ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Prnewswire | April 21, 2023
Bitsight, a leader in managing and monitoring cyber risk, today unveiled its expansion into a broader category of integrated cyber risk management. As the category creator and global leader in the cybersecurity ratings industry, Bitsight's enhanced strategy will deliver new capabilities to empower security professionals and business leaders to more effectively and holistically manage cyber risk. The announcement includes large-scale distribution of risk data and insights through Moody's/BVD's Orbis, a new Third-Party Vulnerability Detection & Response solution, and more predictive cyber risk ratings that help mitigate cyber risk and make CISOs and risk professionals' jobs easier.
Bitsight's integrated solutions address the needs of CISOs and risk leaders, whose roles have become more challenging in recent years with digital transformation, supply chain risk, and expanded attack surfaces. "As the cyber threat landscape worsens and the global regulatory landscape demands more nimble and thorough risk management, Bitsight has evolved to stay ahead of our customers' needs. Business leaders, risk leaders and boards are turning to us as an integrated solution to manage risk and build trust across their ecosystem," said Bitsight CEO Steve Harvey.
Furthermore, comprehensive cyber risk management is also essential to good corporate governance, reaffirmed by the recently released White House national cyber strategy, pending SEC regulations on cybersecurity disclosure, and cybersecurity requirements emerging throughout Europe and Asia. Harvey noted, "Our strategic shift to become an integrated cyber risk management leader means we're able to provide customers and governments with the industry's most impactful data, services and tools to confidently navigate the uncertain cyber landscape."
Accelerated Partnership with Moody's Corporation
Newly-added integrations with Moody's will deliver expanded insights for enterprises and assist with holistic cyber risk management. In October 2021, Moody's Corporation invested $250 million in Bitsight, and the two companies announced a landmark partnership agreement. Through this partnership, Bitsight became the primary cyber risk analytics provider across Moody's suite of integrated risk assessment offerings.
Bitsight data is now accessible by nearly 2,000 global credit analysts within Moody's Investors Service. These analysts are leveraging Bitsight to better understand the relative cyber risk of issuers, engage issuers on cybersecurity risk, and publish research on the intersection of cyber risk and credit risk. Additionally, Bitsight ratings data is now also integrated within Moody's Analytics' BVD Orbis platform, enabling non-technical risk managers to easily consider cyber risk factors in counterparty risk analysis.
"The rise of cyberattacks and ransomware has created an imperative for business leaders and boards to assess and quantify their cyber risk," said Moody's Analytics President Stephen Tulenko. "Bitsight is our trusted partner in helping leaders to better understand, measure, and navigate the cyber risk landscape with confidence."
Through these integrations, Bitsight and Moody's insights may be used together in powerful combinations for applications such as Know-Your-Customer, supply chain management, insurance underwriting, and credit risk assessment.
New Third-Party Vulnerability Detection & Response Application
To further its cyber risk management capabilities, Bitsight has enhanced its Third-Party Vulnerability Detection tool to include a Response workflow. Zero-day attacks and other vulnerabilities are increasingly common, and most companies are struggling to properly manage third-party exposure to critical vulnerabilities quickly, effectively, and at scale. With Vulnerability Detection & Response, cybersecurity teams can now access the most important vulnerability data and effectively prioritize vendor outreach with built-in questionnaires while tracking vendor response progress in real time. This release is another innovative application showcasing Bitsight's continued commitment to helping customers better monitor, manage, and mitigate vulnerabilities across their third-party ecosystems.
More Predictive Cyber Risk Ratings – Bitsight's Ratings Algorithm Update
Bitsight has launched a new ratings algorithm, with several key enhancements, most notably modifying the weights of several risk vectors based on independent research and insight into how those risk vectors correlate to real life cyber events. As a part of delivering an integrated cyber risk management solution, Bitsight remains committed to investing in and producing actionable cybersecurity ratings that have the strongest correlation in the industry to the likelihood of a cyber incident. "Cybersecurity ratings remain a critical tool in cybersecurity and risk leaders' arsenals, while the pressures and demands to address cyber risk have significantly expanded," said Harvey.
