Home > News > featured news > BlueVoyant Research Reveals Defending Digital Supply Chains Remains a Business Challenge

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

BlueVoyant Research Reveals Defending Digital Supply Chains Remains a Business Challenge

BlueVoyant | November 14, 2022 | Read time : 02:50 min

BlueVoyant Research Reveals Defending Digital Supply Chains
BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released the findings of its third annual global survey into supply chain cyber risk management. The study reveals that 98% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain. This is up slightly from 97% of respondents last year. Digital supply chains are made of the external vendors and suppliers who have network access that could be compromised.

"The survey shows that supply chain cybersecurity risk has not decreased and, in fact, more enterprises than ever have reported being negatively impacted by a cybersecurity disturbance in their supply chain," said Adam Bixler, BlueVoyant's global head of supply chain defense. "The good news is that across industries and regions, organizations are making supply chain defense a priority, but these organizations need to better monitor suppliers and work with them to remediate issues to reduce their supply chain risk."

Other key survey findings include:

  • 40% of respondents rely on the third-party vendor or supplier to ensure adequate security.
  • In 2021, 53% of companies said they audited or reported on supplier security more than twice per year; that number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.
  • Budgets from supply chain defense are increasing, with 84% of respondents saying their budget has increased in the past 12 months.
  • The top pain points reported are internal understanding across the enterprise that suppliers are part of their cybersecurity posture, meeting regulatory requirements, and working with suppliers to improve their security.

"While supply chain defense is a challenge, there are solutions for enterprises to better defend against this risk," said James Rosenthal, BlueVoyant's CEO and co-founder. "Enterprises should continuously monitor their supply chain to be able to quickly remediate threats. As companies are being negatively impacted by supply chain disturbances, they must prioritize this risk with the appropriate budget."

The study was conducted by independent research organization, Opinion Matters, and recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief info security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organizations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense. It covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore.

The 2021 research was also conducted by Opinion Matters and recorded the views and experiences of 1,200 CTOs/CSOs/COOs/CIOs/CISOs/CPOs in similar enterprises and the same industries. It covered six countries: U.S., Canada, Germany, the Netherlands, the U.K., and Singapore.

Analysis of the responses from different commercial sectors revealed considerable variations in their experiences of supply chain risk:

  • While healthcare and pharmaceutical was the third-highest vertical in terms of experiencing greater board scrutiny for supply chain risk at 42%, the sector also indicates the lowest likelihood to increase budget for external resources to bolster supply chain cybersecurity, by a margin of 7% below the next closest vertical. This sector is also the least likely of any vertical (34%) to have no way of knowing if an issue arises with a third party's environment.
  • The energy sector was most likely to report negative impact from at least one supply chain breach in the last year (99%) but 49% are monitoring supply chain cyber risk regularly or in real time, and 44% are updating senior leadership monthly or more frequently. In addition, energy companies say they are increasing their budget for supply chain cyber risk by an average of 60%.
  • In manufacturing, 64% of respondents say that supply chain cyber risk is on their radar and 44% say they have established an integrated enterprise risk management program.

About BlueVoyant
BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.

Spotlight

5 KEY BENEFITS OF JUNIPER’S MIST AI

Why Choose Myriad360 & Juniper? Myriad360 is a technology consultancy and integrator that has been recognized for excellence by Juniper Networks in the category of Data Center & Cloud for their ability to develop innovative data center and cloud-integrated network solutions with Juniper’s technology. Looking to improve your netw

More featured news

Spotlight

5 KEY BENEFITS OF JUNIPER’S MIST AI

Why Choose Myriad360 & Juniper? Myriad360 is a technology consultancy and integrator that has been recognized for excellence by Juniper Networks in the category of Data Center & Cloud for their ability to develop innovative data center and cloud-integrated network solutions with Juniper’s technology. Looking to improve your netw

