SecurityScorecard Revamps Its Cybersecurity Risk Management Product Amidst Global Shift to Remote Work

SecurityScorecard | June 03, 2020

  • SecurityScorecard , announced new capabilities in its best-in-class product suite. These updates enable security and risk teams at any organization to collaborate faster and smarter.

  • Our solution brings unique and actionable data and analytics to customers so that they can become cyber resilient in less time and with more confidence.

  • This provides a transparent view of what cybersecurity issues have been remediated, with visibility into what has been requested and resolved by their third parties.


SecurityScorecard, the global leader in security ratings, announced today new capabilities in its best-in-class product suite. These updates enable security and risk teams at any organization to collaborate faster and smarter amidst a massive global shift to remote work. SecurityScorecard is proud to empower organizations worldwide to combat cyber risks. Our solution brings unique and actionable data and analytics to customers so that they can become cyber resilient in less time and with more confidence," said Sam Kassoumeh, COO and co-founder of SecurityScorecard. Companies that use SecurityScorecard to engage their supply chain see a quantifiable improvement in their ecosystem security posture, which is now more important than ever.


SecurityScorecard's revamped cybersecurity risk management product suite includes more than 25 unique, new capabilities. These include. Invited Company Experience: Organizations gain the ability to easily improve their score, access to time-saving automations and educational materials that give prescriptive tips on how to collaborate effectively with their third parties.Audit Log: This provides a transparent view of what cybersecurity issues have been remediated, with visibility into what has been requested and resolved by their third parties.Rule Builder: Organizations can now create rules to automatically detect and act on any changes to their score to proactively identify their biggest areas of risk.



Read more: MICROSOFT ENHANCES AZURE CLOUD SECURITY FOR GREATER VISIBILITY INTO THIRD-PARTY ACCESS

SecurityScorecard is proud to empower organizations worldwide to combat cyber risks. Our solution brings unique and actionable data and analytics to customers so that they can become cyber resilient in less time and with more confidence.

~ Sam Kassoumeh, Founder SecurityScorecard .


Custom Questionnaire Creator: With over 20 industry standard questionnaires and the ability to edit and customize any questionnaire, customers can now assess and survey any organization in the world against any framework -- and gain unique SecurityScorecard insights to streamline the assessment process .Summarize Risk Findings on Atlas: SecurityScorecard's leading questionnaire and evidence exchange platform, Atlas, now features the ability for organizations to add notes, findings, and remediation plans. The importance of collaborating on cybersecurity is paramount as workforces shift to remote work, expanding the perimeter beyond what many companies are equipped to handle. Many organizations are depending on their security teams to protect against cyber attacks that pose a major risk to their business operations.

SecurityScorecard's leading questionnaire and evidence exchange platform, Atlas, now features the ability for organizations to add notes, findings, and remediation plans,The importance of collaborating on cybersecurity is paramount as workforces shift to remote work .


According to a study from McKinsey, 32% of CISOs are looking for more collaborative tools, guides, training, and operating norms that will help secure their organizations. Companies that engage with their SecurityScorecard rating can reap significant benefits. Organizations that are invited to the platform with a security grade of 'C' of below typically exhibit an average of 7 to 8 point improvement. Many newly invited companies have noted that SecurityScorecard has increased their visibility into their risk environment and empowered their teams to remediate issues that were previously overlooked. With over 1.4 million companies rated, SecurityScorecard is the global industry leader in security ratings. SecurityScorecard collects and analyzes global threat signals that allows organizations to have instant visibility into the security posture of vendors and business partners as well as the capability to do a self-assessment of their own security posture.


The technology continuously monitors 10 groups of risk factors to instantly deliver an easy-to-understand A-F rating. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 1,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors.


Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Spotlight

Information is every organization’s key asset, and security is essential to the office—for documents and for any devices connected to the network. And in the 21st century, the network is the hub of virtually all business activity. The threat is very real and the stakes are growing at exponential rates. A breach in the security of an organization’s documents can result in unauthorized use of sensitive or proprietary information. It can lead to harmful disclosure, stolen or compromised intellectual property and trade secrets. And for many organizations, these security breaches can end with costly fines and litigation, to the tune of hundreds of thousands to millions of dollars. When it comes to networked multifunction printers, or MFPs, additional vulnerabilities can be present because these devices can print, copy, scan to network destinations, send email attachments and handle incoming and outgoing fax transmissions. For those in IT, it’s critical to the security of an organization’s network to make sure that security infractions can’t happen through network-connected MFPs—or at the devices themselves.


