Home > News > featured news > In Defense of Maturity-based Approaches for Cyber Security

In Defense of Maturity-based Approaches for Cyber Security

business2community | February 25, 2020

This interesting piece from McKinsey made me think and deserves some comments: “The risk-based approach to cybersecurity”. The risk-based approach itself which it promotes has solid foundations, and in fact is nothing new. Actually, it echoes in many ways the model we – at Corix Partners – have been developing and delivering with clients and associates for the past 10 years .But I don��t think it makes sense – or indeed helps the industry move forward – to oppose maturity-based approaches and risk-based approaches. And the characterization of maturity-based models as “a dog that had its day” is frankly excessive. The assumption that risk-based approaches are somehow more advanced than maturity-based ones, and represent an “evolution” of cyber security practices is highly disputable, and the quantification of maturity-based approaches as leading to over-engineering and over-spending by a factor 3 compared to risk-based approaches is simply misleading (a foot note actually refers to the costs mentioned as “illustrative and extrapolated from real-world examples and estimates”).

Spotlight

A CISO’s Guide to Attack Surface Management Understanding risks and measuring success

Insights for CISO on Their ASM Journey The idea of an attack surface is not new, but how organizations and CISOs need to view their attack surfaces should be updated. Traditionally, IT has looked at an organization's attack surface from the inside out, asking questions like “What are the assets that connect to the wider internet

More featured news

Spotlight

A CISO’s Guide to Attack Surface Management Understanding risks and measuring success

Insights for CISO on Their ASM Journey The idea of an attack surface is not new, but how organizations and CISOs need to view their attack surfaces should be updated. Traditionally, IT has looked at an organization's attack surface from the inside out, asking questions like “What are the assets that connect to the wider internet

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

SafeBreach Integrates with ServiceNow to Transform Security Posture for Enterprises

Businesswire | April 05, 2023

SafeBreach, the pioneer in breach and attack simulation (BAS), today announced integrations with ServiceNow to provide increased visibility into continuous security posture management and allow customers to leverage their existing workflow automation processes to quickly identify and remediate critical security gaps. The integrations with ServiceNow SIR Incident and IT Service Management Incident (ITSM) are certified and available now on the ServiceNow Store. While organizations spend millions of dollars on building their security stack, the ability to contain an active threat has declined by 13% according to a 2020 IBM resilience survey. SafeBreach’s patented Hacker’s Playbook of over 30,000 attacks allows ServiceNow customers to validate their security control infrastructure and processes based on real-world threats. The integration of SafeBreach attack simulation data directly into the Now Platform® provides customers with a holistic view to optimize security operations at all levels and inform security practitioners and executives of high-impact incidents that should be prioritized for remediation. “As a strategic investor in SafeBreach, ServiceNow has an in-depth understanding of the combined value of BAS and workflow automation,” said Itzik Kotler, CTO and Co-Founder, SafeBreach. “We're excited to take this next step, offering customers direct integrations between our platforms to help them gain greater visibility into risk, more quickly take remedial action and ultimately inform a more proactive security strategy.” The SafeBreach integrations provide customers with the ability to: Gain unparalleled visibility into the organizational threat landscape to improve detection, response and remediation speed and efficacy Populate details of attack simulation results directly into ServiceNow Security Incident Response for rapid remediation Identify gaps in threat detection and response by mapping exposures to business risk Progressively transform security operations by developing a security baseline and continuously moving that baseline forward Utilize the MITRE ATT&CK mapping capability to understand risk against the latest threats and remediate any coverage gaps before they are exploited SafeBreach and ServiceNow recently hosted a webinar to provide in-depth insight into the new integrations, including how customers can benefit from the combination of real-world simulation data from the SafeBreach platform with cloud-based workflow and security automation from ServiceNow. About SafeBreach Combining the mindset of a CISO and the toolset of a hacker, SafeBreach is the pioneer in breach and attack simulation (BAS) and is the most widely used continuous security validation platform. SafeBreach continuously executes attacks, correlates results to help visualize security gaps, and leverages contextual insights to highlight remediation efforts. With its Hacker’s Playbook™, the industry’s most extensive collection of attack data enabled by state-of-the-art threat intelligence research, SafeBreach empowers organizations to get proactive about security with a simple approach that replaces hope with data. For more information, please visit www.safebreach.com. ServiceNow, the ServiceNow logo, Now, Now Platform, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Logically Announces New SaaS Security Solution

