Home > News > featured news > SecurityScorecard and Marsh McLennan Collaborate to Elevate Cybersecurity in Challenging Risk Landscape

Enterprise Security

SecurityScorecard and Marsh McLennan Collaborate to Elevate Cybersecurity in Challenging Risk Landscape

SecurityScorecard | January 28, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced a collaboration with Marsh McLennan, the world's leading professional services firm in the areas of risk, strategy and people, to enable organizations around the world to improve their cyber resilience.

As part of the collaboration, Marsh McLennan's Cyber Risk Analytics Center will leverage SecurityScorecard's data and analytics to gain real-time cyber risk insights and define risk mitigation strategies for the Company's global client base. The companies will also collaborate on joint research aimed at increasing awareness of cyber risk and educating the market on risk management strategies.

"We are excited to work with Marsh McLennan, which understands that to stay competitive, you must stay innovative," said Prashant Pai, Senior Vice President and General Manager of Strategic Initiatives at SecurityScorecard. "Given how fast the cyber risk landscape evolves, it's essential that business leaders have access to the most up-to-date and complete view of a client's cybersecurity posture."

"Cyber risk evolves minute-to-minute, making it challenging to build data-driven risk management strategies,SecurityScorecard's data and analytics are a valuable addition to our proprietary insights, furthering our ability to help our clients stay on top of emerging vulnerabilities and threats that may impact their businesses."

Scott Stransky, Managing Director, Marsh McLennan Cyber Risk Analytics Center

SecurityScorecard continuously monitors millions of entities worldwide and non-intrusively assesses their security posture across 10 risk categories including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security and patching cadence.

About SecurityScorecard
Funded by world-class investors including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.

SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Spotlight

Simplifying Hybrid Cloud Protection with HPE GreenLake for Backup and Recovery

HPE GreenLake for Backup and Recovery is backup as a service designed for hybrid cloud. It simplifies how you protect your on-premises and cloud-native workloads bringing with it the cloud experience and flexibility of software delivered as a service.

More featured news

Spotlight

Simplifying Hybrid Cloud Protection with HPE GreenLake for Backup and Recovery

HPE GreenLake for Backup and Recovery is backup as a service designed for hybrid cloud. It simplifies how you protect your on-premises and cloud-native workloads bringing with it the cloud experience and flexibility of software delivered as a service.

Related News

Platform Security

Conceal Announces Strategic Partnership with Kompingo: Revolutionizing Web Security with the Next Generation of Protection

Business Wire | August 23, 2023

Conceal, renowned for its pioneering stance against web-based threats, today heralded its significant partnership with Kompingo, the UK's distinguished value-added distributor and managed security service provider. This collaboration signifies a major enhancement for Kompingo’s Managed Detection and Response (MDR) services, as it integrates Conceal’s patented zero-trust browser security into its offerings. "As the digital threat landscape rapidly evolves, strengthening our MDR and managed services capabilities remains paramount. Integrating Conceal’s browser security solution aligns perfectly with our ambition to offer our customers top-tier, holistic security solutions," commented Toby Caton, Director at Kompingo. “Conceal also allows us to offer the product as a stand-alone solution to our growing MSP partners and reseller base for them to enhance their offerings further, too.” Gordon Lawson, CEO of Conceal, further emphasized the partnership’s potential: "Kompingo's expertise in managed security services makes them an ideal partner. We’re confident that by infusing ConcealBrowse into their MDR offerings, we can provide users with unprecedented protection from web-centric threats." Together, Kompingo’s state-of-the-art Security Operations Centre and ConcealBrowse promise a robust defense against today’s sophisticated web threats. With Kompingo’s AI and machine learning-enhanced operations now complemented by Conceal's dynamic web content analysis, both organizations are poised to set a new benchmark in cybersecurity. About Conceal Conceal is at the forefront of defending against web-based attacks, using innovative technology to detect, prevent, and shield businesses and individual users from ever-evolving online threats. ConcealBrowse operates on the principle of proactive protection. Its AI-powered intelligence engine, ConcealSherpa, runs at machine speed with virtually zero latency to identify potentially harmful webpages autonomously, stopping cyber attacks that take advantage of weaponized links. For more information, visit https://conceal.io/. About Kompingo Situated at the crossroads of innovation and technology, Kompingo has etched its mark as a leading light in the IT security arena. Famed for its comprehensive managed services, Kompingo is dedicated to incubating IT security start-ups, nurturing technological advancements, and driving growth. Their plethora of services, spanning from co-managed and fully managed offerings to vCISO and penetration testing, makes them an indispensable ally in the cybersecurity domain. With a steadfast dedication to the Cyber Essentials Scheme and their top-notch Managed Detection and Response services, Kompingo remains a name synonymous with excellence.

