Software Security

Black Kite Launches Aviator Partner Program to Expand Deployment of Trusted Cyber Risk Ratings Solutions

Black Kite | August 20, 2021

Black Kite, the trusted cyber risk ratings company, today launched the Black Kite Aviator partner program. Aviator enables IT solutions providers to bolster their portfolio of cyber risk services and help customers secure their supply chains. More than 50 companies have already signed on to the Aviator program.

Aviator partner program members will have access to Black Kite's industry-leading platform that simplifies third-party risk management, leverages open-source intelligence and non-intrusive scans, offers automated and continuous monitoring, and quantifies third-party technical, financial, and compliance risk. Starting today, program members also have access to Black Kite's partner portal, which holds a library of sales and marketing materials, a formal deal registration process, and other enablement tools.

"Every organization needs third-party risk visibility and a means of determining the financial, brand, and reputational costs," said Paul Paget, CEO of Black Kite. "The Aviator partner program will make Black Kite's unique cyber risk and ransomware rating tools available to companies in the healthcare, financial services, manufacturing, and automotive verticals."

Black Kite offers a suite of cyber risk solutions to include the Ransomware Susceptibility IndexTM (RSITM), the OpenFairTM Tool, and a scalable platform that reduces vendor assessment times from weeks to hours.

The RSI calculates event susceptibility and identifies vendors most prone to ransomware. The OpenFair Tool is the first automated risk-assessment product that estimates the financial costs of cyber breaches in quantitative, easy-to-understand business terms for C-suite executives. The Black Kite platform keeps vendor risk assessments up-to-date, continuously monitoring for changes across 20 cybersecurity categories.

About Black Kite
One in four organizations suffered from a cyber attack in the last year, resulting in production, reputation, and financial losses. The real problem is adversaries attack companies via third parties, island-hopping their way into target organizations. Black Kite is redefining third-party risk management (TPRM) with the world's first global third-party cyber risk monitoring platform, built from a hacker's perspective. With 200+ customers across the globe and counting, we're committed to improving the health and safety of the entire planet's cyber ecosystem with the industry's most accurate and comprehensive cyber intelligence.

Spotlight

This is an introductory video for Cloud Pak for Security. Cloud Pak for Security is based on Open Shift technology. This means that it can be installed on-prem as well as on any of the cloud solutions like IBM Cloud, AWS, Microsoft Azure, Google Cloud etc. QRadar XDR is SIEM of SIEM. Typically in huge environments, there are multiple SIEMs being used. To get a birds eye view of the complete environment, the data needs to be copied from one SIEM to another. Rather than this, CP4S can be leveraged in such a scenario. The data does not need to move from SIEM to CP4S and still CP4S is capable to understand the security posture of an organisation, understand risk valuation, create and manage incidents based on the rich data and threat intel sources.

Spotlight

This is an introductory video for Cloud Pak for Security. Cloud Pak for Security is based on Open Shift technology. This means that it can be installed on-prem as well as on any of the cloud solutions like IBM Cloud, AWS, Microsoft Azure, Google Cloud etc. QRadar XDR is SIEM of SIEM. Typically in huge environments, there are multiple SIEMs being used. To get a birds eye view of the complete environment, the data needs to be copied from one SIEM to another. Rather than this, CP4S can be leveraged in such a scenario. The data does not need to move from SIEM to CP4S and still CP4S is capable to understand the security posture of an organisation, understand risk valuation, create and manage incidents based on the rich data and threat intel sources.

