Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/17/2014
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

FireLayers announces cloud application security gateway

Industry's first policy-based cloud application security gateway enables security, compliance and IT governance across all cloud applications by any user on any device

REDWOOD CITY, Calif. and HERZLIYA, Israel, September 17, 2014 – The shift to the cloud has been tectonic; however, the IT infrastructures of the last 20 years have not kept pace to adequately protect enterprise networks, data and transactions. Applications are moving to the cloud, so must the corporate security gateway. Enterprises need a cloud application security gateway.

FireLayers™ today announced its flagship solution, the FireLayers Cloud Application Security Gateway, the first of a series for enabling the secure and responsible adoption of cloud applications. This new cloud application security gateway sits between cloud apps and users, enabling enterprises to responsibly and securely leverage cloud applications like ADP, Google Apps, NetSuite, Office365, Salesforce, TribeHR, Workday and others, as well as customized and homegrown apps.

“Until now, CIOs and CISOs were forced into making the inadequate choice between blocking or allowing cloud apps,” said FireLayers co-founder and CEO, Yair Grindlinger. “IT teams and business leaders are becoming increasingly aware that cloud app security is a corporate problem, and that they need to be responsible for the security of how the application is used, the data and the users themselves. With FireLayers, they have the tools they need to enforce corporate policies that support their risk tolerance and compliance needs.”

FireLayers’ policy-based cloud application controls – an industry first – allow IT teams to define, deploy and enforce corporate security, compliance and governance policies across any device or application (popular, customized or homegrown) with near-zero performance impact. Furthermore, the FireLayers open architecture integrates with a host of tools for security (anti-x, malware, DLP, encryption and others) and monitoring (SIEM). The FireLayers gateway is the first solution to support the standards-based XACML protocol for interoperable access control, making it a solid foundation for a strategic cloud security program.

With cloud security now impacting corporate operation decisions at every level, it is mission critical for organizations to have centralized cloud control. In addition to providing deep visibility into cloud application usage, FireLayers protects against external attackers, account hijacking, malicious insiders, unauthorized access from BYOD, unintentional risky behavior and thousands of other risks inherent in using cloud apps.

“Cloud app providers like Salesforce, Google, Box, SuccessFactors and others provide excellent user experiences, meet demanding performance SLAs and secure data in their cloud. But their responsibility ends there. FireLayers closes that gap by giving IT teams a cloud application security gateway to control and secure all cloud application usage at a granular level,” said Doron Elgressy, FireLayers co-founder and president.

Available immediately, the FireLayers Cloud Application Security Gateway achieves a number of industry firsts:
-          Delivers granular policy-based rule enforcement and auditing down to the single command level
-          Uses the XAML standard to create and enforce policies so that user interactions can be identified in real time
-          Allows or denies individual sessions
-          Controls any command in any cloud app (popular, customized or homegrown) without depending on native APIs, extending security, compliance and IT governance capabilities
-          Provides pre-defined controls, rule sets and policies for a growing catalog of popular cloud applications; i.e., Box, Google Apps, Office365, NetSuite, Workday, Yammer and others
-          Integrates with best-of-breed cloud security (authentication, anti-malware, anti-x, DLP, encryption and others) and monitoring (SIEM) tools
-          Delivers near-zero latency and transparent operation for sustainable user productivity
-          Features device and session-based controls including: SSL/OS/browser versions, IP address control and session ID protection

“FireLayers has chosen to focus on application control and how it impacts security, compliance and governance. The company feels that this is the core of what the market is all about, and we agree,” wrote 451 Research Analyst Adrian Sanabria in a recent Market Impact Report. In a later Tweet, he added, “Their example to me: SaaS app you want doesn’t support two-factor authentication, a corporate requirement? Just add it! Blew my mind.”

About the FireLayers Cloud Application Security Gateway
The FireLayers Cloud Application Security Gateway gives enterprises confidence to securely extend their use of cloud resources. It provides the granular control IT teams need to responsibly adopt cloud applications and create safe zones for employees to work productively while protecting enterprise data, networks and financial transactions from hackers, external threats and accidental risky behavior by employees. The three components of the cloud application security gateway are:
-          FireLayers Control: the gateway’s foundation, which enforces context-aware IT security, compliance and governance policies across any application on any device by any user; delivers granular control; provides an intuitive policy manager that leverages pre-defined, customizable rule sets developed by FireLayers’ security analysts
-          FireLayers Respond: a 24/7 growing repository of proven, pre-defined policies for leading cloud apps, like Salesforce, NetSuite, Office365 and Google Apps, and research on emerging threats and common gaps; rapid incident response to actual and potential threats; a knowledge center featuring effective threat models and a growing expert community
-          FireLayers Analyze: this proprietary discovery tool delivers deep visibility and insights into cloud application usage; it maps the enterprise’s cloud application landscape and provides a real-time auditing tool and comprehensive logs that reach field-level attributes and provide immediately actionable controls; and dynamic operation reports include detailed user and usage information with drill down capabilities

The FireLayers Cloud Application Security Gateway inaugural solution will be followed by other innovative cloud security, compliance and IT governance tools that ensure secure and responsible cloud adoption. 

Resources

FireLayers Cloud Application Security Gateway Video

451 Research Impact Report: FireLayers answers a burning question: how to address the multi-layered CAC market?”

Secure 1 Cloud Application for 1 Year - FREE

About FireLayers
FireLayers enables companies to adopt the cloud responsibly, while ensuring security, compliance and governance of any cloud application on any device by any user. The FireLayers Cloud Application Security Gateway, our inaugural solution, is the industry’s first to leverage XACML-based granular policies to deliver full control over popular apps like Salesforce, Office365, SuccessFactors, NetSuite and endless others as well as customized and homegrown cloud applications. With our cloud application security gateway, enterprises gain new levels of security, visibility and control across their cloud application landscape.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19040
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
CVE-2019-19041
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.