Latest news with #CyberProof
Yahoo
3 days ago
- Business
- Yahoo
CyberProof Unveils New Threat-Led Capabilities at Black Hat USA 2025
Solutions redefine managed security services with a threat-informed defense for measurable security outcomes LAS VEGAS, Aug. 6, 2025 /PRNewswire/ -- CyberProof, a UST company and leading provider of managed security services, today announced major enhancements to its Exposure & Defense Management capabilities and the introduction of cybersecurity Estate Management. These new Threat-Led defense capabilities allow organizations to proactively reduce exposure, improve detection for faster response, and demonstrate business value through measurable security outcomes in a unified platform. The introduction of cybersecurity Estate Management as a core capability gives organizations the ability to streamline the discovery of all assets across hybrid environments and ensure they are properly managed from a security perspective. This provides a solid foundation for Exposure and Defense Management, with CyberProof services offering enhanced prioritization based on targeted, real-time threat intelligence. CyberProof's Threat-Led defense offering now enables organizations to integrate asset discovery, classification, and prioritization capabilities with threat modeling, exposure management, and detection engineering. This record of continued innovation differentiates CyberProof as the only security partner offering co-managed, transparent operations that bring together disparate security tools into cohesive, risk-aligned ecosystem. The update builds on the momentum gained through the acquisition of Interpres Security and underscores CyberProof's commitment to delivering transparent, outcome-driven cybersecurity services for enterprise and mid-market clients. "Our IT landscape is inherently complex and rapidly evolving and our teams need a comprehensive arsenal of security products. CyberProof (powered by Interpres) provides the critical orchestration layer, bringing together outputs from all our security tools to ensure they operate in harmony, eliminating costly blind spots, and ensuring everything is working as intended," said Neil Binnie, Head of Information Security and Compliance, Morgan Sindall Group. CISOs remain under immense pressure to justify security investments and demonstrate that investments reduce the risk of a successful security breach. While security teams face challenges measuring the value of their security portfolio and associated work to reduce exposure and build defensive capabilities on a continuous basis. CyberProof's Threat-Led defense empowers CISOs to continuously measure operational maturity, align spending with threat-risk exposure, and guide future investment decisions based on real-world threats. "As cyber threats accelerate and become increasingly verticalized and sophisticated, traditional, siloed security approaches are too slow to adapt. Our threat-led defense framework helps customers quickly prioritize and adapt their defense posture and reduce their exposure based on the threat actors targeting them," said Tony Velleca, Chief Executive Officer, CyberProof. To learn more about CyberProof Threat-Led Defense capabilities visit: To see CyberProof in action, in Las Vegas, during the Black Hat USA 2025 Conference visit: About CyberProof CyberProof delivers threat-led, co-managed security operations with the belief that better security is achieved through the right partnerships, technology and client experiences. Our threat-led, cloud-first, and AI-powered approach to security, delivers industry-leading security services which drives real and measurable business outcomes. We believe that working closely with our clients and partners through a better security, together model, jointly empowers us to defend against the greatest of threats. To learn more visit About UST Since 1999, UST has worked side by side with the world's best companies to make a powerful impact through transformation. Powered by technology, inspired by people, and led by our purpose, we partner with our clients from design to operation. Our digital solutions, proprietary platforms, engineering, R&D, products, and innovation ecosystem turn core challenges into impactful, disruptive solutions. With deep industry knowledge and a future-ready mindset, we infuse expertise, innovation, and agility into our clients' organizations—delivering measurable value and positive lasting change for them, their customers, and communities around the world. Together, with 30,000+ employees in 30+ countries, we build for boundless impact—touching billions of lives in the process. Visit us at Logo: Media Contacts, UST: Tinu Cherian Abraham +1 (949) 415-9857 Merrick Laravea +1 (949) 416-6212 Neha Misri +44-7341787926 Roshni Das K +91 7736795557 Media Contacts, U.S.: S&C PR +1-646.941.9139 media@ Makovsky ust@ Media Contacts, India: ust@ Media Contacts, U.K.: FTI Consulting UST@ View original content: SOURCE UST Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
5 days ago
- Business
- Forbes
Three Pillars Of Proactive Security: A Threat-Led Approach To Defense
