Last week, with Black Hat imminent, several companies made announcements before the event. They included Forescout, Menlo Security, Qualys, Tenable and VMWare. There were also several new reports ahead of the event, with Microsoft, Mimecast Sophos and Qualys all publishing research.
Check Point Software Technologies
MidCoast Council in New South Wales, Australia, has deployed Check Point Infinity, Check Point Quantum Security Gateways, Check Point Quantum Lightspeed and Check Point Harmony Endpoint for PC and device protection.
Mike Nelson, Coordinator of IT Infrastructure for MidCoast Council, said, “We needed a holistic, consistent security solution and selected Check Point partner, S5 Technology Group, to help us achieve our goals of achieving a single-pane-of-glass management and flexibility to support immediate and future deployments without disruption.”
Check Point Infinity provides the council with a comprehensive security solution stack across its data centres, endpoints and remote locations and will support the organisation in simplifying its complex infrastructure.
Consolidated management and logging make it easy for the MidCoast Council IT team to see the entire infrastructure. All Check Point Infinity solutions integrate seamlessly as a collaborative environment, allowing the team to work together.
Nelson added, “Check Point Infinity allows us to evolve our security without having to know all of our requirements ahead of time. We have immediately secured our critical infrastructure with the most advanced security humanly possible. Check Point Infinity gives us complete flexibility.
“Going forward, we can easily adapt protection as we need it. For example, we’re migrating email to Microsoft 365 in the cloud. We’ll be able to extend Zero Trust to new areas of our network. Future cloud deployments will be protected. Check Point provides us with the comprehensive, consolidated, collaborative approach needed to secure whatever comes next.”
Les Williamson, Regional Director, Check Point Software Technologies Australia & New Zealand, said, “In conjunction with S5 Technology Group, we are delighted to have successfully deployed a cyber security future-fit architecture enabling MidCoast Council to transform its approach to securing its people, data and assets, while moving away from legacy infrastructure while all along aligning with the Essential Eight and a Zero Trust approach.”
Forescout
Forescout unveiled Risk and Exposure Management, its cloud-native product designed to collate all data sources associated with an enterprise’s connected assets and calculate a unique multifactor risk score for each asset. It offers a more intuitive and quantitative approach to risk prioritization.
Given the technology and business dynamics, enterprises’ attack surfaces are expanding daily. Security teams realize that existing approaches to cyber asset management can’t effectively scale to meet the diversity of asset types or track configuration and risk posture changes for their assets, making it exceedingly more difficult to conduct expeditiously any incident analysis.
The new Risk and Exposure Management solution addresses this challenge by tracking the changes to posture on a unique status-over-time view for every asset. It enables security teams to act on intuitive cyber risk intelligence through security workflow automation driven by the Forescout Platform.
Barry Mainz, Forescout CEO and President, said, “Enterprises require a simplified way to maintain both real-time and persistent asset intelligence for every asset – managed or unmanaged, physical or virtual, including OT/ICS, IoT devices and specialty subsets such as medical devices.
“We’ve invested heavily in the Forescout Platform and the enhancements we are making with the availability of Forescout Risk and Exposure Management provide that intelligence to help security teams effectively prove a reduction in risk posture of their enterprises’ evolving attack surfaces.”
Menlo Security
Menlo Security announced HEAT Shield and HEAT Visibility, the industry’s first suite of threat prevention capabilities designed to detect and block highly evasive threats targeting users via the web browser.
Menlo Security HEAT Shield detects and blocks phishing attacks before they can infiltrate the enterprise network. Menlo Security HEAT Visibility performs continual web traffic analysis and applies AI/ML-powered classifiers that identify the presence of highly evasive attacks.
“Highly evasive threats are growing as threat actors evolve how they deploy phishing and malware attacks,” said Michael Urciouli, Chief Information Officer of JPMorgan Chase Asset and Wealth Management. “Tools like Menlo Security’s browser security solution, including their HEAT Shield, can help to combat cyber threat vectors for the world’s top financial institutions, governments and leading enterprises.”
A HEAT Attack Dashboard allows customers to receive detailed threat intelligence, which can be integrated into their existing SIEM or SOC platforms. At the same time, HEAT alerts sent to SOC teams provide real-time threat visibility to enrich their existing threat intelligence sources and enhance and accelerate incident response capabilities.
Nick Edwards, Vice President, Product Management at Menlo Security, said, “Adversaries have placed a massive bullseye on the web browser. It has become the new desktop, where we spend the bulk of our working day.
“Legacy security vendors are fighting yesterday’s war by trying to shoehorn network security and endpoint tools to keep users safe and it isn’t working. The capabilities we are introducing today mark a significant leap forward towards our mission of creating a secure, seamless browsing experience, ensuring the internet can be used safely by our customers.”
