Forter has announced that it has forged a new partnership with Wix. Last week’s news includes product announcements from Check Point Software, Claroty, Orange Cyberdefense and Veeam. Research from Secureworks and Sophos was published. Dragos revealed its monthly tops tips for organisations looking to enhance OT security.
Avast
Avast published research that found that stalkerware has increased by 329% in the UK over the last three years. Stalkerware steals the physical and online freedom of the targeted person. It covertly tracks their location and monitors smartphone activity, including websites visited, text messages and phone calls.
Jakub Vavra, Threat Operations Analyst at Avast, commented, “The growth we’re seeing in stalkerware is a huge concern. Stalkerware is often installed secretly on mobile phones by abusive spouses, ex-partners, so-called friends or concerned parents, and has the capacity to inflict serious physical and psychological harm on those affected. This is not only about stealing personal data, there are also tangible implications concerning the safety of the individual targeted.”
Avast offers advice on detecting whether you have stalkerware, securing your device and removing the malware in the release.
Check Point Software Technologies
Check Point Software has introduced Infinity Global Services. It is an all-encompassing security solution that will empower any organization to fortify its systems, from cloud to network to endpoint. The new service will expand Check Point’s end-to-end security services across thirty areas. It will empower organizations to build and enhance their cybersecurity practices and controls and demonstrate cyber resilience.
Sharon Schusheim, CIO and VP of Technical Services at Check Point Software Technologies, commented, “Organizations of all sizes are struggling to monitor the growing threat landscape and adequately prevent cyberattacks. Our customers and partners reach out to us to support the build out of their cyber resilience strategy.
“Check Point Infinity Global Services provides a comprehensive, consolidated and collaborative security solution, in a simple to deploy format so organizations can go on the security offensive to prevent attacks before they happen.”
The Infinity Global Services’ comprehensive end-to-end model delivers thirty proactive services across four main pillars; Assess, Optimize, Master and Respond.
Claroty
Claroty announced it had expanded its footprint within the ServiceNow ecosystem. It has released a new set of native integrations leveraging the Service Graph Connector (SGC) and Vulnerability Response (VR) infrastructure. These new integrations enable ServiceNow’s CMDB and VR products to ingest in-depth details of cyber-physical systems across the Extended Internet of Things (XIoT), automatically discovered and profiled by Claroty.
Stephan Goldberg, VP of Technology Alliances at Claroty, commented, “Together, Claroty and ServiceNow help enterprises rapidly and comprehensively discover the assets they own, which in turn enables them to assess and quickly address asset vulnerabilities. The combination of Claroty’s granular passive vulnerability management capabilities with native ServiceNow asset data modeling support empowers our customers to achieve cyber and operational resilience by preempting cyber attacks and preventing downtime.”
Karan Shrivastava, Director of Product Management, Operational Technology at ServiceNow, added, “As cyber-physical systems grow more connected and complex, they become vulnerable to cyber intrusion. A large part of the industry’s vulnerability is because enterprises cannot see and fully inventory their XIoT assets, which leaves the door wide open for bad actors to exploit vulnerabilities.
“Integrating the ServiceNow OTM with Claroty’s xDome, Medigate, and CTD gives enterprises the asset discovery and vulnerability management capabilities needed to secure their industrial, healthcare, or commercial operations, all within the ServiceNow platform.”
Dragos
Dragos published its monthly column on best practices for operational technology (OT) cybersecurity for under-resourced organizations. This month it concentrates on the communication channels for an OT Cyber Incident response. It suggests five methods, also highlighting the risk factors of each and adding some suggestions for mitigating that risk.
- Secure Email, with a suggestion to use Proton Mail to mitigate the high risk
- Secure Video Conferencing using Signal
- Secure SMS/Calls, again using Signal
- Internet/Cellular access
- Two-way radios
Egress
Egress has partnered with Planet Mark to reduce its carbon footprint. Ed Bodey, Group General Counsel and Company Secretary at Egress, said, “As a global and growing business, Egress wants to reduce and minimize its impact on the environment. We are all rightly proud of what we have achieved to date, but we see this partnership with Planet Mark as the most important step.
“Planet Mark will allow us to unlock valuable insights into our business and our supply chains and enable real change through 2023 and beyond. The anticipated reduction in our carbon footprint is core to the commitments that we made when signing up to Tech Zero in 2021.”
Steve Malkin, Found and CEO at Planet Mark, said: “We are proud to be working with Egress who have recently achieved their first year of Business Certification with Planet Mark. The Planet Mark team are proud to be working with Egress as we know that bringing together the best of people, technology and nature is incredibly important to sustained progress against the climate crisis. We look forward to seeing their journey towards ongoing carbon emission reduction in the coming years.”
Orange Cyberdefense
Orange Cyberdefense has created two new managed services to complement the security features of Microsoft 365 Defender.
- Managed Workspace Protection for Microsoft 365 Defender to block attacks and enhance security posture simply and quickly
- Managed Threat Detection [xdr] for Microsoft 365 Defender to detect, investigate and stop attacks at scale
Laurent Célérier, Executive Vice-President Technology & Marketing Orange Cyberdefense, commented, “The launch of these two services is an important step forward to create a one-stop-shop for all Microsoft-related activities within Orange Cyberdefense to empower every organization to stay secure.
