SOFTWARE SECURITY

SafeBase Raises $18 Million Series A Round

SafeBase | March 14, 2022

SafeBase
SafeBase, Inc., a smart trust centre that streamlines the security assessment process for B2B SaaS companies, today announced that it has raised $18 million in a Series A round led by global venture capital firm New Enterprise Associates (NEA), with participation from Y Combinator and Comcast Ventures, the corporate venture capital arm of Comcast Corporation. SafeBase has over 100 customers, including Linkedin, Jamf, and Snyk, a cybersecurity firm. The funding will be used to expand the company and hire more employees.

SafeBase is a smart trust centre that allows a company's security posture to be shared and critical document access to be automated. The SafeBase portal gives organizations "self-serve" access, enabling InfoSec teams to understand everything about a company's security programme, shortening the sales cycle and increasing client trust by providing total visibility.

Enterprise adoption of new technologies has traditionally been hampered by security evaluations. As per a recent survey released by TechBeacon, cybersecurity investment would reach $174 billion in 2024, with 69 percent citing regulatory compliance as the key spending driver. Moreover, third-party breaches are growing more prevalent, with 80% of companies reporting at least one breach in the last year. Assessing overall security is critical when considering new corporate technology from a third-party vendor, but it can be a lengthy and time-consuming procedure. SafeBase is built to automate access and deliver security and compliance data for industry standards like GDPR, HIPAA, and SOC2.

Hilarie Koplow-McAdams, Venture Partner, NEA said that "Security reviews are notorious for being disjointed and often complicated—which consequently leads to delayed sales cycles and implementations. SafeBase has developed a long-desired solution that streamlines and automates security reviews within a single platform, giving customers the confidence to make faster decisions for new technology. The product has already displayed impressive market traction and we're thrilled to partner with the SafeBase team as they continue to pioneer the future of vendor security for organizations globally."

Al Yang, CEO, and Adar Arnon, CTO, founded SafeBase after meeting at Harvard and being accepted into Y Combinator's accelerator programme during the Pandemic. Adar served in the Israeli Defense Forces Unit 8200 before to Harvard, therefore the business has excellent engineering teams in both the United States and Israel. Al is a serial entrepreneur who has seen the agony and inefficiencies of vendor security evaluations firsthand. They're on a mission to make the world a better place by enabling organizations with strong security systems to earn a competitive advantage in the sales process.

"At SafeBase, we want all companies, regardless of size or sector, to be able to easily communicate their security posture to the world. We're very proud that the investors at NEA share our vision and want to help us bring it to every company that's serious about building and maintaining trust with its customers."

Al Yang, CEO of SafeBase

SafeBase helps business development and sales teams to expedite security and compliance processes for businesses integrating third-party technology providers, in addition to security and compliance challenges in the sales process. From an organized, interactive dashboard, information security personnel may now view all the data of a company's security programme.

Spotlight

No matter what industry your organization is in or whether your role is concerned with managing employee desktops or implementing a virtualized cloud computing server farm, IT security plays a big role in IT planning and budgeting decisions. Despite large investments in technology and employee expertise, IT security remains a persistent headache with organizations across a spectrum of industries falling victim to attacks. Security spending reflects this increasingly costly threat. eWeek recently cited Forrester research statistics that showed security spending increasing from 8.2% of overall IT budget in 2007 to 14% in 2010.


Other News
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Balbix Announces Cybersecurity Posture Automation Support for Google Cloud Platform

