DATA SECURITY

New CyberCube Scenarios Aid the Cyber Planning of Lloyd's Syndicates

businesswire | January 21, 2021

CyberCube has refreshed its information driven insightful programming to flawlessly empower guarantors to evaluate misfortunes to situations that Lloyd's has given to partners for the forthcoming March information assortment cutoff time.

These situations are utilized to answer to Lloyd's on how their arrangement of business would be influenced by major digital occasions.

CyberCube has presented the three situations for practical digital fiascos as a component of its Portfolio Manager item, which is utilized by hazard transporters.

The three situations, which CyberCube planned related to Lloyd's Underwriting group, Lloyd's market specialists and Guy Carpenter, are:

- a cloud blackout

- a force or foundation blackout

- a significant malware assault

The Lloyd's Market Association's Cyber Risk Strategy Group has additionally been vigorously engaged with building up the situations in the course of recent months.

By dissecting how their arrangement of protection chances are influenced by these situations, the Lloyd's market can survey each coordinate's monetary flexibility and that of the market in general. The situations additionally uncover the most cutting-edge danger scene and related digital dangers that cause critical gatherings of misfortunes.

The three digital situations, which will in future be remembered for Lloyd's formal Realistic Disaster Scenario (RDS) structure, will assume a significant part in organizations' business arranging measures. They mark the market's most complex digital examination exercise to date.
Pascal Millaire, CyberCube’s CEO, said: “Lloyd’s syndicates have long been leaders in the global cyber insurance market and so it is no surprise that the Lloyd’s market is also taking a leadership role amongst regulators in thoughtfully measuring cyber exposure accumulation. We’re thrilled to be able to help Lloyd’s syndicates with this exercise using our platform.”

Kirsten Mitchell-Wallace, Lloyd’s Head of Portfolio Risk Management, said: “The Lloyd’s market is a global leader in cyber insurance so understanding and controlling exposure to this class of business is critical. Cyber is a rapidly evolving risk that demands scrutiny at both syndicate and market level: the use of scenarios helps Lloyd’s to achieve this.”

Siobhan O’Brien, Managing Director and Head of Guy Carpenter’s International Cyber Centre of Excellence, commented: “This is a very important piece of work for the broader RDS framework. The findings of the study will prove valuable not only for Lloyd’s syndicates but also for the wider insurance industry in helping to address some of the most challenging aspects of cyber risk that impact multiple lines of insurance.”

CyberCube's Portfolio Manager is a digital danger fiasco model that permits guarantors to see how their book of business would be influenced by a progression of digital dangers. The model has not been closed down by Lloyd's yet is broadly utilized on the lookout.

Deviations should be accounted for to Lloyd's and any inquiries with respect to the assortment time frame (January 8 to March 31) ought to be tended to in the main example to Lloyd's.

About CyberCube

CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modelling on thousands of points of technology failure.

The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners and backing from ForgePoint Capital, HSCM Bermuda, MTech Capital and individuals from Stone Point Capital.

Spotlight

When IT professionals think about information security, they often think about network intrusion detection systems (IDS) and intrusion protection systems (IPS) early in the process. Network IDS/IPS has long been a mainstay for detecting malicious activity and continues to be a very important piece of the security puzzle. Unfortunately for security professionals, that puzzle continues to evolve and becomes increasingly large and complex.

Spotlight

When IT professionals think about information security, they often think about network intrusion detection systems (IDS) and intrusion protection systems (IPS) early in the process. Network IDS/IPS has long been a mainstay for detecting malicious activity and continues to be a very important piece of the security puzzle. Unfortunately for security professionals, that puzzle continues to evolve and becomes increasingly large and complex.

Related News

DATA SECURITY

Veza, the Data Security Platform Built on the Power of Authorization, Announces Partnership with Google Cloud

