DATA SECURITY

Palo Alto Networks Launches Complete Zero Trust Network Security

Palo Alto Networks | May 22, 2021

Palo Alto Networks, a leader in the Forrester Wave Zero Trust eXtended Ecosystem Platform Providers, Q3 2020, today introduced five key innovations that make it easier for patrons to adopt Zero Trust across their network security stack.

Today's introductions of SaaS Security, Advanced URL Filtering, DNS Security, Cloud Identity Engine, and new ML-Powered Firewalls allow organizations to simply and effectively implement Zero Trust Network Security with four key benefits:

• Secure access to the proper applications: the primary integrated Cloud Access Security Broker (CASB) that permits customers to proactively extend secure access to all or any SaaS applications, including those never seen before.

• Secure access for the proper users: The industry's first Cloud Identity Engine allows customers to simply authenticate and authorize their users across enterprise networks, clouds, and applications, regardless of where their identity stores live.

• Enhanced security: The Advanced URL Filtering service offers industry-first prevention of zero-day web attacks with inline machine learning capabilities. The expanded DNS Security capabilities prevent emerging DNS attacks that no other solution protects against.

• Making secure access universally available: These new capabilities are designed to be available on all firewall form factors: hardware, software, and cloud-delivered, making safe access universally available, no matter where users are located. additionally, to the prevailing firewalls, these innovations will run on new ML-Powered Next-Generation Firewall models to enable Zero Trust Network Security across your enterprise — from the littlest branch offices (with the PA-400 Series) to the most important campuses and hyperscale data centers (with the PA-5450 platform).

Most of the hardware and every one of the new features are going to be available in June. the littlest desktop firewall, the PA-410, is going to be available in late summer.

About Palo Alto Networks

Palo Alto Networks, the worldwide cybersecurity leader, is shaping the cloud-centric future with technology that's transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the newest breakthroughs in AI, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision may be a world where every day is safer and safer than the one before.

Spotlight

"ertificate-based network authentication can be a powerful first step towards a safer, more agile business.  This paper explains how it works and how it compares to other leading identity and access management solutions.

Organisations now have to deal with customer data transiting to the cloud, employees bringing their mobile devices to work (and expecting them to be accepted) and hackers looking to score the next big information leak.

This white paper will assist organisations in creating a best practice based information security strategy and demonstrates how investing in certificate-based network authentication can be a powerful first step towards a safer, more agile business. It explains certificate-based network authentication, how it works and how it compares to other leading identity and access management solutions."


Other News
DATA SECURITY

Menlo Security Cloud Security Platform Now Available in the AWS Marketplace

Menlo Security | March 01, 2022

Menlo Security, a leader in cloud security, today announced that the Menlo Cloud Security Platform is now available in the AWS Marketplace. Amazon Web Services (AWS) customers now have access to Menlo Security’s isolation-powered platform that eliminates malware threats, connects users to the enterprise applications from anywhere, and scales elastically to meet user demand. Detecting and responding to today's sophisticated threats using yesterday's legacy security tools doesn't work. The Menlo Cloud Security Platform, powered by a patented Isolation Core™, proactively prevents malware threats from reaching workers without sacrificing the user experience. With 75% of work happening in the browser every day, the browser has quickly become the primary attack surface for threat actors, ransomware, and other attacks. Menlo Security recently identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employing techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. “Our goal is to ensure our partners and customers are able to access and deploy the Menlo Security cloud security solution on their terms and on their timeline, Today’s threat landscape is constantly evolving and becoming more sophisticated as our recent discovery of HEAT attacks demonstrates. Having our cloud security solution available in the AWS marketplace enables our channel partners to transact and seamlessly support their customers and protect their employees and networks through the AWS Consulting Partner Private Offers (CPPO) program.” Sanjit Shah, head of strategic alliances for Menlo Security Key features of the Menlo Cloud Security Platform include: Centralized Platform - cloud-native platform which prevents malware from reaching users, eliminates the need for multiple appliances, and gives IT managers one interface to navigate. Elastic Isolation Core - The patented Isolation Core™ protects against known/unknown threats and isolates them before they reach users. Zero Trust isolation provides 100% protection without special software or plug-ins, so users don't experience negative impacts or interruption. Elastic Edge - Built to scale globally on demand. It dynamically scales to meet enterprise-level growth-over 3M users-with no performance hit and is easily extendable with a rich set of APIs and integrations. About Menlo Security Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. The company is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase. Menlo Security is headquartered in Mountain View, California.

