Data Security, Platform Security, Software Security

SlashNext Introduces Generative AI Solution for Email Security

SlashNext Introduces Generative AI Solution for Email Security

On February 28, 2023, SlashNext, a leading SaaS-based Integrated Cloud Messaging Security solutions provider across web, email and mobile, announced the release of Generative HumanAI™, the industry's first artificial intelligence solution using generative AI to defend against advanced business email compromise (BEC), executive impersonation, supply chain attacks, and financial fraud. Adding Generative HumanAI ensures that customers have peace of mind, despite threat actors utilizing widely available AI tools to aid their efforts. The solution already has a 99.9% detection rate with its existing AI capabilities.

Generative HumanAI predicts vast numbers of potential AI-generated BEC threats by utilizing AI data augmentation and cloning technologies to evaluate a core threat and then produce thousands of other versions of that same core threat, which allows the system to train itself on possible variations.

This new solution joins SlashNext's existing HumanAI capabilities, which imitate human threat researchers by combining computer vision, natural language processing, and machine learning with relationship graphs and deep contextualization to thwart sophisticated multichannel messaging attacks.

Features of HumanAI consist:

  • Relationship Graphs & Contextual Analysis establish a baseline of known-good writing styles and communication patterns for each employee and supplier to detect unusual conversation and communication styles.
  • BEC Generative AI Augmentation automatically generates thousands of new BEC variants from today's threat to stop tomorrow's attacks.
  • Natural Language Processing analyzes text in the email body and attachments for tone, emotion, topic, intent and manipulation triggers related to social engineering tactics.
  • Computer Vision Recognition leverages SlashNext's LiveScan™ to inspect URLs in real-time for any visual divergence, such as layouts and images, to detect credential phishing webpages.
  • Sender Impersonation Analysis evaluates headline details and email authentication results to stop impersonation attacks.
  • File Attachment Inspection analyzes social engineering traits of attachments and malicious codes to stop ransomware.

SlashNext has been developing this patent-pending solution internally for over two years and is at the forefront of multichannel messaging security. Its threat researchers recognized that generative AI would soon change the face of BEC attacks.

About SlashNext

SlashNext is a leading cloud-based messaging security solutions provider to safeguard against malicious messages across all digital channels. Its integrated messaging security platform, called SlashNext Complete™, is equipped with patented HumanAI™ technology having a detection accuracy rate of 99.9% and is capable of detecting real-time threats across various messaging channels such as mobile, email and web-based messaging applications like LinkedIn, M365, Gmail, WhatsApp, Slack, Telegram, Teams, and others. By taking advantage of SlashNext's Integrated Cloud Messaging Security, businesses can safeguard their sensitive information from data theft and financial fraud breaches. The company's solution is designed to detect and prevent zero-hour threats in real-time to ensure their customers' highest level of security.

Spotlight

Organizations are losing IT and security control Once upon a time, IT and security teams focused mostly on managing their organization’s on-prem environment. But as business requirements changed, customer bases became global, and remote work took root, these technology teams were handed responsibility across more domains: cloud


Other News
Software Security

Picus Launches New MSSP Program to Make Starting Security Validation Simple

Picus Security | December 12, 2023

Picus Security, the pioneer of Breach and Attack Simulation (BAS), today announced the Picus Managed Security Services Provider (MSSP) Partner Program. Picus has a long-standing 100% channel approach and works closely with MSSPs to deliver security validation services that quantify risk and reduce threat exposure. Now, it's easier than ever for MSSPs and their customers to get started with security validation to measure the effectiveness of security controls with real-world attack simulations and then scale up testing programs to perform validation checks consistently. The new Picus MSSP Program provides the flexibility MSSPs need to introduce automated validation services and generate new recurring revenues quickly. Designed for customers of varying levels of cyber maturity, the program features interval-based and continuous licensing options. With interval-based licensing, MSSPs can purchase credits that allow an entry cadence for validation assessments. Then, once customers are ready to advance their security program maturity and increase the frequency of assessments they can easily switch to a continuous licensing model. The program means MSSPs can help customers to 'crawl,' 'walk,' and then 'run' with validation. "With this new MSSP program, it's never been simpler for managed service providers to get the consistent and accurate validation insights needed to improve security outcomes for clients," said Ryan Kunker, Picus Security, Senior Director of Channels and Alliances. "By shining a light on security effectiveness in areas such as security control validation, automated security validation presents an enormous opportunity for MSSPs to improve security outcomes for clients and identify new upsell opportunities." Security validation powered by BAS is a core pillar of Continuous Threat Exposure Management (CTEM). It helps security teams to understand if security controls provide the coverage needed to defend organizations against the latest threats, including ransomware and Advanced Persistent Threats. Gartner estimates that security services providers that adopt cybersecurity validation assessments will see an improvement of over 5% in their acquisition, retention and upsell rates.* "We are constantly looking for new ways to provide real actionable value to our clients," said Perry Schumacher, Chief Strategy Officer at Ridge IT. "We evaluated Picus in our cyber range against our best practice configurations and it showed us opportunities to improve beyond today's best tools and practices. The Picus platform helps us provide better security for our clients by increasing our effectiveness. Our clients who purchase Picus begin a continuous improvement journey for their cyber security and are always in a cyber-ready state." In addition to real-world threat simulation, the Picus platform also offers asset and vulnerability discovery, attack path mapping, detection engineering as code, and AI-based threat profiling - capabilities that help MSSPs to manage customers' threat exposure even more efficiently. To enable MSSPs to validate the security of multiple clients simultaneously, the platform also offers a multi-tenant portal. "Now more than ever, every dollar spent in the security budget must be carefully weighed on merit and returned value," said Darren Humphries, Acora Group CISO and MSSP Cyber Portfolio CTO. "For strengthening the security of our own company portfolio and that of our customers, Picus is a key tool that helps us measure the efficacy of the protective security tools we use as well as our detective SOC and SIEM capabilities. Picus is a true force multiplier." About Picus Security Picus Security helps security teams consistently and accurately validate their security posture. Our Security Validation Platform simulates real-world threats to evaluate the effectiveness of security controls, identify high-risk attack paths to critical assets, and optimize threat prevention and detection capabilities. As the pioneer of Breach and Attack Simulation, we specialize in delivering the actionable insights our customers need to be threat-centric and proactive. Picus has been named a 'Cool Vendor' by Gartner and is recognized by Frost & Sullivan as a leader in the Breach and Attack Simulation (BAS) market.

