DATA SECURITY

CFGI and SecurityScorecard Collaborate to Provide Security Rating Monitoring as a Service

CFGI | May 26, 2021

CFGI, a leading provider of Accounting Advisory, Cybersecurity and IT Risk Advisory solutions, and SecurityScorecard, the worldwide leader in cybersecurity ratings, today announced a new partnership to streamline and strengthen how organizations manage their cybersecurity and third-party risk through the use of Security Ratings.

CFGI has partnered with SecurityScorecard to non-intrusively evaluate an organizations' cybersecurity using an 'outside-in methodology. This approach enables CFGI to monitor and update the cybersecurity ratings of our clients in a very continuous manner. With these cybersecurity ratings and the extensive information on which they are based, organizations are presented with valuable information for assessing compliance with industry-leading cybersecurity risk standards.

As a SecurityScorecard managed security services provider (MSSP), CFGI will be delivering industry-leading cybersecurity ratings to clients to enhance their security posture, ensure adherence to regulatory requirements, and continuously monitor third-party risk. This partnership comes at a time when risk and compliance teams are experiencing unprecedented pressure to successfully manage their own and third-party risk, due to changing regulatory requirements, higher numbers of vendors, and more pressure from the board of directors. Heightened regulatory scrutiny has created the necessity for next-generation solutions to assist organizations in better manage the risk posed by their business partners. With the partnership between CFGI and SecurityScorecard, organizations can now be aware of cybersecurity gaps and advised on what is needed to fill them.

What value do CFGI clients receive?

• Technical dashboards and detailed reports with your most critical risk factors.

• Easy-to-read board-level reports and workflow tools for cybersecurity assessments.

• Risk remediation advisory services by CFGI, whose experts work closely with your technology teams or third parties.

• Ability to view your historical vulnerabilities and threats for continued improvement.

• Ability to quantify and demonstrate your return on security investments.

• Ability to benchmark your cybersecurity current state against industry peers and competitors.

About CFGI

CFGI, a portfolio company of The Carlyle Group, is a highly specialized financial consulting company that supports the office of the CFO with all its accounting, finance, risk management, and digital transformation needs. As an extension of your SOX, internal audit, corporate finance, or cybersecurity team, CFGI can serve in a variety of capacities – from technical accounting or finance transformation advisor to IPO and M&A support to controller or CFO.

Spotlight

"The worldwide market for cloud computing is growing insatiably. More organizations than ever use third-party providers like Amazon Web Services, enjoying reliable, scalable, and affordable cloud computing"

Spotlight

"The worldwide market for cloud computing is growing insatiably. More organizations than ever use third-party providers like Amazon Web Services, enjoying reliable, scalable, and affordable cloud computing"

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Red Sift Acquires Hardenize to Redefine Enterprise Attack Surface Protection

