Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/25/2017
11:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cygilant Launches New Vulnerability and Patch Management Subscription Service

Cygilant's Industry-first 'One Vendor' Approach to Vulnerability and Patch Management Aims to Streamline Workflows; Speeding Cyber Threat Response Times and Lowering Cost of Ownership

Boston, Mass., October 24, 2017 - Cygilant (formerly EiQ Networks), a pioneer in hybrid security as a service, today launched a new combined vulnerability and patch management (VPM) subscription service.  This industry-first approach to vulnerability and patch management is now available to companies that have invested in Qualys, Rapid7, and Tenable vulnerability management technologies. Cygilant VPM provides lean IT teams with a single-service offering that combines continuous co-managed vulnerability management with auditable patch management and security engineering support from its global SOCs (GSOC) to identify, prioritize, and patch vulnerabilities in order to reduce the attack surface, while reducing operational costs. 

“With Cygilant Vulnerability and Patch Management we are providing a valuable service to organizations that have invested in best-of-breed vulnerability management technologies from Rapid7, Qualys, and Tenable but don’t have the resources to prevent breaches from known exploitable vulnerabilities or unpatched systems,” said Chairman, President, and CEO of Cygilant, Vijay Basani. “The job of thwarting cybersecurity attacks is a 24/7/365 job. While procuring marketing-leading VM technology is a good start, unfortunately, many IT teams run lean and are constantly being asked to do more with less. As a result, an increasing number of organizations are experiencing breaches due to known exploitable vulnerabilities and missing patches.”

Cygilant Vulnerability and Patch Management is a subscription service that combines people, process, and technology to effectively detect and fix both old and new vulnerabilities and missing patches before they are successfully exploited. The VPM service includes:

· Continuous Vulnerability Scanning – Cygilant’s Global SOC team of security engineers will schedule and manage Rapid7, Qualys, and Tenable vulnerability management solutions to continuously scan IT assets to identify vulnerabilities

· Risk-based Prioritization of Vulnerabilities – Cygilant’s GSOC team will prioritize vulnerabilities based on exploitability and business risk 

· Tailored Reporting – Cygilant’s GSOC will provide daily/weekly/monthly reporting  and  guidance on reducing the attack surface, keeping all stakeholders up-to-date

· Patch Management –Cygilant’s cloud-based Patch Management service identifies, analyzes, and reports on missing patches on operating systems, including Windows, Linux, and third-party applications such as Adobe and Java.

· Auditable Change Management - auditable workflow to review, approve, schedule, apply, and validate missing patches by asset type and group

· Compliance Support -  assistance with meeting compliance requirements related to vulnerability and patch management

· Dedicated GSOC team – a dedicated Cygilant Service Delivery Manager, backed by GSOC security engineers, provides a force multiplier effect to manage vulnerability scans and patch large IT environments cost-effectively

Cygilant VPM allows organizations to combine vulnerability and patch management processes which are usually provided by multiple vendors, hindering effectiveness and resulting in disconnected data siloes. Organizations effectively utilizing vulnerability and patch management can avoid catastrophic breaches such as the recent Equifax breach that exposed sensitive data for as many as 145.5 million U.S. consumers. Equifax IT personnel failed to install an available patch for their Apache Struts web-application software which cyber criminals were then able to easily exploit.

“Had the Equifax IT team installed the appropriate patch this massive breach wouldn’t have happened. By combining vulnerability and patch management IT teams have access to a comprehensive service that continuously detects, prioritizes vulnerabilities, and patches systems while adhering to a well-defined change management process to protect customer data and financial assets, including PII and PHI,” Basani explained.

 

About SOCVue

Cygilant’s SOCVue® is a subscription security as a service that combines people, process, and technology to deliver a cost-effective information security program, including:

·         Managed Incident Detection

·         Managed Incident Response and Remediation Guidance

·         Proactive and Continuous Critical Security Controls Auditing

·         Managed and Co-managed SIEM & Log Management

·         Managed and Co-managed Vulnerability Management

·         Managed Patch Management

·         24x7x365 Monitoring by Trained Global SOC Security Analysts

·         Compliance Reporting

·         Auditable Change Management

 

About Cygilant, Inc.

Cygilant, a pioneer in hybrid security as a service, is transforming how organizations of all sizes build an enterprise-class security program. Acting as a multiplier to customers’ IT teams, Cygilant provides 24x7x365 security and compliance visibility, managed incident detection, response and remediation guidance backed by best-of-breed technology, industry best practices and global SOC analysts. Cygilant is a trusted advisor to organizations that need to proteCygilant Launches New Vulnerability and Patch Management Subscription Service to Support and Equip Lean IT Teams to Effectively Stop Cyber Threats and Exploits

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17537
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
CVE-2019-17538
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.
CVE-2019-17535
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVE-2019-17536
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
CVE-2019-17533
PUBLISHED: 2019-10-13
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.