Software Security
PR Newswire | October 20, 2023
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, today announces a new open source project for software developers and DevOps to easily and securely sign git commits with their Keeper vault. Through Keeper Secrets Manager (KSM), users can now use Secure Shell (SSH) keys stored in their Keeper Vault to digitally sign commits to confirm the authenticity of their code.
Git is a version control system that tracks changes in your software projects, and a git commit is a snapshot of these changes at a specific point in time, accompanied by a brief message describing the modifications. Keeper and developers at The Migus Group teamed up to create the open-source solution to sign git commits using the SSH keys stored in a user's Keeper Vault. The integration provides developers with a secure and encrypted repository for their SSH keys and removes the practice of storing them on disk, both increasing security and streamlining DevOps workflows.
The rise in software supply chain attacks highlights the need for organizations to prioritize security around the software supply chain. Signing git commits is a recommended best practice for developers to confirm the authenticity and integrity of code releases. As developers sign commits with SSH keys, they are provided with cryptographic proof of authorship, which helps secure the supply chain by assuring users the software originates from a legitimate source and remains unaltered since its signing. Digital signatures can also feed into a Software Bill of Materials (SBOM) to indicate whether a line-item in the SBOM is trusted, depending on the code signature status.
The ability to store SSH keys and other credentials in Keeper Vault offers a layer of protection and ease-of-use that hasn't been the standard, said Craig Lurey, CTO and Co-founder of Keeper Security. Our integration enables developers to validate the software code with a cryptographic digital signature and transparent logging, making what historically has been a complex process into a simple one. In the future, all code will be signed, and the software supply chain will have one source of truth that will reduce supply chain attacks.
"Our customers are asking for help insulating themselves from supply chain attacks, so we were already working to do that, often using Keeper," said Adam Migus, Founder and CEO of The Migus Group. "So, we thought working with them to make the git commit-signing process both safer and easier would be a win-win-win. Our customers can now seamlessly sign commits with keys that never leave their vaults. However, the broader community also gains an example of secure commit signing with benefits of central key management."
The SSH keys for signing commits are secured in KSM, a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, SSH keys, certificates and any type of confidential data. KSM eliminates secrets sprawl by removing hard-coded credentials from source code, config files and CI/CD systems. The fully managed, cloud-based and IT friendly solution was named an overall leader on the 2023 KuppingerCole Leadership Compass for Secrets Management. KSM is supported on Windows, MacOS and Linux. It utilizes a zero-knowledge security architecture and is highly secure withISO 27001 and SOC 2 compliance, as well as FedRAMP and StateRAMP Authorization, among numerous other certifications.
Keeper's integration helps support a broader government and industry effort to bring increased security and visibility to the open source community. The ease of providing a cryptographic digital signature allows developers to validate that the software in use is exactly what it is claiming to be and enhances security for both developers and end-users alike.
About Keeper Security
Keeper Security is transforming cybersecurity for organizations around the world with next-generation privileged access management. Keeper's zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by thousands of organizations to protect every user on every device, Keeper is the industry leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.
Read More
API Security
Business Wire | October 25, 2023
Data Theorem, Inc., a leading provider of modern application security, today introduced an industry-first attack path analysis of APIs and software supply chain exploits to its Cloud-Native Application Protection Platform (CNAPP) called Cloud Secure. The new release includes machine learning (ML)-based hacker toolkits and improved visualizations that boost discovery of potential data breaches in first-party APIs and third-party software supply chain assets hosted in multi-cloud environments.
As a result of today’s launch, organizations can now leverage an advanced ML-based CNAPP solution to best secure their cloud-native apps and discover weaknesses which could lead to data breaches. Previously, organizations had to rely on cloud security posture management (CSPM) and agent-based cloud workload protection platforms (CWPP) that lack the ability to accurately detect attack surfaces such as first- and third-party APIs that lead to the critical path hackers utilize to successfully exploit vulnerabilities and extract sensitive data.
