Home > News > featured news > Sevco Security Introduces First Cybersecurity Asset Attack Surface Dashboards

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Sevco Security Introduces First Cybersecurity Asset Attack Surface Dashboards

Sevco Security | December 14, 2022 | Read time : 03:50 min

Sevco Security Introduces First Cybersecurity Asset Attack
Sevco Security, the cloud-native security asset intelligence platform for enterprises that want an accurate IT inventory, today introduced the industry’s first cybersecurity asset attack surface analytics dashboards. The new dashboards extend the Sevco platform to give CISO and IT leaders deep insights into the security coverage and state of their IT assets, enabling security teams to identify and eliminate security gaps in the enterprise cyberattack surface.

Enterprise environments increasingly include a wide range of hardware, software, mobile devices, cloud infrastructure, and other IT assets as the fundamental backbone for operating the business and engaging with customers. However, with management of assets often spread across departments and geographies, it has become increasingly difficult for executive leadership to understand the security state of all their assets and to maintain accuracy in a dynamic environment. Equally challenging is the inability to gain insights into abandoned or stale IT assets to effectively mitigate the security risks that they introduce.

Complex enterprise environments are increasingly experiencing incomplete security coverage with upwards of 19% of assets that have missing or stale security controls like endpoint protection and patch management. The new Sevco Security dashboards fill a critical gap in cybersecurity attack surface management by providing context-based analysis of enterprise-wide assets that surfaces risks associated with IT hygiene, compliance, and policy enforcement.

“As organizations innovate and expand their asset footprint, they must have seamless visibility into the security state of their assets because they cannot manage what they cannot measure. “Sevco Security delivers the critical data for CISOs to thoroughly understand their cybersecurity asset attack surface and confidently report their defensive security posture to the board.”

J.J. Guy, co-founder and CEO of Sevco Security

With the new expansion to its platform, Sevco Security provides customers with data rich and customizable dashboard reports, including:

  • Security coverage:
Provides critical insights on asset security controls, allowing customers to identify gaps in coverage and proactively protect the previously unknown attack surface. This also empowers companies to manage internal governance and regulatory compliance requirements to monitor and validate that their security investments are fully deployed.
  • Asset snapshots:
Captures the detailed attributes of the assets across the infrastructure, such as IP address, user, and operating system so customers can quickly see the state of any device at any point of time. With asset snapshots, incident response and IT team members can quickly identify when an asset change occurred and manage decisions on restoring an asset to a previous state.
  • Timeline trending:
Enterprise assets are tracked on a daily trendline empowering IT and security leaders to gain context of what’s typical for their environment and to readily view spikes and outlier activity. Out-of-the-box trending data is automatically captured for total devices, new devices, inactive devices in the last 15 days, total users, and new users.
  • Custom, interactive dashboards:
In addition to the pre-built dashboards, users can create and save unlimited queries on their asset telemetry to produce customized insights dashboards. This puts asset data analysis at users’ fingertips, providing an easy way to obtain tailored insights in a top-level dashboard. All dashboards are interactive, allowing users to ‘click’ and drill deeper into the data for pinpoint clarity on a particular area of interest.

Complex asset environments are a normal operating fabric for businesses. Sevco Security is dedicated to helping organizations capture a comprehensive view of their asset ecosystem and readily identify and address any security risks they pose. The new cybersecurity asset attack surface dashboards are now available to customers.

About Sevco
Sevco Security is the cloud-native security asset management platform for enterprises that require an accurate IT inventory. Its patented telemetry technology creates a unified inventory that is updated continuously to deliver real-time asset intelligence and help security and IT teams identify and close their previously unknown security gaps. Founded in 2020 and based in Austin, Texas, Sevco is backed by SYN Ventures, .406 Ventures, Accomplice and Bill Wood Ventures.