Read More

Enterprise Security, Platform Security, Software Security

ZeroFox Contributes to Open Source Amass Project to Help Businesses Manage Their External Attack Surface

Globenewswire | July 21, 2023

ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, highlights its recent contributions to the OWASP Amass Project in an ongoing effort to give businesses and government entities better visibility to their full external attack surface asset ecosystem. The recent additions to the project from the ZeroFox team provide more advanced tool sets for analysts to discover and catalog their internet-facing assets and exposures. The contributions create a new standard framework to lead the industry in a more cohesive approach to attack surface management. As organizations face increasingly sophisticated cyber threats, understanding and managing their external attack surface has become paramount. By leveraging its expertise in external cybersecurity, ZeroFox identified a critical gap in the attack surface management landscape and responded by spearheading the development of the Open Asset Model and Asset Database within the OWASP Amass Project. The Open Asset Model and Asset Database contributions offer security analysts a unified and structured approach to identifying and managing potential vulnerabilities outside the perimeter. The Open Asset Model provides a new standard for asset definitions, representing a comprehensive framework for describing and categorizing diverse internet-facing assets. The Amass community can quickly adapt the model to include new types of assets exposed on the Internet, and their relationships to each other, for more accurate discovery, tracking, monitoring, and management. The Asset Database implements this model, offering the database interaction layer to store discovered assets in the popular sqlite3 and PostgreSQL database management systems. The Asset Database will foster the development of an ecosystem of scanning and analysis tools, allowing them to store and analyze assets from the Open Asset Model and their relationships. These contributions directly benefit both existing Amass users and the broader attack surface management community in an effort to standardize asset definitions. The new standards now provide the information security community with a consistent and predictable format when transferring data describing external attack surfaces. "We are thrilled to contribute to the OWASP Amass Project and provide the security community with cutting-edge tools for Attack Surface Management," said Jeff Foley, VP of Research at ZeroFox. "By leveraging the power of open source, we aim to expand access to advanced cybersecurity capabilities, helping organizations proactively defend against emerging threats." These engineering contributions represent a continued commitment by ZeroFox to the open source community, OWASP, and the Amass Project. ZeroFox will continue to contribute to the Amass Project in an effort to enable the discovery, management, and protection of the external attack surface. By sharing its expertise and resources, ZeroFox aims to foster collaboration and innovation within the information security community, ultimately making the digital landscape safer for all users. About ZeroFox ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit www.zerofox.com for more information.

Read More

Enterprise Security, Platform Security, Software Security

Abnormal Announces New Capability to Detect AI-Generated Email Attacks

Business Wire | August 10, 2023

Abnormal Security, the leading behavioral AI-based email security platform, today announced CheckGPT, used to detect AI-generated attacks. The new capability determines when email threats, including business email compromise (BEC) and other socially-engineered attacks, have likely been created using generative AI tools. Cybercriminals are constantly evolving their attack tactics to evade detection by security defenses, and generative AI is the newest weapon in their arsenal. Using tools like ChatGPT or its malicious cousin WormGPT, threat actors can now write increasingly convincing emails, scaling their attacks in both volume and sophistication. In its latest research report, Abnormal observed a 55% increase in BEC attacks over the previous six months—with the potential for volumes to increase exponentially as generative AI becomes more widely adopted. “The degree of email attack sophistication is going to significantly increase as bad actors leverage generative AI to create novel campaigns,” said Karl Mattson, chief information security officer at Noname Security. “It's not reasonable that each company can become an AI security specialty shop, so we're putting our trust in Abnormal to lead the way in that kind of advanced email attack detection.” Unlike traditional email security solutions, Abnormal takes a radically different approach to stopping advanced email attacks, making it particularly well-suited to the challenge of blocking AI-generated attacks. The unique API architecture ingests thousands of diverse signals to build a baseline of the known-good behavior of every employee and vendor in an organization based on communication patterns, sign-in events and thousands of other attributes. It then applies advanced AI models including natural language processing (NLP) to detect abnormalities in email behavior that indicate a potential attack. After initial email processing, the Abnormal platform expands upon this classification by further processing email attacks to understand their intent and origin. The CheckGPT tool leverages a suite of open source large language models (LLMs) to analyze how likely it is that a generative AI model created the message. The system first analyzes the likelihood that each word in the message has been generated by an AI model, given the context that precedes it. If the likelihood is consistently high, it’s a strong potential indicator that text was generated by AI. The system then combines this indicator with an ensemble of AI detectors to make a final determination on whether an attack was likely to be generated by AI. As a result of this new detection capability, Abnormal recently released research showing a number of emails that contained language strongly suspected to be AI-generated, including business email compromise and credential phishing attacks. “As the adoption of generative AI tools rises, bad actors will increasingly use AI to launch attacks at higher volumes and with more sophistication,” said Evan Reiser, chief executive officer at Abnormal Security. “Security leaders need to combat the threat of AI by investing in AI-powered security solutions that ingest thousands of signals to learn their organization’s unique user behavior, apply advanced models to precisely detect anomalies, and then block attacks before they reach employees. While it’s important to understand whether an email was generated by a human or AI to understand and stay ahead of evolving threats, the right system will detect and block attacks no matter how they were created.” About Abnormal Security Abnormal Security provides the leading behavioral AI-based email security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine leverages identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails and messages in milliseconds—all while providing visibility into configuration drifts across your environment. You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly, with additional protection available for Slack, Teams, and Zoom. More information is available at abnormalsecurity.com.

