DATA SECURITY

BitSight and Glass Lewis Partner to Expand Investor Understanding of Cybersecurity

BitSight | September 28, 2021

BitSight, the standard in security ratings, and Glass Lewis, the leading provider of independent global governance solutions, today announced a strategic partnership to include critical cybersecurity information – comprised of BitSight Security Ratings, data, and insights – with Glass Lewis' Proxy Paper research reports. Information on 20,000+ companies will be included in an effort to help investors better understand how cybersecurity issues may affect their investments.

Investor concerns around environmental, social, and governance issues continue to rise, leading to closer examinations of management and board effectiveness in addressing these challenges. Failure to adequately manage cyber risk can materially impact a company's revenue and financial performance. BitSight's Security Ratings and data will supply Glass Lewis clients with data-driven, evidence-based cybersecurity intelligence, which, in turn, will provide new visibility into a dimension of company performance and governance.

Investors are mostly in the dark when it comes to the cybersecurity of their investments.Providing Glass Lewis clients with BitSight ratings and data alongside its proxy research reports will deliver the insights necessary to have an enhanced understanding of the efficacy of a company's oversight of cybersecurity risks and outcomes. It's a new era in informing investors about cyber risks.

Steve Harvey, BitSight's chief executive officer.

"The BitSight Security Rating and insights will allow our clients to identify cyber risk exposure, potentially minimizing both reputational risk and long-term financial losses," said Dan Concannon, Glass Lewis Chief Commercial Officer.  "We are excited to include the industry's most respected and widely leveraged Security Rating in our Proxy Paper research reports allowing our clients to address this rapidly expanding risk."

The landscape of governance, especially as it pertains to cyber controls, is changing rapidly and institutions from the United Nations to the Securities and Exchange Commission (SEC) are increasingly focused on market transparency for global investors. Beginning in 2011 with its landmark cybersecurity guidance, the SEC has signaled that cybersecurity is a material business risk requiring consistent, adequate disclosure. The SEC created a cyber enforcement unit in 2017, updated guidance in 2018, and recently levied a series of fines at companies over inadequate disclosures of cybersecurity issues.

Over 1,300 clients, including most of the world's largest pension plans, mutual funds, and asset managers who collectively manage over $40 trillion in assets, use Glass Lewis' research and technology solutions to inform and facilitate their corporate governance activities.

About BitSight
BitSight is transforming the way that the global marketplace addresses cyber risk with cybersecurity ratings and analytics. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and improve national security. With 2,300 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings.

About Glass Lewis:
Glass Lewis is the leading provider of independent global governance solutions. We enable institutional investors and publicly listed companies to make sustainable decisions based in research and data. We cover 30,000+ meetings each year, across approximately 100 global markets. Our customers include the majority of the world's largest pension plans, mutual funds, and asset managers who collectively manage over $40 trillion in assets. Our core solutions include Proxy Paper proxy research and Viewpoint proxy vote management platform.

Spotlight

Moving to the cloud presents challenges for any organisation. Fortunately, enterprises of all sizes have already made the move and are sharing lessons they’ve learned along the way. Companies are quickly realising the benefits of an integrated cloud productivity solution and how it improves security, inspires collaboration and s


