About Us

Mandiant and Interos to Provide Risk Management

Mandiant and Interos have announced a strategic partnership to provide advanced insights and analysis to help enterprises defend against cyber-attacks and other operational resilience threats. The collaborative partnership aims to bring to market new intelligence based on insights gleaned from the Interos Resilience Lab, as well as Interos’ SaaS platform and Mandiant’s frontline investigations and remediations of high-impact cyber-attacks around the world. Interos reinvents supply chain management and business relationships to reduce risk, avoid disruptions, and achieve superior enterprise adaptability.

According to the Mandiant M-Trends 2022 report, global supply chains remain an appealing target for threat actors looking to exploit trusted business-to-business relationships, as attacking the supply chain provides an opportunity to pivot from one supplier network into multiple customer networks at the same time. In fact, when the initial infection vector was identified, supply chain compromise accounted for 17 percent of Mandiant intrusions investigated in 2021, up from less than 1% in 2020.

Marshall Heilman, Chief Technology Officer of Mandiant commented, “Interos is focused on helping organizations ensure operational resilience; continuously delivering in-depth analysis on criticality for risk and risk management. Together with Interos, Mandiant will be able to proactively problem-solve with a company that is leading the way in ensuring organizations of all sizes understand key attack vectors across the supply chain, threat actors, and nation-state threats.”

The partnership announcement comes after the Cybersecurity and Infrastructure Security Agency (CISA) issued a recent alert warning of an increase in malicious cyber activity targeting managed service providers (MSPs). The advisory also advised MSPs to understand and manage supply chain risk proactively.

Nishant Gupta, Chief Technology Officer, Interos stated, “The CISA warning is more evidence that existing supply chain risk management systems were not designed for today’s complex risk environment. Our collaboration with Mandiant will provide multi-factor risk intelligence to help commercial and government organizations better protect targeted entities in their third-party relationships to insulate them from disruption, ransomware, and IP theft. We’re proud to partner with Mandiant to help leaders discover hidden business relationships and exposure to cyber vulnerabilities.”

Read more articles:

CyberCube and Kroll Launched CAERS

Free Risk Assessment Helps Secure Organizations From Cyberattacks

Legit Security, a cyber security business with an enterprise SaaS platform to protect an organization’s software supply chain, finally launched a free Rapid Risk Assessment to help organizations actively reduce the risk of debilitating software supply chain cyberattacks. The free risk assessment gives businesses rapid visibility into vulnerabilities in their software supply chain, as well as suggestions on where to best invest security resources and technologies to prevent future attacks. 

Software supply chain threats target an organization’s internal software development supply chain, introducing vulnerabilities and backdoors into the software, which are subsequently passed on to unwitting customers, exposing them to a powerful and dangerous multiplier effect. According to information from several governments, businesses, and security vendor sources, software supply chain threats have increased year over year.

The Rapid Risk Assessment is a free service that employs Legit Security’s SaaS-based security platform to perform automated discovery and analysis of an organization’s software supply chain environment to find vulnerabilities, misconfigurations, and security events. Risk assessments can be set up in minutes using an agentless connection, and they are non-invasive, requiring no changes to development tools or workflows. Depending on the scale of the environment, typical assessments might take anything from a few minutes to two hours to complete. This automated scan looks for weaknesses and breaches in software delivery pipelines, as well as the security posture of systems and infrastructure deployed within those pipelines, the people who work within them, and their security hygiene.

Castellan’s The New Crisis Management Module Allows Holistic Resilience Management

Castellan Solutions, a leading firm providing resilience management solutions, announced the launch of its new Crisis Management module, which enables companies to act quickly and effectively in the crucial times following the onset of a business disruption.

The risk landscape has evolved, and business as usual is being called into question on a daily basis. As supply chain disruptions continue and cyber attacks grow in magnitude and frequency, the question is no longer whether disruption will occur, but when.

Organizations can integrate better and optimise readiness activities (operational resilience, disaster recovery, business continuity, and compliance planning) and response activities (crisis/incident management and emergency notification) to reduce the impact of business disruptions affecting their people, consumers, reputation, and revenue by taking a holistic approach to risk management through resilience management.

Castellan’s SaaS platform provides a fully integrated solutions can help users to analyse and prioritise risk, develop actionable response and recovery plans, interact with colleagues through multiple channels, stress test plans using possible scenarios, and rapidly mobilise response teams in the critical moments of an incident occurring – all from a single platform.

