With Infosecurity occurring in London, there were fewer announcements than expected. LastPass and Malwarebytes announced the launch of new partner programs. Reports on cybersecurity issues emerged from Gatewatcher and Trend Micro. There were also product and partner announcements from Check Point and Everphone, Check Point and TELUS, and Orange Cyberdefense with Orange and Palo Alto.
Check Point
Check Point and Everphone have collaborated to enhance the Everphone DaaS solution by integrating Check Point Harmony Mobile. The comprehensive integration ensures that each device is fully protected from the outset, even before they leave the Everphone workshop with the industry-leading Mobile Threat Defence (MTD) solution.
Sherif Seddik, President of EMEA Sales at Check Point Software Technologies, commented, “Mobile security has never been as critical as it is today. This partnership aims to safeguard organizations from evolving cyber threats by blending Harmony Mobile’s robust protection with Everphone’s DaaS offering. This unique collaboration paves the way for a new benchmark in mobile security, delivering a seamless and secure user experience without compromising productivity.”
Mehmet Isik, COO at Everphone, added, “Our alliance with Check Point Software Technologies not only affirms Everphone’s commitment to robust cybersecurity but also enriches our service portfolio. We understand that for our customers, the security of their corporate devices is a top priority. This partnership allows Everphone to provide an all-in-one solution — ranging from procurement to replacement, now further fortified with advanced cybersecurity measures.”
Check Point Software Technologies also partnered with the communications technology company, TELUS, to launch the TELUS Cloud Security Posture Management (CSPM) service in Canada. Backed by Check Point’s AI-powered threat prevention and high-fidelity posture management technology, TELUS CSPM provides a comprehensive managed solution for Canadian organizations to monitor cloud security posture in real-time and detect, remediate and report on vulnerabilities.
Ron Dekker, Canadian Country Manager, Check Point Software Technologies, commented, “At Check Point, we believe that cybersecurity starts with prevention. We’re proud to partner with TELUS, a company leading the way in developing best-in-class security, to provide organizations across Canada with proactive real-time monitoring security solutions leveraging the latest AI-powered threat intelligence so they stay one step ahead of potential threats, prevent attacks and keep their networks and data safe.”
Gatewatcher
Gatewatcher published its June 2023 CyberThreats Barometer. The report identified 358,555 indicators of compromise and 177,040 compromised reports. The authors highlight the Volt Typhoon. The distinctive feature of Volt Typhoon’s modus operandi is the absence of malware. The group uses a well-known technique known as “Living-Off the land”, where the attacker uses only legitimate tools, often already present on the various systems, to blend in more easily with legitimate traffic.
The top three common vulnerabilities and exposures seen were:
- CVE-2017-11882
- CVE-2018-0802
- CVE-2017-1725
The top malware families seen were Zeus Panda, Mirai and Qbot. The most targeted business sectors in June were technology, Energy and Education.
LastPass
LastPass launched the LastPass Allegiance Partner Program. The new program makes it easier for Solution Providers, Managed Service Providers (MSPs) and Technology Partners to help their customers prevent compromised credentials. The new program will include:
- Tier-based discount structure
- Deal Registration
- Marketing support
- Technical and sales enablement
- Proof of concept and solution consulting support
- Access to the LastPass University, a robust online training platform
Patrick McCue, Global Vice President of Partners, LastPass, commented, “Verizon’s 2023 Data Breach Investigations Report estimates that compromised credentials are responsible for 49% of data breaches.
“Our partners are committed to helping their customers better protect their credentials, and LastPass is equally committed to our partners, building a program that gives each partner the flexibility they want and deserve when bringing the LastPass solution to market. We’re investing in the tools, resources, platforms, and program enhancements to create a path for partners of all sizes to grow profitably while expanding their security practice.”
Malwarebytes
Malwarebytes launched the Malwarebytes Reseller Partner Program. The revamped program is dedicated to helping partners create profitable and consistent business growth through innovative endpoint security solutions and leading channel incentives such as lucrative base and multi-year discounts.
Jason Coville, Chief Sales Officer, Malwarebytes, commented, “Today’s evolving threat landscape means that organizations are leaning on their partners to be their trusted IT advisors and cybersecurity experts more than ever before.
“We believe it is critical to invest in and support our partners as they guide their customers to a more secure future. We are committed to providing our partners with cutting-edge security solutions that are easy to use, create growth and provide fast time-to-value.”
New partner benefits include:
- Strong financial growth: Competitive pricing and margins help partners increase overall earnings potential with deal registrations. Partners also gain additional margin and deal exclusivity on all new opportunities.
- Partner portal: The MalwarebytesPartner Experience Center (PXC) is an easy way to centrally access sales and marketing resources, register deals and provide customers with free trials.
- Sales and technical training: Whether on-demand or onsite, Malwarebytes has the training curriculum to provide partners with the necessary skill set to sell and support Malwarebytes solutions.
- Marketing resources: Partners can access co-branded collateral, a global campaign repository, partner communications and more.
- Mutual engagement: Partners provide valuable input that drives technology development, marketing and sales activities.
Nettitude
Nettitude will rebrand to LQRA Nettitude on June 27th, reflecting the single brand that LQRA will reflect across its portfolio in the future.
