DATA SECURITY

eSentire Leverages Guidewire to Quantify and Reduce Cyber Security Risk

eSentire | October 11, 2021

eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), and Guidewire Software, Inc. today announced that eSentire is leveraging Guidewire Cyence’s market-leading, internet-scale cyber data listening and modeling capabilities to support in financially quantifying and reducing cyber risk.

Cyber threats pose one of the greatest risks to businesses today, yet it is becoming increasingly harder to identify and protect against those risks and secure insurance coverage,The combination of eSentire and Guidewire Cyence technologies and expertise fill a significant gap to help businesses assess, design, and implement cyber risk solutions and quantify their security ROI and risk reduction.

eSentire Chief Technology Officer Dustin Hillard

eSentire’s technical cybersecurity expertise in 24/7 threat detection and response to real-time and zero-day threats, combined with Guidewire’s strengths in economic modeling, will enable cybersecurity leaders to tie the efficacy of their security spends to security program return-on-investment.

The eSentire Atlas XDR platform, ingesting data from over 1,000 customers across 70 countries worldwide, automatically blocks more than 1 billion threats per year and learns from more than 2 million rapid, human-led investigations per year, yielding a significant proprietary data set that maps internal risk factors to security outcomes. Guidewire’s cyber risk modeling and scoring data for more than 600,000 businesses is now integrated with eSentire’s asset risk scoring, providing security recommendations through eSentire’s Insight Portal:

Business Risk Scoring: eSentire customers now have access to Guidewire’s Cyence Risk Rating within the eSentire Insight portal. This business risk rating predicts the probability of a public data breach in the next 12 months. Each business risk rating is contextualized based on industry, size, and revenue band in comparison to its segment peers.

Asset Risk Scoring: eSentire customers will benefit from eSentire’s own artificial intelligence risk models learned from targeted attacks defended across its global customer base to determine the probability of an internal security incident originating at the asset level over the next three months. eSentire leverages these insights to make proactive security recommendations on how to reduce each customer organization’s risk.

The Royal United Services Institute reported that despite ransomware being the leading claim source for cyber insurers, many organizations are not approved due to open internet access, primarily through open Remote Desktop Protocols (RDP). Through their work together, eSentire and Guidewire have identified and remediated several open RDP scenarios, thereby reducing risk and enabling the organizations to improve their cyber insurance risk profile. In fact, eSentire and Guidewire have developed preferred cybersecurity insurance relationships with Guidewire customers that deliver improved deductibles and expansive coverage for eSentire customers.

Hillard added, “eSentire customers now have the opportunity to engage with an expert Cyber Risk Advisor to build a proactive security plan tailored to reducing risk in their environment while considering business- and asset-specific insights,” says eSentire Chief Technology Officer Dustin Hillard. “As a result of our work together, we earn the confidence of the insurance market and our customers get improved cyber risk insurance pricing and policy coverage.”

“We are thrilled to join eSentire in making tangible, transparent, and quantifiable cyber risk reduction a reality for businesses worldwide,” says Guidewire Chief Innovation Officer Paul Mang. “We are committed to helping organizations manage the economic volatility associated with cyber threats, both through the efficient use of risk transfer insurance solutions and through proactive risk management actions.”

This exciting innovation in cyber risk quantification has been complemented by the introduction of eSentire’s Cyber Risk Advisor program as part of the firm’s overall customer success engagement model. These advisors are security practitioners with consultative and solutions architecture experience, who act as an extension of the customer’s cybersecurity team, demonstrating a clear understanding of each organization’s business objectives and security priorities. The Cyber Risk Advisor supports customers with infrastructure assessments, regular service reviews, and interprets risk scoring metrics to develop a tailored risk reduction roadmap with recommendations that prioritize risk mitigation. These recommendations are based on the insights driven from eSentire’s 24/7 Security Operations Center, Threat Response Unit (TRU), and the new Guidewire Cyence Risk Rating integration.

About eSentire
eSentire, Inc., the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business-disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analytics & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response Services. For more information, visit www.esentire.com and follow @esentire.

About Guidewire Software
Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 450 insurers, from new ventures to the largest and most complex in the world, run on Guidewire.

