Tag: Security Operation Center

Security Automation & Orchestration (SOAR)

Posted on by admin

What is SOAR?

SOAR (Security Orchestration, Automation, and Response) is a set of software solutions and tools that allow businesses to automate security operations in three major areas: threat and vulnerability management, information security, and cybersecurity automation.

Security automation, to put it another way, is the automated management of security operations-related duties. It is the process of carrying out these duties without the need for human interaction, such as scanning for vulnerabilities or looking for logs. A way of connecting security tools and combining diverse security systems is known as security orchestration. It is the interconnected layer that automates security operations and streamlines security activities.

Why is SOAR important?

Your security staff is most likely drowning in a sea of notifications, many of which are false positives or repetitions of earlier alarms. Each week, the average security team receives upwards of 175,000 notifications. There are very genuine hazards hidden among all that noise, many of which go completely unnoticed if security experts manually handle each one.

That’s where SOAR comes in, freeing up your security team to focus on more essential tasks by automating many of the repetitive, monotonous tasks.

SOAR enables you to:

  • Make security, IT operations, and threat intelligence tools work seamlessly. To reach a more thorough degree of data collecting and analysis, you can integrate all of your different security solutions – even ones from different suppliers. Security teams can no longer juggle many consoles and tools.
  • See everything on one site. Your security team has access to a single console that contains all of the data it requires to investigate and resolve incidents. Security teams can obtain all of the information they require in one location.
  • Quick response to incidents. SOARs have been shown to decrease the meantime to detect (MTTD) and the meantime to respond (MTTR). A substantial percentage of events may be dealt with instantly and automatically because many actions are automated.
  • Prevent time-consuming activities. SOAR helps security analysts save time by reducing false positives, repetitive jobs, and manual processes.
  • Gain access to more information. SOAR solutions combine and evaluate data from threat intelligence platforms, firewalls, intrusion detection systems, SIEMs, and other technologies, providing additional insight and context to your security team. This makes resolving concerns and improving processes much easy. When problems develop, analysts are better able to undertake deeper and broader investigations.
  • Improve communication and reporting. Stakeholders can get all the information they need, including clear analytics that helps them find ways to enhance workflows and minimize reaction times because all security operations activities are pooled in one location and displayed in intuitive dashboards.
  • Boost capacity to make decisions. SOAR platforms seek to be user-friendly, even for less experienced security analysts, because they may include features such as pre-built playbooks, drag-and-drop functions for creating playbooks from scratch, and automated alert prioritizing. A SOAR tool can also collect data and provide insights that make it easier for analysts to review issues and perform the appropriate remediation activities.

What are some examples of SOAR applications?

Before you start talking to vendors regarding SOAR platforms, consider how your company will use the solution. Use cases should highlight your biggest problems and show how technology can help you solve them. The typical use cases vary greatly depending on your industry. Here are some ideas to get you thinking about how you could implement SOAR in your own company.

  1. Automated incident response to combat cyberattacks: SOAR platforms can automatically detect and investigate the sources of these types of attacks. They may, for example, detect and evaluate a suspected phishing email, search for copies elsewhere on the network, quarantine or destroy them, and block IP addresses and URLs to prevent these dangerous emails from reaching other people’s inboxes.
  2. Threat hunting: Security teams typically spend hours each day responding with a flood of alerts, leaving little time for threat hunting, investigation, and long-term planning. Many previously known malicious risks are promptly addressed thanks to automation, giving security professionals more time to work on projects that improve overall network security.
  3. Improving overall vulnerability management: A SOAR solution can help your security team prioritize and manage the risk posed by newly found vulnerabilities in your environment. As a result, they may be proactive, obtaining more information on weak points and properly researching them, while also putting measures in place to prevent breaches or other threats.

The Bottom Line

SOAR optimizes security operations

SOAR allows you to shift from a reactive to a proactive strategy by relieving your team of false positives, recurrent alerts, and low-risk cautions. Rather than putting out fires, security analysts may put their skills and considerable training to greater use, thereby boosting the overall security posture of your company. It’s feasible to accomplish more in less time with efficient security orchestration, automation, and response (SOAR) solutions while still allowing for human decision-making when it’s most important.

Artera Partners With Deepwatch to Secure Its Infrastructure

Posted on by admin

Deepwatch declared Artera Services has chosen Deepwatch’s MDR solution to secure its operations.

Artera is a leading provider of comprehensive vital and critical infrastructure services in the United States, providing maintenance and construction to energy utilities, infrastructure businesses, municipalities, and cooperatives.

