Enterprise Security, Platform Security, Software Security
Business Wire | August 08, 2023
SecurityScorecard today announced new partner-focused Managed Cyber Risk Services designed to help customers of all types and sizes operationalize third-party cyber risk management. With 98% of organizations having a relationship with at least one-third party that experienced a breach, SecurityScorecard combines its industry-leading platform and experts to solve the third-party cyber risk puzzle.
“Many CISOs are challenged with manual third-party risk approaches that are inconsistent and focused on checkbox compliance. Customers consistently shared that they need a way to operationalize third- and fourth-party cyber risk management,” said Aleksandr Yampolskiy, CEO and Co-Founder, SecurityScorecard. “Today, SecurityScorecard is meeting that customer need. The next evolution of security ratings will focus on operationalizing cyber risk management and threat intelligence to directly impact our customers’ ability to deliver on their mission.”
Industry-first integrated security ratings platform + third-party managed cyber risk services approach
SecurityScorecard’s offering is unique in the market as the only solution of its kind to combine Managed Cyber Risk Services with a complete, battle-tested product suite of solutions.
With over 3,000 customers across the globe, SecurityScorecard Managed Cyber Risk Services was developed with customers and will be delivered by partners to achieve strategic business and security outcomes, including:
Identifies and mitigates third-party cyber risk: Dynamically discovers risk across a customer’s attack surface, including their third- and fourth-party ecosystem, to dramatically reduce the risk of a compromise. Verifies that vendors’ vulnerabilities or other security issues are remediated.
Addresses cybersecurity skills gap: Improves the capacity of customers’ security teams. SecurityScorecard works hand-in-hand with customers or through partners to deliver the strategic and tactical capabilities needed to maximize the value of the SecurityScorecard platform.
Manages third- and fourth-party risk portfolio: Continuous monitoring, investigation, and analysis of risk indicators with centralized threat intelligence. Proactively identifies cyber threats across a customer’s unique attack surface. Manages alerts for customers.
Makes security ratings more actionable: Incorporates business context to drive decisions. Deploys best practices to improve security posture. Proven playbooks proactively protect customers and support incident response if an incident occurs.
Verifies contract compliance: Streamlines contract security compliance through a defensible, traceable process. Proactively manages vendor communication, questionnaires, and escalation management.
Tracks issues resolved: Measures results based on trusted analysis, timely delivery, and empowering guidance. Estimates time saved to demonstrate return on investment.
Enhances board reporting: Effectively communicates third-party cyber risk and benchmarks against peers. Customers also have the flexibility to run their own research, reports, and investigations.
Delivers peace of mind: Ensures customers’ third-party risk management program is handled by the best and brightest minds in the industry. SecurityScorecard solves complex customers’ challenges by evaluating, improving, and implementing their third-party cyber risk programs.
SecurityScorecard Managed Cyber Risk Services are directly connected to the SecurityScorecard Platform, allowing drill down into specific portfolios, companies, findings, and issues. Built on an API-first architecture, data can be directly ingested into their own security stack and reporting tools or integrate into their preferred MSSP or services provider to achieve improved security and business outcomes.
SecurityScorecard adds former Mandiant leader to the executive team
With the acquisition of LIFARS in 2022, SecurityScorecard gained a team of elite cybersecurity risk experts. Then in July 2023, the company appointed cybersecurity veteran and former Mandiant leader Jeff Laskowski as Senior Vice President and General Manager of Professional Services.
“Over the past year, SecurityScorecard has delivered several innovative solutions to the market: The world’s first third-party focused attack surface management solution. Automatic vendor detection to identify unknown third- and fourth parties connected to their business. Risk quantification technology that helps risk management teams understand their financial exposure,” said Jeff Laskowski, Senior Vice President & General Manager, Professional Services, SecurityScorecard. “As we consolidate adjacent solutions into our platform, combined with expert services, we not only help our customers build economic efficiencies but also effectively mitigate third-party risk.”
Partner-focused approach closes third-party cyber risk gaps for customers
SecurityScorecard’s partner-focused managed services approach enables customers to leverage SecurityScorecard experts and a broad ecosystem of service delivery partners. This approach amplifies the benefits of the SecurityScorecard platform, gaining the economic benefits of scale and further enhancing customer relationships with service providers.
In addition, partners that leverage the “Powered by SecurityScorecard" brand will deliver the fastest time to value to their customers and ensure they are providing the gold standard of service based on SecurityScorecard’s decade of experience in third-party cyber risk management.
“Operationalizing third-party cyber risk management requires a specialized and skilled workforce. Many organizations struggle with lack of visibility into their vendor landscape, questionnaires, threats, and financial impact of risks,” said Larry Slusser, Vice President, Global Head of Professional Services Delivery, SecurityScorecard. “By applying the principles of incident response to vendor risk management, customers can take charge with a turn-key, proactive, and comprehensive program designed to eliminate business disruption and drive cyber resilience.”
About SecurityScorecard
Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.
Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard makes the world safer by transforming how companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. SecurityScorecard is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
Read More
Enterprise Security, Web Security Tools
PR Newswire | August 28, 2023
Netskope, today announced that it has achieved Amazon Web Services (AWS) Security Competency status in the Infrastructure Protection category. As a widely recognized industry leader in secure access service edge (SASE), Security Service Edge (SSE), and modern connectivity and performance, Netskope works with AWS and other cloud providers to secure and optimize the most demanding cloud-first environments. Achieving the AWS Security Competency differentiates Netskope as an AWS Partner Network (APN) member that meets rigorous security specifications on AWS. In addition, Netskope was recently recognized as a "finalist" for the AWS US Rising Star Partner of the Year at this year's AWS New York Partner Summit.
