ENTERPRISE IDENTITY,PLATFORM SECURITY,SOFTWARE SECURITY
Bearer | November 15, 2022
Bearer, the data-first security software company, today announced the general availability of the Bearer Data Security Platform. Based on extensive interviews with more than 130 enterprise CISOs at high-growth and global 2,000 companies, Bearer is in beta use across multiple industries with one customer protecting the private data of more than 75 million medical patients.
“At Bearer, we strongly believe the best approach for a data-first security approach is to start at the beginning of the journey, following the shift-left security trend. “Data-first security should start in the code. And to be truly effective, it should never impede developers and never allow access to private data itself while still providing ownership context and protecting against vulnerabilities created in the business logic of an application or service.”
said Guillaume Montard, CEO and co-founder of Bearer
Why Bearer Data Security Platform Now
Data security is becoming a top priority for businesses, with customers and governments demanding better data protection driven by the demands of GDPR, CCPA, PDPA and more. Bearer’s detection engine protects PD, PHI, PII and financial data.
Cloud native organizations have more complex and fragmented architectures than ever before, making properly-implemented data security risk controls impossible without a proper solution. More than two-thirds of the enterprise 2,000 are focusing on cloud-native applications.
DevSecOps is gaining huge traction. 57% of security teams have shifted security left already or are planning to this year, making them ready to use a solution such as Bearer.
Bearer has been tested on more than 20,000 open source software projects as well as more than 6,000 data repositories at beta users, partners and early customers.
The Bearer Data Security Platform
Bearer is a SaaS platform that enables scalable deployments and workflow automation for security management. It discovers sensitive data flows automatically by continuously scanning source code and associated metadata. By monitoring data security risks proactively, it can automatically detect gaps within data security policies during coding and in production. Finally, it can remediate data security issues at a massive scale, giving developers immediate actionable advice on how to mitigate as well as prioritize an issue.
Bearer accomplishes these results through three major innovations:
Identification of data security risks – Including business logic flaws: Bearer pinpoints data security technical and business logic flaws in code before it’s too late and costly to correct. It then provides actionable context and ownership information to fix issues quickly – in minutes. Before Bearer, pinpointing business logic flaws could only be achieved manually – often left ignored.
Frictionless deployment: Bearer is a data security SaaS solution that fits into the development cycles of Global 2000 enterprises without requiring any changes to how software engineering teams work. Additionally, Bearer does not require access to the underlying source code nor the sensitive data itself.
Extreme automation: Designed by developers for developers in a world of constant code iterations, Bearer automates the burden of data security compliance for software engineers so they don’t have to become experts on data security regulations across different global markets. Security and compliance teams love how Bearer prioritizes the most critical issues in remediation workflow to allow for speedy resolution between security and development.
Bearer, the data-first security software company, pioneered a solution for developers to automatically detect sensitive data flow and data security risks while coding. Its policy engine proactively monitors data security policies before releasing code and its unique remediation workflow prioritizes the most critical issues – including business logic flaws – for quick resolution between security and engineering teams. Venture-backed with more than $8 million in seed financing, Bearer is used in markets where privacy protection and data security are business-critical, including eCommerce, financial services, and healthcare.
SOFTWARE SECURITY,WEB SECURITY TOOLS,WIRELESS AND MOBILE SECURITY
Airbyte | December 07, 2022
Airbyte, creators of the fastest-growing open-source data integration platform, today announced a deeper partnership with dbt Labs, the pioneer in analytics engineering. The partnership now includes a new integration that allows dbt Cloud customers to trigger dbt jobs from directly within Airbyte Cloud.
The integration brings together two of the leading open-source products in the data ecosystem, making it simpler than ever to move and transform data, while minimizing the risk of lock-in. Airbyte helps move data from a collection of sources, and dbt helps organize that data for analysis by, for example, consistently defining key business logic or standardizing data structures.
“Our companies already share hundreds of users and now they will see the integration of our Cloud products, making it simple to use the two together,” said Michel Tricot, co-founder and CEO of Airbyte. “With partners like dbt Labs, we are building a more open modern data stack to better serve the data community.”
“We’re thrilled to deepen this partnership with Airbyte, a company with whom we are aligned regarding the importance of open standards in the data ecosystem. This partnership and integration will help better serve our joint users, customers, and the data community as a whole.”
Nikhil Kothari, director of technology partnerships at dbt Labs
With its growing community of 10,000 data practitioners and 600 contributors, Airbyte is redefining the standard of moving and consolidating data from different sources to data warehouses, data lakes, or databases in a process referred to as extract, load, and, when desired, transform (ELT). Over the past year and a half, more than 25,000 companies have used Airbyte to sync data from sources such as PostgreSQL, MySQL, Facebook Ads, Salesforce, Stripe, and connect to destinations that include Redshift, Snowflake, Databricks, and BigQuery.