Artera began investigating MDR providers in 2021 to reduce the risk of business and consumer disruption. Artera chose Deepwatch for its MDR service, which includes 24/7/365 monitoring with a named squad of experts and integrations with security tools such as Splunk Enterprise and leading endpoint detection and response (EDR), vulnerability management, and firewall solutions, after evaluating several MSSP and MDR providers with the help of their trusted VAR partner, Defy Security.

Director of cyber security at Artera Services, Sean Fuller said, “The transfer of assets, data, and resources is complex, and requires expert-level integration to ensure business continuity and reliability are continuous for our utility customers. It’s very important that I’m able to determine when we are under attack. And that’s where the partnership with Deepwatch comes in. When something does happen, we are in a good position to respond to it, minimize the impact to the company, and restore our security posture as quickly as possible.”

Artera turned to Deepwatch after looking for an MDR supplier that could integrate with their preferred SIEM, Splunk. Artera now has Splunk Enterprise integrated and tailored to provide only high-priority warnings to their tiny in-house team, thanks to Deepwatch’s MDR solution. Through the Deepwatch platform, Artera has complete visibility across the whole security environment, thanks to this integration and powerful endpoint detection and response.

CEO at Deepwatch, Charlie Thomas said, “The security requirements Artera Services has as a supplier for the critical infrastructure and energy sectors are complex. Our mission is to help customers like Artera stay ahead of threats and mitigate risks that could impact its business and their customers’ businesses, which provide energy and utility services to consumers across the United States. Our named squad of security experts gives Artera an extended security team that monitors systems around-the-clock to protect Artera’s service reliability.”

“Artera’s requirements for advanced managed detection and response, including the ability to use a best-in-class security technology stack, led us to recommend Deepwatch. The ability to push data into the Splunk SIEM that was stood up immediately and managed by Deepwatch is a game-changer for Artera, and gives their in-house team opportunities to work on other strategic security projects,” said Justin Domachowski, president and founder of Defy Security.

CoSoSys Endpoint Protector 5.5.0.0 Improves Enterprise Data Security

Posted on by admin

CoSoSys has released Endpoint Protector 5.5.0.0, introducing a host of new features, including Advanced Content Discovery.

Endpoint Protector 5.5.0.0 allows organizations to develop more targeted data protection policies, reduce misconceptions, and deal with the growing complexity of their mixed workplaces.

With Advanced Content Access Rules, regulators are able to formulate more powerful policies. In Endpoint Protector 5.5.0.0, it is possible to define complex content scanning conditions. This includes combining multiple terms (such as PII, dictionary words, and common expressions) using logical characters (AND / OR), as well as the ability to apply rules for finding content for specific file types only (such as text files, Excel files, and more.).

Endpoint Protector 5.5.0.0 also introduced a new integration with Okta SSO to direct and automate the process of managing user accounts, information, and rights in third-party systems.

Roman Foeckl, CEO and Founder of CoSoSys, said, “The latest version of Endpoint Protector comes with advanced capabilities to help our customers strengthen and simplify data security. With new features and integration, we want to empower businesses to stay afloat before safety risks and help them stay productive and focused on their work.”

SilverSky Acquired Cygilant, Expanding its UK Presence and Adding Renowned Data Research Talent

Posted on by admin

SilverSky, a cybersecurity service provider that offers professional managed detection and response (MDR) services, announced that it has completed the acquisition process of Cygilant, based in Burlington, Massachusetts.

ITOCHU International, Inc., the North American flagship company of Tokyo-based ITOCHU Corporation, made a strategic investment of $31.5 million in SilverSky in October 2021, according to SilverSky. In August 2021, SilverSky announced the completion of its acquisition process of New Jersey-based Advanced Computer Solutions Group, LLC (ACSG), which provided the firm a major client base in the US education sector and was the first in a series of planned acquisitions.

Cygilant, a major cybersecurity-as-a-service company, has a security operation centre (SOC) in Belfast, Northern Ireland, and employs some of the world’s top Ph.D.-level cybersecurity, advanced networks, and data science expertise. The acquisition of Cygilant’s UK-based delivery centre expands SilverSky’s access to European marketplaces while complementing the company’s current footprint in Asia and North America.

“Alongside our recent growth-related announcements, this acquisition of Cygilant, a cybersecurity-as-a-service and threat-intelligence powerhouse, helps to further galvanize our efforts to globally expand the SilverSky presence as well as retain and nurture some of the industry’s best cybersecurity and data science talent. Cygilant shares our commitment to rich-service offerings that are unmatched in the industry. We’re pleased to welcome the Cygilant team and their customers,” said Richard Dobrow, CEO at SilverSky.