Other News
SOFTWARE SECURITY

Guidepost Solutions Acquires Significant Equity Interest in Cybersecurity Solutions Firm Truvantis, Inc.

Guidepost Solutions LLC | March 29, 2022

Guidepost Solutions LLC, a global leader in domestic and international investigations, compliance solutions, monitoring, and security and technology consulting, announced that it has acquired a significant equity stake in Truvantis, Inc., a cybersecurity company formed in 2010. Truvantis provides best-in-class cyber and privacy services to secure infrastructure, data, operations, and products. This strategic partnership allows both Guidepost and Truvantis to offer a wide-ranging suite of cybersecurity solutions and consulting services, at a time when cybersecurity risks are evolving and affecting all business operations. Truvantis is led by its founder and CEO, Andy Cottrell. With more than 25 years of experience in IT and cybersecurity, Cottrell has designed and implemented security solutions, launched innovative security products to market, and helped countless small and large companies improve their security posture. “I am pleased to announce this partnership with Truvantis, as part of our firm’s continued efforts to grow its capabilities and footprint in the cybersecurity arena. We are committed to providing our clients with unique solutions to defend against one of the greatest risks facing their companies – cyber threats. This partnership significantly expands our ability to fulfill that commitment.” Julie Myers Wood, Guidepost Solutions CEO This new alliance enables clients to leverage comprehensive threat, risk, vulnerability management, privacy, and assessment services to protect against a full spectrum of cyber and physical security issues and address a variety of regulatory and business-critical requirements. Today’s companies are faced with an increasing number of requests for independent verification of their cybersecurity and privacy policies and practices. Whether it’s an assessment against a security framework like the NIST CSF, ISO 27001, or CIS Controls, addressing compliance with privacy laws and requirements like the PCI DSS, or preparing for a SOC2 or HITRUST audit, companies are seeking help from highly qualified, credentialed consultants who can help address these complex cybersecurity and privacy challenges. The Guidepost/Truvantis team will afford clients a depth of expertise as well as a breadth of services to address a broad range of risk mitigation needs. “Guidepost Solutions is a leader in investigations, compliance, and physical security consulting and we’re excited to bring these capabilities to our clients to provide comprehensive risk management solutions,” said Andy Cottrell, CEO, Truvantis. “As the market continues to evolve toward consolidated physical, personnel, and cybersecurity management, this partnership enables us to provide the most comprehensive solutions in the market.” Through this investment and partnership, Guidepost Solutions and Truvantis are positioned to enhance cyber and physical security defenses for clients and provide resiliency for their critical systems. Specific security services include risk assessments, security testing, cyber investigations, cybersecurity governance, data protection, privacy consulting, operational security design and project management, vCISO, and remediation services. About Guidepost Solutions LLC Guidepost Solutions is a leader in domestic and international investigations, compliance solutions, monitoring, and security and technology consulting. We work wherever your needs take us – whether on the ground around the globe – or from one of our offices located in Bogotá, Boston, Chicago, Dallas, Honolulu, London, Los Angeles, Miami, New York, Palm Beach, Philadelphia, Phoenix, San Francisco, Seattle, Singapore, Walnut Creek, and Washington, DC. About Truvantis Inc. Truvantis® is a cybersecurity consulting organization providing best-in-class privacy and cybersecurity services to secure your organization’s infrastructure, data, operations, and products. We specialize in helping our customers improve their cybersecurity posture by implementing, testing, auditing, and operating information security programs.

Read More

ENTERPRISE SECURITY

Confluera Cloud Research Finds Cybersecurity Concern as Biggest Obstacle to Cloud and Multi-Cloud Adoption

