DATA SECURITY

SecurityScorecard Research Reveals Cyber Vulnerabilities Pose a Threat to U.S. Maritime Security

SecurityScorecard | December 21, 2021

SecurityScorecard, the global leader in cybersecurity ratings, today released a new report on the U.S. shipping industry, "Proactive Security Measures for Global Maritime Shipping." The research found that high severity cyber vulnerabilities pose a big risk to U.S. maritime security, especially ahead of a busy holiday season.

In December 2021, SecurityScorecard conducted an analysis of the cybersecurity health of 100 global shipping container companies compared to the Forbes Global 2000 companies, finding that:

  • Overall, the cybersecurity risk posture of the shipping industry was better than the Forbes Global 2000, but the shipping industry did not perform higher in every risk group factor
  • The largest risks to the sector include vulnerabilities in application security, irregular patching cadence, and network security
  • Data breach percentages for shipping container companies increased from 2018 through 2021, indicating that the industry may be an increasingly attractive target for malicious cyber actors during the 2021 winter holiday season
  • Shipping container companies initially did better than the Forbes Global 2000 until April 2020, when high-profile attacks sank the industry average. Since mid-2020, shipping container companies have continued to struggle to build resilience in their cybersecurity and have not yet returned to their pre-2020 breach scores.

Global supply shortages and shipping disruptions brought on by the COVID-19 pandemic pose a threat to U.S maritime security and threaten to disrupt the holiday gift-giving season. The maritime shipping network, which is responsible for 90% of the global trade, has gone from being a fast and cost-effective system to one plagued by delays, clogged shipping lanes, and exorbitant prices.

"The shipping and maritime industry is already strained and taxed by the pandemic and resulting supply chain backlog,A potential cyber incident in the shipping industry could have catastrophic effects on people and businesses all across the world. This research is a key indicator that the industry should continue to keep a focus on cyber resilience through continuous monitoring."

Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard

SecurityScorecard continuously monitors millions of entities world-wide, and non-intrusively assesses their security posture across ten risk categories, including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. This instantly delivers an easy-to-understand "A" through "F" security rating.

About SecurityScorecard
Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Spotlight

For the third consecutive year, Keyfactor and The Ponemon Institute have collaborated on the State of Machine Identity Management report —an in-depth look at the role of PKI and machine identities in establishing digital trust and securing modern enterprises. This year’s report provides an analysis of 1,280 survey responses from

Spotlight

For the third consecutive year, Keyfactor and The Ponemon Institute have collaborated on the State of Machine Identity Management report —an in-depth look at the role of PKI and machine identities in establishing digital trust and securing modern enterprises. This year’s report provides an analysis of 1,280 survey responses from

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tenable Enhances Tenable OT Security to Provide the Broadest Coverage

Tenable | March 13, 2023

Tenable®, the Exposure Management company, announced unveiling new features within Tenable OT Security, delivering greater protection for operational technology (OT), industrial control systems and critical infrastructure, regardless of deployment size or environment configuration. The new feature keeps the CISO's organization front and center, making it easier to protect and maintain governance of the whole attack surface using the same tools and processes throughout their infrastructure, whether IT, OT, IoT, the cloud, or other platforms. Tenable is ideally positioned to assist its customers in meeting their security needs by offering an all-encompassing solution for securing mixed environments. This latest update enhances Tenable OT Security's vulnerability detection capabilities with an improvement to the OT active scanner and a tighter integration with Tenable's Nessus, the market-leading vulnerability scanning solution. Tenable OT Security now provides companies with unparalleled scanning capabilities by leveraging the technology relied upon by over 40,000 security teams worldwide. Key new capabilities include: Increased Asset Discovery and Visibility Advanced Vulnerability and Threat Detection Enhanced Dashboards and Reporting Amir Hirsh, General Manager of OT Security, Tenable, said, "We consistently hear from CISOs that they have been tasked with security for mixed environments that include both OT and IT technologies, but they don't have the requisite visibility to secure either well. The new capabilities added to Tenable OT Security provide our customers with full visibility, security and control of all their environments and assets, in one consolidated view." He added, "Now, our customers can leverage the full strength of Tenable OT active scanning, tightly integrated with embedded Nessus scans for IT assets, to create a clear view of all assets, their vulnerabilities, risk score, attack path analysis and more." (Source – Globe Newswire) This most recent upgrade also includes product localization abilities for Japanese, Chinese, French, and German, reducing training and support expenses for businesses operating in non-English speaking regions. About Tenable Headquartered in Columbia, MD, Tenable® is a leading company for Exposure Management. Tenable is relied upon by about 43,000 enterprises worldwide to comprehend and mitigate cyber risk. As the originator of Nessus®, Tenable leveraged its experience in vulnerabilities to provide the world's first platform capable of identifying and securing any digital asset on any computer platform. Over sixty percent of the Fortune 500, forty percent of the Global 2000, and significant government bodies are prospective clients of Tenable.

