Home > News > featured news > SecurityScorecard Launches Cyber Risk Quantification Portfolio Providing Customers Various Models to Conduct Security Cost-Benefit Analysis

Software Security

SecurityScorecard Launches Cyber Risk Quantification Portfolio Providing Customers Various Models to Conduct Security Cost-Benefit Analysis

SecurityScorecard | April 27, 2022

SecurityScorecard
SecurityScorecard, the global leader in cybersecurity ratings, today introduced its Cyber Risk Quantification (CRQ) capabilities that will enable customers to understand cyber risk in financial terms, enabling organizations to bring cyber risk into holistic business risk analysis, and assisting organizations in a cost-benefit analysis of cyber investment options. SecurityScorecard's CRQ capabilities help customers understand the financial impact of a cyber-attack, gain insight into the probability of incidents over time and quantify the reduction in expected losses if issues are resolved. The SecurityScorecard CRQ capabilities will be included in the company's risk intelligence platform, the industry's first holistic offering that proactively protects organizations from every angle.

"Executives and boards of directors lack the ability to connect cybersecurity budgets to business outcomes, hindering the CISO's ability to justify their cybersecurity budgets. By grounding risk quantification in SecurityScorecard's expansive data, we are bringing cyber security to the forefront of daily decision making. Our goal is to help our customers make informed decisions on how to raise the bar on their cybersecurity defenses with optimized investments, and we will continue to partner with leading CRQ thought leaders to provide the options they are looking for."

Prashant Pai, Senior Vice President and General Manager Strategic Initiatives, SecurityScorecard

To deliver the combined insights of SecurityScorecard's cybersecurity ratings data and leading risk models, SecurityScorecard is partnering with a number of leading CRQ thought leaders and developers including ThreatConnect, and RiskLens, which created Factor Analysis of Information Risk (FAIR™). With multiple views of risk available through the lens of different CRQ frameworks, risk managers can determine which framework is the best fit for their business.

With cyber risks becoming increasingly prevalent, boards of directors and executives need to evaluate those risks and become more involved with cybersecurity. Effectively reporting to the board is a key component of every security leader's job.

According to Gartner® The 2022 Board of Directors Survey, 88% of respondents viewed cybersecurity as a business risk, while 72% stated they are focused on aligning risk, strategy and performance to drive business resilience.1

"The CRQ integration between RiskLens and SecurityScorecard will finally give organizations of all sizes what they need to effectively understand and manage cyber risk: an automated, 'dollars and cents' view of cyber risk," said Nick Sanna, CEO, RiskLens. "Based on the FAIR cyber risk quantification standard, on industry benchmark data and on their SecurityScorecard security rating, organizations can now make risk-informed business decisions."

"ThreatConnect is excited to partner with SecurityScorecard as the combination of their external cybersecurity risk posture and the power of ThreatConnect Risk Quantifier (RQ) connects the outside and inside views for an organization, giving them a 360 degree perspective of the risk to their organizations," said Jerry Caponera, Vice President of Cyber Risk Strategy for ThreatConnect. "Applying ThreatConnect's statistical and machine learning algorithms to the SecurityScorecard data enables customers to easily visualize their risk and, more importantly, prioritize which factors should be improved based on financial risk reductions."

SecurityScorecard's CRQ portfolio enables executives, CISOs and risk managers to obtain a comprehensive view of their cyber risk that enables them to define cyber risk in a universally understood metric and embed those insights into decisions across the organization.

SecurityScorecard's CRQ capabilities also offer:

  • Scalable risk quantification methodology - With continuous monitoring of over 12 million companies, SecurityScorecard grounds its analysis in a consistent cybersecurity data-driven approach to deliver a real-time view of risk.
  • Contextualized view of cyber risk - SecurityScorecard directly ties financial impact to the security issues that drive losses.
  • Multiple risk quantification frameworks– Multiple risk frameworks are integrated into the CRQ capabilities to ease the evaluation and implementation of CRQ.