The Crisis Management module fully integrates with Castellan’s multi-modal emergency notification capability, allowing organisations to communicate and manage an incident with confidence through:

Task Management: Activate plans and drive accountability with interactive task management and tracking, with an ability to assign ad hoc tasks based on the unique nature of the incident.

Encrypted Chat: Collaborate securely across teams with encrypted chat inside each incident, even if normal channels are compromised.

Mobile Functionality: Drive all response coordination, from incident creation to task management, straight from your mobile device.

Executive Dashboards: Provide real-time updates on the situation and the overall response.

“To confidently achieve the right level of resilience, organizations must work to close high priority vulnerabilities and build a world-class response capability “The innovation and expansion of our SaaS platform paired with our consulting and managed services enables our clients and partners to manage their response to multiple, simultaneous threats with ease,” said Jon Ezrine, CEO of Castellan Solutions.

Entreda Acquires Privva, an Innovative Provider of Cloud-Based Supply Chain Risk Management Software

Entreda, the leading cyber security company offering cyber security training to the independent financial advice industry and a wholly owned subsidiary of Smarsh announced the acquisition of Privva. The Cloud-based Platform of Privva enables organisations to carry cyber risk evaluations in order to manage third party vendors and internal risks.

The acquisition strengthens Entreda’s relationship with Privva as strategic partners. The products and services of Entreda help mitigate the risk of breaches of IT systems and networks. In the meantime, Privva’s provides help to companies to assess their vendors and suppliers’ cyber security preparation. Entreda and Privva will create a more streamlined and integrated offering that allows customers to do business with greater trust.

Privva’s game-changing technology enables regulated organizations, including wealth management firms, to identify and mitigate vulnerabilities in the cybersecurity posture of their third-party vendors and suppliers and do so in a streamlined, automated way. Firms can never be too sure about the cyber hygiene of partners, no matter how familiar they believe they are. They owe it to themselves and their clients to offer a greater level of security, and Privva’s solution offers just that,” said Sid Yenamandra, CEO and founder of Entreda.

Going forward, Privva will do business under the Entreda brand, and Founder and CEO Ishan Girdhar will continue to lead the Privva organization, reporting to Mr. Yenamandra.

“It’s a great honor and pleasure to join Entreda, a Smarsh company and cybersecurity leader in the wealth management space, whose track record of protecting client firms’ sensitive data speaks for itself. Privva and Entreda have worked together for nearly two years implementing Privva’s solution into some of the largest wealth management firms’ platforms. The opportunity to fully integrate with Sid and his team was ideal, as the combined entity will enable both of us to serve firms even more effectively,” said Mr. Girdhar.

“The closer integration of the Entreda and Privva platforms will enhance Advisor Group’s ability to perform cyber risk assessments of thousands of advisors and branch offices in our network and protect them – along with their clients,” said Jon DeLaCastro, VP of Security Assurance, Governance, Risk & Compliance, for Advisor Group.

Sid Yenamandra said, “With the advent of remote work and cloud apps, wealth firms and advisors are relying on tools from third-party vendors more than ever before. Combined with and integrated into our Unify platform, Privva’s proprietary risk scoring methodology will ensure that our client firms can do business with their suppliers, knowing that their data is well protected.”

Entreda is the leading provider of cybersecurity in the field of wealth management with over 300 companies. Entreda will expand its presence beyond its conventional markets by adding Privva’s customers to financial services, law, technology and healthcare services.

BlackBerry and Deloitte Formed an Alliance to Secure IoT Software Supply Chains

BlackBerry Limited and Deloitte announced that they are collaborating to assist OEMs to secure their supply chains by building mission-critical applications.

Deloitte will use BlackBerry® Jarvis tool to provide open source (OSS) software, common vulnerabilities and exposures (CVE) and software data bill (SBOM) analyses to help its clients in the medical, automotive or aero industry, to ensure safe and secure software as part of the agreement. 

In order to ensure the safety of its traffic management and wider transport infrastructure, the G7 Transportation Ministry has selected the joint software and services of the companies.

“We’re thrilled to partner with Deloitte to help OEMs and those responsible for critical infrastructure better understand their embedded systems security challenges with a view to ensuring their end products are both secure and updated with the most recent security patches. Just as a health-conscious grocery shopper can benefit from scrutinizing nutrition labels on food packages, an embedded software developer can gain a whole host of insights by leveraging tools and expertise that enable them to detect issues in their supply chain that may have real implications for intellectual property disputes, security risks and overall quality,” said Adam Boulton, Chief Technology Officer, BlackBerry Technology Solutions. “

BlackBerry Jarvis is designed to respond to the increasing complexity and threats to cyber-security among multi-stage supply chains. It enables OEMs to monitor their code origin and each software asset in their supply chain to ensure their products are both safe and upgraded with the latest safety patches.

