Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ivanti EPM Cloud Services Appliance - Taking advantage of a backdoor to detect a vulnerability

At Bitsight, part of the Vulnerability Research team's core work involves analyzing vulnerabilities in order to create detection capabilities that can be implemented on an Internet-wide scale.

The Race to Secure Operational Technologies is On

Whether it's because industrial control systems remain quite vulnerable to attacks, or because these systems manage valuable physical resources and uptime is essential—or a bit of both—attackers are increasingly targeting operational technology (OT) and industrial control systems (ICS).

How Cyber Risk Ratings Platforms Have Evolved - And Why Bitsight is a Leader

Bitsight was named a Leader in The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024 for a third consecutive time. Click here to download The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024. We are incredibly proud to be highlighted as a Leader, and our placement in this report is validation of our ongoing effort to help risk and security leaders identify exposure, prioritize investment, communicate with stakeholders, and mitigate risk.

Analyzing Utilities Sector Cybersecurity Performance

With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?

How Cybersecurity Financial Quantification Helps CISOs Make Their Case to the Board

More enterprise business leaders are beginning to understand that cybersecurity risk equates to business risk—and getting a clearer sense of the impact that cyber exposures can have on the bottom line. Consider the MGM Resorts and Clorox Company cybersecurity incidents that occurred last year. Both suffered considerable attacks, reportedly led by the Scattered Spider cybercriminal group, causing widespread business disruption and substantial financial losses.

How to Talk to The Board About Exposure

Exposure management tooling can act as an excellent source of truth for cybersecurity leaders as they communicate risk up to the board level. The visibility and data streaming from exposure management solutions makes it easier for CISOs to track security performance over time, quantify improvements in security maturity levels, establish better financial quantification of cyber risk and ensure the organization's exposure levels match up with industry averages.

Enabling More Precise Evaluation of Email Security with DMARC

Email is a well-known and widely used attack vector for malware distribution, phishing, and many other types of threats. For this reason, we evaluate certain email security practices as part of the Diligence category of risk vectors used to calculate Bitsight Security Ratings. On April 30, 2024, we added a new email security evaluation focused on the use of Domain-based Message Authentication, Reporting, and Conformance (DMARC) records.

How Exposure Visibility Turbo Charges Strategic Security Prioritization

One of the biggest benefits that an exposure management program can afford a security program is the power of risk-informed prioritization. When security leaders think of tooling like attack surface management (ASM) platforms, the most evident prioritization benefits come in the day-to-day tactical decisions of which threats and which exposures to have SecOps practitioners tackle first.