Category: Threat Intelligence

Commvault  launched Metallic ThreatWise, an early warning system that proactively surfaces unknown and zero-day threats to minimize compromised data and business impact. According to Enterprise Strategy Group, only 12% of the IT directors polled expressed confidence in having the necessary tools and location-neutral security to equally secure data both on-premises and in the cloud. 

Jon Oltsik, Senior Principal Analyst and Fellow at Enterprise Strategy Group stated, “In surveying enterprise IT directors with direct knowledge and influence on their company’s data security strategies, the results we found were eye-opening. It is very clear that many IT teams do not have adequate tools in place to detect ransomware attacks on production environments early enough in the attack chain to neutralize stealthy cyber-attacks before they cause harm. Ransomware has revolved around encryption for a long time, but newer extortion techniques like exfiltration go beyond rapidly spreading malware, and data recovery alone cannot help if sensitive business data is leaked to the Dark Web.” 

ThreatWise from Commvault adds an early warning system that no other vendor in this market offers, further defining data security. It employs decoys to foresee threats in production environments, lure malicious actors into using fake resources and equip businesses with tools to protect data. In addition, Commvault is expanding the capabilities of its wider platform, which is already available, in terms of machine learning, critical threat detection, and security. 

Ranga Rajagopalan, Senior Vice President, Products, Commvault commented, “Data recovery is important, but alone it’s not enough. Just a few hours with an undetected bad actor in your systems can be catastrophic. By integrating ThreatWise into the Metallic SaaS portfolio, we provide customers with a proactive, early warning system that bolsters their zero-loss strategy by intercepting a threat before it impacts your business.” 

ThreatQuotient announced a new version of ThreatQ TDR Orchestrator, which is known to be the industry’s first solution for a simplified, data-driven approach to security operations. The expanded automation, analysis, and reporting capabilities of ThreatQ TDR Orchestrator speed up threat detection and response across several platforms. 

Leon Ward, Vice President of Product Management at ThreatQuotient stated that “Leveraging automation to do the heavy lifting and cut through the noise is vital to helping cybersecurity teams thrive under pressure. ThreatQuotient continues to innovate in a way that drives meaningful operational benefits to customers. Many process-based SOAR platforms are designed such that only security engineers and analysts have the skills necessary to use them directly; making these traditional platforms hard to implement and maintain which drives higher costs over time. This ThreatQ TDR Orchestrator release reinforces the need for no-code solutions that empower operators to adapt to dynamic threat landscapes faster and focus their energy on security operations workflows that provide critical business context.” 

ThreatQuotient’s most recent study, whose complete release is scheduled for later in 2022, reveals indications that security automation adoption is progressing as 98% of businesses increase their budgets in this area. The study also shows that firms are more confident in automation itself, with over 88% of businesses expressing some level of confidence in the results of automation, up from only 59% the year before. However, 98% of respondents claim that implementation issues plagued them. ThreatQuotient has prioritized the development of ThreatQ TDR Orchestrator to enable more effective operations that can be directly measured by time savings and FTEs gained, improved risk management, and easier-to-use security automation solutions that are less expensive than traditional automation tools and learn over time. 

The latest version of ThreatQ TDR Orchestrator provides the following benefits: 

1. Prioritize automation on the most important events/alerts 

2. Playbooks are easier to maintain  

3. Less training is required upfront  

Secureworks has announced that it will expand its alliances program into new solution areas. Threats are moving into crucial production environments and the service edge, so detection tools must advance as well. Through two new partners, Netskope and SCADAfence, Secureworks expands the scope of potential security vulnerabilities addressed by Secureworks Taegis XDR to include Secure Access Service Edge (SASE), Operational Technology (OT), and Industrial Control Systems (ICS). Better detection with a higher value is now more accessible to organizations than ever. 

Chris Bell of Secureworks commented, “We’re bringing together the best-of-breed detection and response capabilities across domains where we see the threat landscape most exposed to adversary attacks. As part of our mission to help secure human progress, we will continue to forge new alliances that can deliver technology innovation while incorporating new threat intelligence into the methods and intentions of the adversary.” 

Secureworks is focusing on Secureworks Taegis as a unifying XDR platform by announcing two new and rapidly expanding partnerships across new alliance domains. Taegis’ broad integration capabilities offer the best detection and quickest response times without vendor lock-in, and continuously expanding open technology makes it simple for customers to integrate with Taegis. 

