DATA SECURITY

Cyber Security Penetration Testing Leader NetSPI Secures $90 Million in Growth Funding Led by KKR

NetSPI | May 17, 2021

NetSPI, the pioneer in big business infiltration testing and assault surface administration, today reported it has brought $90 million up in development subsidizing drove by KKR, with investment from Ten Eleven Ventures. The venture will be utilized to additionally speed up NetSPI's fast development by extending the organization's digital protection and customer experience groups, putting resources into item advancement, and extending tasks across U.S. what's more, worldwide business sectors.

Since its establishing, NetSPI has centered its administrations to assist organizations with protecting themselves from cyberattacks through a powerful and imaginative innovation stage, permitting NetSPI's group of specialists to completely recognize security weaknesses. When digital protection spending is relied upon to surpass $200 billion every year by 2024, as per a new Bloomberg Intelligence (BI) report, more organizations are getting ready to fight off refined digital assaults and stay away from reputational and business hazards.

KKR is putting resources into NetSPI through its Next Generation Technology Growth Fund II. KKR and Ten Eleven Ventures have put resources into market-driving network safety organizations including Darktrace, KnowBe4, Ping Identity, Cylance, ForgeRock, and ReliaQuest.

The venture is the most recent exchange in a time of sped up development for NetSPI. Most as of late, NetSPI procured Silent Break Security and fused its restrictive Adversary Simulation and Red Team Toolkit programming into the organization's hostile network safety and assault surface administration contributions. In 2020, NetSPI dispatched Penetration Testing as a Service (PTaaS) controlled by its Resolve™ stage. Forthcoming augmentations of hazard scoring, weakness insight, break and assault recreation, and more will keep on separating NetSPI's innovation contributions.

Goodwin Procter LLP exhorted NetSPI on the exchange and Latham and Watkins LLP prompted KKR and Ten Eleven Ventures.

About NetSPI

NetSPI is the pioneer in big business security testing and assault surface administration, banding together with nine of the main 10 U.S. banks, three of the world's five biggest medical services organizations, the biggest worldwide cloud suppliers, and large numbers of the Fortune® 500. NetSPI specialists perform profound plunge manual entrance testing of use, organization, and cloud assault surfaces, generally testing more than 1 million resources for discover 4 million one of a kind weaknesses. NetSPI offers Penetration Testing as a Service (PTaaS) through its Resolve™ stage and enemy recreation through its Red Team Tool Kit. NetSPI is settled in Minneapolis, MN and is a portfolio organization of private value firms Sunstone Partners, KKR, and Ten Eleven Ventures.

Spotlight

IBM Resilient Incident Response Platform® (IRP) helps you decide whether a cyber alert is a true security incident or a false positive - Find out how you can reduce the time of response.


Other News
ENTERPRISE SECURITY

SecurityScorecard and Marsh McLennan Collaborate to Elevate Cybersecurity in Challenging Risk Landscape

SecurityScorecard | January 28, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced a collaboration with Marsh McLennan, the world's leading professional services firm in the areas of risk, strategy and people, to enable organizations around the world to improve their cyber resilience. As part of the collaboration, Marsh McLennan's Cyber Risk Analytics Center will leverage SecurityScorecard's data and analytics to gain real-time cyber risk insights and define risk mitigation strategies for the Company's global client base. The companies will also collaborate on joint research aimed at increasing awareness of cyber risk and educating the market on risk management strategies. "We are excited to work with Marsh McLennan, which understands that to stay competitive, you must stay innovative," said Prashant Pai, Senior Vice President and General Manager of Strategic Initiatives at SecurityScorecard. "Given how fast the cyber risk landscape evolves, it's essential that business leaders have access to the most up-to-date and complete view of a client's cybersecurity posture." "Cyber risk evolves minute-to-minute, making it challenging to build data-driven risk management strategies,SecurityScorecard's data and analytics are a valuable addition to our proprietary insights, furthering our ability to help our clients stay on top of emerging vulnerabilities and threats that may impact their businesses." Scott Stransky, Managing Director, Marsh McLennan Cyber Risk Analytics Center SecurityScorecard continuously monitors millions of entities worldwide and non-intrusively assesses their security posture across 10 risk categories including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security and patching cadence. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

DATA SECURITY

HackNotice Releases First-Ever Combined Security and Threat Awareness Service for Free

HackNotice | February 07, 2022

HackNotice, the world's leading threat awareness company, announced the first-ever security and threat awareness combined service, accessible to new and existing users. The added security awareness training course enables individuals to deepen their understanding of good cyber hygiene practices. The course offers 50 training videos, a security exam, and a certification. Cybersecurity training is mostly offered to company employees, often costing hundreds of thousands of dollars for intensive, week-long seminars and lectures. However, having good security awareness is vital for any individual. The newly released self-paced course ensures that anyone online can learn good cyber practices. "What makes the combined service great is that our threat modeling and security awareness course work together. When someone faces a large amount of personal information exposure, we recommend more phishing training. When someone has several passwords stolen, we have them focus on our password training. Now, users can receive the critical training that they need instantly, tailored to their specific risks," Steve Thomas, CEO, and Co-Founder of HackNotice For customers of HackNotice Teams, HackNotice's security and threat awareness service, the new course is an excellent addition for companies looking to strengthen their enterprises' security programs. Quick, in-the-moment, lessons are a perfect way to engage employees and business departments within the organization. Clients can also access dynamic reports to see user and departmental progress, and areas of improvement. About HackNotice Hacknotice is the only company-wide threat awareness platform, making employees more cautious online. Users monitor, review, and take swift actions against their real cyber-threats. The platform focuses on bridging the gap between security teams and other employees through real-time alerts, around-the-clock monitoring, recovery recommendations, and additional education. HackNotice's mission is to make all employees threat aware, creating a resilient culture of security.

