NIBS (credit image/Pixabay/ Ryan McGuire)Security announcements last week included the usual mix of research and product announcements. Research updates were published by F-Secure, IBM, LogPoint, Malwarebytes, Mimecast and Synopsys. There were product updates from Claroty, Malwarebytes, Osirium and Sophos. Other announcements came from Dragos, NTT Data, Okta and Veeam.

Claroty

Claroty has expanded its integration with CrowdStrike. The integration builds on that announced at CrowdStrike’s Fal.Con 2022 conference between Claroty Edge and the Crowdstrike Falcon Discover for IoT module. The native integration includes a common methodology to discover, categorize, and recognize assets and joint research to continually improve device recognition.

Once visibility is established, asset owners can deploy Claroty xDome, which seamlessly integrates with the CrowdStrike Falcon platform, to:

  • Reveal the risks and vulnerabilities of XIoT assets
  • Fully map device-to-device communications and simplify the deployment of network security controls
  • Prioritize which devices require the most urgent attention so that security experts can focus their risk reduction efforts on the most vulnerable systems.

Amol Kulkarni, chief product and engineering officer at CrowdStrike, commented, “While gaining visibility into industrial environments is the obvious first step, knowing what to do with that information is just as big of a challenge for security teams that are now charged with protecting them.

“Organizations need a unified security platform that can provide deep visibility into cross-domain data and an understanding of their attack surface in order to make informed, risk-based decisions and improve their security posture. The integration with the CrowdStrike Falcon platform and Claroty Edge empowers IT and security operations teams to receive actionable insights with the right data and bridge the gap between OT and IT environments.”

Dragos

Dragos has appointed Kurt Gaudette as Vice President of Global Threat Intelligence. Robert M Lee, Chief Executive Officer and Co-Founder of Dragos, Inc, commented, “Kurt is a renowned threat intelligence and access expert with unrivaled experience building and leading global enterprise teams.

“Kurt is, first and foremost a leader with vision and initiative. Couple that with his keen understanding of the threat landscape worldwide and you have an executive who will help drive innovative ways to stay ahead of sophisticated and quickly evolving industrial cybersecurity threats.”

It also published its monthly blog on best practices for operational technology (OT) cybersecurity for under-resourced organizations. This month it looks at how vendors should access and transfer files to the OT network when they come onsite.

F-Secure

F-Secure published a report based on a survey of 7,000 people that looks at security in 2023. It found that sending and receiving emails (45%) is the most popular online activity. Do people feel safe online? No. 75% of respondents worry about their safety online. The top three activities that make people feel unsafe are:

  • Using online dating apps (42%)
  • Gambling online (35%)
  • Creating social content (29%)

Despite this fear, 40% perceive passwords as the more important data stored on their phone. 58% see photos as more important, and 45% see contact details. 8% see their photos as priceless.

The report also looked at children’s Internet usage and found that around 70% of parents worry about the safety of their child’s social media activity.

The number of people who share their online credentials with others is of concern. 52% of people aged 18 to 24 compromise password security. Laura Kankaala, Threat Intelligence Lead, commented, “Anyone can fall victim to cyber crime, regardless of age or gender.

“Scams online take many forms—criminals can coerce victims to invest money in scam crypto opportunities, steal their banking credentials via malicious emails or phone calls, or even make them fall in love. Billions of euros are lost in scams worldwide, making cyber crime extremely profitable in the previous year as well as years to come.”

IBM

IBM released its annual X-Force Threat Intelligence Index. It found that ransomware’s share of incidents declined slightly (4%) from 2021 to 2022. Defenders were also more successful in detecting and preventing ransomware. However, the duration of ransomware attacks dropped from 2 months down to less than 4 days, showing the growing sophistication of attackers.

Charles Henderson, Head of IBM Security X-Force, commented, “The shift towards detection and response has allowed defenders to disrupt adversaries earlier in the attack chain – tempering ransomware’s progression in the short term.

“But it’s only a matter of time before today’s backdoor problem becomes tomorrow’s ransomware crisis. Attackers always find new ways to evade detection. Good defense is no longer enough. To break free from the never-ending rat race with attackers, businesses must drive a proactive, threat-driven security strategy.”

Key findings included:

  • The most common impact from cyberattacks in 2022 was extortion, primarily achieved through ransomware or business email compromise attacks.
  • Thread hijacking rose 100% in 2022, with attackers using compromised email accounts to reply to ongoing conversations posing as the original participant.
  • The proportion of known exploits relative to vulnerabilities declined 10 percentage points from 2018 to 2022.

Logpoint

Logpoint has researched the hacktivist group Gamaredon. It is, according to Ukrainian CERT, actively renewing attack efforts shifting focus from destruction to espionage and information stealing.