As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record, with 1,000+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of applications that accelerate integration, localization, and innovation.

Spotlight

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

Spotlight

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

WinMagic partners with Lumen Technologies to offer mission-critical cybersecurity solutions

Globenewswire | May 29, 2023

WinMagic Inc. (the "Company" or "WinMagic") is proud to announce that it is now a member of the Lumen Technologies (NYSE: LUMN) Channel Partner program. WinMagic offers powerfully simple and seamless authentication and encryption solutions that use the endpoint to deliver unbeatable security. This partnership will enable the Company to leverage Lumen’s extensive network and cloud and security solutions to expand capabilities to existing WinMagic customers and enter new markets through access to Lumen’s comprehensive partner program. As a Lumen Channel Partner, WinMagic can draw on Lumen’s integrated portfolio of global solutions to enable greater product adaptability regarding network services, infrastructure and applications. Lumen’s solutions and infrastructure, combined with WinMagic’s innovative authentication and endpoint encryption products, provide customers with a complete portfolio of cybersecurity solutions. “This is a game-changer for customers. Paired with WinMagic’s next-gen security, Lumen’s edge compute infrastructure and portfolio of advanced solutions gives customers real power,” said Sara Seegers, regional vice president of indirect channel sales at Lumen. “Customers want to scale their operations as quickly as possible. They know this is the key to increasing their efficiency and growing their business. Together, we can bring results that exceed customer expectations.” "This partnership with Lumen brings users WinMagic’s most secure authentication technology to date with an incredible user experience," said Rahul Kumar, vice president of sales at WinMagic. "Our MagicEndpoint provides real-time, continuous authentication of the user plus endpoint device without requiring any user action. This strategy delivers the ‘always verify’ element of zero-trust security. We're excited to extend our next-gen security solutions to the Lumen network." WinMagic’s MagicEndpoint passwordless authentication solution delivers preboot authentication, Windows login and passwordless authentication to online services and applications. The software’s zero-trust security design complements government and commercial environments while delivering an end-to-end secure user experience. SecureDoc endpoint encryption enables organizations to secure all their data at the same time, keeping it safe from cyberattacks without disrupting productivity. About Lumen Technologies Lumen connects the world. We are dedicated to furthering human progress through technology by connecting people, data and applications — quickly, securely and effortlessly. Everything we do at Lumen takes advantage of our network strength. From metro connectivity to long-haul data transport to our edge cloud, security and managed service capabilities, we meet our customers' needs today and as they build for tomorrow. For more information, visit www.lumen.com. About WinMagic WinMagic is a leading developer of cybersecurity solutions that, for 25 years, has raised the bar for endpoint encryption. Over 2,500 businesses and government agencies trust the company with over 3 million active licenses globally. The WinMagic authentication and encryption suite protects your company's data, on-premises or in the cloud. WinMagic delivers a seamless authentication and encryption experience that increases productivity while protecting users and data. For more information, visit www.winmagic.com.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Bitsight Expands into Integrated Cyber Risk Management Empowering Risk Leaders to Address Rising Threats to Business Operations

