SOFTWARE SECURITY

SecurityScorecard Launches Cyber Risk Quantification Portfolio Providing Customers Various Models to Conduct Security Cost-Benefit Analysis

SecurityScorecard | April 27, 2022

SecurityScorecard
SecurityScorecard, the global leader in cybersecurity ratings, today introduced its Cyber Risk Quantification (CRQ) capabilities that will enable customers to understand cyber risk in financial terms, enabling organizations to bring cyber risk into holistic business risk analysis, and assisting organizations in a cost-benefit analysis of cyber investment options. SecurityScorecard's CRQ capabilities help customers understand the financial impact of a cyber-attack, gain insight into the probability of incidents over time and quantify the reduction in expected losses if issues are resolved. The SecurityScorecard CRQ capabilities will be included in the company's risk intelligence platform, the industry's first holistic offering that proactively protects organizations from every angle.

"Executives and boards of directors lack the ability to connect cybersecurity budgets to business outcomes, hindering the CISO's ability to justify their cybersecurity budgets. By grounding risk quantification in SecurityScorecard's expansive data, we are bringing cyber security to the forefront of daily decision making. Our goal is to help our customers make informed decisions on how to raise the bar on their cybersecurity defenses with optimized investments, and we will continue to partner with leading CRQ thought leaders to provide the options they are looking for."

Prashant Pai, Senior Vice President and General Manager Strategic Initiatives, SecurityScorecard

To deliver the combined insights of SecurityScorecard's cybersecurity ratings data and leading risk models, SecurityScorecard is partnering with a number of leading CRQ thought leaders and developers including ThreatConnect, and RiskLens, which created Factor Analysis of Information Risk (FAIR™). With multiple views of risk available through the lens of different CRQ frameworks, risk managers can determine which framework is the best fit for their business.

With cyber risks becoming increasingly prevalent, boards of directors and executives need to evaluate those risks and become more involved with cybersecurity. Effectively reporting to the board is a key component of every security leader's job.

According to Gartner® The 2022 Board of Directors Survey, 88% of respondents viewed cybersecurity as a business risk, while 72% stated they are focused on aligning risk, strategy and performance to drive business resilience.1

"The CRQ integration between RiskLens and SecurityScorecard will finally give organizations of all sizes what they need to effectively understand and manage cyber risk: an automated, 'dollars and cents' view of cyber risk," said Nick Sanna, CEO, RiskLens. "Based on the FAIR cyber risk quantification standard, on industry benchmark data and on their SecurityScorecard security rating, organizations can now make risk-informed business decisions."

"ThreatConnect is excited to partner with SecurityScorecard as the combination of their external cybersecurity risk posture and the power of ThreatConnect Risk Quantifier (RQ) connects the outside and inside views for an organization, giving them a 360 degree perspective of the risk to their organizations," said Jerry Caponera, Vice President of Cyber Risk Strategy for ThreatConnect. "Applying ThreatConnect's statistical and machine learning algorithms to the SecurityScorecard data enables customers to easily visualize their risk and, more importantly, prioritize which factors should be improved based on financial risk reductions."

SecurityScorecard's CRQ portfolio enables executives, CISOs and risk managers to obtain a comprehensive view of their cyber risk that enables them to define cyber risk in a universally understood metric and embed those insights into decisions across the organization.

SecurityScorecard's CRQ capabilities also offer:

  • Scalable risk quantification methodology - With continuous monitoring of over 12 million companies, SecurityScorecard grounds its analysis in a consistent cybersecurity data-driven approach to deliver a real-time view of risk.
  • Contextualized view of cyber risk - SecurityScorecard directly ties financial impact to the security issues that drive losses.
  • Multiple risk quantification frameworks– Multiple risk frameworks are integrated into the CRQ capabilities to ease the evaluation and implementation of CRQ.

About SecurityScorecard
Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base.

Spotlight

In today’s era of multi-vector attacks, IT security for retail requires more than blocking threats at the perimeter. Cutting-edge IT managers are now adopting a multilayer security blueprint to detect intrusions inside the network. Find out how you can do the same for your retail environment.

