High-Tech Bridge partners with Fortinet to accelerate DevSecOps and CI/CD for web applications

Joint solution enables seamless vulnerability detection, prioritization and agile virtual patching for web applications, web services and APIs.

Gartner forecasts fast growth in the security testing market due to continued data breaches and growing demands for application security testing as part of DevOps.

To enable simple, cost-effective, agile and reliable application security testing and risk-based remediation, High-Tech Bridge has partnered with Fortinet to deliver a solution tailored for DevSecOps and CI/CD facilitation. The partnership enables organizations to remediate web application vulnerabilities within minutes and at no additional costs, including security flaws affecting REST/SOAP APIs and Single Page Applications.

High-Tech Bridge’s ImmuniWeb® AI Platform leverages Machine Learning and AI for intelligent automation and acceleration of application security testing. Complemented by scalable and cost-effective manual testing, it detects the most sophisticated vulnerabilities and comes with a zero false-positives SLA. ImmuniWeb’s groundbreaking virtual application technology enables its customers to test both internal and external web applications and leverage award-winning IAST technology.

Fortinet’s FortiWeb Web Application Firewall provides advanced features that defend web applications from known and zero-day threats. Using an advanced multi-layered and correlated approach, FortiWeb provides complete security for your external and internal web-based applications from the OWASP Top 10 and many other threats. At the heart of FortiWeb are its dual-layer AI-based detection engines that intelligently detect threats with nearly no false positive detections.

Once ImmuniWeb AI audit results are imported to FortiWeb, then FortiWeb virtual patching automatically creates new WAF rulesets to protect against newly discovered vulnerabilities and weaknesses.

The joint solution eliminates the perilous gap when a newly detected security flaws remain unaddressed and exploitable. It thereby enables web developers to properly test and deploy a security patch without exposing their enterprise to the risk of data breach.

Modern organizations face a continuously growing landscape of security tasks of an increasing sophistication. The challenge is exacerbated by global cybersecurity skills shortage and the large number of different security products required to enable continuous security monitoring, risk-based remediation and cyber resilience,” said Ilia Kolochenko, CEO and Founder of High-Tech Bridge. “At High-Tech Bridge, we are excited to join our efforts with global cybersecurity leader Fortinet to deliver a turnkey application security solution. Our research in AI and Machine Learning technology offers unprecedented accuracy, speed and reliability to our clientele. The joint solution is, however, a mere beginning of our partnership journey aimed to bring sustainable and long-term value to the customers and to the application security market as whole. Please stay tuned.

The Fortinet Security Fabric’s open architecture, APIs (Application Programming Interfaces) and ease of integration with complementary technologies from our alliance partners enable highly effective security solutions to address customer needs,” said Neil Prasad, Senior Director of Product Marketing and Global Technology Alliances at Fortinet. “We welcome High-Tech Bridge in our Fortinet technology alliance partner program and ecosystem, and look forward to our collaboration to provide a more secure future for all our customers.

Additional Resources

High-Tech Bridge named Innovator by SC Media Reboot 18

ImmuniWeb® AI is selected in the “Analysis and Testing” category of the most innovative cybersecurity companies of the year.

Every year the SC Media Innovators edition highlights technologies that stand out from the crowd and show great promise for the future and the 2018 list of honorees is no different. The SC Labs Review Team is proud to present the 18 vendors being honored, as well as, the six members of much-anticipated class of 2018 Hall of Fame inductees.

For the three consecutive years, High-Tech Bridge’s ImmuniWeb® AI is named for the globally recognized SC Media Innovators award, based on meticulous review and selection process.

Rob Cote, program director at SC Lab highlighted practical usage of AI and Machine Learning capacities for most comprehensive application security vulnerability coverage and a zero false-positives SLA for every customer. Ilia Kolochenko, High-Tech Bridge’ CEO and Founder, says:

We are delighted and honored to be selected for this prestigious award. SC Media is one of the oldest and the most respected brands in the industry, and this award means a lot for us. It is a great validation of our efforts and commitment to continuously innovate and deliver excellence to our customers. We have many more exciting announcements for 2019, please stay tuned.

Full SC Media Innovators e-Book is available here.

