SOFTWARE SECURITY

SecurityScorecard Launches Cyber Risk Quantification Portfolio Providing Customers Various Models to Conduct Security Cost-Benefit Analysis

SecurityScorecard | April 27, 2022

SecurityScorecard
SecurityScorecard, the global leader in cybersecurity ratings, today introduced its Cyber Risk Quantification (CRQ) capabilities that will enable customers to understand cyber risk in financial terms, enabling organizations to bring cyber risk into holistic business risk analysis, and assisting organizations in a cost-benefit analysis of cyber investment options. SecurityScorecard's CRQ capabilities help customers understand the financial impact of a cyber-attack, gain insight into the probability of incidents over time and quantify the reduction in expected losses if issues are resolved. The SecurityScorecard CRQ capabilities will be included in the company's risk intelligence platform, the industry's first holistic offering that proactively protects organizations from every angle.

"Executives and boards of directors lack the ability to connect cybersecurity budgets to business outcomes, hindering the CISO's ability to justify their cybersecurity budgets. By grounding risk quantification in SecurityScorecard's expansive data, we are bringing cyber security to the forefront of daily decision making. Our goal is to help our customers make informed decisions on how to raise the bar on their cybersecurity defenses with optimized investments, and we will continue to partner with leading CRQ thought leaders to provide the options they are looking for."

Prashant Pai, Senior Vice President and General Manager Strategic Initiatives, SecurityScorecard

To deliver the combined insights of SecurityScorecard's cybersecurity ratings data and leading risk models, SecurityScorecard is partnering with a number of leading CRQ thought leaders and developers including ThreatConnect, and RiskLens, which created Factor Analysis of Information Risk (FAIR™). With multiple views of risk available through the lens of different CRQ frameworks, risk managers can determine which framework is the best fit for their business.

With cyber risks becoming increasingly prevalent, boards of directors and executives need to evaluate those risks and become more involved with cybersecurity. Effectively reporting to the board is a key component of every security leader's job.

According to Gartner® The 2022 Board of Directors Survey, 88% of respondents viewed cybersecurity as a business risk, while 72% stated they are focused on aligning risk, strategy and performance to drive business resilience.1

"The CRQ integration between RiskLens and SecurityScorecard will finally give organizations of all sizes what they need to effectively understand and manage cyber risk: an automated, 'dollars and cents' view of cyber risk," said Nick Sanna, CEO, RiskLens. "Based on the FAIR cyber risk quantification standard, on industry benchmark data and on their SecurityScorecard security rating, organizations can now make risk-informed business decisions."

"ThreatConnect is excited to partner with SecurityScorecard as the combination of their external cybersecurity risk posture and the power of ThreatConnect Risk Quantifier (RQ) connects the outside and inside views for an organization, giving them a 360 degree perspective of the risk to their organizations," said Jerry Caponera, Vice President of Cyber Risk Strategy for ThreatConnect. "Applying ThreatConnect's statistical and machine learning algorithms to the SecurityScorecard data enables customers to easily visualize their risk and, more importantly, prioritize which factors should be improved based on financial risk reductions."

SecurityScorecard's CRQ portfolio enables executives, CISOs and risk managers to obtain a comprehensive view of their cyber risk that enables them to define cyber risk in a universally understood metric and embed those insights into decisions across the organization.

SecurityScorecard's CRQ capabilities also offer:

  • Scalable risk quantification methodology - With continuous monitoring of over 12 million companies, SecurityScorecard grounds its analysis in a consistent cybersecurity data-driven approach to deliver a real-time view of risk.
  • Contextualized view of cyber risk - SecurityScorecard directly ties financial impact to the security issues that drive losses.
  • Multiple risk quantification frameworks– Multiple risk frameworks are integrated into the CRQ capabilities to ease the evaluation and implementation of CRQ.

About SecurityScorecard
Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base.

