DATA SECURITY

Salt Security to Launch Salt Labs to Increase Global Awareness of API Security Threats

Salt Security | July 16, 2021

The leading API security company, Salt Security, has announced today the launch of a now-public forum for publishing research on API vulnerabilities, Salt Labs. It will be a resource for enterprises looking to harden infrastructure against API risk through its vulnerability and threat research and industry reports. In addition, advancing the operation of Salt Security to offer complete API security and accelerate business improvement by making APIs attack-proof will also be a basis of more widespread public consciousness of API safety threats.

API security concerns are a significant inhibitor of business modernization. For example, 66% of establishments have delayed the placement of a new application because of API security anxieties, according to the Salt Security State of API Security Report. To counter these concerns, Salt Labs will provide research and reports that organizations can use to progress their API security pose and alleviate threats affecting API-centric businesses.

Several API security gaps are highlighted in today's inaugural vulnerability research at a large financial institution. Salt Labs researchers identified inadequate authorization for function access, susceptibility to parameter tampering, insufficient data access, and improper input filtering across the financial platform used by thousands of financial partners and customers. The Salt Labs researchers exploit these vulnerabilities to demonstrate that:

1. Any user could launch an application-level denial of service attack that would render entire applications unavailable.
2. Any user could read any financial records of any customer, despite lacking the proper authorization.
3. Any user could tamper with authentication parameters and take over any account.
4. Any user could delete any customer's user accounts across the financial platform.

About Salt Security

Salt Security was originated in 2016 by alumni of the Israeli Defense Forces (IDF) and serial businessperson executives in the cybersecurity field and is based in Silicon Valley and Israel. Salt Security protects the APIs that form the core of every new application. Its API Security Platform is the industry's first patented solution to stop the next generation of API attacks, using machine learning and AI to mechanically and unceasingly recognize and protect APIs.

Spotlight

Today’s technologies are valued for their convenience. But this comes at a price; new technologies introduce devastating risks to the privacy, security and integrity of company data.  With no organization immune to security threats, niche skill sets are in high demand and there is a massive shortage of qualified security professionals.  Since in-house resources are limited at many organizations, IT leaders should consider partnering with service providers that demonstrate three key principles.


Other News
DATA SECURITY

Years of Growth Lead to Covail Acquisition by Cybersecurity Firm GoSecure

Covail | December 23, 2021

Covail, a Columbus-based cybersecurity and digital optimization firm founded by Central Ohio’s largest companies, is being acquired by a leading Managed Detection and Response firm. Covail announced today that it has agreed to be acquired by cybersecurity and managed detection and response (MDR) services provider GoSecure. The transaction is estimated to close in December 2021. Terms of the acquisition were not disclosed. “Since our founding six years ago as the Columbus Collaboratory, our goal has been to find ways to leverage collaboration to deliver successful AI, cybersecurity and cloud-based software solutions to our Fortune 500 clients,With this acquisition by GoSecure, our clients will now have access to an even broader set of capabilities and expertise thanks to our ability to leverage GoSecure’s class-leading capabilities and solutions. This will also help to further accelerate market penetration for our leading-edge security products and AI capabilities.” Covail CEO Matt Wald Covail, as Columbus Collaboratory, was born out of the aspiration of seven of the largest companies in central Ohio – American Electric Power (AEP), Battelle, Cardinal Health, Huntington Bank, L Brands (now Bath & Body Works), Nationwide, and OhioHealth – in partnership with One Columbus. The goal of the endeavor was to solve common automation, AI, and cybersecurity challenges across multiple industries. “The diversity and maturity of these founding companies made Covail the innovative, value-driven, solutions partner that it is today”, said Michael Krouse, SVP of Strategy and Transformation at Ohio Health and Chairman of the Covail Board. “Covail accelerated the cybersecurity and AI capabilities of the founding companies, upskilled critical tech talent for the region, and built a high-growth company that contributed to our region’s economic growth engine. It’s exciting to be able to leverage this strategic relationship to secure Columbus as the Midwest’s premier cybersecurity hub.” Through its ecosystem of collaborators and commercial partners, Covail’s technology teams executed over 1,000 engagements and collaboration sessions that solved complex business challenges using machine learning and the latest cyber defense practices. The firm’s work attracted top technology talent to the region, Wald said, and led to the development of software products that enabled advanced cyber threat detection and continuous risk management. GoSecure is a recognized cybersecurity leader and innovator. The company is the first and only to integrate endpoint, network and email threat detection into a single Managed Detection and Response (MDR) service. GoSecure plans to leverage Covail’s talent, proprietary technology, and client relationships to build a regional presence in Central Ohio that will help accelerate its momentum in the US market. GoSecure’s access to technology talent and partnerships made Columbus an attractive, economically viable location for a cybersecurity hub, Wald said. Wald said partnership with the original companies in the Covail firm will continue, along with an expansion to additional businesses with the goal of making Central Ohio a major U.S. cybersecurity operations center. About Covail Covail™ is a trusted solutions partner, enabling organizations to optimize through Intelligent Operations solutions that lower total risk and cost for key business functions, equipping them to transform from a position of strength. Since 2015, Covail’s experts in Cybersecurity, Artificial Intelligence (AI), and Automation have been delivering business results for leading Fortune 500 companies across industries. Trustworthy, Intelligent Operations. Accelerated. Learn more at covail.com. About GoSecure GoSecure is a recognized cybersecurity leader and innovator, pioneering the integration of endpoint, network, and email threat detection into a single Managed Detection and Response service. The GoSecure TitanTM platform delivers predictive multi-vector detection, prevention, and response to counter modern cyber threats. Titan MDR offers a detection to mitigation speed of less than 15 minutes, delivering rapid response and active mitigation services that directly touch the customers’ network and endpoints. For over 10 years, GoSecure has been helping customers better understand their security gaps and improve their organizational risk and security maturity through MDR and Advisory Services solutions delivered by one of the most trusted, skilled and experienced teams in the industry.