“We are excited to join SilverSky. This represents a significant next-chapter of the Cygilant journey, as our innovative SOC capabilities and deep bench of cybersecurity expertise are combined with one of the industry’s most comprehensive MDR offerings. The outcome for our customers will be access to the collective set of broader managed services that will continue to enrich their cyber protections and strengthen their security posture,” said Rob Scott, CEO and President at Cygilant who will be joining SilverSky as its Chief Strategy Officer.

Immuta Announced the SaaS for Modern Data Stacks

Posted on by admin

Immuta SaaS allows data teams to automate data access control throughout their cloud data systems while avoiding maintenance and infrastructure expenses.

Immuta, the leading company in universal cloud data access control, announced  the availability of Immuta software as a service (SaaS) deployment. Immuta SaaS, which recently obtained SOC 2 Type 2 Certification, allows data teams to automate data access control while removing the need for self-management and deployment maintenance.

Immuta’s SaaS deployment is a managed cloud service designed to boost data security by allowing data teams to register data from one or more cloud data systems and be fully functional within minutes, ensuring clients a 99.9 percent SLA uptime for core functions.

Immuta’s SaaS deployment is currently available in North America and EMEA for Snowflake, Azure Synapse, Amazon Redshift, Databricks, Starburst, and Google BigQuery and Trino, with Google BigQuery and Trino coming soon. It includes Immuta’s full suite of capabilities, including:

  • Universal data cloud compatibility
  • Scalable, attribute-based access controls
  • Dynamic policy enforcement and auditing

Data masking, anonymization, and advanced privacy-enhancing technologies (PETs)

“We’re seeing huge demand from global customers who are migrating data analytics to the cloud and looking for a fully hosted data access control platform that enables them to establish controls for sensitive data to meet their regulatory and internal security requirements. Immuta’s SaaS deployment offers customers the opportunity to experience the power of fine-grained data access control and unlock the full potential of their data safely and securely with zero maintenance or infrastructure costs,” said Matt Carroll, CEO, Immuta.

PumpJack Dataworks is also one of Immuta’s early SaaS customers. They manage fan data for the NBA’s Dallas Mavericks and MLS’s Inter Miami CF.

“Our Customer Data Platform is tuned specifically for the sports industry to help teams, leagues, and federations unify and manage all of their fan data across their entire ecosystem. Our customers demand strict requirements across governance, user access controls, anonymization, and audit capabilities, ensuring that a layer of trust and protection is extended across their global fan communities. In this dynamic privacy environment, Immuta’s SaaS deployment enables us to provide the highest standards of protection for fan data,” said Tom Tercek, co-founder and chief strategy officer, Pumpjack Dataworks.

Billie, a fast-growing fintech organization based in Berlin that is reinventing how small-and-medium-sized businesses (SMBs) handle invoices, adopted Immuta’s SaaS deployment to rapidly automate data access control and data protection. According to Igor Chtivelband, Billie’s co-founder and VP of data and CRM, “If we didn’t have Immuta, then Billie’s expansion as a business wouldn’t be possible. I’m not sure how we could do it without Immuta.”

With Immuta’s SaaS deployment, users can start experiencing the power of dynamic, fine-grained access control faster than ever. A recent GigaOm report found that Immuta’s attribute-based access controls require 75x fewer policy changes and offer significant cost savings compared to competitive solutions. Immuta was also the first data access control solution to be included on Snowflake Partner Connect.

Billie, a Berlin-based fast-growing fintech company that is trying to reinvent how small and medium-sized businesses (SMBs) manage invoices, chose Immuta’s SaaS deployment to quickly automate data access control and data protection. “If we didn’t have Immuta, Billie’s expansion as a business wouldn’t be possible, I’m not sure how we’d manage without Immuta,” says Igor Chtivelband, Billie’s co-founder and VP of data and CRM.

With Immuta’s SaaS deployment, users can experience the intense power of dynamic, fine-grained access control faster than ever before.  Particularly in comparison to competing solutions, Immuta’s attribute-based access controls require 75 times fewer policy changes and provide significant cost savings, according to a recent GigaOm report. Snowflake Partner Connect featured Immuta as the first data access control solution.

Customers can begin with a free trial and quickly convert to a production deployment, making it simpler to handle complex use cases and enjoy maintenance-free deployment. Immuta’s fully containerized self-managed deployment option allows customers to control their own cloud system if they are unable to use Immuta SaaS.

