Webinar: The Next-Gen Security Easy Button
Webinar: The Cyber Attacker’s Advantage
The Report: Quantifying the Attacker’s Advantage
Tenable Research has just released a report on the difference in time between when an exploit is publicly available for a given vulnerability and the first time that a vulnerability is assessed.
For this study, Tenable analyzed the 50 most prevalent critical and high-severity vulnerabilities from just under 200,000 vulnerability assessment scans over a three-month period in late 2017 to anchor the analysis to the real world. We used these vulnerabilities to derive the “time to exploit availability” and “time to assess” to calculate the median delta.
Join the webinar: The Cyber Attacker’s Advantage for a LIVE review of the research.
Attackers are racing ahead
Our analysis shows that the median delta was -7.3 days. The median time to exploit was 5.5 days, compared to a median time to assess of 12.8 days. On average, this gives attackers a seven-day head start on the defenders.
The delta was negative for 76 percent of analyzed vulnerabilities. So, on a vulnerability-by-vulnerability basis, the attackers seize the first-mover advantage more often than not.
When the delta was positive, it was usually because it took so long for an exploit to become available – rather than the defenders’ speedy scanning frequency. The fact that for 34 percent of the analyzed vulnerabilities, an exploit was available on the same day the vulnerability was disclosed is sobering. But it really gets interesting when we drill down into the individual vulnerabilities.
Twenty-four percent of the 50 most prevalent vulnerabilities we analyzed are actively being exploited in the wild by malware, ransomware or exploit kits. A further 14 percent were sufficiently critical to be discussed in the media. The sample set contained vulnerabilities being targeted by the Disdain and Terror exploit kits, Cerber, and StorageCrypt ransomware and even by APT groups such as Black Oasis to install the FinSpy surveillance software.
Cybriant Named to 2018 MSSP Alert Top 100 Managed Security Services Providers List
S
econd Annual List Honors Leading MSSPs & Cybersecurity Companies That Safeguard Customers’ Digital Assets
Alpharetta, GA – September 17, 2018 – MSSP Alert, published by After Nines Inc., has named Cybriant to the Top 100 MSSPs list for 2018 (http://www.MSSPAlert.com/top100).
The list and research identify and honor the top 100 managed security services providers (MSSPs) that specialize in comprehensive, outsourced cybersecurity services.
The Top 100 MSSP rankings are based on MSSP Alert’s 2018 readership survey combined with aggregated third-party research. MSSPs featured throughout the list and research proactively monitor, manage and mitigate cyber threats for businesses, government agencies, educational institutions and nonprofit organizations of all sizes.
“Cybriant is pleased to be named among the top 100 MSSPs in a competitive market that has thousands of service providers,” said Jeff Uhlich, CEO, Cybriant. “Our effective performance delivering complete detection and response services to reduce and mitigate cyber risk is providing real value for our clients and is expressed in the consistent growth of our business.”
Cybriant was recently named one of Atlanta’s fastest growing private companies as part of the Atlanta Business Chronicle Pacesetter Awards. They also named one of Atlanta’s “Best Places to Work” award.
Building and operating a true MSSP requires major financial, technical and business commitments. Fully 63 percent of top MSSPs surveyed maintain their own security operations centers (SOCs) on a 24x7x365 basis. Another 24 percent depend on hybrid models in which some SOC services are outsourced, with the remaining 13 percent either formulating strategies or completely outsourcing their SOC services.
Demand for MSSPs has escalated amid rising cyberattacks, malware and ransomware incidents worldwide. The cybersecurity skills shortage has further heightened the need for world-class MSSPs. The global managed security services market is expected to skyrocket to $101 billion in the next nine years, advancing at an eye-popping 18% compound annual growth rate, according to Persistence Market Research.
“After Nines Inc. and MSSP Alert congratulate Cybriant on this year’s honor,” said Amy Katz, CEO of After Nines Inc. “As MSPs increasingly introduce managed security services, Cybriant continues to stand out in the fiercely competitive cybersecurity market.”
The Top 100 MSSPs list and research were overseen by Content Czar Joe Panettieri (@JoePanettieri). Find the online list and associated report here: http://www.MSSPAlert.com/top100.
