Connect with us

News

Evanssion Strengthens Noname Security Partnership to Accelerate Adoption of API Security

Published

on

Evanssion has announced that it is strengthening its partnership with Noname Security, a leader in API Security, to ensure the region is well-equipped to defend against API attacks. There is a massive gap in the visibility on the API layer from the perspective of consumption and exposure of information through the API. This leads to lack of governance and posture management of APIs. Hackers have tapped into these vulnerabilities and are actively targeting these APIs due to misconfiguration and anomalous behaviour of the API.

Gartner predicts that by 2025, “less than 50% of enterprise APIs will be managed, as explosive growth in APIs surpasses the capabilities of API management tools.” Securing APIs has thus become a pressing issue to address for CIOs, CISOs, and decision-makers as they continue to protect data in this evolving threat landscape.

Last year in October 2021, Evanssion signed up an exclusive distribution agreement with Noname Security, headquartered in California, USA, to allow the adoption of its API security platform in the Middle East and Africa region. Noname Security delivers the most powerful, complete, and easy-to-use API security platform. The company finds and inventories all APIs; detects attacks, suspicious behavior, and misconfigurations using AI-based behavioral analysis; prevents attacks and integrates with existing remediation and security infrastructure; and actively validates APIs before deployment.

Unlike other solutions that only monitor API traffic, Noname analyzes API traffic as well as application and infrastructure configurations to provide better API security posture management, API runtime security, and active API SDLC testing. Only Noname Security can find all shadow APIs and API misconfigurations before the company is impacted.

Together with the API security leader, Evanssion is working with some of the largest banks in the financial industry and airline providers in the country to make API Security a reality for the Middle East and Africa region. The past five months have seen tremendous growth for Evanssion and Noname in the EMEA region.

Ahmad Al Qadri, Chief Executive Officer, Evanssion, said, “We are pleasantly surprised at the maturity of the market in understanding API security and the urgent need to proactively protect systems and data.” “The response from our customers has been powerful and I am confident that the shift from ‘Why API Security’ to ‘How’ will be game-changing.”

“Partnering with a leader like Evanssion allows us to deliver best-in-class cybersecurity solutions to local customers through the award-winning Noname API Security Platform,” said Dirk Marichal, Vice President EMEA, Noname Security. “APIs have become more important than ever and thus it’s a priority to mitigate the associated risks and keep business APIs secure and out of the headlines. We are delighted that Evanssion has recognized this trend, conducted in-depth market research, and chose Noname Security as their preferred API Security solution.”

Cyber Security

Group-IB Unveils Unified Risk Platform

Published

on

Group-IB has today unveiled the Unified Risk Platform, an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time. Every product and service in Group-IB’s now consolidated security suite is enriched with information from a Single Data Lake, which contains 60 types of sources of adversary intelligence. The Unified Risk Platform automatically configures your Group-IB defenses with the precise insights needed to provide the best possible defense against targeted attacks on the infrastructure and endpoints, breaches, fraud, brand, and IP abuse.

“At the heart of the Unified Risk Platform is a Single Data Lake that has the most complete and detailed insight into threat actors. Group-IB has collected the industry’s broadest range of adversary intelligence, with 60 types of sources across 15 categories,” the company said in a statement.

The data is gathered by and exclusive to Group-IB, providing customers with unprecedented visibility of threat actors’ operations. The raw data is enriched with context, converted into actionable intelligence, and added to Group-IB’s Single Data Lake. The patented technology is continuously refined by state-of-the-art research, science, and modeling conducted by Group-IB’s dedicated analyst teams spanning 11 cybersecurity disciplines.

The modular architecture of the Unified Risk Platform allows additional capabilities to be easily activated, providing increased protection from cybercrime without friction. A range of out-of-the-box integrations and flexible APIs enable the Unified Risk Platform to easily enhance any existing security ecosystem. When organisations need specialist support, Group-IB’s comprehensive suite of services is available for any purpose, from one-off red teaming exercises or incident response to in-life managed detection and response.

In addition to the services, every Group-IB product is powered by the platform to provide complete coverage of the Cyber Response Chain:

  • Group-IB Threat Intelligence provides deep insight into adversary behaviors. Threat Intelligence was independently evaluated as creating a 10% increase in team efficiency over alternative vendors and in a case study generated a 339% return on investment.
  • Group-IB Managed XDR enables organizations to respond 20% faster to threats according to an analyst study.
  • Group-IB Digital Risk Protection allows organizations to reduce the risk of brand abuse, piracy, data leaks, and more with best-in-breed protection. Group-IB has been benchmarked as detecting pirated content in 30 min on average and taking down 80% of the content within 7 days.
  • Fraud Protection was calculated by consultants to reduce the rate of false-positive fraud cases by 20% and enable 10% to 20% more fraud attempts to be detected and prevented. Furthermore, Group-IB identified 30% more one-time password fraud.
  • Attack Surface Management continuously discovers external assets to identify shadow IT, forgotten infrastructure, misconfigurations, and other hidden risks. As part of the Unified Risk Platform, the solution provides a threat actor’s view of the attack surface so that weak spots can be quickly and proactively strengthened.
  • Business Email Protection defends corporate email from sophisticated attacks. The solution monitors for indicators of compromise identifies malicious behavioral markers and extracts artifacts to identify risky emails before they reach their destination.
Continue Reading

Cyber Security

Genetec Announces Availability of its Synergis Cloud Link PoE-Enabled IoT Gateway

Published

on

Genetec has announced the immediate availability of a new generation of its Synergis Cloud Link PoE-enabled IoT gateway for access control. Manufactured in North America to mitigate supply chain delays, Synergis Cloud Link addresses the increasing demand for non-proprietary access control solutions and provides a safe and secure gateway to a cloud or hybrid deployment.