Prnewswire | April 21, 2023

Bitsight, a leader in managing and monitoring cyber risk, today unveiled its expansion into a broader category of integrated cyber risk management. As the category creator and global leader in the cybersecurity ratings industry, Bitsight's enhanced strategy will deliver new capabilities to empower security professionals and business leaders to more effectively and holistically manage cyber risk. The announcement includes large-scale distribution of risk data and insights through Moody's/BVD's Orbis, a new Third-Party Vulnerability Detection & Response solution, and more predictive cyber risk ratings that help mitigate cyber risk and make CISOs and risk professionals' jobs easier. Bitsight's integrated solutions address the needs of CISOs and risk leaders, whose roles have become more challenging in recent years with digital transformation, supply chain risk, and expanded attack surfaces. "As the cyber threat landscape worsens and the global regulatory landscape demands more nimble and thorough risk management, Bitsight has evolved to stay ahead of our customers' needs. Business leaders, risk leaders and boards are turning to us as an integrated solution to manage risk and build trust across their ecosystem," said Bitsight CEO Steve Harvey. Furthermore, comprehensive cyber risk management is also essential to good corporate governance, reaffirmed by the recently released White House national cyber strategy, pending SEC regulations on cybersecurity disclosure, and cybersecurity requirements emerging throughout Europe and Asia. Harvey noted, "Our strategic shift to become an integrated cyber risk management leader means we're able to provide customers and governments with the industry's most impactful data, services and tools to confidently navigate the uncertain cyber landscape." Accelerated Partnership with Moody's Corporation Newly-added integrations with Moody's will deliver expanded insights for enterprises and assist with holistic cyber risk management. In October 2021, Moody's Corporation invested $250 million in Bitsight, and the two companies announced a landmark partnership agreement. Through this partnership, Bitsight became the primary cyber risk analytics provider across Moody's suite of integrated risk assessment offerings. Bitsight data is now accessible by nearly 2,000 global credit analysts within Moody's Investors Service. These analysts are leveraging Bitsight to better understand the relative cyber risk of issuers, engage issuers on cybersecurity risk, and publish research on the intersection of cyber risk and credit risk. Additionally, Bitsight ratings data is now also integrated within Moody's Analytics' BVD Orbis platform, enabling non-technical risk managers to easily consider cyber risk factors in counterparty risk analysis. "The rise of cyberattacks and ransomware has created an imperative for business leaders and boards to assess and quantify their cyber risk," said Moody's Analytics President Stephen Tulenko. "Bitsight is our trusted partner in helping leaders to better understand, measure, and navigate the cyber risk landscape with confidence." Through these integrations, Bitsight and Moody's insights may be used together in powerful combinations for applications such as Know-Your-Customer, supply chain management, insurance underwriting, and credit risk assessment. New Third-Party Vulnerability Detection & Response Application To further its cyber risk management capabilities, Bitsight has enhanced its Third-Party Vulnerability Detection tool to include a Response workflow. Zero-day attacks and other vulnerabilities are increasingly common, and most companies are struggling to properly manage third-party exposure to critical vulnerabilities quickly, effectively, and at scale. With Vulnerability Detection & Response, cybersecurity teams can now access the most important vulnerability data and effectively prioritize vendor outreach with built-in questionnaires while tracking vendor response progress in real time. This release is another innovative application showcasing Bitsight's continued commitment to helping customers better monitor, manage, and mitigate vulnerabilities across their third-party ecosystems. More Predictive Cyber Risk Ratings – Bitsight's Ratings Algorithm Update Bitsight has launched a new ratings algorithm, with several key enhancements, most notably modifying the weights of several risk vectors based on independent research and insight into how those risk vectors correlate to real life cyber events. As a part of delivering an integrated cyber risk management solution, Bitsight remains committed to investing in and producing actionable cybersecurity ratings that have the strongest correlation in the industry to the likelihood of a cyber incident. "Cybersecurity ratings remain a critical tool in cybersecurity and risk leaders' arsenals, while the pressures and demands to address cyber risk have significantly expanded," said Harvey. As attacks on organizations intensify and business leaders demand greater strategic support to address risk, Bitsight's mission to build trust in the digital economy has extended well beyond cyber risk ratings. "Risk leaders globally spend every day working against a relentless and growing problem of cyber risk uncertainty," said Harvey. "And as waves of digital transformation continue to disrupt cybersecurity stability, we are committed to supporting our current and future customers with a broad and unified cyber risk management solution that helps them navigate with greater confidence." Supporting Resources Learn more about our partnership with Moody's Corporation here Learn more about Third-Party Vulnerability Detection & Response her Learn more about the Rating Algorithm Update here About Bitsight Bitsight is a global cyber risk management leader transforming how organizations manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. Built on over a decade of market-leading innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Banyan Security Introduces World’s First Device-Centric Security Service Edge (SSE) Solution