Spotlight

Everyone is familiar with the concept that attackers can launch malicious attacks through email, Windows or other software that runs on our laptops. But can the device itself become the target? Like many other parts of a computer system, UEFI can be attacked to gain unauthorized access to the system and its data. In September 2018 the first known attack on UEFI was launched.

Spotlight

Everyone is familiar with the concept that attackers can launch malicious attacks through email, Windows or other software that runs on our laptops. But can the device itself become the target? Like many other parts of a computer system, UEFI can be attacked to gain unauthorized access to the system and its data. In September 2018 the first known attack on UEFI was launched.

Related News

SOFTWARE SECURITY

SafeGuard Cyber Delivers Context-Aware Response with Microsoft Azure AD and Okta

SafeGuard Cyber | August 01, 2022

SafeGuard Cyber, the leading provider of security and compliance solutions for email and communication-based threats, today announces automated response and multi-channel user onboarding with Microsoft Azure AD and Okta integrations for its security and risk management platform. These integrations enable automated and workflow-based responses to advanced social engineering threats such as impersonation and account takeover, as well as other threats, business risks, and compliance violations. The integrations extend the SafeGuard Cyber platform's multi-channel detection capabilities, with the ability for security and compliance operation teams to manage and automate responses to threats and risks across all communication channels. "In the current economic climate, organizational leadership needs to ensure optimum resource utilization in security operations and reduce unnecessary costs," said Chris Lehman, CEO of SafeGuard Cyber. "Many of our enterprise customers have made significant investments in Azure AD or Okta to manage identities across their organizations, and our new capabilities allow them to streamline operations and maximize ROI for their security and overall operations." Integrated response through SafeGuard Cyber enables security architects and operations teams to deliver the ideal response to threats and business risks, either in an automated or direct action through the SafeGuard Cyber platform as part of incident management or an investigation. "As the threats of fraud, impersonation, and social engineering increasingly result in material breaches and financial losses through ransomware and business compromise, the need to have a context-aware, zero-trust foundation with detection and response capabilities is more urgent than ever. "Our integrations with Okta and Azure AD enable organizations moving towards a cloud or hybrid workplace to simplify identity-based responses to communication-based threats, while enriching authentication to include context and intent of interactions." Rusty Carter, chief product officer at SafeGuard Cyber Context-aware and advanced integrated response with Okta and Azure AD is available for all SafeGuard Cyber customers and delivers: Automated user onboarding for monitoring communications by group Automatic, risk-based responses that include user-session invalidation Support for all SafeGuard Cyber protected channels SafeGuard Cyber detects attacks and identifies risk by understanding how humans interact and communicate. The company's Natural Language Understanding-based SaaS platform offers the industry's most advanced visibility and detection of phishing, BEC and malware attacks that span the full range of modern business communications channels, including social media, collaboration, mobile messaging, conferencing, CRM and the Microsoft 365 ecosystem. About SafeGuard Cyber SafeGuard Cyber provides the only comprehensive technology solution for addressing cybersecurity threats and compliance risks across the modern cloud workplace. The company's patented and award-winning Natural Language Understanding technology analyzes and correlates conversations across 30 communication channels and 52 languages, including collaboration, social, chat, messaging, and conference platforms, in order to detect and prevent communication-based threats like social engineering. By stopping attacks at the social engineering stage, SafeGuard Cyber allows companies to prevent data breaches, ransomware, invoice fraud, and many other threats. The company's cloud-based Machine Learning also provides compliance solutions for governance and policy enforcement that empower customers to communicate through modern apps and social networking.

