SOFTWARE SECURITY

ReliaQuest Expands GreyMatter Platform with support for Risk Scenarios and MITRE ATT&CK v10

ReliaQuest | February 18, 2022

ReliaQuest
ReliaQuest, the leader in Open XDR-as-a-Service, today announced the expansion of its GreyMatter platform with support for MITRE ATT&CK v10 and Risk Scenarios that visually maps and measures a security program’s detection coverage in terms of threats and cyber risks. This new feature enables security leaders to close the communications gap with business leaders while demonstrating how well their security program mitigates cyber risks of most concern to the enterprise.

Many leaders are challenged with measuring the progress of their security program and the impact of their security investments. According to a recent Ponemon Institute Research report, 64% of security leaders say a lack of standardized security metrics to measure progress is the primary obstacle to implementing an IT security risk management program. What’s more, 58% say that the lack of a well-defined security and risk management program is what makes their organization most vulnerable to cyberattacks.

With the ability to map coverage against Risk Scenarios, GreyMatter enables security leaders to have a real-time view into how they are performing against individual threats or cyber risks they are most concerned about. They can pinpoint any gaps in coverage and make informed decisions on how best to proceed with investments and actions to close these gaps. Breakdowns by cyber risk categories and subcategories within them help security leaders focus on areas of concern at a granular level.

“Too often, leaders rely on technical metrics that lack a holistic view of how security tools are operating together, leaving them at a loss when it comes to communicating cyber risks to the business, What’s more, translating the effectiveness of security tools in a language that leadership understands poses even more of a challenge. Now, with Risk Scenarios, security leaders have a more comprehensive view into how much coverage they have across cyber risk areas that concern them the most. This will help them make informed decisions on how best to approach these issues and communicate them effectively to leadership.”

Brian Foster, Chief Product Officer at ReliaQuest

Additionally, ReliaQuest announced an upgrade of its support for the latest MITRE ATT&CK framework version 10. By upgrading to support v10 of the framework, GreyMatter users are better able to visualize and measure detection coverage aligned to the latest techniques. In line with keeping with improving efficiencies for security operators, GreyMatter delivers enhancements to reduce tool hopping by automating collection of various contextual information, aiding in faster investigations and further streamlining the security operations workflow.

About ReliaQuest
ReliaQuest, the leader in Open XDR-as-a-Service, is the force multiplier for security operations teams. ReliaQuest GreyMatter is a cloud-native Open XDR platform that brings together telemetry from any security and business solution, whether on-premises, or in one or multiple clouds, to unify detection, investigation, response and resilience. ReliaQuest combines the power of technology and 24/7/365 security expertise to give organizations the visibility and coverage they require to make cybersecurity programs more effective.


Spotlight

In 2018, a large manufacturing organization experienced a ransomware attack resulting in a material security breach. The incident highlighted the need for a comprehensive cybersecurity program with greater visibility. The challenge was to implement a solution that was easy to manage and cost-effective while ensuring their sensit

Spotlight

In 2018, a large manufacturing organization experienced a ransomware attack resulting in a material security breach. The incident highlighted the need for a comprehensive cybersecurity program with greater visibility. The challenge was to implement a solution that was easy to manage and cost-effective while ensuring their sensit

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

GuidePoint Security Adds Cequence Security as the Latest Technology Partner to Join the Company’s Federal Emerging Cyber Vendor Program

