Commvault launched Metallic ThreatWise

Commvault  launched Metallic ThreatWise, an early warning system that proactively surfaces unknown and zero-day threats to minimize compromised data and business impact. According to Enterprise Strategy Group, only 12% of the IT directors polled expressed confidence in having the necessary tools and location-neutral security to equally secure data both on-premises and in the cloud. 

Jon Oltsik, Senior Principal Analyst and Fellow at Enterprise Strategy Group stated, “In surveying enterprise IT directors with direct knowledge and influence on their company’s data security strategies, the results we found were eye-opening. It is very clear that many IT teams do not have adequate tools in place to detect ransomware attacks on production environments early enough in the attack chain to neutralize stealthy cyber-attacks before they cause harm. Ransomware has revolved around encryption for a long time, but newer extortion techniques like exfiltration go beyond rapidly spreading malware, and data recovery alone cannot help if sensitive business data is leaked to the Dark Web.” 

ThreatWise from Commvault adds an early warning system that no other vendor in this market offers, further defining data security. It employs decoys to foresee threats in production environments, lure malicious actors into using fake resources and equip businesses with tools to protect data. In addition, Commvault is expanding the capabilities of its wider platform, which is already available, in terms of machine learning, critical threat detection, and security. 

Ranga Rajagopalan, Senior Vice President, Products, Commvault commented, “Data recovery is important, but alone it’s not enough. Just a few hours with an undetected bad actor in your systems can be catastrophic. By integrating ThreatWise into the Metallic SaaS portfolio, we provide customers with a proactive, early warning system that bolsters their zero-loss strategy by intercepting a threat before it impacts your business.” 

ThreatQuotient introduces New ThreatQ TDR Orchestrator Features!

ThreatQuotient announced a new version of ThreatQ TDR Orchestrator, which is known to be the industry’s first solution for a simplified, data-driven approach to security operations. The expanded automation, analysis, and reporting capabilities of ThreatQ TDR Orchestrator speed up threat detection and response across several platforms. 

Leon Ward, Vice President of Product Management at ThreatQuotient stated that “Leveraging automation to do the heavy lifting and cut through the noise is vital to helping cybersecurity teams thrive under pressure. ThreatQuotient continues to innovate in a way that drives meaningful operational benefits to customers. Many process-based SOAR platforms are designed such that only security engineers and analysts have the skills necessary to use them directly; making these traditional platforms hard to implement and maintain which drives higher costs over time. This ThreatQ TDR Orchestrator release reinforces the need for no-code solutions that empower operators to adapt to dynamic threat landscapes faster and focus their energy on security operations workflows that provide critical business context.” 

ThreatQuotient’s most recent study, whose complete release is scheduled for later in 2022, reveals indications that security automation adoption is progressing as 98% of businesses increase their budgets in this area. The study also shows that firms are more confident in automation itself, with over 88% of businesses expressing some level of confidence in the results of automation, up from only 59% the year before. However, 98% of respondents claim that implementation issues plagued them. ThreatQuotient has prioritized the development of ThreatQ TDR Orchestrator to enable more effective operations that can be directly measured by time savings and FTEs gained, improved risk management, and easier-to-use security automation solutions that are less expensive than traditional automation tools and learn over time. 

The latest version of ThreatQ TDR Orchestrator provides the following benefits: 

  1. Prioritize automation on the most important events/alerts 
  1. Playbooks are easier to maintain  
  1. Less training is required upfront  

Secureworks partners with Netskope and SCADAfence

Secureworks has announced that it will expand its alliances program into new solution areas. Threats are moving into crucial production environments and the service edge, so detection tools must advance as well. Through two new partners, Netskope and SCADAfence, Secureworks expands the scope of potential security vulnerabilities addressed by Secureworks Taegis XDR to include Secure Access Service Edge (SASE), Operational Technology (OT), and Industrial Control Systems (ICS). Better detection with a higher value is now more accessible to organizations than ever. 

Chris Bell of Secureworks commented, “We’re bringing together the best-of-breed detection and response capabilities across domains where we see the threat landscape most exposed to adversary attacks. As part of our mission to help secure human progress, we will continue to forge new alliances that can deliver technology innovation while incorporating new threat intelligence into the methods and intentions of the adversary.” 