Globenewswire | April 05, 2023

Banyan Security, a leading provider of zero trust access solutions for the modern workforce, is proud to announce the launch of its innovative Device-Centric Security Service Edge (SSE) solution. Banyan’s offering delivers a comprehensive range of integrated security measures to safeguard the modern workforce – including Zero Trust Network Access (ZTNA), Virtual Private Network as a Service (VPNaaS), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG) – all in a unified product that is simple to implement and boosts employee productivity. Unlike traditional security products focused on the network perimeter, Banyan’s device-centric SSE brings the user and device to the forefront of protection, enabling intelligent, risk-based connectivity and threat detection. Working in concert with the Banyan Cloud permits consistent policy enforcement without needing to route all enterprise traffic through vendor data centers or expensive on-premise appliances, which significantly improves the user experience. Moreover, Banyan’s device-centric approach treats clientless scenarios as first-class citizens, enabling seamless access combined with granular policy controls. “The launch of our device-centric Security Service Edge solution marks a major milestone for our company, delivering on the idea of enabling workers to securely do their job from anywhere” said Jayanth Gummaraju, CEO and Co-founder of Banyan Security. “We saw a clear need for a new solution that does not suffer from the baggage of existing network-centric approaches. What we’ve built brings together device and network security in a unique way to secure all types of access – private or internet. This approach reduces the attack surface and provides a frictionless user experience, thus increasing employee productivity. We’re excited to see customers and industry partners embracing our approach, and are confident that our solution will exceed expectations, revolutionizing the way organizations think about workforce security." Banyan Security’s strategic partners understand that a new approach is needed to effectively realize the promise of a zero trust framework. “We are thrilled to partner with Banyan Security to deliver more value to our joint customers. The partnership provides a risk-based approach to security and simplifies the deployment of Zero Trust initiatives,” said Akhil Kapoor, Vice President of Business Development at SentinelOne. “Together, we can offer unparalleled protection and peace of mind to organizations as they navigate an ever-evolving threat landscape.” The implications of a device-centric SSE product are revolutionary, providing organizations with considerable benefits including: Improved User Experience – Localized, intelligent decision making minimizes latency and results in a better user experience. Rather than forcing organizations to ship all traffic to the cloud for inspection, each device makes the optimum access and security decisions. Coupling faster decision making with an always-on approach minimizes potential gaps for advanced threats to exploit. Better Enterprise Security – The Banyan SSE solution includes multiple layers of security, providing least privileged access for users regardless of location. Additional security is provided by incorporating real-time, continuous authorization using advanced risk modeling based on user, device, resource, and threat profiles. Together these features provide superior threat protection and automated threat remediation. Lower Total Cost of Ownership – a device-centric Security Service Edge is significantly easier to deploy and manage for most organizations. Rather than having to configure complex network environments to support the analysis and routing of user traffic, this happens locally on end-user devices based on intuitive selections made in the Banyan admin console. Advanced discover and publish capabilities further simplify deployments and results in much lower total cost of ownership for an organization versus legacy solutions. Deployment Flexibility – The Banyan Security SSE solution architecture provides additional benefits for organizations that are concerned with data privacy and security. Unlike other SSE solutions, the Banyan Security Platform can be configured to route encrypted traffic through either the Banyan cloud infrastructure or directly through a service installed and maintained in the organization’s infrastructure. This capability allows the freedom to address the needs of any regulatory or security-conscious environment. Banyan’s customers, aware that existing solutions were not addressing the rapidly changing requirements of a distributed workforce, have rallied behind the Banyan Security Platform. “With Banyan Security’s device-centric SSE, we confidently replaced our legacy VPN and accelerated our zero trust architecture initiatives. Their robust solution empowers us to secure our cloud-first environment, seamlessly monitor security posture through efficient device checks, and ultimately enhance our primary customers’ security – our users,” said Cesar Esteban, Staff Security Engineer at Snapdocs. “Investing in Banyan Security has transformed our approach to cybersecurity and unlocked new potential for serving our users better.” About Banyan Security Banyan Security provides secure, zero trust “work from anywhere” access to applications and resources for employees and third parties while protecting them from being phished, straying onto malicious web sites, or being exposed to ransomware. A Flexible Edge architecture enables rapid, incremental deployment on-premises or in the cloud without compromising privacy or data sovereignty. A unique device-centric approach intelligently routes traffic for optimal performance and security delivering a great end user experience. Banyan Security protects workers across multiple industries, including finance, healthcare, manufacturing, and technology.

Read More