Latest news with #SecurityPlatform
Associated Press
2 days ago
- Business
- Associated Press
Datadog Expands AI Security Capabilities to Enable Comprehensive Protection from Critical AI Risks
Launch of Code Security and new security capabilities strengthen posture across the AI stack, from data and AI models to applications New York, New York--(Newsfile Corp. - June 10, 2025) - Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications, today announced new capabilities to detect and remediate critical security risks across customers' AI environments -from development to production-as the company further invests to secure its customers' cloud and AI applications. AI has created a new security frontier in which organizations need to rethink existing threat models as AI workloads foster new attack surfaces. Every microservice can now spin up autonomous agents that can mint secrets, ship code and call external APIs without any human intervention. This means one mistake could trigger a cascading breach across the entire tech stack. The latest innovations to Datadog's Security Platform, presented at DASH, aim to deliver a comprehensive solution to secure agentic AI workloads. 'AI has exponentially increased the ever-expanding backlog of security risks and vulnerabilities organizations deal with. This is because AI-native apps are not deterministic; they're more of a black box and have an increased surface area that leaves them open to vulnerabilities like prompt or code injection,' said Prashant Prahlad, VP of Products, Security at Datadog. 'The latest additions to Datadog's Security Platform provide preventative and responsive measures-powered by continuous runtime visibility-to strengthen the security posture of AI workloads, from development to production.' Securing AI Development Developers increasingly rely on third-party code repositories which expose them to poisoned code and hidden vulnerabilities, including those that stem from AI or LLM models, that are difficult to detect with traditional static analysis tools. To address this problem, Datadog Code Security, now Generally Available, empowers developer and security teams to detect and prioritize vulnerabilities in their custom code and open-source libraries, and uses AI to drive remediation of complex issues in both AI and traditional applications-from development to production. It also prioritizes risks based on runtime threat activity and business impact, empowering teams to focus on what matters most. Deep integrations with developer tools, such as IDEs and GitHub, allow developers to remediate vulnerabilities without disrupting development pipelines. Hardening Security Posture of AI Applications AI-native applications act autonomously in non-deterministic ways, which makes them inherently vulnerable to new types of attacks that attempt to alter their behavior such as prompt injection. To mitigate these threats, organizations need stronger security controls-such as separation of privileges, authorization bounds, and data classification across their AI applications and the underlying infrastructure. Datadog LLM Observability, now Generally Available, monitors the integrity of AI models and performs toxicity checks that look for harmful behavior across prompts and responses within an organization's AI applications. In addition, with Datadog Cloud Security, organizations are able to meet AI security standards such as the NIST AI framework out-of-the-box. Cloud Security detects and remediates risks such as misconfigurations, unpatched vulnerabilities, and unauthorized access to data, apps, and infrastructure. And with Sensitive Data Scanner (SDS), organizations can prevent sensitive data-such as personally identifiable information (PII)-from leaking into LLM training or inference data-sets, with support for AWS S3 and RDS instances now available in Preview. Securing AI at Runtime The evolving complexity of AI applications is making it even harder for security analysts to triage alerts, recognize threats from noise and respond on-time. AI apps are particularly vulnerable to unbound consumption attacks that lead to system degradation or substantial economic losses. The Bits AI Security Analyst, a new AI agent integrated directly into Datadog Cloud SIEM, autonomously triages security signals-starting with those generated by AWS CloudTrail-and performs in-depth investigations of potential threats. It provides context-rich, actionable recommendations to help teams mitigate risks more quickly and accurately. It also helps organizations save time and costs by providing preliminary investigations and guiding Security Operations Centers to focus on the threats that truly matter. Finally, Datadog's Workload Protection helps customers continuously monitor the interaction between LLMs and their host environment. With new LLM Isolation capabilities, available in preview, it detects and blocks the exploitation of vulnerabilities, and enforces guardrails to keep production AI models secure. To learn more about Datadog's latest AI Security capabilities, please visit: Code Security, new tools in Cloud Security, Sensitive Data Scanner, Cloud SIEM, Workload and App Protection, as well as new security capabilities in LLM Observability were announced during the keynote at DASH, Datadog's annual