Comprehensive software reviews to make better IT decisions
RiskSense Releases a Unified Infrastructure Security Risk Management Program
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The platform harmonizes threat analysis, risk scoring, and prioritization of vulnerabilities across your entire network. The main draw of RiskSense’s program is its holistic risk calculation across Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) entries. This approach is in contrast to other risk management suites that often provide separate views of infrastructure and application vulnerabilities.
RiskSense is hoping to enable clients to assess their security risks holistically rather than in a piecemeal manner. This allows clients to decrease their exposure and consider the most cost-effective methods. RiskSense aggregates all of the data from multiple sources such as static and dynamic application security testing (SAST and DAST), open source software (OSS), containers, penetration tests, and bug bounty programs to achieve their holistic vision. This gives RiskSense users the ability to identify and fix vulnerabilities in their attack surface, however the construction of their code, or infrastructure point. With the OWASP top 10 and CWE top 25 most dangerous software errors presented to improve developer knowledge and productivity, RiskSense’s application boasts a well-informed and tactical approach to vulnerability management.
RiskSense’s newest solution is available immediately for public consumption.
RiskSense takes the application data to include CVE and CWE considerations. When used in tandem with RiskSense’s Vulnerability Risk Rating (VRR) system, RiskSense delivers a high-fidelity risk prioritization option for enterprises. The RiskSense dashboard also gives developers and DevOps staff a global overview of vulnerabilities with additional drill-down functionality for even greater insight into the organization’s risk ecosystem. With interdisciplinary ticketing support for remediation assignment and step-by-step validation, RiskSense gives InfoSec teams the ability to know what to do next.
Want to Know More?
Prioritization to Prediction: Volume 5: In Search of Assets at Risk
Your Internet Secret Service, Otherwise Known as External Attack Surface Management (EASM)
Have you ever thought of what else you could do to take your security operations center (SOC) to the next level and focus on prevention? Look no further – external attack surface management (EASM) was a popular managed service and topic of discussion at Rivest–Shamir–Adleman (RSA) Conference 2023, named after a popular public-key cryptosystem.
Twilio Breach and Cloud Security
By exploiting a five-year-old configuration error, a hacker was able to access Amazon’s S3 cloud storage buckets on which Twilio’s code was loaded. As a result, customers were able to unknowingly download the modified code for twenty-four hours.
Qualys and Ivanti Partnership Boasts an Incredibly Robust Vulnerability Management Platform
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
Remote Work Landscape Pushes Microsoft to Releases Endpoint DLP and Double Key Encryption Features for Added Data Security
Microsoft recently previewed the specific features to tackle data security and risk management for end users with Microsoft Endpoint Data Loss Prevention (DLP) and Double Key Encryption. The reason for the launch? The increasing shift towards a remote work environment and a need to mitigate the accompanying risks.
IBM Raises Price on Software Support; Shoves Customers Toward the Cloud
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
DeviceLock Acquired by Cyberprotection Vendor Acronis
To bolster and broaden its data privacy capabilities for end users, cyber and data protection vendor Acronis has acquired DLP player DeviceLock. The acquisition aligns with the increasingly prevalent role that data privacy plays in cybersecurity.
Address the Root of Your Vulnerabilities in a Resource-Tight Period
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
CORL Technologies Launches Its Vendor Risk Management Resource Center
Navigating the vendor risk management space, particularly in the current environment that consists of a mix of cloud, managed services, and critical supply chain, is key to ensuring that you don’t inadvertently introduce new risks through this dynamic channel.
Kenna Security Releases Tool for the Custom Benchmarking of Vulnerability Management Programs
On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.