Read More

SOFTWARE SECURITY

ReliaQuest Expands GreyMatter Platform with support for Risk Scenarios and MITRE ATT&CK v10

ReliaQuest | February 18, 2022

ReliaQuest, the leader in Open XDR-as-a-Service, today announced the expansion of its GreyMatter platform with support for MITRE ATT&CK v10 and Risk Scenarios that visually maps and measures a security program’s detection coverage in terms of threats and cyber risks. This new feature enables security leaders to close the communications gap with business leaders while demonstrating how well their security program mitigates cyber risks of most concern to the enterprise. Many leaders are challenged with measuring the progress of their security program and the impact of their security investments. According to a recent Ponemon Institute Research report, 64% of security leaders say a lack of standardized security metrics to measure progress is the primary obstacle to implementing an IT security risk management program. What’s more, 58% say that the lack of a well-defined security and risk management program is what makes their organization most vulnerable to cyberattacks. With the ability to map coverage against Risk Scenarios, GreyMatter enables security leaders to have a real-time view into how they are performing against individual threats or cyber risks they are most concerned about. They can pinpoint any gaps in coverage and make informed decisions on how best to proceed with investments and actions to close these gaps. Breakdowns by cyber risk categories and subcategories within them help security leaders focus on areas of concern at a granular level. “Too often, leaders rely on technical metrics that lack a holistic view of how security tools are operating together, leaving them at a loss when it comes to communicating cyber risks to the business, What’s more, translating the effectiveness of security tools in a language that leadership understands poses even more of a challenge. Now, with Risk Scenarios, security leaders have a more comprehensive view into how much coverage they have across cyber risk areas that concern them the most. This will help them make informed decisions on how best to approach these issues and communicate them effectively to leadership.” Brian Foster, Chief Product Officer at ReliaQuest Additionally, ReliaQuest announced an upgrade of its support for the latest MITRE ATT&CK framework version 10. By upgrading to support v10 of the framework, GreyMatter users are better able to visualize and measure detection coverage aligned to the latest techniques. In line with keeping with improving efficiencies for security operators, GreyMatter delivers enhancements to reduce tool hopping by automating collection of various contextual information, aiding in faster investigations and further streamlining the security operations workflow. About ReliaQuest ReliaQuest, the leader in Open XDR-as-a-Service, is the force multiplier for security operations teams. ReliaQuest GreyMatter is a cloud-native Open XDR platform that brings together telemetry from any security and business solution, whether on-premises, or in one or multiple clouds, to unify detection, investigation, response and resilience. ReliaQuest combines the power of technology and 24/7/365 security expertise to give organizations the visibility and coverage they require to make cybersecurity programs more effective.

Read More

WEB SECURITY TOOLS

Indusface Enhances its Web Application & API Protection (WAAP) platform AppTrana with Industry's First Risk-Based Protection to APIs

Indusface | May 19, 2022

Indusface, a leading application security SaaS company that continually detects security risks, provides real-time protection, and improves the performance of Websites and Applications, today announced that it is adding Risk-Based API Protection to its WAAP platform, AppTrana. APIs are the lifeline of the digital economy with many companies adopting the API-first approach. However, the growth of APIs is also opening up new risk vectors that they are not aware of. According to Gartner, more than 90% of applications have more attack surface exposed through API than UI and by 2022, API Abuse will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications. Indusface is revolutionizing the API security space by building on its API Protection capabilities. The company is doing so through the most comprehensive API protection to date by extending its risk-based approach to the same. "AppTrana's risk-based approach is unique and something that resonates with our customers. What customers are really interested in is knowing how well their application is protected based on the risk posture of their application. Building on this, we are now enhancing our API Protection capabilities by providing a risk-based approach to API security which we believe would revolutionize the market. With this, customers will be able to identify vulnerabilities found in their public APIs and quickly correlate how these are protected through API-specific policies and positive security policies applied in AppTrana providing the most comprehensive protection for APIs." Ashish Tandon, Founder and CEO, Indusface As with any security, you can protect only what you know and protection is as strong as the weakest link. The major challenges with APIs are discoverability and the ability to understand the context of APIs so that security can be tailored accordingly. It is to address these challenges that Indusface is enhancing its API protection in AppTrana. Collectively through a multi-step approach, customers get to discover APIs, understand risk posture and ensure comprehensive protection of APIs. With Indusface AppTrana's Risk-based API Protection, you get: To understand the risk posture of the APIs through unlimited automated API scans including manual tests for identifying business logic vulnerabilities. This enables organization to understand the weakest links of the APIs and get clear visibility around how these links are protected. Visibility into API traffic patterns and discovery of shadow APIs, so that you are no longer blindsided by what you don't know To protect APIs with API-specific rules written specifically to protect against OWASP Top 10 API vulnerabilities Behavioral-based protection against DDoS attacks on APIs by analyzing API traffic pattern Behavioral-based protection against BOT attacks Positive security for APIs through analysis of swagger (OpenAPI 2.0) files and creation of automated positive security policies Accurate, real-time view of vulnerabilities blocked by API specific rules, positive security policies, custom rules, and those that need fixes in the application About Indusface Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 3000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine. Indusface has been funded by Tata Capital Growth Fund II, is the only vendor to be named Gartner Peer Insights™ Customers' Choice' in all the 7 segments for Voice of Customer WAAP (Web Application and API Protection) Report 2022, is a "Great Place to Work" certified SaaS product company, is PCI, ISO27001, SOC 2, GDPR certified, and has been the recipient of many prestigious start-up awards such as the Economic Times Top 25, NASSCOM DSCI Top Security Company, Deloitte Asia Top 100, among others.

Read More