Other News
DATA SECURITY

Symphony Technology Group Announces the Launch of Skyhigh Security

Skyhigh Security | March 22, 2022

Symphony Technology Group (“STG”), a leading Menlo Park-based private equity firm focused on the software, data, and analytics sectors, today announced the launch of Skyhigh Security. The new portfolio company was created to satisfy the growing cloud security requirements for large and small organizations. Skyhigh Security’s unique approach extends security beyond data access to securing how the data is used. Its data-aware Security Service Edge (SSE) is built to meet the needs of the modern workforce with security that follows the data and users wherever they are. Earlier this year, STG announced it would be splitting McAfee Enterprise into two organizations—Trellix and Skyhigh Security—to better focus on the very distinct markets of Extended Detection and Response (XDR) and the SSE. At that time STG also announced that Gee Rittenhouse, who previously led Cisco’s cyber security business, would serve as CEO of the SSE business, bringing deep cloud security expertise. “Skyhigh Security has emerged as a dedicated cloud security company that is laser-focused on propelling businesses forward with a comprehensive and converged approach to data security. We’re committed to investing in this business, which is in one of the most important markets in security, SSE.” William Chisholm, managing partner, STG “With the majority of data in the cloud and users accessing it from everywhere, a new approach to security is needed,” said Rittenhouse. “Skyhigh Security has created a comprehensive security platform to secure both data access and data use via unified policies and data awareness. Organizations can now have complete visibility and control and seamlessly monitor and mitigate security risks—achieving lower associated costs, driving greater efficiencies and keeping pace with the speed of innovation.” “Organizations are at a crossroads navigating the hybrid workforce,” said Frank Dickson, vice president, IDC. “While the ‘work from anywhere’ model creates flexibility and agility, it can also be a point of security vulnerability, challenging perimeters and endpoints and opening new attack surfaces in the cloud. These organizations need a best-in-class cloud-native solution that simplifies the implementation of cloud security to protect data regardless of where it lies.” “Protecting the way data is used is as important as the way data is accessed—we must implement a powerful data-centric defense to meet the demands of how work is conducted today,” said Dan Meacham, chief information security officer, Legendary Entertainment. “Skyhigh Security’s platform approach is completely integrated and simple to use. With over 10 years focus on cloud security, they are a pioneer in the SSE space. Skyhigh Security’s innovations have been validated both by analysts and customers alike. It is truly one of the most solid and unique SSE solutions in the market today.” The Skyhigh Security SSE Portfolio includes Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), Cloud Data Loss Prevention (DLP), Remote Browser Isolation technology, Cloud Firewall and Cloud Native Application Protection Platform (CNAPP). The company was most recently named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge and recognized in the 2022 Critical Capabilities for SSE for its MVISION Unified Cloud Edge (UCE) solution. About Skyhigh Security: Skyhigh Security protects organizations with cloud-native security solutions that are both data-aware and simple to use. Its market-leading Security Service Edge (SSE) Portfolio goes beyond data access and focuses on data use, allowing organizations to collaborate from any device and from anywhere without sacrificing security.

Read More

ENTERPRISE SECURITY

iTecs Enters Into A Partnership With Check Point

iTecs | December 20, 2021

iTecs, a Dallas based IT MSP, Cybersecurity, and Cloud Hosting Provider (https://itecsonline.com) enters into a partnership with Check Point, a leader in enterprise and SMB cybersecurity products and solutions, to provide iTecs clients with efficacious cybersecurity protection. The collaboration between the two parties enables iTecs to deliver the various services and products to clients as a managed service. "The traditional 'perimeter-based' security model is not aging well in this new landscape, and binary access tools are proving to be cumbersome and unscalable. Fixed perimeters no longer govern working environments. Instead, users work on their own devices and sensitive company data stored in third-party cloud services. As a result, companies can no longer rely on binary security models that focus on letting good guys in and keeping bad guys out. The challenge for modern enterprises is how to give users the required access while reducing set-up and maintenance costs without compromising security. Check Point's Zero Trust Network Access model provides the tools to safeguard companies in today's ever-growing work-from-home demand. Especially with the growing popularity and development of 'METAVERSE' work environments, it's essential to adopt new and intelligent ways of protecting your users," says Brian Desmot, CEO & Founder of iTecs. Currently in partnerships with Sophos, SentinelOne, Cisco, CoSoSys, and now Check Point, iTecs' Managed Security Services (MSS) division provides SMB and Enterprises with an array of sophisticated and synergistic threat-preventing solutions. "Our propensity of testing cybersecurity solutions has led us to the conclusion that Check Point is the right partner to provide our clients with maximum ROI. As a result, we are redesigning our website and will include new pages devoted to the broad menu of services our alliance with Check Point is providing," Brian Desmot iTecs is going through a rebranding campaign with the launch of a new logo and website which will be completed by early 2022. About iTecs IT Outsourcing and Support Brian Desmot founded iTecs in 2002, a white-glove IT support, consulting, managed IT services provider. The firm delivers an umbrella of IT services from break-fix, consulting, cybersecurity, to procurement for businesses of all sizes. If you need a professional, customer-centric offsite IT department, iTecs is the best choice.

Read More

SOFTWARE SECURITY

ReliaQuest Expands GreyMatter Platform with support for Risk Scenarios and MITRE ATT&CK v10

