DATA SECURITY,SOFTWARE SECURITY
Normalyze | August 24, 2022
Normalyze, a data-first cloud security platform, today announced that Corelight, the leader in network detection and response (NDR) technology, has adopted the Normalyze data-first cloud security platform to automate data discovery and classification across all of its cloud data.
Corelight provides security teams with network evidence so they can protect the world's most critical organizations and companies. Corelight's customers include Fortune 500 companies, major government agencies, and large research universities.
Modern data security is so complex that even sophisticated security companies like Corelight require external support to remain diligent and comprehensive in their security strategies. Prior to implementing Normalyze, Corelight struggled with a lack of comprehensive visibility into the locations of their sensitive data and business-technology assets, as well as configurations of their cloud access points.
To get this information, Corelight Chief Information Security Officer (CISO) Bernard Brantley and his team had to manually gather data from the engineering, operations, and application teams, and scour access logs and security and operations dashboards. With Normalyze, Brantley achieved a more comprehensive cloud data security posture.
"Normalyze's data-centric vision mirrored my long-term data security vision perfectly," said Brantley. "That vision is to have comprehensive situational and structural awareness, specifically regarding context, about how that awareness supports better security decision-making. There are two critical questions that Normalyze solves: do I know where everything resides and how the systems are configured? And, do I clearly understand the risks facing that data and those systems? Normalyze gives me the confidence that we have that full visibility."
Following the deployment of Normalyze, Corelight achieved the following:
Identified the locations of Corelight's sensitive data in minutes, and spotted data in areas they did not anticipate. This utilizes the Normalyze Graph and one-pass scanner, which connects all enterprise data with its associated assets, identities, and their access to that data, as well as misconfigurations and vulnerabilities that place data at risk.
Complete compliance profiles that detect personally identifiable information (PII), the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA) to ensure sensitive data never leaves Corelight's cloud environments.
Knowledge when a weakness surfaces that could lead to a data breach with an automatic dispatched service ticket to ensure that situations that place data at risk are fixed swiftly.
"There is no doubt that Corelight is a leader in network detection and requires a reliable, comprehensive and agile infrastructure to scale with the company as it grows. "The Normalyze Platform has been able to go to-to-toe with Corelight's critical cloud infrastructure needs, with the ability to benefit the entire team - from the CISO, to the security engineer, analyst, and DevOps professionals - to discover data, classify its risk and attack paths, and remediate risks."
Amer Deeba, co-founder and CEO at Normalyze
Normalyze is a pioneering provider of cloud data security solutions helping customers secure their data, applications, identities, and infrastructure across public clouds. With Normalyze, organizations can discover and visualize their cloud data attack surface within minutes and get real-time visibility and control into their security posture including access, configurations, and sensitive data to secure cloud infrastructures at scale. The Normalyze agentless and machine-learning scanning platform continuously discovers resources, sensitive data and access paths across all cloud environments. The company is founded by security veterans Ravi Ithal and Amer Deeba and calls Corelight and Netskope to be customers. It is funded by Lightspeed Venture Partners and Battery Ventures.
DATA SECURITY,ENTERPRISE IDENTITY
SandboxAQ | September 14, 2022
SandboxAQ, an enterprise SaaS company delivering the compound effects of AI and Quantum tech (AQ) to governments and the Global 1000, today announced it has acquired Cryptosense, a leading cybersecurity and encryption analysis software company. SandboxAQ's acquisition comes just weeks after the company unveiled its Strategic Investment Program and initial investment in evolutionQ.
The acquisition of Cryptosense complements and accelerates the deployment of SandboxAQ's Post-Quantum Cryptography (PQC) solutions to corporations and government institutions worldwide. SandboxAQ's cybersecurity products enable large enterprises to scale cryptography management across their IT infrastructure, providing CISOs with a single, 360° view of how encryption is used throughout the enterprise – a critical first step in migrating to PQC.
This migration to stronger cybersecurity is important for critical infrastructure sectors such as financial services, technology, energy, biopharma, logistics, and government.
Cryptosense is used by leading technology and financial services organizations and is a fellow NIST NCCOE partner. The combined customer relationships will help SandboxAQ bring its PQC solutions to market faster and protect these organizations and their customers from existing and emerging quantum threats, such as Store Now, Decrypt Later (SNDL) attacks.
"Rapid advances in quantum computing and AI challenge the effectiveness and performance of existing cryptography-based cybersecurity solutions. The combined leadership, talent, and expertise that SandboxAQ and Cryptosense bring to the marketplace accelerates the deployment of more effective cryptography solutions to protect the world against the security threats of today and tomorrow," said Jack D. Hidary, CEO of SandboxAQ. "The caliber of the Cryptosense team is recognized throughout the information security community, with the leadership by Graham Steel and Clément Jeanjean. We welcome Cryptosense to the SandboxAQ family and look forward to our continued success as one company."
