About Us

Vicarius Launched Nmap Scan Analysis to Identify High-risk Assets

Vicarius Nmap Scan Analysis is the most versatile tool for port scanning, network discovery, and security auditing. Nmap helps security and IT professionals determine which hosts are available, what services they offer, what operating systems are in use, and what software versions are installed on each host. Vicarius is offering Nmap Scan Analysis services for free to help security professionals, IT administrators, and pen-testers who use Nmap with vulnerability assessment, prioritization, and remediation.

Michael Assraf, CEO of Vicarius stated, “We’ve long believed in the value of open-source projects and the community that supports them. This is an exciting way for us to give back and contribute to the Nmap legacy. With our integrated analysis, we are putting more resources and sound decision making in the hands of system and network administrators and leading the way for democratizing security tools.”

Nmap is praised by network administrators for its pace, flexibility, and performance. The scan results can be difficult to interpret, particularly as the network’s scope grows. Vicarius hopes to enhance what is already one of the most valued resources in the security community by providing comprehensive data visualization.

Users can import an XML file of a Nmap scan result directly into the Vicarius TOPIA dashboard using Nmap Scan Analysis. Following the completion of the analysis, users are presented with a comprehensive and visually coherent interpretation of their results, which includes open ports, services, operating systems, and detected CVEs. The tool is available for free on the company’s website.

Vicarius has made its Nmap scripts available to the public via its Github repository. Vicarius engineers will push code updates and new features directly to the open-source project, ensuring that enhancements are always available. Nmap users can expect improved precision, dynamically updated CVE content, and daily CVE updates. The company has also set up a Research Center, which offers free and unlimited access to the world’s CVE database, as well as information on vulnerable apps and operating systems.

Read more articles:

Integrated Risk Management Platforms – All You Need to Know

LexisNexis Announced LexisNexis AmplifyId to Boost Identity Management

LexisNexis AmplifyID improves identity management across critical agency tasks, from benefits access to beneficiary enrolment. AmplifyID is a reliable and secure platform, and it offers improved coordination of services, fraud prevention, program integrity, policy comprehension, and decision-making. 

LexisNexis Risk Solutions developed the LexisNexis AmplifyID platform to help federal, state, and local governments ensure equitable access and fraud prevention. A comprehensive understanding of the individuals and families served by public benefits programs is required. The government agencies are tasked to balance user-friendly access to critical services quickly and accurately while maintaining privacy, security, and fraud mitigation.

Haywood Talcove, CEO Government, LexisNexis Risk Solutions said, “In our communities, successful outcomes are driven by connection not division. Data is no different. Silos are purpose-built for grain, not people. Eliminating the huge backlog agencies are facing in unemployment insurance distribution is just one of the ways this new solution will prove invaluable for government agencies. The power of AmplifyID to create cross-agency visibility, coordination, and trust is truly innovative and we are incredibly excited by the potential of this person-centered platform to bring agencies and people together.”

The AmplifyID platform combines government program data with unique identifying information to produce person-centred analytics and visualizations that help government decision making. The result is a best-in-class identity view tailored to government agencies looking to modernize and scale their approach to helping underserved populations. AmplifyID is a module-based platform that addresses government identity concerns with its two significant services LexisNexis AmplifyID Identity Risk Navigator and LexisNexis AmplifyID Master Person Index.

AmplifyID Master Person Index provides a consistent view of an individual to government agencies, allowing for data sharing and care coordination across programs. It also gives government organizations the ability to comprehend important identity insights, such as regularly updated contact and demographic data, as well as clinically proven socioeconomic determinants of health.

AmplifyID Identity Risk Navigator increases fraud protection by combining and integrating data from different sources, including internal agency information and donated identity intelligence from throughout the government, to guard against the full range of existing and emerging identity fraud threats. The importance of shared intelligence cannot be overstated. It provides authorities with a much more comprehensive view of known fraudulent identities, habits, and fraud schemes. The advantages of such scrutiny are substantial.

