Cyber-related ransomware and business interruption top concerns of risk managers

prnewswire | October 19, 2020

Zurich North America Insurance and Advisen Ltd. has released the tenth annual Advisen cyber survey of corporate risk managers and insurance buyers revealing current views about information security and cyber risk management. This year's survey features the highest percentage of cyber insurance buyers ever – nearly 80 percent carry some level of cyber insurance (55 percent of respondents with cyber coverage have a stand-alone policy). This take-up rate for cyber insurance has steadily climbed since 2011, the first year of the survey, when just 34 percent of respondents bought some type of cyber coverage.

Spotlight

This is an introductory video for Cloud Pak for Security. Cloud Pak for Security is based on Open Shift technology. This means that it can be installed on-prem as well as on any of the cloud solutions like IBM Cloud, AWS, Microsoft Azure, Google Cloud etc. QRadar XDR is SIEM of SIEM. Typically in huge environments, there are multiple SIEMs being used. To get a birds eye view of the complete environment, the data needs to be copied from one SIEM to another. Rather than this, CP4S can be leveraged in such a scenario. The data does not need to move from SIEM to CP4S and still CP4S is capable to understand the security posture of an organisation, understand risk valuation, create and manage incidents based on the rich data and threat intel sources.

Spotlight

This is an introductory video for Cloud Pak for Security. Cloud Pak for Security is based on Open Shift technology. This means that it can be installed on-prem as well as on any of the cloud solutions like IBM Cloud, AWS, Microsoft Azure, Google Cloud etc. QRadar XDR is SIEM of SIEM. Typically in huge environments, there are multiple SIEMs being used. To get a birds eye view of the complete environment, the data needs to be copied from one SIEM to another. Rather than this, CP4S can be leveraged in such a scenario. The data does not need to move from SIEM to CP4S and still CP4S is capable to understand the security posture of an organisation, understand risk valuation, create and manage incidents based on the rich data and threat intel sources.

Related News

Enterprise Security, Platform Security, Software Security

Detectify Improves Attack Surface Risk Visibility With New IP Addresses View

Business Wire | August 14, 2023

Detectify, the leading External Attack Surface Management platform powered by elite ethical hackers, today announced enhancements to its platform that can significantly help to elevate an organization’s visibility into its attack surface. Many organizations need help gaining visibility into the IP addresses across their whole environment. Detectify's new capabilities enable organizations to uncover unauthorized assets and ensure regulatory compliance. The attack surface has grown exponentially, not least in how decentralized organizations have become. Over 10% of Detectify customers are hosting data across three continents, illustrating how their products and services are more global than ever. Detectify also notes that 30% of their customer base is leveraging more than 5 service providers, which reflects the growing trend in vulnerabilities as a result of human errors, like server misconfigurations. Moreover, organizations are quickly expanding their digital footprint, with 73% of Detectify customers using IPv6 addresses. With the introduction of the new IP Addresses view, Detectify users gain seamless access to a comprehensive list of all IPs associated with their domains, accompanied by valuable insights, including hosting provider details, geographical locations, and Autonomous System Numbers (ASNs). This update is further complemented by interactive charts, enabling users to detect outlier countries or providers, and streamlining the process of identifying potential security concerns. "It's not uncommon for our customers to encounter instances where unauthorized geolocations are used to spin up new machines or witness sudden spikes in hosting activities from approved countries,” said Danwei Tran Luciani, Interim VP of Product at Detectify. “These anomalies can expose organizations to risk, particularly when traditional automated detection methods fall short. Our new IP Addresses view empowers security teams to proactively address these challenges, strengthening their overall cybersecurity posture." Detectify's new IP Addresses view provides security teams with tangible benefits to navigate complex attack surfaces, such as: Uncovering unauthorized assets: For organizations with large attack surfaces, this capability allows users to identify unauthorized assets hosted by unapproved vendors. By instantly detecting an asset being hosted by a non-approved provider, security teams can take swift action and mitigate potential threats. Ensuring regulatory compliance: For businesses operating in highly regulated environments where compliance is paramount, the new view is critical in determining the hosting locations of specific customer data. This enhanced visibility ensures adherence to regulatory requirements and fortifies data privacy measures. The new IP Addresses view is now available to all Detectify customers, reinforcing the company's commitment to empowering security teams with cutting-edge solutions to safeguard organizations’ ever-evolving attack surfaces. For more information visit www.detectify.com About Detectify Detectify sets the standard for External Attack Surface Management (EASM), providing 99.7% accurate vulnerability assessments. Product security and AppSec teams trust Detectify to expose exactly how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous real-world, payload-based attacks crowdsourced through its global community of elite ethical hackers, exposing critical weaknesses before it’s too late. Go hack yourself: detectify.com.

