DATA SECURITY

Flashpoint Acquires Vulnerability Intelligence Leader Risk Based Security

Flashpoint | January 13, 2022

Flashpoint, the trusted leader in threat intelligence and risk prevention, today announced it has acquired Risk Based Security (RBS), a Richmond, Virginia-based company specializing in vulnerability and data breach intelligence, as well as vendor risk ratings. The integration of RBS’s collections and technology into the Flashpoint platform offers a wide range of cybersecurity practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management teams—the contextual threat intelligence and automation they need to detect, prioritize, and thwart emerging cyber risks rapidly and holistically.

“I am incredibly excited to welcome the RBS team to Flashpoint,This acquisition will enable our clients to rapidly detect critical vulnerabilities before they are widely known, and then automate how they prioritize and remediate these issues. This is a game changer for security teams and represents a vital step towards achieving Flashpoint’s vision of being the single vendor that enterprises can rely on to mitigate all types of security risks and protect critical assets.”

Flashpoint CEO Josh Lefkowitz

Since its founding in 2011, Risk Based Security has partnered with a diverse group of clients, including Microsoft, BlackRock, Northrop Grumman, Swisscom, American Electric Power, Amtrak, and numerous other enterprises across the technology, financial, insurance, and consumer goods sectors. To date, RBS possesses over 90,000 vulnerabilities in its collections that are not assigned CVE IDs and therefore do not exist in the National Vulnerability Database (NVD). RBS’s proprietary technology consistently identifies vulnerabilities before they are commonly known—and maps those vulnerabilities to an enterprise’s software—providing clients with a critical edge and head-start on potential adversaries.

“We’re thrilled to join forces with Flashpoint,” said Jake Kouns, CEO of RBS. “It’s rare to find two organizations so similar in culture with a mutual drive to get things done. Our visions align perfectly, and we are excited to collaborate with them to bring a holistic, risk-based intelligence offering to a broad market.”

AN ASSET-BASED APPROACH TO INTELLIGENCE AND RISK MANAGEMENT
RBS’s extensive vulnerability, data breach, and proprietary vendor risk ratings empower security teams to quickly assess and remediate vulnerabilities based on their unique risk profile—making it the only vulnerability management tool on the market that provides scanless, real-time vulnerability intelligence with vendor and product risk ratings. With this technology, Flashpoint will be able to reveal a customer’s exposure to critical vulnerabilities and supply chain weaknesses, provide contextual awareness into how these vulnerabilities are being exploited by threat actors, and prioritize and automate the actions needed to remediate potential threats.

In light of recent critical vulnerabilities like the highly-publicized disclosure of Log4j, early detection and rapid prioritization of risks is more important than ever. Moving beyond a reactive approach to threats, a combined Flashpoint and RBS solution will drive immediate and differentiated value to all types of security practitioners who are focused on protecting critical assets and infrastructure.

ABOUT FLASHPOINT
Trusted by governments and the Fortune 500, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps and vendor risk management teams—rely on Flashpoint's intelligence platform to proactively identify and mitigate risk and stay ahead of the evolving threat landscape.

ABOUT RISK BASED SECURITY
Risk Based Security (RBS) provides detailed information and analysis on Vulnerability Intelligence, Vendor Risk Ratings and Data Breaches. Our product, the Risk Based Security Platform, combines VulnDB and Cyber Risk Analytics (CRA), providing organizations access to the most comprehensive security intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner.

Spotlight

IT security has gone through major changes. Enterprises today are facing a rapid expansion of diverse users, along with an influx of applications, device types, APIs, and microservices, all while navigating new initiatives such as big data and the cloud. Data is everywhere: we are collecting, storing, and processing it, while needing to both share and protect it—something that becomes increasingly more difficult when data is mission sensitive or business critical. The fact remains, our once simple IT landscape is now a complex, ever-evolving, constantly growing mass of users and the data related to them.

Spotlight

IT security has gone through major changes. Enterprises today are facing a rapid expansion of diverse users, along with an influx of applications, device types, APIs, and microservices, all while navigating new initiatives such as big data and the cloud. Data is everywhere: we are collecting, storing, and processing it, while needing to both share and protect it—something that becomes increasingly more difficult when data is mission sensitive or business critical. The fact remains, our once simple IT landscape is now a complex, ever-evolving, constantly growing mass of users and the data related to them.