Confluera | February 19, 2022

Confluera, the leading provider of next-generation cloud cyber attack detection and response, today released the findings of their latest research report, which explores how IT leaders detect, evaluate, and act against cybersecurity threats in today's cloud environment. The study, 2022 Cloud Cybersecurity Survey Report, showcases the perspective of 200 U.S. IT leaders at medium to large sized organizations and how they are tackling the increasingly complex remote, cloud-centric IT security landscape. The majority of organizations are accelerating their cloud adoption with 97% of IT leaders surveyed stating that their strategy includes the expansion of cloud deployments. The strategy includes expansion in scale and in many cases, the adoption of multiple platforms such as AWS, Google Cloud and Azure. This strategy is not without its challenges, however. Approximately, 63% of IT professionals identified cyberthreats designed to target cloud services as the top obstacle to their cloud strategy. Cloud and multi-cloud adoption has greatly increased the workload of already burdened IT teams. Of the 200 IT leaders surveyed, only about half of the respondents said that they are adequately staffed to manage the frequency of alerts they receive. IT teams spend 54% of their time investigating security alerts, with over half of those alerts turning out to be false or benign alarms. As threats within the cloud proliferate, IT leaders are looking for solutions to help them quickly separate the signal from the noise so they can act on the real threats promptly. Some key findings of the survey as it relates to cloud deployments are below. More than 65% of IT leaders said cloud IaaS adoption (AWS, Azure, Google Cloud, etc.) was the primary contributor to their increased workload in 2021 When asked what challenges were associated with adopting multiple cloud platforms, 69% said maintaining consistent cybersecurity coverage across all cloud infrastructures Nearly 50% said securing the resources to manage different cloud infrastructures Nearly 45% identified the difficulty detecting threats progressing from one cloud infrastructure to another "While accelerated cloud adoption continues to be a critical element in adapting to the new way of doing business, it has strained IT leader's ability to manage their workload, Organizations need to ensure proper people, processes, and tools are in place for the team to expand the complex cloud environments without sacrificing their attention to security." John Morgan, CEO of Confluera Morgan continued, "To make matters worse, the Great Resignation has demonstrated the burnout that workers across the U.S. economy are feeling, and nowhere is this burnout more obvious than in the cybersecurity teams. Organizations must ensure frequent conversations between executives and cybersecurity managers to ensure they are well equipped to adequately manage alerts, maintain systems, and avoid burnout within their teams. Other key findings include the following: 85% of IT leaders said that they experienced increased workload due to shift in work model including remote workers Nearly 70% of IT leaders said that the change in work model has made it more difficult to keep company resources secure Nearly 59% of all alert investigations turn out to be false alarms or benign activities 90% of IT leaders said they create threat storyboards but close to 60% rely on third-party services to create storyboards after the incident Not all findings in the report were so glum, however. In a positive sign, 84% of IT leaders were optimistic about their cybersecurity readiness for 2022. The majority of respondents note the availability of new cybersecurity tools as the reason for their positive outlook, with 59% saying that a Detection and Response solution for the cloud, or CxDR, is the innovation they are most excited about for future deployment. "2021 was a tough year for many IT leaders, but the market is now providing organizations with the tools they need to effectively manage the infrastructures they have and even expand them further," added Morgan. "Given proper resources and effective communication, IT leaders have every right to be positive as we move into the new year." About the Study Confluera commissioned an independent research firm to survey U.S. IT leaders using a national network of verified panel providers. A total of 200 respondents completed the survey, which was conducted between December 3-7, 2021. Those surveyed included those with senior titles, including Manager, Director, and VP/C-level. The margin of error for this study is +/-5.9% at the 95% confidence level. About Confluera Confluera is the leading provider of next-generation Cloud eXtended Detection and Response (CxDR) solutions. Recognized by Forbes as one of the Top 20 Cybersecurity Startups to Watch in 2021, Confluera's storyboard technology automates cyber attack analysis making small and large security teams more efficient. The solution has unprecedented visibility of attacks in the cloud and modern application architectures, reveals threats in real-time, and will shut down advanced multistage attacks.

