Enterprise Security, Platform Security, Software Security
Business Wire | August 14, 2023
Detectify, the leading External Attack Surface Management platform powered by elite ethical hackers, today announced enhancements to its platform that can significantly help to elevate an organization’s visibility into its attack surface. Many organizations need help gaining visibility into the IP addresses across their whole environment. Detectify's new capabilities enable organizations to uncover unauthorized assets and ensure regulatory compliance.
The attack surface has grown exponentially, not least in how decentralized organizations have become. Over 10% of Detectify customers are hosting data across three continents, illustrating how their products and services are more global than ever. Detectify also notes that 30% of their customer base is leveraging more than 5 service providers, which reflects the growing trend in vulnerabilities as a result of human errors, like server misconfigurations. Moreover, organizations are quickly expanding their digital footprint, with 73% of Detectify customers using IPv6 addresses.
With the introduction of the new IP Addresses view, Detectify users gain seamless access to a comprehensive list of all IPs associated with their domains, accompanied by valuable insights, including hosting provider details, geographical locations, and Autonomous System Numbers (ASNs). This update is further complemented by interactive charts, enabling users to detect outlier countries or providers, and streamlining the process of identifying potential security concerns.
"It's not uncommon for our customers to encounter instances where unauthorized geolocations are used to spin up new machines or witness sudden spikes in hosting activities from approved countries,” said Danwei Tran Luciani, Interim VP of Product at Detectify. “These anomalies can expose organizations to risk, particularly when traditional automated detection methods fall short. Our new IP Addresses view empowers security teams to proactively address these challenges, strengthening their overall cybersecurity posture."
Detectify's new IP Addresses view provides security teams with tangible benefits to navigate complex attack surfaces, such as:
Uncovering unauthorized assets: For organizations with large attack surfaces, this capability allows users to identify unauthorized assets hosted by unapproved vendors. By instantly detecting an asset being hosted by a non-approved provider, security teams can take swift action and mitigate potential threats.
Ensuring regulatory compliance: For businesses operating in highly regulated environments where compliance is paramount, the new view is critical in determining the hosting locations of specific customer data. This enhanced visibility ensures adherence to regulatory requirements and fortifies data privacy measures.
The new IP Addresses view is now available to all Detectify customers, reinforcing the company's commitment to empowering security teams with cutting-edge solutions to safeguard organizations’ ever-evolving attack surfaces. For more information visit www.detectify.com
About Detectify
Detectify sets the standard for External Attack Surface Management (EASM), providing 99.7% accurate vulnerability assessments. Product security and AppSec teams trust Detectify to expose exactly how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous real-world, payload-based attacks crowdsourced through its global community of elite ethical hackers, exposing critical weaknesses before it’s too late. Go hack yourself: detectify.com.
Read More
Enterprise Security, Platform Security, Software Security
Prnewswire | July 06, 2023
Safe Security, the AI-Driven Cyber Risk Management company, announced today that it has joined the Center for Threat-Informed Defense (Center), operated by MITRE Engenuity, as a Research Sponsor. This partnership will enhance the organization's ability to develop resources to protect against cyberattacks through its unique approach to public interest collaborative research and development (R&D).
"We are proud to announce our partnership with the Center as a research sponsor and are excited to share our expertise to drive cybersecurity innovation," said Vidit Baxi CISO and Co-founder at Safe Security. "The Center promotes the co-development of new tools, techniques, and strategies to address challenges in today's highly vulnerable ecosystem. This program allows us to contribute and support global community engagement efforts in understanding and communicating cyber risk. Alongside industry members, we can better articulate and mitigate cyber risks, prioritize specific threat-informed actions to prevent breaches, ultimately contributing to the advancement and improvement of cyber defense."
In 2019, MITRE Engenuity was established as a subsidiary of the MITRE Corporation amid a noticeable shift in R&D investments moving towards the private sector. Recognizing that vital industry investments may become overwhelmed in the conceptual phase without proper guidance, the subsidiary aims to ensure effective implementation through nurturing and radical collaboration. Operating within the dynamic cybersecurity landscape, MITRE Engenuity brings together experts, organizations, and investors in a non-competitive environment to foster generational impact for the public good.
