SOFTWARE SECURITY

Cowbell Cyber Unveils Cyber Risk Heatmap

Cowbell | May 26, 2022

Cowbell_Cyber_Unveils
Cowbell Cyber, the leading supplier of cyber insurance for small and medium-sized businesses (SMEs), announced the availability of its Cyber Risk Heatmap today. The Heatmap—the market's most data-rich and dynamic assessment of cyber risk portfolios—gives rapid insight into the distribution of covered risk across Cowbell's agencies and brokers, insurance and reinsurance partners, and underwriters' portfolios. Cowbell and its partners can now establish a balanced book of business, manage growth for profitability, and reduce the overall risk profile of each portfolio thanks to better visibility.

As per a recent Cowbell study, 71% of policyholders want their cyber insurance provider to provide advice to reduce risk exposure. The difficulties of regularly monitoring cyber risk at the portfolio and individual account levels lead to risk selection blind spots. Cowbell proves its creativity by removing these shortcomings at the portfolio level for all stakeholders. As a result, the frequency and severity of reported claims are reduced. Cowbell's continually monitored risk pool currently includes 24 million SMEs, accounting for 75% of the total SME market in the United States.

In a world where cyber insurance is becoming harder to obtain due to the volatile nature of cyber risks, Cowbell Cyber Heatmap allows us and our partners to quickly analyze the standing of any insurance book of business. The innovation Cowbell has brought to the cyber insurance landscape has, once again, allowed us to remain steadfast in our approach to properly assess and cover risk in the most rigorous manner."

Rajeev Gupta, co-founder, and chief product officer at Cowbell Cyber.

The Cowbell Variables underpin the Heatmap, a collection of risk rating factors that analyze the organization's cyber risk in real-time and then match it to the most applicable coverage for the company. Cowbell's Cyber Risk Framework provides the underlying technology, which involves security controls from multiple standards, including the NIST Cyber Security Framework, COBIT, the Payment Card Industry Data Security Standard (PCI DSS), and the most recently revised NIST Cybersecurity Supply Chain Risk Management (C-SCRM) program, augmented by Cowbell's proprietary controls.

Cowbell's Cyber Risk Heatmap is free to all of Cowbell's 16,000 agency producers and is constantly updated to incorporate the most recent risk profile data to assure accuracy.

Spotlight

Attackers are bypassing conventional security deployments almost at will, breaching systems in a wide swath of industries and geographies. That's the stark conclusion of new data gathered by more than 1,600 FireEye network and email sensors deployed in real-world networks. Following up on our May 2014 report, "Cybersecurity's Maginot Line: A Real-World Assessment of the Defense-in-Depth Model," we compare data from the original Maginot report to new data gathered in the ensuing months.


Other News
SOFTWARE SECURITY

Thrive Integrates SOAR Technology into their Security Operations to Enhance Real-Time Cyber Threat Detection

Thrive | May 20, 2022

Thrive, one of the leading Managed Security Services Providers (MSSPs) in the world, has made a significant investment to upgrade their 24x7x365 eyes-on-glass Security Operation Center (SOC) by integrating a Security Orchestration, Automation, and Response (SOAR) engine. The SOAR capabilities will enable the Thrive global security team to better navigate today's complex, risk-laden environment for clients via tool aggregation and coordinated response, unified operations, reduced alert fatigue, and Artificial Intelligence (AI). This will result in a significant reduction of incident response times for client threats and provide higher quality information for the Thrive SOC to combat intricate cyber risks in real time. By 2025, the amount lost to cyber theft is expected to reach $10.5 trillion annually, which is the single greatest transfer of wealth in history, according to a report from AT&T. These glaring statistics indicate why cybersecurity has become imperative in the world of commerce. "Cybersecurity threats and vulnerabilities are constantly multiplying, due to not only more sophisticated social engineering but also a rise in micro-ransomware incidents, That means vigilance against attacks of all kinds must also evolve. Incorporating a SOAR into our robust global security operations unit will allow Thrive clients to have a stronger defense system in place against cybersecurity attacks and enable our team to respond more expeditiously to any issues should they arise." Mike Gray, CTO of Thrive Thrive's integrated managed cybersecurity solutions provide a proactive and expert approach to security management for identifying and remediating security issues. Powered by next-gen technology, proven frameworks and service-driven experts, Thrive's unified cybersecurity platform enables Thrive's 24x7x365 SOC to automatically address critical security issues without client intervention. By creating a stress-free experience that solves for the technical complexity and talent shortage mid-market enterprises face, Thrive's cybersecurity solutions fortify the digital transformation initiatives that propel business growth. About Thrive Thrive is a leading provider of NextGen managed services designed to drive business outcomes through application enablement and optimization. The company's Thrive5 Methodology utilizes a unique combination of its Application Performance Platform and strategic services to ensure each business application achieves peak performance, scale, uptime, and the highest level of security.

Read More

PLATFORM SECURITY

Searchlight Security Elevates Dark Web Intelligence to Board Level with New Automated Reporting

Searchlight Security | August 02, 2022

Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives. DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business. DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats. “Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.” Eric Milam, EVP product at Searchlight Security DarkIQ Reporting gives enterprise security teams and MSSPs the ability to: Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform. Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data. Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations. Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers. Resource more effectively - with less time spent on reporting so they can spend more time protecting the business. Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence. Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.” About Searchlight Security Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Read More

SOFTWARE SECURITY

CyberSaint Releases CyberStrong Version 3.20 Empowering Customers to Further Automate the Cyber & IT Risk Management Function