Read More

Platform Security

Conceal Announces Strategic Partnership with Kompingo: Revolutionizing Web Security with the Next Generation of Protection

Business Wire | August 23, 2023

Conceal, renowned for its pioneering stance against web-based threats, today heralded its significant partnership with Kompingo, the UK's distinguished value-added distributor and managed security service provider. This collaboration signifies a major enhancement for Kompingo’s Managed Detection and Response (MDR) services, as it integrates Conceal’s patented zero-trust browser security into its offerings. "As the digital threat landscape rapidly evolves, strengthening our MDR and managed services capabilities remains paramount. Integrating Conceal’s browser security solution aligns perfectly with our ambition to offer our customers top-tier, holistic security solutions," commented Toby Caton, Director at Kompingo. “Conceal also allows us to offer the product as a stand-alone solution to our growing MSP partners and reseller base for them to enhance their offerings further, too.” Gordon Lawson, CEO of Conceal, further emphasized the partnership’s potential: "Kompingo's expertise in managed security services makes them an ideal partner. We’re confident that by infusing ConcealBrowse into their MDR offerings, we can provide users with unprecedented protection from web-centric threats." Together, Kompingo’s state-of-the-art Security Operations Centre and ConcealBrowse promise a robust defense against today’s sophisticated web threats. With Kompingo’s AI and machine learning-enhanced operations now complemented by Conceal's dynamic web content analysis, both organizations are poised to set a new benchmark in cybersecurity. About Conceal Conceal is at the forefront of defending against web-based attacks, using innovative technology to detect, prevent, and shield businesses and individual users from ever-evolving online threats. ConcealBrowse operates on the principle of proactive protection. Its AI-powered intelligence engine, ConcealSherpa, runs at machine speed with virtually zero latency to identify potentially harmful webpages autonomously, stopping cyber attacks that take advantage of weaponized links. For more information, visit https://conceal.io/. About Kompingo Situated at the crossroads of innovation and technology, Kompingo has etched its mark as a leading light in the IT security arena. Famed for its comprehensive managed services, Kompingo is dedicated to incubating IT security start-ups, nurturing technological advancements, and driving growth. Their plethora of services, spanning from co-managed and fully managed offerings to vCISO and penetration testing, makes them an indispensable ally in the cybersecurity domain. With a steadfast dedication to the Cyber Essentials Scheme and their top-notch Managed Detection and Response services, Kompingo remains a name synonymous with excellence.

Read More

Enterprise Security, Platform Security, Software Security

ZeroFox Contributes to Open Source Amass Project to Help Businesses Manage Their External Attack Surface