“When modernizing an existing security system, Synergis Cloud Link’s open architecture allows organizations to leverage their current access control infrastructure and easily upgrade to a secure IP-based solution. Synergis Cloud Link provides a more efficient approach to multi-site deployments and replaces the need for servers, reducing the cost of ownership.  The Synergis Cloud Link IoT gateway has embedded functionalities that keep an organization’s access control running even when the connection to the server is down,” the company said in a statement.

“The new generation of Synergis Cloud Link provides more features, enhanced cybersecurity, and helps future-proof security installations. Synergis Cloud Link features enhanced cybersecurity such as encrypted user data, Secure Boot, and an EAL6+ industry gold standard Secure Element that stores cryptographic elements,” the company added.

“The need for non-proprietary access control solutions has never been greater,” said Thibault Louvet, Access Control Product Group Director, Genetec Inc. “Our new generation Synergis Cloud Link enables us to provide organizations with a powerful, secure, and intelligent gateway to the latest technology while allowing them to easily connect to hybrid or cloud access control environments and keep their existing security investment including hardware, wiring, and infrastructure.”

The device is compatible with non-proprietary access control modules from the industry’s most established manufacturers including HID Global, Axis Communications, ASSA ABLOY, Mercury Security, Allegion, SimonsVoss, STid, and others. A single Synergis Cloud Link device can support up to 256 readers and electronic locks, 600,000 cardholders, 150,000 offline events, as well as monitor hundreds of zones and alarms.

Synergis Cloud Link features a new firmware design, improving reliability and lifecycle management, and updates management. It also opens the door to containerized approach for operating software on the device, expanding its future capabilities.

Continue Reading

Cyber Security

Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23

Published

on

Executive performance evaluations will be increasingly linked to the ability to manage cyber risk; almost one-third of nations will regulate ransomware response within the next three years; and security platform consolidation will help organizations thrive in hostile environments, according to the top cybersecurity predictions revealed by Gartner, Inc. today.

In the opening keynote at the Gartner Security & Risk Management Summit in Sydney, Richard Addiscott, Senior Director Analyst, and Rob McMillan, Managing Vice President at Gartner discussed the top predictions prepared by Gartner cybersecurity experts to help security and risk management leaders be successful in the digital era.

“We can’t fall into old habits and try to treat everything the same as we did in the past,” said Addiscott. “Most security and risk leaders now recognize that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program, and our architecture.” Gartner recommends that cybersecurity leaders build the following strategic planning assumptions into their security strategies for the next two years.

Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP. As of 2021, almost 3 billion individuals had access to consumer privacy rights across 50 countries, and privacy regulation continues to expand. Gartner recommends that organizations track subject rights request metrics, including cost per request and time to fulfill, to identify inefficiencies and justify accelerated automation.

By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services, and private application access from a single vendor’s SSE platform. With a hybrid workforce and data everywhere accessible by everything, vendors are offering an integrated security service edge (SSE) solution to deliver consistent and simple web, private access, and SaaS application security. Single-vendor solutions provide significant operational efficiency and security effectiveness compared with best-of-breed solutions, including tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected, and re-encrypted.

60% of organizations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realize the benefits. The term zero trust is now prevalent in security vendor marketing and in security guidance from governments. As a mindset — replacing implicit trust with identity- and context-based risk-appropriate trust — it is extremely powerful. However, as zero trust is both a security principle and an organizational vision, it requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits.

By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. Cyberattacks related to third parties are increasing. However, only 23% of security and risk leaders monitor third parties in real-time for cybersecurity exposure, according to Gartner data. As a result of consumer concerns and interest from regulators, Gartner believes organizations will start to mandate cybersecurity risk as a significant determinant when conducting business with third parties, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions.

By 2025, 30% of nation-states will pass legislation that regulates ransomware payments, fines, and negotiations, up from less than 1% in 2021. Modern ransomware gangs now steal data as well as encrypt it. The decision to pay the ransom or not is a business-level decision, not a security one. Gartner recommends engaging a professional incident response team as well as law enforcement and any regulatory body before negotiating.

By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties. Attacks on OT – hardware and software that monitors or controls equipment, assets, and processes – have become more common and more disruptive. In operational environments, security and risk management leaders should be more concerned about real-world hazards to humans and the environment, rather than information theft, according to Gartner.

By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest, and political instabilities. The COVID-19 pandemic has exposed the inability of traditional business continuity management planning to support the organization’s response to a large-scale disruption. With continued disruption likely, Gartner recommends that risk leaders recognize organizational resilience as a strategic imperative and build an organization-wide resilience strategy that also engages staff, stakeholders, customers, and suppliers.

By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts. Most boards now regard cybersecurity as a business risk rather than solely a technical IT problem, according to a recent Gartner survey. As a result, Gartner expects to see a shift in formal accountability for the treatment of cyber risks from the security leader to senior business leaders.

Continue Reading
Advertisement


Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.