Read More

Enterprise Security, Platform Security, Software Security

ZeroFox Contributes to Open Source Amass Project to Help Businesses Manage Their External Attack Surface

Globenewswire | July 21, 2023

ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, highlights its recent contributions to the OWASP Amass Project in an ongoing effort to give businesses and government entities better visibility to their full external attack surface asset ecosystem. The recent additions to the project from the ZeroFox team provide more advanced tool sets for analysts to discover and catalog their internet-facing assets and exposures. The contributions create a new standard framework to lead the industry in a more cohesive approach to attack surface management. As organizations face increasingly sophisticated cyber threats, understanding and managing their external attack surface has become paramount. By leveraging its expertise in external cybersecurity, ZeroFox identified a critical gap in the attack surface management landscape and responded by spearheading the development of the Open Asset Model and Asset Database within the OWASP Amass Project. The Open Asset Model and Asset Database contributions offer security analysts a unified and structured approach to identifying and managing potential vulnerabilities outside the perimeter. The Open Asset Model provides a new standard for asset definitions, representing a comprehensive framework for describing and categorizing diverse internet-facing assets. The Amass community can quickly adapt the model to include new types of assets exposed on the Internet, and their relationships to each other, for more accurate discovery, tracking, monitoring, and management. The Asset Database implements this model, offering the database interaction layer to store discovered assets in the popular sqlite3 and PostgreSQL database management systems. The Asset Database will foster the development of an ecosystem of scanning and analysis tools, allowing them to store and analyze assets from the Open Asset Model and their relationships. These contributions directly benefit both existing Amass users and the broader attack surface management community in an effort to standardize asset definitions. The new standards now provide the information security community with a consistent and predictable format when transferring data describing external attack surfaces. "We are thrilled to contribute to the OWASP Amass Project and provide the security community with cutting-edge tools for Attack Surface Management," said Jeff Foley, VP of Research at ZeroFox. "By leveraging the power of open source, we aim to expand access to advanced cybersecurity capabilities, helping organizations proactively defend against emerging threats." These engineering contributions represent a continued commitment by ZeroFox to the open source community, OWASP, and the Amass Project. ZeroFox will continue to contribute to the Amass Project in an effort to enable the discovery, management, and protection of the external attack surface. By sharing its expertise and resources, ZeroFox aims to foster collaboration and innovation within the information security community, ultimately making the digital landscape safer for all users. About ZeroFox ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit www.zerofox.com for more information.

Read More

Enterprise Security, Platform Security, Software Security

ReasonLabs Releases Key Updates to Wi-Fi Security Product RAV VPN

PR Newswire | August 16, 2023

ReasonLabs, the cybersecurity pioneer equipping home users with the same level of cyber protection used by Fortune 500 companies, today announced major updates to its renowned RAV VPN. This latest release for desktop and Android incorporates significant security and infrastructure improvements, reinforcing RAV VPN's position as a complete, reliable, and user-friendly tool in the fight for online privacy and identity protection. The new releases ensure RAV VPN, both the desktop and mobile applications, provides Wi-Fi security wherever a user might be. With an updated RAV VPN, users can seamlessly browse the web with confidence, knowing that their data is encrypted and they are protected from threats such as Man-in-the-Middle attacks. RAV VPN is simple to install and extremely easy to use, making online privacy for all easily attainable. "As our digital landscape rapidly evolves, safeguarding our online presence becomes more essential than ever before," said Kobi Kalif, CEO and co-founder of ReasonLabs. "With an unwavering commitment to your digital privacy, we are proud to unveil our latest innovation to RAV VPN. We are redefining what security in the digital age means by delivering to home users the same cyber security protection that Fortune 100 companies use." Without sufficient Wi-Fi protection, a user's network can be susceptible to hacking, malware, and other privacy and security hazards. Bad actors can exploit these vulnerabilities to steal highly discreet information like financial details, social security numbers, email addresses, passwords, and more private data. To mitigate this, Wi-Fi protection from RAV VPN secures users' wireless networks to create an encrypted tunnel between their PC or Android device and the internet. RAV VPN is a part of ReasonLabs' industry-leading suite of consumer-focused cybersecurity products, which includes its flagship product, RAV Endpoint Protection, as well as an Endpoint Detection and Response, DNS, Parental Control App, and more. Led by cybersecurity, artificial intelligence, and machine learning experts, ReasonLabs delivers the highest levels of cybersecurity protection and privacy to home users worldwide. About ReasonLabs ReasonLabs is a leading cybersecurity company equipping tens of millions of home users with the same level of cyber protection utilized by Fortune 500 companies. Its AI-powered, next-generation antivirus engine scans billions of files around the world to predict and prevent cyberattacks in real time, 24/7. Its flagship product, RAV Endpoint Protection, together with its other products combine to form a multilayered solution that safeguards home users against next-generation threats. Co-founded in 2016 by seasoned cybersecurity expert Andrew Newman—an architect of Microsoft's native cybersecurity program, Microsoft Defender—ReasonLabs is based in New York and Tel Aviv. Learn more at https://www.ReasonLabs.com.

Read More