Threat Intelligence

6/14/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Prevalent Acquires Datum Security for SMB Third-Party Risk Management Platform

Acquisition of Datum Security Solution Helps Close Dangerous Gap in SMB Third-Party Risk Exposure.

WARREN, NJ - Prevalent, the leader in Third-Party Risk Management and Cyber Threat Intelligence, today announced the acquisition of Datum Security, the leader in Third Party Risk Validation for small and medium-size business.

"Our objective has always been to provide a comprehensive suite of solutions for vendor risk management to our customers, from enterprise assessment software to vendor evidence sharing networks, to continuous monitoring," said Jonathan Dambrot, CEO, Prevalent. "The Datum Security acquisition will help our customers greatly reduce the risk exposure resulting from small to medium sized vendors."

There are approximately six million companies in the US with at least one employee, and more than 80 percent of those have fewer than 20 employees. Assessing "small" (50-500 employees) or "very small" (1-50 employees) vendors is difficult at best and nearly impossible in many circumstances. Standard questionnaires can be a burden for organizations with limited IT and security resources and expertise, and in many cases, may have little relevance to a 25-person organization. Moreover, little data is available for small vendors which render continuous monitoring solutions largely unhelpful. The Datum Security solution is specifically designed to address that gap utilizing a purpose-built evidence collection technology specifically designed for SMBs.

"It's a real challenge for our customers," added Matthew Hicks, Chief Strategy Officer. Prevalent. "A vendor with 20 or 30 employees simply can't prioritize security controls assessments and needs a simple, low overhead solution. The Datum solution combined with Prevalent's existing third-party risk management platform creates a world-class solution for organizations of any size."

The Prevalent+Datum Security solution benefits small vendors as well, as it effectively provides an automated security assessment with improvement and remediation recommendations, in addition to satisfying the assessment needs of customers with minimal effort.

"Not only are there millions of small companies to account for, but more and more, those small companies are handling sensitive data or have access to it," added Jonathan Niednagel, Datum Security Founder, and CEO. "Small law firms, early-stage technology companies, insurance claims processing vendors, even mom-and-pop printers are often exposed to their customers' sensitive information. Datum Security's technology now gives Prevalent's customers a means of accounting for and quantifying that risk exposure."

Norman Menz, CTO, Prevalent, emphasized the impact on Prevalent's solution strategy. "As the only company focusing exclusively on all dimensions of third party risk -- assessment, monitoring, evidence sharing networks -- we understand where our customers have blind spots in their vendor risk profiles, and we're constantly striving to provide 360-degree risk visibility into their vendor communities. Adding the Datum Security team and product to our portfolio has further positioned us as the only truly comprehensive third-party risk solution available."

Terms of the acquisition are not disclosed as both companies are privately-held.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.