Businesswire | May 03, 2023

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that Cequence Security, the leading provider of Unified API Protection (UAP), has joined its Emerging Cyber Vendor Program. Through this partnership, Cequence Security will leverage GuidePoint’s federal expertise across sales and marketing, operations, engineering and procurement to expand their federal footprint. As part of this program, the Cequence Unified API Protection solution will soon be available under GuidePoint’s GSA Multiple Award Schedule Contract #GS-35F-508CA. “While APIs are critical to enabling business, they have become a primary attack surface that must be protected,” said Jim Quarantillo, Federal Partner, GuidePoint Security. “Simply putting API gateways and WAFs in place to manage known APIs and known threats does not solve the API security issues to keep Government Agency data safe. A Unified API Protection solution that discovers, detects and defends against all API vulnerabilities, risks and threats is required.” “Cequence Security is the only solution that protects organizations from every type of attack on the OWASP API Security Top 10, OWASP Web Application Security Top 10 and OWASP Automated Threat list,” said Mark Azad, Chief Revenue Officer, Cequence Security. “Through our partnership with GuidePoint Security, government agencies will have a complete solution for addressing all API risks.” With the Cequence Unified API Protection (UAP) solution, customers can address every phase of their API protection lifecycle to defend APIs from attackers and eliminate unknown and unmitigated API security risks that can lead to API breaches, data loss, fraud, and business disruption. Security teams deploying the UAP solution achieve continuous protection of their complete API risk surface, enabling their organizations to reap the competitive and business advantages of ubiquitous API connectivity securely while meeting regulatory compliance. For more information on GuidePoint Security’s Emerging Cyber Vendor Program, go to https://www.guidepointsecurity.com/emerging-cyber-vendor-program/. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com. About Cequence Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory tracking, dynamic testing, risk analysis and native mitigation with proven, real-time threat protection against ever-evolving API attacks. Cequence Security secures more than 6 billion API calls a day and protects more than 2 billion user accounts across organizations in different verticals. Our customers trust us to protect their APIs and web applications with the most effective and adaptive defense against online fraud, business logic attacks, exploits and unintended data leakage, which enables them to remain resilient in today’s ever-changing business and threat landscape. Learn more at www.cequence.ai.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BIgID Introduces Secrets Detection Capabilities to Mitigate Risk

BigID | March 17, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors. With BigID's native secrets detection capabilities, organizations can: Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment Detect secrets faster and more accurately using patented AI and ML-based data classification techniques Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure "Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

DATA SECURITY, ENTERPRISE SECURITY, WEB SECURITY TOOLS

Verimatrix Launches New Cybersecurity Microsite, VMX Labs and Enhanced User Experience for Extended Threat Defense

Businesswire | April 10, 2023

Verimatrix, (Euronext Paris: VMX) (Paris:VMX), the leader in powering the modern connected world with people-centered security, today announced its launch of a new cybersecurity microsite (verimatrixcybersecurity.com), a new UX for its Extended Threat Defense (XTD) product, and a new VMX Labs research team offering cyber threat advisories and insights. “I am excited to unveil a new UX for our cybersecurity product, Extended Threat Defense, along with new services from Verimatrix to help our customers secure their mobile app ecosystems, and rapidly detect and respond to threats – including zero day attacks,” said Asaf Ashkenazi, CEO at Verimatrix. “Today, most companies interact with their customers via mobile applications. If that app is compromised, the connection between the company and their customers is at risk. Verimatrix XTD protects the connection of businesses to their consumers -- and there is nothing more important than that.” Just this year, large mobile-app breaches made headlines through their new use of overlay attacks within mobile app attacks, leading users to believe they were interacting with legitimate apps when they’re really arming bad actors with sensitive information and even their personal banking details. CISOs, SOC teams, fraud departments and developers can now turn to VerimatrixCybersecurity.com for the latest information surrounding mobile app security and the extended ecosystem of connected devices and lurking threats. Today’s launch includes: New cybersecurity microsite – Verimatrix also launched VerimatrixCybersecurity.com to offer a centralized destination and resource center for its XTD cloud platform. The microsite includes a host of new resources, including videos and white papers. New VMX Labs – Led by Klaus Schenk, Verimatrix’s senior vice president of security and threat research, VMX Labs aims to provide ongoing cyber threat advisories, as well as insights and commentary from VMX Lab team members who investigate threat types and information helpful to application developers and even users. New Product UX for Verimatrix XTD - Verimatrix delivers an amazing new user experience for its Extended Threat Defense product; a revamped UX and design that allows customers to more easily prevent, detect, respond and predict threats to mobile applications and the devices that connect to the critical infrastructure. The company has expanded its detection capabilities to the network, in addition to the application and device data. New capabilities include the ability to access network risk per application to protect the connection to the company’s critical infrastructure, and this is all available now. About Verimatrix Verimatrix (Euronext Paris: VMX) helps power the modern connected world with security made for people. We protect digital content, applications, and devices with intuitive, people-centered, and frictionless security. Leading brands turn to Verimatrix to secure everything from premium movies and live streaming sports to sensitive financial and healthcare data, and mission-critical mobile applications. We enable the trusted connections our customers depend on to deliver compelling content and experiences to millions of consumers around the world. Verimatrix helps partners get to market faster, scale easily, protect valuable revenue streams, and win new business. Visit www.verimatrix.com and www.verimatrixcybersecurity.com

Read More