Risk - All Articles - CISO Platform2024-03-29T11:29:41Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/RiskEmbracing Innovation and Managing Cyber Riskshttps://www.cisoplatform.com/profiles/blogs/embracing-innovation-and-managing-cyber-risks2024-01-10T22:01:16.000Z2024-01-10T22:01:16.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12356694454?profile=RESIZE_400x&width=400"></div><div><p class="graf graf--p">I had a great discussion with Julian, from eChannelNEWS where we discussed the pivotal role of information dissemination and the construction of a fortified cybersecurity ecosystem. Of particular importance is the influence that AI will have on cybersecurity, both as a formidable weapon wielded by attackers and a powerful shield for defenders. CISOs will have an uphill battle in communicating security needs to higher echelons while grappling with scarce resources.</p><p class="graf graf--p">The full article and podcast video interview is available <a class="markup--anchor markup--p-anchor" href="https://www.e-channelnews.com/embracing-innovation-and-managing-risks-with-eclipz/" target="_blank">https://www.e-channelnews.com/embracing-innovation-and-managing-risks-with-eclipz/</a></p></div>Cybersecurity Insurance is Missing the Riskhttps://www.cisoplatform.com/profiles/blogs/cybersecurity-insurance-is-missing-the-risk2023-11-25T01:51:09.000Z2023-11-25T01:51:09.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12300627891?profile=RESIZE_400x&width=400"></div><div><p class="graf graf--p">First published by <a class="markup--anchor markup--p-anchor" href="https://www.helpnetsecurity.com/2023/08/25/cyber-insurance-industry" target="_blank">HelpNetSecurity</a> — Matthew Rosenquist</p><p class="graf graf--p">Cybersecurity insurance is a rapidly growing market, swelling from approximately $13B in 2022 to an estimated $84B in 2030 (26% CAGR), but insurers are struggling with quantifying the potential risks of offering this type of insurance.</p><p class="graf graf--p">The traditional actuary models do not apply well to an environment where highly motivated, creative, and intelligent attackers are dynamically pursuing actions that cause insurable events. Accurate estimation of losses is key to determining customer premiums. But even after two decades, there’s a wide range of loss ratios between insurers (-0.5% to 130.6%). The underwriting processes are not robust enough to properly estimate the losses and accurately price reasonable premiums.</p><h3 class="graf graf--h3">Why is the insurance industry struggling with this?</h3><p class="graf graf--p">The problem is with the nature of the threat. Cyber attackers escalate and adapt quickly, which undermines the historical-based models that insurance companies rely on. Attackers are continually shifting their maneuvers that identify victims, cause increasing loss, and rapidly shift to new areas of impact.</p><p class="graf graf--p">Denial of service attacks were once popular but were superseded by data breaches, which cause much more damage. Recently, attackers expanded their repertoire to include ransomware-style attacks that increased the insurable losses ever higher.</p><p class="graf graf--p">Trying to predict the cornerstone metrics for actuary modelers — the Annual Loss Expectancy and Annual Rate of Occurrence — with a high degree of accuracy is beyond the current capabilities of insurers. The industry currently conducts assessments for new clients to understand their cybersecurity posture to determine if they are insurable, what should be included/excluded from policies, and to calculate premiums. The current process is to weigh controls against best practices or peers to estimate the security posture of a policyholder.</p><p class="graf graf--p">However, these rudimentary practices are not delivering the necessary level of predictive accuracy.</p><p class="graf graf--p">The loss ratio for insurance firms has been volatile, in a world where getting the analysis wrong can be catastrophic. Variances and unpredictability make insurers nervous. At maximum, they want a 70% loss ratio to cover their payouts and expenses and, according to the National Association of Insurance Commissioners Report on the Cyber Insurance Market in 2021, nearly half of the top 20 insurers, representing 83% of the market, failed to achieve the desired loss ratio.</p><p class="graf graf--p">In response to failures to predict claims, insurers have been raising premiums to cover the risk gap. In Q4 2021 the renewals for premiums were up a staggering 34%. In Q4 2022 premiums continued to rise an additional 15%.</p><p class="graf graf--p">There are concerns that many customers will be priced out of the market and the insurance industry and left without a means of transferring risk. To the detriment of insurers, the companies may make their products so expensive that they undermine the tremendous market-growth opportunity. Additionally, upper limits for insurability and various exception clauses are being instituted, which diminish the overall value proposition for customers.</p><h3 class="graf graf--h3">The next generation of cyber insurance</h3><p class="graf graf--p">What is needed are better tools to predict cyber-attacks and estimate losses. The current army of insurance actuaries has not delivered, but there is hope. It comes from the cyber risk community that looks to manage these ambiguous and chaotic risks by avoiding and minimizing losses.</p><p class="graf graf--p">These cybersecurity experts are motivated by optimizing limited resources to prevent or quickly undermine attacks. As part of that continuous exercise, there are opportunities to apply best practices to the insurance model to identify the most relevant aspects that include defensive postures (technology, behaviors, and processes) and understanding the relevant threat actors (targets, capabilities, and methods) to determine the residual risks.</p><p class="graf graf--p">The goal would be to develop a unified standard for qualifying for cyber insurance that would adapt to the rapid changes in the cyber landscape. More accurate methodologies will improve assessments to reduce insurers’ ambiguity so they may competitively price their offerings.</p><p class="graf graf--p">In the future, such calculations will be continuous and showcase how a company will benefit by properly managing security in alignment with shifting threats. This should bring down overall premium costs.</p><p class="graf graf--p">The next generation of cyber insurance will rise on the foundations of new risk analysis methodologies to be more accurate and sustain the mutual benefits offered by the insurance industry.</p></div>Striking the Balance: Effective Cybersecurity Visualization for Informed Decision-Makinghttps://www.cisoplatform.com/profiles/blogs/striking-the-balance-effective-cybersecurity-visualization-for-in2023-10-20T00:59:43.000Z2023-10-20T00:59:43.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12260318298?profile=RESIZE_400x&width=400"></div><div><p class="graf graf--p">In the complex and ambiguous realm of cybersecurity, the power of visualization tools cannot be overstated. When employed judiciously, they serve as invaluable assets, offering crucial data in a readily comprehensible manner. Conversely, when inundated with superfluous information, these tools become distractions that obscure the very insights they aim to illuminate. In this sophisticated landscape, aesthetics must never overshadow utility, and focus on what truly matters remains important.</p><p class="graf graf--p">The underlying purpose of metrics and visualizations is the transformation of raw data into actionable information through astute analysis. The value of such information lies in its ability to drive decisions, even if the decision’s outcome is non-action. Any metric or visualization that fails to facilitate decision-making is, by definition, frivolous — an unproductive diversion that squanders valuable time.</p><p class="graf graf--p">Consider, for a moment, the stark, bare, and very industrial interiors of warships — a deliberate design choice. Such environments are purposefully devoid of distractions and embellishments, fostering an unwavering focus on the mission at hand, especially during moments of crisis. This approach, applied to cybersecurity visualizations, conveys only essential information, omitting extraneous elements that could mask critical issues or distract operators from their core objectives.</p><p class="graf graf--p">Regrettably, vendors often opt for entertainment over substance. One of the worst and most widespread offenses is the global attack map. These mesmerizing displays show a global map surface that often features streaks or lines representing near real-time attacks traversing geographic regions. They often captivate onlookers and are popular in the lobbies of security service companies as well as their products. However, they ultimately serve no practical purpose, offering no actionable insights. When a cybersecurity analyst witnesses a sudden surge of malicious packets emanating from a neighboring country, it won’t evoke any meaningful action. The notion of shutting down border connections or blocking vast ranges of IP addresses is absurd. Such visualizations, while perhaps impressive, are designed for marketing rather than operational utility. At the least, they are trivializing significant matters and at worst, they are distracting operators from activities that will initiate a specific response.</p><p class="graf graf--p">In contrast, a visualization that brings attention to a system that is actively being exploited, so an operator can isolate it from other assets and begin remediation, is far more useful, but less likely to impress onlookers.</p><p class="graf graf--p">The true potential of visualization in cybersecurity lies in its alignment with the needs of expert practitioners. They require a rapid synthesis of data presented in a way that is easy on the eyes and directs a laser focus on issues in need of urgent attention. Achieving the optimal balance necessitates a strategic approach, beginning with a clear understanding of the tactical objectives of operators and working backward to determine the most effective visualization methods. In this manner, we can ensure that our cybersecurity visualization tools serve as potent aids, enhancing our ability to make timely and informed decisions to safeguard critical systems in an increasingly complex digital landscape.</p></div>Cybersecurity is Approaching a Crisishttps://www.cisoplatform.com/profiles/blogs/cybersecurity-is-approaching-a-crisis2023-08-21T19:00:43.000Z2023-08-21T19:00:43.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12201693474?profile=RESIZE_400x&width=400"></div><div><p><iframe title="YouTube video player" src="https://www.youtube.com/embed/gL2NsL4_G1M" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="pw-post-body-paragraph lc ld fw le b lf lg lh li lj lk ll lm ln lo lp lq lr ls lt lu lv lw lx ly lz fp bj">Cybersecurity has a growing problem that will force an evolution in the industry — it must deliver more recognizable value!</p><p id="abb1" class="pw-post-body-paragraph lc ld fw le b lf lg lh li lj lk ll lm ln lo lp lq lr ls lt lu lv lw lx ly lz fp bj">Cybersecurity must re-envision itself to both protect and become an active contributor to the overarching business goals. Embracing this transformation is crucial for long-term success in the ever-changing cybersecurity landscape.</p><p class="pw-post-body-paragraph lc ld fw le b lf lg lh li lj lk ll lm ln lo lp lq lr ls lt lu lv lw lx ly lz fp bj"> </p><p class="pw-post-body-paragraph lc ld fw le b lf lg lh li lj lk ll lm ln lo lp lq lr ls lt lu lv lw lx ly lz fp bj">Like and subscribe! <a class="af ma" href="https://www.youtube.com/CybersecurityInsights" target="_blank">https://www.youtube.com/CybersecurityInsights</a><br />Follow me on LinkedIn <a class="af ma" href="https://www.linkedin.com/in/matthewrosenquist" target="_blank">https://www.linkedin.com/in/matthewrosenquist</a></p><p class="pw-post-body-paragraph lc ld fw le b lf lg lh li lj lk ll lm ln lo lp lq lr ls lt lu lv lw lx ly lz fp bj">Learn about the most pervasive cybersecurity mistakes in the LinkedIn Learning Course: “Five Biggest Mistakes of Cybersecurity Programs” <a class="af ma" href="https://www.linkedin.com/learning/five-biggest-mistakes-of-cybersecurity-programs/learn-from-others-mistakes" target="_blank">https://www.linkedin.com/learning/five-biggest-mistakes-of-cybersecurity-programs/learn-from-others-mistakes</a></p></div>Cybersecurity Meetup – 2023 Cybersecurity Predictionshttps://www.cisoplatform.com/profiles/blogs/cybersecurity-meetup-2023-cybersecurity-predictions2023-07-10T18:30:36.000Z2023-07-10T18:30:36.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12143851086?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/pxcTzzr47pM" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>Check the calendar as Richard Stiennon and I discuss the forward-looking cybersecurity predictions for 2023 and beyond! With several decades of knowledge and experience between us, we take a pragmatic look into the crystal ball.</p><p>Those who have an understanding of what is coming will have an advantage to deal with the risks and seize the opportunities.</p></div>Applying a Cybersecurity Threat Agent Risk Assessment to Healthcarehttps://www.cisoplatform.com/profiles/blogs/applying-a-cybersecurity-threat-agent-risk-assessment-to-healthca2023-07-07T23:52:47.000Z2023-07-07T23:52:47.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12131714075?profile=RESIZE_400x&width=400"></div><div><p>There are many approaches to conduct a strategic cybersecurity risks assessment. This is one of my favorite ways, using a Threat Agent Risk Assessment (TARA) methodology. </p><p>This paper was authored by Tim Casey, David Houlding, and I while we were at Intel. It showcases how to understand the origins of cybersecurity threats to an organization. The resulting knowledge can greatly improve the management of cyber risks!</p><p><span>I use the same approach when looking at digital risks in the </span><span class="editor-hashtag">#cryptocurrency</span><span> world!</span></p><p>The full Intel solution brief “<strong><em>Improving Healthcare Risk Assessments to Maximize Security Budgets</em></strong>” can be downloaded here:</p><p><a href="https://www.slideshare.net/MatthewRosenquist/improving-healthcare-risk-assessments-to-maximize-security-budgets">https://www.slideshare.net/MatthewRosenquist/improving-healthcare-risk-assessments-to-maximize-security-budgets</a></p></div>Password Reset Exposes Everyone’s Accounthttps://www.cisoplatform.com/profiles/blogs/password-reset-exposes-everyone-s-account2023-06-30T18:50:50.000Z2023-06-30T18:50:50.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12128628253?profile=RESIZE_400x&width=400"></div><div><p><a href="{{#staticFileLink}}12128627670,RESIZE_710x{{/staticFileLink}}"><img class="align-center" src="{{#staticFileLink}}12128627670,RESIZE_710x{{/staticFileLink}}" width="640" alt="12128627670?profile=RESIZE_710x" /></a></p><p>Ever wonder what kinds of things happen when good-intentioned people try to manage cybersecurity? Well, in this case, a <a href="https://techcrunch.com/2023/06/29/high-school-changes-every-students-password-to-chngeme/" target="_blank">High School in Illinois</a> responded to a system error by resetting every student’s password and then communicating it to all the parents. But instead of creating a unique password for each student, they decided the most efficient path would be to change everyone’s password to “Ch@ngeme!”. </p><p>Chaos ensued, as students were able to then access any other student's files, school emails, papers, and assignments. It exposed every student’s account to being hacked!</p><p>It was likely an honest mistake, rooted in naivete, but it is obvious that a cybersecurity professional was not part of this decision tree. It took a day after parents complained, and unique passwords will be issued, but the damage may already be done. </p><p>It does not matter if you are a top-tier critical infrastructure organization, a rural High School system, or a small-to-medium business, be sure to have cybersecurity professionals available when issues of access, security, privacy, or safety are involved.</p><p>File this incident under “that is not the way it is supposed to work”!</p><p> </p><p> </p></div>What is Perfect Cybersecurity?https://www.cisoplatform.com/profiles/blogs/what-is-perfect-cybersecurity2023-03-13T18:38:30.000Z2023-03-13T18:38:30.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10997024688?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/fdAHYzKKjkk" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">People often assume the goal of perfect cybersecurity is to be impervious to attack. That is not true! In fact, it is about an optimal balance between competing goals and limitations such as costs, user friction, and acceptable risks.</p><p class="graf graf--p graf--empty"> </p><p class="graf graf--p">Please click the Like button if you found this insightful and subscribe to the Cybersecurity Insights channel for more interviews, best-practices, rants, and strategic viewpoints. <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">https://www.youtube.com/c/CybersecurityInsights</a></p><p class="graf graf--p">Follow me on LinkedIn: <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/today/author/matthewrosenquist" target="_blank">https://www.linkedin.com/today/author/matthewrosenquist</a> <br />Medium: <a class="markup--anchor markup--p-anchor" href="https://medium.com/@matthew.rosenquist" target="_blank">https://medium.com/@matthew.rosenquist</a></p><p class="graf graf--p"> </p><p class="graf graf--p">To learn about some of the biggest failures in cybersecurity organizations, consider taking the LinkedIn Learning course: </p><h3 class="graf graf--h3"><span style="font-size:10pt;"><strong class="markup--strong markup--h3-strong">The Five Biggest Mistakes of Cybersecurity Programs</strong></span></h3><p class="graf graf--p"><a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/learning/five-biggest-mistakes-of-cybersecurity-programs/learn-from-others-mistakes" target="_blank">https://www.linkedin.com/learning/five-biggest-mistakes-of-cybersecurity-programs/learn-from-others-mistakes</a></p></div>Will Cyber PMCs Rise in 2023?https://www.cisoplatform.com/profiles/blogs/will-cyber-pmcs-rise-in-20232023-03-09T22:01:23.000Z2023-03-09T22:01:23.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/uUn1NWuP1P8" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p>
<p class="graf graf--p">One of my cybersecurity predictions for 2023 is the rise of cyber Private Military Companies (PMC) to specialize in cyberattacks.</p>
<p class="graf graf--p">One of the most famous PMCs currently in the news is the Russian Wagner group that is fighting for Russia on the ground against Ukraine. I predict by the end of 2023 we will see similarly formal organizations, fielding cyber warriors, to service the lucrative cyber-offensive market. The discipline, focus, and access to nation-state resources will make Cyber PMCs a serious threat to global cybersecurity.</p>
<p class="graf graf--p">So, get ready for cyber PMCs in the future!</p>
