Enterprise Security, Platform Security, Software Security
PR Newswire | August 03, 2023
Menlo Security, Inc. ("Menlo Security"), a leader in browser security, today announced HEAT Shield™ and HEAT Visibility™, the industry's first suite of threat prevention capabilities designed to detect and block highly evasive threats targeting users via the web browser.
Menlo Security HEAT Shield™ detects and blocks phishing attacks before they can infiltrate the enterprise network. It uses novel, AI-based techniques – including computer vision combined with URL risk scoring and analysis of the web page elements – to accurately determine in real time if the link being accessed is a phishing site designed to steal the user's credentials. In parallel, HEAT Visibility performs continual analysis of web traffic and applies AI/ML-powered classifiers that identify the presence of highly evasive attacks. This delivers timely, actionable alerts that enable security teams to significantly reduce mean time to detect (MTTD) and mean time to respond (MTTR) to any highly evasive threats that could be targeting enterprise users.
"Highly evasive threats are growing as threat actors evolve how they deploy phishing and malware attacks," said Michael Urciuoli, Chief Information Officer of JPMorgan Chase Asset and Wealth Management. "Tools like Menlo Security's browser security solution, including their HEAT Shield, can help to combat cyber threat vectors for the world's top financial institutions, governments and leading enterprises."
Menlo Security HEAT Shield and HEAT Visibility are built on Menlo Security's cloud-based Isolation Core™ which monitors and analyzes over 400 billion web sessions annually. Commonly deployed security infrastructure such as Secure Web Gateways, firewalls, endpoint security and EDR solutions are blind to actions occurring inside the browser and fall short in combating web-based attacks including highly evasive threats. HEAT Shield leverages the Isolation Core to power dynamic security policies which can be applied to users based on web session events and behavior to prevent attackers from gaining access to the endpoint. Individuals are protected from potential threats without any impact on the end user experience.
"We know we need to protect our network from emerging attacks and threats targeting the web browser," said Greg Pastor, Director of Information Security for Remedi SeniorCare. "We are seeing highly evasive threats as a concerning and growing tactic amongst threat actors, and solutions like HEAT Shield can dynamically block these attacks, even if they are zero hour, keeping our endpoints safe."
A HEAT Attack™ Dashboard allows customers to receive detailed threat intelligence, which can be integrated into their existing SIEM or SOC platforms, while HEAT alerts sent to SOC teams provide real time threat visibility to enrich their existing threat intelligence sources and enhance and accelerate incident response capabilities.
Nick Edwards, Vice President, Product Management at Menlo Security, said, "Adversaries have placed a massive bullseye on the web browser. It has become the new desktop, where we spend the bulk of our working day. Legacy security vendors are fighting yesterday's war by trying to shoehorn network security and endpoint tools to keep users safe and it isn't working. The capabilities we are introducing today mark a significant leap forward towards our mission of creating a secure, seamless browsing experience, ensuring the internet can be used safely by our customers."
Menlo Security isolates more than four billion files annually for many of the largest and most security-conscious organizations around the world. Threat actors are refining their techniques daily, developing novel and innovative ways to target their victims through the web browser, often testing their attacks against commonly deployed security tools before launching them in the wild. "Armed with this knowledge and a decade of developing industry-leading browser security products, we are proud to be able to deliver the industry's first suite of threat prevention capabilities designed to detect and block HEAT attacks," continued Edwards.
Both HEAT Shield and HEAT Visibility are generally available now across Menlo Security's global network.
"Menlo Security's HEAT Shield product allows us to offer reliable, preventative security to our clients who are exposed to highly evasive threats every day," said Jamie Gray, VP, Sales-East at Tevora. "Web browser threats are growing in both frequency and sophistication, so it's critical that companies have the technology to help them, not distract them. Menlo Security's HEAT Shield is going to make a difference to our customers."
About Menlo Security
Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security's patented Isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. The company is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JPMorgan Chase. Menlo Security is headquartered in Mountain View, California. For more information, please visit www.menlosecurity.com.
Platform Security, Software Security, Cloud Security
Businesswire | July 25, 2023
Stellar Cyber, the innovator of Open XDR technology, announced today that all Stellar Cyber Open XDR Platform users can now secure their OT environments on the same platform with the same license they use to secure their IT environments. Combining IT and OT security in a single platform gives security teams a permanent advantage over attackers who frequently attempt to exploit weaknesses and vulnerabilities identified in an IT environment to move laterally into an OT environment to carry out an attack, and vice versa.
Recent studies found that in 2021, over 90% of manufacturers had their production or energy supply impacted by a cyberattack. “With attacks so prevalent, you would think most security vendors would attempt to provide an easy-to-implement OT security solution, but that is not the case,” said Sam Jones, VP of Product Management at Stellar Cyber. “We found that with our open data architecture and built-in network security (NDR) capabilities, we can detect the most common OT environment cyber-attacks without burdening the security team to create OT-specific detection content.”
OT environments require different deployment models based on their OT architecture. Stellar Cyber’s agentless deployment and its partnership with Garland Technology (a leading provider of network visibility products), make it easy for customers to incorporate their OT environment assets into the Stellar Cyber platform.
With Stellar Cyber, security teams can now automatically detect the following:
Many flavors of SCADA protocols
SCADA network segmentation violations
Malicious or suspicious file transfers
Several existing Stellar Cyber customers are already incorporating their OT environment assets into the Stellar Cyber Platform and gaining never-before-seen insights into the attacks targeting their OT environments. “Securing my OT environment seemed unrealistic given my resources and budget, but now that I can use the Stellar Cyber Platform for both my IT and OT environments, my security team is delivering better security outcomes across the entire organization, protecting our bottom line,” said a SOC manager for a mid-sized manufacturing organization.