conference. The replay of the keynote is available here. During DASH, Datadog also announced launches in AI Observability, Applied AI, Log Management and released its Internal Developer Portal. About Datadog Datadog is the observability and security platform for cloud applications. Our SaaS platform integrates and automates infrastructure monitoring, application performance monitoring, log management, user experience monitoring, cloud security and many other capabilities to provide unified, real-time observability and security for our customers' entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration, drive collaboration among development, operations, security and business teams, accelerate time to market for applications, reduce time to problem resolution, secure applications and infrastructure, understand user behavior and track key business metrics. Forward-Looking Statements This press release may include certain 'forward-looking statements' within the meaning of Section 27A of the Securities Act of 1933, as amended, or the Securities Act, and Section 21E of the Securities Exchange Act of 1934, as amended including statements on the benefits of new products and features. These forward-looking statements reflect our current views about our plans, intentions, expectations, strategies and prospects, which are based on the information currently available to us and on assumptions we have made. Actual results may differ materially from those described in the forward-looking statements and are subject to a variety of assumptions, uncertainties, risks and factors that are beyond our control, including those risks detailed under the caption 'Risk Factors' and elsewhere in our Securities and Exchange Commission filings and reports, including the Annual Report on Form 10-K filed with the Securities and Exchange Commission on May 6, 2025, as well as future filings and reports by us. Except as required by law, we undertake no duty or obligation to update any forward-looking statements contained in this release as a result of new information, future events, changes in expectations or otherwise. Contact Dan Haggerty [email protected] To view the source version of this press release, please visit
Channel Post MEA
18-03-2025
- Business
- Channel Post MEA
Fortinet Expands OT Security Platform
Fortinet has announced it has advanced its OT Security Platform to further support the protection of critical infrastructure and industrial sites from evolving cyberthreats. New enhancements go beyond traditional OT visibility solutions and include deeper OT-specific threat visibility with the FortiGuard OT Security Service, expanded ruggedized solutions for segmentation and 5G in harsh environments, and an upgraded OT SecOps portfolio for automated threat response and regulatory compliance tracking. 'Fortinet has been building an industry-leading OT Security Platform for 20-plus years and remains at the forefront of OT security innovation,' said Nirav Shah, Senior Vice President, Products and Solutions at Fortinet. 'As cyberthreats against critical infrastructure and across industries such as energy, transportation, and manufacturing continue to grow, Fortinet remains committed to delivering comprehensive security solutions tailored for operational technology environments. These latest enhancements give organizations the tools they need to improve their OT security posture and adhere to regulatory requirements—all managed through a single, unified platform.' Key Enhancements to the Fortinet OT Security Platform The latest Fortinet OT Security Platform updates introduce powerful new capabilities to enhance OT security: New FortiGate Rugged NGFWs combined with new enhancements to the FortiGuard OT Security Service provide unparalleled security enforcement in OT environments, allowing organizations to detect threats across over 3,300 OT protocol rules, nearly 750 OT IPS rules, and 1,500 virtual patching rules. These capabilities protect against known exploited vulnerabilities (KEVs) and other cyber risks while delivering advanced threat protection through virtual patching for legacy OT systems. Additional new secure networking OT capabilities include updates to FortiSRA, enhancing secure remote access with improved secrets and password management for OT environments. To ensure secure segmentation, Fortinet has also introduced the FortiSwitch Rugged 108F and FortiSwitch Rugged 112F-POE, expanding its portfolio of industrial-grade small form-factor switches. These ruggedized switches allow for granular security enforcement at the port level, preventing unauthorized lateral movement across OT networks while maintaining seamless integration with Fortinet's broader security ecosystem. These switches, built on Fortinet's unified FortiOS operating system, streamline network and security management. For secure and resilient connectivity, Fortinet has also launched two ruggedized 5G solutions: the FortiExtender Rugged 511G, an IP67-rated 5G wireless WAN gateway that delivers high-speed, secure connectivity to remote OT sites; and the FortiExtender Vehicle 511G, an IP64-rated 5G router designed for fleet vehicles. Both solutions feature embedded Wi-Fi 6 and new eSIM capabilities, removing the need for physical SIM cards and simplifying carrier selection. Fortinet is also