Globenewswire | July 21, 2023

ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, highlights its recent contributions to the OWASP Amass Project in an ongoing effort to give businesses and government entities better visibility to their full external attack surface asset ecosystem. The recent additions to the project from the ZeroFox team provide more advanced tool sets for analysts to discover and catalog their internet-facing assets and exposures. The contributions create a new standard framework to lead the industry in a more cohesive approach to attack surface management. As organizations face increasingly sophisticated cyber threats, understanding and managing their external attack surface has become paramount. By leveraging its expertise in external cybersecurity, ZeroFox identified a critical gap in the attack surface management landscape and responded by spearheading the development of the Open Asset Model and Asset Database within the OWASP Amass Project. The Open Asset Model and Asset Database contributions offer security analysts a unified and structured approach to identifying and managing potential vulnerabilities outside the perimeter. The Open Asset Model provides a new standard for asset definitions, representing a comprehensive framework for describing and categorizing diverse internet-facing assets. The Amass community can quickly adapt the model to include new types of assets exposed on the Internet, and their relationships to each other, for more accurate discovery, tracking, monitoring, and management. The Asset Database implements this model, offering the database interaction layer to store discovered assets in the popular sqlite3 and PostgreSQL database management systems. The Asset Database will foster the development of an ecosystem of scanning and analysis tools, allowing them to store and analyze assets from the Open Asset Model and their relationships. These contributions directly benefit both existing Amass users and the broader attack surface management community in an effort to standardize asset definitions. The new standards now provide the information security community with a consistent and predictable format when transferring data describing external attack surfaces. "We are thrilled to contribute to the OWASP Amass Project and provide the security community with cutting-edge tools for Attack Surface Management," said Jeff Foley, VP of Research at ZeroFox. "By leveraging the power of open source, we aim to expand access to advanced cybersecurity capabilities, helping organizations proactively defend against emerging threats." These engineering contributions represent a continued commitment by ZeroFox to the open source community, OWASP, and the Amass Project. ZeroFox will continue to contribute to the Amass Project in an effort to enable the discovery, management, and protection of the external attack surface. By sharing its expertise and resources, ZeroFox aims to foster collaboration and innovation within the information security community, ultimately making the digital landscape safer for all users. About ZeroFox ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit www.zerofox.com for more information.

Read More

Enterprise Security, Platform Security, Software Security

Abnormal Announces New Capability to Detect AI-Generated Email Attacks

Business Wire | August 10, 2023

Abnormal Security, the leading behavioral AI-based email security platform, today announced CheckGPT, used to detect AI-generated attacks. The new capability determines when email threats, including business email compromise (BEC) and other socially-engineered attacks, have likely been created using generative AI tools. Cybercriminals are constantly evolving their attack tactics to evade detection by security defenses, and generative AI is the newest weapon in their arsenal. Using tools like ChatGPT or its malicious cousin WormGPT, threat actors can now write increasingly convincing emails, scaling their attacks in both volume and sophistication. In its latest research report, Abnormal observed a 55% increase in BEC attacks over the previous six months—with the potential for volumes to increase exponentially as generative AI becomes more widely adopted. “The degree of email attack sophistication is going to significantly increase as bad actors leverage generative AI to create novel campaigns,” said Karl Mattson, chief information security officer at Noname Security. “It's not reasonable that each company can become an AI security specialty shop, so we're putting our trust in Abnormal to lead the way in that kind of advanced email attack detection.” Unlike traditional email security solutions, Abnormal takes a radically different approach to stopping advanced email attacks, making it particularly well-suited to the challenge of blocking AI-generated attacks. The unique API architecture ingests thousands of diverse signals to build a baseline of the known-good behavior of every employee and vendor in an organization based on communication patterns, sign-in events and thousands of other attributes. It then applies advanced AI models including natural language processing (NLP) to detect abnormalities in email behavior that indicate a potential attack. After initial email processing, the Abnormal platform expands upon this classification by further processing email attacks to understand their intent and origin. The CheckGPT tool leverages a suite of open source large language models (LLMs) to analyze how likely it is that a generative AI model created the message. The system first analyzes the likelihood that each word in the message has been generated by an AI model, given the context that precedes it. If the likelihood is consistently high, it’s a strong potential indicator that text was generated by AI. The system then combines this indicator with an ensemble of AI detectors to make a final determination on whether an attack was likely to be generated by AI. As a result of this new detection capability, Abnormal recently released research showing a number of emails that contained language strongly suspected to be AI-generated, including business email compromise and credential phishing attacks. “As the adoption of generative AI tools rises, bad actors will increasingly use AI to launch attacks at higher volumes and with more sophistication,” said Evan Reiser, chief executive officer at Abnormal Security. “Security leaders need to combat the threat of AI by investing in AI-powered security solutions that ingest thousands of signals to learn their organization’s unique user behavior, apply advanced models to precisely detect anomalies, and then block attacks before they reach employees. While it’s important to understand whether an email was generated by a human or AI to understand and stay ahead of evolving threats, the right system will detect and block attacks no matter how they were created.” About Abnormal Security Abnormal Security provides the leading behavioral AI-based email security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine leverages identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails and messages in milliseconds—all while providing visibility into configuration drifts across your environment. You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly, with additional protection available for Slack, Teams, and Zoom. More information is available at abnormalsecurity.com.

Read More

More featured news