Source: High-Tech Bridge

IDC names High-Tech Bridge a Mobile App Security Testing Innovator

Pioneering Machine Learning and AI vulnerability detection technology combined with a zero false-positive SLA of ImmuniWeb® MobileSuite are recognized by IDC.

High-Tech Bridge is delighted to be selected as an IDC Innovator on the emerging Mobile Application Security Testing (MAST) market in a recent research “IDC Innovators: Mobile App Security Testing, 2018”.

IDC Innovators are vendors “that have demonstrated either a groundbreaking business model or an innovative new technology — or both”.

Organizations are pressed for time, resources, and money but simply cannot cut corners when it comes to mobile app testing,” says Denise Lund, research director, Enterprise Mobility at IDC. “Vendors will go far with buyers if they have proven that their use of machine intelligence reduces false positives in the identification of mobile app vulnerabilities or discovers unusual vulnerabilities before these wreak havoc on employees, businesses, and brands in the market.

High-Tech Bridge’s ImmuniWeb® AI Platform offers ImmuniWeb MobileSuite to test iOS and Android mobile applications and their backend for security, privacy and compliance issues. Our award-winning dynamic (DAST), static (SAST) and interactive (IAST) mobile application security testing technology leverages Machine Learning and AI for acceleration and intelligent automation of vulnerability detection. While scalable and cost-effective manual enhancement of testing process ensures detection of the most sophisticated vulnerabilities and offers a zero false-positives SLA to every customer.

We are delighted to see such a solid validation of our research and innovation on the application security market by one of the most reputable research companies” says Ilia Kolochenko, High-Tech Bridge’s CEO and Founder. “At High-Tech Bridge, we are committed to innovate and deliver value to our customers by solving real problems they have in a cost-effective manner. We believe that effective application security should be simple, holistic and risk-based. ImmuniWeb MobileSuite embodies all of these principles.

IDC is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,100 analysts worldwide, IDC offers global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries.

Source: High-Tech Bridge

British Airways Apologizes after 380,000 Customers hit in Cyber Attack

  • BA says contacted customers as soon as possible

  • Details of 380,000 card payments compromised

  • BA says attack was ‘very sophisticated’.

     

London (Reuters): British Airways was forced to apologise on Friday after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the worst ever attack on its website and app.

The airline discovered on Wednesday that bookings made between 21 August and 5 September had been infiltrated in a “very sophisticated, malicious criminal” attack, BA Chairman and Chief Executive Alex Cruz said. It immediately contacted customers when the extent of the breach became clear.

Around 380,000 card payments were compromised, the airline said, with hackers obtaining names, street and email addresses, credit card numbers, expiry dates and security codes – sufficient information to steal from accounts.

The attack came 15 months after the carrier suffered a massive computer system failure at London’s Heathrow airport, which stranded 75,000 customers over a holiday weekend.

Cruz said the carrier was “deeply sorry” for the disruption caused by the sophisticated crime, which was unprecedented in the more than 20 years that BA had operated online.

He said the attackers had not broken the airline’s encryption but did not explain exactly how they had obtained the customer information.

“There were other methods, very sophisticated efforts, by criminals in obtaining the data,” he told BBC radio. “It was having access to our systems in an illicit way, it was very sophisticated.”

 

British Airways informed customers affected by the attack on Thursday, Cruz said. It advised them to contact their bank or credit card provider and follow their recommended advice. It also took out ads in national newspapers on Friday.

Cruz said anyone who lost out financially would be compensated by the airline.

“The moment we found out that actual customer data had been compromised that’s when we began an all-out immediate communication to our customers, that was the priority,” he said.

Data security expert Trevor Reschke said that like any website which sees large volumes of card transactions, British Airways was a ripe target for hackers.

“It is now a race between British Airways and the criminal underground,” said Reschke, head of threat intelligence at Trusted Knight. “One will be figuring out which cards have been compromised and alerting victims, whilst the other will be trying to abuse them while they are still fresh.”

IAG said the data breach had been resolved and the website was working normally, and that no travel or passport details were stolen.

The airline had launched an investigation and notified police and other relevant authorities.

Play Video

Germany Concerned about possible ‘SLEEPER’ Cyber Sabotage

President of Germany's Federal Office for the Protection of the Constitution Hans-Georg Maassen attends a news conference in
Berlin, Germany – REUTERS

Berlin (Reuters): A growing number of countries can hack into private computer networks and install malicious software to sabotage another country’s infrastructure, Germany’s domestic spy chief said last week.

