SecurityScorecard | January 28, 2022
SecurityScorecard, the global leader in cybersecurity ratings, today announced a collaboration with Marsh McLennan, the world's leading professional services firm in the areas of risk, strategy and people, to enable organizations around the world to improve their cyber resilience.
As part of the collaboration, Marsh McLennan's Cyber Risk Analytics Center will leverage SecurityScorecard's data and analytics to gain real-time cyber risk insights and define risk mitigation strategies for the Company's global client base. The companies will also collaborate on joint research aimed at increasing awareness of cyber risk and educating the market on risk management strategies.
"We are excited to work with Marsh McLennan, which understands that to stay competitive, you must stay innovative," said Prashant Pai, Senior Vice President and General Manager of Strategic Initiatives at SecurityScorecard. "Given how fast the cyber risk landscape evolves, it's essential that business leaders have access to the most up-to-date and complete view of a client's cybersecurity posture."
"Cyber risk evolves minute-to-minute, making it challenging to build data-driven risk management strategies,SecurityScorecard's data and analytics are a valuable addition to our proprietary insights, furthering our ability to help our clients stay on top of emerging vulnerabilities and threats that may impact their businesses."
Scott Stransky, Managing Director, Marsh McLennan Cyber Risk Analytics Center
SecurityScorecard continuously monitors millions of entities worldwide and non-intrusively assesses their security posture across 10 risk categories including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security and patching cadence.
Funded by world-class investors including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.
AI Spera | April 12, 2022
AI Spera announced Criminal IP, a new cybersecurity platform, today. Criminal IP is a total Cyber Threat Intelligence (CTI) search engine intended to identify potential vulnerabilities that threatening companies or individuals' IT assets. It also offers a new way to manage them comprehensively by allowing users to find results for malicious IP address, malicious domains, phishing sites, forged certificates, all IT assets, and other security related information immediately.
The company has been recruiting beta service testers and plans to operate beta service for three months from April 28. Testers pre-registering for beta service will be given a three-month free license and if testers participate in the service survey, they can receive an additional one-month free license as a reward.
Criminal IP visualizes all IT assets connected to the Internet based on IP addresses held by companies and individuals. This allows users to see the details of their assets at a glance, from DB servers, files servers, middleware servers, administrator servers as well malicious sites, and easily spot the assets exposed to the attack surface.
The solution also provides all possible information about domains in real time, including network logs, used programming technologies and security-related information, without having to directly access websites. Analyzing this information with AI/Machine learning technology, it shows an overall score of the domain and DGA (Domain Generation Algorithm) score in five stages (Critical, Dangerous, Moderate, Low, Safe) allowing users to determine and respond to threats.
Users can prevent security problems in advance by searching for vulnerabilities in IT assets and identifying cyber attackers' attack points for attack surface management purposes through Criminal IP data. In addition, everything that has happened to a particular IP address can be recorded like a criminal record to track malicious behavior of an IP address.
"Above all, this platform is the ultimate comprehensive solution that maximizes user's convenience by providing all CTI information distributed by different solutions in one place. In hopes that Criminal IP can be used in a variety of areas to defend against evolving cyber threats, including education and research, corporate security teams, white hackers, state agencies, and cybercrime investigations, we decided to operate free beta services to receive feedback on product improvement."
Byungtak Kang, CEO at AI Spera
Features and benefits of Criminal IP include:
providing a wide range of cyber threat information, including malicious IPs, C&C domains, various domain information, threat intelligence images and CVEs, which map IP& Domain scoring algorithms and various threat information based on big data on 4.2 billion IP addresses and billions of domain addresses worldwide
analyzing all possible details about domains including screenshots, domain category, whois information, used technologies, connected IP addresses, page redirections, certificates, network logs, cookies as well as interesting security-oriented features like possible malicious contents and replicated phishing domains with overall score of the domain and DGA (Domain Generation Algorithm) score
searching and updating global IP addresses and domains in 24/7 to extract applications and services in use, and provide information on security vulnerabilities of IT assets to enable real-time automatic attack surface management
offering straightforward search result based on a wide range of specific search filters so that users can conveniently access the right information they need
About AI Spera
AI Spera is a fast-growing company in the field of cyber threat intelligence. Based on AI and Machine Learning technology, the company focuses on detection of anomalies and data-oriented security solutions. The company supports as many corporates, security developers and researchers as possible to view the attack surface through the eyes of an attacker and provide various AI-based intelligence security solutions across industries including online games, financial, security and national institutions.
