Connect with us

Artificial Intelligence

Bugcrowd Launches Continuous Penetration Testing with AI

Published

on

Bugcrowd has announced the availability of its Continuous Attack Surface Penetration Testing (CASPT) solution on the Bugcrowd Platform. This solution provides customers with a proactive security approach to continuously meet compliance goals and reduce their external risk asset exposure.

Continuous Attack Surface Penetration Testing (CASPT) is designed for customers with an evolving attack surface that only do pentesting once or twice a year, leaving “assets in motion” and at risk for new threat exposure, while being unprepared to address it immediately. With CASPT, users can run a baseline test and then share incremental changes about new and updated assets or threats with a curated team for testing as soon as changes are detected.

Fewer than 10% of organizations have full visibility into their evolving attack surface, yet nearly 70% have been compromised through an unknown or poorly managed asset – which suggests that adversaries know more about their attack surface than their defenders do. Organizations need to understand ongoing risk across all digital assets “in motion” before attackers can exploit them.

CASPT is enabled by Bugcrowd’s recent acquisition of Informer, a leading provider of external attack surface management (EASM) and continuous penetration testing. This integration combines detailed asset data acquired through EASM with the massive amount of vulnerability information Bugcrowd has processed in the past twelve years to create new and unique value for customers and hackers alike on the platform. Bugcrowd customers with managed bug bounty engagements will gain the ability to manually or dynamically update scope to account for new and updated assets. They can also kick off a new pentest or bug bounty engagement for specific assets directly from their EASM dashboards.

“Our long-term vision for our platform is to continuously give customers proactive, data-driven insights and recommendations so that they have eyes on their attack surface better than their adversaries do,” said Dave Gerry, Chief Executive Officer of Bugcrowd. “At the same time, our goal is to help the brilliant hackers on our platform acquire more skills and earn more rewards by matching them with engagements that precisely reflect their interests and experience. Our ability to bring rich EASM data into the Bugcrowd platform is an important milestone in this journey and we’re excited for what’s to come.”

Bugcrowd offers a unified platform for EASM, EASM-enriched penetration testing, and EASM-enriched crowdsourced testing. Standalone EASM providers, crowdsourcing providers, and traditional pen-test providers provide pieces of the solution, but none provide a complete one.

“Attack surfaces are not static – they are constantly expanding and shifting due to shadow IT, cloud adoption, multinational organizations, and M&A, making the manual tracking of digital assets an ongoing challenge,” said Julian Brownlow Davies, Vice President of Advanced Services at Bugcrowd. “Continuous Attack Surface Pen Testing provides customers with a uniquely high level of assurance that both compliance and risk reduction goals are being met, continuously. Our mission is to be a trusted partner providing proactive, data-driven insights that will arm them with what they need to defend their organizations.”

Artificial Intelligence

Cloudera to Host Data and AI Event EVOLVE24 in Dubai

Published

on

Cloudera, the hybrid platform for data, analytics, and AI, is hosting a data and AI conference in Dubai. The EVOLVE24 event will gather industry leaders, customers, and partners to uncover strategies to enhance data-driven insights and productivity in the era of generative AI.

Through a series of breakout sessions, keynote speakers, and hands-on workshops, EVOLVE24 attendees will learn about the value of modern data architecture, the benefits of a true hybrid cloud, and how the combination can accelerate enterprise AI. Sponsored by IBM, Amazon Web Services (AWS), and Red Hat, the events will include customer sessions focused on the challenges and barriers of enterprise AI adoption, the benefits of hybrid data management, and the state of data infrastructures.

Cloudera’s EVOLVE24 Dubai is a platform for real-world insights and practical applications. Keynote sessions will feature senior executives from Cloudera, including CEO Charles Sansbury, Chief Revenue Officer Frank O’Dowd, and Chief Strategy Officer Abhas Ricky, who will be joined by leading voices from across various industries, including financial services, telecommunications, and manufacturing.

“EVOLVE24 is one the world’s most comprehensive data and AI event series, providing organizations with hands-on training and one-to-one access with Cloudera experts,” said Charles Sansbury, CEO of Cloudera. “By turning EVOLVE24 into a multi-day, multi-city global conference, Cloudera is bringing the power of our platform and our community directly to our customers around the world. This is a unique opportunity to collaborate and network with some of the leading experts in data management, analytics, and AI.”

With 25+ exabytes of data under management, Cloudera is a hybrid open data lakehouse for analytics and AI. By organizing and managing large volumes of data efficiently and securely, Cloudera says it enables companies to harness the power of their data, trust its accuracy, and rely on it for analysis and AI-powered decision-making.