Read More

SOFTWARE SECURITY

LeanIX Announces Cloud Security Alliance Membership

LeanIX | March 11, 2022

LeanIX , the platform to plan and manage continuous transformation across the enterprise, today announced its membership in the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. LeanIX is published on CSA's Security, Trust, Assurance, and Risk (STAR) Registry, a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. The company has maintained STAR Level ONE status on the registry since September 2020 and is now a registered SaaS Solution Provider with CSA. LeanIX builds information technology tools that promote a culture capable of navigating all types of change, both planned and unexpected. Its enterprise-ready, secure, and trusted SaaS platform supports the needs of leading companies around the world by providing the data, insights and common language needed to master software complexity. Whether rationalizing IT landscapes, preparing for a major technology migration, enabling flexible approaches to SaaS management, or mapping value streams from code to customer, LeanIX is the trusted partner for turning change into a competitive advantage. "SaaS depends on trust. We believe transparency around the protection of customer data and everything we do to ensure compliance and system availability helps build that trust. As proud CSA members, we share the organization's commitment to ensuring a trusted and secure cloud computing environment." LeanIX Co-founder and CEO André Christ "Publishing and maintaining Level ONE status on the STAR Registry is a testament to LeanIX's relentless commitment to information security, and we're thrilled to have the company as a member of the CSA," said Jim Reavis, CSA co-founder and CEO. "As a newly registered SaaS Solution Provider, our continued work with LeanIX will help promote excellent security practices and build on the foundation of trust for customers and the greater marketplace." About the Cloud Security Alliance The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA's activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. About LeanIX LeanIX's Continuous Transformation Platform® is trusted by Corporate IT and Product IT to achieve comprehensive visibility and superior governance. Global customers organize, plan and manage IT landscapes with LeanIX's automated and data-driven approach. Offering SaaS for Enterprise Architecture Management, SaaS Management, and Value Stream Management, LeanIX helps organizations make sound decisions and accelerate transformation journeys. LeanIX has hundreds of customers globally, including Adidas, Atlassian, Bosch, Dropbox, Santander or Workday. The company is headquartered in Bonn, Germany, with offices in Boston, Hyderabad and around the world.

Read More

DATA SECURITY

ContraForce Announces $2M Seed Investment from DataTribe

ContraForce | December 28, 2021

DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies, announced today a $2M seed investment in ContraForce, a leader in no-code security automation for small and medium-sized businesses. ContraForce delivers a no-code security automation platform that makes cyber security accessible for small and medium-sized businesses that lack the resources and expertise to defend themselves. In addition, ContraForce also brings this facility to security compliance; a critical feature, as customers, regulators and insurance companies are putting increasing pressure on small and mid-sized organizations to not only be secure, but also to prove it. No longer is it acceptable for smaller organizations to be a step behind in their security and compliance. Hackers are increasingly targeting them for ransomware or as an entry point into a supply chain. Because small businesses typically have limited resources to cope with a cyber attack, cyber attacks can represent an existential risk for them. ContraForce enables small and mid-sized businesses to manage this risk with their easy-to-use, self-service platform to automate threat detection, response, and compliance. “We are thrilled to announce DataTribe's most recent investment in ContraForce on the heels of the company winning the fourth annual DataTribe Challenge,” said John Funge, Managing Director at DataTribe. “By providing a sort of security and compliance ‘easy button’, ContraForce is filling a really significant gap. Just because an organization is small does not mean that it does not possess vital data, IP, or access to strategic networks. It is paramount that smaller organizations overcome the resource barriers to robust security. ContraForce’s unique approach dramatically lowers these barriers.” “I am looking forward to working with DataTribe as we build on the ContraForce team's passion for simple and effective cybersecurity solutions designed for the needs of small and medium-sized businesses,” Stan Golubchik, CEO and co-founder of ContraForce ContraForce’s security and compliance solutions map security vulnerabilities to the industry standard MITRE ATT&CK framework. They create and adapt security detection and response capabilities in real-time, ensuring the environment is secured in hours across the cloud, network, endpoint, and users. By using ContraForce, an organization without dedicated security personnel can respond to threats without having to learn or write complex security detection code and response workflows. About DataTribe DataTribe is a startup foundry that invests in and co-builds world-class startups focused on generational leaps in cybersecurity and data science. Founded by leading investors, startup veterans, and alumni of the U.S. intelligence community, DataTribe commits capital, in-kind services, access to an unparalleled network, and decades of professional expertise to give their companies an unfair advantage. DataTribe is headquartered in the Washington-Baltimore metro area, in Fulton, Maryland. About ContraForce ContraForce is the new no-code security automation company. We focus on securing the small and medium-sized businesses by helping their security and IT teams work smarter, allowing them to implement automated operations that are effective in combating cyberattacks and demonstrating compliance. ContraForce is headquartered in McKinney, Texas and was founded and built by industry security and cloud experts from Armor, McAfee, and Intel. ContraForce's mission is to empower IT and Security teams and enable them to be more efficient.