Veza | July 20, 2022

Veza, the data security platform built on the power of authorization, announces today that the company has entered a partnership with Google Cloud, including product integration that enables Google Cloud customers to harness the capabilities of Veza’s data security platform across their multi-cloud ecosystem. Veza, which recently launched in April 2022 after two years of building in stealth, makes it easy to understand, manage, and control who can and should take what action on what data. With this new integration, Google Cloud customers can now directly access the capabilities of Veza’s authorization-based data security platform integrated with Google Cloud Policy Analyzer to identify, manage, and control external identities and service accounts to Google Cloud services (Looker, BigQuery, and more). This partnership furthers the relationship between Google and Veza, which began in 2021 when GV led the Series B investment in Veza and GV Partner Karim Faris joined Veza Board of Directors. “The cloud is quickly becoming the primary footprint for organizations. By prioritizing and investing in security, Google Cloud has earned a differentiated position in the market,” said Tarun Thakur, Co-founder and CEO, Veza. “The initial product integration between Veza and Google Cloud, publicly demonstrated at the Google Cloud Security Summit in May this year, is a powerful example of how intelligence from Veza’s Authorization Graph can bolster the data security of Google Cloud customers. It shows how identity-to-data relationship insights from the Veza platform can be pulled directly into the Google Cloud Policy Analyzer, allowing customers to secure both Google Cloud data (Looker, BigQuery, Google Storage Buckets, etc.) to which multi-cloud identities (AD, Azure AD, Okta, etc.) have permissions and multi-cloud data (AWS, Snowflake, etc.) that is being accessed by Google Cloud identities.” “Securing cloud environments and data from cybercrime and threats is a key priority of organizations across the globe. “With Veza’s platform now available alongside Google Cloud’s secure and global infrastructure, customers will be able to quickly deploy the solutions they need to better understand, control, and securely take action on their data across their multi-cloud environments.” Sunil Potti, General Manager and Vice President, Cloud Security, Google Cloud Veza’s data security platform aggregates identity information from humans, service accounts, and cloud IAM entities, and authorization data from apps and data systems, giving organizations a centralized, SaaS-based control plane to visualize, manage, and control data access controls through Veza’s Authorization Graph. Veza integrates with cloud identity providers, SaaS and custom apps, and data systems, and translates system-specific entitlements and permissions into a common, human-understandable business language, visualized in the platform as effective permissions. The platform brings a novel approach to data security by enabling organizations to address key data security use cases across access reviews and certifications for SaaS apps and data systems, privileged access management to data and apps, data lake security and governance, management of cloud entitlements, and much more. It delivers prioritized insights, provides access workflows, and actionable recommendations for remediation of over-privileged accounts, enabling security and IT teams to correct anomalies and right-size their organization’s permissions to protect against ransomware and other data breaches. As organizations continue to adapt to the evolving demands of hybrid remote and in-office work, multi-cloud and hybrid-cloud environments — those with multiple providers of disparate data, app, compute, and infrastructure systems — are becoming the norm. According to the Flexera 2022 State of the Cloud Report, 89% of companies surveyed are multi-cloud, with only 2% operating in single private clouds and 9% in single public clouds. This trend is leading to a distributed web of data, relationships, and access points that are changing and difficult to track and secure. Veza and Google Cloud already have a number of joint customers deployed across the industries of SaaS software, marketing technology, and media, including Vox Media. “To support Vox Media’s growth and increasing M&A activity without compromising security, we need to ensure that across all of our brands, the right users have access only to the data they need access to, and that we have full visibility over what they can do with that data,” says Ateeb Ahmad, Senior Director, IT Infrastructure, Vox Media. With Veza and Google Cloud working together, we’ve been able to seamlessly manage access controls over our data for our largest merger to date, and tightly scope identity-to-data permissions even as our footprint with Google Cloud and other technologies grows.” “The greatest gifts of the multi-cloud and the generational architectural shift of the modern data systems are also its greatest risks: securing data, scalability, flexibility, and seamless collaboration,” says Thakur. “When organizations enable workers to reach from one cloud to another to leverage data across their entire multi-cloud ecosystem, they foster growth, enable more intelligence, and promote agility. However, such apps and data systems are also more porous and are at increased risk of cybercrime and ransomware. We purpose-built Veza’s Core Authorization Platform for the multi-cloud so that organizations can implement strong access governance policies - Veza continuously evaluates these policies and enables both automated workflows for access reviews, automated access removal for toxic and stale combinations, and facilitates access grant and request for any app, data, and service.” About Veza Veza is the data security platform built on the power of authorization. Our platform is purpose-built for hybrid multi-cloud environments to help you use and share your data safely. Veza makes it easy to understand, manage, and control who can and should take what action on what data. We organize authorization metadata across identity providers, data systems, cloud service providers, and SaaS applications — all to address the toughest data security challenges of the modern era. Founded in 2020, the company is funded by top-tier investors including Accel, Bain Capital, Ballistic Ventures, Blackstone, GV, Norwest Venture Partners, and True Ventures

Read More

DATA SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS

Phosphorus Announces New Partnership with Dewpoint to Expand Its xIoT Security Solutions and Platform in US Market

