We have a Security Industry Briefings Update, where we talk about 42Crunch, Viridium, Whitecanyon, and Eclypsium!
- 42Crunch – API security is a big deal. Why? Here is one reason: it is really easy to leave out security in order to get it working. The authentication part is a real pain. However, 42Crunch makes it easy. They integrate with the CI/CD pipeline and make it super easy for developers to write reliable and secure code for the API. They allow your QA teams to test against real-world security problems and make it easy to remediate. Their database of API issues is extensive. They also include the ability to audit and test APIs in production to make sure controls are in place, and if not temporarily protect your API from attacks! Great comprehensive security and controls for all of your APIs that will not require your devs to be security experts.
- Viridium – Aiming to get rid of the password. They use biometrics from your phone plus a unique key stored on your phone to complete the authentication. So, you have to have your phone and you have to pass some type of biometric. If you have a phone without biometrics they patented a way to take a picture of your fingers and do fingerprint comparison. All SAML based and pretty easy to integrate. They also have some motion-based detection, e.g. if someone takes your phone and holds it or moves it differently, it can require another factor of authentication.
- Whitecanyon – What do you do with your old computer equipment? Sure, there are ways to destroy it or wipe it, but how do you know it’s been wiped? Whitecanyon provides great software to wipe all of your computers, drives, and devices. Then they provide a log of what has been wiped. Here’s the thing: This is a cost saving. Rather than destroy equipment, now you can re-sell it or donate it and get a tax write-off. Storing it is expensive. Disposing of it is expensive. The cost of a breach is also expensive (e.g. a pawn shop got a hold of the Mayor’s old laptop and discovered bad things).
- Eclypsium – How many enterprises listening can keep track of all the firmware systems on your Windows, Linux or OS X based systems? Firmware is not limited to just the UEFI or BIOS, but exists in your network cards, video cards, remote monitoring, etc… Most do not have visibility into these systems. Recent trends are showing that attackers are planting malware in these subsystems and using it for persistence. Eclypsium can put a temporary or perminant agent on your systems that will:
- Detect all of the firmware systems and their version
- Indicate which firmware needs to be updated
- Tell you which ones are vulnerable and to what
- Detect if there is malware already installed
Full Show Notes
Visit https://securityweekly.com/esw for all the latest episodes!
Gloss