Tony is CEO at CyberProof and is a CISO at UST. CyberProof, a UST company, is an advanced managed detection and response provider. It's undeniably becoming harder to stay ahead of the expanding wave of cybersecurity threats. We are witnessing an unprecedented surge in sophisticated, often "branded," cybercriminal enterprises, meticulously targeting everything from critical manufacturing plants to vulnerable hospital networks with devastating ransomware and social engineering attacks. The financial toll is staggering, with the FBI estimating global victim costs totaling over $16 billion in 2024 alone. Large, complex organizations with siloed teams, running applications and systems both on-premises and in the cloud, add another layer of difficulty. Managing an inventory of assets and applications, the risk they impose and security policies and controls, is often a difficult task for under-resourced teams. A Strategic Shift: Starting With Clarity, Guided By Threat Intelligence A more effective approach necessitates a strategic shift from reactive firefighting to informed, threat-led defense. Threat-led defense focuses on providing clarity: understanding what an organization owns in terms of assets and the risk those assets impose, what exposure and priority are relevant to the organization and addressing what matters most—optimizing the defenses and controls where needed. It's a three-phase strategy designed to align asset visibility and risk, threat exposure and detection and response tools in a continuous integrated lifecycle. The overall objective is to transform Governance, Risk and Compliance (GRC) to optimize better outcomes in security investment and security posture. This strategic shift is fundamentally driven by the MITRE threat-informed defense (TID) concept. It involves collecting and analyzing data about the threat landscape, identifying the most likely and dangerous threats for that organization and using that information to guide the selection and implementation of detection playbooks and security controls. This strategic approach can be viewed as a system built on three interconnected pillars, transitioning from a strategy focused on visibility to one of informed action. Pillar 1: Estate Management—Understand Your Technology Environment The first step is to ensure that your asset estate is well-managed. Where IT teams are responsible for onboarding and managing IT assets, security teams should look for policy violations or discrepancies. Security teams have a tremendous amount of telemetry from vulnerability scanners, cloud posture management solutions, cloud inventory and other security solutions. Unfortunately, few organizations utilize this information to enhance the quality of their asset data. One example is the identification of unmanaged or suspicious assets. The riskiest asset is the one you don't know about, the one that isn't managed by your vulnerability scanner or EDR is not installed. A well-managed cyber estate is one where unmanaged assets are discovered quickly and brought under control, but that's not all. It should also ensure that asset configurations meet policy requirements, assets are tagged accurately and grouped with risk categories and finally, there is a clear, accountable owner. This continuous understanding of the complete estate is critical for the future of security operations, particularly with the rise of agentic AI. While AI agents for threat hunting or security analysis are emerging, to make them truly effective, these models must have context in terms of the IT environment. This data itself is extremely sensitive as it could provide a clear path for potential attackers if compromised. A well-managed estate, on the other hand, is the essential foundation for this data-driven, AI-enabled future. Pillar 2: Exposure Management—Prioritize Exposures That Matter Once you have a clear picture of your estate and your assets are managed by your security solutions, the next step is understanding your threat exposure. This involves identifying where your environment is exposed to threats. This pillar involves analyzing your exposures from various sources, including vulnerability scanners, cloud posture management solutions, application security solutions, endpoint detection and response solutions and more. It requires correlation of all this information and prioritizing it relative to your organization's top threat actors. Exposure management is the process of deriving insights from your asset inventory and vulnerability data, and contextualizing them with threat intelligence to identify where the real, exploitable risks lie. It prioritizes these exposures based on their business risk, considering whether they are likely to be manipulated by relevant threat actors. Pillar 3: Defense Management—Detect And Respond The final pillar is defense management, which includes the ability of your security operations to detect and respond to threats. This phase utilizes technologies such as SIEMs and EDRs to establish a cohesive detection and response framework. It's also where emerging capabilities, such as agentic AI for threat hunting, can be deployed effectively, as they have access to the necessary environment and threat actor data. It prioritizes the development of detection and response, or in use case management, playbooks to guide threat teams in analyzing security event data, identifying incidents of compromise (IoC), triaging and then mitigating incidents. An optimized defense management model is informed and by insights from targeted threat actors and the tactics and techniques used. It is about proactively creating detection mechanisms that address the entire attack path used by a threat actor versus