Read More

PLATFORM SECURITY

OccamSec Unveils Revolutionary Cybersecurity Platform Set to Change the Industry

OccamSec | May 04, 2022

OccamSec, a leading cybersecurity provider, announced today the launch of their Incenter platform. Incenter identifies the security weaknesses an organization has in real-time, and helps teams develop insights and communicate business context from a security perspective. For today's organizations, the threat landscape is constantly evolving. Penetration testing and vulnerability scanning can help, but with new vulnerabilities and exploits found all the time, infrequent testing means risk data may be outdated. At the same time the industry is trending towards slicing the solution ever thinner, which means costs keep increasing. Incenter combines the functionality of a range of security services in one single solution. The platform provides, in real time, where an organization is vulnerable, and just as critically, what the impact will be if an attack occurs. Incenter utilizes a dual approach. It combines the best in technology with advanced automated testing, and the best in people with OccamSec's security team. Supported by vulnerability research and a threat intelligence team, the burden on clients having to buy multiple services is eliminated. Users have the ability to generate reports that compile real-time information with the touch of a button, rather than waiting for a timed report to be generated. Incenter also provides step-by-step guidance on how to mitigate any risks that are identified, with the tools an organization already has which means no hidden costs. Incenter combines the functionality of a range of security services in one single solution: Manual Penetration Testing Penetration Testing as a Service (PTaaS) Automated Security Validation (ASV) Vulnerability Scanning External Attack Surface Management (EASM) Crowd Source Penetration Testing Threat Intelligence This provides a single source of truth on the exposures an organization faces. Improving the effectiveness of any security team, regardless of size, and at the same time breaking organizations out of ever increasing cyber security expenditure. The platform's focus on the unique business context of each organization means that security teams no longer have to trudge through 1000's of scan findings or determine how relevant a penetration test finding is and how to fix it. At the same time from the dashboard, management can see a high level summary of their organization's exposure, the likelihood of a breach, and how much it's going to cost them. "Over the years we have seen what works, what doesn't and where the gaps are," says OccamSec founder Mark Stamford. "The biggest gap is organizations needing more and more tools and services to effectively secure themselves. The key to effective security is joining the dots, not having ever more dots scattered in ever more places. With Incenter we have combined the talents of our security team and their expert knowledge, with a technical solution that is unrivaled. The result is a win for our clients, regardless of size." About OccamSec OccamSec is a leading provider in the world of cybersecurity. Its clients rely on them to provide information security services that exceed current industry standards. OccamSec provides accurate, actionable information to reduce risk and enable better informed decisions. Its unique end-to-end solutions detect, identify, respond, and protect in order to maximize the effectiveness of security programs.

