- Generative AI Fueling Rapid Rise in API Vulnerabilities: Wallarm
- New Komprise Functions Better Detect, Protect Sensitive Data
- Cognizant, CrowdStrike Partner to Protect Enterprises in the Cloud
- Guardz’s Ultimate Plan Gives MSPs, MSSPs More AI, SentinelOne EDR
Each week, ChannelE2E compiles a list of the top stories we’ve covered about the security services market from our affiliate brand, MSSP Alert. Here’s this week’s round-up of news from MSSP Alert.
Generative AI Fueling Rapid Rise in API Vulnerabilities: Wallarm
APIs, the software that plays the vital role in modern business by allowing different applications to communicate, are now the most critical attack surface, and much of that is being driven by the rapid adoption of generative AI, according to API security vendor Wallarm.
Wallarm researchers in 2024 tracked 439 AI-related vulnerabilities – a 1,025% jump year-over-year – and 99% of those were tied to APIs, the San Francisco-based company wrote in a report released Wednesday. The CVEs included injection flaws, misconfigurations, and new memory corruption vulnerabilities, tied to AI’s reliance on high-performance binary flaws, they wrote.
The annual report hits on both the technical and strategic aspects of API security that are important to both CISOs and CIOs. This is where MSSPs and MSPs can play an important role, according to Wallarm CEO Ivan Novikov.
“In many ways, the biggest cybersecurity change that comes with the massive adoption of APIs is shifting from securing assets to securing connections,” Novikov told MSSP Alert. “APIs are the connective tissue between enterprise services and applications. While a basic advantage of using an MSSP is being able to tap into their pool of security skills, MSSPs also tend to understand the connections between things really well. MSSPs are well versed in connecting disparate security tools and security data. That experience lends itself well to understanding APIs and API security.”
New Komprise Functions Better Detect, Protect Sensitive Data
Detecting and protecting the vast amounts of sensitive data enterprises control is a huge challenge, especially as cloud adoption rises and the Internet of Things (IoT) expands. And that was before the rapid emergence of generative AI.
Now, the problem is even worse -- organizations are putting more personally identifiable information (PII) into models and platforms. According to a report by Menlo Security a year ago, attempts to put such information into generative AI platforms accounted for 55% of data loss prevention (DLP) events. Confidential documents made up 40% of input attempts that triggered DLP detections, the cybersecurity company found.
But now, data management company Komprise is attempting to address the issue -- or, at least make it easier and faster to find and flag that PII so it can be moved and protected. The company is adding new capabilities to its Komprise Smart Data Workflow Manager that will allow enterprises and MSSPs to use regular expressions and keywords to automate the work of finding and tagging sensitive data and moving it to locations where it can be protected.
“Komprise’s intelligent data management capabilities directly address the growing PII challenge by allowing organizations to identify PII across storage silos,” Brian Hartwell, vice president of worldwide partner sales for Komprise, told MSSP Alert, adding that the new features help “MSSPs and their customers discover and categorize PII, no matter where it resides – in on-premises storage or across multiple cloud environments. This ability to identify sensitive data at scale is foundational for building a robust cybersecurity posture.”
Cognizant, CrowdStrike Partner to Protect Enterprises in the Cloud
Moving data and workloads into the cloud and embracing cloud services may help enterprises be faster and more efficient, scalable, and adaptable, but it also makes them more vulnerable to cyberattacks, according to Shambhu Aralelemath, vice president and global head of cybersecurity at MSSP Cognizant.
They have to look at the cloud as an extension of their IT perimeters, understanding that it expands the attack surface and creates higher risks, Aralelemath told MSSP Alert.
“Therefore, there is a need to re-evaluate cybersecurity controls and guardrails instead of simply extending traditional controls to the cloud,” he said. “Many organizations lack the tools and technologies that can support a multi-cloud security posture and compliance management.”
Cognizant this week announced a partnership with cybersecurity firm CrowdStrike aimed at making it easier for organizations to have the necessary security tools in place to make their lives in the cloud safer.
Guardz’s Ultimate Plan Gives MSPs, MSSPs More AI, SentinelOne EDR
When Guardz announced last year that it was partnering with SentinelOne, the benefits to both companies were obvious.
Guardz, which offers MSPs and MSSPs an AI-driven unified platform that provides what they need to deliver cybersecurity protections to small and midsize businesses, could now integrate capabilities from the larger cybersecurity vendor into the platform.
For its part, SentinelOne opened an avenue to expand its presence among SMBs, which face many of the same security challenges that enterprises do but without the budget or expertise their larger brethren. Through Guardz and its MSP and MSSP partners, SentinelOne had more running room in an increasingly important market.