About SecurityScorecard
Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base.

Spotlight

Protecting Public Water Systems From Cyberattacks

Cyberattacks can compromise the ability of water utilities to provide safe water to customers, erode customer confidence, and result in financial and legal liabilities. A robust water system cybersecurity program can effectively reduce or even eliminate the vulnerabilities that cyberattacks exploit. Read the solution brief to fi

More featured news

Spotlight

Protecting Public Water Systems From Cyberattacks

Cyberattacks can compromise the ability of water utilities to provide safe water to customers, erode customer confidence, and result in financial and legal liabilities. A robust water system cybersecurity program can effectively reduce or even eliminate the vulnerabilities that cyberattacks exploit. Read the solution brief to fi

Related News

Enterprise Security, Platform Security, Software Security

Detectify Improves Attack Surface Risk Visibility With New IP Addresses View

Business Wire | August 14, 2023

Detectify, the leading External Attack Surface Management platform powered by elite ethical hackers, today announced enhancements to its platform that can significantly help to elevate an organization’s visibility into its attack surface. Many organizations need help gaining visibility into the IP addresses across their whole environment. Detectify's new capabilities enable organizations to uncover unauthorized assets and ensure regulatory compliance. The attack surface has grown exponentially, not least in how decentralized organizations have become. Over 10% of Detectify customers are hosting data across three continents, illustrating how their products and services are more global than ever. Detectify also notes that 30% of their customer base is leveraging more than 5 service providers, which reflects the growing trend in vulnerabilities as a result of human errors, like server misconfigurations. Moreover, organizations are quickly expanding their digital footprint, with 73% of Detectify customers using IPv6 addresses. With the introduction of the new IP Addresses view, Detectify users gain seamless access to a comprehensive list of all IPs associated with their domains, accompanied by valuable insights, including hosting provider details, geographical locations, and Autonomous System Numbers (ASNs). This update is further complemented by interactive charts, enabling users to detect outlier countries or providers, and streamlining the process of identifying potential security concerns. "It's not uncommon for our customers to encounter instances where unauthorized geolocations are used to spin up new machines or witness sudden spikes in hosting activities from approved countries,” said Danwei Tran Luciani, Interim VP of Product at Detectify. “These anomalies can expose organizations to risk, particularly when traditional automated detection methods fall short. Our new IP Addresses view empowers security teams to proactively address these challenges, strengthening their overall cybersecurity posture." Detectify's new IP Addresses view provides security teams with tangible benefits to navigate complex attack surfaces, such as: Uncovering unauthorized assets: For organizations with large attack surfaces, this capability allows users to identify unauthorized assets hosted by unapproved vendors. By instantly detecting an asset being hosted by a non-approved provider, security teams can take swift action and mitigate potential threats. Ensuring regulatory compliance: For businesses operating in highly regulated environments where compliance is paramount, the new view is critical in determining the hosting locations of specific customer data. This enhanced visibility ensures adherence to regulatory requirements and fortifies data privacy measures. The new IP Addresses view is now available to all Detectify customers, reinforcing the company's commitment to empowering security teams with cutting-edge solutions to safeguard organizations’ ever-evolving attack surfaces. For more information visit www.detectify.com About Detectify Detectify sets the standard for External Attack Surface Management (EASM), providing 99.7% accurate vulnerability assessments. Product security and AppSec teams trust Detectify to expose exactly how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous real-world, payload-based attacks crowdsourced through its global community of elite ethical hackers, exposing critical weaknesses before it’s too late. Go hack yourself: detectify.com.