Airbyte’s open-source data integration solves two problems. First, companies always have to build and maintain data connectors on their own because most less popular “long tail'' data connectors are not supported by closed-source ELT technologies. Second, data teams often have to do custom work around pre-built connectors to make them work within their unique data infrastructure.
dbt Cloud enables data teams to develop faster and collaborate more effectively to build and deploy production-grade data pipelines with version control and CI/CD, pre-production testing and documentation of models, modular SQL modeling, and dependency management built in. dbt Cloud provides a centralized development experience to safely deploy, monitor, and investigate transformation code with a web-based user interface.
Airbyte is the open-source data integration leader running in the safety of your cloud and syncing data from applications, APIs, and databases to data warehouses, lakes, and other destinations. Airbyte was co-founded by Michel Tricot (former director of engineering and head of integrations at Liveramp and RideOS) and John Lafleur (serial entrepreneur of dev tools and B2B). The company is headquartered in San Francisco with a distributed team around the world.
NETWORK THREAT DETECTION,PLATFORM SECURITY,SOFTWARE SECURITY
OneLayer | November 14, 2022
OneLayer, a pioneer in securing private LTE/5G networks for enterprises, announced today that it has partnered with Druid Software, the leading global provider of private cellular network core software solutions for enterprise. OneLayer will be securing Druid Software's 5G private network domain, ultimately providing its clients, including system integrators, with a platform and the abilities they need to successfully deliver and support end-to-end cellular networks to the enterprise.
Private cellular networks provide organizations with connectivity on a completely different level, including increased reliability, a dedicated bandwidth with capacity and range, no lag time, and connectivity of IoT and OT devices across vast areas. As organizations increasingly adopt these networks, they must consider a critical element of successful network deployment, namely, integrating the cellular network with the enterprise's existing IT network. To successfully accomplish this integration, organizations must keep the network secured, including both visibility and segmentation. Druid Software, a core cellular network software company, and OneLayer's partnership now provide a solution that removes the security concerns for Druid's clients.
OneLayer is integrating its SaaS solution on Druid Software equipment, allowing for seamless security for any private LTE/5G network running on Druid Software's core. Its solution for securing private cellular networks will enable network security using a Zero Trust approach, asset management, cellular and IoT device fingerprinting, policy enforcement that allows network segmentation, and anomaly detection, amongst other capabilities, securing devices connected to Druid Software's core.
"We are excited to be working with Druid Software as a strategic partner. In addition to providing a security solution for Druid, we have also included Druid's core as a part of our new 5G Security Lab. "By providing a much-needed security solution for Druid we are giving users the confidence to invest in adopting an LTE/5G network that has the potential to take their business to the next level. We feel this first-hand through our own implementations and research"
Dave Mor, CEO and Co-founder of OneLayer
"By adding this security solution which brings further essential capabilities for network protection we are addressing a market need for our clients and ensuring them the best and safest 5G or 4G offering to date," said Tadhg Kenny, Senior Vice President for Partnerships at Druid. "Our clients rely on Druid for the quality of its Raemis core network. Now with OneLayer's additional levels of security, we will be providing an even more comprehensive product to serve their business needs"
OneLayer provides enterprise-grade security for private LTE/5G networks. Its platform and IoT security toolkit can be implemented in private cellular networks to provide better visibility, control and protection for organizations. The company was founded by world-class cybersecurity experts with a deep understanding of both cellular protocols and IoT security needs along with veterans from the IDF's 8200 and 81 intelligence units. OneLayer is backed by industry-leading advisors and has partnered with experts both in the cybersecurity domain as well as the telecom industry.
About Druid Software
Druid Software is a core cellular network software company based in Ireland. Established in 2001 Druid Software has evolved into one of the world's leaders in Private 5G & 4G Cellular technology over the last 20 years. Druid Software's RAEMIS™ platform is a mature 3GPP compliant 4G/5G core network, with unique features designed specifically for business and mission critical use.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Abnormal | November 16, 2022
Abnormal Security, the leading behavioral AI-based security platform, announced today its newest addition to the product portfolio as the company progresses toward delivering the most comprehensive cloud email security in the market. The latest innovation protects customers from emerging email platform attacks that are increasing in volume and severity as attackers find new ways to target organizations.