Related News

DATA SECURITY, ENTERPRISE IDENTITY, NETWORK THREAT DETECTION

ForgeRock is the First Identity Platform to Fully Eliminate Passwords

ForgeRock | March 21, 2023

ForgeRock®, a global digital identity leader, today announced ForgeRock Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations. Enterprise Connect Passwordless is the latest addition to ForgeRock’s industry-leading, passwordless authentication portfolio for consumer and workforce use cases. Developed through ForgeRock’s strategic partnership with Secret Double Octopus, the new solution, integrated into ForgeRock Identity Platform, protects the most commonly used and vulnerable enterprise resources such as servers, workstations, remote desktops, and VPNs. It helps large enterprises proactively defend against costly cyber-attacks and unauthorized access by providing a passwordless experience to legacy applications, systems and services. In turn, organizations can deliver an employee experience that empowers people to access their information without needing to know a password. “The move to passwordless authentication will fundamentally change every digital experience on the planet, starting with the most common experience of all - logging in,” said Peter Barker, Chief Product Officer, ForgeRock. “With the addition of Enterprise Connect Passwordless, ForgeRock is the only solution to offer a full spectrum of passwordless capabilities that help employees and consumers say goodbye to remembering their passwords.” Organizations deploying ForgeRock Enterprise Connect Passwordless become a more secure enterprise by removing employee interaction with passwords, and reducing the risk of compromise. Benefits include eliminating employee account lockouts and reducing the volume of IT tickets, which can lower operational costs from help desk interactions, increase workforce productivity and enhance the user experience. Removing Passwordless Orchestration and Deployment Complexities ForgeRock Enterprise Connect Passwordless uses next generation identity orchestration capabilities that allow enterprises to easily design and implement passwordless login and access journeys tailored to their unique security and experience needs. With ForgeRock, organizations now have the freedom to move to passwordless at their own pace – without it being an “all or nothing” experience. “When an organization decides it wants to go passwordless to improve user experiences, that can be a heavy lift, made lighter when accompanied by user journey orchestration technology,” said Jay Bretzmann, Research Vice President, Security Products, IDC. “The ability to rapidly create login experiences tailored to groups of diverse individuals is an imperative for modern enterprises. Orchestration not only provides the tools to do this, but also the ability to ‘fine-tune’ journeys in real-time. What used to take programmers and developers weeks or months can now be accomplished by non-technical IT or identity staff for a fraction of the time and cost.” Available in Q2, Enterprise Connect Passwordless augments the company’s existing passwordless capabilities, adding to the ongoing work ForgeRock has been doing to eliminate consumer passwords for more than a decade. A History of Paving the Passwordless Path for Enterprises The ForgeRock Identity Platform has an extensive history of providing organizations several options to help deploy passwordless authentication for mobile and web applications to reduce fraud and improve the user experience. ForgeRock can accelerate passwordless deployment with integration for applications, support for identity standards, easy to use workflows to enable workforce and CIAM passwordless user journeys, and web-based passwordless authentication through a browser using passkeys in their mobile devices. ForgeRock already supports passwordless authentication capabilities through FIDO2 WebAuthn standards and passkeys within the ForgeRock Identity Cloud, low-code, no-code access orchestration with ForgeRock Intelligent Access and AI-driven threat protection within ForgeRock Autonomous Access. ForgeRock also has alliances with partners that have developed curated FIDO solutions for many different types of applications. About ForgeRock ForgeRock® is a global digital identity leader helping people simply and safely access the connected world. The ForgeRock Identity Platform delivers enterprise-grade identity solutions at scale for customers, employees, and connected devices. More than 1,300 organizations depend on ForgeRock’s comprehensive platform to manage and secure identities with identity orchestration, dynamic access controls, governance, and APIs in any cloud or hybrid environment.

Read More

SECURITY AUDIT AND COMPLIANCE, SOFTWARE SECURITY

Acalvio Introduces Active Defense-Based Identity Threat Detection and Response (ITDR) Solution

