Product Announcement: Elevate Your Application Security with Balbix AppSec
Consider the Rubik’s Cube: it has 6 sides and 54 colored tiles, yet is maddeningly difficult to solve – a fact I learnt the hard way by spending untold hours as a kid. You know all of the elements are there in front of you, but it can be complicated ... Read More
3 Ways Balbix can help operationalize CISA BOD 23-01
What is CISA Directive BOD 23-01? In October 2022, the US Cybersecurity and Infrastructure Security Agency (CISA), which is a part of the United States Department of Homeland Security (DHS), issued a new directive called BOD 23-01. This directive, titled “Improving Asset Visibility and Vulnerability Detection on Federal Networks”, requires ... Read More
Product Announcement: Operationalizing the MITRE ATT&CK Framework for use in Vulnerability Management
Alexander the Great is unquestionably one of the most famous military commanders in history. His victories are legendary. His ability to conquer cities and states more than 3,000 miles across the globe in a span of just 13 years is attributed to the advanced tactics that his military, the Macedonian ... Read More
Product Announcement: Yes, You Can Have a Software Bill of Materials (SBOM)!
As 2021 turned to 2022, the internet was on fire. Organizations around the world began identifying and remediating recently discovered Log4j vulnerabilities. Many of our customers, including a Fortune 100 company, contacted us for urgent assistance. Fortunately, we were in a position to help. We had the ability to produce ... Read More
Balbix’s Role-Based Dashboards: Reduce Risk at High Velocity
When you drive a car, you can look through your windshield to see the road ahead. With this visibility, it’s easy to anticipate slowdowns and see where you need to make your next turn. This is a lot harder if you drive in reverse, as the view is fragmented across ... Read More
Announcing Cybersecurity Posture Automation for GCP and Multi-Cloud Environments
The cover of Verizon’s Data Breach Investigation Report 2022 depicts an empty, and unguarded, server room, an image eerily similar to the cover of the inaugural edition. This is the stark reality of the state of cybersecurity: despite all the advances in technology over the past 15 years, assets and ... Read More
Analyzing CISA Known Exploited Vulnerabilities with Business Context
What is CISA Directive BOD 22-01? In November 2021, the US Cybersecurity and Infrastructure Security Agency (CISA), an agency of the United States Department of Homeland Security (DHS), issued a new binding operational directive, BOD 22-01. The directive, titled “Reducing the Significant Risk of Known Exploited Vulnerabilities”, encourages federal agencies ... Read More
The Why, What and How of Vulnerability Risk Acceptance
I recently read an engrossing book – “The Wisdom of Wolves: Lessons From the Sawtooth Pack”. The book is written by a couple who coexisted closely with a pack of wolves over a span of 6 years. The authors reflect on the numerous “human-like” virtues they observed while living as ... Read More
War-Time vs Peace-Time Vulnerability Management
In the military, you approach periods of war and peace differently. Peace-time is used to train the troops for battle. Peace-time’s stability is used to steadily enhance assets and strategic position for future war. When war comes, the approach is quite different. The focus turns to making rapid decisions and ... Read More
Dear CISO, What’s the ROI of Our Cybersecurity Investments?
For many CISOs, “what’s the ROI from our cybersecurity tools?” is one of the most difficult questions they face during a board meeting. While it should be a simple question, it’s not easy to answer. Often CISOs may deflect and use operational security metrics, such as mean time to patch ... Read More