<p class="graf graf--p">You can find a full rundown of my 2023 Cybersecurity Predictions here: <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/watch?v=D210-ry7A4w&t=808s" target="_blank">https://www.youtube.com/watch?v=D210-ry7A4w&t=808s</a></p></div>Cyber Insurance Needs to Grow Uphttps://www.cisoplatform.com/profiles/blogs/cyber-insurance-needs-to-grow-up2023-02-27T20:36:28.000Z2023-02-27T20:36:28.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10973925095?profile=RESIZE_400x&width=400"></div><div><p><a href="{{#staticFileLink}}10973922862,RESIZE_1200x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}10973922862,RESIZE_710x{{/staticFileLink}}" width="710" alt="10973922862?profile=RESIZE_710x" /></a></p><p class="graf graf--p">You can’t insure, what you don’t understand.</p><p class="graf graf--p">The cybersecurity insurance industry is in a tumultuous period, with skyrocketing deductibles, new limitations, hidden assumptions, and suffering from a slew of lawsuits from customers. The market is hot, with many companies now seeking cyber insurance policies, but some insurers are pulling back because of unexpectedly high payouts leading to losses, while others are blindly diving in to get a piece of the action. The insurance industry has a reputation for being stable and predictable over time but has failed to grasp the ambiguity and unpredictable nature of cyber.</p><p class="graf graf--p">I will outline what it will take for insurance companies to succeed, but first, a story:</p><p class="graf graf--p">I remember, well over a decade ago, speaking to the insurance industry about the need and challenges for the emerging cybersecurity insurance market. I had just published my Return on Security Investment (ROSI) paper and annually recurring cybersecurity predictions. With a refreshed understanding of the difficulties in foretelling the risks and likelihoods of cyber-attacks, I warned the insurance community that their normal actuary methods would not work over time and they would need to approach the growing chaotic uncertainty and radical shifts, driven by the intelligent attackers who take advantage of rapid technology innovation and adoption, in entirely different ways.</p><p class="graf graf--p">I was summarily dismissed time and again with comments like “<em class="markup--em markup--p-em">you don’t know insurance</em>”, “<em class="markup--em markup--p-em">we are the experts</em>”, “<em class="markup--em markup--p-em">we do this type of work all the time</em>” and my favorite “<em class="markup--em markup--p-em">we have algorithms that can predict this type of activity</em>”.</p><p class="graf graf--p">WRONG!</p><p class="graf graf--p">Cybersecurity insurance has struggled with inconsistency and a high degree of variability — not the attributes that are conducive to the insurance industry. Only now are they realizing the challenges and their inability to get ahead of the problems. In December, Mario Greco the CEO of Zurich Insurance, one of Europe’s biggest insurance companies, <a class="markup--anchor markup--p-anchor" href="https://www.reinsurancene.ws/cyber-attacks-set-to-become-uninsurable-suggests-zurichs-greco/" target="_blank">stated that as cyber-attacks grow, they “will become uninsurable”.</a></p><p class="graf graf--p">Well, that is not exactly the truth. If the industry’s inability to predict losses continues, then yes, insurance companies will not be able to charge correct premiums that cover community losses. But, if they do get a better grasp, then they can run the business to properly insure against catastrophic events while simultaneously making a decent profit.</p><p class="graf graf--p">So, I am happy to see that some insurance companies are realizing they didn’t know, what they didn’t know, and are building specialized centers of excellence to better understand the nuances which make insuring against cybersecurity incidents so difficult. Liberty Mutual Insurance recently <a class="markup--anchor markup--p-anchor" href="https://www.libertymutualgroup.com/about-lm/news/articles/liberty-mutual-announces-creation-global-cyber-office-and-appointments-key-leaders" target="_blank">announced the opening of a Global Risks Solutions Cyber office</a>. Perhaps a decade late, but this is a necessary step.</p><p class="graf graf--p"><a href="{{#staticFileLink}}10973925253,original{{/staticFileLink}}"><img class="align-center" src="{{#staticFileLink}}10973925253,RESIZE_710x{{/staticFileLink}}" width="507" height="304" alt="10973925253?profile=RESIZE_710x" /></a></p><p class="graf graf--p">Now, my advice to you <em class="markup--em markup--p-em">(listen up cyber insurance companies)</em> is to bring in real cybersecurity experts!</p><p class="graf graf--p">No, you don’t have them in-house.</p><p class="graf graf--p">No, you cannot simply slap ‘cyber’ on the title of an actuary person or executive and expect them to understand the important nuances of cyber.</p><p class="graf graf--p">No, those guys in IT and Engineering are not cybersecurity experts either.</p><p class="graf graf--p">You need people who have actually been in the trenches, shown proficiency and thought leadership, and wear the scars earned over the years, with pride.</p><p class="graf graf--p">Here are your simple criteria: Find people that have a strong history of PREDICTING cybersecurity macro trends. That is the key to algorithmic foundations that integrate the right aspects of risk over time. That is what it will take to build a robust, fair, profitable, and competitive cybersecurity industry business that will superbly service customers over time.</p><p class="graf graf--p">The cybersecurity insurance industry must transform itself in order to survive. Success requires it shed legacy preconceptions and evolve its practices to adapt to the shifts that govern risks and losses in the cyber world.</p><p class="graf graf--p"> </p></div>2023 Cybersecurity Predictionshttps://www.cisoplatform.com/profiles/blogs/2023-cybersecurity-predictions2023-01-23T04:07:05.000Z2023-01-23T04:07:05.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10946861878?profile=RESIZE_400x&width=400"></div><div><p><iframe title="YouTube video player" src="https://www.youtube.com/embed/D210-ry7A4w" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">Cybersecurity will face serious problems in 2023 as the economics between attackers and defenders will drastically shift in favor of those who conduct attacks.</p><p class="graf graf--p">Take a look at my 2022 predictions as a reference: <a class="markup--anchor markup--p-anchor" href="https://medium.com/@matthew-rosenquist/top-10-cybersecurity-predictions-for-2022-5373839b3bd3" target="_blank">https://medium.com/@matthew-rosenquist/top-10-cybersecurity-predictions-for-2022-5373839b3bd3</a></p><p class="graf graf--p graf--empty"> </p><p class="graf graf--p">Subscribe to the Cybersecurity Insights channel where I post videos and interviews that detail the industry challenges and best practices. Cybersecurity Insights channel: <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">https://www.youtube.com/c/CybersecurityInsights</a></p></div>5 Biggest Mistakes of Cybersecurity Programs - Online Classhttps://www.cisoplatform.com/profiles/blogs/5-biggest-mistakes-of-cybersecurity-programs-online-class2022-12-02T22:58:10.000Z2022-12-02T22:58:10.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10898375491?profile=RESIZE_400x&width=400"></div><div><p><a href="{{#staticFileLink}}10898375680,RESIZE_1200x{{/staticFileLink}}"><img class="align-center" src="{{#staticFileLink}}10898375680,RESIZE_710x{{/staticFileLink}}" width="710" alt="10898375680?profile=RESIZE_710x" /></a></p><p style="font-weight:400;">Cybersecurity is one of the most important—and least talked-about—business issues today. But how can you prepare your organization against the threat of a devastating attack?</p><p style="font-weight:400;">In my new LinkedIn Learning class, I discuss the five biggest mistakes made by cybersecurity organizations, regardless of their size or stature, and how to manage risk more effectively to avoid costly blunders.</p><p style="font-weight:400;">Explore the power of learning from others’ mistakes to improve your ability to manage digital risk. Find out what happens with inexperienced leadership, deprioritized strategic thinking, failing to optimize for threats, insufficient organizational teamwork, and failing to maximize value. I bring over three decades of industry experience into this class and show how to manage risk more effectively by not committing these cardinal mistakes.</p><p style="font-weight:400;"><br />Check out the Five Biggest Mistakes of Cybersecurity Programs class: <a href="https://www.blogger.com/blog/post/edit/4285472926414358544/4817613018864303005#">https://linkedin-learning.pxf.io/JrEK0q </a></p></div>Cyber Security Sauna podcast - Matthew Rosenquist on why value is the cybersecurity blind spothttps://www.cisoplatform.com/profiles/blogs/cyber-security-sauna-podcast-matthew-rosenquist-on-why-value-is-t2022-09-13T18:10:01.000Z2022-09-13T18:10:01.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10811183889?profile=RESIZE_400x&width=400"></div><div><div><p><br />I had a great time talking with Mark Fletcher in the Cyber Security Sauna podcast, talking about why Value is the blind spot of cybersecurity and how we should maximize it!<br /> <br /><em>Fun fact</em>: we recorded this <a href="https://cybersecuritysauna.libsyn.com/sphere-session-matthew-rosenquist-on-why-value-is-the-cybersecurity-blindspot">podcast</a> in an actual sauna recording booth at <a href="https://thesphere.org/">SPHERE22</a>, the world’s first co-security unconference!</p></div><div> </div><div><p> <iframe style="border:none;" title="Libsyn Player" width="100%" height="90" scrolling="no" allowfullscreen=""></iframe></p></div><div><p>LISTEN TO THE PODCAST: <a href="https://cybersecuritysauna.libsyn.com/sphere-session-matthew-rosenquist-on-why-value-is-the-cybersecurity-blindspot">https://cybersecuritysauna.libsyn.com/sphere-session-matthew-rosenquist-on-why-value-is-the-cybersecurity-blindspot</a></p></div><div><p> </p></div></div>How Cybersecurity Risks Must Be Fixed to Build Trust in Technology Innovationhttps://www.cisoplatform.com/profiles/blogs/how-cybersecurity-risks-must-be-fixed-to-build-trust-in-technolog2022-04-28T17:14:17.000Z2022-04-28T17:14:17.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10446138261?profile=RESIZE_400x&width=400"></div><div><p class="graf graf--p">Thanks to <a class="markup--anchor markup--p-anchor" href="https://dynamicciso.com/the-future-of-cyber-security-and-digital-trust/" target="_blank">DynamicCISO</a> for a great discussion about the changing landscape of cybersecurity and how we must all adapt to drive trust into the global digital ecosystem. The key to our success is to think ahead and show leadership in managing innovation for our benefit.</p><p class="graf graf--p">Topics:</p><ul class="postList"><li class="graf graf--li">State of cybersecurity: Threat Landscape, Preparedness of Enterprises, and Solution Landscape</li><li class="graf graf--li">Countering threats who leverage technology innovation</li><li class="graf graf--li">Why trust in digital tech is the key to future innovation</li><li class="graf graf--li">How to improve the culture of cybersecurity</li><li class="graf graf--li">The future of cybercrime and emerging threats</li></ul><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/En-D1AxGGbM" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p></div>Cybersecurity Insights Video: Deficient Forethought for Digital Technology Risks with Alexander Steinhttps://www.cisoplatform.com/profiles/blogs/cybersecurity-insights-video-deficient-forethought-for-digital-te2021-12-29T22:40:21.000Z2021-12-29T22:40:21.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/9967229269?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/Ly7L1No5mmQ" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">Technology can be mesmerizing. We are all lured by the seemingly endlessly tantalizing stream of emerging technologies that promise to connect and enrich our lives. But there is a potential dark side. For every great innovative benefit, there are accompanying risks.</p><p class="graf graf--p">Technology risks are often ignored, to the detriment of users. Even with massive hacks and breaches, the general public has not learned to be more careful and proactive.</p><p class="graf graf--p">It is time to explore the risks we ignore in the technology we desire!</p><p class="graf graf--p">In today’s <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">Cybersecurity Insights podcast</a>, I am talking with Dr. Alexander Stein, an expert in human decision-making and behaviors involving cybersecurity vulnerabilities and the unintended consequences of technologies.</p><p class="graf graf--p">Dr. Stein highlights the systemic problem of trust in technology and breaks down many of the root behavioral challenges. He also provides some recommendations we all can apply to shift the technology and human interaction ecosystem, in a way that better manages technology risks.</p><p class="graf graf--p">Special thanks to this week’s guest, Dr Alexander Stein, whom you can follow on LinkedIn: <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/in/alexandersteinphd/" target="_blank">https://www.linkedin.com/in/alexandersteinphd/</a> and his website: <a class="markup--anchor markup--p-anchor" href="https://www.dolusadvisors.com/" target="_blank">https://www.dolusadvisors.com/</a></p><p class="graf graf--p">Please click the Like button if you found this insightful and subscribe to the Cybersecurity Insights channel for more interviews, best-practices, rants, and strategic viewpoints. <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">https://www.youtube.com/c/CybersecurityInsights</a></p><p class="graf graf--p">Follow me on:</p><ul class="postList"><li class="graf graf--li">LinkedIn: <a class="markup--anchor markup--li-anchor" href="https://www.linkedin.com/today/author/matthewrosenquist" target="_blank">https://www.linkedin.com/today/author/matthewrosenquist</a></li><li class="graf graf--li">Medium: <a class="markup--anchor markup--li-anchor" href="https://medium.com/@matthew.rosenquist" target="_blank">https://medium.com/@matthew.rosenquist</a></li><li class="graf graf--li">Twitter (@Matt_Rosenquist): <a class="markup--anchor markup--li-anchor" href="https://twitter.com/Matt_Rosenquist" target="_blank">https://twitter.com/Matt_Rosenquist</a></li></ul></div>Video Presentation: Why Cybersecurity is Not Fixed Yethttps://www.cisoplatform.com/profiles/blogs/video-presentation-why-cybersecurity-is-not-fixed-yet2021-12-03T19:13:55.000Z2021-12-03T19:13:55.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/9876805500?profile=RESIZE_400x&width=400"></div><div><p><iframe title="YouTube video player" src="https://www.youtube.com/embed/ktccJvjL8h4" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">I recently presented to a small group on why cybersecurity is becoming more difficult over time, despite all the money and effort that is being applied. Sharing a replay of the presentation where I discuss cybersecurity history, root causes, shifting landscapes, persistent mistakes, industry struggles, attacker’s advantage, how the worst is still to come, and show a framework that has some merit for future optimization.</p><h3 class="graf graf--h3">Chapters are listed below, for easier navigation</h3><ul class="postList"><li class="graf graf--li">00:00 Talking about my background (boring! — skip this)</li><li class="graf graf--li">01:31 Root causes of cybersecurity</li><li class="graf graf--li">02:17 History of the changing landscape</li><li class="graf graf--li">03:33 Chain reaction cycle</li><li class="graf graf--li">04:01 Big data factors</li><li class="graf graf--li">06:05 Tech convergence</li><li class="graf graf--li">06:52 Technology is just a tool</li><li class="graf graf--li">07:53 Cybersecurity impacts on the physical world</li><li class="graf graf--li">10:07 Industry struggles</li><li class="graf graf--li">11:38 Technology scales and so do risks</li><li class="graf graf--li">13:04 Attacker’s advantage</li><li class="graf graf--li">15:08 Cause and effect cycles</li><li class="graf graf--li">16:13 Dante’s Inferno of impacts</li><li class="graf graf--li">18:06 Obstacles versus opposition</li><li class="graf graf--li">20:05 Required Sun Tzu quote</li><li class="graf graf--li">20:25 Strategic cybersecurity framework</li></ul><p class="graf graf--p">I put out a new video about every week on various cybersecurity topics, risks, ideas, events and best practices. If you like these cybersecurity videos and are interested in more cybersecurity insights, rants, and strategic viewpoints, please click the Like button and Subscribe to the Cybersecurity Insights channel! <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">https://www.youtube.com/c/CybersecurityInsights</a></p><h3 class="graf graf--h3">Follow me on:</h3><ul class="postList"><li class="graf graf--li">LinkedIn: <a class="markup--anchor markup--li-anchor" href="https://www.linkedin.com/today/author/matthewrosenquist" target="_blank">https://www.linkedin.com/today/author/matthewrosenquist</a></li><li class="graf graf--li">Medium: <a class="markup--anchor markup--li-anchor" href="https://medium.com/@matthew.rosenquist" target="_blank">https://medium.com/@matthew.rosenquist</a></li><li class="graf graf--li">Twitter (@Matt_Rosenquist): <a class="markup--anchor markup--li-anchor" href="https://twitter.com/Matt_Rosenquist" target="_blank">https://twitter.com/Matt_Rosenquist</a></li></ul></div>Video - Cybersecurity Value and Metrics with Gavin Groundshttps://www.cisoplatform.com/profiles/blogs/video-cybersecurity-value-and-metrics-with-gavin-grounds2021-10-27T17:41:18.000Z2021-10-27T17:41:18.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/9741846254?profile=RESIZE_400x&width=400"></div><div><p><iframe title="YouTube video player" src="https://www.youtube.com/embed/YXM8_kOcDPE" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">Measuring the true value of cybersecurity with Gavin Grounds, Executive Director of Information Risk Management and Cybersecurity Strategy at Verizon. Listen as we explore the benefit of security metrics that effectively quantify risk and how to best manage them.</p><p class="graf graf--p">This is the first in a two-part series from <a class="markup--anchor markup--p-anchor" href="https://www.blogger.com/blog/post/edit/4285472926414358544/1173798098418646738#" target="_blank">The Cybersecurity Vault channel</a> (<a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/channel/UCwyi1gfiJ-MNbNIOuqQx59w" target="_blank">https://www.youtube.com/channel/UCwyi1gfiJ-MNbNIOuqQx59w</a>)</p></div>Hiring Desperation May Create Cybersecurity Riskshttps://www.cisoplatform.com/profiles/blogs/hiring-desperation-may-create-cybersecurity-risks2021-09-18T04:44:26.000Z2021-09-18T04:44:26.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/9578929660?profile=RESIZE_400x&width=400"></div><div><p><a href="{{#staticFileLink}}9578929464,RESIZE_1200x{{/staticFileLink}}"><img class="align-center" src="{{#staticFileLink}}9578929464,RESIZE_710x{{/staticFileLink}}" width="710" alt="9578929464?profile=RESIZE_710x" /></a></p><p>With 11 million job openings in the U.S., the most ever, how desperate will organizations be to hire personnel? I am concerned that cybersecurity risks of insiders will increase if processes for proper vetting and background checks become lax for new-hires.<br /> <br /> I suggest my fellow Chief Information Security Officers (CISO’s) have a discussion with the head of their Human Resources to understand if the cyber risks are going to increase in the organization due to more 'flexible' hiring practices.</p></div>2 Biggest Factors Driving the Future of Cybersecurityhttps://www.cisoplatform.com/profiles/blogs/2-biggest-factors-driving-the-future-of-cybersecurity2021-06-08T01:03:36.000Z2021-06-08T01:03:36.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/9052989654?profile=RESIZE_400x&width=400"></div><div><p>Cybersecurity can appear random and chaotic, but there are basic fundamentals that drive the course of cyberattacks. </p><p style="text-align:center;"> <iframe title="YouTube video player" src="https://www.youtube.com/embed/jFNOGf7vYUY" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>In today’s video, I dive into the two biggest factors that shape cybersecurity risks, attacks, and what drives the direction of the security industry. </p><p> </p><p>Understanding the basic underpinnings provides insights into where the next attacks will focus and what will be targeted. They highlight the importance of understanding the people behind the attacks and the opportunities they pursue. </p><p> </p><p> </p><p>Thanks for watching. Let’s communicate and collaborate together -- that is how we make cybersecurity strong in protecting the global digital ecosystem.</p><p>I put out a new video about every week on various cybersecurity topics, risks, ideas, events, and best practices. If you like these cybersecurity videos and are interested in more cybersecurity insights, rants, and strategic viewpoints, please click the Like button and Subscribe to the Cybersecurity Insights channel! <a href="https://www.youtube.com/c/CybersecurityInsights">https://www.youtube.com/c/CybersecurityInsights</a></p></div>Cybersecurity is Not Reaching its Full Potentialhttps://www.cisoplatform.com/profiles/blogs/cybersecurity-is-not-reaching-its-full-potential2021-04-22T21:54:51.000Z2021-04-22T21:54:51.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/8824485489?profile=RESIZE_400x&width=400"></div><div><p>Cybersecurity has evolved with the rapid rise of digital transformation, becoming a crucial element of trust for products and services. No longer just a function of preventing impacts and meeting regulatory requirements, cybersecurity is emerging as a cornerstone for future enhancement of user-experiences, compelling features, and growth into new fields.</p><h1>Wherever there are Risks, there are also Opportunities</h1><p>I’ve been collaborating with <a href="https://www.altmansolon.com/our-people/ben-matthews/">Ben Matthews</a> and <a href="https://www.altmansolon.com/our-people/michael-gurau/">Michael Gurau</a> from <a href="https://www.altmansolon.com/">Altman Solon</a>, a leading Tech, Media, and Telecom consulting firm, to highlight how cybersecurity can be optimized to manage the risks-of-loss but also how it can contribute to emerging business opportunities for organizations. They are looking to help their clients improve their risk strategy and understand how to seize business advantages.</p><p>If the security leadership, C-suites, and Boards are not thinking about how cybersecurity can bring opportunities to the business, they are behind the curve.</p><p>Cybersecurity is a leverage point for competitive advantages in the digital world. Those who look at the opportunities, in addition to the risk mitigation aspects, will have a strategic advantage.</p><p>We have seen examples across privacy, security, and safety that showcase how consumer's trust and loyalty are affected by cybersecurity incidents. Abandonment, delays in adoption, and resistance to new offerings are becoming more common. That opens the door to competition or reinforces the position of organizations that proactively act to preserve customer’s trust.</p><h1>Competition is Knocking and Security is Pivotal</h1><p>Industries are evolving rapidly over time through technical innovation and exploring new markets. This can introduce challengers to the market leaders and raise the expectations of customers that result in a shift of market-share.