Tag: Cyber defense

Field Effect and RosettiStarr Collaborated for Cybersecurity

Posted on by admin

Field Effect has announced a strategic alliance with RosettiStarr, a global intelligence, investigations, and security services firm. This collaboration will provide best-in-class cyber security services to RosettiStarr’s customers worldwide, providing advanced protection against cyber threats.

RosettiStarr will leverage Field Effect’s managed detection and response solution (MDR), Covalence. Covalence is the only such tool built from the ground up to provide small and medium-sized businesses with comprehensive, sophisticated protection from a single platform. Its distinct strength is that it sees into every aspect of a company’s threat surface and aggregates data from multiple security events into simple, actionable steps, allowing quick and easy threat prevention and resolution.

Kip Edwards, Managing Director, and General Counsel of RosettiStarr commented, “Cyber security risks are embedded in everything we do online, and it is imperative that businesses enhance their security postures to meet the dynamic threat cyber criminals pose to critical systems and sensitive data. By combining Field Effect’s deep technical proficiency with RosettiStarr’s expertise in investigations, intelligence, and security, we can now deliver full-spectrum incident response services to businesses and law firms managing breaches along with a best-in-class security solution enabling our clients to monitor their threat surface and prevent attacks in the first place.”

RosettiStarr collaborated with Field Effect to create a first-of-its-kind instance of this powerful application, designed to assist institutional investors in implementing a cyber security standard across their portfolio investments while also providing real-time situational awareness of the threat surfaces of their holdings.

RosettiStarr will also collaborate with Field Effect to assist clients in responding to cyber incidents around the world, and it is now offering a comprehensive pre-transactional cyber maturity assessment for prospective clients’ investments. Field Effect and RosettiStarr’s collaboration reflects their ongoing commitment to strengthening the cyber resilience of people and organizations around the world.

Shri Kalyanasundaram, Chief Growth Officer at Field Effect, commented “We built Covalence to ensure organizations of all sizes have access to powerful cyber security protection. By joining forces with RosettiStarr, which is known for its world-class intelligence and security solutions, we’ve created a comprehensive suite of security services that will help protect their customers at the time they need it most.”

Flosum Trust Center by Flosum for Secured Salesforce Environments

Posted on by admin

Flosum Trust Center by Flosum is an integrated security solution that monitors, alerts, and scans for potential threats in a Salesforce environment. It enables businesses to follow SecOps and DevSecOps best practices while focusing on securing Salesforce environments from cybersecurity threats and data breaches. Flosum is an Enterprise Continuous Integration Delivery and Release Management Solution for Salesforce.

According to a report, by 2022, ninety percent of software development projects will claim to use DevSecOps practices, up from forty percent in 2019.

Girish Jashnani, CEO of Flosum commented, “Taking ownership of security within a third-party platform helps to manage risk, which is why we like to say that customers have a shared sense of responsibility for ensuring the security and trust of their Salesforce environment. Flosum’s new security automation solution assists customers in staying secure without requiring advanced security teams for implementation.”

Flosum Trust Center adds an adaptive security framework, existing customers can easily incorporate Trust Center into their solution, and new customers can implement Trust Center with or without Flosum’s Release Management platform. The Trust Center enables close collaboration between corporate security and Salesforce teams.

Flosum Trust Center will provide a full Security Event and Information Management (SEIM) solution that will enhance data masking, code security, and detailed audit trails to reduce audit costs, complementing existing Salesforce Privacy Center, Trust, and Shield solutions.

Flosum Trust Center features and benefits for Salesforce customers include Org monitoring, a consolidated view of all org settings, and best practices enforcement. Templates for security, users can create templates and apply them to multiple organizations. Salesforce teams will save time while collaborating with InfoSec to ensure that hardening rules are followed. Users can create security policies within these templates, and those policies will always be enforced.

Remediation allows clients to address changes or issues raised by their templates. These can be completed by moving the item to a solution branch. Security violations in DevOps allow the use of templates to indicate violations to the developer as they work, saving the company from any potential conflicts or issues. Audit trails, allow users to track all changes in detail, allowing them to prioritize their designated risk levels and keep the audit record for any length of time.  Data masking provides sample data to sandbox environments to ensure realistic tests without jeopardizing confidential data. Masking can be used on both data at rest and data in transit between organizations.

