HYPER-CONVERGED INFRASTRUCTURE, APPLICATION INFRASTRUCTURE, IT SYSTEMS MANAGEMENT
Imperva | October 14, 2022
Imperva, Inc., a cybersecurity leader whose mission is to protect data and all paths to it, announces that Imperva is extending its award-winning, hybrid data security platform to Oracle Cloud Infrastructure (OCI) to help customers simplify migration, and automate compliance monitoring of cloud data instances. Imperva Data Security Fabric (DSF) has achieved Powered by Oracle Cloud Expertise status and is now available on Oracle Cloud Marketplace, offering added value to Oracle Cloud customers.
Imperva DSF provides unified data-centric security controls across the entire data estate offering scalability and simpler infrastructure. Through a single interface, Imperva Data Security Fabric helps discover and protect sensitive data types, including structured, semi-structured, and unstructured data, as enterprise customers migrate from globally dispersed data centers to Oracle Cloud Infrastructure. In addition, Imperva DSF supports several Oracle Database versions including Oracle Database 19c, and Oracle Database 21c, as well as Oracle Autonomous Transaction Processing (ATP) and Oracle Autonomous Data Warehouse (ADW). Imperva is also a member of Oracle Partner Network (OPN).
“The cloud represents a huge opportunity for our partner community," said David Hicks, group vice president, Worldwide ISV Cloud Business Development, Oracle. "Imperva’s commitment to innovation with Oracle Cloud along with knowledgeable execution can help our mutual customers deploy cloud-enabled cybersecurity solutions optimized to meet critical business needs.”
“Improving the customer experience is a top business priority driving digital transformation. With customers becoming more attuned to the value of their data and the risks present as a result, organizations need to consider security and data protection as part of this transformation,” said Jennifer Glenn, Research Director for the IDC Security and Trust Group. “For Oracle customers considering moving to Oracle Cloud Infrastructure, Imperva Data Security Fabric can provide visibility and automation across each environment, helping protect critical data at each stage of the migration.”
“Imperva and Oracle have collaborated for years, helping mutual customers monitor and secure their sensitive data,” says Dan Neault, SVP and GM, Data Security, Imperva. “We are excited to share that we have extended our platform to customers migrating their data to OCI with Imperva Data Security Fabric, now available in the Oracle Cloud marketplace.”
Security complexity has hindered cloud agility
The cloud has revolutionized IT, offering organizations a strategic accelerator to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges and opportunities. However, uncertainty about how best to overcome security risks and ensure regulatory compliance has slowed cloud adoption historically.
Significant differences between on-premises and cloud database environments have led organizations to try extending traditional database security tools to their cloud environments. Often they encounter unavoidable limitations, from the technical impossibility of installing agents on database as a service (DBaaS) deployments, to the practical limitations of directing all cloud database traffic through a proxy service. This has resulted in organizations using a patchwork of individual tools. This approach raises the likelihood of human error, unnecessarily increasing the risk of a breach or compliance failure.
Automation for many data security and regulatory compliance tasks reduces, and in some cases, may eliminate the burden placed on data security teams to manually keep compliance updates, records, and audit trails. Imperva DSF can help save time and reduce the cost of securing data by unifying security tasks including data activity monitoring, sensitive data discovery, classification, compliance, risk analytics, and threat detection.
Powered by Oracle Cloud, Imperva DSF provides information security leaders with an approach for enabling security, compliance and governance outcomes. Security teams can benefit by simplifying the protection of the organization’s diverse data ecosystem, with single-pane-of-glass administration, integration with other IT security investments, and broad database coverage.
About Powered by Oracle Cloud Expertise
Powered by Oracle Cloud Expertise recognizes OPN members with solutions that run on Oracle Cloud. For partners earning the Powered by Oracle Cloud Expertise, this achievement offers customers confidence that the partner's application is supported by the Oracle Cloud Infrastructure SLA, enabling full access and control over their cloud infrastructure services as well as consistent performance.
Imperva is the comprehensive digital security leader on a mission to help organizations protect their data and all paths to it. Only Imperva protects all digital experiences, from business logic to APIs, microservices, and the data layer, and from vulnerable, legacy environments to cloud-first organizations. Customers around the world trust Imperva to protect their applications, data, and websites from cyber attacks. With an integrated approach combining edge, application security, and data security, Imperva protects companies ranging from cloud-native start-ups to global multi-nationals with hybrid infrastructure. Imperva Threat Research and our global intelligence community keep Imperva ahead of the threat landscape and seamlessly integrate the latest security, privacy, and compliance expertise into our solutions.
About Oracle PartnerNetwork
Oracle PartnerNetwork (OPN) is Oracle’s partner program designed to enable partners to accelerate the transition to cloud and drive superior customer business outcomes. The OPN program allows partners to engage with Oracle through track(s) aligned to how they go to market: Cloud Build for partners that provide products or services built on or integrated with Oracle Cloud; Cloud Sell for partners that resell Oracle Cloud technology; Cloud Service for partners that implement, deploy and manage Oracle Cloud Services; and License & Hardware for partners that build, service or sell Oracle software licenses or hardware products. Customers can expedite their business objectives with OPN partners who have achieved Expertise in a product family or cloud service.