Acalvio Technologies | February 10, 2023

On February 9, 2023, Acalvio Technologies, the market leader in cyber deception technology, announced the release of its Identity Threat Detection and Response solution, which provides visibility and control of the identity attack surface area and a cutting-edge active defense against identity threats. By adding Active Defense, Acalvio's ITDR solution transforms the environment not only to detect and repel cyber assaults but also to collect threat information to get a deeper understanding of the adversary and better train future defenders. "Modern identity threats can subvert traditional identity and access management (IAM) preventive controls, such as multi-factor authentication (MFA). This makes Identity Threat Detection and Response (ITDR) a top cybersecurity priority for 2022 and beyond." According to October 2022 research from Gartner Acalvio's patent-protected, unique, and comprehensive ITDR solution is the foundation for building and maintaining a robust zero-trust security model. It enhances identity protection in three important ways Active Defense against malicious activity: ShadowPlex Advanced Threat Defense from Acalvio generates a rich and broad collection of honey accounts that are automatically blended into Active Directory and distribute honey tokens throughout the company network for malicious actors to locate and exploit. It also identifies tools for stealing credentials by presenting options to use deception. Identity Attack Surface Management: ShadowPlex Identity Protection outlines the attack surface in identity repositories such as Microsoft Active Directory and Azure Active Directory, as well as the credential caches on different endpoints. This enables a comprehensive study of identity misconfigurations and possible attack vectors via vulnerable relationships, cached credentials, and linkages for lateral movement. Extensive integrations with the security ecosystem: The ITDR solution from Acalvio integrates with an enterprise's existing SIEM, EDR, SOAR, NAC, and other security solutions to understand the environment's assets, automatically deploy deception across the enterprise, detect the use of decoy credentials, and enable a variety of automated real-time responses. About Acalvio Technologies Acalvio, the market leader in cyber deception technology, assists businesses in proactively defending against sophisticated security attacks. Built on 25 granted patents for autonomous deception and sophisticated AI, the Acalvio Active Defense Platform offers comprehensive solutions for ITDR, advanced threat detection, zero trust, OT security, active directory protection, and ransomware protection. The Silicon Valley-based firm's solutions serve Fortune 500 companies and government organizations and are deployable on-premises, in the cloud, or via renowned managed service providers.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Privacera Announces Integration with Databricks Unity Catalog

Privacera | February 23, 2023

On February 22, 2023, Privacera, a leading SaaS-based data security and access governance platform, announced its integration with Databricks Unity Catalog. Through this integration, users of both Privacera and Databricks can now facilitate data discovery and access across the Databricks Lakehouse Platform, including seamless migration of existing Privacera policies. Privacera increases the ability of its users to provide a holistic unified data security platform, protecting all data assets, including modern cloud-native data warehouses, on-premise legacy data sources, modern data lakehouses, and data mesh architectures. Users can trial these capabilities and spin up Privacera and Databricks together through pre-configured integration settings on Databricks Partner Connect, simplifying the process of testing a secure, well-governed data lakehouse with minimal administrative effort. The Unity Catalog integration supports table/view level access control, dynamic column-level data masking, dynamic row-level filtering, attribute-based access control, tag-based policies, and file/object level access control. Privacera enables enterprise data teams to protect sensitive data and promote privacy by securely managing data access policies across multiple on-premise, hybrid, and multi-cloud data sources, automating manual governance processes to reduce time to insights. It is the only open-standards-based data security governance firm, natively integrating with the most popular data and analytic sources. Its scalable and data query performance architecture has made it the solution of choice for many Fortune 500 organizations worldwide. Privacera's CEO Balaji Ganesan commented, "Securing and governing the modern data lakehouse is a non-trivial challenge for its users and that's why we've invested in extending our modern data security governance capabilities to the Unity Catalog-powered data lakehouse." He further emphasized, "Our users can seamlessly apply the security and governance controls to Unity Catalog and other sources with ease and at scale, and through a proven, open security standard." About Privacera Privacera is a SaaS-based data security and access governance platform established in 2016 by the founders of Apache Ranger™ and Apache Atlas™. The platform enables data and security teams to simplify data security, access and privacy for data applications and analytical workloads. Its centralized data access governance platform extends beyond traditional Big Data environments to cloud-native services and analytics platforms such as AWS, GCP, Azure and Databricks and enables data democratization without compromising on compliance with data access control, data discovery, and encryption. In addition, the platform ensures compliance with regulations such as GDPR, LGPD, CCPA, and HIPAA while maximizing usability for data science and analytics teams.