Read more articles:

API Security Should Be Your Priority in 2022

thatDot Launched Novelty Detector for Cybersecurity

Posted on by admin

thatDot launched Novelty Detector, a real-time graph AI for cybersecurity anomaly detection on categorical data based on Quine, their open-source streaming graph. thatDot transforms high-volume data into high-value data by allowing data engineers to build data pipelines much faster and with profound new capabilities. Novelty Detector’s patent-pending technique scores streaming data in real-time using categorical data to detect malicious behavior much earlier in the kill chain, with fewer false positives and lower analyst effort.

Ryan Wright, CEO of thatDot commented, “Current analytical tools are built for numeric data, leaving aside all the valuable context contained and behavioral signals in categorical data that is key to distinguishing between unique and anomalous events, and if new events are normal. Categorical data at scale is the future of anomaly detection in cybersecurity. Using Novelty Detector, organizations gain real-time novelty scores, assessments, and explanations through behavioral fingerprinting, without the frustration and fatigue of overwhelming volumes of false positives.”

Anomaly detection traditionally ignores categorical data, relying instead on numerical data and statistical analysis, which fails in the face of high data dimensionality, resulting in massive volumes of false positives and alert fatigue for SOC analysts. Malicious activity goes undetected or is discovered too late in the kill chain to avoid exposure and damage.

Only thatDot’s Novelty Detector, built on Quine.io open-source streaming graph technology, taps into vast amounts of previously unused categorical data to model the behaviors of systems, devices, applications, and users accurately and efficiently, all without requiring expensive data labeling or analyst effort.

Novelty Detector provides real-time novelty scoring on streaming data as it is ingested. When combined with previous data context and the power of graph data models, Novelty Detector significantly reduces false positives while easily scaling to millions of events per second.

Gery Szlobodnyik, CEO of TraceRiser stated, “Novelty Detector is a remarkable combination of a powerful graph AI software tool for anomaly detection that is easy to operate. We feed data into the system, and it tells us when it has seen enough to start delivering value. I wish all machine learning systems were that simple.”

Read more articles:

Laird Connectivity Launched Summit Suite for Device Protection

Microchip Launched Arm Cortex-M23 Microcontroller

Fortinet Launched FortiNDR to Help Identify Cyberattacks

Posted on by admin

Fortinet FortiNDR is a new network detection and response offering that uses artificial intelligence and pragmatic analytics to enable faster incident detection and threat response. Advanced, persistent cybercrime is more vicious and volatile than ever before, with an attack surface that continues to grow with hybrid IT architectures and ongoing staff shortages due to the cybersecurity skills gap.

Legacy security solutions also face a daunting and time-consuming manual alert triage process that diverts valuable resources away from higher-priority tasks like threat mitigation. As cybercriminals improve their abilities, so should an organization’s security tool.

John Maddison, EVP of Products and CMO at Fortinet commented, “With the introduction of FortiNDR, we’re adding robust network detection and response to the Fortinet Security Fabric. Powered by purpose-built machine learning, deep learning, pragmatic analytics, and advanced AI capabilities, FortiNDR automatically detects and responds to abnormal network activity to thwart security incidents. Fortinet’s full suite of detection and response offerings feature native integration for a coordinated response to empower security teams to move from a reactive to a proactive security posture.”

FortiNDR also includes native integrations with the Fortinet Security Fabric as well as API integrations with third-party solutions for a coordinated response to discovered threats to reduce their impact. Quarantining devices generating anomalous traffic, enforcing with third-party devices via an API framework, initiating an orchestrated process guided by SOAR, and other common automation to speed response.

Robust Portfolio of Detection and Response Solutions from Fortinet’s existing detection and response portfolio includes managed detection and response (MDR), endpoint detection and response (EDR), and extended detection and response (XDR) solutions.

John Grady, Senior Analyst, Cybersecurity at ESG stated, “As enterprises struggle to coordinate threat detection and response across individual point products, the ability for them to leverage a complete set of integrated SOC capabilities as part of a cybersecurity platform promises significant improvement in the effectiveness and efficiency of discovering and mitigating threats. Fortinet’s portfolio of detection and response products such as FortiNDR, FortiEDR, FortiXDR, and more, which are all integrated as part of a platform, should be considered for any organization looking to improve their security operations function.”

Read more articles:

cyber threat intelligence!