As a pioneer in the Secure Access Service Edge (SASE) framework for converged networking and security, Netskope has developed a distinctive method for safeguarding data and people across devices and applications, inside and outside the conventional company network. Customers will be able to conduct all investigations and apply detectors using Secureworks Taegis thanks to the integration between Netskope and Secureworks, allowing for a more comprehensive view of threats and business risks and opening cyber environments to the edge. 

Secureworks extends Taegis XDR into the industrial environment in collaboration with SCADAfence, bringing OT intelligence into a unified view with all other security telemetries across the IT landscape. Security analysts now have more context about the threats they are looking into thanks to SCADAfence’s extension of market-leading insights, awareness, and asset discovery into a truly open XDR platform. 

Avast, a market leader in digital security and privacy, today introduces a new ransomware shield for companies, giving businesses an additional layer of defense against ransomware assaults. This will guarantee that organizations can secure their most vital documents and, most importantly, client data, with proactive protection that bars illegal access. As part of the Avast Essential, Premium, and Ultimate Business Security packages for businesses using Windows and MacOS, the new feature is now accessible and free of charge. 

Filip Hlinka, VP of Product, Avast Business, stated that “Small businesses are facing a growing threat from ransomware, with cybercriminals increasingly targeting smaller organizations to encrypt crucial business data and disrupt operations. The results can be devastating for small businesses that lack the financial and technical resources to rebound from such attacks. Avast’s antivirus has always offered consumers and business users powerful protection against cyber threats including ransomware, and Ransomware Shield offers a purpose-built, additional layer of protection which helps to secure businesses’ most crucial files against these highly damaging attacks.” 

While Web Shield, File Shield, and Behavior Shield, which are currently available to Avast clients, provide ransomware protection, Ransomware Shield complements these features to offer multi-layered security, guaranteeing businesses can continue to access their systems and data without interruption. For Ransomware Shield to function, files and folders must be protected from being changed, destroyed, or encrypted by unidentified apps. The most sensitive and vital information held by businesses is further protected by the ability of users to decide which programs have access to their files. Moreover, users have the option to modify the policy’s list of protected files and folders in the Avast Business Hub, where the new feature is immediately enabled by default. 

Read More : ActZero Announces the Release of Blueprint for Ransomware Defense

Anomali announced quarterly updates to its platform to strengthen its customers and partners in profiling adversaries. The update enhances Anomali’s threat intelligence and extended detection and response (XDR) capabilities with new features, allowing enterprise organizations to stay one step ahead of adversaries and avoid business disruptions while optimizing security expenses. 

Anomali has been working on incorporating attack flows into The Anomali Platform. This release pushes the platform closer to an Attack Flow Library for Anomali ThreatStream, which will serve as a gateway for new Attack Flows that sequence cyberattack techniques. This capability will add new context to adversary behavior and assist security teams in profiling the adversary. It will also allow them to better protect the organization prior to an attack, detect an attack in real-time, and respond post-attack. 

Mark Alba, Chief Product Officer at Anomali stated, “Anomali’s August release offers new capabilities and enhancements for security operations teams struggling to identify not only who’s targeting them, but how and why they are being targeted.” 

CISOs and security professionals can leverage this predictive visual mapping to align attacks with potential gaps in their security posture in order to get ahead of the threat. In the macroeconomic environment, customers are looking for capabilities that will increase the impact of their existing investments. The new extensible framework to the platform will enable the automation of routine tasks. The first implementation in this release is available to automate enrichments in the investigation’s workbench. A drag-and-drop process for configuring a multi-stage enrichment task can be easily set up and run as needed, saving analysts time performing repetitive tasks. 

• This platform release also includes support for MITRE ATT&CK Mobile & ICS: intelligence aggregation, contextualization, and analysis for Mobile and ICS attack surfaces to strengthen overall security posture.  
• MITRE ATT&CK Enterprise v11 in Anomali Lens Scheduled retrospective search Aids the SOC in automating the correlation of historical events with newly available intelligence in order to generate reports and learn about other adversary behavior, threat actors, and TTPs. This allows CISOs to detect real-time threats in their local IT environment. 

Jon Oltsik, Senior Principal Analyst and Fellow, ESG Research stated, “ESG research found that 97% of security professionals believe that MITRE ATT&CK is important to their organization’s security operations strategy. Anomali’s commitment to integrating the MITRE ATT&CK Framework into its solutions and participating in the MITRE Engenuity Center for Threat Informed Defense can help security teams adopt the framework and better understand cyber adversaries.”