ENTERPRISE SECURITY

SecurityScorecard Partners with Tenable to Deliver Complete Cyber Risk Monitoring

SecurityScorecard | August 23, 2021

SecurityScorecard, the global leader in security ratings, today announces a partnership with Tenable the Cyber Exposure company, to deliver a comprehensive view into an organization's risk posture by marrying Tenable's unmatched visibility and depth of analytics into enterprise environments with external cyber monitoring powered by SecurityScorecard. As a result of this partnership, CISOs, IT leaders and security teams are able to review their SecurityScorecard rating, assess their external cybersecurity health, and understand their risk posture directly within the Tenable Lumin dashboard.

"Understanding your up-to-date risk posture has become a necessity in a world that's increasingly more complex, dynamic and transient," said Ray Komar, vice president of technical alliances, Tenable. "We're excited to partner with SecurityScorecard to give customers complete visibility into the risks that exist inside and outside their environment, and guidance for how to most effectively reduce that risk, all in a single platform."

Point-in-time or periodic cybersecurity testing procedures have become antiquated. Today's cyber risks change by the minute and companies need a solution that keeps pace with the dynamic nature of cybersecurity by continuously monitoring for exposures and measuring the security posture and cyber resilience across the organization.

"Organizations must be proactive to address cyber breaches, and security ratings are the foundation to measuring and understanding security resilience in real time," says Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard. "Together, SecurityScorecard and Tenable are advancing a new standard for continuous monitoring by blending external and internal risk assessments, which provide organizations with a holistic view into the risks that exist in their environments."

The integration pairs Tenable Lumin's advanced analytics capabilities for assessing risk alongside real-time visibility of external vulnerabilities from SecurityScorecard. This arms Tenable Lumin customers with the intelligence to develop external risk management and threat detection playbooks through real-time updates, allowing organizations to effectively identify and respond to threats and risks.

SecurityScorecard continuously monitors millions of entities globally, and uses non-intrusive proprietary methods to assess their security posture across ten risk categories to instantly deliver an easy-to-understand "A" through "F" rating; including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. On a daily basis, these ratings are updated based on objective, publicly-available data that, similar to credit ratings, provides an "outside-in" view of an entity's security posture.

About SecurityScorecard
Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital and others, SecurityScorecard is the global leader in cybersecurity ratings with tens of millions of companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 18,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Spotlight

"Apple strongly discourages iOS users from jailbreaking their devices and for good reason: the practice can impair key device functionality, such as OS upgrades, and can also introduce significant security risks, such as the ability to download and execute unvetted and potentially malicious applications."


Other News
DATA SECURITY

ContraForce Announces $2M Seed Investment from DataTribe

ContraForce | December 28, 2021

DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies, announced today a $2M seed investment in ContraForce, a leader in no-code security automation for small and medium-sized businesses. ContraForce delivers a no-code security automation platform that makes cyber security accessible for small and medium-sized businesses that lack the resources and expertise to defend themselves. In addition, ContraForce also brings this facility to security compliance; a critical feature, as customers, regulators and insurance companies are putting increasing pressure on small and mid-sized organizations to not only be secure, but also to prove it. No longer is it acceptable for smaller organizations to be a step behind in their security and compliance. Hackers are increasingly targeting them for ransomware or as an entry point into a supply chain. Because small businesses typically have limited resources to cope with a cyber attack, cyber attacks can represent an existential risk for them. ContraForce enables small and mid-sized businesses to manage this risk with their easy-to-use, self-service platform to automate threat detection, response, and compliance. “We are thrilled to announce DataTribe's most recent investment in ContraForce on the heels of the company winning the fourth annual DataTribe Challenge,” said John Funge, Managing Director at DataTribe. “By providing a sort of security and compliance ‘easy button’, ContraForce is filling a really significant gap. Just because an organization is small does not mean that it does not possess vital data, IP, or access to strategic networks. It is paramount that smaller organizations overcome the resource barriers to robust security. ContraForce’s unique approach dramatically lowers these barriers.” “I am looking forward to working with DataTribe as we build on the ContraForce team's passion for simple and effective cybersecurity solutions designed for the needs of small and medium-sized businesses,” Stan Golubchik, CEO and co-founder of ContraForce ContraForce’s security and compliance solutions map security vulnerabilities to the industry standard MITRE ATT&CK framework. They create and adapt security detection and response capabilities in real-time, ensuring the environment is secured in hours across the cloud, network, endpoint, and users. By using ContraForce, an organization without dedicated security personnel can respond to threats without having to learn or write complex security detection code and response workflows. About DataTribe DataTribe is a startup foundry that invests in and co-builds world-class startups focused on generational leaps in cybersecurity and data science. Founded by leading investors, startup veterans, and alumni of the U.S. intelligence community, DataTribe commits capital, in-kind services, access to an unparalleled network, and decades of professional expertise to give their companies an unfair advantage. DataTribe is headquartered in the Washington-Baltimore metro area, in Fulton, Maryland. About ContraForce ContraForce is the new no-code security automation company. We focus on securing the small and medium-sized businesses by helping their security and IT teams work smarter, allowing them to implement automated operations that are effective in combating cyberattacks and demonstrating compliance. ContraForce is headquartered in McKinney, Texas and was founded and built by industry security and cloud experts from Armor, McAfee, and Intel. ContraForce's mission is to empower IT and Security teams and enable them to be more efficient.

