DATA SECURITY

Balbix Allows CISOs to Quantify their Cybersecurity Posture Risk in Dollars

Balbix | August 04, 2021

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the launch of its Automated Cyber Risk Quantification (CRQ) solution. Balbix's new offering allows organizations to produce a single, comprehensive view of their cyber risk in dollars (or other currencies) so they can prioritize and fix security vulnerabilities faster and reduce breach risk by 95% or more. For example, to protect itself against ransomware attacks, an organization could use Balbix to identify the assets that would be most costly if held to ransom and quickly act to reduce these risks.

Automated cyber risk quantification

Calculating breach risk in monetary terms provides a common language that organizations - from security engineers and IT admins to the CISO, CFO and CIO - can use to prioritize projects and spending, and track the effectiveness of their overall cybersecurity program. However, most organizations have struggled with measuring cyber risk due to their reliance on complicated manual processes and dozens of isolated IT, security and business tools.

The Balbix Automated CRQ solution uses machine learning and automation to quantify both the likelihood and the impact of a potential breach, and remove complex and error-prone tasks. As a result, organizations can:

Build a unified cybersecurity asset management program
Prioritize enterprise vulnerabilities
Quantify cyber risk in monetary terms
Customize security analytics and board-level reporting
"Balbix is an industry-leading platform that consolidates cyber risks into a single reportable model," said Rhonda Gass, Chief Information Officer at Stanley Black & Decker. "This technology is enabling us to scorecard our risk remediation performance and gain continuous visibility into open security issues."

"The Infosec industry has struggled for a long time to quantify the security posture of their organizations in clear cyber risk terms denominated in Dollars (or Euros, Pounds, Yen, etc.),'' said Jon Oltsik, Senior Principal Analyst and Fellow at ESG. "As a result, the right decisions don't get made, leaving the enterprise vulnerable to attack and compromise. Balbix's innovative offering has the promise of changing this equation."

Seamless data collection

Balbix also released new streaming and snapshot connectors. Streaming connectors are agentless and connect via API to the data source and pull in data on a specified schedule and thus are easy to deploy and manage. Snapshot connectors are used to ingest data using .csv or other formats. Organizations can use these connectors to ingest data from dozens of data sources including vulnerability assessment tools, CMDB, EDR, firewalls, SIEM, MDM systems, AppSec systems, OT/IoT management systems, Active Directory, DNS/DHCP and cloud infrastructure APIs. Moreover, the connectors are highly scalable. For example, Balbix typically ingests several 100s of terabytes per day from customers with environments containing 250,000 assets.

"We are very pleased to introduce our new cyber risk quantification offering," said Gaurav Banga, Founder and CEO of Balbix. "Cybersecurity tools generate mountains of data. Traditionally, infosec teams have had to sift through massive vulnerability scans, attack simulation reports and app vulnerability results to prioritize issues that should be addressed first. Then they had to explain their actions to non-cyber stakeholders in business risk terms. This has been an impossible job. The new Balbix Automated CRQ solution makes easy work of this task by automating much of the workflow."

About Balbix

Balbix provides the world's leading platform for cybersecurity posture automation. Using Balbix, organizations can discover, prioritize and mitigate unseen risks and vulnerabilities at high velocity. With seamless data collection and petabyte-scale analysis capabilities, Balbix is deployed and operational within hours, and helps to decrease breach risk immediately. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a "Cool Vendor" by Gartner in 2018.

Spotlight

Given the increasing frequency of cyber attacks, it is essential to regularly conduct security risk assessments as part of a comprehensive IT security program. In fact, many compliance regulations, such as PCI DSS and HIPAA, require annual IT risk assessments. Unfortunately, not all security auditors understand the special security features of IBM i, and not all IBM i administrators have the knowledge or the time to conduct regular, thorough security assessments.

Spotlight

Given the increasing frequency of cyber attacks, it is essential to regularly conduct security risk assessments as part of a comprehensive IT security program. In fact, many compliance regulations, such as PCI DSS and HIPAA, require annual IT risk assessments. Unfortunately, not all security auditors understand the special security features of IBM i, and not all IBM i administrators have the knowledge or the time to conduct regular, thorough security assessments.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Netskope Further Improves Risk Visibility on AWS, Strengthening Customers' Security Posture

Netskope | December 01, 2022

Netskope, a global leader in secure access service edge (SASE), is announcing new support of Amazon Web Services (AWS) to further improve visibility of risks and threats on AWS services, resulting in even stronger security postures for customers. Through this work, Netskope will support the launch of AWS Verified Access and Amazon Security Lake to drive innovation for enterprises running on AWS. As the cybersecurity landscape becomes more complex and multifaceted, organizations want to confidently know their data, employees, and resources are safe from potential attacks. Netskope has helped thousands of customers, including more than 25 of the Fortune 100, improve their security posture through integrated zero trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), cloud security posture management (CSPM), storage scanning with data loss prevention (DLP), cloud firewall, Borderless WAN, and more. By meeting the rigorous standards of supporting the launch of AWS Verified Access and Amazon Security Lake, Netskope and customers can have greater confidence in the company's deep technical expertise on AWS and its proven track record in securing even the most complex cloud journeys. "As organizations search for seamless support and unification of their cloud security services, our work with AWS will help customers achieve even better visibility and protection in a cloud-first, hybrid work environment. "Hybrid work today happens in the office, at home, or on the go, and with this new support of Amazon Security Lake and AWS Verified Access, we'll help customers navigate their cloud security journey by securing data from anywhere, on any device." Andy Horwitz, Vice President, Business Development and Technology Alliances at Netskope Netskope will support Amazon Security Lake and AWS Verified Access by providing visibility and real-time data and threat protection when accessing cloud services, applications, and data. Customers can expect broader and more granular data sharing to expose cloud threats and security gaps, better alert prioritization so security teams can remediate the highest threats first, and a stronger security posture with faster remediation strategies in place. "Netskope and AWS continue to help organizations with security capabilities they need to protect their users and data everywhere," said Chris Grusz, Director, ISV Partner and AWS Marketplace Business Development. "Netskope is a trusted security provider for many cloud-first organizations, and the expanded relationship with AWS will allow customers to better realize the full value of their AWS Security investments." About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Veza Announces Open Authorization API to Extend Identity-First Security Across the Enterprise Data Landscape

Veza | December 02, 2022

Veza today announced that its Open Authorization API (OAA) is now public on GitHub for community collaboration, extending the reach of identity-first security across the enterprise. Developers can now create and share connectors to extend the Veza Authorization Graph to all sensitive data, wherever it lives, including cloud providers, SaaS apps, and custom-built internal apps, accelerating their company’s path to zero trust security. Security professionals espouse the principle of ‘Least Privilege’ to secure enterprise data, but the rush to a multi-cloud, multi-app environment has exploded the complexity and layers of interconnection for which access must be understood, monitored, and constantly remediated to achieve and maintain least privilege. Recent attacks on Okta and Twilio demonstrate that companies are allowing overly-broad access to data via constructs of groups, roles, policies, and system specific permissions. Veza connects the dots of effective permissions across cloud providers, SaaS apps and identity platforms, making it easy to visualize who can view or delete sensitive data. OAA allows organizations and the broader community to create their own integrations with Veza, extending visibility to any resource, including SaaS apps like GitLab and Jira as well as custom-built internal apps. “The vast majority of cybersecurity failures are rooted in issues with the gap that exists between identity, access to data, and permissions,” said Tarun Thakur, co-founder and CEO, Veza. “Since our founding, we have been committed to protecting our customers from threats like ransomware, privilege abuse, and data breaches. With Veza Open Authorization API, we are extending our identity-first security approach broadly in the market and arming organizations with the tools they need to remediate undesirable and unnecessary data access at a granular level, and meet the requirements of access governance for enterprise systems, both on-premises and in the cloud." With Veza's Open Authorization API, customers can translate and visualize authorization metadata from any SaaS app, custom and in-house applications. Users can explore identity-to-data relationships through the Authorization Graph, monitor for least privilege misconfigurations and violations, and conduct comprehensive entitlement reviews for all of their sensitive data. “We specifically chose Veza because their Open Authorization API allowed us to connect to our custom internal applications. We follow the principle of least privilege, but with so many systems to review, we valued Veza’s unique ability to give us a comprehensive view quickly. They made it faster and easier for our team to review all permissions with confidence.” -Riaz Lakhani, CISO of Barracuda Networks. As an open-source project on GitHub, Veza’s Open Authorization API allows customers and partners to learn from, and build upon, each other’s work to create a control plane that reaches all data. By bringing OAA SDK and connectors available on GitHub Community, Veza empowers customers to ingest authorization metadata previously isolated in internal systems and SaaS applications. The OAA community has already created integrations for critical SaaS apps including GitHub, GitLab, Bitbucket, Jira, Zendesk, Slack, Coupa Software, Pagerduty, and Looker. These integrations are available now to all Veza customers. “Veza solves the problem of aligning identities to data,” said Craig Rosen, Chief Security & Trust Officer at ASAPP. “Veza’s Open Authorization Platform helped us extend that visibility to all the apps and data that matter most to us, like GitHub and Jira. Now it is easy for our security professionals to understand (and remediate) who has access to our important intellectual property.” About Veza Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to visualize, remediate, and control who can and should take what action on what data. We empower customers to take an identity-first approach to secure data by addressing critical business needs of streamlining identity and access governance, implementing data lake security, managing cloud entitlements, and modernizing privileged access. Our Authorization Graph connects identities to data across enterprise systems, enabling analysis, monitoring, and certification of end-to-end access. Global enterprises like Blackstone, ASAPP, Barracuda Networks, Choice Hotels, and a number of Fortune 500 and emerging organizations trust Veza to secure their enterprise data. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures.

Read More

DATA SECURITY,ENTERPRISE IDENTITY,PLATFORM SECURITY

Wipro Launches Cybersecurity Consulting Offering in Europe

Wipro | November 28, 2022

Wipro Limited, a leading technology services and consulting company, today announced that it is launching a strategic cybersecurity consulting offering in Europe. The announcement comes on the heels of a series of acquisitions in the consulting space—Edgile, Capco, and Ampion—and is part of the firm’s vision to build a global cybersecurity consulting offering to help clients stay ahead of a dynamic threat and regulatory environment. “Escalation of cyber threats, compounded by the rapidly changing regulatory environment, is creating brand new challenges for businesses across Europe. "Our extensive experience in cybersecurity, global network of cybersecurists, combined with our expanded consulting capabilities, will help clients stay ahead of emerging threats and adapt to a changing regulatory environment with speed and agility. We are thrilled to be bringing this offering to clients in this market at this critical juncture.” Tony Buffomante, Senior Vice President & Global Head of Cybersecurity and Risk Services (CRS) at Wipro Limited The new consulting capability, offered through Wipro CRS Europe, will expand on Wipro’s existing cybersecurity services and enable clients to tap into Wipro’s full set of capabilities—from strategy and implementation to managed services. Under this new offering, Wipro consultants located in Europe will work with clients to build tailored strategies and solutions that address the unique challenges in this market. Leveraging Wipro’s extensive global network of more than 9000 cybersecurists, Wipro CRS Europe will help clients realize enhanced scale and speed in implementations. “Our recent acquisitions in the cybersecurity space, as well as our recent strategic hires in Europe, have created an opportunity for us to rethink how we serve our clients in this market,” said John Hermans, Head of Wipro CRS Europe. “This launch will bring together our entire set of cyber capabilities under a single umbrella, allowing us to deliver clients a truly end-to-end offering that leads with strategy but delivers on every single aspect of their cybersecurity needs.” The new offering will bring all Wipro’s cyber consulting capabilities under one umbrella, CyberTransformSM, and deliver them to clients alongside the company’s managed services capabilities, CyberShieldSM. CyberTransform is Wipro’s business-aligned strategy-first approach to cybersecurity transformation. It enables business growth through a business-led approach to solve security, risk, cloud, identity, and compliance challenges on a global scale. CyberTransform brings together Wipro’s suite of cybersecurity consulting capabilities and delivers clients a truly holistic, 360 approach designed to help them manage cyber threats and build resilient, future-proof businesses. CyberShield is Wipro CRS’ industry-leading suite of managed services, which defends business operations through On-Demand cyber resilience management. About Wipro Limited Wipro Limited is a leading technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 250,000 employees and business partners across 66 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world.

Read More