Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

9/22/2014
12:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

FireLayers Enables Secure Cloud Application Usage

Industry's first policy-based cloud application security gateway enables security, compliance and IT governance across all cloud applications by any user on any device

REDWOOD CITY, Calif. and HERZLIYA, Israel, September 17, 2014 – The shift to the cloud has been tectonic; however, the IT infrastructures of the last 20 years have not kept pace to adequately protect enterprise networks, data and transactions. Applications are moving to the cloud, so must the corporate security gateway. Enterprises need a cloud application security gateway.

FireLayers™ today announced its flagship solution, the FireLayers Cloud Application Security Gateway, the first of a series for enabling the secure and responsible adoption of cloud applications. This new cloud application security gateway sits between cloud apps and users, enabling enterprises to responsibly and securely leverage cloud applications like ADP, Google Apps, NetSuite, Office365, Salesforce, TribeHR, Workday and others, as well as customized and homegrown apps.

“Until now, CIOs and CISOs were forced into making the inadequate choice between blocking or allowing cloud apps,” said FireLayers co-founder and CEO, Yair Grindlinger. “IT teams and business leaders are becoming increasingly aware that cloud app security is a corporate problem, and that they need to be responsible for the security of how the application is used, the data and the users themselves. With FireLayers, they have the tools they need to enforce corporate policies that support their risk tolerance and compliance needs.”

FireLayers’ policy-based cloud application controls – an industry first – allow IT teams to define, deploy and enforce corporate security, compliance and governance policies across any device or application (popular, customized or homegrown) with near-zero performance impact. Furthermore, the FireLayers open architecture integrates with a host of tools for security (anti-x, malware, DLP, encryption and others) and monitoring (SIEM). The FireLayers gateway is the first solution to support the standards-based XACML protocol for interoperable access control, making it a solid foundation for a strategic cloud security program.

With cloud security now impacting corporate operation decisions at every level, it is mission critical for organizations to have centralized cloud control. In addition to providing deep visibility into cloud application usage, FireLayers protects against external attackers, account hijacking, malicious insiders, unauthorized access from BYOD, unintentional risky behavior and thousands of other risks inherent in using cloud apps.

“Cloud app providers like Salesforce, Google, Box, SuccessFactors and others provide excellent user experiences, meet demanding performance SLAs and secure data in their cloud. But their responsibility ends there. FireLayers closes that gap by giving IT teams a cloud application security gateway to control and secure all cloud application usage at a granular level,” said Doron Elgressy, FireLayers co-founder and president.

Available immediately, the FireLayers Cloud Application Security Gateway achieves a number of industry firsts:

  • Delivers granular policy-based rule enforcement and auditing down to the single command level
  • Uses the XAML standard to create and enforce policies so that user interactions can be identified in real time
  • Allows or denies individual sessions
  • Controls any command in any cloud app (popular, customized or homegrown) without depending on native APIs, extending security, compliance and IT governance capabilities
  • Provides pre-defined controls, rule sets and policies for a growing catalog of popular cloud applications; i.e., Box, Google Apps, Office365, NetSuite, Workday, Yammer and others
  • Integrates with best-of-breed cloud security (authentication, anti-malware, anti-x, DLP, encryption and others) and monitoring (SIEM) tools
  • Delivers near-zero latency and transparent operation for sustainable user productivity
  • Features device and session-based controls including: SSL/OS/browser versions, IP address control and session ID protection

“FireLayers has chosen to focus on application control and how it impacts security, compliance and governance. The company feels that this is the core of what the market is all about, and we agree,” wrote 451 Research Analyst Adrian Sanabria in a recent Market Impact Report. In a later Tweet, he added, “Their example to me: SaaS app you want doesn’t support two-factor authentication, a corporate requirement? Just add it! Blew my mind.”

About the FireLayers Cloud Application Security Gateway
The FireLayers Cloud Application Security Gateway gives enterprises confidence to securely extend their use of cloud resources. It provides the granular control IT teams need to responsibly adopt cloud applications and create safe zones for employees to work productively while protecting enterprise data, networks and financial transactions from hackers, external threats and accidental risky behavior by employees. The three components of the cloud application security gateway are:

  • FireLayers Control: the gateway’s foundation, which enforces context-aware IT security, compliance and governance policies across any application on any device by any user; delivers granular control; provides an intuitive policy manager that leverages pre-defined, customizable rule sets developed by FireLayers’ security analysts
  • FireLayers Respond: a 24/7 growing repository of proven, pre-defined policies for leading cloud apps, like Salesforce, NetSuite, Office365 and Google Apps, and research on emerging threats and common gaps; rapid incident response to actual and potential threats; a knowledge center featuring effective threat models and a growing expert community
  • FireLayers Analyze: this proprietary discovery tool delivers deep visibility and insights into cloud application usage; it maps the enterprise’s cloud application landscape and provides a real-time auditing tool and comprehensive logs that reach field-level attributes and provide immediately actionable controls; and dynamic operation reports include detailed user and usage information with drill down capabilities

The FireLayers Cloud Application Security Gateway inaugural solution will be followed by other innovative cloud security, compliance and IT governance tools that ensure secure and responsible cloud adoption.

Resources

FireLayers Cloud Application Security Gateway Video

451 Research Impact Report: FireLayers answers a burning question: how to address the multi-layered CAC market?”

Secure 1 Cloud Application for 1 Year - FREE

About FireLayers
FireLayers enables companies to adopt the cloud responsibly, while ensuring security, compliance and governance of any cloud application on any device by any user. The FireLayers Cloud Application Security Gateway, our inaugural solution, is the industry’s first to leverage XACML-based granular policies to deliver full control over popular apps like Salesforce, Office365, SuccessFactors, NetSuite and endless others as well as customized and homegrown cloud applications. With our cloud application security gateway, enterprises gain new levels of security, visibility and control across their cloud application landscape.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15001
PUBLISHED: 2020-07-09
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when u...
CVE-2020-15092
PUBLISHED: 2020-07-09
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most T...
CVE-2020-15093
PUBLISHED: 2020-07-09
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A ...
CVE-2020-15299
PUBLISHED: 2020-07-09
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is execu...
CVE-2020-4173
PUBLISHED: 2020-07-09
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure l...