Microland And Securonix Formed Partneship To Deliver State-Of-The-Art Managed SOC Solutions

Posted on by admin

Microland, a worldwide leading firm in digital transformation services, announced a strategic partnership with Securonix, a provider of Next-Gen SIEM platforms to enhance its managed Security Operations Center offering. The collaboration would enable businesses to gain from advanced artificial intelligence-based solutions to detect and eliminate threats in a world where data theft is on the rise and data protection is becoming increasingly difficult due to a highly complex security landscape.

“Microland advocates a Cyber Resiliency First approach to defend enterprise critical assets and a strategic partnership with Securonix, a Gartner Magic Quadrant leader, is a significant milestone. It reiterates our commitment to providing a Modern Managed SOC with behavior analytics, powered by the elastic Securonix cloud, with ADR – true open XDR Architecture,” said Robert Wysocki, SVP & Global Client Solutions Leader, Cybersecurity, Microland.

Microland provides a 24 x 7 SOC-as-a-Service solution that tracks and records the organization’s expanding digital footprint, contextualises the value of data assets, inspects the IT estate for cyber threats, and protects it by taking real-time necessary actions. Microland would enhance its cyber security services by adding functionality to trace advanced threats and provide artificial intelligence-based security incident response, leveraging Securonix capabilities in UEBA, online monitoring, and log management.

“We are thrilled to be working with Microland to help customers thwart the advanced attacks that modern organizations experience daily. Our modern, proactive approach to enterprise defense, coupled with Microland’s global presence, is sure to deliver unmatched value to organizations looking for a managed SOC offering. The early traction we have experienced together has been incredible, and we look forward to building on that momentum throughout the balance of the year and beyond,” said David Wagner, Vice President, Global MSSPs & Systems Integrators, Securonix

Blackcloak Launches New Deception Technology To Detect Cyberattacks On Executives And High-Profile Individuals

Posted on by admin

BlackCloak, Inc., the Concierge Cybersecurity & Privacy Protection Platform for Leaders and High-Profile People, introduced exclusive deception technology to detect attackers’ blatant tactics to compromise a member’s privacy, home networks, or personal devices.

BlackCloak’s deception technique, often known as a honeypot, deceives attackers into engaging with a service by replicating a real-world home network. The prospective data that is within cybercriminals’ reach will lure them. When an attack is identified, BlackCloak’s deception technology notifies the firm’s Security Operations Center (SOC), which can investigate and act before any damage is caused.

“Our members are increasingly exposed to sophisticated cyberattacks. Hackers are diversifying their preferred attack vectors beyond corporations and supply chain partners to include executives, high-net-worth individuals and high-profile individuals, many of whom have easily exploitable vulnerabilities in their personal digital lives. Advanced deception technology increases our ability to proactively detect, mitigate, and respond to threats before they manifest. It is the perfect complement to BlackCloak’s other concierge cybersecurity and privacy services,” said Dr. Chris Pierson, BlackCloak Founder & CEO.

BlackCloak’s deception engine, which has been operational with existing clients since earlier this year, has already detected malicious activities in  home environments. The first cybersecurity and privacy firm to bring enterprise-grade honeypot technology to clients is the leader in digital executive protection.

“BlackCloak’s design and implementation of deception technology into the personal lives of corporate executives further strengthens their concierge platform. The ability to know an adversary might be lurking inside the footprint of their digital home independent of other common controls is game changing,” said Bob Ackerman, Co-Founder of DataTribe.

BlackCloak is a digital executive protection leader with an aim to secure digital life. In order to accomplish this, the company is developing a comprehensive, SaaS-based cybersecurity and privacy platform with a concierge experience. BlackCloak helps real people protect their personal and corporate reputations, finances, and information by employing technology to secure their homes, gadgets, and internet presence. BlackCloak focuses on high-profile people who have limited time and a lot to lose. BlackCloak ensures that everything they do is seamless and discreet.

Opsview Introduces Two New Products – Opsview Log Analytics and Network Topology

Posted on by admin

Opsview, a firm that delivers a broader view into dynamic IT operations, has released two new products: Opsview Log Analytics and Network Topology.

Opsview Log Analytics connects with Opsview Monitor and Opsview Cloud to assist IT Operations teams in identifying the root causes of warnings and predicting security problems before they cause business disruption. These critical log events are directly correlated with metrics in Opsview’s IT infrastructure monitoring solution, resulting in a single pane of glass view with detailed insights that show employees why issues come up.

“Opsview Log Analytics automates the manual processes of log management. Combined with Opsview Monitor and Opsview Cloud, it provides a faster time to resolution for IT Operations teams. With SIEM functionality, Opsview Log Analytics correlates events and identifies security incidents such as brute force attacks or DDoS,” said Mike Walton, CEO of Opsview.