Red Sift | October 14, 2022

Red Sift today announced that it has acquired global Attack Surface Management (ASM) innovator, Hardenize. The strategic move enables Red Sift to enrich, extend, and improve its existing security solutions to also protect customers’ internet assets and infrastructure, offering a complete, best-in-class digital resilience solution. The integration of Hardenize’s unique ASM capabilities enables the Red Sift platform to gain a comprehensive view of an organization’s digital footprint, allowing customers to better understand and protect their entire critical attack surface area in the face of an ever-evolving threat environment. While email security remains one of the greatest attack vectors for businesses on the internet, organizations understand that it is only one of many that hackers will look to exploit. From email and domains to web applications and the network perimeter, attackers will take advantage of any and all vulnerabilities across the ever-expanding attack surface. Rather than treating key email security risks individually, organizations must have a comprehensive understanding of and visibility into any and all assets, as well as the ability to secure these using best-in-class remediation based on globally recognized standards and protocols. Recognizing that organizations often are left to fend for themselves once vulnerabilities have been identified, today’s acquisition goes beyond enhanced discovery to provide customers with the necessary tools to shut down phishing and ensure ongoing compliance with email and web security protocols. Hardenize’s deep and continuous knowledge of key security and network standards, protocols and configurations, paired with Red Sift’s sophisticated remediation capabilities, enables customers to gain complete control of their entire attack surface for the first time. With today’s acquisition, Red Sift and Hardenize make this vision a reality for joint customers. Hardenize’s discovery capabilities will act as a magnifying glass into customers’ infrastructure, continuously identifying new and often unknown vulnerable assets across the attack surface. By enriching Red Sift’s discovery phase, customers can now uncover threats beyond email security, to discover lookalike domain abuse, and spot vulnerabilities across their network perimeter. “This move gives us the purview to do more for cybersecurity than we ever have before, elevating the breed of solution available to enterprise businesses for full Attack Surface Management and resilience. “By acquiring Hardenize, an innovator in Attack Surface Management (ASM), we extend our leading security products beyond protecting email; enabling enterprise customers to see their full attack surface, solve the issues at hand, and secure their valuable assets in an ever-evolving threat continuum. Bringing Hardenize and Red Sift together presents an opportunity to redefine how we approach ASM, and in turn revolutionize how enterprises protect themselves comprehensively and effectively in the face of an ever-evolving attack landscape.” Rahul Powar, CEO of Red Sift “We’re excited to join Red Sift in bringing this best-in-class security solution to the market,” said Hardenize CEO and SSL Labs creator Ivan Ristic. “Hardenize’s ability to align organizations’ digital assets to recognized security frameworks and standards complements Red Sift’s advanced email security capabilities to provide a single solution that protects organizations from being vulnerable to attackers.” “This is a significant moment in the fight against digital pollutants on the Internet. Modern cyber resilience is built on a foundation of good cyber hygiene. Hardenize adds best-in-class security to allow organisations to work out what they’re doing well and need to improve in some really critical areas of core protections. This adds to Red Sift's suite of gold-standard solutions,” said Ciaran Martin, NCSC founder and former Chief Executive, and Red Sift Special Advisor. “I’m excited to see how this improves the offerings available for enterprises looking to secure their infrastructure and digital ecosystem.” “The combination of Red Sift and Hardenize makes a great deal of sense, given that organizations increasingly demand proactive approaches to security like Attack Surface Management,” said Rik Turner, Senior Principal Analyst at Omdia. “These proactive platforms seek to reduce an organization’s overall attack surface before threat actors discover issues like vulnerabilities or misconfigurations and launch an attack exploiting them. With Hardenize, Red Sift is approaching ASM holistically, to include external assets together with an organization’s infrastructure and the third-party landscape.” “Having enjoyed a strong strategic partnership with Red Sift for some time now, it’s exciting to see them make the move towards greater attack surface protection,” said Chris Bailey, VP of Strategy and Business Development at Entrust. “The ways in which attackers look to infiltrate organizations are always multiplying, but the vectors they use remain largely the same. This solution offers enterprises a way to fight back, by detecting their most vulnerable assets in a widening threat landscape.” About Red Sift Red Sift's Digital Resilience Platform solves for the greatest vulnerabilities across the complete attack surface. By providing comprehensive coverage of an organization’s digital footprint through best-in-class discovery and monitoring, Red Sift enables users to proactively uncover threats within email, domains, brand, and the network perimeter. Paired with sophisticated remediation capabilities, Red Sift provides organizations with the tools to shut down phishing and ensure ongoing compliance with email and web security protocols.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Synack Joins the Microsoft Intelligent Security Association, Bringing the Power of Continuous and on Demand Security to Microsoft Azure