Balbix | November 17, 2022

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the general availability of support for Google Cloud Platform (GCP). Security teams can now use Balbix to easily quantify, prioritize and mitigate risks in their Google Cloud environments. With this announcement, Balbix has also extended its Cyber Asset Attack Surface Management (CAASM) solution to support multi-cloud environments that span both GCP and Amazon Web Services. The rapid move to the cloud has made IT environments more complex to manage and secure. As a result, security teams struggle to get a consolidated view of risk. Yet, 63 percent of organizations say they look at security posture in the cloud separately from on-premises, according to Cybersecurity Insiders' 2002 State of Security Posture Report. "Our customers' environments can include over 1 million assets, spread across multiple clouds and their own facilities. Managing an attack surface this large is no longer a human-scale problem. "With Balbix's new support for GCP, our customers can use automation to manage cybersecurity posture across more of their environment." Gaurav Banga, Founder and CEO of Balbix Cyber Security Posture Automation for Google Cloud Platform Balbix now provides support for popular Google Cloud services, including Compute Engine, Cloud Storage, Cloud SQL, Google Kubernetes Engine (GKE) Cluster & Deployments, Cloud Functions, Cloud Key Management Service (KMS), Pub/Sub and Secret Manager. As a result, Balbix customers with Google Cloud environments can use automation and advanced analytics to: Get comprehensive, near real-time visibility of their Google Cloud assets. Combine data from Google Cloud with their other IT and security tools to gain security and business context for their assets. Discover misconfigurations – the most exploited attack vector for the cloud – as well as unpatched software vulnerabilities, weak credentials and trust issues. Measure risk in terms of breach likelihood and business impact in order to prioritize remediation. Calculate and report on cyber risk quantified in dollars (or other currencies) instead of risk scores Cyber Asset Attack Surface Management for Multi-Cloud Environments The addition of support for GCP extends Balbix's CAASM solution to multi-cloud environments. Security practitioners no longer need to use multiple tools or combine data manually from these tools in a custom spreadsheet to understand their security posture. They can see the relationships between assets, applications and users no matter where the assets are in the cloud or on-premises. They can also identify any gaps in coverage for security controls. Balbix provides more than just visibility. Unlike other vendors, Balbix combines CAASM with Risk-Based Vulnerability Management (RBVM) and Cyber Risk Qualification (CRQ) solutions so security teams are able to immediately take action to reduce their cyber risk. They can continuously identify, prioritize and mitigate security issues as they emerge, while quantifying and tracking residual cyber risk in dollars. Daily cybersecurity decisions – operational as well as executive – can be made using a unified and up-to-date view of cyber risk. "By adding support for Google Cloud, Balbix has broadened its risk model to be inclusive of multiple public cloud platforms and allowed organizations to better measure their overall cyber risk," said Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. "Customers can leverage this unified risk model to quantify cyber risk by business unit, geography, site, asset type or business owner – and quickly remediate those risks." The API-based Balbix Connector for Google Cloud Platform collects asset inventory and misconfiguration data and is available now. Visibility into other types of vulnerabilities is provided by optional Balbix sensors. These sensors also catalog the software bill of materials (SBOM) of applications running in GCP. Data collected by Balbix connectors and sensors is automatically deduplicated, correlated and inferenced to provide security teams with an accurate and unified view of risk. About Balbix Balbix enables businesses to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. Our SaaS platform, the Balbix Security Cloud™, ingests data from businesses' security and IT tools so they can understand every aspect of their cybersecurity posture, build a unified cyber risk model and obtain actionable insights for risk reduction. With Balbix, businesses can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions.

Read More

SOFTWARE SECURITY

Keeper Security Releases iOS Updates for One-Time Share and Siri Shortcuts

Keeper Security | December 15, 2022

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, today announced their latest iOS updates which include integration of the One-Time Share feature, which enables secure record sharing on a time-limited basis, using Keeper's zero-knowledge encryption and zero-trust security model. Keeper also now integrates with Siri Shortcuts, providing users with a quicker way to control their Keeper Password Manager. Keeper One-Time Share is the easiest and most secure way to send confidential information to a friend, family member or co-worker without exposing sensitive information over email, text or other forms of messaging. One-Time Share links are restricted to the recipient's device and automatically expire at a time of the Keeper user's choosing. One-Time Share records can only be used on one device. Even if the user forgets to unshare the record, it will expire automatically, and the recipient's access will be revoked. With Siri Shortcut integration, users will be able to quickly get things done on Keeper's Password Manager by asking Siri. "Keeper is thrilled to provide iOS users with this rich feature set that maximizes the security capabilities of their iOS devices, With One-Time Share, iOS users can securely share critical information, whether that's a family sharing their WiFi password with a friend or a security system code with a houseguest. Additionally, Siri integration allows users to control Keeper more easily with voice commands." Craig Lurey, CTO and Co-founder of Keeper Security. About Keeper Security: Keeper Security is transforming the way people and organizations around the world secure their passwords, secrets and confidential information. Keeper's easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations globally, Keeper is the leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