The open, interconnected nature of cloud email platforms creates new entry points for attackers to exploit and manipulate—increasing the need for security tools that protect organizations from attacks beyond those that are delivered through inbound email. While advanced inbound email attacks like business email compromise and credential phishing remain the primary cloud email attack vector, accounting for $43 billion in exposed losses since 2016, this addition to the Abnormal product portfolio expands the capabilities of cloud email security to protect against side-channel attacks that directly target the entire email platform. In recent headlines, cybercriminals have exploited unguarded entry and exit points to carry out sophisticated platform attacks, including:
Compromising user and administrator accounts by bypassing MFA policies
Exploiting global administrator privileges by setting up tenant-wide email forwarding rules that send company emails to attacker inboxes
Tricking employees into installing malicious OAuth applications through consent phishing email links disguised as file-sharing links
These examples showcase the need for security tools that can detect changes to the cloud email environment and provide full visibility into the current posture. But because security teams often share responsibility for these platforms alongside IT and messaging teams, it is operationally difficult and manual to understand the full scope of potential configurations across thousands of users, third-party applications and email tenants, and manage them accordingly.
“As we’ve spoken to our customers, we’ve heard increasing concerns about this next generation of attacks. Since they have implemented Abnormal to secure the inbound channel against advanced attacks such as BEC, attackers are looking for new ways to access their inboxes and email platforms. “Implementing a solution that can alert security teams to new integrated applications, over-permissioned users, and other potentially risky events will be extremely helpful to security leaders, and Abnormal is excited to evolve our inbound email security platform to provide this capability and better protect our customers from the full spectrum of attacks.”
Mike Britton, chief information security officer at Abnormal Security
The new Security Posture Management product from Abnormal gives security teams immediate visibility to each of the potential entry and exit points to the cloud email platform. Increased visibility begins with three new Knowledge Bases, in addition to the existing VendorBase, which present comprehensive databases of employees, third-party applications, and email tenants. Each of the three new Knowledge Bases provides the foundational visibility security teams need to understand potentially exposed surface areas in Microsoft 365 and conduct security investigations.
AppBase: Provides a running inventory of all of the third-party applications that have access to data within Microsoft 365. It provides a summary of important information about application permissions and data access, as well as an activity timeline of recent events.
PeopleBase: Provides a directory of each active user in the environment. It uses contextual, behavioral data to build a dynamic user genome. PeopleBase also provides an activity timeline of recent events, including sign-on patterns, suspicious email activity, and more.
TenantBase: Provides a catalog of each of the email tenants Abnormal Security protects and relevant permissions governing access to them.
Taking the information derived from these Knowledge Bases, the new Security Posture Management product then monitors each entity for potentially risky configuration changes. Key changes may include the escalation of administrator privileges or the integration of new unverified applications with read-write access to mailboxes. When changes occur, Security Posture Management alerts administrators so they can understand the impact and take appropriate downstream action to protect their cloud email platform from insider threats or attacker infiltration.
While the monitoring and alerting capabilities of Security Posture Management are available as an add-on purchase to Inbound Email Security, Abnormal is providing the foundational visibility of its new Knowledge Bases at no cost to all customers with Microsoft 365.
New Product Continues to Drive Abnormal Growth in the Email Security Market
The posture management offering underscores Abnormal’s commitment to providing its customers with the most effective email security platform on the market. In recent weeks, Abnormal was named to the CNBC Top 25 Startups for the Enterprise list of companies that are best suited to meet the needs of large enterprises, as well as the Madrona Intelligent Applications 40 list for the platform’s superior capabilities in using machine learning to extract useful information from real-time and historical data.
These awards highlight the continued success of the company as Abnormal continues to experience more than 2x growth per year, with notable customers including Xerox, Urban Outfitters, Royal Caribbean International, and Groupon. The company maintains a 4.8-star review on Gartner Peer Insights, with 100% recommendation from participating companies. This continued growth is driven by the recent Series C funding round in which Abnormal raised $210 million with backing from Insight Partners, Greylock Partners, and Menlo Ventures.
Security Posture Management is the second major product launch in the past six months, with Abnormal releasing the Email Productivity module in August 2022. The Email Productivity add-on uses behavioral AI to filter time-wasting promotional emails away from employee and executive inboxes, automatically personalizing protection to each user based on behavior cues like folder moves. By shielding employees and executives from the growing barrage of promotional emails, including vendor cold calls, newsletters, and marketing promotions, Email Productivity saves enterprises multiple hours per employee per month. Both new products are part of the Abnormal Cloud Email Security platform, which stops the full spectrum of email-borne attacks.
Abnormal Security provides the leading behavioral AI-based security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine leverages identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails in milliseconds—all while providing visibility into configuration drifts across your environment. You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly.