SECURITY AUDIT AND COMPLIANCE

Balbix Announces New Integrations with ServiceNow to Further Automate and Improve Cyber Risk Quantification

Balbix | August 09, 2022 | Read time : 03:35 min

Balbix Announces news
Balbix, the leader in cybersecurity posture automation, announced today new integrations with ServiceNow (NYSE: NOW), the leading digital workflow company. As a result of the integrations, customers can automatically augment cyber risk data with business context and integrate remediation efforts with their existing security and IT workflows. CISOs can eliminate thousands of hours from the time required to operationalize cyber risk quantification (CRQ) in dollars and close the gap between cybersecurity and the business.

The integration with ServiceNow's configuration management database (CMDB) allows Balbix customers to automatically ingest business context from their CMBD into the Balbix platform and combine it with asset, vulnerability and risk data from their other IT and security tools, and Balbix sensors to create a unified cyber risk model presented in dollars. Data is automatically deduplicated, correlated and inferenced to drastically reduce the manual labor required for teams to add business context to cyber risks, and prioritize and measure them. For example, with the integration businesses can now:

Measure and report on the dollar amount of risk by business unit, business leader, asset type, application, regulatory requirement and geographic location (cities, countries, regions).

Quantify the dollar amount of risk related to externally facing assets, internal assets, assets that the IT department manages, and assets not managed by the IT department.

"Historically, Fortune 500 companies would spend thousands of hours of manual labor mapping business context to their risk data for board reporting, risk analysis and cybersecurity decision making, Our integration with the ServiceNow CMDB, has enabled us to sharply reduce the time needed to quantify cyber risk. With Balbix, CISOs can continuously and automatically map risk to their business hierarchy and prioritize their highest-risk issues for response."

Chris Griffith, chief product officer at Balbix.

Businesses are struggling to report concrete CRQ results with 62% indicating they cannot calculate their breach risk in monetary terms, according to Balbix's own 2022 State of Security Posture Report. Furthermore, according to the report, 51% of organizations indicated they lack continuous visibility into asset inventories making it difficult to correlate risk with business context, and instead relying on siloed tools, manual workflows, and qualitative analysis to quantify the exposure.

"Cyber risk has become a frustrating business risk to manage as leadership teams struggle to accurately quantify their risk and prioritize initiatives to mitigate it, These integrations address the growing needs CISOs have to report on cyber risk in a way that their business leaders can clearly understand, to make the right investments and to remediate their riskiest vulnerabilities faster."

Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber.

In addition to automating advanced CRQ capabilities, the integration with ServiceNow IT Service Management (ITSM) further eliminates manual effort by enabling security teams to create ServiceNow remediation tickets from within Balbix. This enables security and IT teams to increase productivity by using a familiar and shared system for remediation workflow. Moreover, security analysts can create tickets to remediate a vulnerability for a single impacted asset or for a group of assets to specify remediation tasks more efficiently and reduce the mean time to remediate (MTTR) risk issues.

About Balbix
Balbix enables organizations to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. The Balbix Security Cloud™ platform ingests data from organizations' security and IT tools to understand every aspect of their cybersecurity posture, build a unified cyber risk model and then provide actionable insights for risk reduction. With Balbix, enterprises can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions.

A rapidly growing set of Fortune 500 companies trust Balbix as the "brain" of their infosec programs and are realizing the benefits of maximally automated workflows and measurably lower cyber risk. Balbix was ranked #32 on the 2021 Deloitte Fast 500 North America, and has been recognized for innovation by Gartner.

Spotlight

Enterprises are increasingly adopting Linux as a secure, reliable, and high-performing platform that lowers acquisition and operating costs while providing the agility needed to anticipate and react to changing business conditions.

Spotlight

Enterprises are increasingly adopting Linux as a secure, reliable, and high-performing platform that lowers acquisition and operating costs while providing the agility needed to anticipate and react to changing business conditions.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

​​GuidePoint Security Names Deepwatch as a New Partner in the Company’s Federal Emerging Cyber Vendor Program

GuidePoint Security | September 21, 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that Deepwatch, the leader in advanced managed detection and response (MDR) security, has joined the Emerging Cyber Vendor Program. This GuidePoint Security Program is specifically designed to help emerging cybersecurity vendors expand their federal footprint. As part of this program, the Deepwatch MDR solution is now available under GuidePoint’s GSA Multiple Award Schedule Contract #GS-35F-508CA. Through this partnership, Deepwatch’s MDR solution will be brought to the public sector through GuidePoint Security, which has 40+ years of collective federal expertise across sales and marketing, operations, engineering and procurement. "We are thrilled to be partnering with Deepwatch to support its expansion into the public sector market. “Through its advanced security operations platform and dedicated squads of security experts, Deepwatch will help government agencies better detect and respond to threats.” Jim Quarantillo, Federal Partner, GuidePoint Security "This important partnership ultimately provides federal agencies with enhanced on-going situational awareness of their attack surface and the ability to rapidly detect and contain threats,'' said Carl Helle, chief revenue officer at Deepwatch. “We are proud to partner with GuidePoint Security, leveraging their deep cybersecurity consulting and federal expertise, to help government agencies protect against cyber threats." Deepwatch delivers the industry’s most advanced managed detection and response security, protecting organizations from cyber threats 24/7/365. With Deepwatch, customers get a team of always-on cybersecurity experts who work with them as an extension of their team, powered by an advanced security operations platform that delivers high-fidelity alerting and automated response capabilities for rapidly containing threats. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. About Deepwatch Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.

Read More

DATA SECURITY,PLATFORM SECURITY

Laminar Named a Sample Vendor for Data Security Posture Management in 2022 Gartner® Hype Cycle™ for Data Security

Laminar | August 24, 2022

Laminar, a public cloud data security provider, today announced that it has been named by Gartner as a Sample Vendor for Data Security Posture Management (DSPM) in the Hype Cycle for Data Security, 2022. In addition to referencing Laminar, the Hype Cycle also gives DSPM a benefit rating of “transformational,” the highest benefit rating possible. Laminar is a cloud data security platform that delivers autonomous, agentless, and continuous data security for everything that you build and run in the cloud. Laminar provides autonomous discovery and classification for all data across AWS, Azure, GCP, and Snowflake into a cloud data catalog, prioritization of data assets by our proprietary risk model, an agentless and asynchronous approach to DSPM to reduce the exposure surface without impacting performance, and continuous monitoring to detect data leaks in real time. “We have consistently heard from our customers that the visibility provided by the Laminar platform is transformational and we are thrilled to see Gartner classify DSPM as such in this Hype Cycle report. “We are thrilled that Gartner and the market are recognizing the need for DSPM. We believe that this recognition validates our view that organizations must move to a data-centric security approach that enables data democratization, safely.” Amit Shaked, co-founder and CEO, Laminar According to Gartner, “Organizations face challenges mitigating data security and privacy risks as data rapidly proliferates across multi-cloud and hybrid IT architectures. Identifying meaningful data risk is impossible to solve without combining metrics from data sensitivity, data lineage, infrastructure configurations that create data risks and access risk into a common view. This is an urgent problem that is encouraging rapid growth in the availability and maturation of this technology.” As Gartner explained, “DSPM provides visibility of inconsistent security posture by analyzing a data map of user access to various datasets for identifying business risks. DSPM accelerates assessments of how data security posture can be enforced through complementary data security controls to reduce business risks despite the speed, complexity, dynamics and scale of hybrid IT and multi-cloud deployments.” The drivers of DSPM adoption according to Gartner include: Need to create a data map of user access against specific datasets has been a complex process in the past because traditional data security and IAM products are siloed in the way they operate. Need to map and track the evolution and data lineage across structured and unstructured formats, and across all potential data locations and shadow data, is critical to achieve consistent analysis. This is an emerging driver that is currently in evolution. The growth of regulations that require a data risk assessment has created the need for tools that can assess DSG policies. Need to protect data against exposure (e.g., cloud misconfigurations, excessive access privileges or data residency risks that arise due to geographic locations and access pathways to data). Combination of data observability features, such as real-time visibility into data flows, risk and compliance with data security controls, with the objective to identify security gaps and undue exposure. This recognition comes on the heels of growing business momentum at Laminar. The company recently doubled its total amount of funding raised in six months to a total of $67 million. Additionally, Laminar was recognized by Fortress Cyber Security Awards and the Global InfoSec awards, and was named a TAG Cyber Distinguished Vendor. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER and Hype Cycle are registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. About Laminar Laminar’s Cloud Data Security Platform protects data for everything you build and run in the cloud across cloud providers (AWS, Azure, and GCP) and cloud data warehouses such as Snowflake. The platform autonomously and continuously discovers and classifies new datastores for complete visibility, prioritizes risk based on sensitivity and data risk posture, secures data by remediating weak controls and actively monitors for egress and access anomalies. Designed for the multi cloud, the architecture takes an API-only approach, without any agents, and without sensitive data ever leaving your environment. Founded in 2020 by a brilliant team of award winning Israeli red team experts, Laminar is proudly backed by Insight Partners, Tiger Global, Salesforce Ventures, TLV Partners, and SentinelOne.

