SOFTWARE SECURITY

Black Kite Launches Aviator Partner Program to Expand Deployment of Trusted Cyber Risk Ratings Solutions

Black Kite | August 20, 2021

Black Kite, the trusted cyber risk ratings company, today launched the Black Kite Aviator partner program. Aviator enables IT solutions providers to bolster their portfolio of cyber risk services and help customers secure their supply chains. More than 50 companies have already signed on to the Aviator program.

Aviator partner program members will have access to Black Kite's industry-leading platform that simplifies third-party risk management, leverages open-source intelligence and non-intrusive scans, offers automated and continuous monitoring, and quantifies third-party technical, financial, and compliance risk. Starting today, program members also have access to Black Kite's partner portal, which holds a library of sales and marketing materials, a formal deal registration process, and other enablement tools.

"Every organization needs third-party risk visibility and a means of determining the financial, brand, and reputational costs," said Paul Paget, CEO of Black Kite. "The Aviator partner program will make Black Kite's unique cyber risk and ransomware rating tools available to companies in the healthcare, financial services, manufacturing, and automotive verticals."

Black Kite offers a suite of cyber risk solutions to include the Ransomware Susceptibility IndexTM (RSITM), the OpenFairTM Tool, and a scalable platform that reduces vendor assessment times from weeks to hours.

The RSI calculates event susceptibility and identifies vendors most prone to ransomware. The OpenFair Tool is the first automated risk-assessment product that estimates the financial costs of cyber breaches in quantitative, easy-to-understand business terms for C-suite executives. The Black Kite platform keeps vendor risk assessments up-to-date, continuously monitoring for changes across 20 cybersecurity categories.

About Black Kite
One in four organizations suffered from a cyber attack in the last year, resulting in production, reputation, and financial losses. The real problem is adversaries attack companies via third parties, island-hopping their way into target organizations. Black Kite is redefining third-party risk management (TPRM) with the world's first global third-party cyber risk monitoring platform, built from a hacker's perspective. With 200+ customers across the globe and counting, we're committed to improving the health and safety of the entire planet's cyber ecosystem with the industry's most accurate and comprehensive cyber intelligence.

Spotlight

We at Kentico recognize web security as crucial aspect of our system. As we want to prepare and provide a highly secure web content management system, we prepared a document for developers, which describes writing of secure code. This paper has started as an internal guide for our developers, but we decided that it could be helpful to all web developers using Kentico CMS.

Spotlight

We at Kentico recognize web security as crucial aspect of our system. As we want to prepare and provide a highly secure web content management system, we prepared a document for developers, which describes writing of secure code. This paper has started as an internal guide for our developers, but we decided that it could be helpful to all web developers using Kentico CMS.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

ReasonLabs' RAV Endpoint Protection Achieves Gold OPSWAT Access Control Certification for Endpoint Security Applications

