Enterprise Security

SecurityScorecard Partners with Tenable to Deliver Complete Cyber Risk Monitoring

SecurityScorecard | August 23, 2021

SecurityScorecard, the global leader in security ratings, today announces a partnership with Tenable the Cyber Exposure company, to deliver a comprehensive view into an organization's risk posture by marrying Tenable's unmatched visibility and depth of analytics into enterprise environments with external cyber monitoring powered by SecurityScorecard. As a result of this partnership, CISOs, IT leaders and security teams are able to review their SecurityScorecard rating, assess their external cybersecurity health, and understand their risk posture directly within the Tenable Lumin dashboard.

"Understanding your up-to-date risk posture has become a necessity in a world that's increasingly more complex, dynamic and transient," said Ray Komar, vice president of technical alliances, Tenable. "We're excited to partner with SecurityScorecard to give customers complete visibility into the risks that exist inside and outside their environment, and guidance for how to most effectively reduce that risk, all in a single platform."

Point-in-time or periodic cybersecurity testing procedures have become antiquated. Today's cyber risks change by the minute and companies need a solution that keeps pace with the dynamic nature of cybersecurity by continuously monitoring for exposures and measuring the security posture and cyber resilience across the organization.

"Organizations must be proactive to address cyber breaches, and security ratings are the foundation to measuring and understanding security resilience in real time," says Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard. "Together, SecurityScorecard and Tenable are advancing a new standard for continuous monitoring by blending external and internal risk assessments, which provide organizations with a holistic view into the risks that exist in their environments."

The integration pairs Tenable Lumin's advanced analytics capabilities for assessing risk alongside real-time visibility of external vulnerabilities from SecurityScorecard. This arms Tenable Lumin customers with the intelligence to develop external risk management and threat detection playbooks through real-time updates, allowing organizations to effectively identify and respond to threats and risks.

SecurityScorecard continuously monitors millions of entities globally, and uses non-intrusive proprietary methods to assess their security posture across ten risk categories to instantly deliver an easy-to-understand "A" through "F" rating; including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. On a daily basis, these ratings are updated based on objective, publicly-available data that, similar to credit ratings, provides an "outside-in" view of an entity's security posture.

About SecurityScorecard
Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital and others, SecurityScorecard is the global leader in cybersecurity ratings with tens of millions of companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 18,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Spotlight

Counterfeit threats, such as fraudulent ads and look-alike domains, are on the rise especially with the expansion of e-commerce and online consumer-to-business interaction. However, the collection and mitigation of counterfeit activity can be complicated. Prioritizing relationships with platforms and providers along with collect


Other News
Software Security

ZeroFox Unveils New Anti-Phishing Features to Stop Attacks at Source

ZeroFox | September 22, 2023

ZeroFox, an industry-leading provider of enterprise software-as-a-service for external cybersecurity, has announced the unveiling of multiple anti-phishing product enhancements. These updates solidify ZeroFox's position as the world leader in digital risk protection. Developed using cutting-edge AI/ML technologies and designed by a team of top-tier security experts, these new anti-phishing features boost escalated alert volume, reduce the occurrence of false positives, and expedite the process from threat identification to initial disruption and successful takedowns for all our customers. The importance of these new features cannot be overstated, especially given the rising threat landscape. In the first half of 2023, ZeroFox Intelligence has recorded a substantial increase in the volume and complexity of phishing attacks, including a 30% surge in domain takedowns compared to the first half of 2022. New ZeroFox phishing trend research also highlights the adoption of evasion techniques like cloaking alongside emerging tactics such as SEO poisoning and phishing-as-a-service. These developments underscore the critical role of these new capabilities in safeguarding against evolving cyber threats. Continuous and Complete Protection Against Domain-based Threats ZeroFox adopts a unique approach to phishing compared to email security and conventional anti-phishing providers. Its strategy revolves around the identification, disruption, and elimination of the domains necessary for launching phishing campaigns. With daily monitoring of over 65 million domains, ZeroFox combats various threats like typo squats, subdomain spoofs, homoglyphs, and other malicious domain and URL-based attacks, effectively shielding customers and preventing any disruptions to business operations. Incorporate advanced domain protection capabilities to enhance their cybersecurity measures, aiming to achieve substantial and measurable business outcomes: Reduce Phishing Risks with Anti-Cloaking Capabilities: Strengthen Compliance and Trust with SSL Monitoring Secure Brand Identity with Favicon Search Improve Operational Efficiency with Enhanced Subdomain Coverage Enhance User Experience (UX) with Weblog Monitoring Mike Price, Chief Technology Officer of ZeroFox, said, ZeroFox has been detecting and disrupting phishing attacks for the last decade, constantly enhancing our solution to protect our customers from changing phishing techniques used by threat actors, including the widespread use of malicious cloaking and subdomains techniques. [Source – Globe Newswire] Price stated that the enhanced capabilities being announced represented their ongoing commitment to tackling the increasing phishing challenge encountered by security teams. He emphasized that as phishing continued to evolve, ZeroFox would remain a trusted anti-phishing partner dedicated to safeguarding customers from both current and future phishing techniques. About ZeroFox ZeroFox, a prominent enterprise software-as-a-service provider in the field of external cybersecurity, has revolutionized security beyond the corporate perimeter on the internet, where businesses conduct their operations and threat actors are active. Their platform seamlessly integrates cutting-edge AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust set of breach, incident, and takedown response tools. This enables them to uncover and disrupt various threats, including phishing and fraud campaigns, botnet exposures, impersonations, credential theft, data breaches, and physical threats that target domains, brands, personnel, and assets.

