Delinea | July 21, 2022
Delinea, a leading provider of privileged access management (PAM) solutions for seamless security, and Authomize, a leading provider of Cloud Identity and Access Security, today announced a strategic partnership to co-sell their products. When combined with available integrations, this robust solution provides consistent privileged access security across multiple cloud infrastructures and SaaS applications through a Zero Trust approach.
In their race to the cloud, organizations have lost critical visibility and control over their identity and access privileges to sensitive assets. This leaves them dependent upon a fragmented assortment of highly siloed controls that are poorly suited to provide the comprehensive security necessary to enforce least privilege across cloud environments. According to research from Authomize, less than 10% of privileged roles and 37% of admins are active based on a study of organizations between one and ten thousand employees. These unused privileges increase risks associated with privilege creep and excessive privileges that open the door to exploitation of credential abuse and exposure.
Authomize builds on its extensive capabilities and experience across cloud infrastructure environments to continuously secure the entire development stack. It achieves full-stack cloud access security by providing granular cross-stack visibility across Cloud Service Providers and developer-critical SaaS apps such as GitHub. Authomize tracks all identities, assets, and privileged access usage to provide comprehensive, actionable understanding of the cloud identity and the access layer that enables organizations to ensure security in every environment.
"Our partnership with Authomize furthers our commitment to ensure that our customers' cloud and SaaS environments remain secure by protecting sensitive cloud-native identities and entitlements, Authomize extends Delinea's privileged access management capabilities with even more visibility over privileges in cloud infrastructure and adds a critical layer of continuous security."
Ram Venkatachalam, Head of Strategy and Business Development at Delinea
Delinea and Authomize have partnered to create joint use cases which will enable organizations to gain better control over who can access cloud applications and services. By deploying both products together, organizations can securely store credentials while automating access governance, thus reducing credential theft and lateral movement in all cloud environments including Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), and more.
"We are excited to bring our full-stack CIEM, SaaS security, and Identity Threat Detection and Response (ITDR) capabilities to Delinea's industry-recognized privileged access management solution," said Dotan Bar Noy, CEO of Authomize. "This partnership with Delinea is the latest step in bringing a critical layer of security to our amazing, growing partner network, adding significant and needed value to Authomize and Delinea's joint customers."
Delinea's suite of modern PAM solutions provides the baseline of secure access to IaaS and SaaS environments, empowering organizations to securely manage their credentials and access throughout their cloud applications and services. Authomize delivers a protective layer of security for cloud identities that continuously monitors access, validating, alerting, and providing actionable insights to remediate risks and secure all applications and cloud services. Named by Gartner as a Cool Vendor for Identity-First Security, Authomize brings a range of capabilities for addressing identity and access security use cases, including its robust Cloud Infrastructure Entitlement Management (CIEM) solutions that are critical for securing access privileges in infrastructure services like Azure and AWS.
By using both products together, Delinea and Authomize customers gain the capability for just-enough and just-in-time access to cloud resources, resulting in an ideal cybersecurity posture with zero standing privileges that significantly reduces risk due to excess privileges.
Delinea is a leading provider of privileged access management (PAM) solutions that make security seamless for the modern, hybrid enterprise. Our solutions empower organizations to secure critical data, devices, code, and cloud infrastructure to help reduce risk, ensure compliance, and simplify security. Delinea removes complexity and defines the boundaries of access for thousands of customers worldwide. Our customers range from small businesses to the world's largest financial institutions, intelligence agencies, and critical infrastructure companies.
The first Cloud Identity and Access Security Platform, Authomize continuously monitors identities, access privileges, assets, and activities to secure apps and cloud services. Our full-stack yet granular visibility across IaaS, SaaS, and Data environments enables organizations to understand how their access privileges are being used and ensure effective control over the security of their assets. Backed by Innovation Endeavors, Blumberg Capital, Entrée Capital and Microsoft's M12, Authomize is headquartered in Tel Aviv and Austin. Learn more at www.authomize.com and follow us on Twitter and LinkedIn for news and updates.
Orca Security | September 14, 2022
Orca Security, the cloud security innovation leader, today released the 2022 State of the Public Cloud Security Report, which provides important insights into the current state of public cloud security and where the most critical security gaps are found. One of the report’s key findings is that the average attack path is only 3 steps away from a crown jewel asset*, which means an attacker only needs to find three connected and exploitable weaknesses in a cloud environment to exfiltrate data or hold an organization to ransom.
The report, compiled by the Orca Research Pod, includes key findings from analyzing cloud workload and configuration data captured from billions of cloud assets on AWS, Azure and Google Cloud scanned by the Orca Cloud Security Platform from January 1st until July 1st, 2022. The report identifies where critical security gaps are still being found and provides recommendations on what steps organizations can take to reduce their attack surface and improve cloud security postures.