About Cybriant
Cybriant assists companies in making informed business decisions and sustaining effectiveness in the design, implementation, and operation of their cyber risk management programs. We deliver a comprehensive and customizable set of strategic and managed cybersecurity services. These services include Risk Assessments and vCISO, 24/7 Managed SIEM with LIVE Monitoring, Analysis and Response, 24/7 Managed EDR, 24/7 Real-Time Vulnerability Scanning, and Patch Management. We make enterprise-grade cyber security strategy and tactics accessible to the Mid-Market and beyond. Find out more at http://www.cybriant.com or call 844-411-0404.
About After Nines Inc.
After Nines Inc. provides timeless IT guidance for strategic partners and IT security professionals across ChannelE2E (www.ChannelE2E.com) and MSSP Alert (www.MSSPAlert.com). ChannelE2E tracks every stage of the IT service provider journey — from entrepreneur to exit. MSSP Alert is the global voice for Managed Security Services Providers (MSSPs).
- For sponsorship information contact After Nines Inc. CEO Amy Katz, Amy@AfterNines.com
- For content and editorial questions contact After Nines Inc. Content Czar Joe Panettieri, Joe@AfterNines.com
Finally! A “Why Didn’t I Think of That” Idea in Compliance
It’s time for a new idea in Compliance!
It seems there is a never-ending stream of acronyms that businesses now must learn and understand in order to be “compliant.” In fact, you may feel like a cat herder that is chasing one audit after another.
Each new entrant into the pantheon of compliance complicates and weaves an even more complex web of checklists, procedures, policies, etc. Each time new letters are added to our alphabet soup of regulations we must scramble to meet those specific lists of requirements.
What if there were a better way?
In this webinar, we’ll take a step back and consider that all frameworks and requirements are very similar. In fact, about 80% of PCI and HIPAA controls overlap. Let’s look at the different framework audit requirements and see how we can take a common-sense approach to your next audit.
At the end of the day, regulations have many of the same themes. Check audit logs, protect desktops, train users, etc. The first step is to start with a baseline, a starting point upon which all compliances can be compared. After the baseline has been established, you’ll be able to quiet the noise and provide a clear path towards meeting existing and yet to come compliance matrices.
Interested? Register for the webinar. If you can’t make it, we’ll send you the recording.
Register Today!
September 14, 2018
9 AM EST
Compliance Webinar
Finally, a “Why didn’t I think of that” moment in compliance
4 Necessary Elements of a Compliance Management Framework
Webinar “Building Resilience to Severe Weather Threats”
August 2nd at 10 AM
With the 2018 Hurricane season upon us, the time is now to begin preparations. Colorado State University predicts a 63% probability, that during the 2018 season, at least one major hurricane will be making landfall on the continental United States.
You’re invited to our webinar, presented on behalf of Cybriant, and Carbonite: “Keeping your business resilient during storm season”. Business continuity has never been more valuable. When things go sideways, High Availability is an essential part of your disaster recovery plan. This webinar will highlight the ease of use and the importance of having a high availability solution for business-critical systems.
The webinar will be 15 minutes in length. For attending, you’ll receive the opportunity for a free environmental assessment.
Event Details
Presented by: Christiano Lucca, Senior Solutions Architect, Carbonite
Webinar Date: Thursday, August 2nd, 2018
Webinar time: 10:00 AM ET, 15 minutes
On-Demand Webinar: Phishing Attack Landscape and Benchmarking
New Study: Is Your Phish-Prone Percentage Better or Worse Than Your Peers in the Industry?
One of your important IT security projects is getting the Phish-prone percentage of your users as low as possible because phishing is the root cause of many security breaches.
But how are you doing compared to “similar-size peers” in your industry?
Our partner, KnowBe4, just completed a big-data analytics exercise over the 15,000 customers we have and came up with new baseline phish-prone percentages, and how fast it drops over time. To say the least, the numbers are very interesting, and this time we also broke them out by industry and size, showing the most at-risk industries.
Now having incredible data to analyze, the new research uncovered some surprising results. The overall industry initial Phish-prone percentage benchmark turned out to be a troubling 27%, but with variations by size and industry.
Fortunately, the data showed that this 27% can be brought down more than half to just 13% in only 90 days by deploying new-school security awareness training. The 365-day results show that by following these best practices, the final Phish-prone percentage can be minimized to 2.17% on average.
Key topics covered in the research:
- New phishing benchmark data by org size and industry
- Understanding the current phishing landscape
- Most clicked simulated phishing attacks
- Top 10 “In the Wild” reported phishing emails
Watch the on-demand webinar to see how you stack up!
Your Users are Phish-Prone! Find out how many.
Watch the Webinar
