Data Security
Virtru | October 09, 2023
Virtru, a worldwide leader in data-centric security and privacy, has announced the expansion of its encrypted file-sharing platform, Virtru Secure Share, to integrate with Zendesk. This direct integration enables organizations to safeguard data flow inward and outward within Zendesk without disrupting their current workflows. These integrations are accessible for purchase both from Virtru directly and through the Zendesk app marketplace.
Virtru Secure Share offers top-notch, military-grade encryption and user-friendly experiences for Zendesk users. This integration is especially valuable for customer support teams involved in exchanging sensitive information with partners and customers during client onboarding and support processes.
Jill Emerson, System Administrator and Member of Team Rehabilitation Physical Therapy, stated,
We are in the healthcare sector, and to have that level of advanced data protection in Zendesk, without having to think about it, is invaluable. In between Virtru’s email security and the Virtru Secure Share integration for Zendesk, our most common and high-volume collaboration workflows can remain secure. Secure Share enables us to strike a balance between usability and security, so we can protect the data of our patients and deliver a positive experience at the same time.
[Source – Globe Newswire]
By utilizing Virtru’s user-friendly secure file-sharing features integrated into their familiar business applications, customer service representatives can efficiently assist customers while ensuring compliance with regulatory obligations.
John Ackerly, Co-founder and CEO of Virtru, said,
With this latest Secure Share integration, Zendesk users can now receive and send encrypted files securely with individuals both outside and inside of their organization without compromising the user experience or efficiency.
[Source – Globe Newswire]
He further stated that this is particularly crucial when confidential data must be shared to accomplish tasks. It was also mentioned that this should provide businesses with increased peace of mind, ensuring that their employees and customers maintain complete control of their data at all times.
About Virtru
Virtru empowers organizations worldwide, providing them with the means to harness the potential of data while ensuring control over its storage and sharing. Trusted by over 8,000 global clients, Virtru supports its Zero Trust strategies and safeguards its most sensitive data according to the world’s strictest security standards. As the creators of Trusted Data Format (TDF), an industry standard for persistent data protection, Virtru provides encryption technology for data shared through email, cloud environments, collaboration tools, and SaaS applications.
Read More
Software Security
Business Wire | September 27, 2023
Today, Cyolo, provider of the fastest and most secure zero-trust access and connectivity solution for hybrid organizations with IT and OT, in partnership with KuppingerCole, released an industry analysis focused on zero trust and remote access for operational technology (OT) environments.
The analysis reveals key insights about the OT cybersecurity threat landscape, outlines high-level security architecture for OT, critical infrastructure systems (CIS) and industrial control systems (ICS), and evaluates key requirements of security regulations and frameworks.
OT environments experience the same kinds of threats as enterprise IT – including ransomware, account takeovers, APTs, and Supply Chains as vectors – while experiencing expanded OT-specific threats. While traditional IT security tools may be adapted, developing robust security architectures for OT environments is inherently complex compared to their IT counterparts. Its unique nature, from equipment and software to communication protocols requires dedicated OT security solutions.
Cyolo can help organizations with OT infrastructure to define and manage access control to those complex environments, said John Tolbert, Lead Analyst at KuppingerCole.
Overall key insights include:
OT Threat Landscape. Heightened geopolitical factors have intensified attacks on OT and ICS, posing significant consequences ranging from operational disruptions and service denial to financial repercussions and potential harm to human well-being.
Core Cybersecurity Regulations. The risks and consequences of cyber-attacks against critical infrastructure advanced regulations globally mandating secure architectures and technical controls. KRITIS and the follow-on IT Security Act 2.0 are related examples of such regulations, as well as the NIST Cybersecurity Framework.
OT Security Architectures and Key Functionalities. There are eight areas of functionality that are central to effective OT security architectures. Cybersecurity architectures for OT must address asset discovery, access control, IT security tool integration, detection and response capabilities, and OT protocol level threats.
As the analysis breaks down, within critical infrastructure interruptions and downtime are not an option. To address the increasing need for secure access in OT environments, Cyolo introduced Cyolo 4.3, which expands key capabilities with more layers of security and making the product easier than ever to use for both administrators and end users in the industrial space.