SAFE's research collaboration will build on the MITRE ATT&CK® framework, forming the foundation for a threat-informed defense approach to counter the latest techniques leveraged by today's most advanced threat actors. The Center also works to provide defenders with a deep understanding of adversary tradecraft and advances in developing countermeasures to prevent, detect, and mitigate modern threats by identifying trends in attacker behavior that can inform the threat intelligence community.
Using its AI-fueled cyber risk cloud of clouds platform for predicting and preventing cyber breaches, SAFE evaluates the efficacy of cyber controls by automatically mapping common vulnerabilities and exposures (CVEs) and cyber controls across the kill chain using the MITRE ATT&CK and D3FEND frameworks. This approach enables CISOs to visualize and assess cybersecurity. Predictive data models co-developed with MIT empower CISOs to translate the bits and bytes of cyber risk into dollars and cents, allowing them to communicate these risks to the board effectively and all risk stakeholders.
SAFE delivers a data-driven, real-time solution for measuring, managing, and mitigating cyber risk. It gives organizations an aggregated view of enterprise security risk by collating disparate cyber signals for single visibility across their attack surface, technology, people, and third parties. SAFE is dedicated to working with the Center in its continuous efforts to make meaningful contributions to the cybersecurity community, enabling organizations to move from a reactive state to a predictive posture to understand the likelihood of different cyber risk scenarios.
"The Center for Threat-Informed Defense serves as a hub for top-tier security teams worldwide to collaborate on identifying and resolving the most pressing challenges confronting cyber defenders," said Jonathan Baker, Co-Founder and Director of the Center for Threat-Informed Defense. "We are thrilled to have Safe Security on board as we strengthen our collective understanding of adversary behaviors and our ability to thwart cyber attacks."
About The Center for Threat-Informed Defense
The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The center's mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the center builds on MITRE ATT&CK, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the center operates for the public good, outputs of its research and development are available publicly and for the benefit of all. For more information, contact ctid@mitre-engenuity.org.
About Safe Security
Safe Security is the leader in cyber risk management SaaS platforms. It has redefined cyber risk measurement and management with its real time, data-driven approach that empowers enterprise leaders, regulators, and cyber insurance carriers to understand cyber risk in an aggregated and granular manner. Using SAFE's predictive AI-driven data models, co-developed with MIT, customers are now empowered to translate the bits and bytes of cyber risk into dollars and cents so that they can prioritize their cyber investments to most effectively mitigate their risk and understand the return on security investments. Having raised over $100M, Safe is growing over 200% year over year, consecutively for the last three years and serves some of the largest global enterprises.
Read More
Enterprise Security, Platform Security, Software Security
PR Newswire | August 09, 2023
BigID, the leading platform for data security, privacy, compliance, and governance, today announced native AI support to copilot organizations' innovation and adoption of generative AI: revolutionizing data management and security. With BigID's AI, organizations can now achieve better data visibility, clarity, and organization to accelerate their ability to improve their data security posture, wherever their data lives.
To effectively safeguard critical data, security teams need comprehensive visibility and understanding of their data assets, relying on an updated and comprehensive data inventory. Legacy tools leave organizations with fragmented perspectives, lacking the context needed to identify data requiring protection.
BigID accelerates organizations of all sizes to get the most out of AI - and adapt & innovate while they're doing it.
Benefits at a Glance:
Get Better Data Clarity: Automatically assign easy-to-understand names and business terms to data tables and columns for better insight into sensitivity and business value.
Intelligently Organize Your Data: Quickly group similar types of documents and apply human readable titles and descriptions.
Accelerate Risk Reduction: Generate summaries of data security posture management, automate risk assessments, and get recommended actions based on the data itself.
Govern large language models (LLMs) securely: Reduce risk of adapting AI by flag, tag, and labelling LLM data as safe for use - ensuring these models aren't being trained on personal, sensitive, regulated, or private information.
"With BigID's AI-driven automation, customers can now effortlessly navigate their data landscape, prioritize security efforts, and gain a level of clarity that was previously unattainable," said Tyler Young, CISO of BigID. "The world of generative AI brings risk and uncertainty around security - BigID makes it easy to innovate and adapt AI - all while decreasing the attack surface."
About BigID
BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance, and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com.
Read More