Spotlight

How to Prepare For & Respond to Ransomware in Operational Technology Environments

Targeted intrusions for gaining long-term access and collecting data about industrial control systems (ICS) are becoming much more frequent. Many of these attacks are about understanding the network and preparing for future activities without causing any immediate impact. The most recent Dragos Year in Review6 report shows that the ransomware groups Lockbit 2.0 and Conti were responsible for more than half of the observed ransomware attacks in industrial environments in 2021, and that these instances resulted in actions on objectives. These attacks have been observed in almost every industrial vertical, primarily targeting small to medium-sized organizations in manufacturing.

More featured news

Spotlight

How to Prepare For & Respond to Ransomware in Operational Technology Environments

Targeted intrusions for gaining long-term access and collecting data about industrial control systems (ICS) are becoming much more frequent. Many of these attacks are about understanding the network and preparing for future activities without causing any immediate impact. The most recent Dragos Year in Review6 report shows that the ransomware groups Lockbit 2.0 and Conti were responsible for more than half of the observed ransomware attacks in industrial environments in 2021, and that these instances resulted in actions on objectives. These attacks have been observed in almost every industrial vertical, primarily targeting small to medium-sized organizations in manufacturing.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

SlashNext Introduces Generative AI Solution for Email Security

SlashNext | March 01, 2023

On February 28, 2023, SlashNext, a leading SaaS-based Integrated Cloud Messaging Security solutions provider across web, email and mobile, announced the release of Generative HumanAI™, the industry's first artificial intelligence solution using generative AI to defend against advanced business email compromise (BEC), executive impersonation, supply chain attacks, and financial fraud. Adding Generative HumanAI ensures that customers have peace of mind, despite threat actors utilizing widely available AI tools to aid their efforts. The solution already has a 99.9% detection rate with its existing AI capabilities. Generative HumanAI predicts vast numbers of potential AI-generated BEC threats by utilizing AI data augmentation and cloning technologies to evaluate a core threat and then produce thousands of other versions of that same core threat, which allows the system to train itself on possible variations. This new solution joins SlashNext's existing HumanAI capabilities, which imitate human threat researchers by combining computer vision, natural language processing, and machine learning with relationship graphs and deep contextualization to thwart sophisticated multichannel messaging attacks. Features of HumanAI consist: Relationship Graphs & Contextual Analysis establish a baseline of known-good writing styles and communication patterns for each employee and supplier to detect unusual conversation and communication styles. BEC Generative AI Augmentation automatically generates thousands of new BEC variants from today's threat to stop tomorrow's attacks. Natural Language Processing analyzes text in the email body and attachments for tone, emotion, topic, intent and manipulation triggers related to social engineering tactics. Computer Vision Recognition leverages SlashNext's LiveScan™ to inspect URLs in real-time for any visual divergence, such as layouts and images, to detect credential phishing webpages. Sender Impersonation Analysis evaluates headline details and email authentication results to stop impersonation attacks. File Attachment Inspection analyzes social engineering traits of attachments and malicious codes to stop ransomware. SlashNext has been developing this patent-pending solution internally for over two years and is at the forefront of multichannel messaging security. Its threat researchers recognized that generative AI would soon change the face of BEC attacks. About SlashNext SlashNext is a leading cloud-based messaging security solutions provider to safeguard against malicious messages across all digital channels. Its integrated messaging security platform, called SlashNext Complete™, is equipped with patented HumanAI™ technology having a detection accuracy rate of 99.9% and is capable of detecting real-time threats across various messaging channels such as mobile, email and web-based messaging applications like LinkedIn, M365, Gmail, WhatsApp, Slack, Telegram, Teams, and others. By taking advantage of SlashNext's Integrated Cloud Messaging Security, businesses can safeguard their sensitive information from data theft and financial fraud breaches. The company's solution is designed to detect and prevent zero-hour threats in real-time to ensure their customers' highest level of security.

