Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

NCircle Debuts MSSP

NCircle announced today the debut of its Managed Security Service Provider (MSSP) Program

SAN FRANCISCO -- NCircle, the leading provider of enterprise-class vulnerability and risk management solutions, announced today the debut of its Managed Security Service Provider (MSSP) Program. nCircle vulnerability and risk management solutions - employed by many of the world's largest corporations and government agencies - are now available for integration and delivery in a Managed Security Services solution. The program offers proven technology in a variety of flexible and adaptable configurations to address the demands of a wide range of market segments. NCircle solutions deliver continuous endpoint and network intelligence that serves as the foundation for a balanced security ecosystem as well as policy and regulatory compliance. With nCircle, Managed Security Service providers can enable their customers to:

  • Measure network security risk and compliance using objective metrics
  • Manage network security risk and compliance through dashboard reporting and integration with existing enterprise systems
  • Reduce network security risk and achieve compliance cost effectively by focusing IT resources where they are needed most

Simple vulnerability scanning provided by many MSSPs is no longer a viable competitive solution for customers tasked with measuring, managing and reducing all forms of network security risk. NCircle's advanced security risk management solutions arm MSSP partners with the tools to offer customers a comprehensive solution to risk management that includes all forms of risk --vulnerability, application, network topology, configuration, and policy risk.

NCircle has made significant technology investments to ensure its solutions provide the best possible support for MSSP partners. MSSP partners also benefit from nCircle's investment in the industry's largest and most productive Vulnerability and Exposure Research Team (VERT) -currently providing coverage for over 9,000 distinct operating systems, applications, and vulnerabilities; comprehensive integration flexibility through nCircle's service-oriented architecture and API; and continued innovations like the recently announced nCircle Focus, which breaks from the traditional reporting paradigm to offer security analysts instant and unparalleled insight into risks on their networks.

The nCircle MSSP Program has been designed to deliver maximum flexibility and consists of:

  • Embedded offerings including vulnerability assessment, full lifecycle risk management, and compliance management solutions
  • Value-added offerings such as PCI compliance scanning and network topology risk analysis
  • Onsite auditor tools for consultants performing security audits at the customer's site

Pricing is designed to include best practices such as continuous scanning and network discovery without added cost to providers seeking to offer the highest levels of service. NCircle MSSP partners may optionally participate in nCircle's nAble reseller program, enabling partners to sell nCircle solutions to customers that choose to have their systems deployed on-premise.

"The nCircle MSSP Program offers service providers the leading vulnerability and risk management solution used by many of the world's largest corporations and government agencies," said Abe Kleinfeld, CEO of nCircle. "The program is designed to offer MSSP partners maximum deployment and integration flexibility, true market differentiation and a full complement of options for delivering premium service offerings."

nCircle

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8818
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore...
CVE-2020-8819
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass ...
CVE-2020-9385
PUBLISHED: 2020-02-25
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
CVE-2020-9382
PUBLISHED: 2020-02-24
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's } parser function.
CVE-2020-1938
PUBLISHED: 2020-02-24
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that ...