ENTERPRISE SECURITY
SecurityScorecard | January 28, 2022
SecurityScorecard, the global leader in cybersecurity ratings, today announced a collaboration with Marsh McLennan, the world's leading professional services firm in the areas of risk, strategy and people, to enable organizations around the world to improve their cyber resilience.
As part of the collaboration, Marsh McLennan's Cyber Risk Analytics Center will leverage SecurityScorecard's data and analytics to gain real-time cyber risk insights and define risk mitigation strategies for the Company's global client base. The companies will also collaborate on joint research aimed at increasing awareness of cyber risk and educating the market on risk management strategies.
"We are excited to work with Marsh McLennan, which understands that to stay competitive, you must stay innovative," said Prashant Pai, Senior Vice President and General Manager of Strategic Initiatives at SecurityScorecard. "Given how fast the cyber risk landscape evolves, it's essential that business leaders have access to the most up-to-date and complete view of a client's cybersecurity posture."
"Cyber risk evolves minute-to-minute, making it challenging to build data-driven risk management strategies,SecurityScorecard's data and analytics are a valuable addition to our proprietary insights, furthering our ability to help our clients stay on top of emerging vulnerabilities and threats that may impact their businesses."
Scott Stransky, Managing Director, Marsh McLennan Cyber Risk Analytics Center
SecurityScorecard continuously monitors millions of entities worldwide and non-intrusively assesses their security posture across 10 risk categories including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security and patching cadence.
About SecurityScorecard
Funded by world-class investors including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.
Read More
DATA SECURITY
HackNotice | February 07, 2022
HackNotice, the world's leading threat awareness company, announced the first-ever security and threat awareness combined service, accessible to new and existing users. The added security awareness training course enables individuals to deepen their understanding of good cyber hygiene practices. The course offers 50 training videos, a security exam, and a certification.
Cybersecurity training is mostly offered to company employees, often costing hundreds of thousands of dollars for intensive, week-long seminars and lectures. However, having good security awareness is vital for any individual. The newly released self-paced course ensures that anyone online can learn good cyber practices.
"What makes the combined service great is that our threat modeling and security awareness course work together. When someone faces a large amount of personal information exposure, we recommend more phishing training. When someone has several passwords stolen, we have them focus on our password training. Now, users can receive the critical training that they need instantly, tailored to their specific risks,"
Steve Thomas, CEO, and Co-Founder of HackNotice
For customers of HackNotice Teams, HackNotice's security and threat awareness service, the new course is an excellent addition for companies looking to strengthen their enterprises' security programs. Quick, in-the-moment, lessons are a perfect way to engage employees and business departments within the organization. Clients can also access dynamic reports to see user and departmental progress, and areas of improvement.
About HackNotice
Hacknotice is the only company-wide threat awareness platform, making employees more cautious online. Users monitor, review, and take swift actions against their real cyber-threats. The platform focuses on bridging the gap between security teams and other employees through real-time alerts, around-the-clock monitoring, recovery recommendations, and additional education. HackNotice's mission is to make all employees threat aware, creating a resilient culture of security.
Read More
SOFTWARE SECURITY
ReliaQuest | February 18, 2022
ReliaQuest, the leader in Open XDR-as-a-Service, today announced the expansion of its GreyMatter platform with support for MITRE ATT&CK v10 and Risk Scenarios that visually maps and measures a security program’s detection coverage in terms of threats and cyber risks. This new feature enables security leaders to close the communications gap with business leaders while demonstrating how well their security program mitigates cyber risks of most concern to the enterprise.
Many leaders are challenged with measuring the progress of their security program and the impact of their security investments. According to a recent Ponemon Institute Research report, 64% of security leaders say a lack of standardized security metrics to measure progress is the primary obstacle to implementing an IT security risk management program. What’s more, 58% say that the lack of a well-defined security and risk management program is what makes their organization most vulnerable to cyberattacks.
With the ability to map coverage against Risk Scenarios, GreyMatter enables security leaders to have a real-time view into how they are performing against individual threats or cyber risks they are most concerned about. They can pinpoint any gaps in coverage and make informed decisions on how best to proceed with investments and actions to close these gaps. Breakdowns by cyber risk categories and subcategories within them help security leaders focus on areas of concern at a granular level.