“The security of the public cloud not only depends on cloud platforms providing a safe cloud infrastructure, but also very much on the state of an organization’s workloads, configurations and identities in the cloud, Our latest State of the Public Cloud Security report reveals that there is still much work to be done in this area, from unpatched vulnerabilities and overly permissive identities to storage assets being left wide open. It is important to remember, however, that organizations can never fix all risks in their environment. They simply don’t have the manpower to do this. Instead, organizations should work strategically and ensure that the risks that endanger the organization’s most critical assets are always addressed first.”
Avi Shua, CEO and co-founder, of Orca Security
Report Key Findings
The Orca Security 2022 State of the Public Cloud Security Report finds that:
Crown jewels are dangerously within reach: The average attack path only needs 3 steps to reach a crown jewel asset, which means an attacker only needs to find three connected and exploitable weaknesses in a cloud environment to exfiltrate data or hold an organization to ransom.
Vulnerabilities are the top initial attack vector: 78% of identified attack paths use known vulnerabilities (CVEs) as an initial access attack vector, highlighting that organizations need to prioritize vulnerability patching even more.
Basic security practices are not being followed: Many basic security measures such as Multi-Factor Authentication (MFA), least-privilege permissions, encryption, strong passwords, and port security are still not being applied consistently. For example, 42% granted administrative permissions to more than 50% of the organization's users, 71% use the default service account in Google Cloud, and 7% have Internet-facing neglected assets (i.e. unsupported operating system or unpatched for 180+ days) with open ports 80, 443, 8080, 22, 3389 or 5900.
Cloud-native services are being overlooked: Even though cloud-native services are easily spun up, they still require maintenance and proper configuration: 69% have at least one serverless function exposing secrets in the environment variable, 70% have a Kubernetes API server that is publicly accessible, and 16% of containers are in a neglected state (i.e. unsupported operating system or unpatched for 180+ days).
About Orca Security
Orca Security is the industry-leading agentless Cloud Security Platform that identifies, prioritizes, and remediates risks. Orca Security connects to your environment in minutes with patent-pending SideScanning technology to provide complete coverage across vulnerabilities, malware, misconfigurations, lateral movement risks, weak and leaked passwords, and overly permissive identities. Founded in 2019, Orca Security is trusted by hundreds of customers globally, including Databricks, Autodesk, NCR, Gannett, and Robinhood.
Spectro Cloud | September 30, 2022
Spectro Cloud, a leader in modern Kubernetes (K8s) management software, today announced a major new release of its Palette Edge platform.
Kubernetes at the edge has spurred the interest of businesses around the world as they seek to enhance competitiveness and agility. To date, however, K8s at the edge has failed to realize its true potential. Why? A study by Dimensional Research found 72% of Kubernetes users effectively said: “It’s too challenging to deploy and manage Kubernetes on edge devices.”
The Palette Edge platform, first launched in March 2022, earned Spectro Cloud recognition as a 2022 Gartner Cool Vendor in Edge Computing solves this problem, enabling organizations to re-define how cost-efficiently they can deploy and manage edge K8s clusters at scale, including at locations with small form factor devices, no on-site IT skills and marginal connectivity. Palette Edge delivers remote troubleshooting, zero-downtime rolling upgrades and patch management, even in single-server edge deployments, due to its unique A/B OS partition, multi-node failsafe design and support for both ARM and x86 architectures, including Intel’s Trusted Platform Module (TPM).
Palette Edge derives its functionality from Spectro Cloud’s core Palette platform, which enables organizations to consistently manage K8s clusters across their full lifecycle, across public clouds, virtualized or bare metal data centers, as well as edge locations. Through a unique extension of Cloud Native Computing Foundation (CNCF’s) Cluster API, Palette enables IT teams to model their full Kubernetes stacks from the OS to the application in a true declarative model, creating project-curated, reusable Cluster Profiles while providing a choice of operating systems, K8s distributions and tools from the broad K8s ecosystem. Palette is architected to scale, delivering centralized and automated management combined with decentralized orchestration and policy enforcement — together enabling a virtually infinite scale from few to tens of thousands of clusters.
Extending this core Palette foundation, Palette Edge today adds unique security, visibility and usability capabilities, setting a new industry standard for deploying and centrally managing edge K8s at scale, dramatically lowering total cost of ownership and risk for organizations of any size expanding to the edge. Palette Edge is purpose-built to support key industry use cases including Internet of Things device management and orchestration, data ingestion, streaming, analytics and AI inference.