Secureworks is focusing on Secureworks Taegis as a unifying XDR platform by announcing two new and rapidly expanding partnerships across new alliance domains. Taegis’ broad integration capabilities offer the best detection and quickest response times without vendor lock-in, and continuously expanding open technology makes it simple for customers to integrate with Taegis. 

As a pioneer in the Secure Access Service Edge (SASE) framework for converged networking and security, Netskope has developed a distinctive method for safeguarding data and people across devices and applications, inside and outside the conventional company network. Customers will be able to conduct all investigations and apply detectors using Secureworks Taegis thanks to the integration between Netskope and Secureworks, allowing for a more comprehensive view of threats and business risks and opening cyber environments to the edge. 

Secureworks extends Taegis XDR into the industrial environment in collaboration with SCADAfence, bringing OT intelligence into a unified view with all other security telemetries across the IT landscape. Security analysts now have more context about the threats they are looking into thanks to SCADAfence’s extension of market-leading insights, awareness, and asset discovery into a truly open XDR platform. 

Avast Introduces a New Ransomware Shield for Businesses!

Avast, a market leader in digital security and privacy, today introduces a new ransomware shield for companies, giving businesses an additional layer of defense against ransomware assaults. This will guarantee that organizations can secure their most vital documents and, most importantly, client data, with proactive protection that bars illegal access. As part of the Avast Essential, Premium, and Ultimate Business Security packages for businesses using Windows and MacOS, the new feature is now accessible and free of charge. 

Filip Hlinka, VP of Product, Avast Business, stated that “Small businesses are facing a growing threat from ransomware, with cybercriminals increasingly targeting smaller organizations to encrypt crucial business data and disrupt operations. The results can be devastating for small businesses that lack the financial and technical resources to rebound from such attacks. Avast’s antivirus has always offered consumers and business users powerful protection against cyber threats including ransomware, and Ransomware Shield offers a purpose-built, additional layer of protection which helps to secure businesses’ most crucial files against these highly damaging attacks.” 

While Web Shield, File Shield, and Behavior Shield, which are currently available to Avast clients, provide ransomware protection, Ransomware Shield complements these features to offer multi-layered security, guaranteeing businesses can continue to access their systems and data without interruption. For Ransomware Shield to function, files and folders must be protected from being changed, destroyed, or encrypted by unidentified apps. The most sensitive and vital information held by businesses is further protected by the ability of users to decide which programs have access to their files. Moreover, users have the option to modify the policy’s list of protected files and folders in the Avast Business Hub, where the new feature is immediately enabled by default. 

Read More : ActZero Announces the Release of Blueprint for Ransomware Defense

Anomali announced new updates to its Platform

Anomali announced quarterly updates to its platform to strengthen its customers and partners in profiling adversaries. The update enhances Anomali’s threat intelligence and extended detection and response (XDR) capabilities with new features, allowing enterprise organizations to stay one step ahead of adversaries and avoid business disruptions while optimizing security expenses. 

Anomali has been working on incorporating attack flows into The Anomali Platform. This release pushes the platform closer to an Attack Flow Library for Anomali ThreatStream, which will serve as a gateway for new Attack Flows that sequence cyberattack techniques. This capability will add new context to adversary behavior and assist security teams in profiling the adversary. It will also allow them to better protect the organization prior to an attack, detect an attack in real-time, and respond post-attack. 

Mark Alba, Chief Product Officer at Anomali stated, “Anomali’s August release offers new capabilities and enhancements for security operations teams struggling to identify not only who’s targeting them, but how and why they are being targeted.” 

CISOs and security professionals can leverage this predictive visual mapping to align attacks with potential gaps in their security posture in order to get ahead of the threat. In the macroeconomic environment, customers are looking for capabilities that will increase the impact of their existing investments. The new extensible framework to the platform will enable the automation of routine tasks. The first implementation in this release is available to automate enrichments in the investigation’s workbench. A drag-and-drop process for configuring a multi-stage enrichment task can be easily set up and run as needed, saving analysts time performing repetitive tasks. 