Data Theorem’s new release of Cloud Secure now delivers Cloud Hacker Toolkits powered by a new set of visualization features and ML enhancements for exploit prioritization, helping organizations focus on the most critical vulnerabilities that hackers can take advantage of for a cyberattack to extract data from cloud-native apps. In addition, Cloud Secure now offers ML-powered optimized Cloud Assets inventory with new visualizations for organizations to better understand the relationships between applications (mobile and web), APIs (first and third party), and the myriad of cloud resources. As a result, organizations for the first time can have an accurate inventory of their cloud-native and cloud-hosted applications, and visualize the growing attack surfaces including APIs they develop themselves and APIs that come from leveraging open-source software, third-party software development kits (SDKs), and public cloud services within their software supply chains.
As we have seen, machine learning, and particularly generative language learning model (LLM), offers a new set of innovations and creativity for both security practitioners and attackers, said Doug Dooley, Data Theorem COO. Data Theorem is pleased to offer the industry’s first CNAPP solution which leverages some of the more useful elements of machine learning combined with run-time analysis, observability, and active protection. Cloud Secure continues to lead the industry as the most application-centric CNAPP offering helping organizations uncover new attack vectors in cloud-native applications and APIs that ultimately prevent large-scale data breaches. ML-powered Hacker Tool Kits and Optimized Cloud Assets, in addition to Cloud Secure’s other advancements in this new release, uniquely protect organizations’ cloud applications in multi-cloud environments.
Cloud Secure now also offers a new UI design that improves the end-to-end CNAPP workflow for organizations with new dashboard, inventory, security testing, and cloud-native protection sections. For example, the Cloud-Native Protection visualization graph with Cloud Abuse highlights priority events, actors, and attack path analysis that uniquely helps organizations diagnose near real-time data breaches and attempts at exfiltration attacks. In addition, Cloud Secure’s Enhanced Compliance Summary section with status and on-demand reporting downloads automates the audit processes to help organizations prove compliance.
Cloud Secure, powered by Data Theorem’s award-winning Analyzer Engine, helps organizations secure their cloud-native applications and address regulatory compliance for cloud monitoring and reporting. It is the industry’s first solution delivering full-stack attack path analysis for cloud-native applications that starts at the client layer (mobile and web), protects the network layer (APIs), and extends down through the underlying infrastructure (cloud services). Its combination of attack path analysis and run-time active protections enables both offensive and defensive security capabilities to best prevent data breaches of cloud-native applications, embedded APIs, and serverless cloud functions.
Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-driven microservices and cloud resources. Its solutions are powered by its award-winning Analyzer Engine which leverages a new type of dynamic and runtime analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation. Data Theorem is one of the first vendors to provide a full stack application security analyzer that connects attack surfaces of applications starting at the client layers found in mobile and web, the network layers found in APIs, and the infrastructure layers found in cloud services.
About Data Theorem
Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world. Data Theorem is headquartered in Palo Alto, Calif., with offices in New York and Paris. For more information visit www.datatheorem.com.
Read More
Data Security
Virtru | October 09, 2023
Virtru, a worldwide leader in data-centric security and privacy, has announced the expansion of its encrypted file-sharing platform, Virtru Secure Share, to integrate with Zendesk. This direct integration enables organizations to safeguard data flow inward and outward within Zendesk without disrupting their current workflows. These integrations are accessible for purchase both from Virtru directly and through the Zendesk app marketplace.
Virtru Secure Share offers top-notch, military-grade encryption and user-friendly experiences for Zendesk users. This integration is especially valuable for customer support teams involved in exchanging sensitive information with partners and customers during client onboarding and support processes.
Jill Emerson, System Administrator and Member of Team Rehabilitation Physical Therapy, stated,
We are in the healthcare sector, and to have that level of advanced data protection in Zendesk, without having to think about it, is invaluable. In between Virtru’s email security and the Virtru Secure Share integration for Zendesk, our most common and high-volume collaboration workflows can remain secure. Secure Share enables us to strike a balance between usability and security, so we can protect the data of our patients and deliver a positive experience at the same time.