By identifying vulnerabilities, BlackBerry Jarvis address the need for deeper action in minutes. Otherwise, manual scanning would take a large number and impractical time for a large number of experts.

Stephen Meagher, Director of IOT for Risk Advisory, Deloitte said, “Deloitte is very excited to partner with BlackBerry. Our already productive relationship will focus on key mobility and other market opportunities.  We’re confident that BlackBerry’s deep security heritage and expertise complimented by Deloitte’s world leading Risk Advisory teams will create a compelling value proposition for new and existing clients.”

Black Kite Introduced Aviator Partner Program to Expand Deployment Cyber Risk Ratings Solutions

Black Kite launched the Black Kite Aviator partner program. Black kite is a recognized cyber risk ratings firm. Aviator allows IT solutions providers to expand their cyber risk services portfolio and assist clients in securing their supply chains. The Aviator program has reached an agreement with more than 50 companies.

Members of the Aviator partnership program will have rights to use Black Kite’s industry-leading platform, which streamlines third-party risk management, uses open-source intelligence and non-intrusive scans, provides automated and continuous monitoring, and measures third-party technical, financial, and compliance risk. Members of the program will also have access to Black Kite’s partner site, which has a repository of sales and marketing materials, a formal deal registration procedure, and other enablement tools.

“Every organization needs third-party risk visibility and a means of determining the financial, brand, and reputational costs,” said Paul Paget, CEO of Black Kite. “The Aviator partner program will make Black Kite’s unique cyber risk and ransomware rating tools available to companies in the healthcare, financial services, manufacturing, and automotive verticals.”

The Ransomware Susceptibility IndexTM (RSITM), the OpenFairTM Tool, and a scalable that system reduce vendor evaluation times from weeks to hours are among the cyber risk solutions offered by Black Kite.

The RSI is a tool that calculates incident susceptibility and detects ransomware-prone companies. The OpenFair System is the first automated risk-assessment software for C-suite executives that calculates the financial implications of cyber breaches in quantified, convenient commercial terms. The Black Kite software continuously monitors for modifications across 20 cybersecurity categories, keeping vendor risk evaluations up to date.

Crosspoint Capital Partners Invests in Software Security ReversingLabs

Crosspoint Capital Partners, a private equity firm specializing in cybersecurity, privacy, and infrastructure software, announced that it led a Series B funding in ReversingLabs, the global company of technology to secure software producers and business software buyers from the risk of software supply chain cyberattacks. ForgePoint Capital, an existing investor, has joined Crosspoint, as has Prelude, a Mercato Partners vehicle. The terms of the deal were not disclosed.

With the emergence of advanced supply chain hacks like implants, ReversingLabs provides the capability to analyze the integrity of binaries, their constituent elements, and software build processes with the speed, accuracy, and scale that today’s digital organizations demand. In the software, defense, retail, financial services and insurance industries, ReversingLabs has become an important security solution for some of the world’s largest companies.

“The level of sophistication and complexity in today’s cybersecurity attacks means that enterprises can no longer assume that software products from their providers are safe. ReversingLabs provides a proactive and transparent approach to understanding the threats that exist within software even in cases where you don’t have access to source code. We believe scalable software inspection and validation processes are essential to software integrity, and we are excited to partner with ReversingLabs as they help enterprises defend against advanced software supply chain attacks,” said Dr. Hugh Thompson, Managing Partner at Crosspoint.

“We are thrilled to partner with Crosspoint, a firm that brings deep sector knowledge and expertise in cybersecurity. Business leaders have become increasingly aware of the cyber risks associated with software vulnerabilities in their organizations. With Crosspoint’s support, I believe we can accelerate our work helping firms detect and prevent software threats that can materially impact them,” said Mario Vuksan, CEO and Co-Founder of ReversingLabs.

“As an element of our Secure By Design initiatives, we’ve applied maximum attention to protecting the integrity of our software development and deployment pipeline from even the most determined and sophisticated attackers. We are working to help establish new standards for secure software development in the industry and ReversingLabs has since become an important part of our overall efforts,” said Sudhakar Ramakrishna, President and CEO of SolarWinds.