Doron Davidson, Logpoint VP Global Services, commented, “Gamaredon has carried out several cyberattacks against Ukraine since it originated in June 2013, a few months before Russia forcibly annexed the Crimean Peninsula. We’ve recently seen significant spikes in their activities and the group remains the most active, intrusive, and pervasive APT. We’re monitoring the situation closely to keep up with threat intelligence and defense techniques that can mitigate the risk of Gamaredon.

“It’s always crucial to detect an attack before it takes root in the systems. With Gamaredon and other APTs, it’s not enough to follow best practices. You need to have capabilities to efficiently detect threats based on known indicators of compromise, using active monitoring and incident response plans.”

Logpoint has established a new presence in Ottawa, Canada, to provide localized Account Management to customers and partners in Canada and South America. It has appointed Imad Aztout as Regional Sales Manager in the Canadian and South American markets.

Tim Wallen, Regional Director, UK, US & Emerging markets, commented, “We’re moving to the Canadian and South American markets due to a growing demand for our SIEM, SOAR, UEBA, and BCS technologies. While we have served Canadian customers and partners for years, South America is relatively new.

“Imad has the experience and skill to seize opportunities in both regions. Based locally in Canada, Imad can drive the security agenda more meaningfully with Logpoint customers and prospects. His language skills enable him to bring the same trusted security advisor approach to the South American market.”

Malwarebytes

Malwarebytes has added Malwarebytes Application Block to its Nebula and OneView endpoint protection platforms. The new threat prevention module helps resource-strained security teams quickly guard against unsafe third-party Windows applications, meet key compliance requirements and encourage productivity without adding management complexity.

Available immediately, the solution enables organisations to:

  • Stop the execution of vulnerable applications so that companies can test and apply updates or block the vulnerable application until a patch is available.
  • Restrict access to non-business-related applications, maximizing efficiency and saving resources.
  • Reduce the risk of failing to comply with data protection regulations such as GDPR, CIPA or HIPAA.

Mark Strassman,  Chief Product Officer, Malwarebytes, said, “Third-party applications are essential to productivity, but they also greatly expand organizations’ attack surfaces. Malwarebytes Application Block can be near-instantly deployed, helping resource-strapped organizations to effectively manage secure access to third-party apps and add another protective layer without added complexity.”

Malwarebytes also released its annual cybersecurity trend and threat intelligence report: 2023 State of Malware. The report shares key cybersecurity developments of 2022 and explains why organizations that protect against the five most dangerous cyber threat archetypes today will be better secured this year.

Mark Stockley, Cybersecurity Evangelist at Malwarebytes, said, “In today’s rapid fire threat landscape, under-resourced organizations often struggle with where to focus their time, attention, and resources. This report acts as a guide to those organizations by focusing their limited time on a small number of critical threats across Windows, Mac, and Android. If organizations can understand what it takes to prevent these threats, they are well placed to stop a huge number of other attacks as well.”

LockBit accounted for about one-third of all known ransomware-as-a-service (RaaS) attacks. The report also covers how SocGholish spreads and looks at the greatest threats to Android and Mac devices.

Mimecast

Mimecast published its seventh Annual “The State of Email Security” report. Key highlights from the report include:

  • Business leaders across the globe have become increasingly more aware of the danger cyberattacks pose and are demonstrating a greater willingness to confront the risk.
  • 90% of SOES participants agree that collaboration tools like Microsoft Teams or Slack are essential to their working function, but 75% believe they pose new threats and create new security loopholes.
  • Organizations are taking the necessary measures to prepare for impending attacks. 49% use artificial intelligence and machine learning to help under-resourced teams stay ahead of the curve. In comparison, 50% said they rely less on cyber insurance and invest more in cyber defences.

Nethone

The International Organisation has awarded Nethone ISO 27001 certification for Standardization. Nethone also received SOC2 Type 1 certification, the first step to full SOC2 compliance.

Mark Burton, Chief Technology Officer at Nethone, said, “Obtaining ISO27001 demonstrates Nethone’s commitment to best practices in information security and will give our customers increased confidence in our platform. Nethone is a well established and fast growing company and certification was the next logical step in our information security programme to validate our operational excellence and we will continue to build further during 2023.”

NTT Data

NTT DATA UK&I  announced a new partnership with Swimlane, the leader in low-code security automation, to help transform risk for businesses throughout the UK. Swimlane and NTT DATA will tackle this challenge with their new combined offering, delivering both a modern SOAR solution to businesses and advisory and assistance when it comes to implementing and maintaining the solution.

It will help businesses benefit from automation very quickly, and security teams will be able to improve return on investment (ROI), mean time to detect (MTTD), and mean time to respond (MTTR), as well as mature an organisation’s overall security posture.