  • This platform release also includes support for MITRE ATT&CK Mobile & ICS: intelligence aggregation, contextualization, and analysis for Mobile and ICS attack surfaces to strengthen overall security posture.  
  • MITRE ATT&CK Enterprise v11 in Anomali Lens Scheduled retrospective search Aids the SOC in automating the correlation of historical events with newly available intelligence in order to generate reports and learn about other adversary behavior, threat actors, and TTPs. This allows CISOs to detect real-time threats in their local IT environment. 

Jon Oltsik, Senior Principal Analyst and Fellow, ESG Research stated, “ESG research found that 97% of security professionals believe that MITRE ATT&CK is important to their organization’s security operations strategy. Anomali’s commitment to integrating the MITRE ATT&CK Framework into its solutions and participating in the MITRE Engenuity Center for Threat Informed Defense can help security teams adopt the framework and better understand cyber adversaries.” 

McAfee Extends its Partnership with Visa to Protect its Clients from Threats

McAfee, a US-based software development company that offers all-in-one protection with personal info removal, identity monitoring, VP, antivirus, ad more services has expanded its partnership Visa, a global leader in digital payments that allows Visa partners in the UK to provide online protection solutions to cardholders of Visa Business.

Pedro Gutierrez, SVP Global Consumer Sales & Operations at McAfee, commented, “With increasingly complicated global issues such as the ongoing impacts of the COVID-19 pandemic and difficulties stemming from the global supply chain, small businesses are increasingly reliant on their digital infrastructure, and it’s never been more important to ensure the proper protections have been implemented. We are proud to partner with Visa to offer solutions to their Visa Business cardholders and look forward to helping these organizations stay secure so they can focus on what matters most to their business.”

According to the Verizon Business 2021 Data Breach Investigations Report, small businesses will make up more than half of the data breaches in 2021, making them a prime target for hackers in a world that is becoming more and more digital. Small business owners are frequently unable to fully protect themselves and their clients from the rise in online threats due to a lack of financial and human resources. The increase in attacks highlights the necessity for small businesses to take precautions to protect their digital assets from the most recent dangers impacting businesses today.

According to the size and requirements of each business, the McAfee security solution will offer protection for a different number of PCs, Macs, iOS, and Android devices.

Helen Jones, Head of Visa Business Solutions, Visa, Europe, stated, “With more of us embracing digital commerce, businesses of all sizes deserve access to simple, secure and robust systems. Visa is focused on investing in its network, harnessing the most cutting-edge innovations to protect people and businesses from emerging threats. And with this offer, Visa Business cardholders can access McAfee Total Protection for additional peace of mind.”

LogRhythm Enhances Threat Detection Capabilities!

LogRhythm announced the release of it’s SIEM Platform version 7.9 and updates to the NDR and UEBA.

Kish Dill, chief product and customer officer at LogRhythm said, “LogRhythm arms security teams with intelligent analytics and automated responses to reduce cybersecurity exposure, eliminate blind spots, and quickly shut down attacks. The company is changing the way we work by becoming customer-centric throughout our whole organization. We are listening to our customers and promise to deliver quarterly innovations that address the challenges our customers face every day. We recognize that security teams don’t have time to spare on long processes and inefficient workflows. With these latest updates, security teams will have the tools they need to make operations more effective and efficient to defend their organization against today’s top threats.”

The new features in LogRhythm 7.9, LogRhythm NDR (previously Mistnet NDR), and LogRhythm UEBA (previously CloudAI) help security teams overcome common challenges by enhancing workflows, accelerating threat response, and streamlining procedures.

These features include:

Admin API-enhanced automation: LogRhythm 7.9 enhances the Admin API library by adding system monitoring management endpoints. This allows SIEM administrators to manage the SysMon agent via the Admin API, allowing for automated process batching.

Embedded Expertise: LogRhythm’s out-of-the-box SmartResponseTM reduces customer time to value. LogRhythm 7.9 adds and improves SmartResponses to its already robust library of over 120 integrations.

Enable packet capture in UI: Enable packet capture in the UI so that users of LogRhythm NDR can download PCAP files for incidents and cases to gather more information, aiding investigations and enhancing threat hunting.