“Securing an OT environment should not be exclusively available to organizations that have embedded OT expertise in their security teams,” said Sam Jones, VP of Product Management of Stellar Cyber. “With our platform, all customers can now reduce the risk of a widespread breach that might bring the shop floor, a utility turbine, or a critical manufactory line offline.”
About Stellar Cyber
Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR.
Enterprise Security, Platform Security, Software Security
Business Wire | August 08, 2023
SecurityScorecard today announced new partner-focused Managed Cyber Risk Services designed to help customers of all types and sizes operationalize third-party cyber risk management. With 98% of organizations having a relationship with at least one-third party that experienced a breach, SecurityScorecard combines its industry-leading platform and experts to solve the third-party cyber risk puzzle.
“Many CISOs are challenged with manual third-party risk approaches that are inconsistent and focused on checkbox compliance. Customers consistently shared that they need a way to operationalize third- and fourth-party cyber risk management,” said Aleksandr Yampolskiy, CEO and Co-Founder, SecurityScorecard. “Today, SecurityScorecard is meeting that customer need. The next evolution of security ratings will focus on operationalizing cyber risk management and threat intelligence to directly impact our customers’ ability to deliver on their mission.”
Industry-first integrated security ratings platform + third-party managed cyber risk services approach
SecurityScorecard’s offering is unique in the market as the only solution of its kind to combine Managed Cyber Risk Services with a complete, battle-tested product suite of solutions.
With over 3,000 customers across the globe, SecurityScorecard Managed Cyber Risk Services was developed with customers and will be delivered by partners to achieve strategic business and security outcomes, including:
Identifies and mitigates third-party cyber risk: Dynamically discovers risk across a customer’s attack surface, including their third- and fourth-party ecosystem, to dramatically reduce the risk of a compromise. Verifies that vendors’ vulnerabilities or other security issues are remediated.
Addresses cybersecurity skills gap: Improves the capacity of customers’ security teams. SecurityScorecard works hand-in-hand with customers or through partners to deliver the strategic and tactical capabilities needed to maximize the value of the SecurityScorecard platform.
Manages third- and fourth-party risk portfolio: Continuous monitoring, investigation, and analysis of risk indicators with centralized threat intelligence. Proactively identifies cyber threats across a customer’s unique attack surface. Manages alerts for customers.
Makes security ratings more actionable: Incorporates business context to drive decisions. Deploys best practices to improve security posture. Proven playbooks proactively protect customers and support incident response if an incident occurs.
Verifies contract compliance: Streamlines contract security compliance through a defensible, traceable process. Proactively manages vendor communication, questionnaires, and escalation management.
Tracks issues resolved: Measures results based on trusted analysis, timely delivery, and empowering guidance. Estimates time saved to demonstrate return on investment.
Enhances board reporting: Effectively communicates third-party cyber risk and benchmarks against peers. Customers also have the flexibility to run their own research, reports, and investigations.
Delivers peace of mind: Ensures customers’ third-party risk management program is handled by the best and brightest minds in the industry. SecurityScorecard solves complex customers’ challenges by evaluating, improving, and implementing their third-party cyber risk programs.
SecurityScorecard Managed Cyber Risk Services are directly connected to the SecurityScorecard Platform, allowing drill down into specific portfolios, companies, findings, and issues. Built on an API-first architecture, data can be directly ingested into their own security stack and reporting tools or integrate into their preferred MSSP or services provider to achieve improved security and business outcomes.
SecurityScorecard adds former Mandiant leader to the executive team
With the acquisition of LIFARS in 2022, SecurityScorecard gained a team of elite cybersecurity risk experts. Then in July 2023, the company appointed cybersecurity veteran and former Mandiant leader Jeff Laskowski as Senior Vice President and General Manager of Professional Services.
“Over the past year, SecurityScorecard has delivered several innovative solutions to the market: The world’s first third-party focused attack surface management solution. Automatic vendor detection to identify unknown third- and fourth parties connected to their business. Risk quantification technology that helps risk management teams understand their financial exposure,” said Jeff Laskowski, Senior Vice President & General Manager, Professional Services, SecurityScorecard. “As we consolidate adjacent solutions into our platform, combined with expert services, we not only help our customers build economic efficiencies but also effectively mitigate third-party risk.”
Partner-focused approach closes third-party cyber risk gaps for customers
SecurityScorecard’s partner-focused managed services approach enables customers to leverage SecurityScorecard experts and a broad ecosystem of service delivery partners. This approach amplifies the benefits of the SecurityScorecard platform, gaining the economic benefits of scale and further enhancing customer relationships with service providers.
In addition, partners that leverage the “Powered by SecurityScorecard" brand will deliver the fastest time to value to their customers and ensure they are providing the gold standard of service based on SecurityScorecard’s decade of experience in third-party cyber risk management.
“Operationalizing third-party cyber risk management requires a specialized and skilled workforce. Many organizations struggle with lack of visibility into their vendor landscape, questionnaires, threats, and financial impact of risks,” said Larry Slusser, Vice President, Global Head of Professional Services Delivery, SecurityScorecard. “By applying the principles of incident response to vendor risk management, customers can take charge with a turn-key, proactive, and comprehensive program designed to eliminate business disruption and drive cyber resilience.”
Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.
Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard makes the world safer by transforming how companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. SecurityScorecard is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.