With Cyolo 4.3, industrial organizations will be able to extend their multi-factor authentication (MFA) across environments through an integration with Duo Security to support their physical tokens as required. Additionally, the company has implemented another layer of security for file transfer within the OT/ICS environment, through query anti-virus software to scan files before they are delivered to their destination. Cyolo is also adapting for further usability, allowing teams to securely invite external users by generating a secure one-time password; and import groups from existing IdPs, using SCIM.
“Ensuring the security of critical infrastructure and industrial processes has become increasingly critical as organizations unite their IT and OT systems. This convergence has expanded the OT threat landscape and introduced significant cybersecurity challenges, as the once-isolated OT networks are now vulnerable to the same threats that have targeted IT networks for years” said Joe O'Donnell, Vice President ICS/OT of Cyolo. “With Cyolo 4.3, industrial entities can confidently navigate the complexities of the modern threat landscape and fortify their defenses against evolving cyber threats.”
The announcement of Cyolo 4.3 highlights the company’s commitment to advancing zero-trust capabilities and it comes on the heels of Cyolo being listed as a Representative Vendor in the 2023 Gartner® “Market Guide for Zero Trust Network Access” report for the second consecutive year and recognized by Frost & Sullivan with the 2023 North American New Product Innovation Award for Secure Remote Access to Operational Infrastructure and Industrial Control Systems (OT/ICS).
As the threats to critical infrastructure continue to evolve, Cyolo zero-trust access solution continues to provide the utmost protection and ease of use. To learn more about Cyolo 4.3, visit here. Access the report for a full view of the industry here.
Register here to attend the joint webinar from Cyolo and KuppingerCole on how to achieve secure remote access for OT environments, to be held on Tuesday, October 10 at 7 a.m. PT.
About Cyolo
Cyolo helps hybrid organizations in the IT and OT spaces to stay safe, secure and productive in an era of distributed workforces and unprecedented cyberthreats. Cyolo’s next-generation zero-trust access solution enables all users, including employees, third parties as well as remote and on-site workers, to connect to their working environments seamlessly and securely via modern identity-based access. Providing one unified solution that integrates with the existing tech stack and deploys easily in the cloud, on-premises or in a hybrid model, Cyolo empowers the global workforce to securely access anything from anywhere.
Read More
API Security
Business Wire | October 25, 2023
Data Theorem, Inc., a leading provider of modern application security, today introduced an industry-first attack path analysis of APIs and software supply chain exploits to its Cloud-Native Application Protection Platform (CNAPP) called Cloud Secure. The new release includes machine learning (ML)-based hacker toolkits and improved visualizations that boost discovery of potential data breaches in first-party APIs and third-party software supply chain assets hosted in multi-cloud environments.
As a result of today’s launch, organizations can now leverage an advanced ML-based CNAPP solution to best secure their cloud-native apps and discover weaknesses which could lead to data breaches. Previously, organizations had to rely on cloud security posture management (CSPM) and agent-based cloud workload protection platforms (CWPP) that lack the ability to accurately detect attack surfaces such as first- and third-party APIs that lead to the critical path hackers utilize to successfully exploit vulnerabilities and extract sensitive data.
Data Theorem’s new release of Cloud Secure now delivers Cloud Hacker Toolkits powered by a new set of visualization features and ML enhancements for exploit prioritization, helping organizations focus on the most critical vulnerabilities that hackers can take advantage of for a cyberattack to extract data from cloud-native apps. In addition, Cloud Secure now offers ML-powered optimized Cloud Assets inventory with new visualizations for organizations to better understand the relationships between applications (mobile and web), APIs (first and third party), and the myriad of cloud resources. As a result, organizations for the first time can have an accurate inventory of their cloud-native and cloud-hosted applications, and visualize the growing attack surfaces including APIs they develop themselves and APIs that come from leveraging open-source software, third-party software development kits (SDKs), and public cloud services within their software supply chains.
As we have seen, machine learning, and particularly generative language learning model (LLM), offers a new set of innovations and creativity for both security practitioners and attackers, said Doug Dooley, Data Theorem COO. Data Theorem is pleased to offer the industry’s first CNAPP solution which leverages some of the more useful elements of machine learning combined with run-time analysis, observability, and active protection. Cloud Secure continues to lead the industry as the most application-centric CNAPP offering helping organizations uncover new attack vectors in cloud-native applications and APIs that ultimately prevent large-scale data breaches. ML-powered Hacker Tool Kits and Optimized Cloud Assets, in addition to Cloud Secure’s other advancements in this new release, uniquely protect organizations’ cloud applications in multi-cloud environments.