Read More

DATA SECURITY, ENTERPRISE IDENTITY, NETWORK THREAT DETECTION

ForgeRock is the First Identity Platform to Fully Eliminate Passwords

ForgeRock | March 21, 2023

ForgeRock®, a global digital identity leader, today announced ForgeRock Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations. Enterprise Connect Passwordless is the latest addition to ForgeRock’s industry-leading, passwordless authentication portfolio for consumer and workforce use cases. Developed through ForgeRock’s strategic partnership with Secret Double Octopus, the new solution, integrated into ForgeRock Identity Platform, protects the most commonly used and vulnerable enterprise resources such as servers, workstations, remote desktops, and VPNs. It helps large enterprises proactively defend against costly cyber-attacks and unauthorized access by providing a passwordless experience to legacy applications, systems and services. In turn, organizations can deliver an employee experience that empowers people to access their information without needing to know a password. “The move to passwordless authentication will fundamentally change every digital experience on the planet, starting with the most common experience of all - logging in,” said Peter Barker, Chief Product Officer, ForgeRock. “With the addition of Enterprise Connect Passwordless, ForgeRock is the only solution to offer a full spectrum of passwordless capabilities that help employees and consumers say goodbye to remembering their passwords.” Organizations deploying ForgeRock Enterprise Connect Passwordless become a more secure enterprise by removing employee interaction with passwords, and reducing the risk of compromise. Benefits include eliminating employee account lockouts and reducing the volume of IT tickets, which can lower operational costs from help desk interactions, increase workforce productivity and enhance the user experience. Removing Passwordless Orchestration and Deployment Complexities ForgeRock Enterprise Connect Passwordless uses next generation identity orchestration capabilities that allow enterprises to easily design and implement passwordless login and access journeys tailored to their unique security and experience needs. With ForgeRock, organizations now have the freedom to move to passwordless at their own pace – without it being an “all or nothing” experience. “When an organization decides it wants to go passwordless to improve user experiences, that can be a heavy lift, made lighter when accompanied by user journey orchestration technology,” said Jay Bretzmann, Research Vice President, Security Products, IDC. “The ability to rapidly create login experiences tailored to groups of diverse individuals is an imperative for modern enterprises. Orchestration not only provides the tools to do this, but also the ability to ‘fine-tune’ journeys in real-time. What used to take programmers and developers weeks or months can now be accomplished by non-technical IT or identity staff for a fraction of the time and cost.” Available in Q2, Enterprise Connect Passwordless augments the company’s existing passwordless capabilities, adding to the ongoing work ForgeRock has been doing to eliminate consumer passwords for more than a decade. A History of Paving the Passwordless Path for Enterprises The ForgeRock Identity Platform has an extensive history of providing organizations several options to help deploy passwordless authentication for mobile and web applications to reduce fraud and improve the user experience. ForgeRock can accelerate passwordless deployment with integration for applications, support for identity standards, easy to use workflows to enable workforce and CIAM passwordless user journeys, and web-based passwordless authentication through a browser using passkeys in their mobile devices. ForgeRock already supports passwordless authentication capabilities through FIDO2 WebAuthn standards and passkeys within the ForgeRock Identity Cloud, low-code, no-code access orchestration with ForgeRock Intelligent Access and AI-driven threat protection within ForgeRock Autonomous Access. ForgeRock also has alliances with partners that have developed curated FIDO solutions for many different types of applications. About ForgeRock ForgeRock® is a global digital identity leader helping people simply and safely access the connected world. The ForgeRock Identity Platform delivers enterprise-grade identity solutions at scale for customers, employees, and connected devices. More than 1,300 organizations depend on ForgeRock’s comprehensive platform to manage and secure identities with identity orchestration, dynamic access controls, governance, and APIs in any cloud or hybrid environment.