Continue Reading

Artificial Intelligence

SentinelOne and Google Cloud Join Forces for AI Cyber Defense

Published

on

SentinelOne has said that it is proud to be a strategic endpoint vendor for Mandiant Consulting. Building on this strong partnership, SentinelOne and Google Cloud are now enhancing their collaboration to enable stronger enterprise cyber defence. By integrating SentinelOne’s advanced AI-driven autonomous endpoint protection with Google Cloud’s extensive threat intelligence, the strategic partnership enables customers to strengthen their security posture.

“To help our customers reduce the business impact of cyber threats and keep today’s modern IT environments safe, Google Cloud partners with fellow market leaders to deliver highly adaptable and intelligence-led solutions,” said Sandra Joyce, Vice President, Google Threat Intelligence. “SentinelOne brings an advanced cybersecurity platform for continued delivery and integrations into Google threat intelligence and related services. By expanding our strategic alliance, we can deliver dynamic telemetry and generative AI capabilities that drive stronger security outcomes.”

This announcement marks a new phase of the strategic partnership between SentinelOne and Google Cloud. Building on the success of this initial integration, the companies will jointly share telemetry data to provide the most comprehensive security insights, empowering organizations to harden their posture and protect against the latest threats. SentinelOne will also use this data with Google Gemini 1.5 Pro and Flash models to further enhance the autonomous capabilities of its Purple AI and Singularity Platform.

“Google Cloud is a leader in online security, setting the benchmark for delivering highly secure online services at an unprecedented scale,” said Ric Smith, Chief Technology and Product Officer of SentinelOne. “Google Cloud and SentinelOne share a security-first mindset, and in deepening our collaboration, we’re fusing the best security and threat intelligence services with the most advanced AI-based protection platform to deliver infinite-scale cybersecurity at machine speed. This brings Google Cloud’s intelligence to SentinelOne customers and SentinelOne’s best-of-breed endpoint protection to Mandiant’s managed security services.”

Continue Reading

Artificial Intelligence

Zero Trust: SANS Unveils Critical Challenges and Solutions

Published

on

As organizations continue to fortify their cybersecurity strategies in response to an ever-evolving threat landscape, many are turning to Zero Trust architectures to safeguard their data. However, implementing Zero Trust is not without its challenges. According to a new strategy guide from the SANS Institute, “Navigating the Path to a State of Zero Trust in 2024,” businesses often stumble over key obstacles in their journey towards Zero Trust adoption.

“The path to achieving a true state of Zero Trust isn’t straightforward. Organizations often encounter several fundamental challenges when attempting to implement end-to-end Zero Trust principles across their environment,” said Ismael Valenzuela, SANS Senior Instructor and author of the Cyber Defense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture and Engineering. “By understanding and addressing these common mistakes, businesses can make better strategic and tactical decisions and increase their resiliency in the face of evolving threats.”

SANS Institute identified the top five mistakes made when implementing Zero Trust:

  1. Overlooking the Importance of Organizational Culture: Zero Trust is more than just a technological shift; it requires a fundamental change in organizational culture. Chief Information Security Officers (CISOs) must align security with strategic, operational, and financial priorities. As the strategy guide states, “Effective security is driven by people, processes, and technology.” Failure to secure stakeholder buy-in from the outset can doom Zero Trust initiatives to fail.
  2. Underestimating Human Risk: Employee error and negligence account for over 80% of data breaches. Hybrid work environments blur the lines between personal and professional spaces, increasing the complexity of monitoring user activity. “A Zero Trust architecture is an important line of defence against human risk,” the strategy guide emphasizes. Organizations must implement continuous monitoring and real-time assessment of user behaviour to mitigate these risks.
  3. Neglecting the Supply Chain: Recent high-profile supply chain attacks have underscored the vulnerabilities within interconnected systems. According to Gartner, by 2025, 45% of organizations worldwide will have experienced attacks on their supply chains. Zero Trust principles help limit the impact of these breaches by ensuring continuous verification and deeper visibility into user activity.
  4. Failing to Plan for Sustainable Success: Implementing Zero Trust is a long-term commitment that requires continuous improvement and adaptation. The SANS strategy guide highlights the importance of effective change management practices: “Effective change management ensures stakeholder buy-in, facilitates user adoption, minimizes disruption, promotes continuous improvement, and enhances collaboration.”
  5. Inadequate Measurement of Success: Measuring the effectiveness of a Zero Trust framework is crucial for maintaining stakeholder support. The guide suggests several metrics, including authentication success rates, policy compliance rates, and the time to detect and respond to incidents. These metrics provide a clear picture of the framework’s impact and highlight areas for improvement.

“Adopting the Zero Trust ‘never trust, always verify’ mindset is essential for modern cybersecurity,” said Valenzuela. “However, the real challenge lies in having a realistic understanding of what a Zero Trust architecture looks like and avoiding common pitfalls during implementation. From cultural shifts to technical deployments, this offers vital guidance to help organizations successfully navigate the complexities of Zero Trust and enhance their cybersecurity resilience.”

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.