Read More

INFOSEC PROJECT MANAGEMENT,PLATFORM SECURITY,SOFTWARE SECURITY

NowSecure Unveils Its Latest Offering, Mobile Pen Testing-as-a-Service (PTaaS)

NowSecure | January 03, 2023

NowSecure, the leader in standards-based mobile app security and privacy software, announced the introduction of its latest solution, NowSecure Mobile Pen Testing as a Service (PTaaS), which will bridge the gap between manual and automated mobile security assessments for continuous security. NowSecure PTaaS is designed to provide mobile developers and security teams with a more cost-effective and efficient pen testing solution. The solution combines periodic expert manual assessments with continuous automated testing to optimize comprehensive coverage at a higher frequency. With this combination, the all-inclusive portal and service can instantly discover concerns early in the developer pipeline, provide consulting help to repair security issues promptly, and accelerate the release of high-quality software into production. As organizations struggle with tightening budgets in conjunction with an increased threat of mobile cyber assaults, there is an industry demand for a cost-effective, higher-coverage, higher-frequency, mobile AppSec testing solution. "According to Coalfire and NowSecure's 4th Annual Penetration Risk Report, 99% of mobile applications pose security or privacy threats." By integrating NowSecure's latest offering, Mobile PTaaS, CISOs and security leaders can optimize their budget for penetration testing while prioritizing continuous, comprehensive security testing. The NowSecure Mobile PTaaS cloud-based platform, built on tens of thousands of pen tests and over 12 years of mobile application security experience, provides a comprehensive set of automatic, continuous, and manual assessments, including: Expert pen testing periodically depending on the specific demand and timeline On-demand and continuous security testing is built into the CD/CI and dev toolchains Automatic ticket generation with incorporated remedial resources Consultation with an experienced pen tester on remediation Optional industry standard(s) certifications and validations All-in-one SAST, IAST, DAST, APISec, and SBOM Simple-to-use dedicated SaaS platform About NowSecure A Chicago-based mobile security company, NowSecure safeguards the worldwide mobile app economy as the leading authority in standards-based mobile application privacy and security automation. The company is trusted by the most demanding enterprises for its comprehensive security testing solution package for DevSecOps, mobile app supply-chain monitoring, Pen Testing as a Service (PTaaS), professional mobile pen testing, and training courseware. NowSecure actively contributes to and supports the open-source mobile security community, industry standards, and certifications such as ADA MASA, OWASP MASVS, NIAP, ioXt, and others. The firm is SOC 2-certified and has been recognized by Gartner, IDC, TAG Cyber, and Deloitte Fast 500.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BIgID Introduces Secrets Detection Capabilities to Mitigate Risk

BigID | March 17, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors. With BigID's native secrets detection capabilities, organizations can: Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment Detect secrets faster and more accurately using patented AI and ML-based data classification techniques Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure "Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

SlashNext Introduces Generative AI Solution for Email Security

SlashNext | March 01, 2023

On February 28, 2023, SlashNext, a leading SaaS-based Integrated Cloud Messaging Security solutions provider across web, email and mobile, announced the release of Generative HumanAI™, the industry's first artificial intelligence solution using generative AI to defend against advanced business email compromise (BEC), executive impersonation, supply chain attacks, and financial fraud. Adding Generative HumanAI ensures that customers have peace of mind, despite threat actors utilizing widely available AI tools to aid their efforts. The solution already has a 99.9% detection rate with its existing AI capabilities. Generative HumanAI predicts vast numbers of potential AI-generated BEC threats by utilizing AI data augmentation and cloning technologies to evaluate a core threat and then produce thousands of other versions of that same core threat, which allows the system to train itself on possible variations. This new solution joins SlashNext's existing HumanAI capabilities, which imitate human threat researchers by combining computer vision, natural language processing, and machine learning with relationship graphs and deep contextualization to thwart sophisticated multichannel messaging attacks. Features of HumanAI consist: Relationship Graphs & Contextual Analysis establish a baseline of known-good writing styles and communication patterns for each employee and supplier to detect unusual conversation and communication styles. BEC Generative AI Augmentation automatically generates thousands of new BEC variants from today's threat to stop tomorrow's attacks. Natural Language Processing analyzes text in the email body and attachments for tone, emotion, topic, intent and manipulation triggers related to social engineering tactics. Computer Vision Recognition leverages SlashNext's LiveScan™ to inspect URLs in real-time for any visual divergence, such as layouts and images, to detect credential phishing webpages. Sender Impersonation Analysis evaluates headline details and email authentication results to stop impersonation attacks. File Attachment Inspection analyzes social engineering traits of attachments and malicious codes to stop ransomware. SlashNext has been developing this patent-pending solution internally for over two years and is at the forefront of multichannel messaging security. Its threat researchers recognized that generative AI would soon change the face of BEC attacks. About SlashNext SlashNext is a leading cloud-based messaging security solutions provider to safeguard against malicious messages across all digital channels. Its integrated messaging security platform, called SlashNext Complete™, is equipped with patented HumanAI™ technology having a detection accuracy rate of 99.9% and is capable of detecting real-time threats across various messaging channels such as mobile, email and web-based messaging applications like LinkedIn, M365, Gmail, WhatsApp, Slack, Telegram, Teams, and others. By taking advantage of SlashNext's Integrated Cloud Messaging Security, businesses can safeguard their sensitive information from data theft and financial fraud breaches. The company's solution is designed to detect and prevent zero-hour threats in real-time to ensure their customers' highest level of security.