C2A Security and Stefanini to Bring Cybersecurity Solutions

Posted on by admin

C2A Security and Stefanini Group have announced a partnership to provide a comprehensive cybersecurity solution to the automotive industry. The partnership brings together Stefanini’s advanced Security Operations Center (SOC) services and C2A Security’s vehicle lifecycle cybersecurity solution, making the connection between product security and security monitoring.

Stefanini’s SOC services deliver expert resources and specialized tools to the automotive industry to aid in investigations, root cause analysis, complex threat hunting, and threat eradication. Stefanini’s SOC solutions and C2A Security’s AutoSec, when combined, enable an advanced SOC playbook, and provide teams with complete visibility and control over vehicle automotive cybersecurity from concept to post-production.

Farlei Kothe, CEO of Stefanini EMEA stated, “Stefanini has a well-established history of collaborating with partners to create exceptionally innovative solutions that transform businesses. We’re proud that our work with C2A builds on this track record to provide a truly comprehensive cybersecurity offering for the automotive sector.”

C2A Security AutoSec Platform is an automotive Cyber Security Management System (CSMS) that provides OEMs and their suppliers with full-spectrum control, visibility, and protection of cybersecurity status for all vehicle programs. The AutoSec platform offers product security tools such as Threat Analysis and Risk Assessment (TARA), network security and intrusion detection systems (IDS), and binary level run time protection.

Roy Fridman, CEO of C2A Security commented, “Our partnership provides an all-in-one package for OEMs and suppliers looking for advanced cybersecurity solutions that offer full lifecycle visibility, combining C2A’s security platform with Stefanini’s SOC solution. As the industry moves forward to adapt to the new requirements of the ISO/SAE 21434 standard and UNECE WP.29 regulation it is more crucial than ever for the automotive industry to have a solution in place that will keep them in compliance and protect their vehicles from potential cyber-attacks.”

Alex Bertea, Chief Cybersecurity Strategist, Stefanini EMEA said, “Tier-1s and OEMs are catching up to meet the new standard requirements that have been recently passed. Our collaboration with C2A Security will give them the complete cybersecurity package they need to ensure compliance both in and outside the vehicle.”

Read more articles:

Cyber Threat Intelligence!

Threat Intelligence – Everything!

Trend Micro Introduces a New Security Platform

Posted on by admin

Trend Micro One provides critical risk assessment functionality, and yet the ecosystem partners enhance this to make it the most comprehensive platform in the industry. Customers benefit from connected visibility, improved detection and response capabilities, and comprehensive protection across security layers and systems. Trend Micro introduced Trend Micro One as a unified cybersecurity platform with an ever-expanding ecosystem of technology partners that empowers customers to better understand, connect, and reduce their cyber risk.

Kevin Simzer, COO of Trend Micro, stated, “We are so proud that ecosystem partners and even some competitors value integrating into our platform. Collectively we help enterprises fight the bad guys known as cybercriminals. Alone we are strong, but together our industry is unstoppable in helping customers eliminate security gaps anywhere, identify internal and external enterprise assets, and take critical steps to mitigate them.”

Organizations are fighting on all fronts to address the mounting cyber risks posed by their complex and expanding attack surface, with stretched teams and siloed security products. The unified security platform approach provides a continuous lifecycle of risk and threat assessment through attack surface discovery, cyber risk analysis, and threat mitigation and response. The Trend Micro One technology ecosystem’s initial partners include Bit Discovery, Google Cloud, Microsoft, Okta, Palo Alto Networks, ServiceNow, Slack, Qualys, Rapid7, Splunk, and Tenable.

Trend Micro One facilitates this approach by allowing customers to discover the attack surface by identifying, monitoring, and profiling cyber assets in the environments of the customers. Customers can analyse risk exposure, vulnerability status, security control configuration, and threat activity types.  Effectively reduce risk using Trend Micro’s threat and risk intelligence, ensure the right preventative controls are in place and take swift action to mitigate risk and remediate attacks across the enterprise.

Jeremiah Grossman, CEO of Bit Discovery stated, “We all know that digital transformation is table stakes for the post-pandemic enterprise. But this comes with additional risks: a bigger target for threat actors to aim at and more visibility and security coverage gaps for them to hide in. Trend Micro’s approach stands out from the crowd — notably with its blend of multiple sources of asset and risk visibility, including external attack surface visibility powered by Bit Discovery. Trend Micro’s platform helps customers quickly get a prioritized and comprehensive understanding of their attack surface.”