Read more articles:

Identity and Access Management – All You Need to Know

Enterprise Fraud Management – An Overview

BitSight and Marsh McLennan Joined forces to Strengthen Organizations’ Cybersecurity Performance

BitSight, the security ratings company and Marsh McLennan, the world’s leading professional services company in the categories of risk, strategy, and people, signed a collaboration to help businesses better understand, evaluate, and manage their cyber risks.

The recently launched Marsh McLennan Cyber Risk Analytics Center will use BitSight Security Ratings, data, and analytics to help customers better understand their cybersecurity performance by making more educated risk management decisions. Clients who have access to BitSight may obtain this information quickly, detect potential risks, and implement mitigation techniques. The two companies will also work on joint research and analysis, combining their widely renowned perspectives.

The importance of cybersecurity performance management cannot be overestimated, given the worrying rise in cybersecurity incidents. BitSight Security Ratings are the most extensively used and recognized cyber risk ratings in the market and the only solution that has been independently validated to correlate with data breach risk.

“2021 is shaping up to be one of the most challenging years for cyber risk on record, and we continue to hear from clients that cybersecurity is among their most urgent risk concerns. By collaborating with BitSight, we are providing clients with more data-driven insights to better manage risk in an increasingly difficult cybersecurity landscape,” said Scott Stransky, Head of the Marsh McLennan Cyber Risk Analytics Center.

“Cyber insurance brokers now play a critical role in helping their clients actively manage cyber risk. This marks an exciting opportunity to share our cyber risk data and expertise to help Marsh McLennan counsel their clients on reducing risk of cyber exposure. This collaboration builds on BitSight’s previous work to bring universal understanding to cyber risk, and further validates BitSight’s position as the trusted industry standard in cybersecurity ratings and analytics,” said Stephanie Snyder Frenier, vice president and general manager, insurance at BitSight.

Moody’s partner BitSight with an investment of $250 million to create integrated cybersecurity risk platform

Moody’s Corporation and BitSight announced a significant investment by Moody’s, further enhancing BitSight’s offerings and capabilities, to create a comprehensive, integrated, industry-leading cybersecurity risk platform. Moody’s will invest $250 million in BitSight. This transaction reflects the increasing strategic, financial, and operational impact of cyber risk to organizations and markets.

BitSight, a leader in cybersecurity ratings, and BitSight will acquire VisibleRisk, a cyber risk ratings joint venture founded by Moody’s and Team8, a worldwide venture organization, as part of the announced transaction.

BitSight helps global market participants understand cyber risk through ratings, analytics, and performance management tools, delivering unique insights for over 2,300 global customers, including many Fortune 500 companies, government agencies, insurers, and asset managers. Moody’s will leverage BitSight’s extensive cyber risk data and research across its growing suite of integrated risk assessment product offerings. BitSight’s acquisition of VisibleRisk adds a unique in-depth cyber risk assessment capability and advances its ability to analyze and calculate an organization’s financial exposure to cyber risk. BitSight is valued at $2.4 billion in this deal, indicating the company’s leadership in a growing data and analytics sector.

“As organizations invest in cyber defense and resilience, another critical need has emerged: the ability to accurately measure and quantify cyber risk and exposure. Creating transparency and enabling trust is at the core of Moody’s mission – to help organizations assess complex, interconnected risks and make more informed decisions. BitSight is the leader in the cybersecurity ratings space, and together we will help market participants across disciplines better understand, measure, and manage their cyber risks and translate that to the risk of financial loss,” said Rob Fauber, President and Chief Executive Officer of Moody’s.

“Cybersecurity is one of the biggest threats to global commerce in the 21st century. Our partnership with Moody’s and acquisition of VisibleRisk expands our reach to help customers manage cyber risk in an increasingly digital world,” said Steve Harvey, President and Chief Executive Officer of BitSight.