“Too often, leaders rely on technical metrics that lack a holistic view of how security tools are operating together, leaving them at a loss when it comes to communicating cyber risks to the business, What’s more, translating the effectiveness of security tools in a language that leadership understands poses even more of a challenge. Now, with Risk Scenarios, security leaders have a more comprehensive view into how much coverage they have across cyber risk areas that concern them the most. This will help them make informed decisions on how best to approach these issues and communicate them effectively to leadership.”
Brian Foster, Chief Product Officer at ReliaQuest
Additionally, ReliaQuest announced an upgrade of its support for the latest MITRE ATT&CK framework version 10. By upgrading to support v10 of the framework, GreyMatter users are better able to visualize and measure detection coverage aligned to the latest techniques. In line with keeping with improving efficiencies for security operators, GreyMatter delivers enhancements to reduce tool hopping by automating collection of various contextual information, aiding in faster investigations and further streamlining the security operations workflow.
About ReliaQuest
ReliaQuest, the leader in Open XDR-as-a-Service, is the force multiplier for security operations teams. ReliaQuest GreyMatter is a cloud-native Open XDR platform that brings together telemetry from any security and business solution, whether on-premises, or in one or multiple clouds, to unify detection, investigation, response and resilience. ReliaQuest combines the power of technology and 24/7/365 security expertise to give organizations the visibility and coverage they require to make cybersecurity programs more effective.
Read More
WEB SECURITY TOOLS
Indusface | May 19, 2022
Indusface, a leading application security SaaS company that continually detects security risks, provides real-time protection, and improves the performance of Websites and Applications, today announced that it is adding Risk-Based API Protection to its WAAP platform, AppTrana.
APIs are the lifeline of the digital economy with many companies adopting the API-first approach. However, the growth of APIs is also opening up new risk vectors that they are not aware of. According to Gartner, more than 90% of applications have more attack surface exposed through API than UI and by 2022, API Abuse will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.
Indusface is revolutionizing the API security space by building on its API Protection capabilities. The company is doing so through the most comprehensive API protection to date by extending its risk-based approach to the same.
"AppTrana's risk-based approach is unique and something that resonates with our customers. What customers are really interested in is knowing how well their application is protected based on the risk posture of their application. Building on this, we are now enhancing our API Protection capabilities by providing a risk-based approach to API security which we believe would revolutionize the market. With this, customers will be able to identify vulnerabilities found in their public APIs and quickly correlate how these are protected through API-specific policies and positive security policies applied in AppTrana providing the most comprehensive protection for APIs."
Ashish Tandon, Founder and CEO, Indusface
As with any security, you can protect only what you know and protection is as strong as the weakest link. The major challenges with APIs are discoverability and the ability to understand the context of APIs so that security can be tailored accordingly. It is to address these challenges that Indusface is enhancing its API protection in AppTrana. Collectively through a multi-step approach, customers get to discover APIs, understand risk posture and ensure comprehensive protection of APIs.
With Indusface AppTrana's Risk-based API Protection, you get:
To understand the risk posture of the APIs through unlimited automated API scans including manual tests for identifying business logic vulnerabilities. This enables organization to understand the weakest links of the APIs and get clear visibility around how these links are protected.
Visibility into API traffic patterns and discovery of shadow APIs, so that you are no longer blindsided by what you don't know
To protect APIs with API-specific rules written specifically to protect against OWASP Top 10 API vulnerabilities
Behavioral-based protection against DDoS attacks on APIs by analyzing API traffic pattern
Behavioral-based protection against BOT attacks
Positive security for APIs through analysis of swagger (OpenAPI 2.0) files and creation of automated positive security policies
Accurate, real-time view of vulnerabilities blocked by API specific rules, positive security policies, custom rules, and those that need fixes in the application
About Indusface
Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 3000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.
Indusface has been funded by Tata Capital Growth Fund II, is the only vendor to be named Gartner Peer Insights™ Customers' Choice' in all the 7 segments for Voice of Customer WAAP (Web Application and API Protection) Report 2022, is a "Great Place to Work" certified SaaS product company, is PCI, ISO27001, SOC 2, GDPR certified, and has been the recipient of many prestigious start-up awards such as the Economic Times Top 25, NASSCOM DSCI Top Security Company, Deloitte Asia Top 100, among others.
Read More