SOFTWARE SECURITY

UL Launches New SafeCyber™ Solution and Platform Features to Address Mounting Security Threats

UL | June 07, 2022

UL
UL, a global safety science leader, today announced the latest enhancements to its product security and compliance life cycle management platform, SafeCyber. Launched last year, SafeCyber aims to democratize product security and empower device manufacturers, suppliers and system integrators to take charge of their connected ecosystems and mitigate growing threats from chip to cloud.

Amid an uptick in supply chain attacks, a shortage of security expertise and a dynamic regulatory environment, UL's new SafeCyber dashboard provides users with a comprehensive view of their product security maturity and projects in one place. SafeCyber also provides an easy-to-use portal to help users discover available device life cycle solutions to better manage and secure their ecosystems.

Through this new dashboard, users can view all their product security testing and evaluation activities in a single, central location. The new feature provides visibility on the security maturity of their product lines and certification readiness to industry standards, including ISA/SAE 21434 and IEC 62443 4-1, among others.

Additionally, UL formally announced Binary Check™, a new SafeCyber platform solution. Binary Check allows users to perform continuous, automated binary code analysis to ensure ongoing security and compliance readiness of connected devices and systems. This new solution includes the ability to generate a software bill of materials (SBOM), detect and manage vulnerabilities for faster remediation and obtain compliance readiness analysis.

"The skyrocketing adoption of connected devices creates countless benefits and opportunities but also leads to an increasingly large and attractive attack vector for bad actors. "As devices become progressively connected, it's challenging for businesses to keep up with growing device and security system complexities, making them vulnerable to ransomware and firmware attacks. Hardening security requires a proactive approach. At UL, we are committed to enabling organizations to innovate and bring products to the marketplace safely and securely. With SafeCyber, customers benefit from a 360-degree view of their security governance and processes to better manage and mitigate product security risks."

David Nosibor, platform solutions lead, Identity Management Security and head of UL's SafeCyber project

About UL
UL is a global safety science leader. We deliver testing, inspection and certification (TIC), training and advisory services, risk management solutions and essential business insights to help our customers, based in more than 100 countries, achieve their safety, security and sustainability goals. We believe our deep knowledge of products and intelligence across supply chains make us the partner of choice for customers with complex challenges.

Spotlight

Founder and CEO of Tag Cyber LLC, Ed Amoroso and AlienVault CTO, Roger Thornton discuss what software defined networking is, why it's so important, and the impact it will have on the way organizations are approaching security.

Spotlight

Founder and CEO of Tag Cyber LLC, Ed Amoroso and AlienVault CTO, Roger Thornton discuss what software defined networking is, why it's so important, and the impact it will have on the way organizations are approaching security.

Related News

SECURITY AUDIT AND COMPLIANCE

Balbix Announces New Integrations with ServiceNow to Further Automate and Improve Cyber Risk Quantification

Balbix | August 09, 2022

Balbix, the leader in cybersecurity posture automation, announced today new integrations with ServiceNow (NYSE: NOW), the leading digital workflow company. As a result of the integrations, customers can automatically augment cyber risk data with business context and integrate remediation efforts with their existing security and IT workflows. CISOs can eliminate thousands of hours from the time required to operationalize cyber risk quantification (CRQ) in dollars and close the gap between cybersecurity and the business. The integration with ServiceNow's configuration management database (CMDB) allows Balbix customers to automatically ingest business context from their CMBD into the Balbix platform and combine it with asset, vulnerability and risk data from their other IT and security tools, and Balbix sensors to create a unified cyber risk model presented in dollars. Data is automatically deduplicated, correlated and inferenced to drastically reduce the manual labor required for teams to add business context to cyber risks, and prioritize and measure them. For example, with the integration businesses can now: Measure and report on the dollar amount of risk by business unit, business leader, asset type, application, regulatory requirement and geographic location (cities, countries, regions). Quantify the dollar amount of risk related to externally facing assets, internal assets, assets that the IT department manages, and assets not managed by the IT department. "Historically, Fortune 500 companies would spend thousands of hours of manual labor mapping business context to their risk data for board reporting, risk analysis and cybersecurity decision making, Our integration with the ServiceNow CMDB, has enabled us to sharply reduce the time needed to quantify cyber risk. With Balbix, CISOs can continuously and automatically map risk to their business hierarchy and prioritize their highest-risk issues for response." Chris Griffith, chief product officer at Balbix. Businesses are struggling to report concrete CRQ results with 62% indicating they cannot calculate their breach risk in monetary terms, according to Balbix's own 2022 State of Security Posture Report. Furthermore, according to the report, 51% of organizations indicated they lack continuous visibility into asset inventories making it difficult to correlate risk with business context, and instead relying on siloed tools, manual workflows, and qualitative analysis to quantify the exposure. "Cyber risk has become a frustrating business risk to manage as leadership teams struggle to accurately quantify their risk and prioritize initiatives to mitigate it, These integrations address the growing needs CISOs have to report on cyber risk in a way that their business leaders can clearly understand, to make the right investments and to remediate their riskiest vulnerabilities faster." Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. In addition to automating advanced CRQ capabilities, the integration with ServiceNow IT Service Management (ITSM) further eliminates manual effort by enabling security teams to create ServiceNow remediation tickets from within Balbix. This enables security and IT teams to increase productivity by using a familiar and shared system for remediation workflow. Moreover, security analysts can create tickets to remediate a vulnerability for a single impacted asset or for a group of assets to specify remediation tasks more efficiently and reduce the mean time to remediate (MTTR) risk issues. About Balbix Balbix enables organizations to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. The Balbix Security Cloud™ platform ingests data from organizations' security and IT tools to understand every aspect of their cybersecurity posture, build a unified cyber risk model and then provide actionable insights for risk reduction. With Balbix, enterprises can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions. A rapidly growing set of Fortune 500 companies trust Balbix as the "brain" of their infosec programs and are realizing the benefits of maximally automated workflows and measurably lower cyber risk. Balbix was ranked #32 on the 2021 Deloitte Fast 500 North America, and has been recognized for innovation by Gartner.

