DATA SECURITY

Certified as Coupa Business Spend Management Platform Ready SecurityScorecard Security Ratings

prnewswire | January 06, 2021

SecurityScorecard, the worldwide pioneer in network protection evaluations, today reported it has incorporated with Coupa Software (NASDAQ: COUP) to offer its Security Ratings information in the Coupa Business Spend Management (BSM) Platform. Coupa ensured SecurityScorecard's Security Ratings for use inside its cloud-based stage that engages organizations around the globe with the perceivability and control they need to settle on more brilliant spending choices.

The coordination makes SecurityScorecard's information accessible in the Coupa BSM Platform, empowering clients to effectively comprehend and quantify the online protection stance of any association. With the reconciliation, obtainment experts can:

Survey Vendor Cybersecurity Posture: View the general evaluation, the 10 factor evaluations of information that include a merchant's SecurityScorecard Security Rating, alongside discoveries related with each factor

Assess a Vendor's Historical Performance: With admittance to a half year of a sellers' score history, Coupa clients can comprehend an organization's recorded exhibition

Organize Vendors for Review: Use SecurityScorecard Security Ratings to figure out which merchants to organize for more profound surveys dependent on their online protection hazard act

Build up Required Minimum Scores: Determine gauge SecurityScorecard grades for sellers and afterward influence nonstop observing to guarantee merchants stay on target

Draw in Vendors: Invite sellers to join SecurityScorecard for nothing so they can improve scores by following up on issue-level remediation direction

"As more organizations work with an increased number of third parties and expand their own digital footprint, the need for measuring the cybersecurity risk at scale is imperative now," said Roger Goulart, senior vice president of Business Development and Alliances at Coupa. "We're proud to integrate with SecurityScorecard to give our customers even greater cybersecurity risk insights and enable our customers to instantly rate, benchmark, and monitor the cybersecurity posture of their vendors."

As an affirmed CoupaLink arrangement, the SecurityScorecard coordination for Coupa meets the prerequisites set up by Coupa through its CoupaLink Certified Technology program. The CoupaLink program empowers programming accomplices to fabricate correlative arrangements that effectively interface into the Coupa stage. Clients advantage by improving their business spend and diminishing business hazard while decreasing the expense of outsider programming incorporation.

"Connecting SecurityScorecard Security Ratings into the Coupa Business Spend Management Platform provides our joint customers with a streamlined way to increase their visibility into vendor risk and decrease their overall risk exposure," said Randy Streu, Vice President of Strategic Alliances at SecurityScorecard. "We look forward to our relationship with Coupa to further help customers transform the way they assess vendor cyber health as a critical part of managing their business spend."

About SecurityScorecard
SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 1,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.

Spotlight

ICS attacks are growing ... fast. Industrial control systems (ICS) and SCADA systems are subject to cyber attack, just like any digitally connected system. Because the potential devastation is so high, Recorded Future conducted a study to learn more about the risks. Our aim in this study was to understand the available and known capabilities for attacks on ICS systems. What we found was a worrying trend of ICS exploits available and ready to be exploited.

Spotlight

ICS attacks are growing ... fast. Industrial control systems (ICS) and SCADA systems are subject to cyber attack, just like any digitally connected system. Because the potential devastation is so high, Recorded Future conducted a study to learn more about the risks. Our aim in this study was to understand the available and known capabilities for attacks on ICS systems. What we found was a worrying trend of ICS exploits available and ready to be exploited.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