Read More

DATA SECURITY, ENTERPRISE SECURITY

Sonatype Launches New Partner Acceleration Program to Help Partners Scale and Secure their Customers’ Software Supply Chains

Globenewswire | April 04, 2023

Sonatype, the pioneer of software supply chain management, today announced the launch of its Partner Acceleration Program. This new program framework delivers a wider range of benefits and increased go-to-market value for Sonatype Solution Providers, Global System Integrators and Technology Integration Alliances. With the initial program launch, Sonatype has formalized its partner benefits for Solution Providers delivering Sonatype technology and services, ranging from design support to on-premises and cloud platform integration. “The open source intelligence and security that Sonatype’s platform provides across the entire software development life cycle is second to none,” said Allen Talbott, Vice President of Sales at Saltworks Security. “Our long-time partnership with Sonatype has been incredibly valuable in growing our business, securing new clients, and giving our customers the information, tools, and software supply chain guidance they need to transform their development processes and build world-class application security programs.” Ninety-one percent of organizations have adopted or have plans to adopt a digital-first business strategy. As the digital landscape becomes increasingly dangerous and complex, software supply chain management and security is critical to the digital transformation and success of today's businesses. Sonatype is on a mission to empower every engineering team with intelligence to create and maintain secure, quality and innovative software at scale. The new Sonatype Partner Acceleration Program features an ecosystem of technically certified solution providers, system integrators, and technology alliances that share this same vision, enabling organizations to scale and secure their application development processes while propelling growth. “Software supply chain management remains a critical piece to securing the applications our customers develop and maintain over time,” said Joey Campione, President at Opticca Security. “Sonatype’s platform continues to deliver consistent results, reliability and increases overall developer productivity, providing our customers with what they need to continue to innovate at an accelerated pace. As a strategic partner, Sonatype’s solutions and support has been integral to scaling our business, and we anticipate that the new partner program will only amplify this further.” Sonatype partners report higher win rates, increased profits, and more opportunities to build new revenue streams. With the Sonatype Partner Acceleration Program, Solution Providers receive structured tiers of benefits that support increased time to value and customer growth. As partners grow their business with Sonatype, they have access to increasing program benefits and exclusive resources, including dedicated partner managers, co-branded marketing materials, technical support, event opportunities, and more. “This is an incredible time of growth for our Sonatype partner ecosystem. The demand for software supply chain management solutions continues to skyrocket as organizations increasingly recognize the need to understand the open source their applications depend on,” said Bruce Gordon, Senior Vice President of Global Channel Sales & Alliances at Sonatype. “We have an outstanding community of partners from across the globe providing industry-leading services and technologies. We’re excited to now provide this partner community with additional benefits designed to increase the value and delivery speed of safe and secure open source software.” ABOUT SONATYPE Sonatype is the software supply chain management company. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code, and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers already rely on our tools and guidance to help them deliver and maintain exceptional and secure software.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Trellix Expands AWS Integrations to Provide Greater Data Security to Cloud Infrastructure Customers

Businesswire | May 02, 2023

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today announced expanded support for Amazon Security Lake from Amazon Web Services (AWS), designed to automatically centralize security data from cloud, on-premises, and custom sources into a purpose-built data lake. This offering is designed to enable simpler and faster delivery of Trellix XDR solutions along with increased data privacy for AWS customers. Trellix’s expanded support for Amazon Security Lake allows AWS customers to integrate their security data lake into the Trellix XDR security operations platform while also using the Open Cybersecurity Schema Framework (OCSF). Amazon Security Lake is a service that automatically centralizes an organization’s security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account so customers can act on security data faster. In addition, the OCSF schema enables Trellix customers to combine hundreds of data sources with Amazon Security Lake data. As a result, AWS and Trellix customers can seamlessly apply Trellix machine learning (ML), threat intelligence, and predictive analytics to gain important insights that allow for deeper detection and faster threat mitigation. “The amount of data available to any enterprise today is staggering,” said Britt Norwood, Senior Vice President, Global Channels & Commercial at Trellix. “Without a way to centralize the management and storage of that data, it’s difficult for customers to glean the insights needed to keep data safe. Our integration with Amazon Security Lake provides customers with more centralized visibility and quick resolution of their security issues.” “With security at the forefront, we are relentlessly focused on innovating to deliver new ways to help customers secure their cloud environments,” said Rod Wallace, General Manager for Amazon Security Lake at AWS. “Customers who leverage Amazon Security Lake and Trellix can collect a wide spectrum of security logs and findings in Amazon Security Lake and send them to Trellix for advanced analytics and incident response.” Trellix for Amazon Security Lake: Through new combined capabilities, customers can share security events across Trellix XDR and their Amazon Security Lake, getting complete detection and response capabilities for their AWS environments. By consolidating their security alerts into Amazon Security Lake using OCSF, security teams can spend their time protecting environments instead of performing the undifferentiated heavy lifting of managing their security data. Trellix and OCSF: Trellix is proud to be a contributing member to the opensource OCSF community which has built a framework promoting interoperability and data normalization between security products. Joining OCSF promotes collaboration with other industry organizations, further benefiting customers and the broader cybersecurity community. “Working with Trellix and AWS has made it so easy for us to manage analysis supporting our Hive-IQ platform,” said Laura Nolan, Executive Vice President, TeamWorx Security. “We are continuously impressed with how Trellix and AWS deliver new and innovative ways to help us stay secure within our cloud environments.” About Trellix Trellix is a global company redefining the future of cybersecurity and soulful work. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security. More at https://trellix.com.

Read More