Read More

Enterprise Security, Platform Security, Software Security

Identiv Simplifies Cyber-Secure Access Control with Primis

Business Wire | July 31, 2023

Identiv, Inc. (NASDAQ: INVE), a global leader in digital security and identification in the Internet of Things (IoT), introduces Primis, a suite of access control solutions designed for every security need. Primis offers secure, affordable, and ready-to-use security solutions straight out of the box, streamlining access control for businesses of all sizes. The suite features Primis on-premises access control, Primis Cloud, Primis Mobile, and the EG-2 controller. By transforming traditional physical access control systems into user-friendly, cyber-secure solutions, Primis simplifies security. Ideal for small to medium-sized setups, the Primis suite ensures quick installation, minimal training, and easy maintenance. It delivers superior security and reliability at the lowest possible cost, already proven across over 500 deployments to date. “Primis isn't your parent's access control. It's designed for today's SMBs and future-focused organizations; this is our vision for the future of access control where complexity is no barrier and where high security is accessible to everyone,” said Mike Taylor, VP Global Sales, Identiv. “With Primis, access control is always ready, making security simple and easy to use.” The Primis suite includes: Primis: On-site access control hardware and software transforms security with robust, feature-rich technology. It integrates seamlessly with IT networks, eliminating complex configurations and potential vulnerabilities, resulting in enhanced, reliable access control at a lower cost. Primis Cloud: This flexible, secure access control as a service (ACaaS) offering delivers a cloud-based, subscription service version of Primis that minimizes maintenance. Housed in Identiv’s secure AWS virtual environment, Primis Cloud provides 24/7, interruption-free access control. Primis Mobile: The app leverages GPS technology to replace physical credentials with an innovative mobile solution, simplifying access control management through an easy mobile enrollment process. EG-2: A robust mix of power, flexibility, and security, EG-2 is a smart controller that allows door access management from anywhere. It provides a resilient solution that adapts to business needs, even in the event of server disconnections. “Today's launch underscores Identiv’s commitment to delivering top-tier service, security, and support to our partners,” Taylor added. “We invite potential partners to join our global network and benefit from our world-class program.” The Primis suite is exclusively available worldwide through the Identiv Channel Alliance Network (ICAN) partner program. ICAN Partners enjoy numerous benefits, including product discounts, access to comprehensive technical support, sales leads, authorized dealer certificates, co-branded marketing materials, and instant 24/7 access to sales tools and technical resources. About Identiv Identiv, Inc. is a global leader in digitally securing the physical world. Identiv’s platform encompasses RFID and NFC, cybersecurity, and the full spectrum of physical access, video, and audio security. Identiv is a publicly traded company, and its common stock is listed on the NASDAQ Stock Market LLC in the U.S. under the symbol “INVE.” For more information, visit identiv.com.

Read More

Enterprise Security, Platform Security, Software Security

SecPod releases SanerNow 6.0 to redefine Vulnerability Lifecycle Automation with Cyber Hygiene Score

Prnewswire | July 18, 2023

SecPod Technologies, a global leader in the cyberattack prevention industry, has released SanerNow 6.0, a new update to its flagship cyberattack prevention platform SanerNow. With a brand-new unified dashboard and an innovative Cyber Hygiene Score, SanerNow transforms how CISOs and security administrators combat cyberattacks and simplifies the process of vulnerability lifecycle automation. Chandrashekhar Basavanna, the CEO of SecPod, said, "We are very excited to launch a major upgrade to our SanerNow platform. Risk quantification has always been an intriguing concept industry-wide. We are taking a real shot at it with an innovative hygiene score. This will facilitate our Customers to quantify the risks their IT infrastructure is exposed to and implement vulnerability mitigation strategies. With an all-new dashboard, we are representing end-to-end vulnerability management with Visibility, Detection, Prioritization, and Mitigation coming together in a unified console." With Cyber Hygiene Score, based on SecPod's in-house security intelligence and proprietary algorithm, SanerNow quantifies an organization's cyber hygiene and provides insight into your IT infrastructure. Further, in combination with a unified dashboard, SanerNow provides a holistic view of your organization's risk exposure to take effective laser-focused actions. The new update, SanerNow 6.0, with the new dashboard and Cyber Hygiene Score, is now available for the general public. SecPod SanerNow Advanced Vulnerability Management is a comprehensive cyberattack prevention platform providing visibility and control over IT infrastructure, detection and prioritization of vulnerabilities, and vulnerability remediation in a single unified console. About SecPod SecPod is a SaaS-based cybersecurity technology company created with a singular, unwavering goal of preventing cyberattacks. Founded in 2008, the company provides a top-of-the-line advanced vulnerability management solution that strengthens organizations' cybersecurity posture worldwide.