Read More

ENTERPRISE SECURITY

M.C. Dean launches Enterprise Security SaaS

M.C. Dean | March 25, 2022

M.C. Dean, a leader in cyber-physical solutions and systems integrator for enterprise-class security systems, today announced the launch of its Enterprise Security software as a service (SaaS) on AWS commercial and GovCloud. "Our Enterprise Security SaaS offering provides integrated access control, intrusion detection, and video surveillance managed services with the ease, flexibility, and resiliency of the cloud." Eric Dean, M.C. Dean chief technology officer M.C. Dean's fully managed Enterprise Security SaaS runs on high availability AWS Cloud with leading commercial-off-the-shelf security systems combined with 24x7x365 service monitoring and customer support. The service supports web-based and client software access with enterprise-level system integrations such as single sign-on and standard or custom options. Flexible & Resilient: Benefit from cloud-enabled system self-restoration and managed database capabilities. Automated deployments can build and rebuild systems within seconds. Active directory integrations provide secure, seamless access. Take advantage of centralized support for low-cost, high-performance nationwide installation and maintenance. Highly Secure: Enterprise Security SaaS is designed to meet FedRAMP, FICAM, and other industry requirements. Keep application data separate and secure while accelerating cybersecurity authorizations for commercial and government clients. Time & Cost Effective: Replace costly CapEx with utility-based pricing and immediate availability. Streamline setup costs and timelines, while reducing the price per site and device. About M.C. Dean M.C. Dean is Building Intelligence®. We design, build, operate, and maintain cyber-physical solutions for the nation's most recognizable mission-critical facilities, secure environments, complex infrastructure, and global enterprises. The company's capabilities include electrical, electronic security, telecommunications, life safety, automation and controls, audio visual, and IT systems. M.C. Dean is headquartered in Tysons, Virginia and employs more than 5,100 professionals who engineer and deploy automated, secure, and resilient power and technology systems; and deliver the management platforms essential for long-term system sustainability.

Read More

DATA SECURITY

Futurex Named a Leader in Hardware Security Modules by ABI Research

Futurex | February 25, 2022

Futurex receives top scores for cloud HSM service and strong cloud integration, extensive payment HSM platform, richest features, customer flexibility BULVERDE, Texas, February 24, 2022 — ABI Research, global technology intelligence firm, today named Futurex a leader in hardware security modules (HSMs). In its latest Hardware Security Module: OEM competitive assessment report, ABI Research gave Futurex, a leader in enterprise-class data security solutions, high scores for its cryptography-as-a-service options, extensive payment HSM offerings, rich features, hybrid deployment options, and customer flexibility. “The HSM market is changing rapidly. This is propelling highly flexible HSM offerings that can scale easily and adapt quickly to emerging demands,” the report by ABI Research reads. “Futurex showcases an extensive payment HSM platform with strong cloud integration and service availability, enabling it to carve itself a particularly successful niche in the HSM market which it is actively expanding.” “We are honored to be recognized by ABI Research as a leader in the HSM space,” said Ryan Smith, vice president, global business development, at Futurex. “Our four decades of HSM R&D, in-depth knowledge of enterprise security needs, and being the first in industry to offer cryptography-as-a-service, have made us the trusted HSM partner for the world’s largest enterprises.” Putting Innovation and Customers First ABI Research’s report highlights Futurex’s commitment to innovation by recognizing the operational flexibility and application versatility its HSMs have to offer. The report also noted that Futurex is the only company offering the same suite of features with its cloud HSM as with its on-premises hardware. With multiple payment HSM vendors currently going through end-of-life processes with their HSMs, organizations are looking for options including migrating their infrastructures to the cloud without changing any application code. As organizations look for robust security while optimizing costs with OPEX models, many turn to Futurex’s VirtuCrypt Cloud Payment HSM for their cryptographic needs. About Futurex For more than 40 years, Futurex has been a trusted provider of hardened, enterprise-class data security solutions. More than 15,000 organizations worldwide, including financial services providers and corporate enterprises, have used Futurex’s innovative hardware security modules, key management servers, and enterprise-class cloud solutions to address their mission-critical systems, data security, and cryptographic needs. This includes the secure encryption, storage, transmission, and certification of sensitive data. For more information, please visit futurex.com.

Read More

Spotlight

Today’s technologies are valued for their convenience. But this comes at a price; new technologies introduce devastating risks to the privacy, security and integrity of company data.  With no organization immune to security threats, niche skill sets are in high demand and there is a massive shortage of qualified security professionals.  Since in-house resources are limited at many organizations, IT leaders should consider partnering with service providers that demonstrate three key principles.

Resources