ReasonLabs | September 05, 2022

ReasonLabs, a leading cybersecurity company providing enterprise-grade protection to users all around the world, has today announced that its RAV Endpoint Protection solution has received Gold Certification from Access Technologies (OPSWAT), a leader in critical infrastructure protection. OPSWAT's Access Control Certification Program provides reliable and consistent metrics for validating the effectiveness of anti-malware products and establishing device trust. The program's Gold certification badge is awarded to applications that achieve access control compatibility. "Achieving Gold Certification in OPSWAT's Access Control Center Program further validates RAV Endpoint Protection as an industry-leading next-generation consumer solution. "The certification has created an easy way for customers to validate our solution's capabilities. End users can be assured that RAV Endpoint Protection secures endpoints with a high degree of confidence." Kobi Kalif, CEO of ReasonLabs ReasonLabs is the first Next-Generation Antivirus (NGAV) software with Endpoint Detection and Response (EDR) capabilities built specifically for home users. Whereas traditional antiviruses use a one-to-one detection technology to fight breaches and malware, ReasonLabs's intuitive engine utilizes a variety of technologies and techniques to predict and prevent virus attacks. By leveraging machine learning algorithms and AI, RAV Endpoint Protection sorts through millions of files to easily identify potentially hazardous ones and ensures proactive detection and resolution of the most complex malware. "From OPSWAT's inception, we have pioneered the concept of zero trust," said Benny Czarny, founder and CEO of OPSWAT. "The OPSWAT Access Control Certification Program extends this idea to IT System Administrators by relieving them from the daunting task of researching, testing and identifying the right endpoint anti-malware and encryption solutions by having us test it for them. We've done the work and verified applications that meet our exacting zero trust standards." Since RAV Endpoint Protection utilizes state-of-the-art EDR technology powered by artificial intelligence, ReasonLabs is able to provide the strongest defense for customers' personal assets. By utilizing an EDR approach, RAV is able to detect threats virtually anywhere, in contrast to systems built with a legacy one-to-one detection method. When coupled with its other security products including RAV VPN, RAV Safer Web, RAV Online Security, and FamilyKeeper, users can feel confident knowing every single endpoint is secured. "We developed the OPSWAT Access Control Certification Program to recognize the very best security solutions in the market, and ReasonLabs' RAV Endpoint Protection solution has met these demanding requirements," said Hamid Karimi, VP Technology Alliances and OEM at OPSWAT. "Gold certification is a badge of trust that certifies that a vendor's solutions do what they say they do and are effective against the latest emerging threats. IT professionals who are looking for the most effective antivirus solutions rely on Gold Certified vendors, and now they should consider ReasonLabs' RAV Endpoint Protection." About ReasonLabs ReasonLabs is a cybersecurity pioneer equipping tens of millions of families and individuals worldwide with the same level of cyber protection enjoyed by Fortune 500 companies. Its AI-powered, next-generation antivirus engine scans billions of files around the world to predict and prevent cyberattacks in real-time, 24/7. Its flagship product, RAV Endpoint Protection, together with its other products combine to form a multilayered solution that safeguards home users against next-generation threats. Co-Founded in 2016 by seasoned cybersecurity expert Andrew Newman—an architect of Microsoft's native cybersecurity program, Microsoft Defender—ReasonLabs is based in New York and Tel Aviv.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Security Compass Releases New Developer-Centric Threat Modeling Capabilities in SD Elements in Support of New Secure Software Development Guidelines

Security Compass | October 19, 2022

Security Compass, a leading cybersecurity solution provider, today announced the release of SD Elements 2022.3, which offers new capabilities that make it easier for software developers to identify software application security threats and exactly where to implement countermeasures to mitigate the risks. The latest version of SD Elements also includes new security content that allows software development organizations to demonstrate compliance with the latest threat modeling and secure development best practices from the National Institute of Standards and Technology (NIST) referenced in Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity.” The new SD Elements capabilities help organizations comply with the latest NIST software threat modeling and secure development standards, even when security knowledge and availability of security experts is limited. Other benefits include improved collaboration among security, software development, hardware engineering, and DevOps teams, and reduced time and costs associated with software threat modeling and demonstrating compliance with multiple security standards and regulations such as EO 14028 as well as with more than 80 other secure development industry regulations and guidelines. Key updates to SD Elements 2022.3 include: Developer-centric threat modeling diagram enhancements: Surfacing threats is important, but knowing where threats are and how to prioritize and mitigate them is even more important. New threat modeling diagram enhancements help software development and application security teams better understand where the threat exists, which threats to prioritize for remediation first, and exactly where countermeasures should be applied. New customizable dashboards in Advanced Reporting: New dashboards enable application security teams to identify the most prevalent threats and weaknesses across the organization’s software portfolio, as well as perform in-depth analyses of their software security and compliance posture on both a per-project basis, as well as across their entire software portfolio. New security content: New security content helps organizations meet U.S. federal government security requirements in accordance with Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity;” new Ansible infrastructure as code (IaC) and automotive supply chain (UNECE WP.29 / R155) security content helps ensure software development teams have the guidance they need to ensure the code they write complies with secure development best practices. New integrations: The extensive SD Elements integration ecosystem now includes a new integration for Micro Focus Fortify on Demand. New just-in-time training content: 34 new Terraform Infrastructure as Code (IaC) and Payment Card Industry (PCI) Software Security Framework (SSF) just-in-time training micro-modules have been added to the existing library of over 800 just-in-time training micromodules already included in SD Elements. New developer-centric eLearning courses: New eLearning courses for Terraform, PCI SSF, the OWASP top 10, and OAuth Security Fundamentals have been added to the existing library of more than 40 Security Compass eLearning courses focused on application security, operational security, compliance, and secure coding best practices. “The importance of software threat modeling continues to grow. “NIST now recommends that software developers follow secure software development best practices and perform software threat modeling multiple times during development, especially when developing new capabilities. All companies that sell (or want to sell) software to the U.S. federal government, whether directly or through resellers or other channels, must comply with EO 14028 by September 15, 2023, and should therefore quickly begin assessing their compliance with the latest NIST guidance and develop action plans to address any gaps.” Trevor Young, Chief Product Officer, Security Compass For more details about the latest capabilities in SD Elements, click here, or register to attend the upcoming webinar, “How to Speed Up Software Threat Modeling, Threat Remediation, and NIST Software Supply Chain Security Compliance” on Nov. 16, 2022 at 1:00pm ET. About Security Compass Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