Noname Security
Noname Security announced the general availability of Active Testing V2 to help organizations leave no API untested. As an integral part of the Noname API Security Platform, Active Testing is the easiest, most advanced, and most complete API security testing solution available.
Building on the success of the pioneering original version of Active Testing, the latest version helps industry leaders to further “shift left” to stop vulnerabilities from reaching production, innovate faster, and ensure compliance with evolving regulatory requirements.
Orange Cyberdefense
Orange Business, Orange Cyberdefense and Palo Alto will deliver a managed Secure Access Service Edge (SASE) solution. It will aim to meet enterprise customers’ most demanding networking and security requirements with high performance, simplicity, and Zero Trust Network Access 2.0.
It will combine Palo Alto Networks Prisma® SASE (Prisma Access + Prisma SD-WAN), with the connectivity and digital integration capabilities of Orange Business, along with the Managed Secure Access service by Orange Cyberdefense.
Helmut Reisinger, CEO of EMEA and LATAM, Palo Alto Networks, commented, “As organizations adopt new cloud-based technologies to increase productivity, improve efficiency, and deliver new services, an implied consequence is an expanding digital attack surface.
“Improving cyber resilience has never been more challenging, so by combining our SASE solution with the services and management capabilities of Orange into a single platform, we are empowering our customers with industry-leading networking and security that is simple to deploy, easy to scale and manage, and delivers the best performance in the industry.”
Hugues Foulon, CEO of Orange Cyberdefense, said, “Organizations are looking to securely adopt new technologies and modern ways of working without compromising security, visibility, and end-user experience. With many adopting a best-of-platform approach, we help our customers to simplify the delivery of consistent security at scale.
“The long-standing relationship between Orange Cyberdefense and Palo Alto Networks has resulted in a comprehensive portfolio of services in areas like: Edge security, XDR, cloud security, SASE and SOAR, which we believe helps improve organizations’ cyber resilience across the threat lifecycle.”
Privacera
Privacera announced the private preview of Privacera AI Governance (PAIG). PAIG fosters powerful AI data security governance and federated stewardship between IT departments and business teams. The solution combines comprehensive data security governance for relational data, non-structured data, and AI model training and access.
PAIG combats the unpredictability of generative AI by helping companies avoid the potential misuse of data, address challenges in compliance policy enforcement, and reduce complexities that arise when runtime contexts are added during inference.
With PAIG, organizations can tap into Privacera’s proven history of innovation in building massively scalable data and access security on AI and diverse data estates. PAIG is powered by the company’s Unified Data Security Platform, which has set the standard for data in the big data ecosystem and the modern cloud data estate. It allows for a common security administration and monitoring platform across all data and consistent policies, roles, and controls across all AI models.
The combined solution provides compliance support for CCPA, GDPR, and HIPAA during AI model training, deployment, and utilization.
Privacera Co-Founder and CEO Balaji Ganesan, said, “The potential of generative AI and large language models (LLMs) to transform enterprise operations is immense, but their inherent unpredictability can unknowingly reveal intellectual property, Personally Identifiable Information (PII) and sensitive data. By providing organizations with an intelligent and adaptive AI data governance solution, Privacera continues its mission to empower enterprises to utilize their data as a strategic asset.”
Privacera announced the general availability of its Databricks Unity Catalog Connector. By integrating with Unity Catalog, Privacera allows Databricks customers to streamline their access controls, simplify data discovery, and automate security policies.
Sonatype
At Infosecurity London, Sonatype announced that Sonatype Repository Firewall had stopped more than $1.5 billion in potential losses from malicious open-source attacks. Now a SaaS-first solution, it enables even more organizations to speed up their pace of innovation while keeping their open-source software (OSS) repositories and profitability secure.
Mitchell Johnson, Chief Product Development Officer at Sonatype, commented, “An elegantly simple solution to a complex problem, the Sonatype Repository Firewall empowers technology teams to move fast with the confidence that they are protected from malware masquerading as valid open source software.
“With cyberattacks increasing in frequency and sophistication – and software development regulations becoming increasingly standardized – organizations are looking for fast ways to protect themselves. Sonatype Repository Firewall is a first line of defense that is easy to set up, maintain, and integrate into workflows. Simply put, if you have a repository manager, you need a Repository Firewall.”
Trend Micro
A team from Trend Micro published an overview of the Trigona ransomware, its different versions and evolution, including a Linux version discovered in May 2023.
The blog looks at the group behind and the countries where they are most active; the USA (28%) and India (25%) are the two highest in some way. The overview looks at how both the Linux and Windows version work and how it is monetised. The authors give three recommendations for security teams.
- Enable multifactor authentication (MFA) to hinder attackers from moving laterally within a network and accessing sensitive information.
- Follow the 3-2-1 rule when creating backups for important files. This involves generating three backup copies stored in two different file formats, with one copy stored in a separate location. This ensures redundancy and minimizes the risk of data loss.
- Update and patch systems regularly. It is important to keep applications and operating systems up to date and establish robust patch management protocols to prevent malicious actors from exploiting software vulnerabilities.