Read More

SOFTWARE SECURITY

iboss Achieves FedRAMP Authorization for its Zero Trust Edge Cloud Security Solution

iboss, Inc. | July 29, 2022

iboss, the leading Zero Trust Edge cloud security provider, announces that it has obtained Federal Risk and Authorization Management Program (FedRAMP) Authorization. The achievement is reflective of the company’s commitment to work alongside federal agencies to protect government entities and civilians from growing and increasingly sophisticated cyberthreats. Earlier this year, the United States Office of Management and Budget unveiled a strategy designed to prevent damaging hacks and breaches by moving federal agencies toward a zero trust cybersecurity approach. The announcement followed a 2021 Biden Administration executive order aimed at protecting federal networks by modernizing government cybersecurity, including through the implementation of zero trust security architecture as defined in the National Institute of Standards and Technology (NIST). The iboss platform is a purpose-built, patented, cloud delivered security solution that has been trusted by organizations worldwide to implement Zero Trust architecture as laid out specifically in the NIST 800-207 Special Publication. The company’s containerized cloud architecture makes it the only platform that can control what NIST refers to as the “Implicit Trust Zone” to ensure that all data and resources are completely private. The FedRAMP authorization now extends iboss’s leading platform to all U.S. government customers. “Our Zero Trust Edge platform prevents breaches by making applications and data inaccessible to attackers while allowing trusted users to securely and directly connect to resources from anywhere. “In today’s work-from-anywhere world, protecting sensitive information, regardless of who is accessing it or where, is critical. We look forward to continuing to extend our platform and expertise to U.S. government agencies.” iboss CEO Paul Martini A Zero Trust Architecture built on iboss consolidates network security technologies (SWG, CASB, DLP, IPS, malware defense, browser isolation, firewall) into a single unified cloud platform and eliminates the need for a VPN while securing any device, regardless of location. By making all applications private, iboss eliminates the top three initial ransomware infection vectors as identified by the Cybersecurity and Infrastructure Security Agency (CISA). With applications, data and services made accessible only through the iboss Zero Trust Edge, cyber risk is greatly reduced, breaches and data loss are prevented, and visibility and security are delivered consistently throughout an organization. FedRAMP is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. About iboss, Inc. iboss is a cloud security company that enables organizations to reduce cyber risk by delivering a Zero Trust service designed to protect resources and users in the modern distributed world. Applications, data and services have moved to the cloud and are located everywhere while users needing access to those resources are working from anywhere. Built on a containerized cloud architecture, iboss delivers security capabilities such as SWG, malware defense, browser isolation, CASB and data loss prevention to protect all resources, via the cloud, instantaneously and at scale. This shifts the focus from protecting buildings to protecting people and resources wherever they are located. Leveraging a purpose-built cloud architecture backed by 230+ issued and pending patents and more than 100 points of presence globally, iboss processes over 150 billion transactions daily, blocking 4 billion threats per day. More than 4,000 global enterprises trust the iboss Cloud Platform to support their modern workforces, including a large number of Fortune 50 companies. iboss was named one of the Top 25 Cybersecurity Companies by The Software Report, one of the 25 highest-rated Private Cloud Computing Companies to work for by Battery Ventures, and CRN’s Top 20 Coolest Cloud Security Companies of 2022.

Read More