Security news this week included Okta announcing a new partner program that would begin on April 3rd called Elevate. DataDome closed a Series C funding round that raised $42 million led by InfraVia Growth.
Adaptiva announced the general availability of its autonomous patch solution. It also published the State of Patch Management in the Digital Workplace report. According to the report by Adaptiva and the Ponemon Institute, organizations are struggling to keep up with the constant release of patches for the thousands of applications they use. The report reveals that, on average, more than half of the 2,900 are not kept updated.
Other key findings included:
- 60% of tracked applications are not on approved versions
- 69% of IT teams believe 100% third-party application patching is impossible
- 31% of respondents know how many distinct applications are installed on their endpoints
- 54% of respondents say detecting vulnerabilities is the hardest part of the patching process
- 31% of application patches are distributed using automation on average
Autonomous Patch is a game-changing solution for patching applications on Windows devices. It eliminates the need for manual intervention and pseudo-automation techniques, providing automated patch management at an enterprise scale.
Deepak Kumar, CEO and Founder of Adaptiva commented, “We couldn’t be more excited for the world to experience our revolutionary product that represents a monumental shift in patching. Our Autonomous Patch combines the administrator’s strategic intent with refined models of enterprise business units and deployment processes, resulting in a seamless stream of patch metadata to your endpoints. This allows patching to happen autonomously, based on the administrator’s intent and objective measures of risk and exposure.
“Since our public preview launch in October of last year, we’ve received an overwhelming response from our customers who have witnessed the power and promise of our intent schema. Finally, our customers can sit back and relax while our product takes care of patching all of their endpoints and applications, ensuring a smooth and hassle-free process.”
The Europol Innovation Lab organised several workshops with subject matter experts from across Europol to explore how criminals can abuse large language models (LLMs) such as ChatGPT. The workshops also examined how the technology may assist investigators in their daily work. Their insights are compiled in Europol’s first Tech Watch Flash report, entitled ‘ChatGPT – the impact of Large Language Models on Law Enforcement’.
Three areas of crime drew the most concern:
- Fraud and social engineering: ChatGPT’s ability to draft highly realistic text makes it a useful tool for phishing
- Disinformation: ChatGPT excels at producing authentic-sounding text at speed and scale. This makes the model ideal for propaganda and disinformation purposes
- Cybercrime: In addition to generating human-like language, ChatGPT can produce code in several different programming languages.
Invicti Security has partnered with Climb Channel Solutions, a global speciality IT distributor. With a primary focus on the UK and Irish markets, Climb will deliver Invicti’s full product portfolio and have technical, pre-, and post-sales support on the partnership roadmap.
Daniela Streng, Senior Vice President of Sales at Invicti, commented, “There’s a massive opportunity for Invicti and our partners in these regions. Our partnership with Climb not only plays an important role in our growth into new verticals and geographies, but it upholds our commitment to providing our partners and customers with best-in-DAST solutions.”
Securin Inc and Ivanti have investigated the cyber hygiene of Indian state government domains and found several potential gaps in their current security practices. The key findings included the following:
- Over 10% of domains in Indian states do not have Secure Sockets Layer (SSL) encryption—a basic security protocol layer. Without SSL encryption, hackers and threat groups can mount attacks easily and intercept sensitive data.
- Hundreds of highly sensitive protocols are currently exposed to the internet. These are the most vulnerable and popular exposures threat actors seek. We found 293 instances of the SSH protocol and 67 instances of the FTP exposed to the internet.
- Additionally, 700+ credentials with passwords from all state domains leaked onto the deep and dark web, making these domains extremely vulnerable to phishing attacks, credential misuse, and impersonation.
- The investigation also found 537 instances of ransomware exposure, which makes the domains extremely vulnerable to ransomware attacks.
Srinivas Mukkamala, Chief Product Officer at Ivanti, commented, “When basic cyber hygiene is not robust, it leaves governments and organizations extremely vulnerable to cyberattacks. All organizations and governments must remain vigilant when shoring up their cyber defenses. Together with our partners at Securin, we will continue to highlight areas of improvement for governments and organizations to protect against ransomware attacks.”