Read More

PLATFORM SECURITY

Contrast Security Achieves AWS DevSecOps Competency Status

Contrast Security | May 13, 2022

Contrast Security (Contrast), the leader in code security that empowers developers to secure-as-they code, announced today that it has achieved Amazon Web Services (AWS) DevOps Competency for development, security, and operations (DevSecOps) garnered by demonstrating technical proficiency and proven customer success specializing in DevSecOps. Contrast was selected as one of the official launch partners of the DevSecOps Competency by AWS, which is an extension of the DevOps category. Achieving the AWS DevOps Competency for DevSecOps differentiates Contrast Security as an AWS Partner with deep domain expertise in delivering software products that integrate security across every stage of the development and delivery cycles, including pre-, during, and post-deployment. Contrast Security is part of a small group of innovative security technologies to achieve the AWS DevSecOps Competency in its inaugural year. "We're honored to achieve AWS DevSecOps Competency status on top of the DevOps Competency status that we received last year. It is a true testament to our efforts in helping large enterprises ensure security and compliance across the entire lifecycle of their web applications and APIs running on AWS. We're looking forward to expanding our AWS capabilities so that organizations garner continuous visibility and centralized point-of-control for software risk through a single platform." Surag Patel, Chief Strategy Officer at Contrast Security By using instrumentation technology, Contrast Security is embedding self-assessment and self-protection capabilities directly into AWS applications during run-time. This enables DevSecOps teams to detect accurate code-level vulnerabilities (both custom code and open source libraries) in development and quality assurance (QA) environments, and monitor and block production applications from threats and attacks in real-time. Envestnet | Yodlee, the leading data aggregation and data analytics platform, helps consumers live better financial lives through innovative products and services created for more than 1,400 financial institutions and financial technology (FinTech) companies. The company revolutionizes financial services with its intelligent APIs, innovative applications, and advanced analytics products. With the help of Contrast Security and AWS, the company was able to seamlessly integrate new applications and accelerate its time-to-market. The AWS offerings have helped Envestnet | Yodlee launch products to market quickly and effectively. By implementing Contrast as part of their DevSecOps initiatives, Envestnet | Yodlee further secured its financial software solutions and by adopting a DevSecOps methodology, security and development teams are jointly responsible for bolstering security by essentially bringing development and operations together. "Envestnet | Yodlee requires an application security framework that is repeatable, scalable, and can find and remediate vulnerabilities by using the best software security solutions," said Saran Makam, Director of Application Security at Envestnet | Yodlee. "My team chose Contrast Security because their solution was well received by our development and security teams and because it works continuously and in real-time." About Contrast Security Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Read More