</p><p>Cybersecurity is a growing differentiator. As an example, the recent digitization of patient records and integration of health-related devices, which gather tremendous amounts of data, has given rise to the idea of healthcare data exchanges. Such exchanges are working feverishly to secure data and reinforce trust in the aggregated design to abate fears from patients and concerns from regulatory authorities. Conversely, decentralized healthcare initiatives are making security, privacy, and portability the major talking points in their models to compete with those exchanges, highlighting weaknesses in centralized architectures. </p><p>Changes are occurring across all sectors, with financial, telecommunications, healthcare, technology, automotive, online services, retail, manufacturing, government, and national critical infrastructures moving first.</p><h1>Cybersecurity Relevance</h1><p>The core elements of cybersecurity, being security, privacy, and safety, are powerful narratives and are becoming more prominent for organizations to showcase their leadership. </p><p>It is estimated that between 60% and 90% of SMB go out of business after a major cyberattack. Where do those customers go? -- to vendors and suppliers who are more trustworthy, have deployed extra robust security in their offerings, are better prepared to respond to incidents, and are leaning forward to mitigate future risks. They differentiate themselves by showing cybersecurity savvy, maturity, and thought-leadership in their sector.</p><p>Cybersecurity, cyber-ethics, and operational excellence will be the hallmarks of trust in our future digital world. </p><h1>Cybersecurity Leadership</h1><p>Right now, not many companies are ready to take advantage of such market-shifting opportunities, nor are they investing properly to protect the share they currently hold.</p><p>That is changing. Those who are not keeping up with their competitors will find themselves on the short end of the stick. Cyber savvy boards are realizing the potential advantages and some are already exploring how best to both protect and advance the bottom line with better security and through reinforced trust. And, insurance alone does not deliver. It takes adaptation of the business to build longstanding loyalty and seize moments of opportunity.</p><p>It is time for the cybersecurity industry to start discussing the trajectory of how it is crucial in managing the risks and enabling opportunities for the business. In the coming years, every successful CISO will be talking about how they can empower the greater success of the organization.</p><p> </p><p>The full Altman Solmon infographic deck and more information is available at: <em><u><a href="https://www.altmansolon.com/insights/new-global-threats-create-risk-opportunity-in-fragmented-cybersecurity-markets/">https://www.altmansolon.com/insights/new-global-threats-create-risk-opportunity-in-fragmented-cybersecurity-markets/</a></u></em></p></div>Why and how the job description of CISO is changinghttps://www.cisoplatform.com/profiles/blogs/why-and-how-the-job-description-of-ciso-is-changing2013-12-20T15:00:00.000Z2013-12-20T15:00:00.000ZAnubhav Bathlahttps://www.cisoplatform.com/members/AnubhavBathla6<div><p>These are some common topics when we talk about CISOs role in an organization</p><p>As per my view CISO position is making a comeback, but if not placed right…… it can be just a position in any organization. I believe CISO should directly report to either the CEO or the CRO (highest Risk officer) instead to any other level.</p><p>This is a debatable and has been a hot topic to talk and discuss, there is an interesting trend seen in this segment of chief information security officers (CISOs). More and more we see companies beginning to create this role within their organization or increase the power associated with the position.</p><p>The goal is to equip CISOs with the ability to enforce change, with responsibilities that range from incident response, to IT compliance, to customer data privacy….</p><p>In today’s world privacy and compliance demands are on their shoulders but the big question is do we really understand infosecurity’s value and the lack of quantifiable risk metrics.</p><p>The demand for effective risk management is increasing with other factors and that can put the CISO role on the endangered species list and If you want to survive and thrive in this new environment, you’ll have to grasp what the successful CISO brings to the table.</p><p>(Read more: <b><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/profiles/blogs/top-technologies-solutions-available-for-byod-security"><span style="color:#3366ff;">Under the hood of Top 4 BYOD Security Technologies: Pros & Cons</span></a></span>)<br /></b></p><p>Here are some tips :-</p><p><strong>Shed the Conventional you</strong></p><p>In past, career has been mired in IT, systems and networking security. we identify exposure, and deploy solutions. That’s how we provide value. we build the walls and guard the organization.</p><p>All of a sudden, it has become a commodity like everything else. All the things we did–have migrated to IT.</p><p>Until now, we have highlighted a need and got resource to respond from the management. But that’s not good enough There’s no point in shouting, “There is a Risk,Risk,Risk” when management is “Taking” the budget.</p><p>Our Role now goes well beyond mitigating Risk–it’s to enhance shareholder value by protecting your company’s market share, revenue and brand.</p><p>To win management support for IT Security, we got to demonstrate how we prioritized, present and priced risk. As each new project has–relocation overseas, online payment, wireless infrastructure–we need to identify, analyze and evaluate the risks, measure the costs of securing the services with real numbers and present viable options.</p><p>This information will help our management team to decide how to allocate resources and will prove your value to the company.</p><p><b>Talk to the CFO</b><br /> Now do you know your value, think about how a CFO defines value. He thinks of the revenue, ROI; he thinks about liquidity. As the CISO, you need to adopt this methodology and look at the relationship between risk exposures and the value of company assets, revenue and liquidity.</p><p>( Read more: <b><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/profiles/blogs/how-should-a-ciso-define-the-requirement-for-solutions-for-byod-s"><span style="color:#3366ff;">BYOD Security: From Defining the Requirements to Choosing a Vendor</span></a></span> )</b></p><p><b>Focus on what’s necessary to your company</b><br /> Talk to the management, listen to what your CEO is saying. If you’re repeatedly hearing about the importance of protecting market share of the company’s product, Quickly learn if the responsible managers are more interested in reducing the cost of managing risk or mitigating exposure.</p><p><b>Vision the Big picture</b><br /> As CISO, you’re in a unique position to see and deal with the big picture, and to see the greatest risks.</p><p>an example where management says online sales is the most important activity. To you, this should become the lot more important than in less or low critical business of the organization.</p><p>if 90 percent of your online customers are located in one geography, the risk is magnified. If all your divisions rely on a shared or managed IT service that’s highly concentrated, your entire business hinges on its security.</p><p>You can provide a high-level perspective of the organization’s interdependencies and areas of concentration that other departments don’t have as they don’t have access to all the information or they can’t vision the big picture. They will value your opinion</p><p><strong>Talk to the chief risk officer (CRO)</strong></p><p>Look at your company’s risk professionals: the CRO, a head of compliance, corporate legal counsel, etc.</p><p>The power is with the chief risk officer (CRO). The CRO has authority and a structured way to manage risk. You must meet the CRO and apply proper industry-accepted methodologies.</p><p>For instance, if the CRO says, “My priority is increasing premiums and reducing insurance coverage,” this means that the company isn’t paying the increased premium (which translates into greater exposure) and that the company must be more aggressive in its loss control and loss prevention programs. So, when the CRO says to you, “You guys are dealing with IT security problems and you want millions of dollars to solve them. What’s your rationale?” you can make your case based on what it will take to control and reduce those costs based on the data you’ve collected on operational loss.</p><p>( Watch more : <b><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/video/top-myths-of-ipv-6-security"><span style="color:#3366ff;">Top Myths of IPV-6 Security</span></a></span> )</b></p><p><b>Focus your organization</b><br /> If you’re going to deliver the data, analysis and modeling that your new role requires, you’re not the only one that has to change. Your organization may need to realign departments–and that might require some radical thinking.</p><p>Information Security roles and responsibilities that have become main–such as operations, policy creation and enforcement–should be considered for migration and delegation</p><p>You may have to relook your organization’s skills to support more analytical thinking and promote a greater awareness of operational risk management. Gauge the level of expertise and what kind of modeling capability the organization has so you can budget for the kind of technically savvy people you’ll need.</p><p>Shifting and adding resources is never quick. Plan on phasing in new resources over several years, in accordance with the change demands to disperse the cost.</p><p><b>Drive change</b><br /> What if your organization doesn’t have a mature risk management culture? The overwhelmed two-person legal staff moves from problem to problem in crisis mode. The risk management group is a one manager who’s clueless about the broader concept of risk management. </p><p>If you’re going to make a difference as a CISO in this environment, you have a day job and a night job.</p><p>The night job is strategic: getting this community of disjointed disciplines, roles and expertise to work together in small ways.</p><p>The day job is to prioritize what’s most important to the business and apply the appropriate security. Choose what generates the most revenue, or what the company has on its radar for the next five years. You need to secure that piece of the corporate world, working through the risk management model and working closely with the appropriate stakeholders .</p><p>( More: <b><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/main/authorization/signUp"><span style="color:#3366ff;">Join the community of 1400+ Chief Information Security Officers.</span></a></span><span style="color:#3366ff;"> <a href="http://www.cisoplatform.com/main/authorization/signUp"><span style="color:#3366ff;">Click here</span></a></span>)</b></p><p>Be nimble. Step into this new role while keeping a foot in the old. Delegate the technical responsibilities–infrastructure support, network support–while still providing guidance and oversight. Develop a strategy for an overall architecture. You may not be able to execute yet, but know where you want to go.</p></div>11 Ways To Measure The Effectiveness Of Your Identity & Access Management (IAM) Solutionhttps://www.cisoplatform.com/profiles/blogs/11-measure-effectiveness-identity-access-management-solution2016-02-12T11:30:00.000Z2016-02-12T11:30:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>Identity Access Management (IAM) is a set of business policies, framework and processes which ensures the right person has access to the right asset/resources. Identity Access Management solutions can deliver intangible benefits that are revenue increasing and other tangible benefits that are cost reducing.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/11-measure-effectiveness-identity-access-management-solution" target="_blank"><img width="750" src="{{#staticFileLink}}8669805287,original{{/staticFileLink}}" class="align-full" alt="8669805287?profile=original" /></a></p>
<p></p>
<p>Here are <strong>11 Ways To Measure The Effectiveness of your Identity Access Management (IAM)</strong> solution:</p>
<ul>
<li><strong>Average number of distinct accounts (credentials) per user:</strong> <br /> Generally an organisation has multiple number of accounts per user. <span>Identity Access Management (IAM)</span> solutions can help organisations to reduce this number close to one using their <strong>SSO (Single Sign on) functionality</strong>.</li>
<li><strong>Number of unused accounts:</strong><br /> Identity Access Management(IAM) solution can also help in <strong>reducing the number of unused/uncorrelated accounts</strong>. Uncorrelated accounts are the accounts which don’t have any owners and they come into picture because of promotions, transfers, and termination of workforce. These uncorrelated accounts can create risk for the companies if being hijacked by outsiders.</li>
</ul>
<ul>
<li><strong>Number of orphaned accounts:</strong> <br /> These are the privileged accounts without an owner. For an effective <span>Identity Access Management (IAM)</span> solution, this metric should come down.<br /> <br /> ( Read more: <a href="http://www.cisoplatform.com/profiles/blogs/10-questions-to-ask-before-you-start-your-bug-bounty-program"><b>10 questions to ask before you start your Bug Bounty program…</b></a><b> )<br /></b></li>
</ul>
<p></p>
<ul>
<li><strong>Number of new accounts provisioned:</strong> <br /> Number of new accounts provisioned should be equal to the number of new joinees. If there is a significant difference between these two numbers then it indicates that your IAM solution is not effective to give correct identity data.</li>
</ul>
<ul>
<li><strong>Number of exceptions per access re-certification cycle:</strong> <br /> Exceptions means when the user is assigned the rights he/she should not be given. High number of exceptions can be because of poor identity data or access process problem (persons requesting re-certification do not have all the information required).</li>
</ul>
<ul>
<li><strong>Password policy effectiveness:</strong> <br /> To measure the effectiveness of your IAM solution you can check the password reset data for a period say one month. With an effective Identity Access Management (IAM) solution this volume of data should tend to go down. If it does not, then there may be some issues with the password policies and management of your organisation.</li>
</ul>
<ul>
<li><strong>Average time to provision and de-provision of a user:</strong><br /> For an effective Identity Access Management (IAM) solution, this metric should come down.Most of the time, if someone is not getting the timely access, then there are backend processes responsible for that. This gives you an indication that you should work on your business processes.</li>
</ul>
<ul>
<li><strong>Average time to provide an authorization</strong> <br /> For an effective <span>Identity Access Management (IAM)</span> solution, this metric should come down.This metric can provide insight into the efficiency of an organization's approval processes.Knowing the time taken can help to resolve the bottlenecks and help in improving out dated processes.<br /> <br /><p>( <span id="docs-internal-guid-7e7ed265-3703-c3c7-56c8-9c6e568323f4"><span>Read More:</span> <a href="http://www.cisoplatform.com/profiles/blogs/checklist-to-assess-effectiveness-of-vulnerability-management">Checklist To Assess The Effectiveness Of Your Vulnerability Management Program</a></span><b> )<br /> <br /> <br /></b></p>
</li>
</ul>
<ul>
<li><strong>Average time to make changes in identity policies:</strong><br /> For an effective Identity Access Management (IAM) solution, this metric should come down as IAM solutions <strong>can aid centralization of policies</strong>. So changes are faster compared to traditional ways. Organisation wide changes can be made easily.</li>
</ul>
<ul>
<li><strong>Violation of separation of duties:</strong><br /> For an effective <span>Identity Access Management (IAM)</span> solution, this metric should come down.The organization should implement preventive controls to monitor these violations, report them and orchestrate their remediation.</li>
</ul>
<ul>
<li><strong>Reduced identity management cost</strong><br /> For an effective Identity Access Management (IAM) solution, this cost of managing the large amount of identity store should come down. An effective IAM solution will provide the capability to expand the organization’s people and IT resources without increasing the IT staff.</li>
</ul>
<p></p>
<p>More: <a href="http://www.cisoplatform.com/main/authorization/signUp"><b> </b><b>Join the community of 3000+ Chief Information Security Officers.</b></a><b> </b> <a href="http://www.cisoplatform.com/main/authorization/signUp"><b>Click here</b></a></p>
<p></p></div>Aligning security objectives with business objectiveshttps://www.cisoplatform.com/profiles/blogs/aligning-security-objectives-with-business-objectives2016-09-01T06:30:00.000Z2016-09-01T06:30:00.000ZSyed Azherhttps://www.cisoplatform.com/members/SyedAzher<div><p style="text-align:left;"></p><p style="text-align:left;">This is about developing information security master plan, the concept is the fact that when you develop a plan you begin by starting risk assessment, not a risk assessment from security stand point but from a business standpoint. You go through that process by interviewing various executive getting their input and understand what they believe are the risks that the business is exposed to. Then you take that way and evaluated risk and see what you can do to develop a plan to mitigating those risk, sometime the plan requires disciplines outside of security which you can’t ignore and you make sure you adopt total business approach and also involve other groups such as HR, IT, marketing/business areas.</p><p style="text-align:left;"></p><p dir="ltr"><span>( Read More:</span> <span><a href="http://www.cisoplatform.com/profiles/blogs/5-tips-evaluate-readiness-implementing-data-loss-prevention-dlp">5 Tips To Evaluate Your Readiness Before Implementing Data Loss Prevention (DLP) Solution</a> )</span></p><p dir="ltr"></p><p style="text-align:left;">It is important to put together a total plan and then you go back to executive.Present to them how you might mitigate those risk and in some case, you might be able to eliminate but usually can eliminate risk by outsourcing particular issue to somebody else. At least you should develop a plan and based on that you can define cost vs benefit involved.</p><p style="text-align:left;">You should always do a master plan of 12-18 months or as frequently as you do your business plan and based on the priority you can split the cost on the year to year or month by month basis. The key important aspect is to tie the plan to the risk and demonstrate how your spending is reducing the risk. By doing that you are not just getting management to approve the expenditure of the money, you are getting them to approve reduction of risk, which something they understand much better than addressing by technology needs (e.g. asking to by security camera for data center or adding DLP technology).</p><p style="text-align:left;">It is important to have annual risk analysis conducted before your budget cycle so that if there are any new risks identified, you have time to put together a plan to address that. If there are no new risks at least you are reminding the executive that why you are spending the money.</p><p style="text-align:left;"></p><p dir="ltr"><span>( Read More:</span> <span><a href="http://www.cisoplatform.com/profiles/blogs/top-it-security-conferences-in-the-world">Top IT Security Conferences In The World</a> )</span></p><p dir="ltr"></p><p dir="ltr"><em>What are your thoughts on Aligning Security Objectives with Business Objectives? Share in comments below</em></p><p dir="ltr"></p></div>How to Manage Security & Third Party/Open Source Code in the SDLChttps://www.cisoplatform.com/profiles/blogs/how-to-manage-security-amp-third-party-open-source-code-in-the2019-08-15T14:00:00.000Z2019-08-15T14:00:00.000ZDrew Brownhttps://www.cisoplatform.com/members/DrewBrown<div><p><span style="font-size:14pt;">Background:</span><br />It has been suggested that any new development will include less than 1% original code. If this isn’t presently true, it will likely be as time progresses.<br /> <br /> With any security program, the goal is to identify the vulnerabilities, the related risks, mitigations or compensating controls that can be implemented. With the volume of development including libraries and binaries from third-party/open source repositories like: Git-Hub, stackify, or Microsoft, different steps and processes need to be implemented to ensure system and data owners are aware of the risks related to any system.<br /> <br /> Using third-party code can greatly accelerate application development, however it brings with it a certain amount of risk. Some of these can be mitigated, however, modifying third-party code may likely be outside your organization’s capabilities. Those risks need to be properly documented either as part of the overall risk assessment or separately. With this in view, you can have a risk discussion or multiple discussions about what risks are to be accepted, avoided, mitigated or transferred, based on the risk owner’s risk appetite for your organization.<br /> <br /> A third-party script might have unintended consequences, like overwriting your variables. Also, many tracking scripts don't sanitize data properly which would allow attackers to inject malicious code.