“For us, edge is an enabler to help clinicians deliver better patient outcomes by deploying technology closer to the user,” said Vignesh Shetty, SVP & GM Edison AI and Platform at GE Healthcare Digital. “The need for a secure, cost-effective approach to manage Kubernetes at the edge at scale is more relevant than ever before.”
The new Palette Edge delivers on the key priorities for edge K8s users with:
Tamperproof security for Kubernetes at the edge: Spectro Cloud research found that security is the #1 concern when adopting edge Kubernetes.
Edge Kubernetes devices deployed in remote, unmonitored locations are particularly vulnerable to deliberate tampering and unintentional configuration drift, where their operating system, distribution and other software elements move out of compliance through ad hoc configuration changes.
Palette Edge now enables operations teams to build highly secure configurations for edge devices, including their preferred Kubernetes distribution and the underlying OS, which once deployed become immutable, read-only and unmodifiable by the application user, just like the firmware on a smartphone. The now-immutable stack also enables zero-downtime rolling upgrades, due to a failsafe deployment design.
Palette eXtended Kubernetes Edge (PXK-E): This new edge-optimized Kubernetes distribution version of Spectro Cloud’s CNCF-upstream Kubernetes distribution is available now to all Palette customers.
PXK-E incorporates Palette’s new immutability capability, along with NIST-800 security hardening. It is certified for more than 50 open source and commercial cloud native integrations and provides high availability and zero-downtime rolling upgrades even in single-server configurations.
With Palette Edge, businesses can choose the PXK-E distribution or Palette-optimized versions of any other K8s distribution, verified and supported by Spectro Cloud.
A powerful NOC-like dashboard: Now organizations scaling to thousands or tens of thousands of edge devices have the power to manage their fleet more easily and with greater control than ever before.
Palette Edge’s Network Operations Center-like (NOC) dashboard provides a highly intuitive user experience with live status for key events, plus advanced capabilities to filter, tag and drill down to clusters by location, status or other attribute. Importantly, operators can define powerful workflows for managing clusters, with almost infinite possibilities: for example, they can phase deployments of cluster updates by location for canary testing, or schedule patching to follow the sun.
Ultra-simple edge device onboarding: In edge Kubernetes projects, organizations can find the act of deploying new devices in remote locations incredibly problematic; often, costly field engineering truck rolls are needed.
Palette Edge makes it easy for non-specialist staff to quickly power up and onboard a new device into a managed cluster, using a variety of methods, such as through Palette Edge’s user interface, leveraging its open API, the Spectro Cloud Terraform provider, or by simply scanning a QR code on the edge device itself.
The features delivered in this new Palette Edge release reflect real customer requirements of K8s at the edge. To address them and also contribute to the broader cloud native community, Spectro Cloud is now leading a unique open source project which delivers failsafe immutability at the edge: Kairos. Version 1.0 of Kairos is now generally available with extended community support, and is free to download and use. For more information, visit www.kairos.io. This is another example demonstrating Spectro Cloud’s continued commitment to foster innovation as a member of the CNCF and Linux Foundation, contributing to major Kubernetes ecosystem projects such as Cluster API and the Cluster API Provider for Canonical MAAS.
These major new features are available today in Spectro Cloud’s Palette Edge edition and further position Palette as the first choice for organizations running Kubernetes at the edge at scale, enabling them to bring modern applications and data close to their end-users. Customers of Palette Edge are already realizing significant benefits by avoiding otherwise necessary field engineering visits at edge locations, which can result to up to 90% reduction in operational costs.
“A key use case for 5G Edge compute is mission critical, ultra-low latency, workloads. That means cyber-security is a foundational principle for Edge and not an afterthought. Spectro Cloud is delivering a customer solution for deploying modern apps to the Edge that can integrate readily into end-to-end Zero Trust architectures,” said Dr. Ken Urquhart, Global Vice-President, 5G at Zscaler.
“This brand new set of capabilities is making edge K8s locations as easy as a cloud for our customers, With a platform that can scale to tens of thousands of edge locations, requirements like security, resiliency and ease-of-use can be game changers, and this has been our focus in the latest release. At Spectro Cloud we are committed champions of the innovation coming out of the open source community, and we couldn’t be more excited to collaborate with some of the most interesting projects to deliver some of those new capabilities.”
Spectro Cloud co-founder and CEO Tenry Fu
About Spectro Cloud
Spectro Cloud uniquely enables organizations to deploy and manage Kubernetes in production, at scale. Its Palette enterprise Kubernetes management platform gives IT Operations and DevOps engineering teams effortless control of the full Kubernetes lifecycle even across multiple clouds, data centers, bare metal and edge environments. Ops teams are empowered to support their developers with curated Kubernetes stacks and tools based on their specific needs, with granular governance and enterprise-grade security.