Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

9/22/2014
12:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

FireLayers Enables Secure Cloud Application Usage

Industry's first policy-based cloud application security gateway enables security, compliance and IT governance across all cloud applications by any user on any device

REDWOOD CITY, Calif. and HERZLIYA, Israel, September 17, 2014 – The shift to the cloud has been tectonic; however, the IT infrastructures of the last 20 years have not kept pace to adequately protect enterprise networks, data and transactions. Applications are moving to the cloud, so must the corporate security gateway. Enterprises need a cloud application security gateway.

FireLayers™ today announced its flagship solution, the FireLayers Cloud Application Security Gateway, the first of a series for enabling the secure and responsible adoption of cloud applications. This new cloud application security gateway sits between cloud apps and users, enabling enterprises to responsibly and securely leverage cloud applications like ADP, Google Apps, NetSuite, Office365, Salesforce, TribeHR, Workday and others, as well as customized and homegrown apps.

“Until now, CIOs and CISOs were forced into making the inadequate choice between blocking or allowing cloud apps,” said FireLayers co-founder and CEO, Yair Grindlinger. “IT teams and business leaders are becoming increasingly aware that cloud app security is a corporate problem, and that they need to be responsible for the security of how the application is used, the data and the users themselves. With FireLayers, they have the tools they need to enforce corporate policies that support their risk tolerance and compliance needs.”

FireLayers’ policy-based cloud application controls – an industry first – allow IT teams to define, deploy and enforce corporate security, compliance and governance policies across any device or application (popular, customized or homegrown) with near-zero performance impact. Furthermore, the FireLayers open architecture integrates with a host of tools for security (anti-x, malware, DLP, encryption and others) and monitoring (SIEM). The FireLayers gateway is the first solution to support the standards-based XACML protocol for interoperable access control, making it a solid foundation for a strategic cloud security program.

With cloud security now impacting corporate operation decisions at every level, it is mission critical for organizations to have centralized cloud control. In addition to providing deep visibility into cloud application usage, FireLayers protects against external attackers, account hijacking, malicious insiders, unauthorized access from BYOD, unintentional risky behavior and thousands of other risks inherent in using cloud apps.

“Cloud app providers like Salesforce, Google, Box, SuccessFactors and others provide excellent user experiences, meet demanding performance SLAs and secure data in their cloud. But their responsibility ends there. FireLayers closes that gap by giving IT teams a cloud application security gateway to control and secure all cloud application usage at a granular level,” said Doron Elgressy, FireLayers co-founder and president.

Available immediately, the FireLayers Cloud Application Security Gateway achieves a number of industry firsts:

  • Delivers granular policy-based rule enforcement and auditing down to the single command level
  • Uses the XAML standard to create and enforce policies so that user interactions can be identified in real time
  • Allows or denies individual sessions
  • Controls any command in any cloud app (popular, customized or homegrown) without depending on native APIs, extending security, compliance and IT governance capabilities
  • Provides pre-defined controls, rule sets and policies for a growing catalog of popular cloud applications; i.e., Box, Google Apps, Office365, NetSuite, Workday, Yammer and others
  • Integrates with best-of-breed cloud security (authentication, anti-malware, anti-x, DLP, encryption and others) and monitoring (SIEM) tools
  • Delivers near-zero latency and transparent operation for sustainable user productivity
  • Features device and session-based controls including: SSL/OS/browser versions, IP address control and session ID protection

“FireLayers has chosen to focus on application control and how it impacts security, compliance and governance. The company feels that this is the core of what the market is all about, and we agree,” wrote 451 Research Analyst Adrian Sanabria in a recent Market Impact Report. In a later Tweet, he added, “Their example to me: SaaS app you want doesn’t support two-factor authentication, a corporate requirement? Just add it! Blew my mind.”

About the FireLayers Cloud Application Security Gateway
The FireLayers Cloud Application Security Gateway gives enterprises confidence to securely extend their use of cloud resources. It provides the granular control IT teams need to responsibly adopt cloud applications and create safe zones for employees to work productively while protecting enterprise data, networks and financial transactions from hackers, external threats and accidental risky behavior by employees. The three components of the cloud application security gateway are:

  • FireLayers Control: the gateway’s foundation, which enforces context-aware IT security, compliance and governance policies across any application on any device by any user; delivers granular control; provides an intuitive policy manager that leverages pre-defined, customizable rule sets developed by FireLayers’ security analysts
  • FireLayers Respond: a 24/7 growing repository of proven, pre-defined policies for leading cloud apps, like Salesforce, NetSuite, Office365 and Google Apps, and research on emerging threats and common gaps; rapid incident response to actual and potential threats; a knowledge center featuring effective threat models and a growing expert community
  • FireLayers Analyze: this proprietary discovery tool delivers deep visibility and insights into cloud application usage; it maps the enterprise’s cloud application landscape and provides a real-time auditing tool and comprehensive logs that reach field-level attributes and provide immediately actionable controls; and dynamic operation reports include detailed user and usage information with drill down capabilities

The FireLayers Cloud Application Security Gateway inaugural solution will be followed by other innovative cloud security, compliance and IT governance tools that ensure secure and responsible cloud adoption.

Resources

FireLayers Cloud Application Security Gateway Video

451 Research Impact Report: FireLayers answers a burning question: how to address the multi-layered CAC market?”

Secure 1 Cloud Application for 1 Year - FREE

About FireLayers
FireLayers enables companies to adopt the cloud responsibly, while ensuring security, compliance and governance of any cloud application on any device by any user. The FireLayers Cloud Application Security Gateway, our inaugural solution, is the industry’s first to leverage XACML-based granular policies to deliver full control over popular apps like Salesforce, Office365, SuccessFactors, NetSuite and endless others as well as customized and homegrown cloud applications. With our cloud application security gateway, enterprises gain new levels of security, visibility and control across their cloud application landscape.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...