Prnewswire | May 02, 2023

Logically, one of the nation's leading managed security and IT service providers, today announced a partnership with SaaS Alerts and the launch of the specialized solution providing customers with constant, real-time monitoring of their Software-as-a-Service applications. SaaS Alerts monitors tools like Microsoft Office, Salesforce, Dropbox, and Google Workspaces to detect potential threats in cloud applications. The automation tool identifies ongoing security threats and provides comprehensive alerting and responses across all applications. The result is a lowered risk of data breaches and customizable reporting that offers customers insights into security threats and patterns. "As cyber threats continue to mount in today's digital age, the importance of application security cannot be overstated," said Buddy Pitt, Virtual Chief Security Officer at Logically. "SaaS applications carry a substantial risk due to the sensitive data they often contain, and ensuring that the flexibility and scalability they offer is paired with enhanced security, is paramount. SaaS Alerts offers threat detection, intelligent automation, and comprehensive alerting to do just that." In addition, the data reports that SaaS Alerts provides are calibrated to empower organizations to gain insights into not only security threats but their patterns too. This, in turn, allows business leaders to take proactive measures against future disruptive incidents. "We're thrilled to partner with Logically to help protect their customers' critical SaaS business applications," said Jim Lippie, CEO of SaaS Alerts. "Given the current threat landscape, it's more important than ever to ensure customers are protected from evolving security threats. We're excited to see how our partnership continues to evolve in the years to come." To further underscore Logically's commitment to application security in today's digital landscape, Buddy Pitt, along with Logically's Chief Operating Officer Keith Johnson, hosted a webinar titled, "Fortify Your Defenses: Why Application Security is Crucial in Today's Digital Landscape," on April 26, which discussed data and business application security and how SaaS Alerts are a valuable weapon in the ongoing battle against data breaches. "We're proud to launch SaaS Alerts at this critical moment where rapid risk mitigation matters most. It's yet another tool in our arsenal of products that ensures our customers receive best-in-class safety and security," said Johnson. About Logically Logically is a leading national managed security and IT solution provider that helps organizations secure and support their businesses today, solve for tomorrow, and strategize for the future with cyber-first solutions. Our team of experts, including cybersecurity, engineering, networking, and cloud specialists, collaborate with customers to implement solutions that protect their assets, reduce risk, and optimize performance, end to end. Since 1999, we have made long-term relationships, customer service excellence, and purposeful innovation guiding principles to ensure customers have a trusted advisor at their side, helping them focus on their business, not the technology behind it.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Beyond Identity Launches Zero Trust Series with Security Industry Leaders

Beyond Identity | March 16, 2023

Beyond Identity, the industry leader in providing phishing-resistant, passwordless MFA, has announced the official launch of 'Zero Trust Authentication' as a subcategory of zero trust technology, along with the introduction of the Zero Trust Leadership series of events worldwide, which will be held throughout 2023. Combining industry-leading security integrators and technologies, such as Beyond Identity, CrowdStrike, Palo Alto Networks, Optiv, World Wide Technology, BeyondTrust, Climb Channel SolutionsPing Identity, and Guidepoint Security will enable organizations to move toward secure authentication designed to improve the zero-trust strategies of the Fortune 5000. Zero Trust Authentication was created in response to the failure of conventional authentication methods, a problem that has been compounded by the rise of cyberattacks. Implementing Zero Trust Authentication will enable businesses to surpass the constraints of legacy multi-factor authentication (MFA) and passwords and deploy more effective security strategies. To achieve this, the Zero Trust Authentication strategy incorporates components like Beyond Identity's risk scoring and continuous authentication functionalities, which greatly increase the given level of security. Tom Jermoluk, Co-Founder and Chief Executive Officer of Beyond Identity, mentioned, "In working with leaders across the security ecosystem, it became apparent to us that the industry needs to formally bring identity and access management into the security fold to continuously deliver the highest level of security around users and devices." (Source – Business Wire) He added, "We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling. Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an 'always on' zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities." (Source – Business Wire) About Beyond Identity Beyond Identity is redefining digital access for companies seeking to enhance protection against cyber assaults and provide the greatest levels of security for their customers, employees, and developers. The company's phishing-resistant, passwordless, and Zero Trust Authentication technologies enhance both security and the user experience. The platform provides continuous risk-based authentication that incorporates signals from the zero-trust ecosystem to guarantee that only valid users and secure devices get or keep access to vital resources. Snowflake, Roblox, and Unqork rely on Beyond Identity's highly accessible cloud-native platform to deter assaults and advance their zero-trust strategy.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