Related News

Enterprise Security, Platform Security, Software Security

ReasonLabs Releases Key Updates to Wi-Fi Security Product RAV VPN

PR Newswire | August 16, 2023

ReasonLabs, the cybersecurity pioneer equipping home users with the same level of cyber protection used by Fortune 500 companies, today announced major updates to its renowned RAV VPN. This latest release for desktop and Android incorporates significant security and infrastructure improvements, reinforcing RAV VPN's position as a complete, reliable, and user-friendly tool in the fight for online privacy and identity protection. The new releases ensure RAV VPN, both the desktop and mobile applications, provides Wi-Fi security wherever a user might be. With an updated RAV VPN, users can seamlessly browse the web with confidence, knowing that their data is encrypted and they are protected from threats such as Man-in-the-Middle attacks. RAV VPN is simple to install and extremely easy to use, making online privacy for all easily attainable. "As our digital landscape rapidly evolves, safeguarding our online presence becomes more essential than ever before," said Kobi Kalif, CEO and co-founder of ReasonLabs. "With an unwavering commitment to your digital privacy, we are proud to unveil our latest innovation to RAV VPN. We are redefining what security in the digital age means by delivering to home users the same cyber security protection that Fortune 100 companies use." Without sufficient Wi-Fi protection, a user's network can be susceptible to hacking, malware, and other privacy and security hazards. Bad actors can exploit these vulnerabilities to steal highly discreet information like financial details, social security numbers, email addresses, passwords, and more private data. To mitigate this, Wi-Fi protection from RAV VPN secures users' wireless networks to create an encrypted tunnel between their PC or Android device and the internet. RAV VPN is a part of ReasonLabs' industry-leading suite of consumer-focused cybersecurity products, which includes its flagship product, RAV Endpoint Protection, as well as an Endpoint Detection and Response, DNS, Parental Control App, and more. Led by cybersecurity, artificial intelligence, and machine learning experts, ReasonLabs delivers the highest levels of cybersecurity protection and privacy to home users worldwide. About ReasonLabs ReasonLabs is a leading cybersecurity company equipping tens of millions of home users with the same level of cyber protection utilized by Fortune 500 companies. Its AI-powered, next-generation antivirus engine scans billions of files around the world to predict and prevent cyberattacks in real time, 24/7. Its flagship product, RAV Endpoint Protection, together with its other products combine to form a multilayered solution that safeguards home users against next-generation threats. Co-founded in 2016 by seasoned cybersecurity expert Andrew Newman—an architect of Microsoft's native cybersecurity program, Microsoft Defender—ReasonLabs is based in New York and Tel Aviv. Learn more at https://www.ReasonLabs.com.

Read More

Enterprise Security, Platform Security, Software Security

Checkmarx Introduces Codebashing 2.0, the First AppSec Solution to Boost Developer Experience and Adoption with New Gamified User Interface

Prnewswire | July 24, 2023

Checkmarx, the global leader in application security solutions, has introduced Codebashing 2.0, its latest developer AppSec learning solution, equipping development teams with all the right skills to write secure code based on their roles and needs. Now offering an enhanced integration within the Checkmarx One™ Application Security Platform, Codebashing makes learning and developer adoption of application security (AppSec) frictionless and fully integrated into the development life cycle. With digital transformation increasing demands on software development teams, AppSec has become a critical area for large enterprises to reduce business risk even as less time is available for finding and fixing vulnerabilities in applications. In the interest of productivity and speed, most development teams work within integrated development environments (IDEs) and require security teams to prioritize and focus them on fixing key vulnerabilities. "The competing pressures of application time-to-deployment and AppSec risk reduction have long plagued and challenged development teams and CISOs," said Sandeep Johri, CEO at Checkmarx. "This new version of Codebashing is a game-changer for security teams to enable and provide knowledge and trust in handling vulnerabilities fixes. Its updated integration to the Checkmarx One platform solves some of the main challenges we constantly hear from CISOs and security teams seeking to improve the developer experience while also ensuring a secure and rapid pipeline of applications. These are critical elements of a successful digital transformation as enterprises continue their migration to the cloud." Learning key concepts within their familiar workspaces and applying those concepts from the first line of code to the last across all applications can significantly lower AppSec risk while boosting productivity. Codebashing 2.0 integrates fluidly into a developer's daily routine and workflow by offering "bite-sized" learning modules through Checkmarx One plugins within the developer's IDE. Designed by some of the industry's leading AppSec security researchers and engineers, Codebashing modules upskill developers' ability to write secure code from the very first line. Codebashing 2.0 offers a new way for security teams to better engage developers for AppSec adoption through a whole new experience and new gamified user interface. It includes a new Learning Path, which is a tailored professional skill tree that enables developers to continuously cultivate their expertise, stepping beyond the confines of one-time training sessions. The Learning Path is designed to be adaptive and personalized. Developers can select their unique path based on their specializations: Back-end, Front-end, or DevOps. This custom-tailored approach ensures that each developer is guided through the secure coding learning most pertinent to their specific role and responsibilities. Security Champion Program With Codebashing 2.0, Checkmarx has introduced the first in-market program to allow large enterprises to scale its AppSec program by training and certifying personnel from the engineering team as security champions. This certificate is backed by almost 20 years of AppSec expertise and includes a predefined training and certification including: Hours of gamified and comprehensive content such as quizzes and assessments to obtain and measure knowledge transfer Best practices critically needed by Security Champions. "The CISOs of global enterprise companies among our clients have repeatedly told us that two things are critical to building trust and collaboration between security and development teams: implementation of a proper framework of AppSec skills and methodologies and creating security champions among their developers. This is why we developed the first Security Champion Program in the market," said Ramon Herzlinger, General Manager of Codebashing at Checkmarx. "We invested extensively to ensure that all the relevant aspects are taught, including front-end, back-end, and DevOps-related knowledge and certification and based on feedbacks with customers who trailed it already, we are confident it is a major breakthrough in generating trust between security and development teams." Codebashing 2.0 includes a completely revamped user experience, new learning paths, and the most up to date AppSec learning content on the market covering the latest challenges and needs of development and security teams. With Codebashing 2.0, CISOs can identify gaps in knowledge about secure code capabilities fixes within their developers and help drive secure code awareness. For more information and to request the latest Codebashing 2.0 demo, visit this page. About Checkmarx Checkmarx is the leading application security provider, offering the industry's most comprehensive and innovative cloud-native platform, Checkmarx One™. Fueled by intelligence from our industry leading AppSec security research team, our products and services enable enterprises to shift everywhere in order to secure every phase of development for every application while simultaneously balancing the dynamic needs of CISOs, security teams, and development teams. We are honored to serve more than 1,800 customers, including 60 percent of Fortune 100 organizations, and are committed to moving forward with an unwavering dedication to the safety and security of our customers and the applications that power our day-to-day lives. Checkmarx. Make Shift Happen.