PLATFORM SECURITY

OccamSec Unveils Revolutionary Cybersecurity Platform Set to Change the Industry

OccamSec | May 04, 2022

OccamSec, a leading cybersecurity provider, announced today the launch of their Incenter platform. Incenter identifies the security weaknesses an organization has in real-time, and helps teams develop insights and communicate business context from a security perspective. For today's organizations, the threat landscape is constantly evolving. Penetration testing and vulnerability scanning can help, but with new vulnerabilities and exploits found all the time, infrequent testing means risk data may be outdated. At the same time the industry is trending towards slicing the solution ever thinner, which means costs keep increasing. Incenter combines the functionality of a range of security services in one single solution. The platform provides, in real time, where an organization is vulnerable, and just as critically, what the impact will be if an attack occurs. Incenter utilizes a dual approach. It combines the best in technology with advanced automated testing, and the best in people with OccamSec's security team. Supported by vulnerability research and a threat intelligence team, the burden on clients having to buy multiple services is eliminated. Users have the ability to generate reports that compile real-time information with the touch of a button, rather than waiting for a timed report to be generated. Incenter also provides step-by-step guidance on how to mitigate any risks that are identified, with the tools an organization already has which means no hidden costs. Incenter combines the functionality of a range of security services in one single solution: Manual Penetration Testing Penetration Testing as a Service (PTaaS) Automated Security Validation (ASV) Vulnerability Scanning External Attack Surface Management (EASM) Crowd Source Penetration Testing Threat Intelligence This provides a single source of truth on the exposures an organization faces. Improving the effectiveness of any security team, regardless of size, and at the same time breaking organizations out of ever increasing cyber security expenditure. The platform's focus on the unique business context of each organization means that security teams no longer have to trudge through 1000's of scan findings or determine how relevant a penetration test finding is and how to fix it. At the same time from the dashboard, management can see a high level summary of their organization's exposure, the likelihood of a breach, and how much it's going to cost them. "Over the years we have seen what works, what doesn't and where the gaps are," says OccamSec founder Mark Stamford. "The biggest gap is organizations needing more and more tools and services to effectively secure themselves. The key to effective security is joining the dots, not having ever more dots scattered in ever more places. With Incenter we have combined the talents of our security team and their expert knowledge, with a technical solution that is unrivaled. The result is a win for our clients, regardless of size." About OccamSec OccamSec is a leading provider in the world of cybersecurity. Its clients rely on them to provide information security services that exceed current industry standards. OccamSec provides accurate, actionable information to reduce risk and enable better informed decisions. Its unique end-to-end solutions detect, identify, respond, and protect in order to maximize the effectiveness of security programs.

Read More

SOFTWARE SECURITY

Illumio Collaborates with IBM Security to Bolster Cyber Resilience for Modern Organizations

Illumio | May 06, 2022

Illumio, Inc., the Zero Trust Segmentation company, today announced an expanded relationship with IBM Security and a new integration between the companies’ technologies for advanced end-to-end threat detection and response. The integration combines IBM Security QRadar XDR with Segmentation from Illumio to provide pre-attack protections for accelerated detection and automated containment and remediation capabilities to help defend against the impacts of aggressive cyberattacks, including ransomware. “In 2021, over half of organizations globally reported suffering a ransomware attack that blocked access to critical systems or data,” said Frank Dickson, Program Vice President at IDC. “As ransomware, and the attackers behind it, continues to plague every industry, organizations must act now to bolster cyber and business resiliency. The best way firms can safeguard their organizations is to address the five core elements of a ransomware attack: initial compromise, lateral movement, privilege escalation, data exfiltration and the encryption. Given the complexity and difficulty of the task, security tools should be adaptable, scalable and emphasize real-time visibility to enable real-time action.” The integration provides customers with enhanced visibility into network traffic and can help limit the potential spread of attacks by segmenting application networks. When an intrusion takes place, an attacker’s external communication and movement throughout an organization’s network can be quickly detected, denied, and analyzed with the help of Illumio and QRadar SIEM. This centralized visibility and analysis can help with the detection of threats and ransomware that moves, often undetected, throughout organizations. Beyond detection, Illumio’s integration with QRadar SOAR enables incident responders to activate Illumio’s emergency ransomware containment controls in near real time, helping them to reduce the impact of ransomware and accelerate the eradication and recovery process. “The onslaught of ransomware attacks demands end to end visibility, advanced analytics and automated actions based on an open platform – which are the foundational elements on which QRadar XDR was designed. “By leveraging its open architecture and segmentation platforms like Illumio, QRadar XDR helps customers achieve early detection, orchestration, and rapid, automated response to ransomware and other fast-moving attacks.” Chris Meenan, VP of Product Management at IBM Security “In February 2022, the Cybersecurity and Infrastructure Security Agency reported ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors, which signals the urgent business resilience risk it poses,” said John Skinner, VP, Business Development at Illumio. “Not only is ransomware today becoming more sophisticated and targeted, but incident rates are climbing. Successful detection and response depends on segmentation aligned with Zero Trust principles to isolate and stop ransomware before it spreads. Together, Illumio and IBM Security are empowering organizations to minimize the business impact of devastating attacks by combatting known risks at every phase.” About Illumio Illumio, the Zero Trust Segmentation company, prevents breaches from spreading and turning into cyber disasters. Illumio protects critical applications and valuable digital assets with proven segmentation technology purpose-built for the Zero Trust security model. Illumio ransomware mitigation and segmentation solutions see risk, isolate attacks, and secure data across cloud-native apps, hybrid and multi-clouds, data centers, and endpoints, enabling the world’s leading organizations to strengthen their cyber resiliency and reduce risk.

Read More

Spotlight

"Apple strongly discourages iOS users from jailbreaking their devices and for good reason: the practice can impair key device functionality, such as OS upgrades, and can also introduce significant security risks, such as the ability to download and execute unvetted and potentially malicious applications."

Resources