Read More

SOFTWARE SECURITY

Contrast Security Introduces Cloud-Native Automation

Contrast Security | April 23, 2022

Contrast Security , the leader in code security that empowers developers to secure-as-they code, today announced the introduction of cloud-native automation for users leveraging Red Hat OpenShift, the industry's leading enterprise Kubernetes platform. Red Hat OpenShift users can now deploy containerized applications with embedded security features within a native continuous integration and continuous delivery (CI/CD) pipelines. This enables Red Hat OpenShift users to retain scalability, while adding automated security testing and protection as a routine part of the software delivery process. These added capabilities result in minimized manual configuration, reduction in additional overhead costs, and overall security efficiencies. Contrast enables customers to continuously monitor OpenShift applications at runtime to deliver the most actionable results without requiring AppSec teams to waste hundreds of hours validating results and causing delays for developers. "Unfortunately many organizations lack the means to implement scalable security gates within their CI/CD pipelines, which translates to insecure code being shipped across distributed cloud environments. Contrast helps these teams drive their DevSecOps transformation with automation at scale. These new capabilities are another component to Contrast's overall mission of ensuring developers are empowered to embed security capabilities within their environments without imposing additional work on them. We want to make security a value-add for everyone." Sanjay Ramnath, Vice President of Product Management at Contrast Security Contrast enables Red Hat OpenShift users to benefit from the following capabilities: Source-to-Image Deployment: Cloud developers can embed Contrast's Assess and Protect agents into their source code image to implement continuous vulnerability detection with runtime context and help protect their apps from targeted attacks in production. CI/CD Jenkins Pipelines: AppSec teams can trigger automated security tests within native Jenkins pipelines and establish security policy gates to mitigate potential vulnerabilities. Alternatively, users can also automate in their Jenkins CI/CD pipelines by pulling the agent from Contrast. OpenShift Pipelines via Tekton: Contrast provides OpenShift users with automated tasks that can be used to create repeatable pipeline templates within OpenShift Pipelines environments. APIs provided by the Contrast Secure Code Platform help initiate automated vulnerability static scanning at build time and instrument applications for security telemetry from within prior to deployment. The Contrast Secure Code Platform is available today with support for Java, .NET, and Node.js applications. About Contrast Security Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Read More

Spotlight

"ertificate-based network authentication can be a powerful first step towards a safer, more agile business.  This paper explains how it works and how it compares to other leading identity and access management solutions.

Organisations now have to deal with customer data transiting to the cloud, employees bringing their mobile devices to work (and expecting them to be accepted) and hackers looking to score the next big information leak.

This white paper will assist organisations in creating a best practice based information security strategy and demonstrates how investing in certificate-based network authentication can be a powerful first step towards a safer, more agile business. It explains certificate-based network authentication, how it works and how it compares to other leading identity and access management solutions."

Resources