“Every organization, whether an ISV developing software or an enterprise procuring or using software, needs controls to manage the software supply chain attack surface and thwart the very real risk of tampering. This attack surface is nuanced, and traditional approaches like source code scanning are insufficient. Every part of the code, compile, build and deploy cycle needs to be checked. ReversingLabs is a great ally in the fight against these threats. Their solution is unique, very hard to replicate and immensely valuable,” said Greg Clark, Managing Partner at Crosspoint.

Crosspoint’s funding will primarily be utilized to boost ReversingLabs sales and marketing operations.

Argon announces Integrity solution, the first software supply chain security solution in the industry that prevents supply chain attacks

Argon Security announced the introduction of its patent-pending IntegrityTM technology, which enables businesses to detect and prevent software supply chain cyberattacks such as the ones that hit SolarWinds and ClickStudios. Misconfigurations, vulnerabilities, and weak dependencies in the company’s CI/CD pipeline are also eliminated, reducing supply chain risks.

Argon IntegrityTM strengthens Argon’s position as a leader in software supply chain security for the modern paradigm of DevOps-led high-velocity software development and increased trust and confidence in businesses’ software releases.

Argon’s patent-pending solution monitors the development process and prevents source-code tampering or manipulation during the software development and release process. Together with the infrastructure hardening and process security, Argon is the only solution in the market that provides holistic, multi-layered prevention of supply chain threats.

“The SolarWinds’ breach highlighted the fact that the software supply chain is a new attack vector that organizations are not currently equipped to defend against. Our solution provides full visibility into the development environment and protects our customers from bad actors who seek to tamper with their code or native behavior and uptime of their applications,” said Eilon Elhadad, CEO, Argon.

“Defending against supply chain attacks is a difficult challenge. Argon is the first solution I’ve seen that can provide broad visibility and security across your software supply chain, detect and prevent risks from misconfigurations, vulnerabilities, and supply chain attacks. This is a quantum leap forward for the defending side,” said Stephen Davis, Chief Information Security Officer at Macmillan.

Cybercriminals are taking advantage of the high complexity and low security within new modern software development environments to exploit and cause massive damage, not only to the attacked corporation, but to their thousands of clients, in this new trend of software supply chain attacks that preyed on SolarWinds, Codecov, and thousands of other companies. Most firms that generate code have implemented continuous integration and delivery (CI/CD) techniques to automate their software development during the last few years, helping them to speed up product and feature releases while maintaining a competitive edge over their markets. As a result, they’ve become a target for supply chain attacks.

“Argon’s solution enables companies to secure their software supply chain against the risks of supply chain attacks effectively. Our unique and in-depth security technology allows us to cross-check and validate actions across the pipeline and prevent damage to the company’s infrastructure, code or application from supply chain attacks. Such consolidated multi-layer coverage is not available in the market today under a single solution,” said Eran Orzel, Argon’s chief revenue and customer officer.

GBA introduced Subsidiary for Cyber Supply Chain Threat Mitigation

GBA Sentinel, a wholly-owned subsidiary of the Global Business Alliance (GBA), is launched to assist global enterprises in promptly identifying and addressing potential supply chain and cyber risks.

“Given the scale of threat vectors, combined with the velocity of recent regulatory activity, international companies in the U.S. want to lead the way in safeguarding critical governmental systems and services. GBA Sentinel will give global companies access to the cutting-edge tools they need to efficiently audit and monitor their supply chains and digital assets. We believe this initiative will help rapidly advance our nation’s effort to prevent future attacks and underscores how seriously world-class companies take protecting America’s supply chains,” said Nancy McLernon, president and CEO of GBA.

International corporations understand how critical it is for the private sector to collaborate with federal agencies in order to maintain a safer environment. Global firms can access Fortress Information Security’s industry-leading supply chain risk management compliance solutions through GBA Sentinel. Fortress provides actionable risk insights on the supply chain ecosystem of assets and vendors, allowing businesses to intelligently mitigate cybersecurity risks while maintaining regulatory compliance.

“Understanding new supply chain security requirements and regulations can be time consuming and costly without partners that grasp both the threat and regulatory environment and have done this at scale in U.S. critical infrastructure. By partnering with GBA Sentinel, we are helping to proactively address many of the pain points GBA members will face in navigating this complex and evolving regulatory and cyber threat landscape,” said Peter Kassabov, executive chairman and cofounder of Fortress Information Security.

The Fortress now protects critical infrastructure supply chains for more than 40% of the US power grid and collaborates closely with key federal agencies to improve supply chain cyber resilience.

The Global Business Alliance, which represents 200 of the world’s largest foreign corporations operating in the United States, is launching this effort for the first time.