Every cybersecurity team is being challenged to do more with less. CISOs experience top-down pressure to maximize the value of their resources, consolidate vendors as much as possible, and optimize their tool stack. And, they have unchanged expectations of keeping their organization safe across ever-growing digital supply chains. But traditional approaches to VRM often leave cybersecurity teams grappling with a tangled web of manual processes, disparate tools, and fragmented data.

At Bitsight, part of the Vulnerability Research team's core work involves analyzing vulnerabilities in order to create detection capabilities that can be implemented on an Internet-wide scale.

Whether it's because industrial control systems remain quite vulnerable to attacks, or because these systems manage valuable physical resources and uptime is essential—or a bit of both—attackers are increasingly targeting operational technology (OT) and industrial control systems (ICS).

Bitsight was named a Leader in The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024 for a third consecutive time. Click here to download The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024. We are incredibly proud to be highlighted as a Leader, and our placement in this report is validation of our ongoing effort to help risk and security leaders identify exposure, prioritize investment, communicate with stakeholders, and mitigate risk.

With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?

It’s been a while since I’ve blogged. Things have been busy; Bitsight released a great report authored by yours truly on CISA’s KEV catalog. It’s really great if I do say so myself so I highly recommend going and giving it a glance.

More enterprise business leaders are beginning to understand that cybersecurity risk equates to business risk—and getting a clearer sense of the impact that cyber exposures can have on the bottom line. Consider the MGM Resorts and Clorox Company cybersecurity incidents that occurred last year. Both suffered considerable attacks, reportedly led by the Scattered Spider cybercriminal group, causing widespread business disruption and substantial financial losses.

Exposure management tooling can act as an excellent source of truth for cybersecurity leaders as they communicate risk up to the board level. The visibility and data streaming from exposure management solutions makes it easier for CISOs to track security performance over time, quantify improvements in security maturity levels, establish better financial quantification of cyber risk and ensure the organization's exposure levels match up with industry averages.

KEV! KEV! KEV! No, you aren’t standing outside a frat house while some college kids encourage their buddy Kevin to finish his beverage. Rather, it’s the sound of people extolling the virtues of the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities(KEV) Catalog.