Read More

Software Security

Keeper Streamlines Compliance Processes With Granular Sharing Enforcements

Keeper Security, Inc. | January 11, 2024

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, announces Granular Sharing Enforcements will soon be available for all products in the Keeper® platform. Granular Sharing enables administrators to enforce detailed creating and sharing permissions at the user level. By implementing these permissions, organizations can ensure employees only have access to the resources necessary for their roles, minimizing the risk of unauthorized access, data breaches and lateral movement within a network. "It's critical for organizations to have security solutions that help them adhere to increasing regulations and compliance requirements," said Craig Lurey, CTO and Co-founder of Keeper Security. "Granular permission control helps organizations enhance their security posture by restricting access to sensitive information and systems. With Granular Sharing Enforcements, it's easier than ever for IT administrators to better control the principle of least privilege and streamline operations within their organizations." Keeper's added Granular Sharing Enforcement policies provide more detailed restrictions that administrators can apply to users for both creating and sharing records. Most employees do not need access to all of the data or functionalities within an organization, and many industries and geographical regions have specific regulations and compliance requirements regarding data protection and privacy, including HIPAA, GDPR, PCI DSS and SOX. Granular permission controls enable organizations to align with local and industry regulations by allowing them to define and enforce access policies. This helps in ensuring the organization is compliant with industry standards and legal requirements. Key features of Keeper's Granular Sharing Enforcements include: Auditing: Keeper provides clear alerting and reporting on over 100 different event types. Version control: Only a small subset of users have permissions to update or share records, helping teams ensure information is consistent and accurate. Seamless access on any device: Keeper provides the same user experience across platforms, ensuring cross functionality and ease of use, whether on web, desktop or mobile. Encryption: Keeper provides secure sharing with elliptic curve encryption, ensuring cybercriminals cannot intercept passwords or other shared records in transit. Keeper Administrators can easily customize permissions to best suit the compliance needs of their organization. Administrators modify permissions in the Enforcement Policies section of the Admin Console for the chosen role by selecting Creating and Sharing. Most permissions are activated by default for maximum security. Enforcements have been designed to be simple and powerful, allowing admins to choose the appropriate settings for their unique needs. Granular Sharing Enforcements will be available for all sharing needs within Keeper's Enterprise Password Manager, Keeper Secrets Manager and KeeperPAM. With Keeper's zero-knowledge password management and security platform, IT administrators have complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies, including strong, unique passwords, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and other security policies. Keeper Secrets Manager® is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data. Its latest offering, KeeperPAM™, provides next-generation Privileged Access Management (PAM) that is disrupting the traditional PAM market. KeeperPAM delivers enterprise-grade password, secrets and privileged connection management within a unified SaaS platform that is cost-effective, easy to use and simple to deploy. KeeperPAM enables least-privilege access with zero-trust and zero-knowledge security. Enterprises select Keeper because of its strong security architecture, ability to support federated and passwordless authentication with any identity provider, seamless integration into on-premises, cloud or hybrid environments and ease of use across desktop and mobile devices. About Keeper Security Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper's affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