individual alerts or detections. Effective defense management means taking the prioritized list of threat actors, understanding their attack patterns and using the more advanced orchestration and automation capabilities of a modern security operation, like alert grouping by time, to provide more sophisticated and accurate detection and faster response. A Framework For Continuous Risk Reduction Combining these three pillars creates a powerful framework: • Asset Estate Management: Knowing if your environment is well-managed • Exposure Management: Prioritizing exposures that matter most to you • Defense Management: Prioritizing detection and response for optimal remediation This integrated approach, supported by a platform that connects these areas, enables organizations to gain a unified view of risk and a quantitative approach to prioritizing the right investments needed to manage that risk. It also helps security teams achieve better security outcomes by providing clarity on what matters. As a result, security is transformed from a reactive, siloed struggle into a proactive, intelligent and continuously improving function focused on reducing risks that truly impact the business. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Forbes
18-07-2025
- Business
- Forbes
Continuous Threat Exposure Management Is Only As Strong As Your Team
Security leaders confront more than just technical threats—the real challenge is untangling ... More organizational chaos, breaking down silos and building trust in the data that drives every decision. Cybersecurity leaders love to talk about frameworks. The last few years, you couldn't escape Continuous Threat Exposure Management—at conferences, board meetings, or in industry think pieces (some of them by me). But here's the thing: as useful as frameworks are, most companies are still struggling with a mess beneath the surface. The Mess We Don't Want to Talk About Let's get honest. Digital transformation is a boardroom buzzword, but down in the trenches, most organizations are flying blind. Ask a CISO for a list of all critical assets, who owns them and what the real business risk is if something goes wrong. Nine times out of ten, you'll get a PowerPoint, a spreadsheet and a shrug. That's not a technology problem. It's an organizational one. Tony Velleca, CEO of CyberProof told me recently, 'The world's moving to agents… you can't pick up a paper without reading about AI agents.' Yet for all the talk about new technology, most of us are tripping over old problems: duplicate asset lists, unclear system ownership and a parade of well-meaning teams working in silos. Silos Are the Real Attack Surface Here's what doesn't get said enough: silos can be just as dangerous as any technical vulnerability. When security, IT, dev teams and business owners each have their own view of reality, the gaps widen. CTEM is supposed to unify visibility and action, but if your teams aren't aligned—if no one's talking, or everyone's blaming—the alerts keep coming, and nothing actually changes. Organizations don't need more dashboards. They need a reality check: Are we even seeing the same picture? Does anyone own these assets? Are we agreeing on what matters most? The Hidden Cost of Asset Confusion It's easy to talk about risk in the abstract. But in real terms, asset confusion means wasted time, wasted budget and—when the worst happens—a scramble that leaves business leaders fuming. Unmanaged devices, forgotten cloud services and overlapping toolsets become weak links. Security teams get blamed for incidents they couldn't have seen coming, and the cycle repeats. CTEM frameworks can help, but only if organizations first get brutally honest about what's broken. Organizational Inertia: The Hardest Threat to Fight If there's a silent killer in security programs, it's inertia. Velleca put it bluntly: 'If you ask anybody whether they trust the data in their CMDB, I think universally you will get an answer of, 'Nope.'' Years of acquisitions, shadow IT, turnover and shifting priorities leave most companies with a patchwork map of their environment. The first step toward 'continuous' anything is admitting the baseline is out of date. The real value of CTEM isn't just in automation or analytics. It's in forcing teams to work together, to question assumptions and to rebuild trust in the data that underpins every security decision. A Wake-Up Call for Security Leaders The organizations that get CTEM right won't be the ones with the fanciest tools. They'll be the ones who break down the walls between IT, security and business, and who accept that frameworks are only as strong as the culture supporting them. Velleca summed it up: 'It's not about bringing a list of problems. It's about solving them—focusing on outcomes and what actually impacts the business.' That's the uncomfortable but necessary next step. The Path Forward Velleca explained that the real challenge is not piling up more tools but cutting through noise and confusion—making sure security efforts actually solve business problems, not just surface new ones. Stop obsessing over the latest security product and start asking the questions that make people squirm: Who owns this? Does our inventory match reality? Are we actually working together, or just in parallel? Resilience isn't about the frameworks you adopt. It's about facing your organization's mess head-on—and having the humility to fix it.