Read More

Enterprise Security, Platform Security, Software Security

ZeroFox Contributes to Open Source Amass Project to Help Businesses Manage Their External Attack Surface

Globenewswire | July 21, 2023

ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, highlights its recent contributions to the OWASP Amass Project in an ongoing effort to give businesses and government entities better visibility to their full external attack surface asset ecosystem. The recent additions to the project from the ZeroFox team provide more advanced tool sets for analysts to discover and catalog their internet-facing assets and exposures. The contributions create a new standard framework to lead the industry in a more cohesive approach to attack surface management. As organizations face increasingly sophisticated cyber threats, understanding and managing their external attack surface has become paramount. By leveraging its expertise in external cybersecurity, ZeroFox identified a critical gap in the attack surface management landscape and responded by spearheading the development of the Open Asset Model and Asset Database within the OWASP Amass Project. The Open Asset Model and Asset Database contributions offer security analysts a unified and structured approach to identifying and managing potential vulnerabilities outside the perimeter. The Open Asset Model provides a new standard for asset definitions, representing a comprehensive framework for describing and categorizing diverse internet-facing assets. The Amass community can quickly adapt the model to include new types of assets exposed on the Internet, and their relationships to each other, for more accurate discovery, tracking, monitoring, and management. The Asset Database implements this model, offering the database interaction layer to store discovered assets in the popular sqlite3 and PostgreSQL database management systems. The Asset Database will foster the development of an ecosystem of scanning and analysis tools, allowing them to store and analyze assets from the Open Asset Model and their relationships. These contributions directly benefit both existing Amass users and the broader attack surface management community in an effort to standardize asset definitions. The new standards now provide the information security community with a consistent and predictable format when transferring data describing external attack surfaces. "We are thrilled to contribute to the OWASP Amass Project and provide the security community with cutting-edge tools for Attack Surface Management," said Jeff Foley, VP of Research at ZeroFox. "By leveraging the power of open source, we aim to expand access to advanced cybersecurity capabilities, helping organizations proactively defend against emerging threats." These engineering contributions represent a continued commitment by ZeroFox to the open source community, OWASP, and the Amass Project. ZeroFox will continue to contribute to the Amass Project in an effort to enable the discovery, management, and protection of the external attack surface. By sharing its expertise and resources, ZeroFox aims to foster collaboration and innovation within the information security community, ultimately making the digital landscape safer for all users. About ZeroFox ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit www.zerofox.com for more information.

Read More