With the inclusion of Network Topology to the Opsview Network Analyzer module, IT Operations teams can collaborate with their networking teams to create a unified view of an organization’s IT estate. Network Topology automates network discovery, lowers the security risk of unidentified hosts in the environment, and detects network misconfigurations.

“With Opsview’s Network Topology providing overlays with real-time status information, this will provide valuable time savings to IT teams as well as reducing potential security risks. The risk of the unknown is drastically reduced with Network Topology,” said Scott Heyhoe, VP Products at Opsview.

Stellar Cyber’s Open XDR strengthens security operations for Barracuda users

Posted on by admin

Stellar Cyber has announced the integration of its security platform with Barracuda CloudGen Firewall, Barracuda Total Email Protection, and Barracuda Web Application Firewall, offering managed security service provider (MSSP) clients and prospects with improved visibility, cyber threat hunting, automated incident correlation, and remediation.

“Our customers know that Barracuda delivers best-of-class email, network, and web application security solutions. When it comes to defending against today’s sophisticated cyber threats like ransomware and data breaches, they are looking for full visibility and automation,” said Fleming Shi, CTO at Barracuda Networks.

“We already offer Barracuda SKOUT Managed XDR optimized for our MSP customers. This new integration with Stellar Cyber gives our enterprise customers a holistic view of their infrastructure and the capabilities to coordinate incident response to attacks in real time.”

The Stellar Cyber platform integrates the XDR Kill Chain and AI-driven correlation of detection techniques and warnings into automatically generated incidents on an incredibly simple dashboard with visibility all over the attack surface, so analysts know precisely what to look into and how to look into it.

Furthermore, the inbuilt multi-tenant functionalities of Stellar Cyber find things simpler for Barracuda’s MSSP partners to offer SOC-as-a-service to its end-user customers.

“The Stellar Cyber Open XDR platform brings additional value to existing Barracuda product investments by ingesting their logs, enriching the captured data, analyzing that data for threats, and then automatically remediating attacks through the firewall as well as other systems,” said Zeus Kerravala, principal analyst at ZK Research. “It’s great to see this level of integration to protect customers.”

“By integrating our Open XDR AI-powered cybersecurity platform with Barracuda’s popular solutions, we deliver a new level of visibility and SOC capabilities, such as correlated threat analysis, threat hunting, and automated remediation, to Barracuda customers,” said Paul Jespersen, Senior Vice President of Global Business Development at Stellar Cyber.

“Our purpose-built platform collects and ingests data from all existing security tools and presents a single dashboard that clearly identifies and prioritizes security threats, all the way from individual alerts to sophisticated incidents or attack stories, in a way that maximizes efficiency in SOC operations.”

Barracuda is focusing on strengthening its integrations with Open XDR systems such as Stellar Cyber. Clients of Barracuda will be able to more effectively block ransomware and stay ahead of attackers that use credential theft and account takeover in email security to stop further penetration.

IT Ally and Ascend Technologies launched SMB Fortify™ to offer small and mid-sized businesses a solution for managing cybersecurity threat

Posted on by admin

IT Ally, cybersecurity advisory company serving small and medium-sized businesses (SMBs) called has released SMB Fortify™, an end-to-end cybersecurity solution that combines Ascend Technologies’ security and network operational excellence with strategic cyber advisory, governance, risk, and compliance expertise.

Program management, network and security operations capabilities are all included in SMB Fortify™. The integration of IT Ally’s strategic advice and Ascend’s operational excellence results in a unique and geared solution to secure against business-impacting cyber incidents.

“As SMBs have emerged as the new targets for ransomware and government sponsored hacking, we are seeing many of our clients shift their position on risk tolerance in the cybersecurity arena. Clients are also seeing increased demands from their customers to implement more robust cybersecurity protection. SMBs have typically under-invested in this area and having appropriate cybersecurity protection is beginning to surface as a competitive differentiator and strategy to preserve the valuation of their business. The SMB Fortify solution provides the resources, expertise, tools and techniques specifically designed for SMBs to become more resilient and cyber ready,” said Michael Fillios, Founder & CEO, IT Ally.                                                        – 

“The SMB Fortify™  solution represents a perfect union of the capabilities of our two companies. With staggering statistics such as 60% of companies going out of business within 6 months of experiencing a security breach and, 74% of companies not getting their data back after paying a ransom, we consider cybersecurity to be the primary threat to the success of any company in the SMB space,” said Wayne Kiphart, CEO, Ascend Technologies.