Check Point Software, Sophos, Trend Micro, WatchGuard, and Zimperium published security reports last week. ManageEngine revealed that it had attained a Spanish cybersecurity certification. LogRhythm published a press release rounding up its success in H1 2023, and VMWare announced a partnership with AMD and Samsung.
Check Point Software
Check Point released the 2023 Cloud Security Report. Key findings from the report based on over 1000 responses included:
- Biggest Challenges: Misconfiguration of cloud platforms or improper setup (59%) ranks as the most significant security threat, followed by exfiltration of sensitive data (51%), insecure interfaces/APIs (51%), and unauthorized access (49%).
- Cloud Security Incidents: 24% of respondents reported experiencing public cloud-related security incidents, with misconfigurations, account compromises, and exploited vulnerabilities being the most common incident types.
- Cloud Configuration and Security Policy Management: While 62% of organizations utilize cloud-native tools for configuration management, 29% rely on dedicated Cloud Security Posture Management Solutions (CSPM).
- DevSecOps, CIEM, and Unified Security Management: 37% of respondents have embraced DevSecOps in certain areas of their organization, while 19% have implemented a comprehensive program.
TJ Gonen, VP of Cloud Security at Check Point Software Technologies, commented, “Our survey found that cloud misconfigurations are the foremost concern for today’s CISOs. However, what sets successful cloud security organizations apart, is not only the ability to identify misconfigurations, but also to grasp their contextual relevance and prioritize their resolution.
“Understanding which misconfigurations truly pose a risk to business operations is paramount. As is the capability to swiftly and effectively address those vulnerabilities to maintain a strong security posture. It is imperative for enterprises to select a comprehensive solution that goes beyond surface-level detection.”
Check Point Software also published its Environmental, Social, and Governance (ESG) report for 2022. The report covers Check Point’s sustainability-related projects, technology, business and activities over the last twelve months.
Key highlights include how Check Point is increasing Digital resilience, focusing on Carbon neutrality, its social responsibility, governance and ethics.
Gil Shwed, Founder and CEO at Check Point, said: “Our report is an accurate reflection of what we’ve achieved so far, as well as a glimpse of our future plans. ESG is of paramount importance to us, and we’re taking definitive steps to continuously improve. From committing to achieving carbon neutrality by 2040, to extending cyber education programs to eager learners worldwide, these actions and many more embody what I believe to be the essence of Check Point – making the world safer while also making it better.”
LogRhythm
LogRhythm reviewed its success, and the product updates rolled out over the first half 2023. It reviewed the improvements to its Axon, SIEM, and NDR solutions.
Chris O’Malley, CEO of LogRhythm, commented, “LogRhythm demonstrates in our actions a dedication to improving security analysts’ experience by providing them with the tools they need to navigate the evolving threat landscape effectively. Our latest product enhancements empower security analysts, improve operational efficiency, and offer unparalleled visibility into potential risks. We remain committed to our customer’s success and resilience against cyber threats.”
LogRhythm also celebrated achievements such as:
- The successful expansion of the cloud-native security operations platform LogRhythm Axon in Europe and the adoption of LogRhythm NDR in India reflect LogRhythm’s commitment to providing advanced security solutions globally.
- Strategic partnerships with AttackIQ, Zscaler, Mimecast, Trend Micro, and Trace3 further strengthen LogRhythm’s market collaboration as a trusted security partner.
- SOC2 compliance, affirming LogRhythm’s commitment to meeting the highest security standards.
- LogRhythm SIEM self-paced, on-demand training is now available in several languages, including Spanish, French and Portuguese.
The company also won several notable awards, including the Frost & Sullivan Competitive Leadership Awards, the Colorado Technology APEX Awards and the Globee Gold Awards.
ManageEngine
ManageEngine announced that it has successfully obtained the Spanish government’s Esquema Nacional de Seguridad (National Security Framework) certification. The company achieved this certification in the INTERMEDIATE (medium) category in its first attempt after a rigorous evaluation of all its cloud and on-premises solutions by BDO, an independent audit firm.
The evaluation, encompassing audits of the company’s European Union data centres (located in Dublin and Amsterdam), announced ManageEngine as a certified company that met all the compliance policy requirements.
Rajesh Ganesan, president of ManageEngine, commented, “Regulatory frameworks ensure high levels of trust for citizens using government, public and private digital services. Over the last 13 years, the National Security Framework (ENS) has evolved into a comprehensive framework that helps companies make modern technologies more secure so people can use them with confidence.
“We at ManageEngine are excited to receive this certification, which is a testament to our continued efforts to fulfil the needs of our Spanish customers.”
Sophos
Sophies published the “The State of Ransomware in Manufacturing and Production 2023” report. It found that the adversaries successfully encrypted data in 68% of ransomware attacks against this sector. This is the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.
Manufacturers are increasing the use of backups, 73% (58% 2022) but are taking longer to recover, 55% recovered in less than a week (2022 67%)
John Shier, field CTO Sophos, commented, “Using backups as a primary recovery mechanism is encouraging, since the use of backups promotes a faster recovery. While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery. With 77% of manufacturing organizations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.
“Longer recovery times in manufacturing are a concerning development. As we’ve seen in Sophos’ Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organizations needing assistance recovering from attacks. This extended recovery is negatively impacting IT teams, where 69% report that addressing security incidents is consuming too much time and 66% are unable to work on other projects.”
Sophos recommend several actions for manufacturers that other sectors are already taking:
- Strengthen security shields with better security tools, adaptive technologies and 24/7 threat detection.
- Optimise attack preparation with regular backups and security reviews
- Maintain good security hygiene with regular patching and security tool reviews.