“Thanks to our investment in Microsoft, Orange Cyberdefense combines an intelligence-led managed services approach with best-of-breed technologies, experts and processes to help customers stay ahead of threats and invest resources where they will have the greatest impact. We can improve their security efficiency and threat visibility with our managed security services across Microsoft solutions.”
Shirley Strachan, Global Partner Development Strategy Leader of Microsoft Security, commented, “Our global partner ecosystem is essential in helping customers achieve success with our solutions. We are pleased to expand our collaboration with Orange Cyberdefense as they combine an extended knowledge of Microsoft offerings and a vision for ensuring the success of our customers in their security journey.”
Secureworks
The latest Secureworks Incident Response report highlights the leading causes of real-world security incidents. During 2022 Secureworks helped contain and remediate over 500 real-world incidents. The analysis of those incidents revealed that:
- The number of incidents involving business email compromise (BEC) has doubled. It replaced ransomware as the most common type of financially motivated cyber threat.
- The growth in BEC was linked to a threefold increase in phishing campaigns, 33%, compared to 13% in 2021.
- Vulnerabilities in internet-facing systems represented a third of incidents where IAV could be established. Typically, threat actors did not need to use zero-day vulnerabilities. Instead, they relied on publicly disclosed vulnerabilities – such as ProxyLogon, ProxyShell and Log4Shell – to target unpatched machines.
- Ransomware incidents fell by 57% but remain a core threat.
Mike McLellan, Director of Intelligence at Secureworks, commented, “Business email compromise requires little to no technical skill but can be extremely lucrative. Attackers can simultaneously phish multiple organizations looking for potential victims, without needing to employ advanced skills or operate complicated affiliate models.”
“Let’s be clear, cybercriminals are opportunistic — not targeted. Attackers are still going around the parking lot and seeing which doors are unlocked. Bulk scanners will quickly show an attacker which machines are not patched.
“If your internet-facing applications aren’t secured, you’re giving them the keys to the kingdom. Once they are in, the clock starts ticking to stop an attacker turning that intrusion to their advantage. Already in 2023, we’ve seen several high-profile cases of post-intrusion ransomware, which can be extremely disruptive and damaging.”
Sophos
Sophos released new research on how the cybersecurity industry can leverage GPT-3, the language model behind the now well-known ChatGPT framework, as a co-pilot to help defeat attackers. The latest report, “GPT for You and Me: Applying AI Language Processing to Cyber Defenses,” details projects developed by Sophos X-Ops using GPT-3’s large language models to simplify the search for malicious activity in datasets from security software, more accurately filter spam, and speed up analysis of “living off the land” binary (LOLBin) attacks.
Sean Gallagher, principal threat researcher Sophos, commented, “Since OpenAI unveiled ChatGPT back in November, the security community has largely focused on the potential risks this new technology could bring. Can the AI help wannabee attackers write malware or help cybercriminals write much more convincing phishing emails? Perhaps, but, at Sophos, we’ve long seen AI as an ally rather than an enemy for defenders, making it a cornerstone technology for Sophos, and GPT-3 is no different.
“The security community should be paying attention not just to the potential risks, but the potential opportunities GPT-3 brings.”
Trustwave
Trustwave and Trellix announced a strategic partnership to bring superior visibility and faster, more precise detection and response to security teams defending against cyberthreats. Armed with Trellix XDR, Trustwave threat intelligence, and context from customers’ security infrastructure, Trustwave detects threats in real-time, hunts for emerging threats at the endpoint, and initiates response actions to quickly eliminate them.
Trustwave CEO Eric Harmon commented, “We’re committed to helping organizations realize greater value across their security investments while conducting and growing their businesses securely. Unlike other providers, MDR is the core of our business, and we’re proud to be Trellix’s newest partner to provide our joint clients with a new level of holistic cyber defense.”
Trellix CEO Bryan Palma commented, “Our partnership with Trustwave was carefully chosen because we believe Managed Detection and Response works best with a level of customer intimacy provided by the channel. We have no doubt our XDR platform combined with MDR services from Trustwave is a winning combination for our customers.”
Veeam
Veeam Software, the leader in Modern Data Protection, announced a strategic partnership with Carahsoft Technology Corp, the Trusted Government IT Solutions Provider. Under the agreement, Carahsoft will serve as Veeam’s preferred public sector distributor, expanding public sector access to the Veeam Data Platform (VDP). VDP provides customers with data security, recovery, and freedom to keep their organizations running.
VDP will be available through Carahsoft’s reseller partners and GSA Schedule, Information Technology Enterprise Solutions (ITES-SW2), Solutions for Enterprise-Wide Procurement (SEWP V), The Interlocal Purchasing System (TIPS), National Association of State Procurement Officials (NASPO) ValuePoint, E&I Cooperative Services Contract, OMNIA Partners and The Quilt contracts.
Anand Eswaran, CEO at Veeam, commented, “From outages to cyberattacks, the public sector is facing more challenges than ever before. There is a lot of anxiety about the gap between how quickly an organization needs to get systems back online after an incident occurs, and how long it actually takes.
“That’s why our mission at Veeam is keeping customers and their businesses running. It starts with securing their data and ensuring that if the worst does happen, they can recover rapidly whether their data is on-premises, in the cloud or both. Central to that mission is working with great partners like Carahsoft to give public sector customers the confidence to know they can keep running no matter what happens.”