Toby Van de Grift, VP of EMEA at Swimlane, commented: “We are pleased to be partnering with NTT DATA, who like ourselves are leaders in the security sector. Our platform complements NTT DATA’s knowledge and expertise in security, and together we will be able to work in synergy across multiple shared industry sectors.”

Mike Jones, VP Partners & Alliances at NTT DATA UK&I, added: “There’s hundreds of solutions in the market, but Swimlane stands out as a trusted low-code security provider. Combined with our extensive security expertise, the Swimlane Turbine platform will form a critical part of our holistic security offering at NTT DATA. We pride ourselves on delivering the best service to our clients, so it only makes sense to with the best partners and cutting-edge solutions in the market.”

Okta

Okta has named Deloitte the first systems integrator to become a diamond-tier partner. Bill Hustad, SVP of Partners and Alliances at Okta, said, “During our decade of work together – including our formal alliance beginning in 2016 — we’ve helped our shared clients to securely connect the right people to the right technologies at the right time.

“By achieving the Diamond Services Delivery Specialization, Deloitte is the first organization to earn our highest services delivery level for consistently delivering successful implementations for Okta customers.”

Osirium

Osirium Technologies plc has extended the capability of its privileged endpoint management (PEM) tool to support Microsoft Azure Active Directory. Osirium PEM v3 is the only native Azure solution that enables the safe removal of local admin rights from users’ workstations.

The solution supports both Azure AD and traditional on-premises AD. Organisations can now remove local admin rights whether they use on-premises Active Directory(AD), employ a hybrid model of AD and Azure AD, or are wholly resident on Azure AD for their endpoint management.

‍Stuart McGregor, Chief Executive Officer of Osirium, said: “The risk that end users who possess local admin rights will accidentally expose their organisation to a breach is ever-present – even if they’re trained to spot phishing attacks, for example.

“Demand is rising fast from existing and new customers to protect users’ workstations by removing local admin rights, and many need to support Azure AD access management as they move more of their IT estate to the cloud. This new release is a unique solution to addressing that specific requirement, with the traditional Osirium strengths of being easy to deploy and manage.”

Sophos

Sophos announced the expansion of its next-generation firewall portfolio with two new high-end, enterprise-grade XGS Series appliances. The new XGS 7500 and 8500 models provide unrivaled performance and protection for large enterprise and campus deployments, broadening market opportunities for the channel partners that serve them.

Daniel Cole, vice president of network security product management at Sophos, said, “Large enterprises are under incredible pressure to support tens of thousands of users, all while protecting against complex cyberthreats and demonstrating clear return on IT infrastructure investments amidst today’s challenging economic climate.

“Sophos is shaking up the competitive enterprise firewall landscape with these new high-performance appliances, providing best in class price per protected megabit per second (Mbps). Network performance, reliability and security are top of mind as customers grow and expand their infrastructure needs, and these platforms enable organizations to grow and scale without having to compromise on security, which is often the case in larger, more demanding environments.

“For our channel partners, we’re creating new opportunities to support distributed organizations needing everything from managing an office of one to the most complex environments protecting tens of thousands of distributed users.”

Synopsys

Synopsys released the eighth edition of the Open Source Security and Risk Analysis (OSSRA) report. The 2023 OSSRA report examines the results of more than 1,700 audits of commercial and proprietary codebases involved in merger and acquisition transactions and highlights trends in open source usage across 17 industries. It found that 84% contain at least one known open-source vulnerability, a nearly 4% increase from last year. Other key findings were:

  • Open source adoption source with Edtech up 163%. Aerospace, Aviation, Automotive, Transportation and Logistics sector up 97% and Manufacturing and Robotics up 74%.
  • High-risk vulnerabilities grew exponentially. The Retail and eCommerce sector jumped by 557%. The Internet of Things (IoT) sector, with 89% of the total code being open source, saw a 130% increase in high-risk vulnerabilities in the same period.
  • 31% of codebases use open source with no discernable license or customized licenses, up 55% from 2021.
  • 91% of the 1,480 audited codebases contained outdated versions of open-source components.

Mike McGuire, senior software solutions manager within the Synopsys Software Integrity Group, said, The key to managing open source risk at the speed of modern development is maintaining complete visibility of application contents. By building this visibility into the application lifecycle, businesses can arm themselves with the information needed to make informed, timely decisions regarding risk resolution.

“Organizations leveraging any type of third-party software should rightfully assume that it contains open source. Verifying this, and staying on top of the associated risk, is as simple as obtaining an SBOM – something easily provided by a vendor taking the necessary steps to secure their software supply chain.”

Veeam

Veeam has appointed Dustin Driggs as the company’s Chief Financial Officer (CFO). Driggs will lead Veeam’s global financial function including strategy and reporting as Veeam continues to gain market share and provide best-in-class secure backup and fast, reliable recovery that keeps businesses running.

Security news from the week beginning 13th February

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here