SECURITY AUDIT AND COMPLIANCE
Balbix | August 09, 2022
Balbix, the leader in cybersecurity posture automation, announced today new integrations with ServiceNow (NYSE: NOW), the leading digital workflow company. As a result of the integrations, customers can automatically augment cyber risk data with business context and integrate remediation efforts with their existing security and IT workflows. CISOs can eliminate thousands of hours from the time required to operationalize cyber risk quantification (CRQ) in dollars and close the gap between cybersecurity and the business.
The integration with ServiceNow's configuration management database (CMDB) allows Balbix customers to automatically ingest business context from their CMBD into the Balbix platform and combine it with asset, vulnerability and risk data from their other IT and security tools, and Balbix sensors to create a unified cyber risk model presented in dollars. Data is automatically deduplicated, correlated and inferenced to drastically reduce the manual labor required for teams to add business context to cyber risks, and prioritize and measure them. For example, with the integration businesses can now:
Measure and report on the dollar amount of risk by business unit, business leader, asset type, application, regulatory requirement and geographic location (cities, countries, regions).
Quantify the dollar amount of risk related to externally facing assets, internal assets, assets that the IT department manages, and assets not managed by the IT department.
"Historically, Fortune 500 companies would spend thousands of hours of manual labor mapping business context to their risk data for board reporting, risk analysis and cybersecurity decision making, Our integration with the ServiceNow CMDB, has enabled us to sharply reduce the time needed to quantify cyber risk. With Balbix, CISOs can continuously and automatically map risk to their business hierarchy and prioritize their highest-risk issues for response."
Chris Griffith, chief product officer at Balbix.
Businesses are struggling to report concrete CRQ results with 62% indicating they cannot calculate their breach risk in monetary terms, according to Balbix's own 2022 State of Security Posture Report. Furthermore, according to the report, 51% of organizations indicated they lack continuous visibility into asset inventories making it difficult to correlate risk with business context, and instead relying on siloed tools, manual workflows, and qualitative analysis to quantify the exposure.
"Cyber risk has become a frustrating business risk to manage as leadership teams struggle to accurately quantify their risk and prioritize initiatives to mitigate it, These integrations address the growing needs CISOs have to report on cyber risk in a way that their business leaders can clearly understand, to make the right investments and to remediate their riskiest vulnerabilities faster."
Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber.
In addition to automating advanced CRQ capabilities, the integration with ServiceNow IT Service Management (ITSM) further eliminates manual effort by enabling security teams to create ServiceNow remediation tickets from within Balbix. This enables security and IT teams to increase productivity by using a familiar and shared system for remediation workflow. Moreover, security analysts can create tickets to remediate a vulnerability for a single impacted asset or for a group of assets to specify remediation tasks more efficiently and reduce the mean time to remediate (MTTR) risk issues.
Balbix enables organizations to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. The Balbix Security Cloud™ platform ingests data from organizations' security and IT tools to understand every aspect of their cybersecurity posture, build a unified cyber risk model and then provide actionable insights for risk reduction. With Balbix, enterprises can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions.
A rapidly growing set of Fortune 500 companies trust Balbix as the "brain" of their infosec programs and are realizing the benefits of maximally automated workflows and measurably lower cyber risk. Balbix was ranked #32 on the 2021 Deloitte Fast 500 North America, and has been recognized for innovation by Gartner.
Lumu | August 08, 2022
Lumu, creators of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real time, today announced it has closed an $8 million investment round, bringing total funding to $15.5 million. Led by Panoramic Ventures, the investment will serve as growth capital for sales and marketing initiatives to further Lumu's mission of helping organizations operate cybersecurity proficiently. Other investors include KnowBe4 Ventures, Lane Bess, former Zscaler and Palo Alto Networks executive, and Tom Noonan, former CEO at Internet Security Systems and the SoftBank Group's SB Opportunity Fund.
"We are excited to continue to support Lumu through this phase of hypergrowth, as organizations across all verticals are realizing the value of measuring compromise within their networks and acting on this factual data immediately," said Paul Judge, Managing Partner of Panoramic Ventures. "The innovation Lumu is bringing to the market is evident and a true game-changer for cybersecurity operations."