China, Russia and other countries continued to try to break into German companies’ computers to steal industrial information, Hans-Georg Maassen, head of the BfV domestic intelligence agency, told a security conference.

But intelligence officials are increasingly worried about so-called “cyber bombs” that could be planted in the network of an unsuspecting company and detonated later.

“In the case of China, Russia, we clearly see measures like espionage, but it could also be sabotage with the goal of attacking companies in Germany – infrastructure firms in the widest sense – at some future point,” Maassen said. “That is a scenario that we view with concern.”

Cyber experts warn that Germany – with its high level of technology expertise – is a particularly attractive target for cyber attackers of all kinds, including state actors.

A company could be oblivious to a cyber-attack that had been used to plant malware, Maassen said. Such a “cyber bomb” could then shut down power networks, for example, perhaps during a time of geopolitical tension.

He said such attacks could come from a range of countries. In its annual report, the agency cited rapid strides in Iran’s cyber capabilities, although it did not specifically spell out concerns about such sleeper attacks.

 

Germany is worried that China is also trying to gain dominant positions in technology sectors by taking stakes in the German firms, Maassen said.

“That is a political project on which the government is spending a lot of money, not just to invest, but to buy information for its own technical progress, or to gain a position in specific areas that will make it impossible for others to continue developments there,” he said.

Torsten Becker, managing director of BOGEN Electronic, a German robotics supplier that also sells to China, said his firm had rebuffed repeated takeover attempts by Chinese firms, and had also seen its products duplicated in the Chinese market.

BOGEN had stopped hiring Chinese engineers or interns, and was taking increased measures to protect its know-how, but Becker said Chinese rivals benefited from government support that gave them advantages in the global market.

Burkhard Even, who heads the BfV’s counterespionage unit, told the conference the amount of know-how ceded to Chinese through takeovers in the past two years already exceeded the damage from espionage.

He said there was “a very clear connection” between cyber-attacks and takeover bids, with many companies often targeted in cyber-attacks before any M&A activity.

Germany and other European Union states are overhauling their investment rules to protect sensitive technologies from Chinese takeovers. In December, the BfV also warned about efforts by China to use fake LinkedIn accounts to recruit German business executives and researchers as spies.

Source: DailyFT

 

Indian Co-Operative Bank Loses $13.5m in Cyber Attack

MUMBAI (Reuters): Cybercriminals hacked the systems of India’s Cosmos Bank and siphoned off nearly 944 million rupees ($13.5 million) through simultaneous withdrawals across 28 countries over the weekend, the bank has told police.

SWIFT, whose messaging system is used to transfer trillions of dollars a day, said it did not comment on individual cases.

Cosmos Bank, based in the western city of Pune, said in a press statement that its main banking software receives debit card payment requests via a “switching system” but it was bypassed in the attack.

The co-operative bank said unidentified hackers stole customer information through a malware attack on its automated teller machine (ATM) server, withdrawing 805 million rupees in 14,849 transactions in just over two hours on Aug. 11, mainly overseas.

Apart from the ATM withdrawals, the hackers transferred 139 million rupees to a Hong Kong-based company’s account by issuing three unauthorized transactions over the SWIFT global payments network, the bank said in a police complaint, a copy of which was seen by Reuters.

 

“During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system,” the bank said.

The bank declined to reveal the countries, citing security risks.

Police said they were investigating the theft.

A police official, who declined to be named, said they had enlisted the help of experts to find out how authorized transactions were conducted simultaneously in various countries.

India’s City Union Bank Ltd reported in February that it had suffered three “fraudulent remittances” of nearly $2 million that had been pushed through the SWIFT financial platform.

In 2016, unknown hackers stole more than $81 million from the Bangladesh central bank’s account with the Federal Reserve Bank of New York. Investigators have made little progress in the case.

“While there is growing awareness to regularly update an organization’s cyber preparedness and defense mechanisms, a large number of institutions wake up to this reality only post an incident which often leads to a loss of reputation and/or financial misappropriation,” said Nikhil Bedi, a partner with Deloitte India.

Daily FT