HYPER-CONVERGED INFRASTRUCTURE,APPLICATION INFRASTRUCTURE,STORAGE MANAGEMENT
Wallarm | November 14, 2022
Wallarm, the end-to-end API security company, today released its Q3 API ThreatStats™ Report, which provides deep analysis into all published API vulnerabilities and exploits for the quarter. The Wallarm research team dissected the data from a variety of perspectives, including software type, vendor, CVSS scores, CWEs and both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019). The team also examined publicly disclosed exploit POCs to determine where the risk lies.
The initial analysis indicated that API vulnerabilities and the impacted vendors were leveling off from the significant increase reported in the Q2 API Vulnerability Report, with minimal to no change. Vulnerabilities and vendors impacted experienced a 16% increase, while high to critical rated vulnerabilities remained steady at 57% total.
However, deeper analysis revealed three key findings, which may have costly implications on an organization’s API security program:
Infrastructure. A vast majority of the most impactful vulnerabilities analyzed in Q3 impacted DevOps tools and infrastructure, resulting in a shift of an organization’s security focus.
Injections. While the OWASP Top-10 Injection categories (A03:2021 for web apps and API8:2019 for APIs) top the charts at over 33% of all CVEs analyzed, further inspection reveals many, many variations, which will require extra effort to remediate.
Exploits. A surprising finding was that the average gap between CVE and exploit POC publication was zero days, which greatly impacts a mitigation timeline.
“Almost everyone involved in the API economy, from CISOs and their security teams to DevOps teams and beyond, are talking about API Security this year. However, only a few vendors can explain what it really means, and how to measure and calculate the risks and impact when things go badly. “Wallarm has been committed to tracking and analyzing API vulnerabilities and exploits, and sharing this with the community via our API ThreatStats reports. This Q3-2022 report is the third in a row, and we clearly see a chilling trend in the number, severity and focus of API vulnerabilities and exploits. No joke: the top 10 API issues we're seeing affect core DevOps and PaaS products, such as Kubernetes, Rancher, GitLab, HashiCorp, and several others.”
Ivan Novikov, CEO & co-founder of Wallarm
For more highlights from the final report, please see the Q3-2022 API ThreatStats™ Report executive summary. To learn more, register for Wallarm’s webinar on Thursday, November 10 at 11 AM PT where the research team will present all of its findings.
Wallarm end-to-end API security products provide robust protection for APIs, web applications, microservices, and serverless workloads running in cloud-native environments. Hundreds of Security and DevOps teams choose Wallarm to get unique visibility into malicious traffic, robust protection across their whole API portfolio, and automated incident response for better risk management. The company is committed to supporting modern tech stacks, offering dozens of deployment options in cloud and Kubernetes-based environments, and also provides a full cloud solution. Wallarm is headquartered in San Francisco, California, and is backed by Toba Capital, Y Сombinator, Partech, and other investors.
APPLICATION INFRASTRUCTURE, DATA STORAGE, IT SYSTEMS MANAGEMENT
IronNet, Inc. | September 30, 2022
IronNet, Inc., an innovative leader Transforming Cybersecurity Through Collective DefenseSM, has launched IronRadarSM, a new solution designed to proactively and automatically update customers’ cybersecurity tools with malicious indicators for adversary infrastructure.
Developed by IronNet’s team of elite threat hunters, IronRadar uses an innovative process that fingerprints a server and determines whether it is a command and control (C2) server while those servers are being stood up, even before a cyber attack is initiated. IronRadar enriches the data creating purpose-built intelligence updates for proactively blocking adversarial infrastructure, and was observed to have 98% accuracy over six months of testing.
“We know that Cobalt Strike and other open-source tools provide the framework for legitimate ‘red team’ activities. “Unfortunately, open-source tools are being used by advanced persistent threat groups to gain access to systems, establish C2, and launch attacks. Thanks to our innovative and dedicated CyOC team, IronRadar can identify threats as new adversarial infrastructure servers appear and before they can be used in sophisticated cyber attacks.”
Don Closser, Chief Product Officer of IronNet
IronRadar is now available for all networks beyond the IronNet Collective DefenseSM platform community as an annual subscription – sold directly from the Amazon Web Services (AWS) Marketplace makes it cost effective and easy to buy and scale. Once installed, customers can easily upgrade to join the Collective Defense community at any time.
“Detecting weaponized C2 servers before they connect to a network and inflict damage like ransomware and eCrimes is a daunting challenge for all organizations,” said Christopher Kissel, Research Vice President of Security and Trust Products, at IDC. “The launch of the purpose-built threat intelligence feed from IronNet is a game changer because it proactively blocks known, new, and unreported C2 infrastructures.”
IronRadar is the only existing automated threat intelligence feed developed specifically to combat C2 behavior. This easy-to-use tool enables a customer’s SOC to:
Actively block known C2 and emerging threat C2 IoCs.
Integrate real-time threat intelligence into any security solution – SIEM, SOAR, Incident Response, and more.
Accelerate threat response by exposing the adversaries and evolving tradecraft targeting infrastructure.
IronRadar integrates seamlessly with the IronNet Collective Defense platform, powered by AWS, which is the only solution that can identify anomalous behaviors and deliver actionable attack intelligence to all the other participants in the IronNet community. The Collective Defense platform serves as an early warning system for all participating companies and organizations, strengthening network security through correlated alerts, automated triage, and extended hunt support.
About IronNet, Inc.
Founded in 2014 by GEN Keith Alexander, IronNet, Inc. is a global cybersecurity leader that is transforming how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing a number of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today.