available wallets had been designed years before and lacked the technology to securely and confidently connect them. "Decentralized finance is evolving quickly and its complexities require a dynamic solution," said Schwartz. "Legacy wallet providers are unable to meet the needs of institutions that want to access the new opportunities DeFi has created while ensuring their assets are protected. Fordefi has taken a DeFi-first approach and has built a solution engineered for how clients interact with dApps." "DeFi transactions are much more complex than simple asset transfers, and that's the key to DeFi's exciting new opportunities," said Kogan. "Unfortunately, this complexity also brings with it many new security risks. Fordefi enables institutions to interact with DeFi applications with increased operational efficiency and security through in-depth visibility into each transaction and the ability to set the right controls." A first of its kind wallet and security platform, Fordefi enables market participants to easily and securely connect to decentralized applications. Fordefi's platform is the only institutional MPC wallet on the market built for firms transacting on decentralized applications across blockchains. The solution delivers a previously unavailable degree of insight into transactions, translating smart contracts into language that users can understand, simulating every transaction in advance and independently verifying dApp names. Its advanced MPC key management capabilities are built to protect against any single point of failure, and the platform's unique policy management capabilities offer users the ability to create and define their own workflows, proactively protecting themselves from both internal and external vulnerabilities. "Fordefi has been a tremendous addition to our DeFi workflow. We've seen accelerated deployment efficiency across a comprehensive set of on-chain opportunities, alongside enhanced user intuitiveness and without compromising security." Shane Al, Head of Investments at Arc Capital and Fordefi design partner. "The Fordefi platform provides robust solutions for institutions to access thousands of DeFi opportunities with the highest levels of security. The platform is extremely customizable and allows us to manage our own policies and controls, ensuring a balance between flexibility and security - crucial for liquid fund strategies." Jacob Goh, Head of Operations & Investor Relations at DeFiance Capital, Fordefi investor and design partner. About Fordefi Fordefi's MPC wallet platform and Web3 gateway enables institutions to seamlessly connect to dApps across a wide range of chains while keeping digital assets secure. Fordefi is the first institutional MPC wallet and security platform built for decentralized finance (DeFi), offering MPC key management, self-serve DeFi policy controls, time-of-transaction smart contract insights, transaction simulation and risk alerts. Fordefi was founded in 2021 by crypto custody and cybersecurity experts, and designed in close collaboration with industry-leading trading firms, funds and custodians. Fordefi is a financial technology and software company with offices in New York and Tel Aviv. About Fordefi's Founders Josh Schwartz, Dima Kogan and Michael Volfman founded Fordefi after establishing themselves with decades of experience as leaders in crypto, cybersecurity, and financial services. Schwartz served as Chief Operating Officer at Curv, an institutional MPC wallet acquired by PayPal in 2021, and was Vice President of Sales at digital custody platform BitGo. Dr. Kogan's career spans more than 15 years in academia, industry and government. He received his PhD from Stanford with a specialization in applied cryptography and was awarded the "Best Young Researcher" prize at Eurocrypt 2018, the Theory of Cryptography Conference 2019, and Eurocrypt 2020. Volfman is an engineering manager with 20 years of experience in cybersecurity, serving as Vice President of R&D at Toka, was Chief Technology Officer and co-founder of an edtech startup, and a Director at Guardicore.

Read More

DATA SECURITY,ENTERPRISE SECURITY,PLATFORM SECURITY

Laminar Supports Launch of Amazon Security Lake

Laminar | November 30, 2022

Laminar, a leader in public cloud data security, today announced it is supporting the launch of Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes an organization’s security data from cloud, on-premises, and custom sources into a customer owned purpose-built data lake. With support for the Open Cybersecurity Schema Framework (OCSF) standard, Amazon Security Lake reduces the complexity and costs for customers to make their security solutions data accessible to address a variety of security use cases such as threat detection, investigation, and incident response. “All cybersecurity in the end is about protecting data and all cybersecurity is more effective and efficient with data-context. “Laminar is proud to be a launch partner for Amazon Security Lake, adding data-context to security events for better risk models, effective investigations and efficient remediation.” Amit Shaked, co-founder and CEO, Laminar Amazon Security Lake helps organizations aggregate, manage, and derive value from log and event data on the cloud and on-premises to give security teams greater visibility across their organizations. With Amazon Security Lake, customers can use the security and analytics solutions of their choice to simply query that data in place or ingest the OCSF-compliant data to address further use cases. Amazon Security Lake helps customers optimize security log data retention by optimizing the partitioning of data to improve performance and reduce costs. Now, analysts and engineers can easily build and use a centralized security data lake to improve the protection of workloads, applications, and data. Laminar is a Data Security Posture Management (DSPM) leader that delivers autonomous, agentless, and continuous data security for everything that you build and run on the cloud. Laminar provides autonomous discovery and classification for all data across AWS and hybrid cloud environments into a cloud data catalog, prioritization of data assets by our proprietary risk model, and an agentless and asynchronous approach to DSPM to reduce the exposure surface without impacting performance. “Data is every enterprise’s most valuable asset, which makes protecting it a critical capability for all cybersecurity solutions,” said Rod Wallace, General Manager for Amazon Security Lake. “Amazon Security Lake enables security teams to optimize security log data collection and retention by optimizing the partitioning of data to improve performance and reduce costs. With the Laminar integration, analysts and engineers can store their data in the OCSF format for further analytics to improve the protection of workloads, applications, and data.” About Laminar Laminar’s Cloud Data Security Platform protects data for everything you build and run in the cloud across cloud providers and cloud data warehouses. The platform autonomously and continuously discovers and classifies new datastores for complete visibility, prioritizes risk based on sensitivity and data risk posture, secures data by remediating weak controls and actively monitors for egress and access anomalies. Designed for the multi cloud, the architecture takes an API-only approach, without any agents, and without sensitive data ever leaving your environment. Founded in 2020 by a brilliant team of award winning Israeli red team experts, Laminar is proudly backed by Insight Partners, Tiger Global, Salesforce Ventures, TLV Partners, and SentinelOne.

Read More

Spotlight

This paper examines cyberlaw as a growing field of legal practice and the roles that lawyers play in helping companies respond to cybersecurity threats. Drawing on interviews with lawyers, consultants, and academics knowledgeable in the intersection of law and cybersecurity, as well as a survey of lawyers working in general counsel’s offices, this study examines the broader context of cybersecurity, the current legal framework for data security and related issues.

Resources