SecurityScorecard forms Partnership with Tenable to Deliver Complete Cyber Risk Monitoring

SecurityScorecard, the leading security ratings firm, formed a partnership with Tenable, the Cyber Exposure company, to provide a holistic view of a company’s risk posture by combining Tenable’s  visibility and depth of analytics into enterprise networks with SecurityScorecard’s external cyber monitoring. CISOs, IT directors, and security teams can now examine their SecurityScorecard rating, evaluate their external cybersecurity health, and analyze their risk posture from within the Tenable Lumin dashboard as a result of this partnership.

“Understanding your up-to-date risk posture has become a necessity in a world that’s increasingly more complex, dynamic and transient. We’re excited to partner with SecurityScorecard to give customers complete visibility into the risks that exist inside and outside their environment, and guidance for how to most effectively reduce that risk, all in a single platform,” said Ray Komar, vice president of technical alliances, Tenable.

Cybersecurity testing processes that are performed on a one-time or periodic basis have become obsolete. Today’s cyber threats vary by the minute, so businesses need a solution that can keep up with the fast-paced nature of cybersecurity by continuously monitoring for vulnerabilities and assessing the security posture and cyber resilience of the entire organization.

“Organizations must be proactive to address cyber breaches, and security ratings are the foundation to measuring and understanding security resilience in real time. “Together, SecurityScorecard and Tenable are advancing a new standard for continuous monitoring by blending external and internal risk assessments, which provide organizations with a holistic view into the risks that exist in their environments,” says Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard.

Tenable Lumin’s strong analytical capabilities for risk assessment are combined with SecurityScorecard’s real-time visibility of external vulnerabilities in this integration. Clients of Tenable Lumin may now use real-time updates to construct external risk management and threat detection playbooks, enabling them to properly identify and respond to threats and risks.

Black Kite Introduced Aviator Partner Program to Expand Deployment Cyber Risk Ratings Solutions

Black Kite launched the Black Kite Aviator partner program. Black kite is a recognized cyber risk ratings firm. Aviator allows IT solutions providers to expand their cyber risk services portfolio and assist clients in securing their supply chains. The Aviator program has reached an agreement with more than 50 companies.

Members of the Aviator partnership program will have rights to use Black Kite’s industry-leading platform, which streamlines third-party risk management, uses open-source intelligence and non-intrusive scans, provides automated and continuous monitoring, and measures third-party technical, financial, and compliance risk. Members of the program will also have access to Black Kite’s partner site, which has a repository of sales and marketing materials, a formal deal registration procedure, and other enablement tools.

“Every organization needs third-party risk visibility and a means of determining the financial, brand, and reputational costs,” said Paul Paget, CEO of Black Kite. “The Aviator partner program will make Black Kite’s unique cyber risk and ransomware rating tools available to companies in the healthcare, financial services, manufacturing, and automotive verticals.”

The Ransomware Susceptibility IndexTM (RSITM), the OpenFairTM Tool, and a scalable that system reduce vendor evaluation times from weeks to hours are among the cyber risk solutions offered by Black Kite.

The RSI is a tool that calculates incident susceptibility and detects ransomware-prone companies. The OpenFair System is the first automated risk-assessment software for C-suite executives that calculates the financial implications of cyber breaches in quantified, convenient commercial terms. The Black Kite software continuously monitors for modifications across 20 cybersecurity categories, keeping vendor risk evaluations up to date.

NetSPI’s Penetration Testing and Vulnerability Management Platform now includes risk scoring

NetSPI, the industry leader in organizational penetration testing and attack surface management, has added risk scoring to its ResolveTM vulnerability management and penetration testing platform. NetSPI’s risk score intelligence in combination with Penetration Testing as a Service (PTaaS) assists clients in prioritizing, managing and remediating the vulnerabilities that pose the highest risk to their firm.

NetSPI’s new risk scoring features dynamical  integration into PTaaS to deliver both a detailed vulnerability risk score and an aggregate risk score for a firm’s projects, assets, apps, and networks. NetSPI customers who use its penetration testing services have access to risk scoring. NetSPI clients can safely dedicate funds and resources to the most critical vulnerabilities by using risk rating.

