Seeing the Unseen: How Generative AI Elevates Situational Awareness in Cybersecurity
Situational awareness in cybersecurity is hard! And poor situational awareness can be disastrous in cybersecurity. For a CISO, it could mean missing acting on a critical gap in the security program, leading to a data breach that damages the company’s reputation and incurs massive fines. For a Director of Security ... Read More
NIST CSF 2.0: The Journey so Far and What’s Ahead
NIST CSF 1.1 to 2.0 is a significant update reflecting an inclusive and responsive approach to risk management. The most recent public draft of NIST CSF 2.0 includes expanded guidance and adds a sixth function, ‘Govern,’ to aid organizations in reducing cybersecurity risk. The NIST CSF 2.0 public draft aligns ... Read More
Product Announcement: Elevate Your Application Security with Balbix AppSec
Consider the Rubik’s Cube: it has 6 sides and 54 colored tiles, yet is maddeningly difficult to solve – a fact I learnt the hard way by spending untold hours as a kid. You know all of the elements are there in front of you, but it can be complicated ... Read More
3 Ways Balbix can help operationalize CISA BOD 23-01
What is CISA Directive BOD 23-01? In October 2022, the US Cybersecurity and Infrastructure Security Agency (CISA), which is a part of the United States Department of Homeland Security (DHS), issued a new directive called BOD 23-01. This directive, titled “Improving Asset Visibility and Vulnerability Detection on Federal Networks”, requires ... Read More
Product Announcement: Operationalizing the MITRE ATT&CK Framework for use in Vulnerability Management
Alexander the Great is unquestionably one of the most famous military commanders in history. His victories are legendary. His ability to conquer cities and states more than 3,000 miles across the globe in a span of just 13 years is attributed to the advanced tactics that his military, the Macedonian ... Read More
Product Announcement: Yes, You Can Have a Software Bill of Materials (SBOM)!
As 2021 turned to 2022, the internet was on fire. Organizations around the world began identifying and remediating recently discovered Log4j vulnerabilities. Many of our customers, including a Fortune 100 company, contacted us for urgent assistance. Fortunately, we were in a position to help. We had the ability to produce ... Read More
Balbix’s Role-Based Dashboards: Reduce Risk at High Velocity
When you drive a car, you can look through your windshield to see the road ahead. With this visibility, it’s easy to anticipate slowdowns and see where you need to make your next turn. This is a lot harder if you drive in reverse, as the view is fragmented across ... Read More
Announcing Cybersecurity Posture Automation for GCP and Multi-Cloud Environments
The cover of Verizon’s Data Breach Investigation Report 2022 depicts an empty, and unguarded, server room, an image eerily similar to the cover of the inaugural edition. This is the stark reality of the state of cybersecurity: despite all the advances in technology over the past 15 years, assets and ... Read More
Analyzing CISA Known Exploited Vulnerabilities with Business Context
What is CISA Directive BOD 22-01? In November 2021, the US Cybersecurity and Infrastructure Security Agency (CISA), an agency of the United States Department of Homeland Security (DHS), issued a new binding operational directive, BOD 22-01. The directive, titled “Reducing the Significant Risk of Known Exploited Vulnerabilities”, encourages federal agencies ... Read More
The Why, What and How of Vulnerability Risk Acceptance
I recently read an engrossing book – “The Wisdom of Wolves: Lessons From the Sawtooth Pack”. The book is written by a couple who coexisted closely with a pack of wolves over a span of 6 years. The authors reflect on the numerous “human-like” virtues they observed while living as ... Read More