Spotlight

In today’s era of multi-vector attacks, IT security for retail requires more than blocking threats at the perimeter. Cutting-edge IT managers are now adopting a multilayer security blueprint to detect intrusions inside the network. Find out how you can do the same for your retail environment.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

SentinelOne and Perception Point Partner for Unparalleled Advanced Threat Protection and Rapid Remediation Across Principal Attack Vectors

Perception Point | September 30, 2022

Perception Point, a leading provider of advanced threat protection across digital channels, today announced that it has partnered with SentinelOne, an autonomous cybersecurity platform company, to provide customers unparalleled advanced threat detection and rapid remediation across enterprise endpoints, email, and cloud collaboration channels. SentinelOne Singularity XDR unifies prevention, detection, and response into a single platform driven by patented machine learning and intelligent automation. Perception Point isolates, detects and remediates all threats across the organization's main attack vectors, including email and cloud collaboration channels, from a single platform. Perception Point's integration with SentinelOne offers users the unique ability to simplify and consolidate protection across these attack vectors, and rapidly remediate any threat autonomously across them. Joint customers benefit from: Rapid remediation with additional triage from Perception Point's managed Incident Response service Reduced workloads on the SOC team by up to 75%, simplifying and shortening containment time Full visibility into attacks across the endpoint, email, and cloud collaboration apps "The threat landscape is only becoming more complex with attacks threatening organizations across multiple vectors. "We're excited to partner with SentinelOne to protect users from all threat types across their most used communication channels - endpoints, email, cloud collaboration apps, and cloud storage. The integration consolidates and simplifies threat prevention and remediation, boosting our customers' security posture while reducing the SOC team's workloads." Orit Shilvock, VP Sales at Perception Point "SentinelOne is committed to enabling choice and flexibility for our customers with Singularity Marketplace," said Ruby Sharma, Head of Technology Ecosystem, SentinelOne. "Partnering with Perception Point brings together leading detection and response capabilities to address threats across endpoint, email, cloud and collaboration attack surfaces." Perception Point's advanced threat protection solution is now available on the SentinelOne Singularity Marketplace. About Perception Point Perception Point is a Prevention-as-a-Service company for the fastest and most accurate next-generation detection and response to all attacks across email, cloud collaboration channels, and web browsers. The solution's natively integrated incident response service acts as a force multiplier to the SOC team, reducing management overhead, improving user experience and delivering continuous insights; providing proven best protection for all organizations. Deployed in minutes, with no change to the enterprise's infrastructure, the patented, cloud-native and easy-to-use service replaces cumbersome legacy systems to prevent phishing, BEC, spam, malware, Zero-days, ATO, and other advanced attacks well before they reach end-users. Fortune 500 enterprises and organizations across the globe are preventing content-borne attacks across their email and cloud collaboration channels with Perception Point. About SentinelOne SentinelOne is pioneering autonomous cybersecurity to prevent, detect, and respond to cyber attacks faster and with higher accuracy than ever before. Our Singularity XDR platform protects and empowers leading global enterprises with real-time visibility into attack surfaces, cross-platform correlation, and AI-powered response. Achieve more capability with less complexity.

Read More

DATA SECURITY, PLATFORM SECURITY, SECURITY AUDIT AND COMPLIANCE

Skybox Security Unveils Industry's First SaaS Solution for Security Policy and Vulnerability Management Across Hybrid Environments

