TechRepublic | March 02, 2020
Enterprises across every industry now have little choice but to incorporate technology into their organizations, using software to solve a litany of business problems that routinely plague employees and customers alike. Over the past few years, low-code platforms have become an easy way for non-tech companies to build simple apps and programs that address business pain points and help less tech-savvy employees improve their skills. "Low-code or no-code platforms are a powerful business enabler that solves a pertinent problem for SMBs and enterprises alike: How to automate various business processes/workflows without depending on software developer resources," said Sachin Gupta, CEO of HackerEarth.
TechRepublic | February 26, 2020
For its 2020 Call for Code Global Challenge, IBM has partnered with United Nations Human Rights and the Linux Foundation to invite software developers and innovators worldwide to help fight climate change with open source powered technology . "IBM has a long history of taking on the world's biggest challenges and we cannot think of a greater one today than climate change ," said IBM's Daniel Krook, chief technology officer for IBM's Call for Code. "We've stated for more than a decade that climate change is a serious concern that warrants meaningful action on a global basis to stabilize the atmospheric concentration of greenhouse gases," Krook said. "All sectors of society, the economy and governments worldwide must participate in solutions to address climate change."
Google | February 25, 2020
The RSA conference 2020 held in San Francisco is one of the leading events for information security vendors to announce their new product offerings.
Along with some other security vendors, Google Cloud introduced threat detection and timeline capabilities in Chronicle.
The company also launched reCaptcha Enterprise and Web Risk API in general availability.
RSA conference 2020 kicked off on 24 February 2020 in San Francisco with nearly 700 exhibitors and more than 40,000 attendees expected to gather at the Moscone center for the event. On the first day of the event, Google has made a number of security announcements including, upgrades to its Chronicle Security platform and the general release of its reCAPTCHA Enterprise and Web Risk API tools.
In January 2018, Google parent Alphabet formed enterprise security company Chronicle, betting on machine learning’s ability to analyze massive amounts of data, detecting cyber threats more quickly and precisely than traditional methods. But in June 2019, Google Cloud swallowed Chronicle.
“The important thing to realize is we’re in this for the long haul. Our backstory platform is the first of what will be many offerings and capabilities over time.”
Stephen Gillett, CEO, Chronicle Security.
Learn more: Chronicle launches backstory security data platform
Google is hoping to use Chronicle to woo enterprise customers over to its cloud services, away from market leaders Amazon Web Services and Microsoft Azure. This is the first major update to Chronicle since the “merger” closed on October 1.
"Cloud security is a top enterprise IT a priority as organizations modernize their critical business systems both in-place and in the cloud."
Sunil Potti, VP of Google Cloud security.
Chronicle: Advanced threat detection and timelines
Chronicle launched its security analytics platform last year to help businesses investigate alerts and threats. The platform is now getting YARA-L, a new rule language built specifically for real-time and retroactive rule execution, including modern threat types described in Mitre ATT&CK. YARA-L is a callback to YARA, a language created by VirusTotal engineers to classify malware samples. (Google acquired VirusTotal in September 2012.)
Chronicle has also gained intelligent data fusion, a combination of a new data model and the ability to automatically link multiple events into a single timeline. Google will be partnering with other companies here to integrate with this new data structure for an “even more powerful threat response.” So far, the company only has one partner, the security operations platform Palo Alto Networks.
reCaptcha Enterprise and Web Risk API
The general availability of reCaptcha Enterprise and Web Risk API signals they are production-ready and can be purchased separately. Both are based on Google security technologies “that have been protecting users on the web for more than a decade.”
Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a series of challenge-response questions designed to prevent bots from bombarding web sign-up forms with spam. Google’s freely available service — reCaptcha — displays as many as 100 million tests every day via its application programming interface (API). Building on reCaptcha, reCaptcha Enterprise arrived as a beta in April 2019 to defend websites against fraudulent activity like scraping, credential stuffing, and automated account creation. reCaptcha Enterprise recently gained commercial-grade bot defense capabilities to help ensure that a login attempt is being made by a legitimate user and not a bot. Google Nest uses reCaptcha Enterprise to help prevent automated attacks by actors seeking to obtain unauthorized access to accounts and devices.
Google’s Safe Browsing service protects over 4 billion devices by providing lists of URLs that contain malware or phishing content to Chrome, Firefox, and Safari browsers, as well as to internet service providers (ISPs). The Web Risk API lets businesses have their client applications check URLs against these lists of unsafe web resources. Google says the API has information on more than a million unsafe URLs, based on examining billions of URLs each day in Google Safe Browsing.
At the event, another security vendors also announced their product launches and updates. Like Cisco unveiled SecureX, a new cloud-native security platform designed to improve visibility, deliver analytics, and automate common security workflows. In addition to unifying existing security products, Cisco told SecurityWeek, the new platform adds an action orchestrator to “build automated playbooks to accelerate workflows such as threat investigation and remediation, as well as enable better collaboration amongst SecOps teams as well as IT and NetOps teams.”
Fortinet announced FortiAI, a new on-premises appliance that leverages self-learning Deep Neural Networks (DNN) to speed threat remediation and handle time consuming manual security analyst tasks.
Learn more: Fortinet introduced FortiGate Next-Generation Firewalls
Checkmarx announced a new orchestration module (CxFlow) for its software security platform that integrates with application release orchestration and agile planning tools. CxFlow will help organizations improve the security of their software without interrupting developer workflows, the company says, noting that enhancements to its platform will provide more seamless implementation and automation of application security testing (AST) in development and DevOps environments.
CyberArk announced enhancements to its Endpoint Privilege Manager that provide privilege-based deception capabilities designed to defend against credential theft on workstations and servers and help defenders to quickly detect and proactively shut down in-progress attacks.