As attacks on organizations intensify and business leaders demand greater strategic support to address risk, Bitsight's mission to build trust in the digital economy has extended well beyond cyber risk ratings. "Risk leaders globally spend every day working against a relentless and growing problem of cyber risk uncertainty," said Harvey. "And as waves of digital transformation continue to disrupt cybersecurity stability, we are committed to supporting our current and future customers with a broad and unified cyber risk management solution that helps them navigate with greater confidence."
Learn more about our partnership with Moody's Corporation here
Learn more about Third-Party Vulnerability Detection & Response her
Learn more about the Rating Algorithm Update here
Bitsight is a global cyber risk management leader transforming how organizations manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. Built on over a decade of market-leading innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY
Prnewswire | May 09, 2023
Waratek, an industry leader making Java security achievable for every mission-critical application and API, today introduced API security to its Java Security Platform, giving customers the ability to scale strategic risk mitigation in the enterprise. This unique combination provides turnkey protection against bytecode and serialization vulnerabilities, classpath manipulation, and sandbox escapes that are unique to the Java Virtual Machine.
Additionally, Waratek released today its Log4J Vulnerability Scanner, giving users an in-depth view of any remaining issues in their IT systems. The scanner makes it simple to quickly scan all applications for Log4shell vulnerabilities, then sends out non-invasive payloads to a company's libraries, automatically building a table of remaining instances of Log4J and where to find them.
"In 2022, we were the first company that released a Log4j patch, even faster than Oracle. Today, researchers warn that the infamous Log4j vulnerability is still present in far too many systems worldwide, and that attackers will be successfully exploiting it for years. With 80 percent of Log4shell-impacted companies remaining vulnerable today, we recognized the immediate need to offer this security innovation to our customers," said Doug Ennis, CEO of Waratek.
Signature-based security approaches have worked well for non-complicated languages, but languages like Java that are compiled into bytecode require expert-level domain knowledge to secure due to the unique characteristics of the Java programming language and its execution environment. When API security is added to the mix, the issue is exasperated. Now companies can solve this problem by combining the domain expertise of a Java software engineer and the knowledge of a security engineer in one platform.
According to a recent survey, more than 60 percent of enterprise companies that use Java were affected by Log4j vulnerabilities, with 41 percent of those companies stating that between 51 and 75 percent of their apps were affected. Today, 81 percent of companies report still having problems as a result of Log4j, and 70 percent of companies surveyed still have not put a patch in place.
A long-term Waratek customer, one of the top five semiconductor businesses in the world, expressed Log4j vulnerability concerns and worried that hundreds of hours would be required to resolve the issues. Utilizing Waratek's Java Security Platform with API capabilities, 2,500 of the company's applications were fully remediated of Log4j vulnerabilities without code changes or application redeployments in under four hours.
"For Java applications and APIs our unprecedented Java Security Platform helps security teams fill the knowledge gap on Java and address its unique security nuances, such as Insecure Deserialization, accurately and instantly," said Ennis.
"Waratek's Java Security Platform has become the essential line item in our security budget," said a CISO at one of the top three largest global hotel chains. "We originally implemented it to fix insecure deserialization across our applications. Since then, it's scaled to 2,500 applications without introducing new headcount, because to date it's never generated a false-positive."
Waratek is the industry pioneer making Java security achievable for every mission-critical application and API. Headquartered in Chicago, IL and Dublin, Ireland, Waratek's multiple-award winning solution is trusted by some of the world's most recognizable brands including IBM, Google, Amazon, Microsoft, and more. The company has been recognized and awarded for its innovation in security deployment by CRN, CDM, Gartner Group, RSA, FinTech Innovation Lab, Computer Technology Review, and Government Computer News. For more information visit www.waratek.com or connect with us on LinkedIn, Twitter, or YouTube.
DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY
Businesswire | May 11, 2023
Qumulo, the simple way to manage exabyte-scale data anywhere, today announced integration with the Varonis Data Security Platform and introduced their new Snapshot-Locking capability to protect customers against ransomware. With an increasing number of ransomware attacks on private businesses, public agencies, and healthcare organizations, managing cybersecurity risk is a bigger priority than ever before. The ongoing threat of cyberattacks forces IT organizations to constantly evolve their ability to detect ransomware and malware outbreaks across petabytes of data, in real time, and respond quickly to minimize the damage inflicted.
Qumulo and Varonis have partnered to provide an end-to-end solution that protects Qumulo customers from ransomware in both cloud and on-premises environments. The Varonis Data Security Platform provides real-time visibility and control over cloud and on-premises data and automatically remediates risk. Varonis’ behavior-based threat models detect abnormal activity proactively and can stop threats to data before they become breaches. In the storage layer, Qumulo offers data protection by cryptographically locking snapshots, allowing administrators a simple mechanism to stop attackers from infecting valuable customer data.
“Securing unstructured data can be very challenging due to its sheer volume, and the expansive number of places it is stored and used by companies,” said Kiran Bhageshpur, Chief Technology Officer, Qumulo. “Our new integration with Varonis will help our customers have complete visibility into where their most valuable data and key vulnerabilities are, especially for threats like ransomware.”
The combined solution operates across three areas to protect against bad actors’ attempts to spread ransomware and malware within Qumulo:
Prevention through continuous data exposure and risk monitoring with automatic remediation and least privilege enforcement
Detection of anomalous activity and activity patterns that resemble ransomware across data stored in Qumulo
Rapid recovery of data in the event of a successful attack
Varonis uses Qumulo’s APIs and granular audit logging to monitor user logins, permissions changes, file and folder activity, and pattern detection to warn against suspicious activity that may indicate threat actors or malicious insiders. Qumulo’s Snapshot-Locking feature uses cryptographic protection, where only the customer has access to the cryptographic key-pair required to unlock the snapshot. Together, the Qumulo-Varonis solution offers enterprise IT organizations a simple, secure, and scalable way to manage data anywhere.
“Organizations face an uphill climb when it comes to securing vast amounts of data across the cloud — in fact, we surveyed more than 700 companies and found that 81 percent had sensitive SaaS data exposed,” said David Bass, Executive Vice President of Engineering and Chief Technology Officer, Varonis. “We’re pleased to be teaming with Qumulo to provide greater visibility and control for companies looking to secure their critical data and proactively help mitigate the impact of a potential attack.”
About Qumulo, Inc.
Qumulo is the simple way to manage exabyte-scale data anywhere — edge, core, or cloud — on the platform of your choice. In a world with trillions of files and objects comprising 100+ zettabytes worldwide, companies need a solution that combines the ability to work anywhere with simplicity. This is precisely what Qumulo was founded to accomplish.
Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. Varonis focuses on protecting enterprise data: sensitive files and emails; confidential customer, patient, and employee data; financial records; strategic and product plans; and other intellectual property. The Varonis Data Security Platform detects cyber threats from both internal and external actors by analyzing data, account activity, and user behavior; prevents and limits disaster by locking down sensitive and stale data; and efficiently sustains a secure state with automation. Varonis products address additional important use cases including data protection, data governance, Zero Trust, compliance, data privacy, classification, and threat detection and response. Varonis started operations in 2005 and has customers spanning leading firms in the financial services, public, healthcare, industrial, insurance, technology, consumer and retail, energy and utilities, construction and engineering, and education sectors.
Qumulo, Scale Anywhere(™) and the Qumulo logo are registered trademarks or trademarks of Qumulo, Inc. All other marks and names herein may be trademarks of other companies. Copyright © 2023. All Rights Reserved.