Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

5 Things a Security Manager Should Check Every Morning

As a security manager, you have a wide variety of tasks you need to complete in order to protect your organization — as well as your employee and customer data. Of course, some of these responsibilities are performed on a quarterly or yearly basis, such as gathering information for audits or conducting annual assessments. But there are certain tasks that you should be completing daily in order to maintain the desired security posture and reduce cyber risk across your expanding attack surface.

New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)

Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP), a legacy Internet protocol. Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it one of the largest amplification attacks ever reported.

5 Common Vulnerabilities Associated With Remote Access

After COVID, enterprise IT security got turned on its head. As the world adjusted to working from home, and continues to, IT teams worked overtime to enable remote access for millions of employees. This transition has gone smoothly for most organizations, but many security gaps still remain years later. The SolarWinds data breach is a worrying example. It shows how vulnerable organizations are to malicious activity in our changing risk environment.

Remediate Zero Day Events with Third-Party Vulnerability Detection & Response

When a major security event like SolarWinds or Log4j happens, how do you assess the impact across your third-party supply chain? Most organizations struggle to effectively react to zero day attacks and other critical vulnerabilities at scale, often following manual and cumbersome workflows. But our latest capability is here to change that.

Bitsight Partners with Moody's Analytics-Incorporating Cyber Analytics into Its Leading Integrated Risk Products

A recent study found that financially material cyber attacks are increasing in frequency and that the top 5% of such attacks lead to an average $52M in losses. As these types of cyber attacks become more frequent and more severe, it has become increasingly critical for risk managers outside of enterprise security functions —such as compliance and credit officers—to consider cybersecurity risk in their assessment of customers, suppliers and investments.

Bitsight Updates Ratings Algorithm to Reflect Changes in Attack Dynamics

Today we are announcing updates to the Bitsight ratings algorithm. Bitsight is committed to creating the most meaningful, trustworthy, and actionable security ratings and analytics in the marketplace. As part of this commitment, we periodically make updates to our ratings algorithm based on new data observations and capabilities, internal and external research, and market feedback. For this year’s update, we have made several adjustments, including modifying the weights of several risk vectors.

An Evolved Bitsight Starts Today as We Expand into Integrated Cyber Risk Management

In 2011, Bitsight invented the security ratings industry. As the market leader, we are still the standard in how organizations quantify, manage, and monitor cyber risk. Today, that universal metric is used by entities from national governments to global enterprises to Fortune 500 companies to interpret cyber risk. And now, we’re disrupting the industry once again. Waves of change are constantly disrupting companies of all sizes around the world, particularly when it comes to cybersecurity.

How to Improve Your SOC's Cyber Vulnerability Awareness

The cybersecurity threat landscape is rapidly evolving as cloud computing, the Internet of Things (IoT), mobile devices, and remote work become more widely adopted. As a result, Security Operations Center (SOC) teams are increasingly overwhelmed. In addition to responding to cyber threats, teams must continuously identify emerging vulnerabilities and move quickly to apply and test patches and updates. A failure to do so significantly increases cyber risk. Consider the statistics.

BitSight & RSA 2023: How Security Leaders Are Preparing for the "New Era" of Cybersecurity Disclosure

In response to the growing number of cyber incidents, policymakers and regulators around the world are creating new cybersecurity requirements for companies to comply with, including mandates to disclose cyber risks and incidents. For example, new cyber risk disclosure requirements from the U.S. Securities and Exchange Commission (SEC) are anticipated to be adopted in 2023 and would have a major impact on corporate cybersecurity initiatives.

What is Mobile Application Protection and How To Enforce It

With the rise of remote work and shadow IT, more devices and apps (both sanctioned and unsanctioned) are connecting to your organization’s network. Today, there are approximately five million mobile apps currently in circulation: approximately three million for Android and two million for iOS. That’s great for productivity, but less than ideal when it comes to security.