Logpoint’s Business Critical Security (BCS) solution is now available on the SAP Store, the online marketplace for SAP and partner offerings. BCS integrates with SAP HANA, SAP NetWeaver, and SAP ERP. It provides greater visibility and capabilities to detect, monitor and respond to security breaches and fraud attempts.
Krishnagopal Mukundan Kalathil, Product Owner of SAP solutions for Logpoint, commented, “Logpoint BCS can add an extra layer of security to SAP environments and helps enable advanced analytics and innovative orchestration capabilities that brings security on par with general cybersecurity.
“The many companies that use SAP solutions can boost cyber resilience with holistic monitoring, because BCS onboards SAP technology into a SIEM solution, helping them to use the advanced cybersecurity technologies that, for example, automates workflows and enforces policy, unlocking new business opportunities.”
Logpoint released new capabilities for its cybersecurity operations platform, converging SIEM, SOAR, UEBA, endpoint security, and Business-Critical Security (BCS) technologies.
Christian Have, Logpoint CTO, commented, “Gaining situational awareness is key for security teams. In the new case management system, our technology collates incidents that relate to specific attacks and provides a capability for the analyst to run suggested playbooks that fit the data, the TTP and the adversary at hand. Not only does the system greatly accelerate the detection, triage and response, but it increases the precision and efficacy as well.
“We always strive to speed up threat detection, investigation, and response for our customers. Our platform’s new capabilities improve observability and make it easier for our customers to take action on incidents threatening the organization and its digital assets.
“With the new release, we’re taking further steps to simplify and improve security operations. Our source management capabilities now support dynamic workloads such as cloud containers, remote workers and ephemeral systems.”
LogRhythm and Truvisor announced that they will expand their partnership to enable overburdened security teams to detect, analyze and disarm cybersecurity threats easily and rapidly. Truvisor will provide LogRhythm’s offerings through their reseller channels in Singapore. This marks an expansion of countries served, starting with Indonesia as the first market in South East Asia to be included in the partnership since 2021.
Jerry Tng, Vice President of Sales, APJ, LogRhythm, commented, “The partnership between LogRhythm and Truvisor is a great fit as we share the same vision of helping our customers succeed in gaining control and protecting their IT/OT environment. As adversarial tactics continue to develop, security teams will have to deal with more sophisticated threats. LogRhythm helps surface these threats and allow the analyst to resolve them quickly, all within one platform.”
Menlo Security announced the expansion of its presence in India and new investment in the region as it officially opened its regional Centre of Excellence (CoE) based in Bangalore.
Poornima DeBolle, Menlo Security’s Co-Founder and Chief Product Officer, who officially opened the Centre of Excellence, said, “Menlo is at a very exciting stage of its growth, and India is an important part of our growth story. We are making significant investments in this market with a multi-functional product team of R&D, security research, cybersecurity training, and global customer support and professional services.
“In addition to tapping into the incredible talent in India for our product development, we are also excited about bringing our market-leading Isolation Platform to this market to help with cybersecurity challenges created by increased Internet penetration. We see an increase in Highly Evasive Adaptive Threats (HEAT) targeting Indian companies and governments. We look forward to partnering with leading cybersecurity channels in India to deliver protection against web and email threats.
“Our aim is to develop products in India. Growth of internet penetration in the country has created its own challenges as it means more people working in the web browser and a new breed of attackers and threats. For us, it is an opportunity to recruit and work with the very best talent and bring to market best-of-breed products.”
Microsoft announced that the Microsoft Incident Response Retainer is now generally available. The Incident Response Retainer provides pre-paid blocks of hours for highly specialized incident response and recovery services before, during, and after a cybersecurity crisis. The offering includes:
- An Assigned Security Delivery Manager (SDM)
- An Assigned Incident Manager
- Intelligence-driven investigation—Threat investigation, digital forensics, log analysis, malware analysis support, and attacker containment
- Compromise recovery: Assistance in recovery and remediation of critical infrastructure, removing attacker control from an environment, regaining administrative control, and tactically hardening high-impact controls to prevent future breaches
- Proactive services: Compromise Assessments and Crisis Readiness Exercises will test your team’s defences, increase your security posture, and improve resilience
- Quarterly threat briefings: Threat intelligence briefings with tailored guidance on emerging trends and threats, analysis and validation of Indicators of Compromise and alerts, and premium delivery of Nation State Notifications (Plan 2 only, though not explained in the announcement)
Kelly Bissell, Corporate Vice President of Security Services Microsoft, commented, “Our mission is to secure the world so our customers can thrive. Security is a team sport, and incident response is one of the most important areas for industry leaders to collaborate.