SafeBreach Integrates with ServiceNow to Transform Security Posture for Enterprises

Businesswire | April 05, 2023

SafeBreach, the pioneer in breach and attack simulation (BAS), today announced integrations with ServiceNow to provide increased visibility into continuous security posture management and allow customers to leverage their existing workflow automation processes to quickly identify and remediate critical security gaps. The integrations with ServiceNow SIR Incident and IT Service Management Incident (ITSM) are certified and available now on the ServiceNow Store. While organizations spend millions of dollars on building their security stack, the ability to contain an active threat has declined by 13% according to a 2020 IBM resilience survey. SafeBreach’s patented Hacker’s Playbook of over 30,000 attacks allows ServiceNow customers to validate their security control infrastructure and processes based on real-world threats. The integration of SafeBreach attack simulation data directly into the Now Platform® provides customers with a holistic view to optimize security operations at all levels and inform security practitioners and executives of high-impact incidents that should be prioritized for remediation. “As a strategic investor in SafeBreach, ServiceNow has an in-depth understanding of the combined value of BAS and workflow automation,” said Itzik Kotler, CTO and Co-Founder, SafeBreach. “We're excited to take this next step, offering customers direct integrations between our platforms to help them gain greater visibility into risk, more quickly take remedial action and ultimately inform a more proactive security strategy.” The SafeBreach integrations provide customers with the ability to: Gain unparalleled visibility into the organizational threat landscape to improve detection, response and remediation speed and efficacy Populate details of attack simulation results directly into ServiceNow Security Incident Response for rapid remediation Identify gaps in threat detection and response by mapping exposures to business risk Progressively transform security operations by developing a security baseline and continuously moving that baseline forward Utilize the MITRE ATT&CK mapping capability to understand risk against the latest threats and remediate any coverage gaps before they are exploited SafeBreach and ServiceNow recently hosted a webinar to provide in-depth insight into the new integrations, including how customers can benefit from the combination of real-world simulation data from the SafeBreach platform with cloud-based workflow and security automation from ServiceNow. About SafeBreach Combining the mindset of a CISO and the toolset of a hacker, SafeBreach is the pioneer in breach and attack simulation (BAS) and is the most widely used continuous security validation platform. SafeBreach continuously executes attacks, correlates results to help visualize security gaps, and leverages contextual insights to highlight remediation efforts. With its Hacker’s Playbook™, the industry’s most extensive collection of attack data enabled by state-of-the-art threat intelligence research, SafeBreach empowers organizations to get proactive about security with a simple approach that replaces hope with data. For more information, please visit www.safebreach.com. ServiceNow, the ServiceNow logo, Now, Now Platform, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Logically Announces New SaaS Security Solution