ISG Partners With cyberconIQ on Human Side of Cybersecurity

ISG | September 20, 2022

Information Services Group, a leading global technology research and advisory firm, said today it is has formed a partnership with cyberconIQ, a cybersecurity platform and advisory company, to address the human side of cybersecurity. Under the new partnership, ISG Cybersecurity will be able to offer its clients the capabilities of cyberconIQ’s Human Defense Platform, a SaaS-based solution that helps mitigate the human factors that create cyber risk, while cyberconIQ will be able to offer its customers access to the full range of ISG Cybersecurity services. “People are one of the biggest risks to enterprise cybersecurity,” said Doug Saylors, partner and co-leader of ISG Cybersecurity. “Some 85 percent of breaches today involve human error, with breaches caused by phishing attempts up 25 percent in the last year alone. To combat this problem, enterprises need to strengthen their cybersecurity culture and help people become their own—and their employers’—best protection against cyber threats.” Saylors said the partnership with cyberconIQ will enable ISG Cybersecurity to offer its clients a platform-based approach to identify individual risk styles among employees, increase overall security awareness, and actively monitor, measure, model and manage people-related cyber risk. “The solution set of cyberconIQ is a welcome addition to ISG Cybersecurity’s market-leading portfolio of advisory, benchmarking, sourcing, organizational change management and third-party risk management capabilities,” Saylors said. CyberconIQ’s Human Defense Platform is proven to reduce people-related cyber risk by up to 95 percent, said the company’s CEO and Founder Dr. James Norrie. “We are able to substantially reduce cyber risk by leveraging our CYBERology™ approach – the intersection of cybersecurity and psychology,” said Norrie. “We embed behavioral science methods targeting changes in on-the-job behavior into all of our cybersecurity solutions.” The cyberconIQ offering includes the patented myQ Risk-Style Questionnaire, unIQue Security Awareness Education modules, cybermetrIQs Cyber Risk Dashboard, phishFixIQ Phishing Simulation and Remediation solution, and leaderIQ adaptive learning approach to creating a risk-aware and compliant culture. “We are excited to be working with ISG and its blue-chip client roster to bring the benefits of our human-centered approach to cybersecurity to more organizations,” Norrie said. “Working together, our combination of technology and people-based approaches will help companies significantly improve their cyber defenses and risk awareness.” ISG Cybersecurity is a unit of ISG that helps enterprise clients increase their cybersecurity maturity in line with their overall digital transformations. The unit helps clients assess and benchmark their cybersecurity programs, develop a cybersecurity strategy, design and implement their cybersecurity operating model, design overall solutions and select appropriate vendors, manage third-party risk and create and execute cybersecurity awareness and training programs. About cyberconIQ Headquartered in York, Penn., cyberconIQ was founded with the knowledge that technical approaches to cybersecurity alone do not address the prevalent issues we face today. With years of research and development with financial industry leaders, Dr. James Norrie discovered that our foundational CYBERology™ approach – the intersection of cybersecurity and psychology – would improve security outcomes and would advance the risk and compliance culture within organizations world-wide. With proven results that are 8 - 10x more effective than generic training alternatives, cyberconIQ's platform measurably reduces the risk of a human-factors cybersecurity breach or data leak. About ISG ISG is a leading global technology research and advisory firm. A trusted business partner to more than 800 clients, including more than 75 of the world’s top 100 enterprises, ISG is committed to helping corporations, public sector organizations, and service and technology providers achieve operational excellence and faster growth. The firm specializes in digital transformation services, including automation, cloud and data analytics; sourcing advisory; managed governance and risk services; network carrier services; strategy and operations design; change management; market intelligence and technology research and analysis. Founded in 2006, and based in Stamford, Conn., ISG employs more than 1,300 digital-ready professionals operating in more than 20 countries—a global team known for its innovative thinking, market influence, deep industry and technology expertise, and world-class research and analytical capabilities based on the industry’s most comprehensive marketplace data.

Read More

SOFTWARE SECURITY

MERIPLEX acquires Louisiana-based MSP, Verma Systems

Meriplex | July 18, 2022

Meriplex, a nationwide leader in managed cybersecurity and IT solutions, is pleased to announce the asset acquisition of Louisiana-based managed service provider, Verma Systems. For over 31 years, Verma Systems has been a leading and trusted IT and consulting partner for businesses in Baton Rouge and across Louisiana. They provide personalized solutions to their clients allowing them to leverage IT and technology to enhance business efficiency. "Verma Systems is an excellent addition to the Meriplex organization. "With their talented team and longstanding reputation in the Louisiana market, we will be able to provide more innovative technology and service offerings to their clients and work towards our goal of being the number one MSP/MSSP in the nation." David Henley, CEO of Meriplex "For me, it has always been about the customer and our employees," said Mitch Verma, President of Verma Systems. "Joining forces with Meriplex means we have more resources at our fingertips including additional IT experts, new product lines, and the capability to offer more well-rounded technical solutions. I know the people behind Meriplex, and we share the same core values and work ethic. With their expertise, size and seasoned approach, I am confident we can provide more for our clients and our employees." As a fast-growing managed services provider, Meriplex focuses on strategically acquiring businesses in leading markets in order to establish a regional presence and acquire talent to support their increasing large organic and inorganic growth. If you are interested in learning more about our M&A process, please reach out to us here. About Meriplex Meriplex is a managed cybersecurity, IT, and SD-WAN solutions provider that enables transformation by combining secure, innovative technology with advanced expertise. As a trusted partner, we deliver business-driven solutions that provide the scalability and support needed to power growth for organizations. About Verma Systems Established in 1991, Verma Systems is a Baton Rouge IT services company specializing in business technology tailored towards the SMB market. With our highly talented and experienced team, we know how to meet business needs by incorporating the right technology solutions to help your company be successful. Our mission is focused on hard work, smart work, and superior customer service.

