Home > News > featured news > Immersive Labs Unveils World’s First Comprehensive Score to Gauge Enterprise Cyber Resilience

Data Security, Platform Security, Software Security

Immersive Labs Unveils World’s First Comprehensive Score to Gauge Enterprise Cyber Resilience

Businesswire | May 08, 2023 | Read time : 05:00 min

Immersive Labs Unveils World’s First Comprehensive Score

Immersive Labs, the leader in people-centric cyber resilience, today announced the launch of the Immersive Labs Resilience Score. The score measures an organization’s workforce preparedness for cyber attacks and breaches based on Immersive Labs’ years of benchmarking data across industry verticals. The score will help organizations identify weaknesses in their teams’ cyber capabilities, address skills gaps to prevent or mitigate damage to their revenues and brand reputations, and contribute to the factors that can lower insurance premiums.

The Immersive Labs Resilience Score addresses a major challenge facing cyber leaders around the world today: a lack of confidence in, or awareness of, their teams’ real readiness to confront threats. Alarmingly, 80% of cyber leaders don’t think, or are unsure, their teams have the capabilities to respond to future attacks, according to a new study commissioned by Immersive Labs and conducted by Forrester Consulting.*

“There is a common misconception that teams’ cyber capabilities are not measurable, but advancements in cyber exercising give us new insights to predict risk and build vital cyber capabilities across the workforce,” said Paul Bentham, Chief Product Officer, Immersive Labs. “The new Immersive Labs Resilience Score demonstrates that resilience can be assessed, benchmarked, and increased based on performance data. This is a huge leap forward in proving cyber capabilities compared to outdated, legacy cybersecurity training.”

How the Immersive Labs Resilience Score Works

The Immersive Labs platform provides realistic simulations and hands-on cybersecurity labs to evaluate individual and team capabilities across the entire workforce, from executive decision makers to cyber defense, application security, IT, cloud teams and more. Now, when organizations use the platform to upskill their people, they will be able to view their overall resilience score against industry benchmarks and best practices, and see progress over time.

The Resilience Score is calculated based on several factors, including:

  • Executive and Crisis Management teams can effectively manage a complex crisis stemming from a cyber incident with consistent decision making and high levels of confidence
  • Cyber teams can work together to solve complex red-team and blue-team scenarios using real-world environments
  • Cyber teams are assigned to job roles and can prove their ability to carry out tasks in-line with new CVEs and capabilities
  • Developers are able to prove their ability to code securely and systematically reduce vulnerabilities in the SDLC
  • Cloud engineers are able to identify and fix common misconfigurations in real cloud environments
  • End users are confident in end user security outcomes including how to report an incident and spot business email compromise
  • The organization has proper security framework coverage, including MITRE ATT&CK

Teams and individuals are mapped to job skills and are proving their technical abilities and that their skills are being kept up to date

The Immersive Labs Resilience Score will be available to all customers beginning in late Q2 2023. To learn more about this new capability, please visit: https://www.immersivelabs.com/the-score/

*Forrester Opportunity SnapShot: “Cyber Leaders Need a More Effective Approach to Building and Proving Resilience” – A custom study commissioned by Immersive Labs, March 2023

About Immersive Labs

Immersive Labs is the leader in people-centric cyber resilience. We help organizations continuously assess, build, and prove their cyber workforce resilience for teams across the entire organization, from front-line cybersecurity and development teams to Board-level executives. We provide realistic simulations and hands-on cybersecurity labs to evaluate individual and team capabilities and decision-making against the latest threats. Organizations can now prove their cyber resilience by measuring their readiness compared to industry benchmarks, building team capabilities, and demonstrating risk reduction and compliance with data-backed evidence. Immersive Labs is trusted by the world’s largest organizations and governments, including Citi, Pfizer, Humana, HSBC, the UK Ministry of Defence, and the NHS England. We are backed by Goldman Sachs Asset Management, Summit Partners, Insight Partners, Citi Ventures, Ten Eleven Ventures, and Menlo Ventures.

Spotlight

GRC Platform Buyer's Guide

Navigating the crowded GRC vendor market is complicated and time consuming - there are lots of requirements to meet and lots of vendors to sort through. Consistently and efficiently evaluate your vendor shortlist across five categories and dozens of weightable features and capabilities with LogicGate's free buyer's guide and ven

More featured news

Spotlight

GRC Platform Buyer's Guide

Navigating the crowded GRC vendor market is complicated and time consuming - there are lots of requirements to meet and lots of vendors to sort through. Consistently and efficiently evaluate your vendor shortlist across five categories and dozens of weightable features and capabilities with LogicGate's free buyer's guide and ven

Related News

Enterprise Security, Platform Security, Software Security

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

Prnewswire | July 19, 2023

Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file. Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged. The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe. Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks. This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain. About Legit Security Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