ReliaQuest | February 18, 2022

ReliaQuest, the leader in Open XDR-as-a-Service, today announced the expansion of its GreyMatter platform with support for MITRE ATT&CK v10 and Risk Scenarios that visually maps and measures a security program’s detection coverage in terms of threats and cyber risks. This new feature enables security leaders to close the communications gap with business leaders while demonstrating how well their security program mitigates cyber risks of most concern to the enterprise. Many leaders are challenged with measuring the progress of their security program and the impact of their security investments. According to a recent Ponemon Institute Research report, 64% of security leaders say a lack of standardized security metrics to measure progress is the primary obstacle to implementing an IT security risk management program. What’s more, 58% say that the lack of a well-defined security and risk management program is what makes their organization most vulnerable to cyberattacks. With the ability to map coverage against Risk Scenarios, GreyMatter enables security leaders to have a real-time view into how they are performing against individual threats or cyber risks they are most concerned about. They can pinpoint any gaps in coverage and make informed decisions on how best to proceed with investments and actions to close these gaps. Breakdowns by cyber risk categories and subcategories within them help security leaders focus on areas of concern at a granular level. “Too often, leaders rely on technical metrics that lack a holistic view of how security tools are operating together, leaving them at a loss when it comes to communicating cyber risks to the business, What’s more, translating the effectiveness of security tools in a language that leadership understands poses even more of a challenge. Now, with Risk Scenarios, security leaders have a more comprehensive view into how much coverage they have across cyber risk areas that concern them the most. This will help them make informed decisions on how best to approach these issues and communicate them effectively to leadership.” Brian Foster, Chief Product Officer at ReliaQuest Additionally, ReliaQuest announced an upgrade of its support for the latest MITRE ATT&CK framework version 10. By upgrading to support v10 of the framework, GreyMatter users are better able to visualize and measure detection coverage aligned to the latest techniques. In line with keeping with improving efficiencies for security operators, GreyMatter delivers enhancements to reduce tool hopping by automating collection of various contextual information, aiding in faster investigations and further streamlining the security operations workflow. About ReliaQuest ReliaQuest, the leader in Open XDR-as-a-Service, is the force multiplier for security operations teams. ReliaQuest GreyMatter is a cloud-native Open XDR platform that brings together telemetry from any security and business solution, whether on-premises, or in one or multiple clouds, to unify detection, investigation, response and resilience. ReliaQuest combines the power of technology and 24/7/365 security expertise to give organizations the visibility and coverage they require to make cybersecurity programs more effective.

Read More

DATA SECURITY

Noetic Cyber Partners with SentinelOne to address growing cybersecurity asset management challenges

Noetic Cyber | February 03, 2022

Noetic Cyber, a cloud-based continuous cyber asset management and controls platform, today announced a partnership with autonomous cybersecurity platform company SentinelOne (NYSE:S). This partnership delivers an end-to-end cybersecurity asset management solution that leverages SentinelOne's endpoint and cloud workload telemetry, combined and correlated with information from other information sources, to generate a high-fidelity, continuously updated, multidimensional map of all assets and their cyber relationships. The current fragmentation of IT management, DevOps and security tools makes it difficult for security teams to see all the assets in the business and to understand the relationships between them. In fact, 71% of global IT leaders admit to finding new endpoints in their environment on a weekly basis. Endpoint and cloud workload telemetry is a vital part of this information, providing high-fidelity, relevant insights into threats and cyber assets. The integration of SentinelOne Singularity XDR and the Noetic platform enables teams to extend the visibility, detection and endpoint insights of SentinelOne into a wider asset inventory and management architecture, maximizing their value. "We are very excited to be partnering with Noetic Cyber on this integrated solution," said Chuck Fontana, SVP of Business Development, SentinelOne. "There is a significant security challenge in not understanding the cyber risk of all assets in your environment. Together with Noetic, we're able to close that gap and ensure a hygienic cybersecurity environment for organizations across industries." The SentinelOne Connector for Noetic is an API-based integration. Joint customers install the SentinelOne Connector into the Noetic platform and provide it with API credentials to establish a bi-directional integration between the two platforms. The Noetic platform periodically polls SentinelOne, looking for information indicating new, updated or removed endpoints. This information is ingested, aggregated and correlated with information from other data sources, presented to security teams via innovative graph database technology. Pre-packaged queries and dashboards help analysts to uncover coverage and compliance gaps and hidden risks. The Noetic platform also includes a comprehensive automation workflow engine, which allows security teams to pre-determine corrective action, such as deploying the SentinelOne agent to unprotected machines, triggering a scan or disconnecting a machine from the network. "Through this innovative partnership with SentinelOne, we are able to jointly address security coverage gaps and automatically correct misconfigured endpoints that could otherwise leave organizations vulnerable,Leveraging the high-fidelity data provided by SentinelOne, Noetic provides unparalleled insights into your cyber assets, identifies security risks and uses automation to continuously close them." Paul Ayers, CEO of Noetic About SentinelOne SentinelOne's cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. About Noetic Cyber Noetic Cyber enables security teams to make faster, more accurate decisions to detect coverage gaps and reduce cyber risk. The Noetic solution is a cloud-based Continuous Cyber Asset Management & Controls Platform that provides teams with unified visibility of all assets across their cloud and on-premises systems, and delivers continuous, automated remediation to close coverage gaps and enforce security policy. Noetic improves security tools and control efficacy by breaking down existing siloes and improving the entire security ecosystem. Founded in 2019, Noetic is based in Boston and London.

Read More

Spotlight

Moving to the cloud presents challenges for any organisation. Fortunately, enterprises of all sizes have already made the move and are sharing lessons they’ve learned along the way. Companies are quickly realising the benefits of an integrated cloud productivity solution and how it improves security, inspires collaboration and s

Resources