With the rapid migration of critical workloads to the cloud, the increase in the hybrid workforce, and today's complex cybersecurity landscape, the need for robust cloud security solutions is more critical than ever before. Netskope has helped thousands of customers, including more than 25 of the Fortune 100, improve their security posture. Netskope helps customers address AWS's shared responsibility model of cloud security for several important use cases:
Provide secure remote access to private applications on AWS - Remote and hybrid workers need to access business-critical applications from anywhere. Netskope Private Access (NPA), Netskope's zero trust network access (ZTNA) solution, provides secure, granular access based on adaptive trust principles. This means that users can only access the applications and resources they need when they need them. NPA also improves security by replacing outdated VPN gateways and concentrators that expose their IP addresses to the public internet. Private resources are not visible on the public internet and are shielded from attackers.
Discover shadow IT and block data exfiltration and threats - Netskope can act in real-time to block movement of sensitive data, threats, unauthorized users, and access to rogue accounts. Netskope Cloud Access Security Broker (CASB) Inline monitors traffic to and from AWS resources and applications to expose suspicious or malicious activity. Netskope's Zero Trust Engine decodes activities in real-time to place activity-level restrictions on users, groups, and organizational units across more than 270 AWS services. Netskope's Next Generation Secure Web Gateway (SWG) blocks malware, detects advanced threats, and controls cloud apps and services for users located anywhere, using any device.
Discover sensitive data and malware in Amazon Simple Storage Service (Amazon S3) - Netskope CASB API scans Amazon S3 buckets to identify sensitive data and protect it from misuse. It also discovers malware and generates alerts to help prevent threats from spreading.
Extensive integrations provide visibility and information sharing across cloud and hybrid environments - Netskope integrates with a variety of AWS services including AWS CloudTrail, AWS CloudTrail Lake, Amazon Security Lake, Amazon S3, and Amazon GuardDuty to share logs, alerts, events, and threat information. Netskope Cloud Exchange (CE) offers a wide variety of plug-ins and modules to facilitate exchange of information between cloud services, security tools, and data lakes, and automate remediation. CE can be deployed on Amazon Elastic Container Service (Amazon ECS) using AWS Fargate. Netskope also integrates with AWS Control Tower for customers needing automated deployment and consistent security policy across multi-account AWS customer environments.
"We are thrilled to achieve the AWS Security Competency in the Infrastructure Protection category, as it highlights our ongoing commitment to help organizations provide secure access to applications and resources, protect data, and reduce risk in the cloud," said Andy Horwitz, Vice President, Business Development and Technology Alliances, Netskope. "This achievement demonstrates our commitment to AWS customers through our team's hard work and dedication to providing cutting-edge security solutions that address the evolving challenges of secure cloud adoption."
AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise.
About Netskope
Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.
Read More
Network Threat Detection, Platform Security, Software Security
Businesswire | July 27, 2023
Coro, the modern cybersecurity platform for mid-market organizations, today announced the acquisition of Privatise, an Israeli supplier of network security solutions for in-office and remote work. The acquisition adds critical SASE capabilities to Coro’s all-in-one platform and is part of an aggressive growth strategy, fueled by Coro’s $155M funding over the last 12 months, to expand the capabilities of Coro’s cybersecurity platform both organically and through strategic acquisitions.
As the network edge continues to expand, Gartner predicts that by 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access using a SASE/SSE architecture.** The challenge for mid-market organizations – who have lean IT teams, limited budgets and little to no cybersecurity expertise --is managing the cost and complexity typically associated with SASE implementations.
With the Privatise acquisition, Coro now offers a single source of comprehensive security and protection -- all managed through a unified, cloud-based platform -- for any organizational configuration. Coro’s SASE solution includes military grade VPN, Secure RDP, ZTNA, Next Generation Firewall, DNS Filtering, and is fully integrated into Coro’s holistic security architecture, eliminating security gaps caused by siloed approaches to SASE. Whether a company’s assets are cloud first, on-prem, or hybrid, Coro can protect the user, the device they use, the network they connect through, their emails, and the data they access, use and share, all while ensuring compliance with critical supply chain and industry regulations.
“Since its founding, Coro has focused on delivering a comprehensive, yet affordable and easy to use cybersecurity solution for mid-market companies,” said Guy Moskowitz, CEO, Coro. “By integrating Privatise’s SASE capabilities into our platform, we offer the industry’s first mid-market solution to deliver cloud-native, seamless and secure access to applications and resources regardless of location or device. We will continue to invest in Coro’s platform, both organically and through acquisition, to help companies strengthen their security posture and improve their operational efficiency.”
The Privatise acquisition is the latest milestone in Coro’s growth and momentum. In April, the company announced a $75M funding round from Energy Impact Partners, bringing the total funding raised in the last 12 months to $155M. Coro projects it will grow 300% year-over-year in 2023, extending its extraordinary 300% annual growth record to a 5th year in a row.
The Company’s modern approach to cybersecurity – delivering enterprise grade security through a single platform that unifies, simplifies and automates workloads -- has been validated by more than 5000 mid-market customers across every vertical industry. Over the past year, Coro tripled its revenue, customer and employee base, and signed more than 100 new channel partners.
About Coro
Coro provides modern cybersecurity that unifies comprehensive protection into a single platform. Coro empowers organizations to defend against malware, ransomware, phishing, data leakage, insider threats and email threats across devices, users, and cloud applications. More than 5,000 businesses depend on Coro for protection, unrivaled ease of use, and unmatched affordability. Coro’s cybersecurity platform automatically detects and remediates the many security threats that today's distributed businesses face, without IT teams having to worry, investigate, or fix issues themselves. In addition to Energy Impact Partners, investors in Coro include Balderton Capital, JVP, and Ashton Kutcher’s Sound Ventures.
Read More