CyberSaint | June 22, 2022

CyberSaint, the developer of the leading platform delivering cyber risk automation, announced the release of CyberStrong version 3.20 today, providing customers with the ability to further automate the assessment process via continuous control automation with Tenable and Microsoft Azure Security Center integrations. “CyberSaint’s continuous control automation functionality changes the way that security and risk teams perform assessments, and ultimately, manage cyber risk,” said Jerry Layden, CEO of CyberSaint. “Being first-to-market with this technology is exciting for us, and positions us to redefine the cyber and IT risk management market at large.” Until now, the process of assessing an organization’s cybersecurity risk posture against a framework or standard has been manual. CyberStrong’s continuous control automation leverages natural language processing (NLP) to map telemetry coming in from various security products, such as Tenable and Microsoft Azure Security Center, to controls in a customer environment, automating scores at the control level and pulling in evidence. Want to see this new feature in action? Register for the Live Demo on July 12th at 3:00pm EDT or watch after on-demand. “Having the capability to integrate with cybersecurity solutions such as those in a hybrid cloud environment is essential for successful integrated risk management (IRM) technologies. “IRM solution providers like CyberSaint offer companies real-time visibility and understanding of their cybersecurity risk. This provides a competitive edge by giving business leaders actionable data to mitigate growing cybersecurity and associated digital risks.” John A. Wheeler, Founder and CEO of Wheelhouse Advisors and former Gartner IRM analyst CyberSaint’s integration with Tenable allows customers to: Identify and create mappings to controls and control actions Automate the scoring of vulnerability scanning controls Keep assessment control scores up to date with every successful vulnerability scan CyberSaint’s integration with Microsoft Azure Security Center allows customers to: Pull in policies from Azure and relate their compliance to assessments within the CyberStrong platform Query the customer Azure configuration and correlate directly to NIST 800-53, the CSF, and additional standards such as CMMC, PCI, HIPAA, and more Provide nightly updates to control actions within the CyberStrong platform to keep compliance status up to date which aids in viewing variance of controls when evaluating risk About CyberSaint CyberSaint's mission is to empower today's organizations to build a cybersecurity program that is as clear, actionable, and measurable as any other business function. CyberSaint's solutions empower teams, CISOs, and Boards to measure, mitigate, and communicate risk with agility and alignment.

Read More

PLATFORM SECURITY

Cloud Security Alliance Offers Governance Best Practices for Protecting Data Throughout Software-as-a-Service (SaaS) Lifecycle

Cloud Security Alliance | June 10, 2022

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Software-as-a-Service (SaaS) Governance Best Practices for Cloud Customers. Drafted by the SaaS Governance Working Group, the paper provides a baseline set of SaaS governance best practices for protecting data within SaaS environments, enumerates and considers risks according to the SaaS adoption and usage lifecycles, and finally, provides potential mitigation measures from the SaaS customer’s perspective. The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. While the domain of cloud adoption and security continues to evolve, not much guidance is available regarding SaaS governance and security. This, despite the reality that increasingly, different departments within an organization (Shadow IT) are occasionally utilizing SaaS offerings to power their critical business processes and functions and often storing sensitive data in SaaS environments. “SaaS requires a different security governance mindset. Because SaaS apps allow businesses to quickly and easily optimize business operations, adoption has come at the price of security. Few recognize how complex the configuration and permission settings of SaaS apps can be, which results in numerous misconfigurations, giving attackers the potential to access sensitive data,” said Amir Ofek, CEO of AxoniusX, the new innovation unit of Axonius, which sponsored the paper. “By following a widely adopted security framework, such as NIST CSF, coupled with the best-practices and recommendations in this document, organizations will be able to better establish SaaS governance and security processes to mitigate risk associated with SaaS usage, eliminate misconfigurations, and gain full control over their entire SaaS environment.” “While SaaS offers tremendous opportunities for organizations to change the way they operate, consume innovative capabilities, and offload many of the operational burdens associated with both creating and maintaining applications, it isn’t without its concerns. As organizations continue to adopt SaaS-based applications and solutions, traditional organizational cybersecurity must be updated to reflect this new operating model. Failing to do so can increase the potential risk and ramifications of security incidents associated with the consumption of SaaS.” Chris Hughes, co-founder and CISO at Aquia and project lead/lead author of the paper The guide defines three necessary components that, when combined into a cohesive strategy, can provide integrated security for SaaS systems and solutions: Process security. Protects the integrity of procedural activities to ensure the input and output of processes aren’t easily compromised. These are the managerial aspects, including policies and procedures, to ensure that an organization’s processes are consistent. Platform security. Deals with the security strength of the platform and the underlying dependencies of a SaaS service. These include the SaaS infrastructure, operating systems, and its potential suppliers. Application security. Deals with the security of the SaaS application itself. A SaaS application can only stay secure if it does not contain exploitable vulnerabilities and has implemented hardened configurations aligned with organizational and vendor security best practices, as well as compliance requirements. The Software-as-a-Service (SaaS) Governance Working Group aims to benefit all parties in the SaaS ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider. Individuals interested in becoming involved in future research and initiatives are invited to join the working group. SaaS Governance Best Practices for Cloud Customers was sponsored by Axonius, a leader in cybersecurity asset management and SaaS management. CSA research prides itself on vendor neutrality, agility, and integrity of results. Sponsors are CSA Corporate Members who support the findings of the research project but have no added influence on the content development or editing rights to CSA research. About Axonius Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world. About Cloud Security Alliance The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem.

Read More

Spotlight

Attackers are bypassing conventional security deployments almost at will, breaching systems in a wide swath of industries and geographies. That's the stark conclusion of new data gathered by more than 1,600 FireEye network and email sensors deployed in real-world networks. Following up on our May 2014 report, "Cybersecurity's Maginot Line: A Real-World Assessment of the Defense-in-Depth Model," we compare data from the original Maginot report to new data gathered in the ensuing months.

Resources