<br /> <br /> Additionally, some third-party scripts still use non-secure HTTP. This can let attackers capture user's information, and it can cause security warnings that can scare away users on secure pages. Third-party scripts often load other third-party scripts of their own. When the third-party scripts you trust bring in scripts you don't expect, this multiplies the potential for all of the security and privacy risks mentioned thus far.<br /> <br /> This is just a sampling of risks that can be introduced to an application so it is important to get your security team involved early in the SDLC.</p><p></p><p><span style="font-size:14pt;">Assumptions:</span><br /> <br /> tools - Your organization has some or all of the tools described below in place. In short, your organization should be doing both static application security scans (SAST), dynamic application security scans (DAST), operating system (OS) scans, and architectural reviews using some threat modeling methodology like STRIDE, PASTA, or VAST. Note that in no way should this document be considered an endorsement of any specific product over another. Specific products are listed as examples only.<br /> <br /> SDLC - You have a documented secure System (or software) Development Life Cycle (SDLC) plan and policy, from feasibility study and planning to maintenance, must include security at every stage/phase of a software development project. Security should be incorporated in the earliest steps of your SDLC regardless of development model, and must be part of the implementation/development or coding phase. It is also possible, but less desirable to complete these during a latter phase such as maintenance or continual service improvement phase of your SDLC due to cost.<br /> <br /> Risk - You have risk appetite statements and a risk register for your organization, or specifically the data owner. Your organization should have clear requirements documented regarding remediation documentation and timelines for the risk taxonomy (Critical, High, Medium, Low, etc.) you use. The National Institute of Standards & Technology (NIST) has a risk management framework (RMF) that is very useful if you are new to risk.</p><p></p><p><span style="font-size:14pt;">Basic 5-Step Process:</span><br /> <br /> 1. Secure Architecture Review: Review the architecture to be sure it is working in your favor<br /> 2. SAST: Statically scan the code for vulnerabilities<br /> 3. DAST: Scan the code dynamically for vulnerabilities<br /> 4. Infrastructure Vulnerability Assessment: Scan the platform for OS and configuration vulnerabilities.<br /> 5. Risk Assessment: Conduct a risk analysis based on the data owner’s requirements or the framework your organization has implemented.<br /> <br /> Depending on the tools in use by your organization you may be able to run the scans (SAST/DAST/OS) and architecture review in parallel. This may or may not be advantageous. That is, you may want the opportunity to build the process out so specific tasks are sequenced and vulnerabilities are filtered and reported to the various staff/teams that have operational responsibility for mitigating vulnerabilities.<br /> <br /> Below is an outline of how to inject your security tools into the software development cycle. Your organization and your business process may differ substantially, so treat this as a guide, not a framework.</p><p></p><p><span style="font-size:14pt;">Detail of the Process:</span><br /> <br /> <strong>Architecture Review</strong><br /> This is either the initial design process in the early stages of the SDLC or a review of the design.<br /> Architecture findings are related to the data flow diagram. How does the data including authentication/authorization, move through your application?<br /> <br /> <strong>Threat modeling</strong><br /> . MS TMT & STRIDE <a href="https://en.wikipedia.org/wiki/STRIDE_">https://en.wikipedia.org/wiki/STRIDE_</a>(security)<br /> . MS TMT 2016 <a href="https://www.microsoft.com/en-us/download/details.aspx?id=49168">https://www.microsoft.com/en-us/download/details.aspx?id=49168</a><br /> . <a href="https://docs.microsoft.com/en-us/azure/security/azure-security-threat-modeling-tool">https://docs.microsoft.com/en-us/azure/security/azure-security-threat-modeling-tool</a> (based on VAST)<br /> . OWASP Threat Dragon <a href="https://threatdragon.org/login">https://threatdragon.org/login</a><br /> <br /> Create the data flow diagram – the System Owner, or system architect should be able to provide at least the high-level flow, if not the details.<br /> <br /> Let the threat modeling tool help guide the conversation about what is/not in place, and/or what could or should be in place to secure the data. All of this is based on the data in use, it’s sensitivity and the risk appetite of the business.<br /> <br /> The important item here is to know what vulnerabilities exist in your application and document them, and or their remediation.<br /> <br /> <strong>Identify and document any false positives</strong><br /> If you are starting this late in the SDLC, it is still prudent to complete the design review before a code review.<br /> <br /> <strong>SAST Scans</strong><br /> third-party code identification – The DevOps team should be able to list the libraries, and common scripts used as well as their current version in use and the latest version available. For example, bootstrap.js or jquery-1.10.2.js or jquery-3.3.1.js<br /> <br /> In your SAST tools you should be able to identify these files/libraries<br /> <br /> As you isolate these files, prepare a report on the vulnerabilities of just the third-party code. To identify and evaluate known vulnerabilities in your third-party code, use sources such as:<br /> . National Vulnerability Database (NVD),<br /> . Common Weakness Enumeration (CWE)<br /> . Common Vulnerability and Exposures (CVE)<br /> . Common Vulnerability Scoring System (CVSS)<br /> <br /> <strong>third-party code risk acceptance</strong><br /> Included vulnerabilities from retire.js or blackduck<br /> A repository manager, e.g. something to block/allow specific binaries, build artifacts or release candidates should be used, like snoatype.<br /> <br /> Put the vulnerabilities into risk language ensure the business risk appetite is current.<br /> <br /> Engage the system/business owners as ultimately the risk is theirs to own.<br /> <br /> third-party code isolation - the intent here is to mask these findings so your developers can focus on “their” code and implement whatever bug/fix mechanism they need to.<br /> <br /> Some tools will allow you to identify errors by file name, others it will be by CWE, or tool or a combination.<br /> <br /> If the latter ensure a rule change doesn’t impact an “in-house developed” file.<br /> <br /> Baseline the code – this is the review process of “your” code with the aim of identifying both capability and architecture false positive findings.<br /> . Capability findings are related to the code itself, e.g. can changing the color of html be leveraged by attackers?<br /> . Architecture findings are related to the data flow diagram, see below<br /> . Consider a Software Composition Analysis tool, like veracode or blackduck.<br /> . Identify and document any false positives<br /> <br /> <strong>OS Scans</strong><br /> <br /> Scan the operating system and the application/web server configurations for vulnerabilities<br /> <br /> Use a scanning tool, e.g. NESSUS scans, PowerShell or Microsoft System Security Manager (SCCM).<br /> <br /> All of your systems should at least have the latest security updates installed.<br /> <br /> The key is to validate your systems are hardened with updated patches and baseline configuration settings as this is both a potential audit finding and a compensating control for risk.<br /> <br /> Identify and document any false positives<br /> <br /> Ideally this would all be viewable in a single pane of glass application. There are some out there.<br /> <br /> <strong>IAST scans (Optional)</strong><br /> <br /> IAST There is another function called an Interactive Application Security Test (IAST) such as synopsis, or contra security solutions. These tools leverage some sort of agent or software instrumentation, or the use of instruments in order to monitor an application as it runs and gather information about what it does and how it performs.<br /> <br /> A variation on this is a Runtime Application Self-Protection (RASP) which works like an application firewall.<br /> <br /> Identify and document any false positives<br /> <br /> <strong>DAST scans</strong><br /> <br /> Conduct dynamic scans of your application using a Dynamic Application Security Test (DAST) tool.<br /> <br /> The DAST tool scans can be credentialed (authenticated user accounts) or non-credentialed (without authentication), depending on the web application. There are various tools such as: IBM AppScan, (Fortify)WebInspect, Rapid7 AppSpider/Nexpose, PortSwinger Burp Suite<br /> <br /> Identify and document any false positives<br /> <br /> Was the scan invasive, planned based on where the application can go?<br /> <br /> Compliment the automated tool scans with some manual vulnerability tests, such as user privilege escalations on the critical functions of the application.<br /> <br /> Your test cases should be both successes, what a user should be able to do, and failures, what they should not be able to do.<br /> <br /> The results should be correlated with your SAST/IAST and OS scanning tools. The aim here is a consolidated single report from which an accurate assessment of the risk can be produced.<br /> <br /> Put the vulnerabilities into risk language ensure the business risk appetite is current.<br /> <br /> Engage the system/business owner as ultimately the risk is theirs to own.<br /> <br /> <strong>Risk analysis</strong><br /> <br /> Risk Register – what? You don’t have a register yet? Seriously, you need to have a risk register. Document your risks!<br /> <br /> Risk appetite: this is a statement of how much or how little risk the data owner or business will accept. This may also be referred to as a risk tolerance. Your organization may use the expression, risk retention, where organization acknowledges that the potential loss from the risk is not great enough to spend money to avoid it.<br /> <br /> Risk appetite - A target level of loss exposure that the organization views as acceptable, given business objectives and resources<br /> <br /> Risk tolerance - The degree of variance from the organization’s risk appetite that the organization is willing to tolerate or retain.<br /> <br /> Neither IT or security specifically own risk, rather they make decisions based on the business’ comfort with risk.<br /> <br /> You cannot make a risk decision without this information.<br /> <br /> AOR – acceptance or acknowledgement of risk. Someone, like the data owner or business needs to acknowledge two things:<br /> 1) That there is inherent risk to using third-party code<br /> 2) The overall risk of the application, less the compensating controls and documented false positives.<br /> <br /> This could be in one or more documents. Having it in two documents might make it an easier pill to swallow.<br /> <br /> Consolidate the actual risks with the false positives. Prepare a risk document for management to review and take action on.<br /> Some organizations will prefer two AOR documents; one for the third-party software and one for the overall application.<br /> <br /> <strong>Single pane of glass:</strong><br /> <br /> Do you have a tool to bring together the reports from these tools? There are some, and it makes the overall process easier, but it could create complexity if you can’t filter out the OS vulnerabilities to show the application development team or conversely the application vulnerabilities to show the operations team.<br /> <br /> <strong>Risks:</strong><br /> <br /> You could get a lot of pushback from developers, or operations staff for doing this. You could get pushback from the business for this as well.<br /> <br /> The trick to doing application security is to present the vulnerabilities and their risk level in the context of the known risk appetite. You don’t want to be “Mr. No”, rather you want to partner with business and show them, not that way, but this way is better.</p></div>Top Emerging Indian Cyber Security Vendors in 2018https://www.cisoplatform.com/profiles/blogs/top-emerging-indian-cyber-security-vendors-in-20182019-11-28T09:30:00.000Z2019-11-28T09:30:00.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div><ul>
<li>We have completed our selection of the final list of <strong>Top Indian Cyber Security Vendors to look out for in 2018</strong> from all the vendors nationwide. Believe me this was not easy & we don’t claim this is exhaustive list as it probably will never be. But still we gave our best to give you the top guns who are uniquely innovative.</li>
<li><strong>Let’s have a look at the top Indian Cyber Security Vendors </strong></li>
</ul>
<p> </p>
<p><a href="https://www.firecompass.com/security/vendors/appknox"><img class="size-medium wp-image-8254 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/08/appknox-logo-300x70.png" alt="" width="300" height="70" /></a></p>
<ul>
<li>Appknox is an Indian cyber security company that aims at helping businesses and developers make their mobile applications more secure. Using our cloud-based security solution, businesses can conduct regular and quick security audits, know what security loopholes exist in their apps and also fix them with the suggestions we provide. Thei security experts are working continuously to out-think and outsmart unethical hackers that exploit different cyber channels to provide a safe operating environment for businesses. they have worked with companies around the globe in various spaces like banking, e-commerce, mobile wallets, healthcare, BYOD, and 3rd party apps in an effort to build a safe and secure mobile ecosystem. To know more:<a href="https://www.firecompass.com/security/vendors/appknox">https://www.firecompass.com/security/vendors/appknox</a></li>
</ul>
<p><strong> </strong></p>
<p> </p>
<p><a href="https://www.firecompass.com/security/vendors/halt-dos-pvt-ltd-"><img class="size-medium wp-image-8255 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/08/haltdos-300x109.png" alt="" width="300" height="109" /></a></p>
<p></p>
<ul>
<li>HaltDos is an award-winning network security company. It is an off-spring of AKS Information Technology Services Pvt. Ltd. AKS IT is CERT-IN empanelled Auditing organization providing Web and Mobile application security auditing, Network Security auditing and Industrial Control System Auditing. HaltDos cloud proxy is India’s first comprehensive DDoS mitigation solution that ‘Detects, Mitigates & Monitors’ web applications on a continuous basis to protect from hackers. They have over a decade long experience in providing security solutions to 4000+ customers across the world. They bring this expertise and our 24x7x365 support to provide the most comprehensive security solutions as a service (SaaS). HaltDos in partnership with Amazon Web Services (AWS) provides cloud based DDoS mitigation solution in all AWS regions across the world. To know more: <a href="https://www.firecompass.com/security/vendors/halt-dos-pvt-ltd-">https://www.firecompass.com/security/vendors/halt-dos-pvt-ltd-</a></li>
</ul>
<p> </p>
<p> </p>
<p><a href="https://www.firecompass.com/security/vendors/indusface"><img class="wp-image-8256 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/08/Indusface-300x207.jpg" alt="" width="198" height="137" /></a></p>
<ul>
<li>Indusface is an award-winning application security leader protecting 900+ global customers with our unique Total Application Security platform that detects, protects, and monitors applications. Our Total Application Security solution is available On-Premise, As A Service and through the AWS Marketplace. Mentioned in the Gartner Magic Quadrants for Application Security Testing and Web Application Firewall, Indusface has won major startup awards in the last 12 months including the NASSCOM-DSCI ‘Security Product Company’ Award, iSpirit’s ‘InTech50 Most Innovative Products from India’ and AWS ‘Regional Innovation Partner: Technology Award’. In the past few years, Indusface has also won several other awards like Deloitte Technology Fast 50 India and 500 Asia, NASSCOM Emerge 50, Red Herring Top 100 Asia and InTech50. To know more: <a href="https://www.firecompass.com/security/vendors/indusface">https://www.firecompass.com/security/vendors/indusface</a></li>
</ul>
<p> </p>
<p> </p>
<p><a href="https://www.firecompass.com/security/vendors/innefu"><img class="alignnone wp-image-8257 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/08/innefu-logo-300x140.png" alt="" width="255" height="119" /></a></p>
<ul>
<li>Innefu is an Information Security R&D startup, providing cutting edge Information Security & Data Analytics solutions. We count among our clients the biggest corporate entity in the country apart from some of the most sensitive and critical organizations in Government of India. With more than 100+ customers using our Information Security and Data Analytics solutions, the company has become a leading player in the space of Artificial Intelligence for Data Analytics and Multifactor Authentication. To know more: <a href="https://www.firecompass.com/security/vendors/innefu">https://www.firecompass.com/security/vendors/innefu</a></li>
</ul>
<p><strong> </strong></p>
<p> </p>
<p><a href="https://www.firecompass.com/security/vendors/instasafe"><img class="size-medium wp-image-8258 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/08/InstaSafe-Light-Bg-Horizontal-300x93.png" alt="" width="300" height="93" /></a></p>
<ul>
<li>Instasafe Technologies is a leading Cloud based Security-as-a-Service solution provider delivering comprehensive and uncompromising protection to mobile and remote workers enabling them to safely and securely access enterprise apps, email and web from anywhere on any network. Unlike appliance based solutions Instasafe offers a hardware free, zero configuration, self-service style, fully redundant Security-as-Service which could be deployed in minutes with comprehensive reporting. To know more:<a href="https://www.firecompass.com/security/vendors/instasafe"> https://www.firecompass.com/security/vendors/instasafe</a></li>
</ul>
<p> </p>
<p> </p>
<p><img class="wp-image-8259 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/08/3-300x87.png" alt="" width="372" height="108" /></p>
<ul>
<li>Khika is a next generation SIEM which combines the real time alerting and dashboarding of conventional SIEM with the power of big data to enable historical correlation and search to identify and contain such threats. Khika SIEM is an Indian cyber security vendor which consumes the logs generated by your active directory, firewall, antivirus, web application firewall, web proxy, applications etc. to give you intelligence on security threats, compliance gaps and policy violations, infrastructure troubleshooting, user behaviors and more. This enables you to have a single platform for your security analytics and improves the security posture.</li>
</ul>
<div><a href="https://www.firecompass.com/blog/free-supplier-security-assessment-questionnaire/" target="_blank">READ MORE >> Free Supplier Security Assessment Questionnaire</a></div>
<p> </p>
<p> </p>
<p><a href="https://www.firecompass.com/security/vendors/kratikal-tech-pvt-ltd"><img class="size-medium wp-image-8260 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/08/cropped-kratikal-logo-M-300x96.png" alt="" width="300" height="96" /></a></p>
<ul>
<li>Kratikal is an end to end Indian cyber security solutions provider. It is the trusted partner for enterprises and individuals, seeking to protect their brand, business and dignity from baffling cyber attacks. They have been involved in design, implementation of information security management system since the time, standards were adopted by industry. They approach IT security, cyber crime and penetration testing use cases from enterprise risk management perspective. Kratikal provide a complete suite of manual and automated security testing services as well as security auditings like PCI DSS, HIPAA and ISO 27000 series. To know more :<a href="https://www.firecompass.com/security/vendors/kratikal-tech-pvt-ltd">https://www.firecompass.com/security/vendors/kratikal-tech-pvt-ltd</a></li>
</ul>
<p> </p>
<p><strong> </strong><img class="size-medium wp-image-8297 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/09/logo-yello-1-300x120.png" alt="" width="300" height="120" /> </p>
<ul>
<li>DNIF, a product of NETMONASTERY offers solutions to the world’s most challenging cybersecurity problems. Recognized by Gartner and used by some of the well-known global companies like PwC, Vodafone and Tata, this next generation analytics platform combines Security and Big Data Analytics to provide real-time threat detection and analytics to the most critical data assets on the Internet. With over a decade of experience in threat detection systems, DNIF has one of the fastest query response times and bridges the gap between searching, processing, analyzing and visualizing data thereby enabling companies with better SOC (Security Operations Center) management. To know more:<a href="https://www.firecompass.com/security/vendors/dnif-product-of-netmonastery-"> https://www.firecompass.com/security/dnif-product-of-netmonastery/</a></li>
</ul>
<p> </p>
<p> </p>
<p><img class="size-medium wp-image-8265 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/08/Seqrite_logo-300x117.png" alt="" width="300" height="117" /></p>
<ul>