Software Security

DNSFilter Enhances Protective DNS Solution to Thwart New Threats

DNSFilter | December 15, 2023

DNSFilter today announced the addition of a new Malicious Domain Protection feature to its protective DNS software, building on its machine learning capabilities. This feature bolsters DNSFilter's enterprise-grade defenses providing better visibility and protection against Domain Generation Algorithms used in malware, botnet and other malicious domains, in addition to other threat vectors. This expands the company's threat detection capabilities and its ability to block large lists of undesirable domains and the security threats they pose. Enterprise security teams that manage and secure both modern and legacy infrastructure struggle to protect end users from all categories of web-based threats. DNSFilter scans every domain its customers access to identify zero-day threats and prevent access before they infiltrate the network. Malicious Domain Protection leverages new ML capabilities to assist in the identification of risky domain strings, which includes domain generation algorithms (DGA) and other threat vectors. DGAs are used in malware to generate up to 250,000 domain names each day for use as rendezvous points with their C&C servers. Malicious Domain Protection can identify more threats, including phishing, cryptojacking, botnet, ransomware and other spam domains, and catch them sooner. In the testing phase, Malicious Domain Protection identified more than 7,000 risky domains not yet identified by any other feeds. Threats were identified up to 10 days ahead of other third-party feeds with one domain being caught 59 days ahead. David Elkind, chief data scientist, DNSFilter, said: "We are constantly working to offer better awareness and remediation of threat vectors. DNSFilter has a powerful data collection engine, supplemented by third-party feeds and we are always innovating new ways to use this data to protect our customers. We intend to take full advantage of all this data to protect our customers. With this new addition, our customers have even more safeguards." About DNSFilter DNSFilter is redefining how organizations secure their largest threat vector: the Internet itself. DNSFilter is making the internet safer and workplaces more productive. In 2022 the threat protection leader blocked 9.1 billion threats, more than any other threat detection software globally. With 70% of attacks involving the Domain Name System (DNS) layer, DNSFilter provides protective DNS powered by machine learning that uniquely identifies 61% more threats than competitors on an average of seven days earlier, including zero-day attacks. Over 26 million monthly users trust DNSFilter to protect them from phishing, malware, and advanced cyber threats. DNSFilter's brands include Webshrinker, its next generation web categorization software, and Guardian, a consumer app focused on privacy protection.

Read More

Software Security

Salt Security API Protection Platform Wins Gold in 13th Annual Best in Biz Awards

Salt Security | December 13, 2023

Salt Security, the leading API security company, today announced that the Salt Security API Protection Platform has been named a Gold Winner in the "Enterprise Product of the Year - Security Software" category in the Best in Biz Awards 2023. The Salt Security API Protection Platform is a best-in-class solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. With its patented approach to blocking today's low-and-slow API attacks, only Salt provides the adaptive intelligence needed to protect APIs. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights into API threats and vulnerabilities, including those outlined in the OWASP API Security Top 10 list. "APIs sit at the core of today's modern applications, connecting enterprises to vital data and services," said Michael Nicosia, co-founder and COO, Salt Security. "Given the amount of sensitive information being transmitted through APIs, along with the growing complexity of API attacks, strong API security has become critical for modern businesses. The Salt platform is the only solution that provides cloud-scale big data and real-time analysis across all application environments, pinpointing and stopping attackers in their tracks. We are honored to have our solution's unique capabilities recognized by the Best in Biz Awards." According to the Salt Labs State of API Security Report, Q1 2023, 94% of organizations experienced security problems in production APIs in the past year, with a 400% increase in unique attackers overall in the last six months. The Salt platform protects APIs across their full lifecycle – build, deploy and runtime phases. Through its unique API Context Engine (ACE) architecture, the Salt platform provides API design analysis in pre-production, discovers all APIs, pinpoints and stops API attackers, and provides remediation insights learned during runtime to harden APIs. "As in years past, determining winners in some categories was a matter of selecting the very best from among the very good and came down to the smallest details," said Best in Biz Awards staff. "Each year, the judges are impressed by the innovations, growth, and change emanating from the winning companies and permeating across layers of society, from their employees through clients to local and global communities." The 13th annual program saw intense competition among more than 600 entries from public and private companies, representing all industries and regions in the U.S. and Canada and ranging from some of the most iconic global brands to the most innovative start-ups and beloved local companies. This year's judges highlighted the winning companies' breadth and depth of innovation, their novel approaches to employing new technologies, impressive workplace benefits and employee diversity and inclusion programs, as well as continued community involvement and critical investments in environment and corporate social responsibility programs. About Salt Security Salt Security protects the APIs that form the core of every modern application. Its patented API Protection Platform is the only API security solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and hardening APIs. Deployed quickly and seamlessly integrated within existing systems, the Salt platform gives customers immediate value and protection, so they can innovate with confidence and accelerate their digital transformation initiatives. For more information, visit: https://salt.security/ About Best in Biz Awards Since 2011, Best in Biz Awards has been the only independent business awards program judged by a who's who of prominent reporters and editors from top-tier publications from North America and around the world. Over the years, judges in the prestigious awards program have ranged from Associated Press to the Wall Street Journal and winners have spanned the spectrum, from blue-chip companies that form the bedrock of the global economy to some of the world's most innovative start-ups and nimble local companies. Each year, Best in Biz Awards honors are conferred in two separate programs: North America and International, and in 100 categories, including company, team, executive, product, and CSR, media, PR and other categories. For more information, visit: http://www.bestinbizawards.com.

Read More

Spotlight

Organizations are losing IT and security control Once upon a time, IT and security teams focused mostly on managing their organization’s on-prem environment. But as business requirements changed, customer bases became global, and remote work took root, these technology teams were handed responsibility across more domains: cloud

Resources