"The complementary functionality and expertise between Cryptosense and SandboxAQ enables us to build and deliver SaaS solutions at scale with higher touch customer service. PQC implementation is critical to protect the world's sensitive data and together we will make a greater impact."
Dr. Graham Steel, Cryptosense founder
Cryptosense was advised by Stifel and Hogan Lovells and SandboxAQ was advised by Morgan Lewis.
SandboxAQ is an enterprise SaaS company, providing solutions at the nexus of AI and Quantum technology (AQ) to address some of the world's most challenging problems. The company's core team and inspiration formed at Alphabet Inc., emerging as an independent, growth-capital-backed company in 2022.
Cryptosense is an enterprise SaaS company that helps organizations identify and catalog the cryptography leveraged within their applications and infrastructure. Some of the largest technology and financial services companies worldwide use Cryptosense for their cybersecurity needs. Cryptosense announced a $4.8 million funding round in May 2021 backed by Amadeus Capital Partners, Elaia Partners and BGV.
Searchlight Security | August 02, 2022
Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives.
DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business.
DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats.
“Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.”
Eric Milam, EVP product at Searchlight Security
DarkIQ Reporting gives enterprise security teams and MSSPs the ability to:
Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform.
Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data.
Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations.
Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers.
Resource more effectively - with less time spent on reporting so they can spend more time protecting the business.
Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence.
Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.”
About Searchlight Security
Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.
DATA SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS
Legit Security | September 16, 2022
Legit Security, a cyber security company with an enterprise platform to secure an organization’s software supply chain, today announced that it discovered software supply chain attack vulnerabilities in popular open-source projects from Google and Apache. The discovered vulnerability affects GitHub, an extremely popular Source Code Management (SCM) system at the heart of many organization’s software supply chains and used by software developers globally. The Legit Security research team found a new type of CI/CD vulnerability called “GitHub Environment Injection” that allows attackers to take control of the vulnerable project's GitHub Actions CI/CD pipeline. Any GitHub user could exploit this vulnerability to modify the project’s source code, steal secrets, move laterally and attack inside the organization, and ultimately initiate a SolarWinds-like supply chain attack. The vulnerability was found in the Google Firebase project and in a very popular integration framework project from Apache. Both Google and Apache acknowledged and fixed the vulnerabilities after an initial disclosure by Legit Security. Legit Security has published a technical disclosure blog on their website including guidance for organizations to remediate this vulnerability.
Legit Security’s Research Team discovered that a specially crafted payload written to a GitHub environment variable called “GITHUB_ENV” could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a “pull request” or a proposed change to the source code. The mere act of submitting the pull request will trigger the vulnerable build action and carry out a successful compromise and the attacker does not need to be subjected a code review approval from the source code maintainer for it to take effect.
The Legit Security team disclosed these issues to Google and Apache project maintainers, along with remediation guidelines, and verified that these vulnerabilities weren’t exploited by a malicious actor. Both projects have been fixed and are now safe. However, these are not the only projects susceptible to this kind of attack. Since using the GITHUB_ENV file is currently considered the “safe” way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed to supply chain attacks.
“This type of vulnerability joins many other software supply chain vulnerabilities and attacks targeting popular open-source projects, including GitHub, which is the largest and the de facto host of most open-source projects. “We, as a security community, must build the tools and processes to address these threats and allow organizations to trust software and use it safely. Here at Legit Security our mission is to secure every organization’s software supply chain and we are active conducting security research and collaborating on initiatives to achieve this goal."
Liav Caspi, CTO and co-founder of Legit Security
According to Gartner®, nearly half of organizations worldwide will experience an attack on their software supply chains by 2025, a three-fold increase from 2021. There has been a huge rise in attempts to compromise open-source projects and CI/CD build services, including GitHub Actions, to enable wide ranging attacks through software supply chains.
For in-depth analysis of the GitHub Environment Injection vulnerability, along with broader information and guidance on how to protect your organization from software supply chain attacks, please visit the Legit Security website and blog.
About Legit Security
Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code and people so that businesses can stay safe while releasing software fast. Legit provides an easy to implement SaaS platform that supports both cloud and on-premises resources and combines automated discovery and analysis capabilities with hundreds of security policies developed by industry experts with real-world SDLC security experience. This integrated platform keeps your software factory secure and provides continuous assurance that your applications are released without vulnerabilities.