<li>Seqrite is a world-class Enterprise Security brand defined by innovation and simplicity. Their solutions are a combination of intelligence, analysis of applications and state-of-the-art technology, and are designed to provide better protection for our customers. Seqrite is backed by Quick Heal’s cutting-edge expertise of producing cyber security solutions for over two decades. Their products help secure the networks used by millions of customers in more than 80 countries.</li>
</ul>
<p> </p>
<p><strong> </strong></p>
<p><a href="https://www.firecompass.com/security/vendors/shieldsquare"><img class="size-medium wp-image-8266 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/08/shieldsquare-logo-high-300x66.png" alt="" width="300" height="66" /></a></p>
<p> </p>
<ul>
<li>ShieldSquare is one of the pioneers in bot mitigation and bot management space. They provide a real-time bot mitigation solution that protects enterprises by detecting and responding to automated attacks generated by scripts (bots). Their solution can be integrated into diverse technology infrastructures within minutes. We have been instrumental in raising the industry bar for highest accuracy, lowest latency, and zero false-positives. ShieldSquare processes billions of page requests every month. To know more: <a href="https://www.firecompass.com/security/vendors/shieldsquare">https://www.firecompass.com/security/vendors/shieldsquare</a></li>
</ul>
<p> </p>
<p> </p>
<p><a href="https://www.firecompass.com/security/vendors/smokescreen"><img class="wp-image-8267 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/08/logo8-300x60.png" alt="" width="375" height="75" /></a></p>
<ul>
<li>Smokescreen was founded in 2015 to create the next generation of Indian cyber security detection and response systems. Our proprietary ILLUSIONBLACK platform detects, deflects and defeats advanced hackers in a manner that is false-positive free, and easy to implement. It effectively handles multiple avenues of attack and the limited response capabilities that most companies have. This deception based ‘active defense’ philosophy is the result of decades of experience securing the most highly targeted organizations in the world against advanced threats , and has proved its effectiveness time and again in the real world. To know more : <a href="https://www.firecompass.com/security/vendors/smokescreen">https://www.firecompass.com/security/vendors/smokescreen</a></li>
</ul>
<div id="firec-2110483133" class="firec-generic-ad"><p></p>
</div></div>Top Emerging Cyber Security Vendors To Look Out For In 2018https://www.cisoplatform.com/profiles/blogs/top-emerging-cyber-security-vendors-to-look-out-for-in-20182019-11-28T11:30:00.000Z2019-11-28T11:30:00.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div><ul>
<li><span>Looking for Top Emerging Companies in the Cyber Security Industry? FireCompass presents 50 Emerging Cyber Security Vendors to look out for in 2018. We don’t claim this is exhaustive list because there might be a possibility that we might have missed some of the products. But still we gave our best to give you the top guns who are uniquely innovative in their area of expertise.</span></li>
<li><span>Lets have a look at 50 Emerging Cyber Security Vendors for year 2018:</span></li>
</ul>
<p> </p>
<p><a href="https://www.firecompass.com/security/vendors/acalvio-technologies"><strong><span style="font-size:12pt;">Acalvio T</span><span style="font-size:12pt;">echnologies</span></strong></a></p>
<p><a href="https://www.firecompass.com/security/vendors/acalvio-technologies"><img class="acalvio-firecompass-emerging-vendors-2018 aligncenter wp-image-7455 size-medium align-center" title="acalvio-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/04/acalvio_1_-300x107.jpg" alt="acalvio-firecompass-emerging-vendors-2018" width="300" height="107" /></a></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/acalvio-technologies"><strong>Acalvio</strong></a> is an innovator in delivering Advanced Defense solutions using a combination of Distributed Deception and Data Science technologies. Led by a seasoned team of security, networking, data science professionals, Acalvio allows security practitioners in detecting, engaging and responding to malicious activity with high precision in a timely and cost-effective fashion. Acalvio was selected as one of the top cyber security company at RSA Innovation Sandbox 2018. To know more:<a href="https://www.firecompass.com/security/vendors/acalvio-technologies"> https://www.firecompass.com/security/vendors/acalvio-technologies</a></li>
</ul>
<p></p>
<p> </p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Aporeto</strong></span></p>
<p><img class="aporeto-firecompass-emerging-vendors-2018 aligncenter wp-image-7984 size-medium align-center" title="aporeto-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Aporeto-300x70.png" alt="aporeto-firecompass-emerging-vendors-2018" width="300" height="70" /></p>
<ul>
<li><span><strong>Aporeto</strong> is a Zero Trust security solution for microservices, containers and the cloud. Fundamental to Aporeto’s approach is the principle that everything in an application is accessible to everyone and could be compromised at any time. Aporeto uses identity context, vulnerability data, threat monitoring and behavior analysis to build and enforce authentication, authorization and encryption policies for applications. With Aporeto, enterprises implement a uniform security policy decoupled from the underlying infrastructure, enabling workload isolation, API access control and application identity management across public, private or hybrid cloud.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/aqua-security-inc-"><strong>Aqua Security</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/aqua-security-inc-"><img class="aqua-firecompass-emerging-vendors-2018 aligncenter wp-image-7985 size-medium align-center" title="aqua-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/aqua_security-300x108.png" alt="aqua-firecompass-emerging-vendors-2018" width="300" height="108" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/aqua-security-inc-">Aqua Security</a></strong> provides scalable security for the complete development-to-deployment lifecycle of containerized applications. It enable companies to use containers for their many benefits without compromising their application and data security.</span> <span>It helps enterprises to secure their virtual container environments from development to production, accelerating container adoption and bridging the gap between DevOps and IT security.</span><span>Aqua’s Container Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks, providing transparent, automated security while helping to enforce policy and simplify regulatory compliance. </span> </li>
</ul>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Armis</strong></span></p>
<p><img class="armis-firecompass-emerging-vendors-2018 aligncenter wp-image-7988 size-medium align-center" title="armis-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/armis-1-300x86.png" alt="armis-firecompass-emerging-vendors-2018" width="300" height="86" /></p>
<ul>
<li><span><strong>Armis Security</strong> is an agentless IoT security solution that lets enterprises see and control any device or network. It eliminates the IoT security blind spot, letting enterprises instantly see and control unmanaged or rogue devices and networks. It specializes in IoT Security, network security, mobile security, DDoS, wireless security, Botnets, and Ransomware.</span></li>
</ul>
<p> </p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/attivo-networks">Attivo Networks</a></strong></span><a href="https://www.firecompass.com/security/vendors/attivo-networks"><img class="attivo-firecompass-emerging-vendors-2018 aligncenter wp-image-7990 size-full align-center" title="attivo-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Attivo_Corp_Logo-e1530009474879.png" alt="attivo-firecompass-emerging-vendors-2018" width="204" height="102" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/attivo-networks">Attivo Networks®</a></strong> is an award-winning leader in deception technology for real-time detection, analysis, and acceleration of incident response to cyber-attacks. The Attivo ThreatDefend™ Deception and Response Platform provides early detection of advanced, stolen credential, ransomware, and phishing attacks that are inside user networks, data centers, clouds, IoT and ICS-SCADA environments. By deceiving attackers into revealing themselves, comprehensive attack analysis is efficiently gathered, actionable alerts raised, and response actions automated with prevention system integrations. </span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/avanan-inc-">Avanan</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/avanan-inc-"><img class="avanan-firecompass-emerging-vendors-2018 aligncenter wp-image-7991 size-medium align-center" title="avanan-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/avanan--300x104.png" alt="avanan-firecompass-emerging-vendors-2018" width="300" height="104" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/avanan-inc-">Avanan</a></strong> operates a cloud-based platform to provide security solutions for public, SaaS-based applications. The product is designed for organizations that need to monitor and protect their employees’ use of the cloud.</span> <span>AVANAN protects your data in the cloud with the same industry-leading security you trust in your datacenter. The cloud-based platform is completely out-of-band, requires no proxy, and can be deployed in just 10 minutes. It provides seamless policy governance across users and data in the cloud. </span></li>
</ul>
<p> </p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Awake Security</strong></span></p>
<p><img class="awake-firecompass-emerging-vendors-2018 aligncenter wp-image-7992 size-medium align-center" title="awake-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/awake-security-300x64.png" alt="awake-firecompass-emerging-vendors-2018" width="300" height="64" /></p>
<ul>
<li><span>The <strong>Awake Security</strong> Investigation Platform enables rapid, iterative and conclusive alert investigations as well as threat hunting by placing the context that security teams need at their fingertips. Gathering this context manually, if even possible, can take hours of combing through dozens of data sources. Awake reduces time-to-truth to mere minutes with a quick-to-deploy, no tuning required, platform that builds on more than two years of R&D with over 200 security teams.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><strong>Balbix</strong></span></p>
<p><img class="balbix-firecompass-emerging-vendors-2018 aligncenter wp-image-8078 size-medium align-center" title="balbix-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/balbix-300x114.png" alt="balbix-firecompass-emerging-vendors-2018" width="300" height="114" /></p>
<ul>
<li><strong>Balbix</strong>’s predictive breach risk platform is the industry’s first system to leverage predictive analytics and AI to provide enterprises with a comprehensive and continuous risk and resilience calculation visualized via a searchable and clickable heat map. We designed our platform for CIOs, CISOs and IT security teams who wish to proactively understand their breach risk and cyber-resilience. The Balbix system can predict critical breach scenarios, help users prioritize security operations and projects, and ultimately improve cyber-resilience.</li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/bastille"><strong>Bastille</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/bastille"><img class="bastille-firecompass-emerging-vendors-2018 aligncenter wp-image-7993 size-medium align-center" title="bastille-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/bastille-300x105.png" alt="bastille-firecompass-emerging-vendors-2018" width="300" height="105" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/bastille">Bastille</a></strong> is revolutionizing the way Enterprises approach security. As new threats emerge from the Internet of Things, Bastille is the only solution offering full spectrum scanning of the entire corporate airspace, delivering an unprecedented view of wireless risks before they have a chance to impact networks, people or assets. This visibility, combined with machine learning and behavioral analytics, provides a holistic view of wireless environments, complimenting Wi-Fi and traditional security architectures. </span></li>
</ul>
<p></p>
<p></p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/bigid-inc-">BigID</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/bigid-inc-"><img class="bigid-firecompass-emerging-vendors-2018 aligncenter wp-image-2307 align-center" title="bigid-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2017/04/BigID-e1530620508451.jpg" alt="bigid-firecompass-emerging-vendors-2018" width="244" height="106" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/bigid-inc-">BigID</a> </strong>is transforming enterprise protection and privacy of personal data. Organizations are facing record breaches of personal information and proliferating global privacy regulations with fines reaching 4% of annual revenue. Today enterprises lack dedicated purpose-built technology to help them track and govern their customer data for regulations like GDPR. By bringing data science to data privacy, BigID aims to give enterprises the software to safeguard and steward the most important asset organizations manage: their customer data. To know more </li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/bricata">Bricata</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/bricata"><img class="bricata-firecompass-emerging-vendors-2018 aligncenter wp-image-7996 align-center" title="bricata-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Bricata-Blog-Header-e1530010164181-300x55.png" alt="bricata-firecompass-emerging-vendors-2018" width="404" height="74" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/bricata">Bricata</a></strong> network security solutions deliver innovative next generation intrusion prevention, advanced threat detection and analysis, and threat hunting to enable large organizations to actively pursue and identify advanced, persistent, and coordinated attacks. A specialized component-based approach to today’s attacks has left organizations with a stack of tools to manage that provide a patchwork of uncorrelated data, leaving penetrable gaps and inconsistent security policies. The Bricata platform provides organizations with process automation, streamlining operations with the most effective, affordable solution for situational awareness and proactive threat defense, reducing complexity, dwell time and time to containment. To know more: </span></li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><strong>Capsule8</strong></span></p>
<p><img class="capsule8-firecompass-emerging-vendors-2018 aligncenter wp-image-7997 size-medium align-center" title="capsule8-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/capsule8-300x90.png" alt="capsule8-firecompass-emerging-vendors-2018" width="300" height="90" /></p>
<ul>
<li><span><strong>Capsule8</strong> is developing the industry’s first and only threat prevention and response platform purpose-built for cloud-native environments. Founded in 2016 by experienced hackers and seasoned security entrepreneurs, and funded by Bessemer Venture Partners, Capsule8 is making it possible for Linux-powered enterprises to modernize without compromise.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/cato-networks">Cato Networks</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/cato-networks"><img class="cato-firecompass-emerging-vendors-2018 aligncenter wp-image-8080 size-medium align-center" title="cato-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/download-300x125.png" alt="cato-firecompass-emerging-vendors-2018" width="300" height="125" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/cato-networks">Cato Networks</a></strong> provides organizations with a cloud-based and secure global SD-WAN. They deliver an integrated networking and security platform that securely connects all enterprise locations, people and data. The Cato Cloud reduces MPLS connectivity costs, eliminates branch appliances, provides direct, secure Internet access everywhere, and seamlessly integrates mobile users and cloud infrastructures into the enterprise network. Based in Tel Aviv, Israel, Cato Networks was founded in 2015 by cyber security luminary Shlomo Kramer, who previously cofounded Check Point Software Technologies and Imperva, and Gur Shatz, who previously cofounded Incapsula. </li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/cryptomove-inc-">CryptoMove</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/cryptomove-inc-"><img class="cryptomove-firecompass-emerging-vendors-2018 aligncenter wp-image-8081 size-medium align-center" title="cryptomove-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/cryptomove-300x115.png" alt="cryptomove-firecompass-emerging-vendors-2018" width="300" height="115" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/cryptomove-inc-">CryptoMove</a></strong> provides decentralized moving target data protection as a service. The #1 risk to data is that it is a centralized and stationary target. Today’s data at rest protection methods have not changed in decades, are too difficult to implement, suffer from poor UX, don’t deliver value to end-users, and fail to address many threats to data including exfiltration, corruption, destruction, and ransomware. CryptoMove’s patented platform flips attack-defense asymmetry and provides crown jewel protection as a service.</li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/cryptomove-inc-"><strong>Cyber adapt</strong></a></span></p>
<p><img class="cyberadapt-firecompass-emerging-vendors-2018 aligncenter wp-image-7999 align-center" title="cyberadapt-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Cyber-adAPT-300x51.png" alt="cyberadapt-firecompass-emerging-vendors-2018" width="412" height="70" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/cryptomove-inc-"><strong>Cyber adAPT®</strong></a>’s technology aims at protecting critical business assets by helping companies detect the presence of sophisticated adversaries hiding inside enterprise networks.Since the majority of available security tools have been deployed to safeguard against anticipated threats rather than alerting on suspicious “inside” activities, Cyber adAPT® is on a mission to not only educate about the growing scope of the threat ecosystem, but also to help ensure that the security postures and practices companies around the world adopt are sufficient and work holistically to protect their digital property as well as their reputation.<a href="https://www.firecompass.com/security/vendors/cryptomove-inc-"></a></li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/cybergrx"><b>CyberGRX</b></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/cybergrx"><img class="cyberGRX-firecompass-emerging-vendors-2018 aligncenter wp-image-7459 size-full align-center" title="cyberGRX-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/04/cybergrx_finallogo_stacked_fullcolor.jpg" alt="cyberGRX-firecompass-emerging-vendors-2018" width="268" height="137" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/cybergrx">CyberGRX</a> </strong>provides enterprises and their third parties with the most cost-effective and scalable approach to third-party cyber risk management today. Built on the market’s first third-party cyber risk Exchange, CyberGRX arms organizations with a dynamic stream of third party-data and advanced analytics so they can efficiently manage, monitor and mitigate risk in their partner ecosystems. Based in Denver, CO, CyberGRX was designed with partners including ADP, Aetna, Blackstone and Mass Mutual, and is backed by Allegis Capital, Bessemer Venture Partners, Blackstone, ClearSky, GV (formerly Google Ventures), MassMutual Ventures, Rally Ventures and TenEleven Ventures. CyberGRX is chosen among top cyber security company as finalists at RSA Innovation Sandbox 2018 for showcasing innovative excellence.<a href="https://www.firecompass.com/security/vendors/cybergrx"></a></li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/deep-instinct"><strong>Deep Instinct</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/deep-instinct"><img class="deepinstinct-firecompass-emerging-vendors-2018 aligncenter wp-image-8002 size-medium align-center" title="deepinstinct-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Deepinstict-300x60.png" alt="deepinstinct-firecompass-emerging-vendors-2018" width="300" height="60" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/deep-instinct">Deep Instinct</a></strong> is the first company to apply deep learning to cyber security. It’s artificial brain learns to detect any type of cyber threat, its prediction capabilities become instinctive. As a result, zero-day and APT attacks are detected and prevented in real-time with unmatched accuracy. They bring a completely new approach to cyber security that is proactive and predictive. Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices. </span> </li>
</ul>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/ensilo"><strong>ensilo</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/ensilo"><img class="ensilo-firecompass-emerging-vendors-2018 aligncenter wp-image-8003 size-medium align-center" title="ensilo-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/enSilo-logo-300x145-300x145.jpg" alt="ensilo-firecompass-emerging-vendors-2018" width="300" height="145" /></a></p>
<ul>