Read More

INFOSEC PROJECT MANAGEMENT,PLATFORM SECURITY,SOFTWARE SECURITY

NowSecure Unveils Its Latest Offering, Mobile Pen Testing-as-a-Service (PTaaS)

NowSecure | January 03, 2023

NowSecure, the leader in standards-based mobile app security and privacy software, announced the introduction of its latest solution, NowSecure Mobile Pen Testing as a Service (PTaaS), which will bridge the gap between manual and automated mobile security assessments for continuous security. NowSecure PTaaS is designed to provide mobile developers and security teams with a more cost-effective and efficient pen testing solution. The solution combines periodic expert manual assessments with continuous automated testing to optimize comprehensive coverage at a higher frequency. With this combination, the all-inclusive portal and service can instantly discover concerns early in the developer pipeline, provide consulting help to repair security issues promptly, and accelerate the release of high-quality software into production. As organizations struggle with tightening budgets in conjunction with an increased threat of mobile cyber assaults, there is an industry demand for a cost-effective, higher-coverage, higher-frequency, mobile AppSec testing solution. "According to Coalfire and NowSecure's 4th Annual Penetration Risk Report, 99% of mobile applications pose security or privacy threats." By integrating NowSecure's latest offering, Mobile PTaaS, CISOs and security leaders can optimize their budget for penetration testing while prioritizing continuous, comprehensive security testing. The NowSecure Mobile PTaaS cloud-based platform, built on tens of thousands of pen tests and over 12 years of mobile application security experience, provides a comprehensive set of automatic, continuous, and manual assessments, including: Expert pen testing periodically depending on the specific demand and timeline On-demand and continuous security testing is built into the CD/CI and dev toolchains Automatic ticket generation with incorporated remedial resources Consultation with an experienced pen tester on remediation Optional industry standard(s) certifications and validations All-in-one SAST, IAST, DAST, APISec, and SBOM Simple-to-use dedicated SaaS platform About NowSecure A Chicago-based mobile security company, NowSecure safeguards the worldwide mobile app economy as the leading authority in standards-based mobile application privacy and security automation. The company is trusted by the most demanding enterprises for its comprehensive security testing solution package for DevSecOps, mobile app supply-chain monitoring, Pen Testing as a Service (PTaaS), professional mobile pen testing, and training courseware. NowSecure actively contributes to and supports the open-source mobile security community, industry standards, and certifications such as ADA MASA, OWASP MASVS, NIAP, ioXt, and others. The firm is SOC 2-certified and has been recognized by Gartner, IDC, TAG Cyber, and Deloitte Fast 500.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BIgID Introduces Secrets Detection Capabilities to Mitigate Risk

BigID | March 17, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors. With BigID's native secrets detection capabilities, organizations can: Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment Detect secrets faster and more accurately using patented AI and ML-based data classification techniques Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure "Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

More featured news