[Source – Globe Newswire]
By utilizing Virtru’s user-friendly secure file-sharing features integrated into their familiar business applications, customer service representatives can efficiently assist customers while ensuring compliance with regulatory obligations.
John Ackerly, Co-founder and CEO of Virtru, said,
With this latest Secure Share integration, Zendesk users can now receive and send encrypted files securely with individuals both outside and inside of their organization without compromising the user experience or efficiency.
[Source – Globe Newswire]
He further stated that this is particularly crucial when confidential data must be shared to accomplish tasks. It was also mentioned that this should provide businesses with increased peace of mind, ensuring that their employees and customers maintain complete control of their data at all times.
About Virtru
Virtru empowers organizations worldwide, providing them with the means to harness the potential of data while ensuring control over its storage and sharing. Trusted by over 8,000 global clients, Virtru supports its Zero Trust strategies and safeguards its most sensitive data according to the world’s strictest security standards. As the creators of Trusted Data Format (TDF), an industry standard for persistent data protection, Virtru provides encryption technology for data shared through email, cloud environments, collaboration tools, and SaaS applications.
Read More
Software Security
PR Newswire | October 17, 2023
Axiado, a leading innovator in AI-enabled hardware secure solutions, today announced its readiness to deploy its TCU (Trusted Control/Compute Unit) platform security solution for the world of cloud, 5G and network switching technologies.
"Cloud security is going through an inflection point. Axiado's comprehensive approach to secure platforms at the hardware level and their commitment to collaborative partnerships position them as a key player in shaping the future of this space," said Patrick Moorhead, CEO and Chief Analyst, Moor Insights & Strategy.
Axiado's is responding to today's disruptive market landscape by offering a turnkey solution by showcasing the following key milestones:
Open Compute Project (OCP)-compliant modules: Axiado has launched innovative DC-SCM 2.0 (Data Center Secure Control Module) modules in both horizontal and 1U vertical form factors – an industry first. The portfolio also includes network compute modules (NCMs) to accelerate secure network processing. This offering enables complex hardware interoperability, making it easier and more efficient for engineers to develop and deploy secure solutions.
ODM/OEM strategic partnerships: Axiado has worked closely with ODM/OEM industry leaders to build complete systems integrated with essential security and control features, ensuring that Axiado's solutions meet the full requirements of end customers. Demos of these TCU-based ODM/OEM systems for each of the target applications (cloud, 5G and enterprise switching) will be unveiled at the OCP Global Summit.
Collaboration with trusted firmware players: Axiado is collaborating with industry-leading software companies such as Insyde and AMI, ensuring integration of Axiado solutions into the software ecosystem.
Engagement with the OCP community: Selected by OCP to be part of its new Startup Program, Axiado is actively engaging with the OCP community to introduce a vertical version of DC-SCM2.0 / 1U. In addition, Axiado is adopting Caliptra Silicon root of trust (RoT) as an option on its TCU platform and will demonstrate the use of Caliptra to perform silicon RoT with a CPU host.
Go-to-market acceleration: Turnkey kits, including full software for management and security running on the TCU while interfacing to a host CPU, are available now for proof-of-concept, system integration and key security implementation.
Axiado's mission is to provide engineering excellence and innovative solutions that empower the industries of tomorrow, said Gopi Sirineni, President and CEO, Axiado. We believe that by addressing the complex challenges faced in the cloud, 5G and network switching markets, we are enabling our customers to achieve their goals more efficiently and securely.
Demonstrations at OCP Summit 2023
Axiado, in collaboration with its partners AEI, AMD, Gigabyte, Sanmina, Senao, Tyan, VVDN and Wiwynn, will demonstrate its full platform security solution at the 2023 OCP Global Summit on October 17-19. In addition, at Station 4 at the OCP Experience Center, Axiado will showcase a DC-SCM2.0 demonstration for Caliptra silicon RoT alongside Tyan and AMD.
Supporting Quotes: What Industry Leaders are Saying about Axiado's Platform Security Solution
Harry Soin, Senior Director of Technical Marketing, Advanced Energy
"Employing the latest advances in security is mandatory to protect next generation cloud computing. I've seen Axiado, with its TCU building block, be a good match with our power products to enhance the level of security and protection of our customer's server power systems."