HUB Security | December 17, 2021
HUB Security, a secure computing solutions provider, announced today its Docker Digital Twin product to better protect, authenticate, and verify traffic created by Docker, a highly used platform for package containment.
The HUB Security Docker Digital Twin enforces access control and provides governance processes, such as approvals for sensitive actions, on incoming Docker traffic. It blocks attack vectors involving the loss or theft of credentials, vulnerabilities, and unauthorized access.
Docker creates virtual containers (called packages) that allow applications and their dependencies to run seamlessly on any operating system. It is used by some 55% of professional developers daily and is the leading solution for cloud-based SaaS platforms. It is also ubiquitous in large enterprises, financial institutions, and public clouds, as well as defense equipment, servers, and data centers. Docker packages, because of their extensive use, are often the target of cyber security threats from hackers.
"We want to create a seamless experience for our customers when it comes to security,Our new system enables multi-layered security processes for the entire compute stack with Docker being part of it. The solution is also future proof, meaning clients can rest assured for years that their systems are safe and secured."
Andrey Iaremenko, HUB Security's CTO
The Docker Digital Twin solution will be incorporated into existing HUB Security technology without changing existing operational controls and services. The product's complete remote update capabilities will provide full support for any and all Docker versions and security capabilities.
About HUB Security
HUB Security was established in 2017 by veterans of the 8200 and 81 elite intelligence units of the Israeli Defense Forces. The company specializes in unique Cyber Security solutions protecting sensitive commercial and government information. The company debuted an advanced encrypted computing solution aimed at preventing hostile intrusions at the hardware level while introducing a novel set of data theft prevention solutions. HUB operates in over 30 countries and provides innovative cybersecurity computing appliances as well as a wide range of cybersecurity professional services worldwide.
JFrog | May 27, 2022
JFrog Ltd. , the Liquid Software company and creators of the JFrog DevOps Platform, today unveiled new integrations for JFrog Xray with ServiceNow’s Lightstep Incident Response and Spoke products for IT Service Management. Available immediately, the JFrog Xray integrations with ServiceNow (NYSE: NOW) provide IT leaders with real-time insights on security vulnerabilities and compliance issues to quickly engage necessary team members from across the organization for more immediate response and remediation.
“Successfully securing the software supply chain at the speed of business is a team sport, requiring efficient, cross-team collaboration for timely security incident remediation. Our integration with ServiceNow aims to change the relationship between developers and the rest of the business, so they can maintain the speed and frequency of releases, while avoiding downtime and loss of trust from end customers."
Shlomi Ben Haim, Co-Founder and CEO, JFrog
The new integration enables IT teams to proactively address security issues before they become major concerns. The combination of JFrog Xray and ServiceNow delivers a robust software composition analysis (SCA) tool that can quickly scan binaries for vulnerabilities and license compliance issues, then share those insights with the appropriate parties across the organization. The JFrog Xray-ServiceNow solution is unique in that it helps DevOps engineers, site reliability engineers (SREs), IT system administrators, and others, more securely build, deploy, run, and monitor applications effortlessly, in a single view. It also enables real-time security alerts and insights with assigned actions across all the tools, people, and processes needed for timely resolution.
JFrog Xray & ServiceNow: Delivering Incident Response & Enterprise-wide Workflow Design for Security Incidents
Identifying and effectively responding to malicious attacks must transcend business units and operational functions. By improving real-time insight, collaboration, and communication amongst and between enterprise security and IT teams, the JFrog Xray-ServiceNow integrations ensure swift responses to emerging security threats.
The JFrog Xray integration with Lightstep Incident Response enables developers, SREs, and Security Administrators to:
Monitor, collect and respond to license compliance and security vulnerabilities impacting the software supply chain across all stages of the software development and release lifecycle.
Streamline vulnerability response by pulling-in the right team members across the organization for faster remediation.
The JFrog Xray Spoke for ServiceNow allows IT operations staff to:
Generate violation reports, create ‘ignore rules’, re-scan builds, add custom item properties, and more.
Automate workflows that meet audit demands and avoid penalties for improper use of code segments obtained from the open-source community.
Identify problems earlier in the application development pipeline and incorporate change management solutions.
For more information on the new JFrog Xray integrations for ServiceNow Lightstep Incident Response, read this blog or solution sheet. Further details on the JFrog Xray integration with Spoke can be found in this blog. You can also connect with JFrog and ServiceNow solution experts during swampUP 2022 taking place in San Diego, May 25 - 26, 2022. For more information and to register, visit https://swampup.jfrog.com/.
JFrog Ltd. , is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back.