<li><span><a href="https://www.firecompass.com/security/vendors/ensilo"><strong>enSilo</strong></a> delivers the first complete endpoint security platform providing pre- and post-infection protection in real-time, defending endpoint devices from data tampering and breaches caused by advanced malware. enSilo provides security operators with an intuitive way to manage, orchestrate and automate prevention, detection, response and remediation tasks. A single lightweight agent combines enSilo’s Next Generation AntiVirus (NGAV) and automated Endpoint Detection and Response (EDR) with real-time blocking to deliver a multi-layered defense strategy that can be managed from the cloud or on premise. enSilo strives to make self-defending endpoint security cost-effective so virtually any enterprise can ensure business continuity. </span></li>
</ul>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/exabeam"><strong>Exabeam</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/exabeam"><img class="exabeam-firecompass-emerging-vendors-2018 aligncenter wp-image-8005 size-medium align-center" title="exabeam-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/exabeam-e1530011172294-300x71.png" alt="exabeam-firecompass-emerging-vendors-2018" width="300" height="71" /></a></p>
<ul>
<li><span><a href="https://www.firecompass.com/security/vendors/exabeam"><strong>Exabeam</strong></a> provides security intelligence and management solutions to help organizations of any size protect their most valuable information. The Exabeam Security Intelligence Platform uniquely combines unlimited data collection at a predictable price, machine learning for advanced analytics, and automated incident response into an integrated set of products. The result is the first modern security intelligence solution that delivers where legacy SIEM vendors have failed.</span> </li>
</ul>
<p></p>
<p></p>
<p><span style="font-size:12pt;"><strong>Fortanix</strong></span></p>
<p><img class="fortanix-firecompass-emerging-vendors-2018 aligncenter wp-image-8006 size-medium align-center" title="fortanix-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/fortanix-300x66.png" alt="fortanix-firecompass-emerging-vendors-2018" width="300" height="66" /></p>
<ul>
<li><span><strong>Fortanix</strong> is building a new category Runtime Encryption using Intel SGX. Just like encryption today protects data at rest and data during motion, Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats including malicious insiders, cloud providers, OS-level hacks and network intruders. Customer gets deterministic security, unlike existing leaky security, which means their applications and data remain completely protected regardless of how the attacks originate and how root credentials are compromised.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/greathorn"><strong>GreatHorn</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/greathorn"><img class="greathorn-firecompass-emerging-vendors-2018 aligncenter wp-image-8082 size-medium align-center" title="greathorn-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/greathorn-300x56.png" alt="greathorn-firecompass-emerging-vendors-2018" width="300" height="56" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/greathorn">GreatHorn</a></strong> has cloud-native security platform for post-perimeter threat detection and response, natively integrated into G Suite, Office 365, Slack, and more. Provides enterprise security solutions for email, chat, and threat detection across multiple communication channels.Attacks on cloud email, chat, and collaboration tools are responsible for more than 90% of all data breaches. GreatHorn helps companies secure these platforms from advanced threats, simplify governance and compliance requirements, and communicate with confidence. </li>
</ul>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Hysolate</strong></span></p>
<p><img class="hysolate-firecompass-emerging-vendors-2018 aligncenter wp-image-8008 align-center" title="hysolate-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/hysolate_1_-300x34.jpg" alt="hysolate-firecompass-emerging-vendors-2018" width="309" height="35" /></p>
<ul>
<li><span><strong>Hysolate</strong> is re-architecting enterprise endpoints, resolving the conflict between security and productivity.</span> <span>With roots in the elite technology units of Israeli defense and in world-class enterprise software companies, the Hysolate team knows all about cyber security offense/defense and the daily challenges of enterprise IT. They’ve been building enterprise software for decades and are passionate about disrupting the traditional thinking about endpoints, cyber security and IT.</span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>iguazio</strong></span></p>
<p><img class="iguazio-firecompass-emerging-vendors-2018 aligncenter wp-image-8009 size-medium align-center" title="iguazio-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/iguazio-logo-1-e1530011601419-300x95.png" alt="iguazio-firecompass-emerging-vendors-2018" width="300" height="95" /></p>
<ul>
<li><span><strong>iguazio</strong> digitally transforms business value by streamlining data volumes to create actionable insights. Through its Continuous Data Platform for Real-time Applications, iguazio simplifies the development and deployment of data-driven applications to extend the cloud experience at the edge and on-premises. iguazio is a driving force in industries pertaining to manufacturing, smart mobility, the Internet of Things, media and cyber security.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/illumio"><strong>illumio</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/illumio"><img class="illumio-firecompass-emerging-vendors-2018 aligncenter wp-image-8017 size-medium align-center" title="illumio-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Illumio_logo-300x75.png" alt="illumio-firecompass-emerging-vendors-2018" width="300" height="75" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/illumio">Illumio</a></strong>, the leader in micro-segmentation, prevents the spread of breaches inside data center and cloud environments. Enterprises such as Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite use Illumio to reduce cyber risk and achieve regulatory compliance. The Illumio Adaptive Security Platform® uniquely protects critical information with real-time application dependency and vulnerability mapping coupled with micro-segmentation that works across any data center, public cloud, or hybrid cloud deployment on bare-metal, virtual machines, and containers. </span></li>
</ul>
<p></p>
<p></p>
<p><a href="https://www.firecompass.com/security/vendors/illusive-networks"><strong><span style="font-size:12pt;">Illusive Networks</span></strong></a></p>
<p><a href="https://www.firecompass.com/security/vendors/illusive-networks"><img class="illusive-firecompass-emerging-vendors-2018 aligncenter wp-image-8084 size-medium align-center" title="illusive-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/download-300x154.jpg" alt="illusive-firecompass-emerging-vendors-2018" width="300" height="154" /></a></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/illusive-networks"><strong>Illusive Networks</strong></a>, the leader in deception-based cyber security solutions, empowers security teams to preemptively harden their networks against advanced attackers, stop targeted attacks through early detection of lateral movement, and resolve incidents quickly. Agentless and intelligence-driven, Illusive technology significantly increases proactive defense capability with almost no operational overhead. Illusive’s Deceptions Everywhere® approach was pioneered by experts with decades of experience in cyber warfare and cyber intelligence. By proactively intervening in the attack process, technology-dependent organizations protect critical business assets and function with greater confidence in today’s complex, hyper-connected world.</li>
</ul>
<p></p>
<p><span style="font-size:14pt;"><strong><a href="https://www.cisoplatform.com/profiles/blogs/key-program-metrics-of-vulnerability-assessment" target="_blank">READ MORE >> Key Program Metrics of Vulnerability AssessmentIntsights</a></strong></span></p>
<p></p>
<p></p>
<div><span style="text-decoration:underline;font-size:12pt;"><strong>insights</strong></span></div>
<p><img class="wp-image-8143 size-medium aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/07/intsights-e1532004359225-300x103.jpg" alt="" width="300" height="103" /></p>
<ul>
<li>INTSIGHTS is an intelligence driven security provider, established to meet the growing need for rapid, accurate cyber intelligence and incident mitigation. Their founders are veterans of elite military cybersecurity and intelligence units, where they acquired a deep understanding of how hackers think, collaborate and act.They partner with organizations to boost their cybersecurity and remediate their cyberthreats. This is achieved through a subscription-based service which infiltrates the cyberthreat underworld to detect and analyze planned or potential attacks and threats that are specific to their partners.</li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Jask</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/jask"><img class="jask-firecompass-emerging-vendors-2018 aligncenter wp-image-8018 size-medium align-center" title="jask-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/JASK_logo-300x71.jpg" alt="jask-firecompass-emerging-vendors-2018" width="300" height="71" /></a></p>
<ul>
<li><span>Headed by industry leaders from ArcSight, Carbon Black, Cylance and the counter-intelligence community, JASK brings together decades of experience solving real-world SOC issues. Founded to address the technology gaps that restrict security modernization efforts, JASK is revolutionizing security operations to reduce organizational risk and improve efficiency through technology consolidation, enhanced AI and machine learning. JASK is backed by Dell Technologies Capital, TenEleven Ventures, Battery Ventures and Vertical Venture Partner. </span></li>
</ul>
<p></p>
<p> </p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Karamba Security</strong></span></p>
<p><img class="size-medium wp-image-8222 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/07/KarambaLogo-300x107.png" alt="" width="300" height="107" /></p>
<ul>
<li><span><strong>Karamba Security</strong> is a software company that focuses on securing automotive controllers and IoT devices from hackers in a simple, yet hermetic manner. It is led by a team comprised of security experts, serial entrepreneurs and business savvy executives with a track record of multiple IPOs and M&As.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="font-size:12pt;"><strong><a href="https://www.firecompass.com/security/vendors/menlo-security">Menlo Security</a></strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/menlo-security"><img class="menlosecurity-firecompass-emerging-vendors-2018 aligncenter wp-image-8020 size-medium align-center" title="menlosecurity-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/menlo-security-300x134.png" alt="menlosecurity-firecompass-emerging-vendors-2018" width="300" height="134" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/menlo-security">Menlo Security</a></strong>‘s patented Isolation Platform protects organizations from cyber attack by eliminating the threat of malware. The Platform isolates and executes all Web content in the cloud, enabling users to safely interact with websites, links and documents online without compromising security. Menlo Security is trusted by some of the world’s largest enterprises, including Fortune 500 companies and financial services institutions. </span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Obsidian Security</strong></span></p>
<p><img class="obsidian-firecompass-emerging-vendors-2018 aligncenter wp-image-8022 size-medium align-center" title="obsidian-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/obsidian-security-300x83.png" alt="obsidian-firecompass-emerging-vendors-2018" width="300" height="83" /></p>
<ul>
<li><span>Led by former founding team members of Cylance and Carbon Black, Obsidian Security is a Southern California technology company living at the intersection of cybersecurity, artificial intelligence, and hybrid-cloud environments. Backed by Greylock Partners, Obsidian Security is based in Newport Beach, CA.</span></li>
</ul>
<p></p>
<p> </p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>PerimeterX</strong></span></p>
<p><img class="perimeterx-firecompass-emerging-vendors-2018 aligncenter wp-image-8086 size-medium align-center" title="perimeterx-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/logo-300x75.png" alt="perimeterx-firecompass-emerging-vendors-2018" width="300" height="75" /></p>
<ul>
<li><strong>PerimeterX</strong> is a cyber security company that prevents automated web and mobile application attacks by detecting & protecting against malicious web behavior. To separate the actions of bots from those of normal users, PerimeterX uses artificial intelligence & machine learning to identify behaviors that are unlikely to represent human actions. This behavior based technology allows PerimeterX to detect and block the most sophisticated new forms of bot attacks in real-time with unparalleled accuracy. PerimeterX was named a Gartner Cool Vendor, and an AI 100 company by CBInsights, and was selected by DarkReading as Top 20 Cyber security Companies to Watch.</li>
</ul>
<p></p>
<p> </p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Preempt</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/preempt-security"><img class="preempt-firecompass-emerging-vendors-2018 aligncenter wp-image-8085 size-medium align-center" title="preempt-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/preempt-security_owler_20160302_205803_original-300x81.png" alt="preempt-firecompass-emerging-vendors-2018" width="300" height="81" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/preempt-security">Preempt</a></strong> was founded in 2014 by global security and networking experts with a passion for making IT security teams more effective in protecting their organizations from breaches and malicious insiders. They protects organizations by eliminating security threats. Threats are not black or white and the Preempt Platform is the only solution that preempts threats with continuous threat prevention that automatically adapts based on identity, behavior and risk. This ensures that both security threats and risky employee activities are responded to with the right level of security at the right time. The platform easily scales to provide comprehensive identity based protection across organizations of any size. </li>
</ul>
<p></p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/prevoty"><strong>Prevoty</strong></a></span><a href="https://www.firecompass.com/security/vendors/prevoty"><img class="prevoty-firecompass-emerging-vendors-2018 aligncenter wp-image-8023 size-medium align-center" title="prevoty-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/prevoty-300x80.png" alt="prevoty-firecompass-emerging-vendors-2018" width="300" height="80" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/prevoty">Prevoty</a></strong> provides a new RASP (runtime application self-protection) capability, enabling applications to protect themselves. Unlike traditional security approaches that try to defend against hackers at the network layer, Prevoty works inside the application itself and the analysis engine is smart enough to actively prevent anything malicious from executing. Prevoty is one of the most exciting new companies in the hot security market since, in addition to providing active protection and real-time threat intelligence, the technology can dramatically reduce the time and costs associated with implementation of a secure SDLC. </span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Qingteng</strong></span></p>
<p><img class="qinteng-firecompass-emerging-vendors-2018 aligncenter wp-image-8087 align-center" title="qinteng-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/04Qingteng-e1530688174675-300x78.jpg" alt="qinteng-firecompass-emerging-vendors-2018" width="331" height="86" /></p>
<ul>
<li><strong>Qingteng Cloud Security</strong> is a SaaS-based cloud security company in China. It is a China-based company that delivers server and cloud security based on Adaptive Security Architecture. Qingteng Cloud Security’s adaptive security platform can protect data on various cloud systems. Its technology can forecast, defend, and adapt to fend off new threats.</li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>ReFirm Labs </strong></span></p>
<p><img class="refirmlabs-firecompass-emerging-vendors-2018 aligncenter wp-image-7462 size-medium align-center" title="refirmlabs-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/04/rfl_1_-300x48.jpg" alt="refirmlabs-firecompass-emerging-vendors-2018" width="300" height="48" /></p>
<ul>
<li><strong>ReFirm Labs</strong> is an emerging leader in the IoT and connected device security space. With decades of experience securing devices for sensitive national security applications, our team has developed a new method for vetting and validating firmware that automates the process of detecting security flaws in connected devices and mitigating them. Our Centrifuge Platform is at the forefront of this approach and is the first to deliver this capability to the commercial market. Our technology is already helping global companies secure their products by testing their firmware during and after the development process, and monitor for new vulnerabilities.</li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/safebreach"><strong>SafeBreach</strong></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/safebreach"><img class="safebreach-firecompass-emerging-vendors-2018 aligncenter wp-image-8088 align-center" title="safebreach-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/download-1-e1530688727292-300x58.png" alt="safebreach-firecompass-emerging-vendors-2018" width="357" height="69" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/safebreach">SafeBreach</a></strong> helps answer the questions security leaders are being asked by their CEO/boards today – Are we secure?” and “Can a breach happen to us?” Their platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does. SafeBreach automatically executes breach methods with an extensive and growing Hacker’s Playbook of research and real-world investigative data. SafeBreach is funded by Sequoia Capital, Deutsche Telekom Capital, Hewlett Packard Pathfinder and investor Shlomo Kramer. </li>
</ul>
<p></p>
<p></p>
<p><a href="https://www.firecompass.com/security/vendors/securityscorecard"><strong><span style="font-size:12pt;">Security ScoreCard</span></strong></a></p>
<p><a href="https://www.firecompass.com/security/vendors/securityscorecard"><img class="securityscorecard-firecompass-emerging-vendors-2018 aligncenter wp-image-8025 align-center" title="securityscorecard-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/security-scorecard-300x55.png" alt="securityscorecard-firecompass-emerging-vendors-2018" width="393" height="72" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/securityscorecard">SecurityScorecard</a></strong> grading service helps organizations in an increasingly hyper-connected world better identify, understand and manage all key risks their cloud-based information systems and those of their partners face every second of every day. Its patented solution is the only automated method to monitor all key risk factors on a continuous, real-time basis. This means users will always know the security levels of every organization they work with or share data and be able to take action, quickly and easily. </span> </li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Shieldx</strong></span></p>
<p><img class="shieldx-firecompass-emerging-vendors-2018 aligncenter wp-image-8028 align-center" title="shieldx-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/shieldx-300x61.jpg" alt="shieldx-firecompass-emerging-vendors-2018" width="369" height="75" /></p>
<ul>
<li><span><strong>ShieldX</strong> is redefining cloud security to better protect organizations against cyber threats—regardless of where sensitive data resides or how it moves across public, private or multi-cloud environments. Organizations are using APEIRO to scale security and micro-segmentation on demand, support business innovation, meet compliance requirements and protect against the latest cyberattacks.</span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Shiftleft</strong></span></p>
<p><img class="shiftleft-firecompass-emerging-vendors-2018 aligncenter wp-image-8029 size-medium align-center" title="shiftleft-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/shiftleft-300x63.png" alt="shiftleft-firecompass-emerging-vendors-2018" width="300" height="63" /></p>
<ul>
<li><strong>ShiftLeft.io</strong> is developing a new model for protecting software. We limit the attack surface proactively by understanding the Security DNA of each new version of any application or micro-service to strengthen it. This helps businesses increase the speed at which issues resulting from non-conformance with security DNA of their apps can be identified and automatically triaged.</li>
</ul>
<p> </p>
<p></p>
<p><span style="font-size:12pt;"><a href="https://www.firecompass.com/security/vendors/shocard-inc-"><b>Shocard</b></a></span></p>