Read more article:

Insider Threat Management

EC-Council announces Cybersecurity Technician Certification!

HEAT Bypasses Traditional Security Defenses

Posted on by admin

Menlo Security has discovered an increase in cyber threats defined as Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses.

HEAT attacks are a type of cyberattack that uses strategies to evade detection by several layers in today’s security stacks, including firewalls, Secure Web Gateways, sandbox analysis, URL reputation, and phishing detection. HEAT threats are used to transfer malware or compromised credentials, leading to ransomware attacks in many circumstances.

The research team concluded that 69 % of malicious domains used HEAT methods to deliver malware after analyzing over 500,000 of them. By adapting to the intended environment, these attacks allow bad actors to transmit malicious content to the endpoint. HEAT attacks have increased by 224 % since July 2021.

CEO of Menlo Security, Amir Ben-Efraim said, “With the abrupt move to remote working in 2020, every organization had to pivot to work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware, and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them. Cyber threats are a mainstream problem and a boardroom issue that should be on everyone’s agenda. The threat landscape is constantly evolving, ransomware is more persistent than ever before, and HEAT attacks have rendered traditional security solutions ineffective.”

ESG Senior Analyst, John Grady said, “Highly Evasive Adaptive Threat (HEAT) attacks evade existing security defenses by understanding all the technology integrated into the existing security stack and building delivery mechanisms to evade detection. Organizations should focus on three key tenets to limit their susceptibility to these types of attacks: shifting from detection to a prevention mindset, stopping threats before they hit the endpoint, and incorporating advanced anti-phishing and isolation capabilities.”

DDoS Protection Preparation Guide

Posted on by admin

DDoS attacks can bombard an organization’s network with traffic taking down online services and applications resulting in the prevention of genuine users from accessing the firm’s services. They often lead to lost revenues, loss of customers and damage to the brand. Nevertheless, the fact of the matter is that there is a lot to be done. Even though an enterprise firm can’t predict when an attack will occur the steps can be taken to minimize the impact of an attack and set up a backup to recover fast.

List Vulnerable Assets

To protect assets from DDoS attacks first step for security teams is to find the most vulnerable and valuable assets. They need to start by listing all attackable assets. Example – Servers, Applications, IP addresses and Domains.

Mapping assets will help security teams to identify points of vulnerability and construct defensive strategies.

Estimate Potential Damages

Assess the value and importance of each asset to properly allocate protection money/resources. An important point that companies should consider is certain damages are direct, while others can be indirect.

Loss of clients – Client loss is one of the most serious possible repercussions of a successful DDoS attack.

Productivity loss – Firms that rely on online services like email, online storage or databases, the unavailability of these services will result in a productivity loss.

Direct revenue loss – If a company’s online service generates revenue effectively on a regular basis, any downtime will result in a direct revenue loss. 

Brand damage – Accessibility and the digital experience are more closely linked to a company’s brand. A cyberattack that results in a loss of online service will have an impact on a company’s brand and reputation.

Assigning Tasks

The responsibility of managing DDoS attacks should be distributed to respective people – 

1. CISO and security team should manage the overall DDoS attack coordinating with other teams.

2. Network administrators should communicate with the security team to mitigate DDoS attacks.

3. Teams handling specific applications or online services like cloud storage should coordinate with the security team to provide details and assistance if there’s a DDoS attack.

Deploy and Manage DDoS Solution

After assessing the most vulnerable assets and expenses security team should set up an attack detection strategy. This strategy should be designed in consideration with the DDoS solution deployed by the company. How DDoS solution is being deployed on the cloud or on-premises?

Routing entire traffic through a firewall reduces the need for a diversion. This form of security is perfect for a critical application that simply cannot afford any downtime.

The backup must be created. A separate backup of the most important or critical assets should be created. While creating backup it must be integrated and tested with restoring process and systems to make restoration seamless.

After deploying the DDoS solution, it should be scaled up with the growth of the organization as new customers, systems, users, and devices are added. Once the DDoS solution is set up, the mitigation strategies for various DDoS attack scenarios must be planned.

Update and maintenance schedule of the DDoS solution should be planned. The database of malicious traffic like IP addresses must be updated on regular basis by the vendor. The regular trials of various defensive strategies of DDoS must be conducted with the assistance of the vendor.

The key to a DDoS solution lies in filtering or shifting possibly dangerous traffic away from networks and application infrastructure.

