In Defense of Maturity-based Approaches for Cyber Security

business2community | February 25, 2020

This interesting piece from McKinsey made me think and deserves some comments: “The risk-based approach to cybersecurity”. The risk-based approach itself which it promotes has solid foundations, and in fact is nothing new. Actually, it echoes in many ways the model we – at Corix Partners – have been developing and delivering with clients and associates for the past 10 years .But I don’t think it makes sense – or indeed helps the industry move forward – to oppose maturity-based approaches and risk-based approaches. And the characterization of maturity-based models as “a dog that had its day” is frankly excessive. The assumption that risk-based approaches are somehow more advanced than maturity-based ones, and represent an “evolution” of cyber security practices is highly disputable, and the quantification of maturity-based approaches as leading to over-engineering and over-spending by a factor 3 compared to risk-based approaches is simply misleading (a foot note actually refers to the costs mentioned as “illustrative and extrapolated from real-world examples and estimates”).

Spotlight

"Each winter, Forrester outlines 12 important recommendations for your security strategy for the coming year. We base these recommendations on thousands of client inquiries and interactions, consulting engagements, and dozens of primary research interviews with CISOs, security vendors, and major security consultancies and service providers."

Spotlight

"Each winter, Forrester outlines 12 important recommendations for your security strategy for the coming year. We base these recommendations on thousands of client inquiries and interactions, consulting engagements, and dozens of primary research interviews with CISOs, security vendors, and major security consultancies and service providers."

Related News

DATA SECURITY

Major European Banks Invest In DDoS Attack Simulation Platform From HUB Security

HUB Security | December 10, 2021

HUB Security announced its 2021 summary of sales for its D.Storm product to several leading customers in Israel, as well as three central banks in Europe, for an accumulated revenue of approximately €1 Million. D.Storm is HUB Security's unique cybersecurity SaaS platform for the simulation of DDoS attacks, where cybercriminals flood servers with false data to cause websites to crash. HUB Security developed the product by utilizing its many years of experience conducting risk assessments and analyzing the attack patterns of cyberattackers for customers around the world. "DDoS attacks are becoming more frequent, larger in size, and longer with the use of new botnets,The strong sales and feedback of D.Storm indicate that companies are responding seriously and conducting rigorous testing to better understand how to upgrade their cybersecurity programs." Eyal Moshe, CEO and co-founder of HUB Security HUB Security also announced that it is currently in advanced negotiations for the sale of D.Storm to a number of additional customers in Israel and abroad. Three more global banks are also in the process of having advanced proof-of-concept (PoC) discussions. HUB Security estimates that it will soon finalize additional contracts worth millions of Euros in sales in 2022. The purpose of D.Storm is to identify vulnerabilities and exploits in an organization's infrastructure by replicating real-world attack methods using fully automated tools. The platform enables customers to run dozens of DDoS attack methods, including volumetric, infrastructure, and application attacks. With the aid of tens of thousands of attack bots that spread across different countries and continents, D.Storm is fully capable of imitating real browsers, which simulates the challenge of distinguishing between fake and legitimate users. The platform collects data from the bot attacks in real-time and presents it to the user for in-depth analysis. This approach allows customers to substantially minimize their attack surface and prepare measures to withstand potential DDoS attacks on their strategic and sensitive assets. HUB Security estimates that sales of the solution are expected to have a material effect on its activities in 2022. About HUB Security HUB Security was established in 2017 by veterans of the 8200 and 81 elite intelligence units of the Israeli Defense Forces. The company specializes in unique Cyber Security solutions protecting sensitive commercial and government information. The company debuted an advanced encrypted computing solution aimed at preventing hostile intrusions at the hardware level while introducing a novel set of data theft prevention solutions. HUB operates in over 30 countries and provides innovative cybersecurity computing appliances as well as a wide range of cybersecurity professional services worldwide.

Read More

DATA SECURITY

Data Protection Platform, Protegrity to introduce dynamic monitoring and data masking capabilities

helpnetsecurity | June 11, 2021

Version 8.1 of Protegrity, the latest version of the Protegrity Data Protection Platform, is released. This has the features such as monitoring capabilities and dynamic data masking. It provides all the customers, from a single data store, multiple data-protection methods. The company has also introduced Protegrity Cloud API and a redesigned logging architecture. Monitoring and dynamic data masking provide visibility and control for sensitive data access With this functionality, version 8.1 of the Protegrity Data Protection Platform gives a greater level of control and choice to meet the data protection they need to run their business smoothly. Monitoring capabilities provide customers standard visibility into how data is being retrieved and used across the company. Customers can utilize dynamic data masking of Protegrity for a greater level of control over their sensitive data. Unicode tokenization delivers language-preserving data security for global businesses Unicode is a standard for the consistent handling, encoding, and representing text expressed in the world's writing systems. Protegrity, with version 8.1, now brings all the benefits of its tokenization to all text encoded in the one- and two-byte Unicode standards. New cloud API and logging architecture enhance platform functionality Along with new data-protection methods, including data masking, monitoring, and Unicode tokenization, version 8.1 of Protegrity has revealed the following essential platform enhancements: • Protegrity Cloud API • Redesigned logging architecture

Read More

SOFTWARE SECURITY

Radware Expands its Partnership with Presidio

Radware | March 21, 2022

Radware, a global leader of cyber security and application delivery solutions, today announced that it has signed a multi-year agreement to expand its partnership with Presidio, Inc, a global digital services and solutions provider that helps businesses modernize their security technology. Presidio is expanding its cyber security package to include Radware's application and API security solutions, bots management, DDoS protection, and Cloud Native Protector to secure its clients' on-premise, cloud, and hybrid infrastructures. “Preparation to protect against cyberattacks is more critical than ever before, and we help our customers every step of the way. Through this partnership, we are combining Radware’s industry leading technology along with our team’s extensive expertise to create a force in fighting emerging cyber threats.” Chris Cagnazzi, senior vice president and general manager at Presidio For applications hosted in cloud settings, Radware delivers 360-degree, real-time security. Radware defends the application surface against malicious traffic as well as the underlying cloud infrastructure against intrusion. Radware offers a web application firewall (WAF), bot management, API security, and DDoS protection for application security. The security is built on proprietary behavioral-based algorithms that learn genuine behavior traffic patterns and then differentiate between harmful and legal traffic to provide a greater degree of protection with reduced false positives. Radware's Cloud Native Protector provides comprehensive, multi-layered workload protection against cloud-native threat vectors for cloud workload security. Glitches in the cloud, excessive permissions, malicious conduct, and other issues fall under this category. Bob Simpson, vice president of North American sales at Radware said that “As one of the leading AWS service providers, Presidio has built an industry reputation as a trusted advisor. Customers trust what they bring to the table. We look forward to continuing to work with Presidio to provide state-of-the-art protection to their customers and through the AWS Marketplace.” Radware's solutions continue to be recognized throughout the industry. Radware was ranked second among 11 providers for API security and high security use cases in Gartner's 2021 Critical Capabilities for Cloud Web Application and API Protection report. In their research "The Forrester Wave: DDoS Mitigation Solutions, Q1 2021," Forrester named Radware a worldwide leader. In its 2021 SPARK Matrix: Bot Management report, Quadrant Knowledge Solutions named Radware the leader. Customers, as well as the industry, recognize Radware's technological competence. In the Gartner Peer Insights "Voice of the Customer:" Web Application Firewall report for 2021, Radware was named a Customers' Choice.

Read More