Cloud Security

Google Cloud Next 2023 Embraces Generative AI for Safer Digital Future

Google | September 18, 2023

Google reveals its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. Alphabet and Google CEO Sundar Pichai's keynote emphasizes Google's AI-first approach and the transformative impact of AI across industries. Google introduces innovative security updates and trends, highlighting its commitment to enhancing cybersecurity capabilities. Google Cloud extends Duet AI to three key products in preview mode, empowering security teams to address complex cybersecurity challenges more efficiently. Google unveiled its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. This significant revelation follows the broader accessibility of generative AI, made possible earlier this year by technologies like ChatGPT. Google's strategic endeavor aims to harness the potential of AI to combat cybersecurity challenges. Additionally, the event featured a keynote address by Alphabet and Google CEO Sundar Pichai, who underscored the transformative influence of AI across sectors and emphasized Google's extensive history of adopting an AI-first approach. During the conference, Google seized the opportunity to introduce innovative security updates and trends, signifying its commitment to enhancing cybersecurity capabilities for its customers. These developments come at a time when the integration of AI technologies in addressing cybersecurity concerns has gained substantial attention and recognition. Alphabet and Google CEO Sundar Pichai, a prominent figure in the technology industry, initiated the conference, reiterating the profound influence of AI across various sectors, industries, and business functions. His emphasis on Google's decade-long dedication to an AI-first approach solidified the company's leadership position in this transformative era. Furthermore, Google unveiled significant developments in the conference, including expanding Vertex AI with over 100 foundation models and introducing enhancements like PaLM 2, supercomputing capabilities, and the fifth-gen Tensor Processing Units. However, their commitment to democratizing AI was highlighted, demonstrated through customer stories and live demos. Google Cloud's developer advocate, Priyanka Vergadia, showcased Duet AI, an intelligent chatbot assistant that streamlines developers' tasks, saving time and enhancing security. Duet AI automates deployments, configures applications correctly, aids in debugging, and strengthens security. Its preview release marks a step towards achieving shift-left and DevSecOps goals, empowering developers to secure their code effectively and allowing security teams to scale their efforts. The research conducted by ESG and ISSA highlights the challenges faced by cybersecurity professionals. A significant majority (63%) have found their roles increasingly complex over the past two years. A closer look reveals that the surge in complexity (81%), rising workloads, and growing cyberthreats (59%), as well as understaffing issues (46%), are the primary factors contributing to this challenge. In response to these evolving demands, Google Cloud has taken a proactive step by extending the application of Duet AI to three key products, now available in preview mode. These applications empower security teams with Mandiant Threat Intelligence for threat analysis, Google Chronicle for accelerated SecOps processes, and Google Security Command Center for risk mitigation. A live demonstration showcased how Duet AI streamlines security analysts' workflows, making threat detection and response more efficient and enhancing overall security posture management. Google Cloud announced Mandiant Hunt for Chronicle Security Ops in preview, boosting threat hunting with expert Mandiant insights. Agentless vulnerability scanning (powered by Tenable) in preview detects OS, software, and network vulnerabilities on Google Compute Engine VMs. Custom posture findings and threat detectors are now available in the Security Command Center. Cloud Firewall Plus, in preview, enhances firewall service with advanced threat protection (Palo Alto Networks). These updates, utilizing Duet AI in preview, demonstrate Google Cloud's dedication to cybersecurity innovation, with specific availability details to come. The conference also highlighted partner offerings in the ever-evolving cloud security landscape.

Read More

Data Security, Enterprise Security, Software Security

BigID Strengthens Collaboration with Databricks to Automate Security and Governance

Prnewswire | June 27, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today announced an expanded partnership with Databricks, the data and AI company, to provide cutting-edge data security, privacy, and governance solutions to customers. This joint effort aims to automate data discovery and classification, alleviate the workload of data professionals, and streamline governance processes. BigID's integration with Databricks Unity Catalog facilitates bi-directional metadata synchronization and advanced access control. This collaboration empowers Databricks' Unity Catalog customers with comprehensive visibility into their data's sensitivity, allowing the policy engine to implement effective security and governance measures. Unity Catalog, a key priority for Databricks, is a fine-grained governance solution for data and AI on the Databricks Lakehouse Platform. It simplifies security and governance of customer data by providing a central place to administer and audit data access, and track data lineage of all Databricks assets. Customers leveraging this BigID integration will benefit from: Comprehensive and efficient data security and governance within their Databricks environment Streamlined governance processes via automated data discovery and classification Policy automation triggered from BigID and deployed via Unity Catalog In addition to today's announcement, the two companies are collaborating to enable advanced automation expanding upon this integration to provide the ultimate in efficiency for governance operations. "We are thrilled to expand our strategic partnership with Databricks to provide our customers with the most advanced data lakehouse governance capabilities," said Dimitri Sirota, CEO of BigID. "Our joint offering will enable organizations to better understand their data and ensure they are taking the necessary measures to take action for security, privacy, and governance." "Data security and governance are top priorities for our customers, and we are excited to expand our partnership with BigID to deliver a comprehensive solution that addresses these critical needs," said Ariel Amster, Director of Strategic Technology Partners at Databricks. About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

Enterprise Security, Platform Security, Software Security

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

Prnewswire | July 19, 2023

Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file. Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged. The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe. Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks. This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain. About Legit Security Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