Read More

SECURITY AUDIT AND COMPLIANCE, SOFTWARE SECURITY

Acalvio Introduces Active Defense-Based Identity Threat Detection and Response (ITDR) Solution

Acalvio Technologies | February 10, 2023

On February 9, 2023, Acalvio Technologies, the market leader in cyber deception technology, announced the release of its Identity Threat Detection and Response solution, which provides visibility and control of the identity attack surface area and a cutting-edge active defense against identity threats. By adding Active Defense, Acalvio's ITDR solution transforms the environment not only to detect and repel cyber assaults but also to collect threat information to get a deeper understanding of the adversary and better train future defenders. "Modern identity threats can subvert traditional identity and access management (IAM) preventive controls, such as multi-factor authentication (MFA). This makes Identity Threat Detection and Response (ITDR) a top cybersecurity priority for 2022 and beyond." According to October 2022 research from Gartner Acalvio's patent-protected, unique, and comprehensive ITDR solution is the foundation for building and maintaining a robust zero-trust security model. It enhances identity protection in three important ways Active Defense against malicious activity: ShadowPlex Advanced Threat Defense from Acalvio generates a rich and broad collection of honey accounts that are automatically blended into Active Directory and distribute honey tokens throughout the company network for malicious actors to locate and exploit. It also identifies tools for stealing credentials by presenting options to use deception. Identity Attack Surface Management: ShadowPlex Identity Protection outlines the attack surface in identity repositories such as Microsoft Active Directory and Azure Active Directory, as well as the credential caches on different endpoints. This enables a comprehensive study of identity misconfigurations and possible attack vectors via vulnerable relationships, cached credentials, and linkages for lateral movement. Extensive integrations with the security ecosystem: The ITDR solution from Acalvio integrates with an enterprise's existing SIEM, EDR, SOAR, NAC, and other security solutions to understand the environment's assets, automatically deploy deception across the enterprise, detect the use of decoy credentials, and enable a variety of automated real-time responses. About Acalvio Technologies Acalvio, the market leader in cyber deception technology, assists businesses in proactively defending against sophisticated security attacks. Built on 25 granted patents for autonomous deception and sophisticated AI, the Acalvio Active Defense Platform offers comprehensive solutions for ITDR, advanced threat detection, zero trust, OT security, active directory protection, and ransomware protection. The Silicon Valley-based firm's solutions serve Fortune 500 companies and government organizations and are deployable on-premises, in the cloud, or via renowned managed service providers.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Privacera Announces Integration with Databricks Unity Catalog

Privacera | February 23, 2023

On February 22, 2023, Privacera, a leading SaaS-based data security and access governance platform, announced its integration with Databricks Unity Catalog. Through this integration, users of both Privacera and Databricks can now facilitate data discovery and access across the Databricks Lakehouse Platform, including seamless migration of existing Privacera policies. Privacera increases the ability of its users to provide a holistic unified data security platform, protecting all data assets, including modern cloud-native data warehouses, on-premise legacy data sources, modern data lakehouses, and data mesh architectures. Users can trial these capabilities and spin up Privacera and Databricks together through pre-configured integration settings on Databricks Partner Connect, simplifying the process of testing a secure, well-governed data lakehouse with minimal administrative effort. The Unity Catalog integration supports table/view level access control, dynamic column-level data masking, dynamic row-level filtering, attribute-based access control, tag-based policies, and file/object level access control. Privacera enables enterprise data teams to protect sensitive data and promote privacy by securely managing data access policies across multiple on-premise, hybrid, and multi-cloud data sources, automating manual governance processes to reduce time to insights. It is the only open-standards-based data security governance firm, natively integrating with the most popular data and analytic sources. Its scalable and data query performance architecture has made it the solution of choice for many Fortune 500 organizations worldwide. Privacera's CEO Balaji Ganesan commented, "Securing and governing the modern data lakehouse is a non-trivial challenge for its users and that's why we've invested in extending our modern data security governance capabilities to the Unity Catalog-powered data lakehouse." He further emphasized, "Our users can seamlessly apply the security and governance controls to Unity Catalog and other sources with ease and at scale, and through a proven, open security standard." About Privacera Privacera is a SaaS-based data security and access governance platform established in 2016 by the founders of Apache Ranger™ and Apache Atlas™. The platform enables data and security teams to simplify data security, access and privacy for data applications and analytical workloads. Its centralized data access governance platform extends beyond traditional Big Data environments to cloud-native services and analytics platforms such as AWS, GCP, Azure and Databricks and enables data democratization without compromising on compliance with data access control, data discovery, and encryption. In addition, the platform ensures compliance with regulations such as GDPR, LGPD, CCPA, and HIPAA while maximizing usability for data science and analytics teams.

Read More

More featured news