About Us

Socura Launched New Managed Vulnerability Scanning Service

Socura has launched a new Managed Vulnerability Scanning (MVS) service. The MVS service from Socura is developed to assist clients in identifying potential vulnerabilities and misconfigurations across all on- and off-premises systems, including their local network, cloud applications, web applications, and mobile devices.

The service enables users to prioritize their remediation efforts while adhering to cyber security regulations and resolving security issues. The MVS service provides continuous vulnerability identification and mitigation and can run on-demand or on a schedule. It will assist Socura’s SOC team in limiting the success of attempted cyber-attacks.

Andrew Kays, CEO of Socura, commented, “Our MVS service empowers our customers to be more focused when protecting their IT assets, allowing them to focus their efforts in areas that will make the greatest difference. The data from our MVS tools will also feed into the SOC to help our team understand potential customer weaknesses, how to mitigate them, and ultimately ensure they are well protected. This is more important than ever, with vulnerabilities evolving as systems are updated, and new attack techniques becoming available”.

The MVS’s insights will improve Socura’s SOC capabilities by giving its analysts more context, which they can use to protect customer environments and set the order of importance for attack surface reduction initiatives. The advanced MVS service will provide customers with a full breakdown and prioritization of vulnerabilities, as well as an analysis of their potential impact and actionable insights for internal teams’ defensive efforts.

MVS is available for customers with two levels of service. Under the standard service, Socura will deploy the vulnerability scanning platform for clients, including setup, management, onboarding, scanning, and regular reporting. The advanced MVS service also includes an assessment of MVS scan results by Socura’s SOC team.

Socura’s MVS service includes features such as continuous vulnerability scanning and management, new asset discovery across the IT estate, monthly vulnerability reports, identification, and evaluation of vulnerabilities, including any threats that may exploit them, and actionable insights from Socura’s expert SOC analyst team.

Rezilion Secures $30 Million In Series A Funding to Automate DevSecOps

Rezilion, a cyber startup that uses automation to change DevSecOps, today received $30 million investment in Series A funding led by Guggenheim Investments. Current and former cybersecurity professionals and luminaries from Google, Microsoft, CrowdStrike, IBM, Cisco, PayPal, JP Morgan Chase, Nasdaq, eBay, Symantec, RedHat, RSA, and Tenable contributed to the round, as did new investment partners JVP and Kindred Capital.

With DevOps, code development has become fully automated, yet there is now a crippling bottleneck between engineering and security teams. Understanding, mitigating, and limiting the risk associated with the huge lines of code published by corporations every day is a constant problem, and it still involves extensive manual work by highly skilled engineers. As a result, businesses must choose between remaining secure and distributing products quickly.

Rezilion makes security as agile as DevOps by automating repetitive security bottlenecks. It is the only approach that significantly minimizes the amount of security effort necessary to deploy new digital products while maintaining the security of software platforms. Clients who use Rezilion’s vulnerability validation technology have decreased their patching backlog by more than 70% on average, freeing up important engineering resources to focus on product expansion.

“Rezilion’s product suite is a game changer for security teams. It creates a win-win, allowing companies to speed innovative products and features to market while enhancing their security posture. We believe Rezilion has created a truly compelling value proposition for security teams, one that greatly increases return on time while thoroughly protecting one’s core infrastructure,” said Rusty Parks, Senior Managing Director of Guggenheim Investments.

“At Rezilion, we are deeply committed to helping organizations drive their own innovation by reducing the resource drain, inaccuracies and operational friction created by manual security work. We know there’s never been a better time for organizations to experience what we call ‘trust in motion,’ or the peace of mind that comes from moving fast while staying safe and secure,” said Liran Tancman, co-founder and CEO of Rezilion. “

“Our technology brings developers and security teams together. This funding round will allow us to dramatically accelerate our vision by advancing product development and driving growth on a global scale,” says Shlomi Boutnaru, co-founder and CTO of Rezilion.