Lumu's Continuous Compromise Assessment model enables any organization to measure and understand compromise to close the breach detection gap from months to minutes continuously and intentionally. Teams receive actionable information about who was impacted, when the incident took place and how best to respond before it escalates to a bigger problem. The company has experienced hyper-growth in 2021 and 2022 and now has more than 3,100 organizations using its technology. The Lumu platform has analyzed more than 1 trillion metadata and detected more than 345 million adversarial contacts.
"With today's economy, hiring constraints and the non-stop cyber threats, companies need tools that enable an accurate understanding of, and swift response to, potential attacks. "Our platform provides context at the granular level to understand each and every incident and the specific techniques used by attackers so that cybersecurity operators can mitigate malicious incidents and overall improve their cybersecurity stack. With cybercriminals quick to take advantage of economic downturns, this funding round emphasizes just how critical of a time it is for enterprises to prioritize protection and defense mechanisms."
Ricardo Villadiego, Founder and CEO of Lumu
The capital will also be used to scale the company's initiative to consistently attract exceptional talent to amplify the reach of Lumu's cyber industry-leading resilience message and to build credibility with target audiences to help companies of all sizes and verticals proficiently operate cybersecurity functions.
KnowBe4 is one of the key investors joining Lumu's funding round. The companies will join forces to further their missions of enabling employees and security teams to make smarter security decisions every day.
Miami-based Lumu is founded and led by Ricardo Villadiego, a successful second-time founder who is part of the SB Opportunity Fund's community of visionary Black, Latinx, and Native American entrepreneurs.
Headquartered in Miami, Florida, Lumu is a cybersecurity company focused on helping enterprise organizations illuminate threats and isolate confirmed instances of compromise. Applying principles of Continuous Compromise Assessment, Lumu has built a powerful closed-loop, self-learning solution that helps security teams accelerate compromise detection, gain real-time visibility across their infrastructure, and close the breach detection gap from months to minutes.
Cymulate | August 12, 2022
Cymulate, the leader in Continuous Threat Exposure Management, today announced the expansion of its Extended Security Posture Management (XSPM) Platform to include advanced insights and analytics capabilities. As businesses struggle to manage attack surfaces and validate security controls, these new data-driven capabilities significantly improve risk visibility and deliver actionable insights for reducing remediation time. Businesses also now gain enhanced levels of granularity for setting and tracking cybersecurity performance metrics and KPIs, which are required for improving cyber resilience.
"Now, more than ever, organizations require automated contextual reporting of exposure findings to understand and optimize their security posture. "Our new analytics layer provides critical data for prioritizing mitigations and fine-tuning configurations for closing security gaps. This prioritization is key for effectiveness in times of skills shortage. Additionally, technical jargon is translated into meaningful reports that can be used to more effectively inform business stakeholders."
Avihai Ben-Yossef, CTO and Co-Founder of Cymulate
Cymulate's platform, the industry's gold standard for continuous threat exposure management (CTEM) programs, provides customers with an efficient way to validate their cybersecurity posture continuously and on-demand. Proven to reduce operational drain and cost, Cymulate automatically tests networks, applications, and endpoint security against the latest threats in the wild. Plus, its native, offensive security technology and capabilities accelerate response time by dynamically assessing and responding to security posture risks.
Customers benefit from Cymulate Security Posture Management Analytics capabilities with the ability to quickly normalize, aggregate, and analyze data across the platform's automated cyberattacks functionality. The holistic solution combines Attack Surface Management, automated red-teaming, Breach and Attack Simulation, automated security validation, and vulnerability prioritization, providing a clear and holistic view of the business's security posture.
Based on global analytics findings, users can improve security readiness by
Establishing baselines on multiple attack vectors and gaining consistency in measuring against them
Viewing and building dynamic dashboards for insights and visualization of results
Demonstrating trends and improving awareness of security posture drift
Tracking remediation efforts with ticketing systems' integrations
Generating customized reports so security teams can rerun attacks to assess whether remediation efforts have been successful
Justifying security spending in a quantifiable manner and showcasing security achievements over a specified period of time.
The Cymulate SaaS-based Extended Security Posture Management (XSPM) provides security professionals with the ability to continuously challenge, validate and optimize their on-premises and cloud cyber-security posture with end-to-end visualization across the MITRE ATT&CK® framework. The platform provides automated, expert, and threat intelligence-led risk assessments that are simple to deploy, and easy for organizations of all cybersecurity maturity levels to use. It also provides an open framework for creating and automating red and purple teaming by generating tailored penetration scenarios and advanced attack campaigns for their unique environments and security policies.