strengthening its AI-driven security operations (SecOps) capabilities for OT. Enhancements to FortiAnalyzer 7.6 and FortiDeceptor 6.1 provide deeper insights into security threats and simplify compliance reporting for OT security teams. Updates to FortiNDR Cloud include a new OT protocol support for threat hunting, while FortiNDR (on-premises) adds several new features, including a Purdue Model view and new device inventory that includes OT and the Mitre ATT&CK ICS Matrix. The Fortinet OT Security Platform provides unified visibility and security capabilities to manage OT and remote-site security, simplifying and empowering customers' ability to assess, secure, and report on risk, including complex regulatory compliance requirements. Only Fortinet offers seamless segmentation capabilities and an end-to-end ruggedized portfolio of OT security solutions powered by a single operating system, FortiOS. Deep integration with the Fortinet Security Fabric makes the OT Security Platform the most comprehensive in the industry, providing the most effective, efficient, and holistic offering for OT security and compliance adherence that goes beyond the industry standard. 0 0
Yahoo
09-03-2025
- Business
- Yahoo
The résumé a software engineer used to land a cybersecurity job at Microsoft
Ankit Masrani shared the résumé that landed him a Microsoft role building security infrastructure. Prior to Microsoft, Masrani studied IT, got a Master's in computer science, and worked at AWS. He said data experience and security knowledge are needed to transition to cybersecurity. Breaking into the cybersecurity field can be a challenge for some — but 36-year-old Ankit Masrani stumbled into it. The Seattle-based Microsoft employee told Business Insider that while he had plans to become a software engineer, he didn't expect to work in the security space. Now, he develops sovereignty controls for the tech giant's security platform, ensuring sensitive customer information remains within geographic boundaries. After studying information technology in college and working in roles building software systems, Masrani came to the US to get a Master's degree in computer science. After completing a six-month co-op internship at AWS while he was in school, he converted to a full-time employee, where he focused on securing data and networks until he felt the need for a change. "To be honest, it was very tiring," Masrani said about his six and a half years at AWS. "And I wanted a change in my job to try something different." Masrani said his final project before joining Microsoft involved building a customer-managed key encryption feature, which required research into best practices for data security. He said he found the work "really interesting" and began exploring teams focused on data governance and security. He said working alongside engineers who were truly "passionate" about their work was a top priority for him. Here's the résumé he used to get his job at Microsoft, where he started on Microsoft's Purview security team as a senior software engineer. Now, he's a principal software engineer working on Microsoft's Security Platform. Masrani said he applied by going to the company site and didn't have any references. He said if he were to apply again today, he might not include such a lengthy education section because people would probably focus on his 10 years of experience. When he was a year or two out of school, though, he said he thinks it helped him get interviews. Masrani came into the role with a background in IT, computer science, and data experience — all of which are recommended routes to enter the field, according to industry veterans. Masrani's pivot wasn't drastic, but he said certain skill sets are needed to transition from general software engineering to the security side. As a software engineer building cybersecurity services, Masrani said he handles large volumes of security logs, user activity data, and threat intelligence data. Masrani said he isn't "actively doing security threat hunting" but is building services for a platform that does. Masrani said experience with big data technologies like Hadoop, an open source framework that processes large amounts of data for applications, is important for learning how to build data pipelines. He added that machine learning and anomaly detection is also useful for working on security product services. Masrani also recommends experience with cloud services like AWS or Microsoft Azure to understand scalable data processing. "Storage is very important since cloud services are leveraged everywhere from small to large software systems," Masrani said. Masrani also said security knowledge is necessary to pivot to the cybersecurity sector. Masrani said safety protocols and data processing guidelines are often specific to regions. He said domain knowledge around data governance and other security products is important, as well as familiarity with regulations, such as the General Data Protection Regulation. He said it's also important to know fundamentals around data encryption, network security, and application security. "Any handling of customer data must be done in a safe and secure manner," Masrani said. "Having knowledge of best practices for handling data is very important. Read the original article on Business Insider