Read More

SOFTWARE SECURITY

Aqua Launches the Industry’s First Out-of-the-Box Runtime Security with Advanced Protection Against the Most Sophisticated Threats

Aqua Security | July 26, 2022

Aqua Security, the leading pure-play cloud native security provider, today announced the launch of out-of-the-box runtime protection with minimal configuration to stop attacks in real time on running workloads. Protection is composed of new curated and optimized default security controls, as well as advanced threat intel from observations of real attacks on cloud native environments. Both the controls and threat intel are the result of knowledge gained through years of securing customers’ live production environments. Customers can now apply this knowledge to achieve trusted and advanced runtime protection in minutes without requiring in-depth knowledge of their applications and environments. Using eBPF technology and threat intel from cyber research team Aqua Nautilus to identify advanced threats, Aqua surfaces the most critical issues in real time while also implementing a set of controls to protect running workloads immediately, without disrupting the business. “Aqua is transforming the runtime security paradigm. “Traditional runtime security requires security teams to have a great deal of cloud native knowledge, and as a result has been slow to adopt. Aqua is removing this barrier to adoption by making cloud workload threat protection immediately effective and easy for security professionals.” Amir Jerbi, CTO and co-founder, Aqua Security Stopping Attacks in Real Time with Runtime Security Recent data from Nautilus shows that one in three live attacks could be missed when relying exclusively on snapshot scanning of running workload images. Nautilus also found tens of thousands of instances of in-memory attacks and fileless attacks in a one-month period—attacks that would not be seen or stopped without kernel-level visibility. Aqua’s detection of anomalous behavior goes beyond point-in-time snapshots and catches malicious behavior of known and unknown threats in real time—this includes both known CVEs and zero-day exploits that have yet to be discovered. The new default runtime controls are based on ongoing recommendations from Aqua Nautilus, who detect and analyze 80,000 attacks a month using Aqua’s open source eBPF-based threat detection engine, Aqua Tracee. The result is real-time visibility at the kernel level that alerts customers the moment an attacker breaches a running workload, reducing attackers’ dwell time from months to milliseconds. Aqua’s Runtime Protection solution is part of Aqua’s fully integrated Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. Customers of the Aqua Platform also have access to the entire, full set of customizable, advanced runtime capabilities if and when they decide to define and implement more stringent policies. Key benefits of Aqua Runtime Protection include: Discover attacks immediately with continuously updated kernel-level behavioral detection. Updates are based on cloud native threat research from Aqua Nautilus along with years of experience securing customer workloads in production. Respond faster and reduce attacker dwell time by stopping attacks with pattern-based anti-malware in production and the option to block or delete malware on access. Simplify incident investigation and rapidly determine the impact and attack path of a security incident with a detailed incident timeline including rich contextual information. “Unlike overly complex runtime solutions, legacy solutions not designed for cloud-native applications, or solutions that can’t detect in real time, our goal with this release is to provide runtime security that is simple to deploy, giving you effective real-time security out-of-the-box,” said Jerbi. “What this boils down to is that, unlike alternative solutions, Aqua’s Platform will both detect sophisticated attacks and stop them in real time.” Aqua’s out-of-the-box Runtime Protection is now available and will make an industry debut at AWS re:Inforce on July 26-27 in Boston at Booth 104. To learn more, visit Aqua’s YouTube. About Aqua Security Aqua Security stops cloud native attacks and is the only company with a $1 Million Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry’s most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston and Ramat Gan, Israel, with Fortune 1000 customers in over 40 countries.

Read More