“We look forward to working with Kivu and other partners to help customers be safe and secure against all cyberattacks. Customers can be confident that their incident response needs will be addressed so their business can thrive.”
Noname Security announced major enhancements to its market-leading API security platform to help organizations protect their API ecosystem, secure their applications, and increase cyber resilience. The release includes updates to discovery, posture management, runtime protection, pre-production testing, and deployment. The new capabilities enable customers to:
- Gain complete visibility and detailed insights to protect APIs with customizable discovery, flexible tagging, and datatype assignments – including PII, PCI, PHI, and custom categories – for grouping APIs by application, business unit, and more.
- Understand APIs in a rich context with visualizations of business logic, physical network infrastructure, and API traffic to understand specific interactions and behaviour patterns.
- Secure containerized applications with enhanced discovery and detection for Kubernetes (k8s).
- Prioritize resources and eliminate blind spots with extensive infrastructure inventories for AWS and Azure. This enables organizations to find unprotected APIs, map the connections between APIs and infrastructure resources, pinpoint resources that could increase the attack surface, and resolve potential issues with full context.
Shay Levi, Co-Founder and CTO at Noname Security commented, “APIs are the connective tissue for the digital world, but the explosion in API use has created new and rapidly growing threats to organizations across the globe. We created the Noname API Security Platform to uniquely address the modern API ecosystem, with discovery, insight, protection, and testing capabilities. Doing so means not only securing APIs and their use, but also improving the speed at which our customers can expand their business.”
NTT Ltd launched its Managed Detection and Response (MDR) security service to help companies achieve business performance objectives through improved cyber resilience. The cloud-native, analytics-driven offering combines human and machine expertise with leading technologies and threat intelligence to reduce the time to detect and respond to cyber-attacks.
The MDR service is built on Microsoft Sentinel, Microsoft’s leading next-gen security information and event management (SIEM) platform, powered by AI, automation, and threat intelligence. Sentinel enables organizations to collect data at scale across all users, devices, apps, and infrastructure, both on-prem and multi-cloud environments.
The service hunts for suspicious activities using analytics, machine learning, and threat intelligence and minimizes false positives. With built-in orchestration and automation of common tasks, enterprises can respond to incidents rapidly and remotely isolate threats.
Charlie Li, Senior Executive Vice President: Managed Cloud and Infrastructure Services at NTT Ltd, commented, “Organizations are typically utilizing a patchwork of security technologies that lack alignment. This disjointed approach has left businesses often unable to detect hard-to-find threats and lacking the necessary agility to mitigate them. Many are simply adding more security layers, increasing complexity, and generating even more logs and alerts that go untreated.
“NTT’s MDR service helps organizations stay ahead of attackers and has a direct impact on workforce productivity and customer satisfaction through real-time and long-term threat correlation, advanced analytics, and continuous monitoring of digital transactions. It delivers a strong cyber-resilience posture, directly impacting an organization’s operational, financial, and resource resilience.”
Okta for Government High has earned its U.S. Federal Risk and Authorization Management Program (FedRAMP) High Authorization. Okta for Government High is the secure identity solution built to help federal agencies meet security requirements. The solution complies with more than 420 baseline security controls for handling mission-critical information.
Sean Frazier, Federal CSO at Okta, commented, “As a FedRAMP High identity provider, Okta can now provide federal agencies with the highest security and privacy assurance, protecting sensitive data while enhancing user experience. And the timing couldn’t be better, because the recently enacted FedRAMP Authorization Act makes it easier for a greater number of federal agencies to turn to Okta to build a secure and frictionless identity environment for users, and support their zero-trust journey.”
Privacera announced that it has successfully achieved the Google Cloud Ready – BigQuery designation. Privacera enhances data access controls to BigQuery and expands the Google Cloud footprint across diverse data sources by providing advanced access control capabilities, including attribute-based access control and tag-based access control.