<p><a href="https://www.firecompass.com/security/vendors/shocard-inc-"><img class="shocard-firecompass-emerging-vendors-2018 aligncenter wp-image-8030 align-center" title="shocard-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/shocard.png" alt="shocard-firecompass-emerging-vendors-2018" width="184" height="184" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/shocard-inc-">ShoCard</a></strong> is a digital identity and authentication platform built on a public blockchain data layer, using public/private key encryption and data hashing to safely store and exchange identity data, which includes biometrics such as fingerprint, facial, iris and voice. ShoCard’s approach to identity is different than existing solutions in that the user owns and carries her own data within her mobile app and is the sole person who decides with whom to share it with and which pieces of identification to share. The blockchain in then used to validate that information and confirm other third parties who have definitively certified the identity of the user. There is no privately held central location that holds user’s private information and pieces of a user’s identification does not need to be spread in other services in order to authenticate or prove ownership of an account. </span></li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Signal Sciences</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/signal-sciences"><img class="signalsciences-firecompass-emerging-vendors-2018 aligncenter wp-image-8031 align-center" title="signalsciences-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/SignalSciences-e1530689787996-300x62.jpg" alt="signalsciences-firecompass-emerging-vendors-2018" width="358" height="74" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/signal-sciences">Signal Sciences</a></strong> Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform. Built by practitioners, for practitioners, it is the only solution that works seamlessly across any cloud and infrastructure. Signal Sciences customers include Under Armour, Etsy, Yelp/Eat 24, Datadog, WeWork and more.</span></li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Signifyd</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/signifyd"><img class="alignnone wp-image-8032 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/06/signifyd-logo-normal-300x43.png" alt="" width="328" height="47" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/signifyd">Signifyd</a></strong> is the world’s largest provider of Guaranteed Fraud Protection and was founded on the belief that e-commerce businesses should be able to grow without fear of fraud. They solve the challenges that growing e-commerce businesses persistently face: billions of dollars lost in chargebacks, customer dissatisfaction from mistaken declines, and operational costs due to tedious, manual transaction investigation. They Guaranteed Payments protect online retailers in the case of chargebacks, supported by a full-service machine-learning engine that automates fraud prevention allowing businesses to increase sales and open new markets while reducing risk. </span></li>
</ul>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Stackpath</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/stackpath"><img class="stackpath-firecompass-emerging-vendors-2018 aligncenter wp-image-8034 size-medium align-center" title="stackpath-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/stackpath-300x54.png" alt="stackpath-firecompass-emerging-vendors-2018" width="300" height="54" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/stackpath">StackPath</a></strong> is the intelligent web services platform for security, speed and scale. It is the first platform to unify enterprise security solutions by leveraging collaborative intelligence that makes each service smarter and more secure with every threat detected, in addition to vastly improving the customer experience. More than 30,000 customers, ranging from Fortune 100 companies to early stage startups already use StackPath technology. </span> </li>
</ul>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>StackRox</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/stackrox"><img class="stackrox-firecompass-emerging-vendors-2018 aligncenter wp-image-7464 size-medium align-center" title="stackrox-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/04/stackrox-300x95.jpg" alt="stackrox-firecompass-emerging-vendors-2018" width="300" height="95" /></a></p>
<ul>
<li><strong><a href="https://www.firecompass.com/security/vendors/stackrox">StackRox</a> </strong>helps enterprises secure their cloud-native applications at scale. It is the industry’s first detection and response platform that defends containers and microservices from new threats. StackRox enables security teams to visualize the container attack surface, expose malicious activity, and stop attacker activity. It combines a new security architecture, machine learning, and protective actions to disrupt attacks in real time and limit their impact. StackRox is the choice of Global 2000 enterprises and backed by Sequoia Capital, it is chosen among top cyber security companies as finalist at RSA Innovation Sandbox 2018. </li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Streamsets</strong></span></p>
<p><img class="streamsets-firecompass-emerging-vendors-2018 aligncenter wp-image-8035 size-medium align-center" title="streamsets-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/StreamSets-300x120.png" alt="streamsets-firecompass-emerging-vendors-2018" width="300" height="120" /></p>
<ul>
<li><span><strong>StreamSets</strong> is a big data startup that reinvents how enterprises deliver timely and trustworthy data to their critical applications. We’ve built the industry’s first data operations platform which makes it easy to both build and manage data movement architectures in the face of constant change. Our open source StreamSets Data Collector has been downloaded over 250,000 times and is in use at many of the world’s largest companies. We’re backed by top-tier Silicon Valley venture capital firms, including Accel Partners, Battery Ventures, Ignition Partners and New Enterprise Associates (NEA).</span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>ThreatQuotient</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/threatquotient"><img class="threatquotient-firecompass-emerging-vendors-2018 aligncenter wp-image-8016 align-center" title="threatquotient-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/Threatquotient-300x101.jpg" alt="threatquotient-firecompass-emerging-vendors-2018" width="330" height="111" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/threatquotient">ThreatQuotient™</a></strong> understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQ™, and cyber security situation room solution. ThreatQ Investigations, empower security teams with the context, customization and prioritization needed to make better decisions, accelerate detection and response, and advance team collaboration. Leading global companies use ThreatQuotient solutions as the cornerstone of their security operations and threat management system. </span> </li>
</ul>
<p></p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Trusona</strong></span></p>
<p><img class="trusona-firecompass-emerging-vendors-2018 aligncenter wp-image-8091 size-medium align-center" title="trusona-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/download-2-300x80.png" alt="trusona-firecompass-emerging-vendors-2018" width="300" height="80" /></p>
<ul>
<li><strong>Trusona</strong> is the leader in simply secure identity authentication. We developed the world’s first and only insured digital identity authentication solution and are leading a movement where there are no passwords to be created, remembered, stolen, or compromised. Where people are who they say they are – every time. Our solution takes a completely different approach. It is radically simple, and relies on patented technology that uses the unique nature of every interaction to assure the True Persona behind every digital interaction. Trusona. Simply Secured.</li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Twistlock</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/twistlock"><img class="twistlock-firecompass-emerging-vendors-2018 aligncenter wp-image-8011 align-center" title="twistlock-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/twistlock-300x72.png" alt="twistlock-firecompass-emerging-vendors-2018" width="317" height="76" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/twistlock">Twistlock</a></strong> is the leading provider of container and cloud native cyber security solutions for the modern enterprise. From precise, actionable vulnerability management to automatically deployed runtime protection and firewalls, Twistlock protects applications across the development lifecycle and into production. Purpose built for containers, serverless, and other leading technologies – Twistlock gives developers the speed they want, and CISOs the control they need. </span></li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>UnifyID</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/unifyid"><img class="aligncenter wp-image-8092 size-medium align-center" title="unifyid-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/07/download-3-300x64.png" alt="unifyid-firecompass-emerging-vendors-2018" width="300" height="64" /></a></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/unifyid"><strong>UnifyID</strong> </a> is building a revolutionary identity platform based on implicit authentication. Their solution allows people to identify themselves in a unique way that is extremely difficult to forge or crack. Best of all, they are doing it in a way that respects user privacy.They are developing a revolutionary new technique for authentication that relies on implicit authentication. These are factors that are unique to you but don’t require any user action, such as your location, your habits, and various signals from the devices you carry and the sensors around you. They use proprietary machine learning algorithms to discover what makes you unique and calculate a confidence level of how likely it is you based on these signals. </li>
</ul>
<p> </p>
<p></p>
<p><span style="text-decoration:underline;font-size:12pt;"><strong>Zerofox</strong></span></p>
<p><a href="https://www.firecompass.com/security/vendors/zerofox"><img class="aligncenter wp-image-8010 align-center" title="Zerofox-firecompass-emerging-vendors-2018" src="https://www.firecompass.com/wp-content/uploads/2018/06/zerofox-e1530011746904-300x74.png" alt="Zerofox-firecompass-emerging-vendors-2018" width="308" height="76" /></a></p>
<ul>
<li><span><strong><a href="https://www.firecompass.com/security/vendors/zerofox">ZeroFOX</a></strong> protects organizations from the risks introduced by social networking and digital communication platforms. In an age of constant connectivity and social sharing, users have become the primary target for the adversary. By continuously monitoring social platforms for cyber attacks, ZeroFOX protects organizations from the next generation of digital threats. Leveraging cutting edge technology and proven security practices, ZeroFOX provides both targeted protection and global insights. </span></li>
</ul></div>20 Emerging IT Security Vendors to Look Out for in RSA Conference 2018, USAhttps://www.cisoplatform.com/profiles/blogs/20-emerging-it-security-vendors-to-look-out-for-in-rsa-conference2019-11-29T07:00:00.000Z2019-11-29T07:00:00.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div><ul>
<li>We are here, once again, with our list of Top 20 Emerging IT Security Vendors from 500+ vendors attending <strong>RSAC 2018, <span class="aBn"><span class="aQJ">April 16 to 20</span></span> in San Francisco.</strong></li>
<li>BTW, We have also created a <strong>RSAC 1-Minute Itinerary tool</strong> for the ease of attendees, through which you can now navigate the maze of 500+ Vendors at RSAC Expo like a pro. </li>
</ul>
<h2><span style="font-size:18pt;"><strong>Emerging IT Security Vendors:</strong></span></h2>
<p>H<span style="font-size:12pt;">ere is the list of Top 20 Emerging IT Security vendors to watch out for:</span></p>
<p><strong><br /> <img class="aligncenter wp-image-7341 size-medium align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/barkly-e1522831069923-300x102.png" alt="FireCompass Emerging IT Security Vendors 2018" width="300" height="102" /></strong></p>
<ul>
<li><span><a href="https://www.firecompass.com/security/vendors/barkly">Barkly</a> provides organizations with the best defense against today’s evolving threat landscape. Barkly protects against exploits, file-based, and fileless attacks through its patented, multi-layered protection which combines behavioral analysis, CPU-level monitoring and Responsive Machine Learning™. Barkly is simple to deploy and manage through it’s cloud-based SaaS platform and has a unique approach to organization models which result in low false positives for customers.</span></li>
</ul>
<p></p>
<p> </p>
<p><img class="aligncenter wp-image-7366 size-medium align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/BlueTalom-300x86.jpg" alt="FireCompass Emerging IT Security Vendors 2018" width="300" height="86" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/bluetalon">BlueTalon</a> is a leading provider of Unified Data Access Control for big data and new data initiatives. The BlueTalon Policy Engine delivers precise, consistent, and dynamic user access controls to data across Hadoop, Spark, Cassandra, and traditional RDBMS. The BlueTalon Audit Engine provides a complete audit trail at the level of detail required for regulatory compliance and effective data security. Leading Fortune 100 companies rely on BlueTalon to eliminate security blind spots and gain visibility and control at the data layer, and BlueTalon has built strong partnerships with Dell EMC and Teradata to serve its customer base. BlueTalon is featured by Gartner in its Market Guide to Data-Centric Audit and Protection.</li>
</ul>
<p></p>
<p> </p>
<p><img class="aligncenter wp-image-7358 size-medium align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/Bricata-e1522830711307-300x49.jpg" alt="FireCompass Emerging IT Security Vendors 2018" width="300" height="49" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/bricata">Bricata</a> network security solutions deliver innovative next generation intrusion prevention, advanced threat detection and analysis, and threat hunting to enable large organizations to actively pursue and identify advanced, persistent, and coordinated attacks. A specialized component-based approach to today’s attacks has left organizations with a stack of tools to manage that provide a patchwork of uncorrelated data, leaving penetrable gaps and inconsistent security policies. The Bricata platform provides organizations with process automation, streamlining operations with the most effective, affordable solution for situational awareness and proactive threat defense, reducing complexity, dwell time and time to containment.</li>
</ul>
<p></p>
<p> </p>
<p><img class="aligncenter wp-image-7359 size-full align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/CounterCraft-e1522830693531.jpg" alt="FireCompass Emerging IT Security Vendors 2018" width="196" height="62" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/counter-craft">CounterCraft</a> provides a Distributed Deception Platform that allows customers to plan, deploy and manage automated counterintelligence campaigns. It runs across the breadth of their digital assets to discover targeted attacks with a real-time active response and zero false positives, due to its digital breadcrumbs. The solution plants decoys through a wide variety of technical and non-technical assets, such as false servers and fake data, to lure adversaries into thinking they are penetrating companies’ networks. With this innovative cybersecurity approach, CounterCraft can get information on attackers’ and their objectives while misdirecting them. It is a GCHQ Cyber Accelerator alumnus and is supported by the Spanish Ministry of Economy, Industry and Competitiveness, National Cybersecurity Institute (INCIBE), and the European Commission through its H2020 SME Instrument.</li>
</ul>
<p></p>
<p> </p>
<p><img class="aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/Deepinstict-300x60.png" alt="FireCompass Emerging IT Security Vendors 2018" width="300" height="60" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/deep-instinct">Deep Instinct</a> is the first company to apply deep learning to cybersecurity. Deep learning is inspired by the brain’s ability to learn. Once a brain learns to identify an object, its identification becomes second nature. Similarly, as Deep Instinct’s artificial brain learns to detect any type of cyber threat, its prediction capabilities become instinctive. As a result, zero-day and APT attacks are detected and prevented in real-time with unmatched accuracy. Deep Instinct brings a completely new approach to cybersecurity that is proactive and predictive. Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices. </li>
</ul>
<p></p>
<p></p>
<p><img class="aligncenter wp-image-7360 size-medium align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/jask-logo-e1522830668512-300x73.jpg" alt="FireCompass Emerging IT Security Vendors 2018" width="300" height="73" /> </p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/jask">JASK</a> is headed by industry leaders from ArcSight, Carbon Black, Cylance and the counter-intelligence community, bringing together decades of experience solving real-world SOC issues. Founded to address the technology gaps that restrict security modernization efforts, JASK is revolutionizing security operations to reduce organizational risk and improve efficiency through technology consolidation, enhanced AI and machine learning. JASK is backed by Dell Technologies Capital, TenEleven Ventures, Battery Ventures and Vertical Venture Partners and is headquartered in San Francisco, California and Austin, Texas. </li>
</ul>
<p></p>
<p></p>
<p><img class="aligncenter wp-image-7344 size-medium align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/lacework_logo-620x400-e1522831214346-300x78.png" alt="FireCompass Emerging IT Security Vendors 2018" width="300" height="78" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/lacework">Lacework</a> brings automation, speed and scale to cloud security so that your security and DevOps teams can keep data and applications safe in today’s highly dynamic cloud environments. From the initial assessment of your cloud configuration for compliance, to the on-going monitoring of cloud activities for anomalies and breaches, Lacework has you covered. Our technology, Polygraph®, automatically monitors activities and behaviors of all entities deployed: applications, VMs/workloads, containers, processes, machines, users, and accounts. </li>
</ul>
<p></p>
<p></p>
<p><img class="aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/menlo-security-300x134.png" alt="FireCompass Emerging IT Security Vendors 2018" width="271" height="121" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/menlo-security">Menlo Security</a>‘s patented Isolation Platform protects organizations from cyber attack by eliminating the threat of malware. The Platform isolates and executes all Web content in the cloud, enabling users to safely interact with websites, links and documents online without compromising security. Menlo Security is trusted by some of the world’s largest enterprises, including Fortune 500 companies and financial services institutions. The company is headquartered in Menlo Park, California.</li>
</ul>
<p></p>
<p></p>
<p><img class="aligncenter size-medium wp-image-7361 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/NeuVector-logo-300x98.png" alt="" width="300" height="98" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/neuvector">NeuVector</a> is the leader in Kubernetes security and delivers the first and only multi-vector container firewall. NeuVector enables the confident deployment of enterprise-wide container strategies, across multi-cloud and on-prem environments. NeuVector delivers east-west container traffic visibility, container protection, and host security in a highly integrated, automated security solution. NeuVector customers include global leaders in financial services, healthcare and publishing, and NeuVector partners with AWS, Docker, IBM, Rancher, Red Hat, others. Founded by industry veterans from Fortinet, VMware, and Trend Micro, NeuVector has developed patent-pending behavioral learning for container security.</li>
</ul>
<p></p>
<p></p>
<p><span><img class="aligncenter size-full wp-image-7356 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/prevoty1-e1522820797230.png" alt="" width="200" height="91" /></span></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/prevoty">Prevoty</a> provides a new RASP (runtime application self-protection) capability, enabling applications to protect themselves. Unlike traditional security approaches that try to defend against hackers at the network layer, Prevoty works inside the application itself and the analysis engine is smart enough to actively prevent anything malicious from executing. Prevoty is one of the most exciting new companies in the hot security market since, in addition to providing active protection and real-time threat intelligence, the technology can dramatically reduce the time and costs associated with implementation of a secure SDLC.</li>
</ul>
<p></p>
<p> </p>
<p><img class="aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/red-canary.png" alt="red-canary.png" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/red-canary">Red Canary</a> was founded to make customers’ security better. Our Managed Detection and Response solution detects threats that bypass other security tools. We inspect every piece of activity from an organization’s systems and never burden customers with false positives. Instead, customers receive human-vetted detections that give them the intelligence and tooling they need. Red Canary empowers organizations to stop attacks before they result in breaches. For the first time, every organization now has access to the security capabilities that can defend against today’s advanced threats.</li>
