Yesterday I wrote about some common Request for Proposal (RFP) pitfalls we have seen over the years at Trustwave. (part 1) Trustwave offers a wide range of services — from Managed Detection & Response (MDR), Managed SIEM services from Splunk, Qradar, and Microsoft Sentinel security testing, to complex red team engagements, so we‘ve seen numerous of styles and approaches in the format and presentation of the requests.
Implementing adequate software supply chain security is a challenging feat in 2023. Attackers are becoming more sophisticated, and the growing complexity of modern applications makes them difficult to defend. We’re talking microservices, multi-cloud environments, and complex workflows — all moving at the speed of business. To address these challenges, the Snyk team organized two roundtable discussions, one held in North America and the other in EMEA.
Unlimited Care Inc. is a home health company that offers help to patients in Westchester, New York, and surrounding locations. The company employs more than 2,500 people and has an annual revenue of more than $250 million. The organization recently suffered from a data attack that could have compromised a large number of company employees.
For media agencies and publishers, working with large files such as audio, images, and video is the norm. Individual files can reach several hundred gigabytes in size, each of which are components that will be imported into editing and design applications like Premiere Pro and InDesign to create final campaign assets.
When a major security event like SolarWinds or Log4j happens, how do you assess the impact across your third-party supply chain? Most organizations struggle to effectively react to zero day attacks and other critical vulnerabilities at scale, often following manual and cumbersome workflows. But our latest capability is here to change that.
A recent study found that financially material cyber attacks are increasing in frequency and that the top 5% of such attacks lead to an average $52M in losses. As these types of cyber attacks become more frequent and more severe, it has become increasingly critical for risk managers outside of enterprise security functions —such as compliance and credit officers—to consider cybersecurity risk in their assessment of customers, suppliers and investments.
Today we are announcing updates to the Bitsight ratings algorithm. Bitsight is committed to creating the most meaningful, trustworthy, and actionable security ratings and analytics in the marketplace. As part of this commitment, we periodically make updates to our ratings algorithm based on new data observations and capabilities, internal and external research, and market feedback. For this year’s update, we have made several adjustments, including modifying the weights of several risk vectors.
In 2011, Bitsight invented the security ratings industry. As the market leader, we are still the standard in how organizations quantify, manage, and monitor cyber risk. Today, that universal metric is used by entities from national governments to global enterprises to Fortune 500 companies to interpret cyber risk. And now, we’re disrupting the industry once again. Waves of change are constantly disrupting companies of all sizes around the world, particularly when it comes to cybersecurity.
Dave Krasik, Director of Product Management at ThreatQuotient, recently had a chance to speak with Ed Amoroso, CEO and founder of TAG Cyber, a leading cybersecurity advisory group, about the state of cybersecurity automation. They covered a lot of ground, and you can listen to the full interview here. Following are a few of the highlights.