Read More

PLATFORM SECURITY

Vectra Becomes AWS Security Competency Partner

Vectra | June 30, 2022

Vectra AI, a pioneer in threat detection and response, said today that it has been an Amazon Web Services (AWS) Security Competency Partner, proving its technical knowledge and demonstrated customer success when it comes to further protecting AWS environments. The competence designation acknowledges Vectra's strong cloud security experience and proven technology, which assists clients in further enhancing their security measures across hybrid architectures and cloud environments. Vectra's AWS Security Competency distinguishes it as an AWS Partner Network (APN) member that delivers specialized threat detection technologies to assist organizations in adopting, developing, and deploying complex security projects on AWS. To be eligible for this distinction, APN members must have extensive AWS knowledge and be able to offer solutions on AWS effortlessly. Vectra earned AWS Security Competency accreditation after a thorough qualification process based on references and customer feedback. "Becoming an AWS Security Competency Partner is an exciting milestone for Vectra and for many of our customers who leverage AWS as a critical component in their everyday operations. Solving threat detection and response challenges for our customers is top priority and this competency further validates our ability to do that in the cloud and wherever organizations choose to configure their environments." Michael Porat, Vectra SVP, Corporate and Business Development "We are an AWS shop. Using AWS VPC Traffic Mirroring, Vectra gives us full visibility into our Nitro-based instances," said Mirza Baig, IT Security Manager at Municipal Property Assessment Corporation (MPAC). To monitor all infrastructure-as-a-service traffic, the Vectra platform interfaces with AWS Virtual Private Cloud (VPC) traffic mirroring. It also integrates with AWS Security Hub to publish Vectra detections as findings, enabling security teams to correlate Vectra attacker detections with other data sources for faster threat hunting and incident investigations. "Achieving the AWS Security Competency validates Vectra for its technical expertise and ability by enabling customers to further secure their journey through the different stages of cloud adoption—from migration through day-to-day management," said Dudi Matot, Security Segment Lead at AWS.

Read More

PLATFORM SECURITY

ReliaQuest GreyMatter joins Microsoft Intelligent Security Association

ReliaQuest | June 17, 2022

ReliaQuest, a security operations force enhancer, announced today that it has joined the Microsoft Intelligent Security Association (MISA). MISA is an ecosystem of independent software manufacturers and managed security service providers that have linked their products to better guard against an ever-increasing number of threats. "With digital transformation driving migration to Microsoft Azure, it becomes even more critical to have a unified view across an organization’s security infrastructure. Now, with added support for Microsoft Sentinel, Microsoft 365 and Microsoft Defender for Endpoint, ReliaQuest GreyMatter extends visibility across the Microsoft ecosystem. GreyMatter unifies detection, investigation and response to drive security effectiveness and cyber resilience, while allowing the customer to integrate Microsoft Security products at the pace that best suits their organization.” Brian Foster, ReliaQuest Chief Product Officer This partnership makes it simple for Microsoft clients to ingest data and automate activities across any vendor solution, whether on-premises or in one or more clouds. GreyMatter, in conjunction with extensive security operations knowledge, accelerates threat detection and response. This improves the efficiency of current investments, such as the correlation capabilities of Microsoft Sentinel and Microsoft Defender for Endpoint. GreyMatter contextualizes threat research, aggregate customer knowledge, more than 40 open source and commercial security data sources to build a complete, actionable picture of present and upcoming risks. ReliaQuest will continue investing in GreyMatter's integration capabilities with the Microsoft 365 security suite, extending the ReliaQuest aim to "Make Security Possible." Rob Lefferts, Corporate Vice President, Microsoft Defender said that, “Microsoft Intelligent Security Association members, like ReliaQuest, leverage Microsoft’s security products to better defend against cyber security threats with identity and access management, threat protection, information protection and security management.”

Read More