</ul>
<p></p>
<div><span style="font-size:14pt;"><strong><a href="https://www.cisoplatform.com/profiles/blogs/top-7-vendors-in-cyber-threat-intelligence-market-at-rsac-2017" target="_blank">READ MORE >> Top 7 Vendors in Cyber Threat Intelligence market at RSAC 2017</a></strong></span></div>
<p> </p>
<p><img class="aligncenter size-medium wp-image-7348 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/riskrecon-logo-e1522821128164-300x60.png" alt="" width="300" height="60" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/riskrecon">RiskRecon</a> provides a SaaS platform that helps organizations more effectively manage the risk reality of increasingly interconnected IT ecosystems by delivering frequent, comprehensive and actionable security performance measurements. Using proprietary data gathering techniques, RiskRecon creates a 360-degree risk profile of an enterprise’s public IT footprint. Based on that footprint and a detailed analysis, a RiskRecon rating and report is generated providing detailed, actionable information with context. No additional analysis is required. Clients rely on RiskRecon to bring greater transparency, accountability and productivity to their vulnerability and third-party risk management processes.</li>
</ul>
<p></p>
<p> </p>
<p><img class="aligncenter size-medium wp-image-7349 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/SentinalOne-3-e1522821105175-300x63.png" alt="" width="300" height="63" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/sentinelone">SentinelOne</a> is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity. SentinelOne unifies prevention, detection, response, remediation and forensics in a single platform powered by artificial intelligence. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated integrated response and to adapt their defenses against the most advanced cyberattack. The company is recognized by Gartner as a Visionary for Endpoint Protection and has enterprise customers in North America, Europe, and Japan.</li>
</ul>
<p></p>
<p> </p>
<p><img class="aligncenter size-medium wp-image-7362 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/SignalSciences-e1522830645532-300x64.jpg" alt="" width="300" height="64" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/signal-sciences">Signal Sciences</a> Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform. Built by practitioners, for practitioners, it is the only solution that works seamlessly across any cloud and infrastructure. Signal Sciences customers include Under Armour, Etsy, Yelp/Eat 24, Datadog, WeWork and more.</li>
</ul>
<p></p>
<p> </p>
<p><img class="aligncenter size-full wp-image-7363 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/sixgill.jpg" alt="" width="200" height="200" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/sixgill">Sixgill</a> is a cyber threat intelligence company that covertly and automatically analyzes Dark Web activity detecting and preventing cyber-attacks and sensitive data leaks before they occur. Utilizing advanced algorithms, Sixgill’s cyber intelligence platform provides organizations with continuous monitoring, prioritized real time alerts and actionable intelligence. Through advanced data mining and social profiling, Sixgill examines threat actors and their patterns of behavior, identifying and predicting cyber crime and terrorist activity. Automatic monitoring of closed, open and hybrid dark-nets allows for accurate real-time targeted Dark Web intelligence.</li>
</ul>
<p></p>
<p> </p>
<p><img class="aligncenter size-full wp-image-7350 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/Stackrox-e1522821086537.png" alt="" width="112" height="100" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/stackrox">StackRox</a> helps enterprises secure their cloud-native applications at scale. StackRox is the industry’s first detection and response platform that defends containers and microservices from new threats. StackRox enables security teams to visualize the container attack surface, expose malicious activity, and stop attacker activity. It combines a new security architecture, machine learning, and protective actions to disrupt attacks in real time and limit their impact. StackRox is the choice of Global 2000 enterprises and backed by Sequoia Capital.</li>
</ul>
<p></p>
<p></p>
<p><strong><img class="aligncenter size-medium wp-image-7351 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/ThreatBook-cybersecurity-e1522821019648-300x69.png" alt="" width="300" height="69" /></strong></p>
<ul>
<li><span><a href="https://www.firecompass.com/security/vendors/threatbook">ThreatBook</a> is China’s first security threat intelligence company, dedicated to providing real-time, accurate and actionable threat intelligence to block, detect and prevent attacks. The ThreatBook team has in-depth understanding of China’s distinct cyber security landscape as well as an international perspective of the global cyber security space. ThreatBook offers a variety of SaaS-based threat intelligence products and services world widely, helps partners and customers to improve their existing detection and defense capabilities at different stage of threat attack, and enables industry customers to deal with complex, continually changing threats in a fast, accurate and cost-effective manner.</span></li>
</ul>
<p></p>
<p></p>
<p> </p>
<p><img class="aligncenter size-medium wp-image-7364 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/Threatquotient-e1522830599576-300x86.jpg" alt="" width="300" height="86" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/threatquotient">ThreatQuotient™</a> understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQ, empowers security teams with the context, customization and prioritization needed to make better decisions, accelerate detection and response and advance team collaboration. Leading global companies use ThreatQ as the cornerstone of their threat operations and management system, increasing security effectiveness and efficiency.</li>
</ul>
<p></p>
<p> </p>
<p><img class="aligncenter size-medium wp-image-7352 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/zerofox-e1522820912986-300x68.png" alt="" width="300" height="68" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/zerofox">ZeroFOX</a>, the innovator of social media & digital security, protects modern organizations from dynamic security, brand and physical risks across social, mobile, web and collaboration platforms. Using targeted data collection and artificial intelligence-based analysis, ZeroFOX protects modern organizations from targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. Recognized as a Leader in Digital Risk Monitoring by Forrester, the patented ZeroFOX SaaS platform processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, HipChat, Instagram, Reddit, Pastebin, Tumblr, YouTube, VK, mobile app stores, the deep & dark web, domains and more.</li>
</ul>
<p></p>
<p></p>
<p><img class="aligncenter wp-image-7365 align-center" src="https://www.firecompass.com/wp-content/uploads/2018/04/Zimperium-300x220.jpg" alt="" width="240" height="176" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/zimperium">Zimperium</a> is the industry leader in Mobile Threat Defense with the world’s largest deployment of mobile device sensors. Only Zimperium offers real-time, on-device protection against both known and unknown threats, enabling detection and remediation of attacks on all three levels – the device, the network and the application. Zimperium’s patented z9™ machine-learning detection engine uses artificial intelligence to power zIPS™, the world’s first mobile on-device Intrusion Prevention System app, and zIAP™, an embedded, In-App Protection SDK that delivers self-protecting iOS and Android apps as well as comprehensive app risk analysis with z3A™. Headquartered in San Francisco, Zimperium is backed by major investors including Samsung, Telstra, Sierra Ventures and Warburg Pincus.</li>
</ul>
<p></p>
<p> </p>
<p><img class="size-medium wp-image-8297 aligncenter align-center" src="https://www.firecompass.com/wp-content/uploads/2018/09/logo-yello-1-300x120.png" alt="" width="300" height="120" /></p>
<ul>
<li><a href="https://www.firecompass.com/security/vendors/dnif-product-of-netmonastery-">DNIF</a>, a product of NETMONASTERY offers solutions to the world’s most challenging cybersecurity problems. Recognized by Gartner and used by some of the well-known global companies like PwC, Vodafone and Tata, this next generation analytics platform combines Security and Big Data Analytics to provide real-time threat detection and analytics to the most critical data assets on the Internet.</li>
</ul>
<p>With over a decade of experience in threat detection systems, DNIF has one of the fastest query response times and bridges the gap between searching, processing, analyzing and visualizing data thereby enabling companies with better SOC (Security Operations Center) management.</p></div>Key Program Metrics Of Next Generation Firewall (NGFW)https://www.cisoplatform.com/profiles/blogs/key-program-metrics-of-next-generation-firewall-ngfw2019-11-29T11:00:00.000Z2019-11-29T11:00:00.000ZDenisehttps://www.cisoplatform.com/members/Denise<div><p><span>A Next-Generation Firewall (NGFW) is an integrated network platform that combines a traditional firewall with application specific granular controls to help them detect application specific attacks. They help detect attacks through application specific protocols such as HTTP, HTTPS, SMTP and so on. It also incorporates various network device filtering functionalities such as an intrusion prevention system (IPS), Web filtering and Email security. They also features functionalities such as centralized management, SSL interception, VPN’s, Virtualized deployment, QoS/bandwidth management, Gateway antivirus and Third-party integration (i.e. Active Directory).</span></p><p><span>To understand the difference between NGFW & UTMs Please go through the blog titled “<a href="http://www.slideshare.net/andrewplato/utm-vs-ngfw-a-single-shade-of-gray"><strong>UTM vs NGFW – A Single Shade of Gray</strong></a><strong>” </strong>in the <strong>Blog</strong> section.</span></p><h3><span><strong>Key Program Metrics : </strong></span></h3><div><strong>% of application attacks blocked in a predefined period :</strong></div><div class="margin-left-15"><p><span>Percentage of server application attacks blocked by the firewall. This can be helpful in tweaking the rule-sets to prevent future attacks</span></p></div><div class="margin-left-15"><p><span><strong># redundant rules :</strong></span><br /> <span>These are the rules that are masked, completely or partially, by other rules that are either placed higher up in the rule base. they add to the inefficiency and must be detected and removed subsequently</span></p></div><div class="margin-left-15"><p><span><strong># of exception in rules :</strong></span><br /> <span>These are the exceptional cases where a rule is created temporarily to cater to the particular business need. care should be taken that all such rules are removed as soon as they are expired.</span></p></div><div class="margin-left-15"><p><span><strong># rules with permissive services :</strong></span><br /> <span>Permissive services give more access then is needed to the destination by allowing additional services. The most common examples of this are rules with “ANY ” in the service field. These kind of rules should be minimized</span></p></div><div class="margin-left-15"><p><span><strong># rules with risky services :</strong></span><br /> <span>Services such as telnet, ftp, snmp, pop etc. are risky because they usually credentials to be passed in plain text. Any service that exposes sensitive data or allows for shell access should be tightly monitored and controlled.</span></p></div><div class="margin-left-15"><p><span><strong># rules with no documentation :</strong></span><br /> <span>Firewall rules should be documented. Rules should be explained in detail, business case is described. Any rule change shall be according to proper change ticket.</span></p></div><div class="margin-left-15"><p><span><strong># rules with no logging :</strong></span><br /> <span>Firewall logs are useful for troubleshooting and forensics. It is very imperative that firewall logging hould be enabled and logs are leveraged for proper firewall management</span></p></div><p><span>Do let me know if you want us to add or modify above information.</span></p><p><span>Check out the</span> <a href="https://www.firecompass.com/security/market/next-generation-firewall-ngfw">Next Generation Firewall</a> <span>market within </span><span>Product comparison platform to get more information on these markets</span></p><p></p><div><span style="font-size:14pt;"><strong><a href="https://www.cisoplatform.com/profiles/blogs/risks-of-shadow-it-in-financial-services-firms" target="_blank">READ MORE >> Risks of Shadow IT in Financial Services Firms</a></strong></span></div><p></p></div>Understanding Shadow IT Risk for OT Departmentshttps://www.cisoplatform.com/profiles/blogs/understanding-shadow-it-risk-for-ot-departments2019-12-18T04:00:00.000Z2019-12-18T04:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p></p>
<p><span>Here we will explore the Shadow IT Risks for OT Departments. Operations Technology groups can be an integral part of important business functions like production, maintenance and more. This means there are a lot of IT related functions which can be handled by the OT department members in terms of functionality. However, not involving the IT department could mean these IT functions could cause potential security concerns. The OT department member might not be aware of the exact way of handling the IT function like a professional IT member can. Easy attack vectors like servers, insecure IoT devices can pose as common security threats.</span></p>
<p><span>Shadow IT has been an increasing trend in the LoB departments. According to a C-space report, LoB managers spent more than 30% of their time making IT decisions. A likely reason is, it’s faster to get things done sometimes without going through an IT department who already are bandwidth constrained. With the rise of high-tech industrial equipments, the dependence on IT related operations increase. According to an IDC report, it predicts IoT spending will reach $1.1 trillion in 2021. This is really placing a higher demand on IT functions, thus needing IT guys in the OT departments.</span></p>
<p><span><b>What’s The Problem?</b></span></p>
<p><span>In short, OT Department is responsible for major functions in the organization and doesn’t necessarily coordinate with the IT department for all IT needs. The enormous small activities get work done faster but this ends in orphaned assets and various other vulnerabilities that the OT department person didn’t have the skills to handle.</span></p>
<p><span><b>Possible Mitigation Strategies</b></span></p>
<ul>
<li><strong><span>Stricter IT Policy</span></strong></li>
</ul>
<p><span>Stricter IT policy for connected OT systems could be a solution. However, there are implementation challenges. The OT department may not deem it necessary to contact the IT. OT Department has the responsibilities of production, maintenance and thus like might to retain the authorities here. The IT may have to enforce more severe actions.</span></p>
<p><span>The IT concerns may be well founded based on the trending reports. According to a Gartner report, it predicts by 2020, IoT will be involved in more than 25 percent of known enterprise security attacks.</span></p>
<p><span>The OT-IT convergence and departmental cooperation seems like a healthy balance to lower costs, increase efficiencies and minimize Shadow IT.</span></p>
<ul>
<li><strong><span>Using Third Party Vendors With Integrated Solutions And Converged Skills (OT-IT)</span></strong></li>
</ul>
<p><span>These parties can have a set of understanding on both departmental skills (major ones), thus bringing in great flexibility. Advanced OT technologies can be complicated in terms of implementation. This third party adds in a pool of skill resources which are transferable between the OT and the IT departments.</span></p>
<ul>
<li><strong><span>Continuous IT – OT Asset & Risk Identification</span></strong></li>
</ul>
<p><span>Various tools like Shodan can help in achieving this. The continuous tracking /risk identification of all IT – OT (inter-department) assets can help. The IT department can then formulate their policy to meet the needs of the OT department and even formulate training programs for the simple requirements empowering OT department.</span></p>
<p><strong><span>Reference :</span></strong></p>
<p><span><a href="https://www.hpe.com/us/en/insights/articles/why-shadow-it-is-a-risky-bet-for-ot-departments-1803.html#">https://www.hpe.com/us/en/insights/articles/why-shadow-it-is-a-risky-bet-for-ot-departments-1803.html#</a></span></p>
<div class="firec-it-grc-ad" id="firec-1762349284"><p> </p>
<div><span style="font-size:14pt;"><strong><a href="https://www.cisoplatform.com/profiles/blogs/key-program-metrics-of-vulnerability-assessment" target="_blank">READ MORE >> Key Program Metrics of Vulnerability Assessment</a></strong></span></div>
</div></div>Third-Parties: Risks & Threats Associated With Themhttps://www.cisoplatform.com/profiles/blogs/third-parties-risks-threats-associated-with-them2019-12-18T04:30:00.000Z2019-12-18T04:30:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p class="entry-title"></p>
<p class="entry-title"><span>Third-Party risks are more as the Third-Party breaches continue to dominate and these breaches are expensive to organizations. Third-parties are those companies that you directly work with such as data management companies, law firms, e-mail providers, web hosting companies, subsidiaries, vendors, sub-contractors. Third-Parties are basically any organization, whose employees or systems have access to your systems/ data. However, third-party cyber risk is not limited to these companies. Any external software/ hardware that you use for your business also poses a cyber risk. Sometimes the JavaScript that is added to your website, for analytics, may cause a breach by exposing the information of people who visits your website. Recent hacks like CCleaner in 2017 exposed backdoors to well-known software have confirmed that the definition of third-party should not be limited to only the companies that you directly work with. IoT devices can even be considered as a third-party and can be source of a breach.</span></p>
<p></p>
<div class="entry-content"><p><span>According to survey conducted by Deloitte in 2016, 87%of organizations have experienced disruptive incidents with the Third-Parties they have worked with. Another research done by Soha Systems found out that around 63% of breaches are because of Third-Parties.</span></p>
<p></p>
<p><span><strong>Sources:</strong></span></p>
<p><span style="font-size:10pt;"><strong><a href="https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html">https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-</a><a href="https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html">century.html</a></strong></span></p>
<p><span style="font-size:10pt;"><strong><a href="https://www.normshield.com/2018-guide-to-select-3rd-party-cyber-risk-assessment-tool/">https://www.normshield.com/2018-guide-to-select-3rd-party-cyber-risk-assessment-tool/</a></strong></span></p>
<p><span><strong>How to Assess Third-party Risks:</strong></span></p>
<p><span>Many Companies don’t conduct any assessment of the risk of Third-Parties, or sometimes they use age old questionnaire methodology like sending a lot of questions for Third-Parties to answer. Firstly, the questionnaire-based approach is very time consuming. Though there are so many online tools that simplify the process, but the answers got from questionnaire approach were not that reliable. Even if you continue with the assumption that all the questions answered by Third-Parties are correct to gather results quickly, there might be some cyber risks which are invisible to Third-Parties. These types of invisible risks can be detected by gathering cyber threat intelligence and by risk evaluation which companies like FireShadows can help.</span></p>
<p><span>Fortunately, there are platforms like FireShadows that gather third-party cyber risk data and provide a risk score or security rating for companies. The information gathering is done by a method called “passive scan” where non-intrusive methods are used, and company assets remain untouched. It is basically a hacker’s view of the Third-Parties external cyber risk. The OSINT (Open-Source Intelligence) data is collected from many feeds such as reputation services, hacker sites/forums, vulnerability databases, Internet-wide scanners, social media, paste sites, black markets, underground forums, etc. Information gathering should be done for the company of interest and any related third-party company.</span></p>
<p></p>
</div>
<div><span style="font-size:14pt;"><strong><a href="https://www.cisoplatform.com/profiles/blogs/20-emerging-it-security-vendors-to-look-out-for-in-rsa-conference" target="_blank">READ MORE >> 20 Emerging IT Security Vendors to Look Out for in RSA Conference 2018, USA</a></strong></span></div></div>