Read More

INFOSEC PROJECT MANAGEMENT

TestArmy Partners with HUB Security for Advanced Cyber Security Solutions

HUB Security | April 28, 2022

Today, HUB Security , a secure computing solutions provider, announced it has signed a strategic partnership with testing and cyber security leader, TestArmy, to offer HUB Security's Advanced DDoS Simulation Platform - D.Storm. HUB Security will be TestArmy cyber security partner to enhance current offerings and work together to reach ransomware resilience in the polish and central European market. TestArmy Group is one of the fastest growing testing companies in Central Europe. Specializing in cyber security and quality assurance of digital products. "With organizations challenged with increasing and new cyber incidents, we see great value in partnering with TestArmy and developing together future cyber solutions for the European market." Eyal Moshe, CEO and co-founder of HUB Security "With the growing list of customers we help protect and require the most advanced security solutions to maintain their operations," said Wojciech Humiński, CEO at TestArmy. "HUB Security's solutions will allow our customers a higher level of cyber readiness facing current and new cyber threats." About HUB Security HUB Security was established in 2017 by veterans of the 8200 and 81 elite intelligence units of the Israeli Defense Forces. The company specializes in unique Cyber Security solutions protecting sensitive commercial and government information. The company debuted an advanced encrypted computing solution aimed at preventing hostile intrusions at the hardware level while introducing a novel set of data theft prevention solutions. HUB operates in over 30 countries and provides innovative cybersecurity computing appliances as well as a wide range of cybersecurity professional services worldwide. About TestArmy TestArmy Group is one of the fastest growing testing companies in Central Europe according to the Deloitte ranking (2019). Security, UX and Quality Assurance testing company with 80+ professional IT software testers/pentesters who possess ISTQB or other world renowned certificates.

Read More

SOFTWARE SECURITY

ReliaQuest Expands GreyMatter Platform with support for Risk Scenarios and MITRE ATT&CK v10

ReliaQuest | February 18, 2022

ReliaQuest, the leader in Open XDR-as-a-Service, today announced the expansion of its GreyMatter platform with support for MITRE ATT&CK v10 and Risk Scenarios that visually maps and measures a security program’s detection coverage in terms of threats and cyber risks. This new feature enables security leaders to close the communications gap with business leaders while demonstrating how well their security program mitigates cyber risks of most concern to the enterprise. Many leaders are challenged with measuring the progress of their security program and the impact of their security investments. According to a recent Ponemon Institute Research report, 64% of security leaders say a lack of standardized security metrics to measure progress is the primary obstacle to implementing an IT security risk management program. What’s more, 58% say that the lack of a well-defined security and risk management program is what makes their organization most vulnerable to cyberattacks. With the ability to map coverage against Risk Scenarios, GreyMatter enables security leaders to have a real-time view into how they are performing against individual threats or cyber risks they are most concerned about. They can pinpoint any gaps in coverage and make informed decisions on how best to proceed with investments and actions to close these gaps. Breakdowns by cyber risk categories and subcategories within them help security leaders focus on areas of concern at a granular level. “Too often, leaders rely on technical metrics that lack a holistic view of how security tools are operating together, leaving them at a loss when it comes to communicating cyber risks to the business, What’s more, translating the effectiveness of security tools in a language that leadership understands poses even more of a challenge. Now, with Risk Scenarios, security leaders have a more comprehensive view into how much coverage they have across cyber risk areas that concern them the most. This will help them make informed decisions on how best to approach these issues and communicate them effectively to leadership.” Brian Foster, Chief Product Officer at ReliaQuest Additionally, ReliaQuest announced an upgrade of its support for the latest MITRE ATT&CK framework version 10. By upgrading to support v10 of the framework, GreyMatter users are better able to visualize and measure detection coverage aligned to the latest techniques. In line with keeping with improving efficiencies for security operators, GreyMatter delivers enhancements to reduce tool hopping by automating collection of various contextual information, aiding in faster investigations and further streamlining the security operations workflow. About ReliaQuest ReliaQuest, the leader in Open XDR-as-a-Service, is the force multiplier for security operations teams. ReliaQuest GreyMatter is a cloud-native Open XDR platform that brings together telemetry from any security and business solution, whether on-premises, or in one or multiple clouds, to unify detection, investigation, response and resilience. ReliaQuest combines the power of technology and 24/7/365 security expertise to give organizations the visibility and coverage they require to make cybersecurity programs more effective.

Read More

Spotlight

Information is every organization’s key asset, and security is essential to the office—for documents and for any devices connected to the network. And in the 21st century, the network is the hub of virtually all business activity. The threat is very real and the stakes are growing at exponential rates. A breach in the security of an organization’s documents can result in unauthorized use of sensitive or proprietary information. It can lead to harmful disclosure, stolen or compromised intellectual property and trade secrets. And for many organizations, these security breaches can end with costly fines and litigation, to the tune of hundreds of thousands to millions of dollars. When it comes to networked multifunction printers, or MFPs, additional vulnerabilities can be present because these devices can print, copy, scan to network destinations, send email attachments and handle incoming and outgoing fax transmissions. For those in IT, it’s critical to the security of an organization’s network to make sure that security infractions can’t happen through network-connected MFPs—or at the devices themselves.

Resources