Argon announces Integrity solution, the first software supply chain security solution in the industry that prevents supply chain attacks

Posted on by admin

Argon Security announced the introduction of its patent-pending IntegrityTM technology, which enables businesses to detect and prevent software supply chain cyberattacks such as the ones that hit SolarWinds and ClickStudios. Misconfigurations, vulnerabilities, and weak dependencies in the company’s CI/CD pipeline are also eliminated, reducing supply chain risks.

Argon IntegrityTM strengthens Argon’s position as a leader in software supply chain security for the modern paradigm of DevOps-led high-velocity software development and increased trust and confidence in businesses’ software releases.

Argon’s patent-pending solution monitors the development process and prevents source-code tampering or manipulation during the software development and release process. Together with the infrastructure hardening and process security, Argon is the only solution in the market that provides holistic, multi-layered prevention of supply chain threats.

“The SolarWinds’ breach highlighted the fact that the software supply chain is a new attack vector that organizations are not currently equipped to defend against. Our solution provides full visibility into the development environment and protects our customers from bad actors who seek to tamper with their code or native behavior and uptime of their applications,” said Eilon Elhadad, CEO, Argon.

“Defending against supply chain attacks is a difficult challenge. Argon is the first solution I’ve seen that can provide broad visibility and security across your software supply chain, detect and prevent risks from misconfigurations, vulnerabilities, and supply chain attacks. This is a quantum leap forward for the defending side,” said Stephen Davis, Chief Information Security Officer at Macmillan.

Cybercriminals are taking advantage of the high complexity and low security within new modern software development environments to exploit and cause massive damage, not only to the attacked corporation, but to their thousands of clients, in this new trend of software supply chain attacks that preyed on SolarWinds, Codecov, and thousands of other companies. Most firms that generate code have implemented continuous integration and delivery (CI/CD) techniques to automate their software development during the last few years, helping them to speed up product and feature releases while maintaining a competitive edge over their markets. As a result, they’ve become a target for supply chain attacks.

“Argon’s solution enables companies to secure their software supply chain against the risks of supply chain attacks effectively. Our unique and in-depth security technology allows us to cross-check and validate actions across the pipeline and prevent damage to the company’s infrastructure, code or application from supply chain attacks. Such consolidated multi-layer coverage is not available in the market today under a single solution,” said Eran Orzel, Argon’s chief revenue and customer officer.

Deloitte Acquires Sentek to Expand Systems Engineering and Cyber Offerings

Posted on by admin

Sentek Consulting, Inc. (Sentek Global), a systems engineering and cybersecurity firm that primarily serves the US Navy, announced that Deloitte has bought essentially all of its assets.

Mike Canning, US Government & Public Services Industry leader and principal, Deloitte Consulting LLP said, “The acquisition of Sentek Global’s business will expand Deloitte’s existing presence in San Diego, while also bolstering our current mission-focused systems engineering capabilities and cyber offerings to other military branches and federal agencies.”

“Deloitte is focused on delivering mission-relevant, complex and technology-enabled engineering, analytics and transformation solutions to our clients in the Department of Defense (DoD). The addition of Sentek Global’s capabilities expands our complement of skilled system engineering and cybersecurity professionals that will enhance DoD’s ability to accelerate its engineering and acquisition processes to ensure effective and reliable systems for our warfighters.  And, it enables us to welcome those Sentek Global professionals who are former members of the Armed Forces into our existing veteran workforce,” said Heather Reilly, Deloitte’s Defense, Security and Justice sector leader and principal, Deloitte Consulting LLP.

“As cyber threats to all organizations — particularly U.S. federal agencies — continue to proliferate and become more complex, we’re investing to help our clients prevent, detect and remediate those emerging threats.  The addition of Sentek Global’s capabilities allows us to do just that,” Mark Nace, Deloitte Risk & Financial Advisory’s Government & Public Services leader for the Cyber & Strategic Risk practice and  principal, Deloitte & Touche LLP.

Sentek Global provides program management and integrated logistics services to the Defense, Security and Justice sectors (USA) in addition to systems engineering and cybersecurity.

“Sentek Global and Deloitte share many common values, not the least of which is providing high quality services and solutions for the agencies that serve our country.  We are joining Deloitte to help our government clients solve complex systems engineering and cybersecurity challenges, while also accelerating the scaling of our services for defense, security and justice sector organizations,” said Eric Basu, CEO and founder, Sentek Global.