Cloud Security

Google Cloud Next 2023 Embraces Generative AI for Safer Digital Future

Google | September 18, 2023

Google reveals its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. Alphabet and Google CEO Sundar Pichai's keynote emphasizes Google's AI-first approach and the transformative impact of AI across industries. Google introduces innovative security updates and trends, highlighting its commitment to enhancing cybersecurity capabilities. Google Cloud extends Duet AI to three key products in preview mode, empowering security teams to address complex cybersecurity challenges more efficiently. Google unveiled its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. This significant revelation follows the broader accessibility of generative AI, made possible earlier this year by technologies like ChatGPT. Google's strategic endeavor aims to harness the potential of AI to combat cybersecurity challenges. Additionally, the event featured a keynote address by Alphabet and Google CEO Sundar Pichai, who underscored the transformative influence of AI across sectors and emphasized Google's extensive history of adopting an AI-first approach. During the conference, Google seized the opportunity to introduce innovative security updates and trends, signifying its commitment to enhancing cybersecurity capabilities for its customers. These developments come at a time when the integration of AI technologies in addressing cybersecurity concerns has gained substantial attention and recognition. Alphabet and Google CEO Sundar Pichai, a prominent figure in the technology industry, initiated the conference, reiterating the profound influence of AI across various sectors, industries, and business functions. His emphasis on Google's decade-long dedication to an AI-first approach solidified the company's leadership position in this transformative era. Furthermore, Google unveiled significant developments in the conference, including expanding Vertex AI with over 100 foundation models and introducing enhancements like PaLM 2, supercomputing capabilities, and the fifth-gen Tensor Processing Units. However, their commitment to democratizing AI was highlighted, demonstrated through customer stories and live demos. Google Cloud's developer advocate, Priyanka Vergadia, showcased Duet AI, an intelligent chatbot assistant that streamlines developers' tasks, saving time and enhancing security. Duet AI automates deployments, configures applications correctly, aids in debugging, and strengthens security. Its preview release marks a step towards achieving shift-left and DevSecOps goals, empowering developers to secure their code effectively and allowing security teams to scale their efforts. The research conducted by ESG and ISSA highlights the challenges faced by cybersecurity professionals. A significant majority (63%) have found their roles increasingly complex over the past two years. A closer look reveals that the surge in complexity (81%), rising workloads, and growing cyberthreats (59%), as well as understaffing issues (46%), are the primary factors contributing to this challenge. In response to these evolving demands, Google Cloud has taken a proactive step by extending the application of Duet AI to three key products, now available in preview mode. These applications empower security teams with Mandiant Threat Intelligence for threat analysis, Google Chronicle for accelerated SecOps processes, and Google Security Command Center for risk mitigation. A live demonstration showcased how Duet AI streamlines security analysts' workflows, making threat detection and response more efficient and enhancing overall security posture management. Google Cloud announced Mandiant Hunt for Chronicle Security Ops in preview, boosting threat hunting with expert Mandiant insights. Agentless vulnerability scanning (powered by Tenable) in preview detects OS, software, and network vulnerabilities on Google Compute Engine VMs. Custom posture findings and threat detectors are now available in the Security Command Center. Cloud Firewall Plus, in preview, enhances firewall service with advanced threat protection (Palo Alto Networks). These updates, utilizing Duet AI in preview, demonstrate Google Cloud's dedication to cybersecurity innovation, with specific availability details to come. The conference also highlighted partner offerings in the ever-evolving cloud security landscape.

Read More

Data Security, Enterprise Security, Software Security

BigID Strengthens Collaboration with Databricks to Automate Security and Governance

Prnewswire | June 27, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today announced an expanded partnership with Databricks, the data and AI company, to provide cutting-edge data security, privacy, and governance solutions to customers. This joint effort aims to automate data discovery and classification, alleviate the workload of data professionals, and streamline governance processes. BigID's integration with Databricks Unity Catalog facilitates bi-directional metadata synchronization and advanced access control. This collaboration empowers Databricks' Unity Catalog customers with comprehensive visibility into their data's sensitivity, allowing the policy engine to implement effective security and governance measures. Unity Catalog, a key priority for Databricks, is a fine-grained governance solution for data and AI on the Databricks Lakehouse Platform. It simplifies security and governance of customer data by providing a central place to administer and audit data access, and track data lineage of all Databricks assets. Customers leveraging this BigID integration will benefit from: Comprehensive and efficient data security and governance within their Databricks environment Streamlined governance processes via automated data discovery and classification Policy automation triggered from BigID and deployed via Unity Catalog In addition to today's announcement, the two companies are collaborating to enable advanced automation expanding upon this integration to provide the ultimate in efficiency for governance operations. "We are thrilled to expand our strategic partnership with Databricks to provide our customers with the most advanced data lakehouse governance capabilities," said Dimitri Sirota, CEO of BigID. "Our joint offering will enable organizations to better understand their data and ensure they are taking the necessary measures to take action for security, privacy, and governance." "Data security and governance are top priorities for our customers, and we are excited to expand our partnership with BigID to deliver a comprehensive solution that addresses these critical needs," said Ariel Amster, Director of Strategic Technology Partners at Databricks. About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

More featured news