Phosphorus | September 26, 2022

Phosphorus, the leading provider of advanced and full-scope security for the extended Internet of Things (xIoT), today announced a partnership with Dewpoint. The IT and security solutions provider will act as a value-added reseller (VAR) for Phosphorus in the US market. The new partnership will see the two companies jointly delivering a new generation of xIoT security solutions in the US to meet growing enterprise demand for xIoT attack surface management and remediation capabilities. “xIoT security is a critical need for today’s enterprises, and these risks are left unaddressed by traditional IT security solutions. We look forward to working with Dewpoint to help expand our US sales channels and bring the world’s most advanced xIoT security platform to more organizations.” Kal Gajera, Director of North America Channels at Phosphorus Phosphorus’s Extended Enterprise xIoT Security Platform is the world’s first and only automated security platform capable of delivering xIoT Attack Surface Management, xIoT Hardening, and Remediation, and xIoT Detection and Response across the full range of IoT, OT, and Network-connected devices—spanning both new and legacy devices. This enables large organizations to scale xIoT technologies (which can amount to millions of devices per organization) without having to add any additional employees to find, fix, and monitor them. ABOUT PHOSPHORUS Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things across the enterprise xIoT landscape. Our Extended Enterprise xIoT Security Platform delivers Attack Surface Management, Hardening & Remediation, and Detection & Response to bring enterprise xIoT security to every cyber-physical Thing in your enterprise environment. With unrivaled xIoT discovery and posture assessment, Phosphorus automates the remediation of the biggest IoT, OT, and Network device vulnerabilities—including unknown and inaccurate asset inventory, out-of-date firmware, default credentials, risky configurations, and out-of-date certificates. ABOUT DEWPOINT Dewpoint has been bringing business and technology together since 1996. We make sure technology is solving all your business problems, providing transparency of spend for executives, and enhancing collaboration and flexibility. As the IT industry and businesses continue to change, Dewpoint provides the thought leadership and industry expertise to offer a new level of services in project management, digital innovation, infrastructure, security, cloud, and a range of tailored professional and managed service solutions for all our clients.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Traceable AI Announces API Security Testing

Traceable AI | September 02, 2022

Traceable AI, the industry's leading API security and observability company, today announced the general availability of its API Security Testing (xAST) solution in its API Security Platform. This comprehensive and seamless testing ability enables any API in pre-production to be tested for vulnerabilities, accuracy, reliability, and overall security — ensuring organizations are aligned with the highest API security standards before releasing APIs into production.This announcement reinforces Traceable's commitment to helping organizations ensure the highest level of API security throughout the entire software development lifecycle (SDLC). Traceable's API Security Testing offering is built to make the testing of APIs fast, easy, and a seamless experience for both development and security teams. It supports organizations' shift left initiatives, including providing remediation insights from runtime back to development, so developers can further harden their APIs. It is API focused providing complete vulnerability analysis that leverages functional testing, as well as API DNA and user attribution for improved detection and coverage. It offers extensive coverage for the OWASP API top 10, top CVEs (such as Java, Go, Node JS, AuthN, AuthZ, and many more), business logic vulnerabilities, and sensitive data exposure. Uniform API testing is based on dynamic payloads for standard tests, and dynamic Traceable payloads for business logic vulnerabilities such as BOLA – all with virtually zero false positives. Its DevSecOps focus enables companies to identify API security gaps between prod and pre-prod, perform fast scans for actionable results in CI/CD pipelines, scan at a granularity from every pull request with API spec changes, and utilize integrations with application security tools, including SCA, SAST, DAST and IAST. "Because of our comprehensive approach to API security, the testing component was the logical evolution. It is key to enable development teams to identify security weaknesses and vulnerabilities in the build itself, in addition to the capability of providing runtime insights back to development teams, so they can further harden their APIs. "It's an important step to enable teams to seamlessly fit API security testing into their development cycles. It is based on a simple logic: prevent breaches by eliminating the flaws at the very beginning." CTO of Traceable AI, Sanjay Nagaraj Traceable's API security testing is built to both reduce the risk of vulnerable APIs early in the SDLC, and enable development teams to move fast. Additional benefits include: Eliminating the Risk of Vulnerable APIs: Find and fix API vulnerabilities early in the SDLC. Cost Reduction: Reduce costs associated with finding vulnerabilities in APIs in production. Rapid Scans that Maintain the Speed of Innovation: With Traceable, development teams can perform fast scans with virtually no change in dev-release cadences – eliminating friction for both dev and security teams. Comprehensive Reporting: Traceable produces a "scan summary" report of vulnerabilities found while testing the APIs. This includes the OWASP API top 10 vulnerabilities, language and library vulnerabilities like Log4shell, misconfigurations, data exposure, and broken authentication/authorization. The information, including CVSS/CWE scores for overall risk assessment and recommendations for remediation is provided to development and security teams, so they can correct the security issues in APIs before those APIs are pushed to production. Operational Effectiveness: Traceable's API security testing is easy to deploy and reduces complexity, with numerous CI/CD and appsec tooling integrations that allow for operational effectiveness. It also enables targeted API security testing which takes actual payloads from real time traffic into account for a concise set of actionable findings. Extensive and Effortless Integrations: Traceable allows for numerous integrations with CI/CD pipelines, notifications, ticketing and application security testing solutions. "Whether an API is in the development cycle or is in production, being accessed by thousands of users, Traceable's API Security Platform protects companies' most vulnerable attack vector from threats at every juncture" added Nagaraj. About Traceable AI Traceable is the industry's leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire development lifecycle. Visual depictions provide insight into user and API behaviors to understand anomalies and block API attacks, enabling organizations to be more secure and resilient.

Read More