Skybox Security | October 12, 2022

Skybox Security today announced the next generation of its award-winning Security Posture Management Platform – including the industry's first Software-as-a-Service (SaaS) solution for Security Policy and Vulnerability Management. Propelling its global customer base into the next era of proactive cybersecurity, major innovations advance its platform that continuously tests attack feasibility, exposure, remediation options, and compliance across hybrid environments. "Today, we're delivering on our mission of building the world's leading Security Posture Management platform. "Skybox equips customers with the hybrid network modeling, path analysis, and automation they need to reduce the risk of a significant data breach by 55%. Our latest innovations are significant for customers that deploy on-prem, as well as customers that will benefit from our new SaaS solution. The new Skybox Cloud Edition offering capitalizes on the speed, scale, innovation, and productivity benefits powered by the cloud to drive the pursuit of broader digital business opportunities." Skybox Security CEO and Founder Gidi Cohen Expansion into Cyber Asset Attack Surface Management Challenging the status quo through a dynamic, fresh approach to Cyber Asset Attack Surface Management (CAASM), Skybox visualizes all assets through API integrations, identifies and prioritizes vulnerabilities using proprietary threat intelligence, sees gaps in security controls, and automatically provides remediation options. In addition, significant advancements to the proprietary Skybox network model enable customers to dynamically model operational technology, IT, and hybrid cloud environments – including all networking and security data related to a specific asset. According to Gartner Research: "CAASM enables security teams to improve basic security hygiene by ensuring security controls, security posture, and asset exposure are understood and remediated. Organizations that deploy CAASM reduce dependencies on homegrown systems and manual collection processes, and remediate gaps either manually or via automated workflows. Organizations can visualize security tool coverage, support attack surface management (ASM) processes, and correct systems of record that may have stale or missing data."1 Industry's first solution to automatically map vulnerabilities to malware type Skybox also introduced the industry's first Security Posture Management solution that connects Vulnerability Management with Threat Hunting. Building on its Exposure Management process that emphasizes publicly known vulnerabilities and identifies control gaps, Skybox now also associates vulnerabilities to malware by name, category, and distinct classes – including ransomware, Remote Access Trojans (RATs), botnets, cryptocurrency miners, trojans, and more. "Executives and board members want to know if their cybersecurity teams are staying ahead of the latest celebrity malware such as TrickBot, REMCOS, FormBook, AZORult, Ursnif, Agent Tesla, and NanoCore," said Ran Abramson, Threat Intelligence Analyst, Skybox Research Lab. "Powered by Skybox threat intelligence, CISOs have automated analysis that can prove they retired millions of malware and exploits. No other cybersecurity solution can provide customers with our advanced vulnerability prioritization and threat trend reporting." Expanded integrations eliminate complexity, reduce administrative burden, and provide more effective cybersecurity With over 150 integrations, Skybox Security is the only solution that builds an extensive model of a customer's unique hybrid environment, including all of the customer’s L3 devices. Expanded integrations include: Amazon Web Services (AWS): Expanded cloud capabilities include support of AWS firewalls in distributed mode. Reduce risk while validating compliance by eliminating permissive, obsolete, shadowed, and redundant rules. Cisco Application Centric Infrastructure (ACI): Adding new capabilities to its Cisco ACI integration, Skybox now delivers granular visibility into ACI Fabric tenants across spanning networking, micro-segmentation policies, and device attributes. Palo Alto Networks Prisma Cloud: Furthering its commitment to shift-left security practices, vulnerabilities in container images across DevOps toolchains can now be identified and prioritized for remediation via the Skybox multi-factor risk scoring algorithm. Skybox Cloud Edition accelerates customer value with increased flexibility, scalability, business agility, and resiliency Skybox Cloud Edition delivers the capabilities of the Skybox Security Posture Management Platform in a Software-as-a-Service (SaaS) offering to unlock additional business agility and resiliency benefits. First SaaS solution for Security Policy Management: Leapfrogging the competition, Cloud Edition capabilities reduce software installation maintenance tasks. Streamlined licensing and deployment are designed to meet customer demand. Advanced Vulnerability and Exposure Management: With the industry's most flexible deployment options for Vulnerability and Exposure Management (both on-premises and SaaS versions), customers can select the deployment model that aligns with their corporate and regulatory requirements. Limitless scalability: Manage security policies, prioritize vulnerabilities, and remediate exposures across the most complex on-premises, cloud, operational technology (OT), and hybrid environments. Automate, verify, and operationalize risk reduction. Faster deployment options: Cuts deployment time and reduces the need for procuring hardware, performing testing, and installing updates – enabling customers to unlock value faster. Customers with vast, global environments will reap huge benefits due to the size and diversity of their attack surface. Instant automatic updates: Customers benefit immediately from the latest product innovations and platform updates. Upgrades are much less disruptive, with no need for change management resources. Seamless, automated upgrades are critical given the dynamic threat and regulatory landscapes. Guaranteed availability: The solution is hosted in AWS for outstanding stability, performance, and guaranteed availability. Additionally, 24/7 monitoring of the tenants, across both the Network Operations Center (NOC) and Security Operations Center (SOC), maintains optimal network performance and performs real-time analysis for continuous threat mitigation. About Skybox Security Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics, and automation to quickly map, prioritize and remediate vulnerabilities across your organization. The vendor-agnostic solution intelligently optimizes security policies, actions, and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected.