Related News

DATA SECURITY

Mayorkas to Announce the Largest Cybersecurity Hiring Initiative in DHS History

Mayorkas | July 06, 2021

Alejandro N. Mayorkas, Secretary of Homeland Security, has announced its onboarding of 300 cybersecurity professionals and an extension of other 500 tentative job offers in the Department’s largest cybersecurity hiring initiative in its history. This initiative is part of a 60-day Cybersecurity Workforce Sprint, aiming to build a more diverse and multi-talented cybersecurity workforce. According to Secretary Mayorkas, cyber threats and crimes are increasing, so we should prepare well to defend it by hiring more talents. In early May, Secretary Mayorkas set a goal to hire around 200 new cybersecurity personnel in the Department by July 1. The achievement of the Cybersecurity Workforce Sprint shows a strong wish by our country's highest cyber talent to bestow them to public service and support blocks some of the most compound trials we come across today. DHS is dedicated to confirming its staff represents the varied communities it assists. To this end, the Cybersecurity Workforce Sprint is stranded in diversity, equity, and inclusion most acceptable practices, and comprises targeted outreach to underserved communities. Secretary Mayorkas, this month, will also launch an Honors Program starting with an initiative to recruit recent graduates with degrees in cybersecurity-related arenas for a one-year specialized development program at DHS. Participants who productively complete this program will be qualified for enduring, full-time cybersecurity positions at the Department. Additionally, the Department's Cybersecurity and Infrastructure Security Agency (CISA) is mounting its K-12 initiative to nurture the next generation of diverse cybersecurity professionals. Secretary Mayorkas, in March, outlined his dream for the Department's cybersecurity urgencies during a virtual address hosted by RSA Conference in corporation with Hampton University and Girl Scouts of the USA. The Secretary highlighted a series of full sprints intended to raise existing work, eliminate roadblocks to development, and take off new initiatives and partnerships to attain DHS’s cybersecurity assignment and implement the Biden-Harris Administration's primary concern. The first sprint was concentrated on raising consciousness about the cumulative risk of ransomware.

Read More

DATA SECURITY

CynergisTek Announcesa three-year Alliance with Leading Medical System to Combat Healthcare Cyber Threats

CynergisTek | January 07, 2022

CynergisTek Announcesa three-year Alliance with Leading Medical System to Combat Healthcare Cyber Threats CynergisTek a leading cybersecurity, privacy, compliance, and IT audit firm, announced that it has signed a 6-figure, multi-year Resilience Partner Program (RPP) agreement. This program aims to provide annual cybersecurity risk assessments, testing, and advisory services. The program will benefit a leading, nationally recognized, community-owned medical system. The program will allow the healthcare system to reduce cybersecurity risks and function smoothly. “We look forward to serving this client with our Resilience Partner Program and we understand the need to provide healthcare organizations support to not only discover gaps, but also figure out how to prioritize remediation and stick around for advisory support. The threat environment has increased through the pandemic, with more cyber-attacks and criminal behavior being directed towards the healthcare industry just as the environment has become more vulnerable. The cost of these cyber events is rising sharply with cyber insurance premiums and compliance requirements increasing. To meet these challenges, CynergisTek continues to partner with our clients, roll out services, and evolve our existing services, resulting in 2021 being our strongest annual bookings year in the last three.” Mac McMillan, CEO and President at CynergisTek The Resilience Partner Program of CynergisTek is aimed at supporting various needs of healthcare clients related to cyber threats. The programs offer multiple services, such as: Annual risk assessments Medical device security Vendor security management Technical testing Control validation Advisory support Remediation guidance

Read More

SOFTWARE SECURITY

midmarket businesses, NormCyber has launched Cyber Security and Data Protection as a Service offerings.

NormCyber | March 10, 2021

NormCyber, a main supplier of oversaw network safety and information insurance administrations, today reported the presentation of its Cyber Security and Data Protection as a Service arrangements. Planned explicitly to address the security and individual information difficulties of midmarket associations, the two administrations offer degrees of insurance and ability which are generally simply available to endeavors, for around 33% of the expense of an in-house arrangement. Digital protection as a Service from standard. unites the three mainstays of a powerful digital safeguard technique – individuals, interaction and innovation – and gives clients close to ongoing perceivability of their digital related danger through its online client entry. The help consolidates innovation from worldwide network protection pioneers like FireEye, Fortinet and Qualys, digital mindfulness and phishing preparing from CybSafe, and accreditation to Cyber Essentials or Cyber Essentials Plus. CSaaS can be conveyed inside merely days, and is offered for one month to month membership expense. Information Protection as a Service is a virtual DPO offering driven by a completely qualified information insurance legal advisor. Accessible as either a Basic or Premium assistance, it underpins clients in accomplishing consistence with the GDPR and other information assurance laws, just as assisting them with cultivating believed, reasonable associations with clients and partners by showing their obligation to ensuring singular security rights. "Midmarket organisations have traditionally been underserved and underrepresented when it comes to both cyber security and data protection," said Pete Bowers, COO at NormCyber. "Regarded as too complex and expensive for many, these companies have had to either make do with a limited selection of point products, or simply hope that a breach will never happen to them. We don't think it should be that way, which is why we developed both of these services to deliver the levels of protection they need, without the cost, resource and stress burden that they would rather do without"

Read More