Synack | September 13, 2022

Synack, a premier platform for on-demand security expertise, announced that it has joined the Microsoft Intelligent Security Association (MISA) and is available through integration with Microsoft Sentinel, giving enterprises globally seamless access to a worldwide network of top security researchers working around the clock to protect their cloud assets. Becoming part of MISA, an ecosystem of independent software vendors and managed security service providers, builds on a growing collaboration between Synack and Microsoft and is a testament to both organizations' commitment to providing easier, more flexible and scalable cybersecurity solutions. Microsoft Sentinel is a cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution designed to reduce unnecessary friction in the vulnerability remediation process. It also provides early threat detection and rapid response to sophisticated attacks to facilitate shorter resolution times and lower the number of security incidents. "Our integration with Microsoft Sentinel couldn't be more timely and important today as organizations everywhere are scrambling to find enough skilled practitioners to protect them against punishing cyberattacks. We help solve that talent gap with our platform that combines a powerful network of ethical hackers with the most advanced technology. "We look forward to building on this important relationship with Microsoft." Jay Kaplan, Synack's CEO Cyberattacks on cloud environments are expected to increase, putting enterprises and critical infrastructure providers at greater risk of supply chain, ransomware and nation-state attacks. As a result of these threats, the Biden administration has called on organizations to deploy third-party testing "to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors." The Synack integration with Microsoft Sentinel enables customers to respond to this challenge. "Members of MISA integrate their security solutions with Microsoft's security technology to gain more signal, increase visibility and better protect against threats. By extending Microsoft's security capabilities across the ecosystem, we help our shared customers to succeed," said Maria Thomson, Microsoft Intelligent Security Association Lead. "This vibrant security ecosystem is valuable to our shared customer base because it reduces the cost and complexity of integrating disparate security tools." Synack will deliver insights through its Microsoft Sentinel integration, enabling security teams to correlate these findings with Microsoft Sentinel data to gain end-to-end visibility, comprehensively investigate and take action on threats. In addition to the Microsoft Sentinel integration and MISA membership, Synack also recently announced another integration with Microsoft's Security and Compliance for Cloud Infrastructure solution that will further enhance Microsoft Azure protections. ABOUT SYNACK: Synack's premier on-demand security testing platform harnesses a talented, vetted community of security researchers and smart technology to deliver continuous penetration testing and vulnerability management, with actionable results. We are committed to making the world more secure by closing the cybersecurity skills gap, giving organizations on-demand access to the most-trusted security researchers in the world. Headquartered in Silicon Valley with regional teams around the world, Synack protects global banks, federal agencies, DoD classified assets and more than $6 trillion in Fortune 500 and Global 2000 revenue.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BlackBerry Strengthens Cybersecurity Platform to Provide Customers with Greater Threat Identification, Remediation Capabilities, and Endpoint Support

BlackBerry | October 27, 2022

Today at the BlackBerry Security Summit, BlackBerry Limited announced powerful enhancements to its AI-based cybersecurity portfolio that will help customers strengthen their overall security posture, improve workflows, and ensure business resilience. Capabilities include enhanced data context for zero-trust network access, and faster, more efficient operations to stay one step ahead of today's and tomorrow's threats. "BlackBerry is focused on delivering solutions that help businesses safeguard their sensitive data, solve challenges and stay on top of a rapidly evolving cyber threat landscape. "These new capabilities further strengthen our end-to-end approach to cybersecurity that's deeply rooted in the advanced intelligence of our Cylance® platform, which time and again has been proven to identify and stop attacks before they can even start." Billy Ho, Executive Vice President, Security Products at BlackBerry Key enhancements include: BlackBerry® UEM BlackBerry UEM's unrivalled maturity allows customers to benefit from new APIs that offer significantly reduced administrative overhead. This is in addition to stronger integration of all Google services from ChromeOS to Android, offering unified administration and an improved user experience. BlackBerry UEM will also offer greater eSIM integration to enhance a user's digital SIM experience. CylancePROTECT®, CylanceOPTICS®, CylanceGUARD® Threat hunters now have access to a single-pane view of the most critical issues with the ability to act quickly. Significant updates across triage and analysis workflows provide a dramatically improved user experience that reduces operational burden, improves investigation speed, and lowers the total cost of ownership; critical for analysts as they investigate and respond to endpoint threats. CylanceGATEWAY™ In addition to endpoint, network, and user telemetry, BlackBerry's ZTNA offering, CylanceGATEWAY, now provides data access and leakage visibility via a newly launched data loss detection module, CylanceAVERT™. CylanceGATEWAY also receives enhanced network anomaly detection to identify threats, broadened support for cloud workspaces and more granular access control. By constantly monitoring data and application access patterns across endpoints, email, and SaaS applications, organizations are now better equipped to detect and prevent malicious activity, including compromised accounts and insider threats, which Gartner estimates are responsible for 50 to 70 percent of all security incidents and 75 percent of all security breaches. "The cybersecurity workforce shortage has elevated the need for efficiency to be as important as efficacy as security professionals aim to stay ahead of a constant barrage of complex, competing and evolving threats," said Frank Dickson, Group Vice President, Security and Trust at IDC. "Added controls, workflow improvements and contextual nuance provide organizations with the ability to act quickly in detecting and responding to endpoint threats and are in desperate need by an industry facing a critical talent gap." The UX workflow improvements and data context additions will be available later this year and early next year through CylancePROTECT, CylanceOPTICS, CylanceGUARD, CylanceGATEWAY, and BlackBerryUEM offerings. About BlackBerry BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including 215M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety, and data privacy solutions, and is a leader in the areas of endpoint security, endpoint management, encryption, and embedded systems. BlackBerry's vision is clear - to secure a connected future you can trust.

Read More