“Rezilion’s pioneering approach generates a host of benefits to meet the needs of CEOs, CIOs and CISOs, from expediting digital transformation, faster product rollouts and enhanced productivity and compliance to the adoption of state-of-the-art development best-practices and the guarantee of better security and improved ROI. Under the proven leadership of Liran and Shlomi, we look forward to expanding Rezilion’s markets and offerings to provide more value based on its unique technology,” stated Yoav Tzruya, General Partner at JVP.

The funds will be utilized to rapidly accelerate Rezilion’s go-to-market strategy, including partnering with other DevSecOps solution providers and expanding operations across the US and Europe. Additional product development attempts to bridge the gap between security and engineering, increasing the productivity of both teams so that software can be delivered on time and businesses can innovate more quickly.

Vulnerability Management – Insights

The process of identifying, analyzing, classifying, and remediating vulnerabilities depending on the risk they constitute to an organization is known as vulnerability management (VM). A vulnerability scanner is the key technical component of this procedure since it detects resources connected to a company’s network and assesses them for vulnerabilities.

Vulnerability scanner scans a computer system for known vulnerabilities such as unsecured software setups, open ports and malware infection susceptibility. A zero-day vulnerability is one that is unknown or brand new. For cyber attacks and security breaches, exploiting flaws in operating systems, devices, browsers, and third-party applications to infect end-user devices is the first step. Identifying and repairing these vulnerabilities before cybercriminals can exploit them is a preventive security technique that should be included in any security program.

The Elements of Vulnerability Management are –  

Plan: Initiate by specifying the scope of the vulnerability management system, including what will be scanned and how it will be scanned. Security teams need to decide the frequency of scanning. Security teams must decide which resources are the most important and who has authority over them.

Scan: An organization’s entire network is scanned for vulnerabilities, insecure devices and software setups, compliance with security regulations. Internal scanning evaluates the cybersecurity of an organization’s network inside the firewall, whereas external scanning is done from the outside. Scanning both internally and externally provides a complete picture of risks.

Remediate: Remediation priorities are set based on the severity of the threat and importance of the resource for an organization, and then it is assigned to an employee who will be remediating the vulnerability. Low-level vulnerabilities are resolved after high or critical vulnerabilities.

Track Progress: Company needs to check the success of its vulnerability management programme. To do this companies, need to define a baseline, set success indicators, and track progress towards their goals. Companies need to improve their vulnerability management system, so they need to add the latest or newly discovered zero-day vulnerabilities to their database.

Proof of Concept

This proof-of-concept helps to understand the technical and financial implications of the vulnerabilities. It also helps in remediating vulnerability.

Risk Scoring

Thousands of vulnerabilities are discovered in an organization. They need an advanced risk rating algorithm to figure out which systems to patch first for effective prioritization. To automate the prioritising of vulnerabilities, the risk score should include threat parameters such as exposure to exploits and viruses, duration of vulnerability.

Scalability

As a company grows, so should its vulnerability management solution’s capacity. Companies should be able to increase capacity at small expenses by adding scan engines to their current solution. The solution vendor should have expertise with similar-sized installations in larger environments. 

Report Customization and Consolidation

Security teams can centrally manage prioritisation and remediation across the firm’s entire network, as well as monitor security risk and compliance trends, by combining data reports collected from each scan engine. On a single dashboard or user interface, the VM solution displays vulnerabilities, customizations, policy compliance, and other asset information like installed software. 

Bug Bounty and Vulnerability Disclosure Programs

Official vulnerability disclosure programs and policies define parameters for security researchers, obligate businesses to avoid legal action if others follow their rules and provide instructions on how to report vulnerabilities discovered. Some organizations offer monetary or other initiatives to promote responsible security researchers to work in good conscience. The incentives are commonly referred to as the “bug bounty” program. Several specialized organizations that are well-known in the security researcher community provide bug bounty program management and support services. Following the discovery of a vulnerability, companies generally issue a software patch or other fix.

The majority of cyber-attacks happen because there is a flaw or vulnerability in the software. Identifying vulnerabilities and fixing them is a crucial step. 100% secure software doesn’t exist thus finding the flaws and fixing them is a continuous process that improves software security. Hence vulnerability management solutions’ cyber security market share is increasing.