ThreatX Launches Robust Online Training to Increase Access to Cybersecurity Expertise

ThreatX | November 17, 2022

ThreatX, the leading API protection platform, today announced the launch of the ThreatX Academy, an online portal hosting an extensive library of cybersecurity training modules. These courses provide an accessible and approachable opportunity for those looking to begin, or advance, their cybersecurity careers. ThreatX is providing all foundational 100-level content at no charge. Training content spans many areas of cybersecurity, including Application Security, Data Protection and Privacy, Networking, Secure DevOps and Wireless Security, among others. The need for cybersecurity professionals has been growing at a rapid pace, and that demand is expected to continue. The number of unfilled cybersecurity positions worldwide grew 350% between 2013 and 2021 (from 1 million to 3.5 million). Further, it is predicted that the same number of jobs will still be open in 2025. This cybersecurity skills gap, along with the accelerated pace at which both technology and cyberattackers’ tactics are evolving, has made protecting digital assets increasingly difficult for businesses. In fact, 80% of organizations suffered one or more breaches due to a lack of cybersecurity skills and/or awareness within the last 12 months, underscoring the need for solid and robust training content. Alongside Massachusetts-based training company, Security Innovation, ThreatX developed more than 140 hours of online security training videos beginning at an introductory level and progressing to more advanced subjects, such as Blockchain Security and Automating Security Updates. All 100-level content will be available free of charge, while 200 and 300-level content will be accessible via subscription. Through the integrated learning management platform, users will be able to consume the content in sequential fashion and earn certifications. The ThreatX Academy experience is powered by Raven360, a Massachusetts-based digital Academy business. ThreatX will share all content, free of charge, with select nonprofit organizations, including participants of the Massachusetts Rehabilitation Commission’s (MRC) Networking Technology Program. In addition, ThreatX Academy has partnered with (ISC)2 and is now an approved (ISC)2 CPE Submitter Partner. ThreatX content may count toward (ISC)2 CPE credits. (ISC)², is an international nonprofit cybersecurity professional organization. Through (ISC)², members can earn several well-established security certifications, including: CISSP Certified in Cybersecurity SSCP - Security Administration CCSP - Cloud Security CSSLP - Software Security In order to maintain these certifications, members must earn Continuing Professional Education (CPE) Credits. Through ThreatX’s partnership with (ISC)², security practitioners will now be able to earn CPE Credits for consuming ThreatX Academy content. “Cybersecurity is a continuous learning experience, and the need for training resources in the industry is only growing stronger. “We are excited to announce the launch of ThreatX Academy, and we look forward to advancing the program in the future as part of our broader effort to close cybersecurity’s ongoing talent gap.” Gene Fay, CEO of ThreatX About ThreatX ThreatX’s API protection platform and complete managed services make the world safer by protecting APIs from all threats, including DDoS attempts, complex botnets, zero-day and multi-mode attacks. ThreatX applies artificial intelligence and machine learning to detect and respond to even the slightest indicators of suspicious activity in real-time. Today, ThreatX protects APIs for companies in every industry across the globe.

Read More