Read More

Enterprise Security, Platform Security, Software Security

Detectify Improves Attack Surface Risk Visibility With New IP Addresses View

Business Wire | August 14, 2023

Detectify, the leading External Attack Surface Management platform powered by elite ethical hackers, today announced enhancements to its platform that can significantly help to elevate an organization’s visibility into its attack surface. Many organizations need help gaining visibility into the IP addresses across their whole environment. Detectify's new capabilities enable organizations to uncover unauthorized assets and ensure regulatory compliance. The attack surface has grown exponentially, not least in how decentralized organizations have become. Over 10% of Detectify customers are hosting data across three continents, illustrating how their products and services are more global than ever. Detectify also notes that 30% of their customer base is leveraging more than 5 service providers, which reflects the growing trend in vulnerabilities as a result of human errors, like server misconfigurations. Moreover, organizations are quickly expanding their digital footprint, with 73% of Detectify customers using IPv6 addresses. With the introduction of the new IP Addresses view, Detectify users gain seamless access to a comprehensive list of all IPs associated with their domains, accompanied by valuable insights, including hosting provider details, geographical locations, and Autonomous System Numbers (ASNs). This update is further complemented by interactive charts, enabling users to detect outlier countries or providers, and streamlining the process of identifying potential security concerns. "It's not uncommon for our customers to encounter instances where unauthorized geolocations are used to spin up new machines or witness sudden spikes in hosting activities from approved countries,” said Danwei Tran Luciani, Interim VP of Product at Detectify. “These anomalies can expose organizations to risk, particularly when traditional automated detection methods fall short. Our new IP Addresses view empowers security teams to proactively address these challenges, strengthening their overall cybersecurity posture." Detectify's new IP Addresses view provides security teams with tangible benefits to navigate complex attack surfaces, such as: Uncovering unauthorized assets: For organizations with large attack surfaces, this capability allows users to identify unauthorized assets hosted by unapproved vendors. By instantly detecting an asset being hosted by a non-approved provider, security teams can take swift action and mitigate potential threats. Ensuring regulatory compliance: For businesses operating in highly regulated environments where compliance is paramount, the new view is critical in determining the hosting locations of specific customer data. This enhanced visibility ensures adherence to regulatory requirements and fortifies data privacy measures. The new IP Addresses view is now available to all Detectify customers, reinforcing the company's commitment to empowering security teams with cutting-edge solutions to safeguard organizations’ ever-evolving attack surfaces. For more information visit www.detectify.com About Detectify Detectify sets the standard for External Attack Surface Management (EASM), providing 99.7% accurate vulnerability assessments. Product security and AppSec teams trust Detectify to expose exactly how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous real-world, payload-based attacks crowdsourced through its global community of elite ethical hackers, exposing critical weaknesses before it’s too late. Go hack yourself: detectify.com.