Read More

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Swimlane Launches First Comprehensive Security Automation Ecosystem for OT Environments

Swimlane | November 15, 2022

Swimlane, the low-code security automation company, today announced the formation of the first operational technology (OT) security automation solution ecosystem tailored to meet the combined OT and IT security requirements within critical infrastructure environments. The Biden Administration designated November as Critical Infrastructure Security and Resilience Month, drawing attention to the need for “fortifying our information technology and cybersecurity across sectors.” As cyber threats grow in frequency and severity, security operations teams within industrial organizations are regularly targeted due to the importance of their systems and infrastructure. Given the limited resources at their disposal, security teams within these organizations are struggling to keep up with rapidly evolving threats. The cybersecurity skills gap poses a particularly difficult challenge for organizations with OT environments due to the unique skill set required to navigate the convergence of OT and IT technologies. This is where modern Security Orchestration, Automation and Response (SOAR) plays an instrumental role. “Our public utilities and critical infrastructure face unique cybersecurity challenges to detect and respond to the convergence of threats targeting their combined OT and IT environments, and cyber-physical systems. “Swimlane is bringing together the best of OT security with our extensible security automation platform to create a robust system of record and control for security operations teams to more quickly process large amounts of security telemetry without needing more resources to defend against breaches.” Cody Cornell Co-founder and Chief Strategy Officer of Swimlane Swimlane’s security automation ecosystem for OT environments currently includes the following: Nozomi Networks for OT and IoT Security: Swimlane and Nozomi Networks, the leader in OT and IoT security, also announced today a technology integration that combines low-code security automation with OT and Internet of Things (IoT) security. The combined solution makes it possible for industrial and critical infrastructure security operations to maintain continuous asset compliance and mitigate the risks of attacks from combined OT and IT entry points. Dataminr Tackles Physical Risk: Swimlane’s integration with Dataminr leverages automated processes to mitigate risks and warn at-risk employees as soon as possible to ensure their safety. The cyber-physical threat response solution saves organizations crucial minutes when connecting with staff members who might be affected by a natural disaster, accident, or social unrest, or other types of physical risk. 1898 & Co. for Managed Threat Detection: 1898 & Co., a preeminent industrial control system (ICS) cybersecurity solutions provider, has selected Swimlane as the core automation platform for their managed threat detection services. These services include the detection of both OT and IT-born threats, machine-speed threat validation and scoring, and rapid remediation of threats using OT response methods. “Security teams chartered with protecting OT environments are struggling to keep pace with emerging threats given their limited resources,” said Joshua Magady, Practice Technical Lead at 1898 & Co. “As cyberattacks on critical infrastructure continue to rise and the cybersecurity skills shortage prevails, we are excited to be working with Swimlane to provide automation solutions that give these important organizations the tools to defend against rising cyber threats effectively.” Working with each technology partner, Swimlane will develop a portfolio of pre-integrated solutions that customers can quickly deploy either through managed services or add to their existing environment. About Swimlane Swimlane is the leader in cloud-scale, low-code security automation. Swimlane unifies security operations in-and-beyond the SOC into a single system of record that helps overcome process and data fatigue, chronic staffing shortages, and quantifying business value. The Swimlane Turbine platform combines human and machine data into actionable intelligence for security leaders.

Read More