Easier and faster event log filtering: Filtering event logs have been made simpler and quicker thanks to a new feature in LogRhythm 7.9. Now that users can pick which kinds of Windows event logs the agent searches, processing logs happens faster, and the collection pipeline isn’t put under as much stress.

Expanded threat detection capabilities:

Improved LogRhythm NDR detection models: With it’s NDR’s improved analytics capabilities, users can detect a broader range of ransomware attacks.

Advanced analytics models: The company’s UEBA provides advanced UEBA analytics as a cloud-native, easy-to-deploy add-on for the 7.9 users. To ensure that modern complex attacks can be stopped and anomalies needing urgent attention can be found, models have been enhanced and new models added, further reducing alert fatigue and speeding up response times.

Policy violation alerts Policy violation notifications: To provide more context for what might be a risk, LogRhythm NDR provides alerts about expired certificates, weak cyphers used in connections, and authentication activity occurring in clear text.

Extended flexibility

Controlled overages with powerful license metering reporting: The company introduced a new reporting feature to make licensing overages more visible and understandable by showing any overages in the previous 30 days. This feature will help teams manage licence usage and cost more effectively.

Endpoint integrations have been expanded: It’s EDR integrations now include Cisco Secure Endpoint (formerly AMP for Endpoints).

Read More: LookingGlass Suite For Cyber & Threat Intelligence

RangeForce Added Updates for Better Security Team Readiness

RangeForce revealed the addition of new capabilities to its team threat exercises platform, making it easier for organizations to accelerate the skill development of their security teams through multi-user detection and response exercises of simulated attacks.

RangeForce’s team threat exercises enable security teams to protect the security stack by configuring it, selecting an attack scenario, executing the threat exercise, reviewing post-exercise results, and developing a targeted training plan.

Ben Langrill, Senior Director of Product Engineering for RangeForce stated, “RangeForce threat exercises are based on years of running hundreds of live cyber events and deliver the most realistic experience for teams using headline-making attack scenarios and the same security tools they use every day. They provide participants the opportunity to acquire hands-on skills, so they build the muscle memory to meet threat actors head-on.”

The cyber environment used in RangeForce exercises goes beyond the conventional tabletop exercise, necessitating those participants to use well-known security tools like Splunk and Fortigate to find threats and take appropriate action. Events follow the NIST cybersecurity framework and include a combination of threat intelligence, threat hunting, digital forensics, and system hardening skills to mitigate threats based on current malware trends.

The new capabilities include a larger content catalog with dozens of scenarios covering advanced persistent threat (APT) behaviors like credential harvesting, exploitation of misconfigured AWS S3 buckets, ransomware, data exfiltration, and more. It also provides robust post-action reports for teams along with feedback on technical strengths and weaknesses; time to detect, respond, and mitigate; the number of hints required; and soft skill analysis. It provides support for developing custom post-exercise training plans based on team performance to address skill gaps and enable a continuous approach to cyber readiness development.

Read more articles:

Importance of Threat Intelligence in 2022!!

CyberCube and Kroll Launched CAERS

CyberCube launched Cyber Aggregation Event Response Service (CAERS) a new cyber incident response service for clients of its SaaS products. Kroll will provide information and guidance to CyberCube’s clients on major cyber aggregation events and frontline threat intelligence derived from thousands of incident response cases handled each year.

CyberCube is a cloud-based platform, which is known for its data access and advanced multi-disciplinary analytics, assists insurance organizations in making better decisions when placing insurance, underwriting cyber risk, and managing cyber risk aggregation.

Following a major cyber event, the CAERS team will provide the most up-to-date information to CyberCube’s clients, while CyberCube’s SaaS products, such as Broker Manager, Account Manager, and Portfolio Manager, will aid in the response to any looming cyber disaster.

Darren Thomson, Head of Cyber Intelligence Services at CyberCube commented, “With cyber events becoming increasingly common, the speed and accuracy with which organizations respond to them is critical. That’s why we’ve launched this response service, specifically tailored to CyberCube’s growing client base. The pressure on our clients during a major cyberattack can be extreme. With CAERS, our team—comprising data scientists, actuaries, engineers, economists, and cyber security experts—will become an extension of our clients’ teams, providing the updates they need and sharing both our expertise and data.”