Srivatsan Ramachandran, Vice President and General Manager, Global Strategic Business, AMI
"AMI has been a driving force behind modern compute environments, providing scalability, security, and sustainability. We're thrilled to team up with the cybersecurity innovators at Axiado, integrating AI-infused hardware solutions to embrace the next wave of technological change. Together, we're shaping the future of tech."
Daniel Hou, General Manager, Giga Computing
"The enterprise server market is demanding advanced security features that require a new breed of chip solutions and AI-driven approaches. The Axiado TCU AX2000/AX3000 family offers a fresh and new approach to platform security. Early adoption of innovative technologies like Axiado's will enable a continued leadership position for GIGABYTE with our enterprise customer base."
Stephen Gentile, Chief Marketing Officer, Insyde Software
"As a leading independent firmware supplier, Insyde Software fully understands the evolving security and management landscape and the importance of continual innovation in this area. That's why we are thrilled to collaborate with innovative newcomers like Axiado, ensuring our mutual customers have best-in-class platform security solutions."
Bou Lin, President, Senao
"Our clients consistently express the need for enhanced security protection in our next-generation product line, including enterprise-class top-of-rack switches. By integrating the Axiado TCU into Senao's leading enterprise switches, we can deliver the enhanced security features our clients demand today."
Eric Kuo, Vice President of MiTAC Computing Technology Corporation's Server Infrastructure Business Unit, Tyan Computer Corporation
"TYAN is a strong believer in modularized server systems for enterprise customers as well as cloud service providers. We therefore work closely with silicon players like Axiado to ensure a new wave of platform security solutions can fit well within OCP's DC-SCM2.0 specifications. Our engineering teams collaborate to ensure interoperability between TCU - based DC-SCM and TYAN's industry leading Host Processor Modules."
William Lin, President of Enterprise & Networking Business Group, Wistron Corp.
"Wistron is a key proponent for OCP based initiatives such as DC-SCM as it aligns well with our end customers in the Enterprise and CSP markets. We are therefore excited to look for opportunities to collaborate with chip-level disruptors such as Axiado which complement our go-to-market vision and provide new innovations in platform security.
Steven Lu, Executive Vice President, Wiwynn
"The collaboration between Wiwynn and Axiado signifies a critical leap forward for the cloud service provider and enterprise markets. This shift toward modular systems aligns perfectly with the industry's trajectory and reinforces Wiwynn's position as a Tier 1 player."
About Axiado's TCU
The Axiado AX3000/AX2000 TCUs represent a new category of forensic-enabled cybersecurity processors designed to enhance existing zero-trust models. TCUs combine silicon, AI and data collection, and software into a compact, power-efficient SoC with unique AI functionality explicitly designed for security. The single-chip solution is rooted in real-time and proactive AI with pre-emptive threat detection and comprehensive protection provided by a dedicated coprocessor that allows manufacturers to build safe, secure, and resilient solutions by design and default.
The TCU relies extensively on AI-based real-time threat mitigation with forensic-enabled hardware fingerprints as well as platform monitoring and optimization (clocks/voltages/temperature) using AI and machine learning (ML). The TCU solution includes root of trust (RoT), baseboard management controller (BMC), trusted platform module (TPM), hardware security module, SmartNIC, firewall, and AI and ML technologies.
About Axiado
Axiado is a cybersecurity semiconductor company deploying a novel, AI-driven approach to platform security against ransomware, supply chain, side-channel and other cyberattacks in the growing ecosystem of cloud data centers, 5G networks and other disaggregated compute networks. The company is developing new class of processors called the trusted control/compute unit (TCU) that redefines security from the ground-up: its hardware-anchored and AI-driven security technologies include Secure Vault root-of-trust/cryptography core and per-platform Secure AI pre-emptive threat detection engine. Axiado is a San Jose based company with a mission to protect the users of everyday technologies from digital threats. For more information, go to axiado.com or follow us on LinkedIn.
Read More