Read More

Enterprise Security, Platform Security, Software Security

Identiv Simplifies Cyber-Secure Access Control with Primis

Business Wire | July 31, 2023

Identiv, Inc. (NASDAQ: INVE), a global leader in digital security and identification in the Internet of Things (IoT), introduces Primis, a suite of access control solutions designed for every security need. Primis offers secure, affordable, and ready-to-use security solutions straight out of the box, streamlining access control for businesses of all sizes. The suite features Primis on-premises access control, Primis Cloud, Primis Mobile, and the EG-2 controller. By transforming traditional physical access control systems into user-friendly, cyber-secure solutions, Primis simplifies security. Ideal for small to medium-sized setups, the Primis suite ensures quick installation, minimal training, and easy maintenance. It delivers superior security and reliability at the lowest possible cost, already proven across over 500 deployments to date. “Primis isn't your parent's access control. It's designed for today's SMBs and future-focused organizations; this is our vision for the future of access control where complexity is no barrier and where high security is accessible to everyone,” said Mike Taylor, VP Global Sales, Identiv. “With Primis, access control is always ready, making security simple and easy to use.” The Primis suite includes: Primis: On-site access control hardware and software transforms security with robust, feature-rich technology. It integrates seamlessly with IT networks, eliminating complex configurations and potential vulnerabilities, resulting in enhanced, reliable access control at a lower cost. Primis Cloud: This flexible, secure access control as a service (ACaaS) offering delivers a cloud-based, subscription service version of Primis that minimizes maintenance. Housed in Identiv’s secure AWS virtual environment, Primis Cloud provides 24/7, interruption-free access control. Primis Mobile: The app leverages GPS technology to replace physical credentials with an innovative mobile solution, simplifying access control management through an easy mobile enrollment process. EG-2: A robust mix of power, flexibility, and security, EG-2 is a smart controller that allows door access management from anywhere. It provides a resilient solution that adapts to business needs, even in the event of server disconnections. “Today's launch underscores Identiv’s commitment to delivering top-tier service, security, and support to our partners,” Taylor added. “We invite potential partners to join our global network and benefit from our world-class program.” The Primis suite is exclusively available worldwide through the Identiv Channel Alliance Network (ICAN) partner program. ICAN Partners enjoy numerous benefits, including product discounts, access to comprehensive technical support, sales leads, authorized dealer certificates, co-branded marketing materials, and instant 24/7 access to sales tools and technical resources. About Identiv Identiv, Inc. is a global leader in digitally securing the physical world. Identiv’s platform encompasses RFID and NFC, cybersecurity, and the full spectrum of physical access, video, and audio security. Identiv is a publicly traded company, and its common stock is listed on the NASDAQ Stock Market LLC in the U.S. under the symbol “INVE.” For more information, visit identiv.com.

Read More

Enterprise Security, Platform Security, Software Security

SecPod releases SanerNow 6.0 to redefine Vulnerability Lifecycle Automation with Cyber Hygiene Score

Prnewswire | July 18, 2023

SecPod Technologies, a global leader in the cyberattack prevention industry, has released SanerNow 6.0, a new update to its flagship cyberattack prevention platform SanerNow. With a brand-new unified dashboard and an innovative Cyber Hygiene Score, SanerNow transforms how CISOs and security administrators combat cyberattacks and simplifies the process of vulnerability lifecycle automation. Chandrashekhar Basavanna, the CEO of SecPod, said, "We are very excited to launch a major upgrade to our SanerNow platform. Risk quantification has always been an intriguing concept industry-wide. We are taking a real shot at it with an innovative hygiene score. This will facilitate our Customers to quantify the risks their IT infrastructure is exposed to and implement vulnerability mitigation strategies. With an all-new dashboard, we are representing end-to-end vulnerability management with Visibility, Detection, Prioritization, and Mitigation coming together in a unified console." With Cyber Hygiene Score, based on SecPod's in-house security intelligence and proprietary algorithm, SanerNow quantifies an organization's cyber hygiene and provides insight into your IT infrastructure. Further, in combination with a unified dashboard, SanerNow provides a holistic view of your organization's risk exposure to take effective laser-focused actions. The new update, SanerNow 6.0, with the new dashboard and Cyber Hygiene Score, is now available for the general public. SecPod SanerNow Advanced Vulnerability Management is a comprehensive cyberattack prevention platform providing visibility and control over IT infrastructure, detection and prioritization of vulnerabilities, and vulnerability remediation in a single unified console. About SecPod SecPod is a SaaS-based cybersecurity technology company created with a singular, unwavering goal of preventing cyberattacks. Founded in 2008, the company provides a top-of-the-line advanced vulnerability management solution that strengthens organizations' cybersecurity posture worldwide.

Read More

More featured news