CyberCube’s products include Portfolio Manager, Broking Manager, and Account Manager, which are designed for insurance intermediaries and risk carriers and are used by industry leaders across the insurance ecosystem.

Benedetto Demonte, Chief Operating Officer for Kroll’s Cyber Risk practice stated, “We’re pleased to be contributing to CAERS because effective incident response depends on the most current and relevant threat intelligence available. In our most recent Threat Landscape Report, we saw a 356% growth in the number of attacks quarter-on-quarter where the infection vector was a zero-day or freshly announced software exploit. Ransomware groups have also been found to be leveraging newly announced vulnerabilities just days after release. It is only with access to frontline intelligence that firms can prioritize resources, mitigate the risk of a cyberattack and react appropriately if the worst happens.”

Read more articles:

Benefits of Cloud Security in 2022!!

Importance of Threat Intelligence in 2022!!

To protect your assets and ensure the integrity, availability, and confidentiality of your business in the digital world, it’s critical to acquire information about possible and ongoing cyber-attacks. Cyber-attacks can not only harm your company’s reputation, but espionage can also cost you millions of dollars in the event of a cyber-attack. As a result, it’s critical to gather threat intelligence and plan for an assault ahead of time before a threat turns into an incident.

Threat intelligence, according to InfosecurityOutlook experts, is the collection, processing, analysis, and dissemination of current and predictive security data that enables security teams, developers, and automated tools to make intelligent decisions about their infrastructure, data, and users’ security.

Threat intelligence is important because it gathers raw data on emerging or existing threat actors and threats from a range of sources. This data is then analyzed and filtered to create threat intelligence feeds and management reports that automated security control solutions can use.

Benefits of Threat Intelligence

Threat intelligence aids in the prevention of cyber-attacks as well as the recovery of damages in the event of an incidence. Threat intelligence provides the following real benefits for improving your organization’s security posture.

Network Infrastructure Security

Once a threat actor has gained access to your network, they can crawl through it utilizing lateral movement and syphon out sensitive or financial information. You may secure your network’s infrastructure and prevent threat actors from progressing if they have already entered your environment by scanning for certain IoCs and blocking them in your environment.

Assessing Security Posture

Threat intelligence aids in the assessment of your infrastructure’s security posture. It provides details on how to exploit vulnerabilities detected in various software, tools, and apps. Threat intelligence allows you to keep track of new vulnerabilities that are found or exploited, as well as which important assets are in danger. In this manner, as soon as the suppliers correct any vulnerabilities or defects in them, you may apply timely patches or updates to your essential assets.

Use of Threat Intelligence in Compromise Assessment

Threat intelligence can also be used to assess your surroundings in order to determine if it has been compromised. If you suspect that some of your assets have been compromised, you can request a compromise assessment to ensure that your assets are recovered as quickly as possible. The evaluation will investigate the presence of a threat actor in your environment using global threat feeds.

Sharing of Threat Intelligence Data

Threat intelligence data sharing aids several organizations in hardening their defenses at the same time. If a known threat actor plans espionage, organizations with access to the campaign’s indicators of compromise can block the indicators and gain immunity to the attack ahead of time.

Data Loss Minimization

As Threat Intelligence aids in the blocking of known malicious domains and IPs associated with global threat actors, the blockage stops known threat actors from infiltrating your environment using the same malicious IPs and domains. As a result, such attackers will be unable to install information-stealing malware or ransomware in your environment, enhancing the protection of your data.

Users may reduce cyber hazards in advance by focusing on the most relevant cyber threats to your company. Your cyber security posture will stay reactive without threat intelligence, waiting for an incident, theft, or breach to work against you. Threat intelligence substitutes this reactive approach with a proactive one, allowing you to prevent cyber-attacks before they happen. Organizations can use threat intelligence to discover infrastructure flaws that could be used in future cyber-attacks and rectify those flaws to eliminate entry points for threat actors.


Therefore, threat intelligence allows you to see your security posture and warns you about prospective risks. Organizations can make targeted investments of resources and assets to boost cyber security in the appropriate direction with this improved understanding and proactivity. It not only helps to deflect incoming threats, but it also helps to reduce your environment’s weaknesses.