Cloud Secure now also offers a new UI design that improves the end-to-end CNAPP workflow for organizations with new dashboard, inventory, security testing, and cloud-native protection sections. For example, the Cloud-Native Protection visualization graph with Cloud Abuse highlights priority events, actors, and attack path analysis that uniquely helps organizations diagnose near real-time data breaches and attempts at exfiltration attacks. In addition, Cloud Secure’s Enhanced Compliance Summary section with status and on-demand reporting downloads automates the audit processes to help organizations prove compliance.
Cloud Secure, powered by Data Theorem’s award-winning Analyzer Engine, helps organizations secure their cloud-native applications and address regulatory compliance for cloud monitoring and reporting. It is the industry’s first solution delivering full-stack attack path analysis for cloud-native applications that starts at the client layer (mobile and web), protects the network layer (APIs), and extends down through the underlying infrastructure (cloud services). Its combination of attack path analysis and run-time active protections enables both offensive and defensive security capabilities to best prevent data breaches of cloud-native applications, embedded APIs, and serverless cloud functions.
Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-driven microservices and cloud resources. Its solutions are powered by its award-winning Analyzer Engine which leverages a new type of dynamic and runtime analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation. Data Theorem is one of the first vendors to provide a full stack application security analyzer that connects attack surfaces of applications starting at the client layers found in mobile and web, the network layers found in APIs, and the infrastructure layers found in cloud services.
About Data Theorem
Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world. Data Theorem is headquartered in Palo Alto, Calif., with offices in New York and Paris. For more information visit www.datatheorem.com.
Read More
API Security
Salt Security | September 20, 2023
Salt Security, a prominent API security company, has announced the expansion of its partnership with CrowdStrike, a leading cybersecurity technology company providing cloud workload and endpoint security, cyberattack response, and threat intelligence services. This expansion involves the integration of the Salt Security API Protection Platform with the widely recognized CrowdStrike Falcon Platform.
Roey Eliyahu, Co-founder and CEO of Salt Security, stated,
Protecting against API threats requires deep visibility and robust runtime protection. We’re excited to bring our unique strengths in API security to the CrowdStrike customer base with this new integration. Together with CrowdStrike, Salt can provide organizations with extended runtime protections and posture management across the cloud and application landscapes.
[Source – Cision PR Newswire]
Through this integration, customers gain access to a comprehensive 360-degree view of API security risks, particularly focusing on the application-layer attack surface. This integration is accessible via the CrowdStrike Marketplace and provides valuable API threat intelligence. It also enhances cross-organization API security capabilities by streamlining and enhancing the workflows related to API auditing, monitoring, and enforcement.
The partnership between Salt Security, offering top-notch API runtime monitoring and AI-driven insights, and CrowdStrike, renowned for its award-winning AI-powered protection, provides organizations with complete visibility into their API attack surface. This integration also offers valuable context regarding the severity of threats in relation to business-critical aspects.
With this partnership, customers benefit from:
API vulnerability and threat context
API threat mitigation
API threat management automation
The patented Salt API security platform stands out for its utilization of cloud-scale big data, artificial intelligence (AI), and machine learning (ML). These technologies work in tandem to automate the process of discovering and cataloging an organization's entire set of APIs. Salt plays a crucial role in pinpointing areas where APIs might expose sensitive data. This proactive approach aids enterprises in recognizing and mitigating potential API threats while also reinforcing their overall API security.
Gur Talpaz, Head of Falcon Fund and Vice President of Corporate Development at CrowdStrike, said,
With APIs now a prime target for malicious actors, securing them requires a comprehensive and diligent approach. Through this joint integration, we can harness the mature AI-driven intelligence of the Salt API security platform with our widely deployed Falcon platform, giving organizations complete visibility into their application-layer attack surface and a detailed understanding of their application threat landscape.
[Source – Cision PR Newswire]
About Salt Security
Salt Security is a leading API security company that safeguards the APIs at the core of all modern applications. Its API Protection Platform is the sole API security solution that integrates the power of cloud-scale big data with time-tested machine learning and artificial intelligence to detect and prevent API attacks. Salt provides extensive context, real-time analysis, and continuous insights for API discovery, hardening APIs, and attack prevention by correlating the activities of millions of APIs and users over time.
Read More