ENTERPRISE IDENTITY,PLATFORM SECURITY,SOFTWARE SECURITY

Bearer Launches Data-First Security Solution

Bearer | November 15, 2022

Bearer, the data-first security software company, today announced the general availability of the Bearer Data Security Platform. Based on extensive interviews with more than 130 enterprise CISOs at high-growth and global 2,000 companies, Bearer is in beta use across multiple industries with one customer protecting the private data of more than 75 million medical patients. “At Bearer, we strongly believe the best approach for a data-first security approach is to start at the beginning of the journey, following the shift-left security trend. “Data-first security should start in the code. And to be truly effective, it should never impede developers and never allow access to private data itself while still providing ownership context and protecting against vulnerabilities created in the business logic of an application or service.” said Guillaume Montard, CEO and co-founder of Bearer Why Bearer Data Security Platform Now Data security is becoming a top priority for businesses, with customers and governments demanding better data protection driven by the demands of GDPR, CCPA, PDPA and more. Bearer’s detection engine protects PD, PHI, PII and financial data. Cloud native organizations have more complex and fragmented architectures than ever before, making properly-implemented data security risk controls impossible without a proper solution. More than two-thirds of the enterprise 2,000 are focusing on cloud-native applications. DevSecOps is gaining huge traction. 57% of security teams have shifted security left already or are planning to this year, making them ready to use a solution such as Bearer. Bearer has been tested on more than 20,000 open source software projects as well as more than 6,000 data repositories at beta users, partners and early customers. The Bearer Data Security Platform Bearer is a SaaS platform that enables scalable deployments and workflow automation for security management. It discovers sensitive data flows automatically by continuously scanning source code and associated metadata. By monitoring data security risks proactively, it can automatically detect gaps within data security policies during coding and in production. Finally, it can remediate data security issues at a massive scale, giving developers immediate actionable advice on how to mitigate as well as prioritize an issue. Bearer accomplishes these results through three major innovations: Identification of data security risks – Including business logic flaws: Bearer pinpoints data security technical and business logic flaws in code before it’s too late and costly to correct. It then provides actionable context and ownership information to fix issues quickly – in minutes. Before Bearer, pinpointing business logic flaws could only be achieved manually – often left ignored. Frictionless deployment: Bearer is a data security SaaS solution that fits into the development cycles of Global 2000 enterprises without requiring any changes to how software engineering teams work. Additionally, Bearer does not require access to the underlying source code nor the sensitive data itself. Extreme automation: Designed by developers for developers in a world of constant code iterations, Bearer automates the burden of data security compliance for software engineers so they don’t have to become experts on data security regulations across different global markets. Security and compliance teams love how Bearer prioritizes the most critical issues in remediation workflow to allow for speedy resolution between security and development. About Bearer Bearer, the data-first security software company, pioneered a solution for developers to automatically detect sensitive data flow and data security risks while coding. Its policy engine proactively monitors data security policies before releasing code and its unique remediation workflow prioritizes the most critical issues – including business logic flaws – for quick resolution between security and engineering teams. Venture-backed with more than $8 million in seed financing, Bearer is used in markets where privacy protection and data security are business-critical, including eCommerce, financial services, and healthcare.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Safe Security Launches First Cybersecurity MGA to Underwrite Cyber Insurance Based on Continuous “Inside-Out” Cyber Risk Telemetry

Safe Security | December 19, 2022

Safe Security Inc., global leader in cyber risk quantification and management (CRQM), today launched SafeInside Insurance, the first cybersecurity Managing General Agent (MGA) leveraging API-based cyber risk telemetry and quantified insights to underwrite cyber insurance. Backed by an AM Best “A-rated” carrier and panel of prominent, global reinsurance partners, SafeInside is introducing dynamic insurance policies for companies hosted in one or a combination of the leading public cloud service providers and leading SaaS solutions. For example, Amazon Web Services, Microsoft Azure and Microsoft Office 365, Google Cloud Platform and Google Workspace, Salesforce, and Zoom. “Safe Security is thrilled to become the world’s first MGA for cyber insurance using actual cyber telemetry for underwriting. Our vision is to establish a new, de-facto industry standard for how cyber insurance is underwritten, and to provide more transparency between the investment in cybersecurity and cyber insurance. “We are paving the way for a sustainable, profitable cyber insurance ecosystem based on trust and certainty for all stakeholders. Safe Security looks forward to helping insurance buyers get the right cyber insurance policy at the right price for their organization’s specific requirements, as well as assisting brokers and underwriters make more informed decisions and dynamically adjust their portfolios.” Saket Modi, co-founder and CEO, Safe Security The underwriting process through SafeInside takes less than 20 minutes to assess an organization. All insureds also receive access to the SAFE CRQM platform, winner of the 2022 CISO Choice Award for Risk Management, which simultaneously accumulates signals using APIs from existing cybersecurity products, external threat intelligence, and business context to provide unprecedented visibility into possible areas of cyber exposure, and the exact financial risk associated with those cyber exposures. With an objective of improving underwriting standards across the industry, Safe Security will also provide access to its cyber risk quantification platform to other carriers and reinsurers. Safe Security recently announced a partnership with Mosaic Insurance to offer real-time cyber risk evaluation. “Safe Security’s inside-out approach is differentiated from existing market offerings by focusing on the most common techniques used by attackers and examining how attackers think and behave, not how internal IT teams think they behave,” added Steven Schwartz, VP of Insurance Strategy and Underwriting, Safe Security. “This approach removes subjectivity, allowing companies to answer questions about their security controls with precision instead of guess work, at all times. We are working with the entire insurance ecosystem to improve the standards of cyber underwriting.” About Safe Security Safe Security Inc. is a leader in cyber risk quantification and management (CRQM), with a mission to build a safer digital future. Safe Security’s CRQM platform – SAFE – enables organizations to manage cyber risks in real-time. Its platform automatically collects signals from inside and outside a company’s environment to give the company-specific cyber risk rating, or SAFE Score, the financial impact of a potential breach, and an action plan. This enables organizations to have a common language across teams - from the board all the way down to an analyst - to align with a consistent risk metric. Other benefits include justifying investments in cybersecurity and purchase of cyber insurance for the organization.

Read More

Spotlight

No matter what industry your organization is in or whether your role is concerned with managing employee desktops or implementing a virtualized cloud computing server farm, IT security plays a big role in IT planning and budgeting decisions. Despite large investments in technology and employee expertise, IT security remains a persistent headache with organizations across a spectrum of industries falling victim to attacks. Security spending reflects this increasingly costly threat. eWeek recently cited Forrester research statistics that showed security spending increasing from 8.2% of overall IT budget in 2007 to 14% in 2010.

Resources