Read More

API Security

Salt Security, CrowdStrike Expands Partnership with New Integration

Salt Security | September 20, 2023

Salt Security, a prominent API security company, has announced the expansion of its partnership with CrowdStrike, a leading cybersecurity technology company providing cloud workload and endpoint security, cyberattack response, and threat intelligence services. This expansion involves the integration of the Salt Security API Protection Platform with the widely recognized CrowdStrike Falcon Platform. Roey Eliyahu, Co-founder and CEO of Salt Security, stated, Protecting against API threats requires deep visibility and robust runtime protection. We’re excited to bring our unique strengths in API security to the CrowdStrike customer base with this new integration. Together with CrowdStrike, Salt can provide organizations with extended runtime protections and posture management across the cloud and application landscapes. [Source – Cision PR Newswire] Through this integration, customers gain access to a comprehensive 360-degree view of API security risks, particularly focusing on the application-layer attack surface. This integration is accessible via the CrowdStrike Marketplace and provides valuable API threat intelligence. It also enhances cross-organization API security capabilities by streamlining and enhancing the workflows related to API auditing, monitoring, and enforcement. The partnership between Salt Security, offering top-notch API runtime monitoring and AI-driven insights, and CrowdStrike, renowned for its award-winning AI-powered protection, provides organizations with complete visibility into their API attack surface. This integration also offers valuable context regarding the severity of threats in relation to business-critical aspects. With this partnership, customers benefit from: API vulnerability and threat context API threat mitigation API threat management automation The patented Salt API security platform stands out for its utilization of cloud-scale big data, artificial intelligence (AI), and machine learning (ML). These technologies work in tandem to automate the process of discovering and cataloging an organization's entire set of APIs. Salt plays a crucial role in pinpointing areas where APIs might expose sensitive data. This proactive approach aids enterprises in recognizing and mitigating potential API threats while also reinforcing their overall API security. Gur Talpaz, Head of Falcon Fund and Vice President of Corporate Development at CrowdStrike, said, With APIs now a prime target for malicious actors, securing them requires a comprehensive and diligent approach. Through this joint integration, we can harness the mature AI-driven intelligence of the Salt API security platform with our widely deployed Falcon platform, giving organizations complete visibility into their application-layer attack surface and a detailed understanding of their application threat landscape. [Source – Cision PR Newswire] About Salt Security Salt Security is a leading API security company that safeguards the APIs at the core of all modern applications. Its API Protection Platform is the sole API security solution that integrates the power of cloud-scale big data with time-tested machine learning and artificial intelligence to detect and prevent API attacks. Salt provides extensive context, real-time analysis, and continuous insights for API discovery, hardening APIs, and attack prevention by correlating the activities of millions of APIs and users over time.