Balaji Ganesan, CEO of Privacera, said, “Privacera delivers unified security and access governance across cloud data estates like Google Cloud Services at scale. This most recent Google Cloud Read – BigQuery designation is another step forward for us on our mission to empower enterprise organizations to define and enforce access control across projects, datasets, tables, columns, and views in BigQuery from a single, centralized location. What results are faster queries and trusted analytics because the need for multiple access requests and denials is removed.”
- Risk Fact #1: Speed is the key to out-manoeuvring adversaries. On average, weaponized vulnerabilities are patched within 30.6 days while only being patched an average of 57.7% of the time.
- Risk Fact #2: Automation is the difference between success and failure. Vulnerabilities, where an automated patch could be applied, have a mean time to remediation of 25.5 days, while manually patched vulnerabilities took 39.8 days to be resolved.
- Risk Fact #3: Initial Access Brokers (IABs) attack what organizations ignore. A growing trend in the threat actor landscape is a category called Initial Access Brokers (IABs). IAB vulnerabilities have a mean time to remediation of 45.5 days, compared to 17.4 days for Windows and Chrome.
- Risk Fact #4: Misconfigurations are still prevalent in web applications. Scans from the Qualys Web Application Scanner revealed more than 25 million vulnerabilities, with 33% falling under the OWASP Category A05: Misconfiguration. These misconfigurations gave malicious actors a gateway to spreading malware in about 24,000 web applications.
- Risk Fact #5: Infrastructure misconfigurations open the door to ransomware. The top three techniques associated with failing controls for cloud misconfigurations were:
- T1210: Exploitation of Remote Services
- 1485: Data Destruction
- 1530: Data from Cloud Storage Object
Misconfigurations in the cloud expose organizations to exploitation, encryption, and exfiltration.
Travis Smith, vice president of Threat Research Unit (TRU) at Qualys, commented, “Adversaries make it their business to understand the vulnerabilities and weaknesses within their victims’ environments, which can shift the balance of power in their favor. This report arms CISOs and security teams with unprecedented, data-backed insights for a holistic approach to understanding attack paths and threat actor behaviors to minimize risk.”
Sonatype announced several enhancements to the Maven experience, making it easier, faster, and safer for developers to use and publish Java applications in their builds. Maven Central has a new, streamlined interface designed to enhance the user experience and empower developers to make better component choices.
These enhancements include an improved layout with community-sourced consumption details (such as “Most Popular Namespaces in Last 90 Days”), supercharged search results that include security vulnerability and software quality information, and a simplified login process. It has also added two new integrations to BOM Doctor and Sonatype Safety Rating.
Brian Fox, Co-founder and CTO of Sonatype and long-time steward of Maven Central, commented, “We’ve evolved and enhanced the Maven Central platform to improve the security of publishing and consumption. The new information this interface provides–fueled by Sonatype’s industry-leading data and proprietary security research–gives developers an at-a-glance context for optimal component selection.
“Developers already face an enormous amount of choice and responsibility in their software builds. We’re excited to provide a cleaner, more consistent experience that can help developers deliver safer code faster and reduce technical debt.”
WatchGuard released findings from its most recent Internet Security Report. It details the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers in Q4 2022.
Key findings included the following:
- Endpoint ransomware increased a startling 627%, and malware associated with phishing campaigns continued to be a persistent threat.
- 93% of malware hides behind encryption.
- Network-based malware detections dropped approximately 9.2% quarter over quarter during Q4.
- Endpoint malware detections increased by 22%.
- Zero-day or evasive malware has dropped to 43% in unencrypted traffic.
- Phishing campaigns have increased.
- ProxyLogin exploits continue to grow, rising from eighth to fourth.
- Network attack volume is effectively flat quarter over quarter, rising just 0.0015%.
- LockBit remains a prevalent ransomware group and malware variant.
Corey Nachreiner, chief security officer at WatchGuard, commented, “A continuing and concerning trend in our data and research shows that encryption – or, more accurately, the lack of decryption at the network perimeter – is hiding the full picture of malware attack trends. It is critical for security professionals to enable HTTPS inspection to ensure these threats are identified and addressed before they can do damage.”