The risk scores are used as a quantitative assessment for risk reduction over time, validation of cybersecurity expenditures, resource allocation, and benchmarking in the industry. With NetSPI’s risk score, organizations can appropriately prioritize vulnerability patching by taking into account business context and the threat landscape.

“There are varying approaches to assigning vulnerability severity, but risk today extends far beyond individual vulnerabilities. The key is to recognize the risks most likely to disrupt the business, identify the threats that would increase those risks, and prioritize the most appropriate mitigations to protect your organization from those threats. NetSPI’s risk scoring does just that,” said Jake Reynolds, Head of Product at NetSPI.

“Reactive cybersecurity is a thing of the past. Security leaders must get proactive and take a risk-based approach to stay ahead of today’s adversaries. Our risk scores enable NetSPI clients to make proactive security decisions based on their unique risk factors. In other words, it allows them to confidently allocate budget and resources to the vulnerabilities that matter most,” said NetSPI President and CEO Aaron Shilts.

Enterprise Fraud Management – An Overview

Enterprise Fraud Management (EFM) is a centralized framework for risk management, providing comprehensive risk analysis and application of controls for identifying internal and external frauds across all users, accounts, and channels in the organizations by transaction monitoring and customer profiling. Furthermore, it helps in identifying malicious behaviour and corruption in real-time thereby combating risks, minimizing losses, ensuring regulatory compliance, and optimizing operational efficiencies across the organization and entities.
EFM platform gives higher visibility in identifying threats and mitigating these threats. EFM solutions also offer a unified dashboard, enabling real-time monitoring of transactions and raising alerts for anomalies if required.

Some Noteworthy Features of EFMs are –

  • Centralized Data Repository – Businesses are developing centralized data repositories for clients’ accounts and transactions data for various products and services across multiple channels. EFM solutions process large quantities of data in real-time to create detailed profiles of clients and employees using high-performance computing technology based on machine learning, which can be used to detect and investigate money laundering and fraud.
  • Fraud Risk Assessment – A fraud risk assessment is a vigorous and continuously improving process. Organizations do thorough fraud risk assessments to identify individual fraud schemes and risks, assess their probability and magnitude, check existing fraud control actions. They introduce new rules and regulations to improve fraud detection. EFM solutions use risk scores to assess fraud based on guidelines provided by enterprise firm and analysed historical information. The new cloud-based EFM solutions are flexible enough to adapt these new rules and risk assessment tasks.
  • Real-Time Detection using Analytics – Since fraudsters are becoming more advanced, EFMs must evolve at a faster rate. EFM solutions allow for in-depth analysis of internal and external data collected from all resources for real-time fraud detection. In addition to rule-based fraud detection, sophisticated predictive fraud models fuelled by analytics on massive quantities of data are being developed. Risk is assessed in real-time for each transaction using a combination of parameters, algorithms, and cumulative statistics by comparing the characteristics of each customer’s or employee’s conduct with the fraud models and recorded patterns of behaviour. Techniques like graph visualization are used to identify underlying patterns and irregularities in data. EFM’s have forensic tools for e-fraud investigation. The aim is to use all available data to detect illegal activity before it happens and to avoid it before a customer’s account is compromised.
  • Scalability and Performance – EFM solutions are cloud-based, so there are no data storage and processing limitations. Financial institutions like banks with millions of customers and billions of transactions can be monitored with EFMs while retaining the fast detection needed in real-time environments. These organizations can leverage EFM’s cross-channel fraud management, user-centric fraud detection based on advanced AI. EFM solutions can easily correlate fraud events across the organization.
  • Enterprise Case Management – Enterprise Case Management uncovers hidden relationships in financial transactions. It is created primarily for financial fraud detection and investigations in the EFM solutions, it is built on previous fraud cases. These prebuilt and streamlined cases include key areas of fraud, which ease the process of fraud detection.

In the digital era, with evolving technologies, fraud attacks are also increasing at an alarming rate, indicating organizations to include Enterprise Fraud Management solutions to mitigate threats and frauds in the risk landscape.