Read More

Software Security

Conceal and CyberForce Security Announce Strategic Partnership: Amplifying MSSP Services with Advanced Browser Security

Business Wire | September 29, 2023

Conceal, a pioneer in web security innovation, is excited to announce its strategic alliance with CyberForce Security, a leader in cybersecurity products and services. This collaboration is set to enhance CyberForce's already comprehensive technology suite by including ConcealBrowse's elite browser security. We are thrilled to integrate with CyberForce Security, a powerhouse known for its value-driven approach and deep commitment to offering the finest cybersecurity solutions in the industry. By incorporating ConcealBrowse into their portfolio, we're collectively raising the bar in web protection for MSPs of all sizes.commented Gordon Lawson, CEO of Conceal. Miles Dunbar, COO of CyberForce Security, stated, “At CyberForce, our ethos revolves around understanding our partners and clients, both technically and business-wise. By integrating with Conceal's browser security, we're amplifying our promise of delivering only the best-of-breed solutions. This collaboration embodies our dedication to staying at the forefront of cybersecurity innovation.” This partnership aligns perfectly with CyberForce Security's mission of hand-picking elite cybersecurity products and ensuring every business, from start-ups to established giants, has access to top-tier protective solutions. As both companies champion a customer-centric approach, their synergistic endeavor promises to set new benchmarks in MSSP offerings. For Managed Service Providers seeking to fortify their security offerings, we invite you to join the Conceal MSP Community, where the focus is protection where it truly counts: at the browser. As part of our community, you’ll gain complimentary access to NFR licenses of ConcealBrowse. With effortless deployment and user-friendly interfaces, it integrates seamlessly into existing security infrastructures and stands robustly as a standalone solution, offering you unparalleled ease and flexibility. More so, built-in multi-tenancy and monthly billing features open avenues for revenue growth, allowing easy downstream deployment to your clients. Don’t miss this opportunity to enhance your security toolkit and grow your practice. About Conceal Conceal is at the forefront of defending against web-based attacks, using innovative technology to detect, prevent, and shield businesses and individual users from ever-evolving online threats. ConcealBrowse operates on the principle of proactive protection. Its AI-powered intelligence engine, ConcealSherpa, runs at machine speed with virtually zero latency to identify potentially harmful webpages autonomously, stopping cyber attacks that take advantage of weaponized links. For more information, visit https://conceal.io/.

Read More

Enterprise Security

Skybox Security Launches New Continuous Exposure Management Platform

Skybox Security | September 14, 2023

Skybox Security, a leading Exposure Management solutions provider, has unveiled the next generation of its prestigious Continuous Exposure Management Platform. This 13.0 release introduces significant enhancements to its solution for Attack Surface and Vulnerability Management, which revolutionizes the manner businesses manage and mitigate cyber exposure risk. Attack Surface Management Delivers Complete Visibility Skybox's Surface Management solution provides an extensive inventory and map of users' assets and applications. It evaluates and simulates attack paths. The result is a dynamic security model for the hybrid attack surface. Version 13.0 introduces significant new features, including: New Attack Surface Map Enhanced Attack Path Analysis LDAP Integration Cloud Infrastructure Integration Vulnerability Management Deepens Exposure Insights Skybox's Vulnerability Management solution combines more than 25 third-party threat intelligence feeds with its own Skybox Threat Intelligence feed in order to prioritize threats based on exposure risk and remediate vulnerabilities with prescriptive guidance. With Version 13.0, businesses are able to: Import Vulnerability Data New Business-Focused' Solutions View' Celebrity Vulnerabilities SOAR Integration Mordecai Rosen, CEO of Skybox Security, said, In today's complex threat landscape, organizations need to continuously manage their threat exposure based on the prioritized risks to their business. [Source – Business Wire] Rosen stated that the Skybox platform now supports every stage of an enterprise's continuous exposure management (CEM) program, from mapping the attack surface through contextualization and risk-based prioritization to final remediation. It was also mentioned that the latest enhancements enable organizations to further improve their security posture and substantially reduce the risk of a successful attack. About Skybox Skybox is trusted by over 500 of the world's largest and most security-conscious enterprises for providing insights and assurance to stay ahead of dynamically changing attack surfaces. Its Exposure Management Platform provides complete analytics, visibility, and automation to quickly prioritize, map, and remediate vulnerabilities across organizations. The vendor-agnostic solution optimizes security policies, actions, and change processes across all cloud environments and corporate networks. With Skybox, security teams can emphasize the most strategic business initiatives while ensuring enterprises remain protected.

Read More

Spotlight

Counterfeit threats, such as fraudulent ads and look-alike domains, are on the rise especially with the expansion of e-commerce and online consumer-to-business interaction. However, the collection and mitigation of counterfeit activity can be complicated. Prioritizing relationships with platforms and providers along with collect

Resources