Endpoint Security and Network Monitoring News for the Week of January 26; Bastille, SecurityBridge, Enzoic, and More

The editors at Solutions Review have curated this list of the most noteworthy endpoint security and network monitoring news for the week of January 26. This curated list features endpoint security and network monitoring vendors such as Bastille, SecurityBridge, Enzoic, and more.

Keeping tabs on all the most relevant endpoint security and network monitoring news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy endpoint security and network monitoring news items.

Endpoint Security and Network Monitoring News for the Week of January 26

Bastille Raises $44 Million Series C Investment

Bastille Networks, Inc., a leading supplier of wireless threat intelligence technology to high-tech, banking, and the intelligence community, is pleased to announce a Series C investment of $44 million, led by its new investor: Growth Equity at Goldman Sachs Asset Management (Goldman Sachs). Existing investor Bessemer Venture Partners joined Goldman Sachs in the Series C round. Investors in previous rounds include Comcast, Bessemer, and the individual investors who have supported the Company from its Seed stage. The capital will be used to support the company’s high growth and expand into new markets.

Read on for more.

SecurityBridge Rated Top Three Source by the SAP Security Response Team

Global SAP security provider SecurityBridge has gained recognition from the SAP Security Response Team, which has rated the company’s Research Lab among the top three sources globally for discovering and reporting vulnerabilities in SAP software. Over 100 zero-day vulnerabilities have been discovered and reported by the SecurityBridge Research Lab, sequentially fortifying the SAP ecosystem, SAP products, and SAP customer platforms worldwide. This accolade underscores the crucial role SecurityBridge plays in the SAP security realm. The contributions of SecurityBridge’s Research Lab extend beyond the discovery and reporting of vulnerabilities. It plays a pivotal role in analyzing newly released SAP security notes on Patch Tuesday. These investigations contribute significantly to providing proactive protection for SAP customers.

Read on for more.

SecurityScorecard Launches MAX Service for the Supply Chain Cyber Risk Management Market

SecurityScorecard announced this week the launch of SecurityScorecard MAX, a new partner-focused managed service from SecurityScorecard that builds on the company’s decade of experience in the supply chain cyber risk management market.  MAX is delivered via a partner-focused franchise model that enables SecurityScorecard partners to expand their book of business by leveraging the MAX engine. Partners provide front-line services to customers and leverage SecurityScorecard experts for tier II support, training, and franchise certification. SecurityScorecard acquired the technical and operational expertise to build and operationalize MAX through its acquisition of LIFARS, a cybersecurity services firm, in 2022.

Read on for more.

Enzoic and ThreatQuotient Announce Partnership, Adding Dark Web Monitoring Capabilities

Enzoic, a provider of threat intelligence solutions, this week announced a partnership with ThreatQuotient, a security operations platform provider. Through the agreement, the latter is integrating Enzoic’s Dark Web monitoring capabilities to scan for exposure and help customers act at the first sign of compromise. The ThreatQuotient ThreatQ Platform provides tools for contextualizing and prioritizing intelligence, enabling security teams to respond more effectively to potential threats. The integration with Enzoic utilizes their Exposure API for monitoring potential user and domain exposures on the Dark Web, enabling organizations to pinpoint when credentials are compromised. These alerts are dynamically updated, ensuring ThreatQuotient customers can act on the threat intelligence to mitigate damages, safeguard any exposed accounts or credentials, and alert end users as new exposures are detected. The integration does not require organizations to send any PII from their systems, and query data is not stored by Enzoic.

Read on for more.

Expert Insights Section

Watch this space each week as our editors will share upcoming events, new thought leadership, and the best resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

Is EPSS Lying About Your Vulnerability Risk?

Jacob Baines of VulnCheck examines how expanding the KEV catalog can fill in the blanks left by the EPSS (Exploit Prediction Scoring System). The Common Vulnerability Scoring System (CVSS) has been assigning severity scores to vulnerabilities for nearly two decades. CISA’s KEV catalog is the most frequently referenced repository designed to help manage vulnerabilities – but it still doesn’t completely solve the prioritization challenge due to curation lag and a lack of context or attribution. One option getting a lot of attention is the Exploit Prediction Scoring System (EPSS), which uses machine learning to produce probability-of-exploit scores for all published Common Vulnerabilities and Exploits (CVEs). Because EPSS combines threat information from CVEs with newer information on exploits to come up with data-driven assessments, some have touted it as a better way to assess threats. However, I would argue that a closed-source model is not the right step forward. Especially one that doesn’t take reality into consideration and is not a good predictor. With EPSS, scores need to be regularly recalculated as new information comes in. That’s not really predictive, it’s reactive. A better solution would be to build on KEV, developing ways to use its information faster and better.

Read on for more.