Trend Micro
Trend Micro sponsored and published a SANS Institute report, Breaking IT/OT Silos With ICS/OT Visibility. The report reveals that enterprise Security Operation Centers (SOCs) are expanding their capabilities to the OT domain, but major visibility and skills-related challenges are causing roadblocks.
- Half of the organizations now have an enterprise SOC with some ICS/OT visibility.
- Only 53% of these organisations with a SOC have an OT environment that provides data for detection purposes.
- The top three capabilities that organisations are looking to integrate between IT and OT SCOS are cyber event detection (63%), asset inventory (57%) and identity and access management (57%).
Bill Malik, vice president of infrastructure strategies at Trend Micro, said, “IT-OT integration is already driving digital transformation for many industrial organizations, but to effectively manage risk in these environments, IT and OT security operations (SecOps) must also converge. OT security programs may be lagging, but there’s a fantastic opportunity to close the visibility and skills gap by consolidating onto a single SecOps platform like Trend Vision One.”
The study also reveals the top challenges organisations looking to expand SecOps face.
- Training IT staff in OT security (54%)
- Communication silos between relevant departments (39%)
- Hiring and retaining staff who understand cybersecurity (38%)
- Training OT staff in IT (38%)
- Insufficient risk visibility across IT and OT domains (38%)
Trend Micro also published an Omdia report that revealed that most enterprises invest 5-10% of their IT budgets specifically on private 5G network security, despite an assumption that the technology is secure by default. They will spend $12.9B on Private Network Security by 2027.
The research reveals that 72% of global enterprises believe the 3GPP approach1 to private 5G security is sufficient. These network architectures were built with security in mind, and because they are private, they are inherently more secure than public 5G. However, that doesn’t mean they are impenetrable to determined attackers. The report highlights requirements and priorities shared by security leaders for their 5G deployments.
Greg Young, vice president of cybersecurity at Trend Micro, commented, “When it comes to private 5G network technology, there’s no such thing as ‘secure by default,’ so it’s reassuring that enterprises are looking to add their own protections. What will be crucial going forward is educating this new user base about where the most critical security gaps are and what a shared responsibility model will look like in these environments.”
VMWare
VMWare has announced that it is joining forces with AMD, Samsung, and members of the RISC-V Keystone community to simplify the development and operations of confidential computing applications. VMware researched, developed and open-sourced the developer-focused Certifier Framework for Confidential Computing project.
AMD, Samsung and VMware aim to address a significant barrier to adopting confidential computing by standardising on an easy-to-use, platform-independent API for creating and operating confidential computing applications.
Kit Colbert, CTO of VMware, said, “Confidential Computing has the potential to secure workloads no matter where they run including in multi-cloud and edge settings. The challenge has been to help customers adopt and implement the standard with ease. The collective efforts of the growing ecosystem of contributors to Certifier Framework will help bring those benefits to bear to ISVs, enterprise customers, and Sovereign Cloud providers—enabling them to use this emerging technology more easily and effectively.”
WatchGuard
WatchGuard announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers in Q1 2023. The key findings included the following:
- Now that web browsers have more protections preventing pop-up abuse. Attackers have pivoted to using the browser notifications features to force similar types of interactions.
- Threat actors from China and Russia are behind 75% of new threats in the Q1 Top 10 list.
- Persistence of attacks against Office products, End-of-Life (EOL) Microsoft ISA Firewall.
- Living-off-the-land attacks are on the rise.
- Malware droppers targeting Linux-based systems.
- Zero-day malware accounts for the majority (70%) of detections.
- In Q1 2023, the Threat Lab tallied 852 victims published to extortion sites and discovered 51 new ransomware variants. These ransomware groups continue to publish victims at an alarmingly high rate.
Corey Nachreiner, the chief security officer at WatchGuard, commented, “Organizations need to pay more active, ongoing attention to the existing security solutions and strategies their businesses rely on to stay protected against increasingly sophisticated threats.
“The top themes and corresponding best practices our Threat Lab have outlined for this report strongly emphasize layered malware defenses to combat living-off-the-land attacks, which can be done simply and effectively with a platform for unified security run by dedicated managed service providers.”
Zimperium
Zimperium published its Global Mobile Threat Report 2023. Key findings included the following:
- 43% of all compromised devices were fully exploited (not jailbroken or rooted), an increase of 187% year-over-year.
- Phishing attacks against mobile devices are growing. 80% of attacks are designed to work on both mobile and desktop.
- During 2022, Zimperium detected an average of four malicious/phishing links clicked for every device covered with its anti-phishing technology.
- EMEA (35%) and North America (25%) have the highest percentage of devices impacted by spyware.
- A 138% increase in critical Android vulnerabilities was discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively exploited in the wild.
- The number of unique mobile malware samples rose 51%, with more than 920,000 samples detected between 2021 and 2022.
- Zimperium detection of Android device malware from 1 in 50 in 2021 to 1 in 20 in 2022.
- Improper cloud storage configurations in mobile apps are a leading attack surface, with ±2% of all iOS and ±10% of all Android mobile apps accessing insecure cloud instances.
Jon Paterson, CTO of Zimperium, commented, “There is a fundamental issue that today’s modern organizations must contend with–how can they capitalize on the opportunities of being mobile-powered without being exposed to evolving risks.
“To thrive, it is critical that they employ a mobile-first security strategy–one where they continually prioritize and assess risk as close to the user and device as possible, and baseline and continuously assess vulnerability posture to operate in a known state with complete visibility.
“They must take responsive action on risk detection: leverage zero trust and conditional access workflows, leverage XDR and autonomous, 3rd party integrations and ensure they assess and stay updated on global privacy regulations and the risks that affect apps they develop and use.”