Read More

PLATFORM SECURITY

SecurityScorecard Helps CISOs See, Resolve and Communicate Cyber Risks Clearly with Integration of Ratings Platform and Suite of Professional Services

SecurityScorecard | August 10, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced the integration of its Professional Services offering with its ratings platform to provide a single point of orchestration to manage cybersecurity risks. SecurityScorecard’s Professional Services team can help any customer manage cybersecurity risk in concert with the industry’s largest and most comprehensive global, cyber risk data set, setting the industry standard for how cyber risk is quantified, measured and reduced. SecurityScorecard delivers strategic, proactive and acute-scenario services paired with its industry-leading ratings platform that together provide end-to-end cyber risk management from monitoring to remediation. “CISOs are under pressure to protect their organizations, and are now accountable to the Board of Directors, but they lack a single-point of orchestration for cybersecurity workflow and to define success. “Our services and software platform provides CISOs with peace of mind that they have the broad visibility to take action quickly, hold their vendors accountable and communicate those actions promptly.” Aleksandr Yampolskiy, co-founder and CEO, SecurityScorecard SecurityScorecard’s Professional Services team utilizes the combined data and dynamic risk intelligence from the SecurityScorecard platform together with customized data derived from dark web mining to give each customer a holistic, full-spectrum view of their risk posture that is continuously assessed and triaged. SecurityScorecard’s suite of Professional Services is supported by a team of 24/7 Digital Forensic Incident Response (DFIR) experts and include: Cyber Risk Intelligence-as-a-Service provides organizations with tailored, actionable intelligence via SecurityScorecard’s threat intelligence team. Third-Party Risk Management (TPRM) Program includes workshops and customized roadmaps to help organizations mature their programs. Tabletop Exercises help test teams’ cyber readiness against a real-world cyber incident by practicing incident response scenarios. Penetration Testing and Red Team Exercises engage covert teams of ethical hackers to identify weaknesses. Digital Forensics & Incident Response (DFIR) support helps to collect, preserve and analyze digital evidence when responding to an incident, whether that be an insider threat situation or a nation state attack. SecurityScorecard’s team of experts regularly testify in court and collaborate with law enforcement. Incident Response support is also available 24/7 and onsite during a crisis, such as a ransomware incident, to help contain attacks, identify the threat actors and safely progress to the eradication phase. SecurityScorecard’s Professional Services team also helps prevent churn across internal security and TPRM teams by giving them the expertise to maintain program integrity and business uptime, particularly for under-resourced teams, regardless of cyber or third-party risk maturity. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

PLATFORM SECURITY

Uptycs Unveils Advanced Container and Kubernetes Capabilities

Uptycs | May 27, 2022

Uptycs, the first cloud-native security analytics platform that enables both cloud and endpoint security from a single platform, today unveiled expanded container and Kubernetes security posture management (KSPM) features for its cloud workload protection platform (CWPP). These features enable real-time identification of containerized workloads, proactive scanning of container images in the CI/CD pipeline, constant compliance monitoring, and Kubernetes security policy audit and enforcement. According to Gartner, by 2026, over 90% of the world's enterprises will be operating containerized apps in production, up from less than 40% currently. Businesses, on the other hand, struggle to manage and maintain these transitory assets. Misconfigurations in the control plane and insecure policies at the single container layer are used by attackers to escalate permissions, conduct container escapes, and compromise nodes for executing code. "Organizations are rapidly scaling their Kubernetes environments and seeing tremendous gains in optimization, availability, and developer productivity, but too often Security teams are left playing catch up. With telemetry from Kubernetes systems supported by our analytics platform, Security teams know immediately what resources they have and the security posture of those resources—across public and private clouds, scaling to tens of thousands of pods. Combined with our industry-leading container security capabilities, this gives Security teams confidence that they have the proper controls in place to minimize risk while enabling innovation." Ganesh Pai, CEO and Co-founder of Uptycs Uptycs offers both fully managed (AWS EKS, Azure AKS, Google GKE) and self-managed Kubernetes environments, such as VMware Tanzu and Google Anthos. Uptycs contains a range of container runtimes (Docker, containerd, CRI-O). The latest KSPM capabilities offered by the Uptycs platform are now readily accessible and will be shown at the 2022 RSA Conference (booth #435) from June 6-9. Learn more about the Uptycs container and Kubernetes security service by visiting the Uptycs blog.

Read More