Prnewswire | May 02, 2023

Logically, one of the nation's leading managed security and IT service providers, today announced a partnership with SaaS Alerts and the launch of the specialized solution providing customers with constant, real-time monitoring of their Software-as-a-Service applications. SaaS Alerts monitors tools like Microsoft Office, Salesforce, Dropbox, and Google Workspaces to detect potential threats in cloud applications. The automation tool identifies ongoing security threats and provides comprehensive alerting and responses across all applications. The result is a lowered risk of data breaches and customizable reporting that offers customers insights into security threats and patterns. "As cyber threats continue to mount in today's digital age, the importance of application security cannot be overstated," said Buddy Pitt, Virtual Chief Security Officer at Logically. "SaaS applications carry a substantial risk due to the sensitive data they often contain, and ensuring that the flexibility and scalability they offer is paired with enhanced security, is paramount. SaaS Alerts offers threat detection, intelligent automation, and comprehensive alerting to do just that." In addition, the data reports that SaaS Alerts provides are calibrated to empower organizations to gain insights into not only security threats but their patterns too. This, in turn, allows business leaders to take proactive measures against future disruptive incidents. "We're thrilled to partner with Logically to help protect their customers' critical SaaS business applications," said Jim Lippie, CEO of SaaS Alerts. "Given the current threat landscape, it's more important than ever to ensure customers are protected from evolving security threats. We're excited to see how our partnership continues to evolve in the years to come." To further underscore Logically's commitment to application security in today's digital landscape, Buddy Pitt, along with Logically's Chief Operating Officer Keith Johnson, hosted a webinar titled, "Fortify Your Defenses: Why Application Security is Crucial in Today's Digital Landscape," on April 26, which discussed data and business application security and how SaaS Alerts are a valuable weapon in the ongoing battle against data breaches. "We're proud to launch SaaS Alerts at this critical moment where rapid risk mitigation matters most. It's yet another tool in our arsenal of products that ensures our customers receive best-in-class safety and security," said Johnson. About Logically Logically is a leading national managed security and IT solution provider that helps organizations secure and support their businesses today, solve for tomorrow, and strategize for the future with cyber-first solutions. Our team of experts, including cybersecurity, engineering, networking, and cloud specialists, collaborate with customers to implement solutions that protect their assets, reduce risk, and optimize performance, end to end. Since 1999, we have made long-term relationships, customer service excellence, and purposeful innovation guiding principles to ensure customers have a trusted advisor at their side, helping them focus on their business, not the technology behind it.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Beyond Identity Launches Zero Trust Series with Security Industry Leaders

Beyond Identity | March 16, 2023

Beyond Identity, the industry leader in providing phishing-resistant, passwordless MFA, has announced the official launch of 'Zero Trust Authentication' as a subcategory of zero trust technology, along with the introduction of the Zero Trust Leadership series of events worldwide, which will be held throughout 2023. Combining industry-leading security integrators and technologies, such as Beyond Identity, CrowdStrike, Palo Alto Networks, Optiv, World Wide Technology, BeyondTrust, Climb Channel SolutionsPing Identity, and Guidepoint Security will enable organizations to move toward secure authentication designed to improve the zero-trust strategies of the Fortune 5000. Zero Trust Authentication was created in response to the failure of conventional authentication methods, a problem that has been compounded by the rise of cyberattacks. Implementing Zero Trust Authentication will enable businesses to surpass the constraints of legacy multi-factor authentication (MFA) and passwords and deploy more effective security strategies. To achieve this, the Zero Trust Authentication strategy incorporates components like Beyond Identity's risk scoring and continuous authentication functionalities, which greatly increase the given level of security. Tom Jermoluk, Co-Founder and Chief Executive Officer of Beyond Identity, mentioned, "In working with leaders across the security ecosystem, it became apparent to us that the industry needs to formally bring identity and access management into the security fold to continuously deliver the highest level of security around users and devices." (Source – Business Wire) He added, "We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling. Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an 'always on' zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities." (Source – Business Wire) About Beyond Identity Beyond Identity is redefining digital access for companies seeking to enhance protection against cyber assaults and provide the greatest levels of security for their customers, employees, and developers. The company's phishing-resistant, passwordless, and Zero Trust Authentication technologies enhance both security and the user experience. The platform provides continuous risk-based authentication that incorporates signals from the zero-trust ecosystem to guarantee that only valid users and secure devices get or keep access to vital resources. Snowflake, Roblox, and Unqork rely on Beyond Identity's highly accessible cloud-native platform to deter assaults and advance their zero-trust strategy.

Read More

More featured news