Microsoft
Microsoft released the fifth edition of Cyber Signals, highlighting threats to large venues and entertainment events based on the learnings and telemetry from the FIF World Cup 2022 in Qatar. The report is based on analysing over 634.4 million events while Microsoft provided cybersecurity defences for Qatari facilities and organizations throughout November and December of 2022.
Microsoft Defender Experts for Hunting developed comprehensive cybersecurity defenses for Qatari facilities and organizations supporting the soccer tournament. Defender Experts for Hunting conducted an initial risk assessment, factoring in threat actor profiles, adversary tactics, techniques, procedures, and other global intelligence from our telemetry.
The report publishes three recommendations:
- Augment the SOC team: Have an additional set of eyes monitoring the event around the clock to proactively detect threats and send notifications. This helps correlate more hunting data and discover early signs of intrusion. It should include threats beyond the endpoint, like identity compromise or device-to-cloud pivot.
- Conduct a focused cyber risk assessment: Identify potential threats specific to the event, venue, or nation where the event occurs. This assessment should include vendors, team and venue IT professionals, sponsors, and key event stakeholders.
- Consider least privileged access a best practice: Grant access to systems and services only to those who need it and train staff to understand access layers.
Mimecast
Mimecast published a report entitled, Collaboration Security: Risks and Realities of the Modern Work Surface. The report reveals that businesses fail to secure collaboration tools, even though almost all (94%) have experienced threats via their chosen tools.
The report identified that business collaboration tools posed a massive threat, with the most common attacks consisting of:
- malware (56%)
- phishing (44%)
- credential harvesting (26%)
The impact of these cyberattacks varies and can include loss of company data (54%), loss of potential customers (36%), loss of current customers (32%) and damage to company reputation (30%). The average cost of an attack is over half a million dollars, with 16% of organisations saying they can cost over a million dollars.
While organisations feel they are delivering awareness about the risks, employees disagree. Those surveyed felt their organization had effectively communicated the security vulnerabilities of collaboration tools to their employees. This directly contradicts the fact only 10% said they received dedicated collaboration tools security training.
David Raissipour, Mimecast Chief Technology and Product Officer, said, “The modern workplace has experienced explosive change in a short period of time. Adoption of Microsoft Teams has never been higher due to hybrid work, making collaboration tools essential to productivity. But cybercriminals know this and are increasingly seeking to exploit this tool.
“As collaboration tools become an increasingly complex and growing threat vector, employee and decision maker overconfidence will place organizations at even greater risk. Without dedicated monitoring and training, risky behavior on these tools is less likely to be picked up.
“This is where IT decision makers have a vital role to play in securing these platforms and providing their employees with specific collaboration security training to protect their data.
“Protection for Microsoft Teams is designed to ensure that Microsoft 365 remains a productivity tool rather than a security risk, and educating employees about the security implications will ensure they are careful about what they click on or share via these tools. This will help organizations to reduce cyber risk and cost, all while training employees to truly be part of their collaboration security fabric.”
Qualys
Qualys announced that its industry-leading capabilities, including Qualys Vulnerability Management, Detection and Response (VMDR), will be included in Mazars’ Cybersecurity Managed Services.
Mazars customers will gain unprecedented insights into distinct risk postures to prioritize and remediate their most critical vulnerabilities through this partnership. It will integrate Qualys solutions into its Cybersecurity Managed Service, including VMDR with TruRisk and Patch Management.
Ben Doane, director of Cybersecurity Managed Services at Mazars, commented, “Qualys is a natural fit to integrate into our managed service because it provides our customers with unmatched visibility into their environments and the ability to patch vulnerabilities immediately. It is essential in today’s world that you are able to quantify cybersecurity risks alongside other metrics when building a successful business.”
Qualys also announced its Q2 2023 results. Revenues were $137.2 million, up 14% from Q2 2022. GAAP gross profit for the second quarter of 2023 increased by 17% to $110.5 million compared to $94.8 million for the same quarter in 2022.
Sumedh Thakar, Qualys’ president and CEO, commented, “We’re pleased to report another quarter of healthy revenue growth, strong profitability and cash-flow generation. Our growing leadership as a trusted cybersecurity risk management platform of record and our outstanding financial performance in the quarter stand as a testament to Qualys’ continuous innovation in protecting customer environments.
“By offering comprehensive cyber risk posture assessment and response prioritization capabilities through a natively integrated platform, we believe Qualys is transforming the value proposition of conventional vulnerability management technologies and laying a firm foundation for future growth.”
Qualys also announced it is opening up its award-winning risk management platform to AppSec teams to bring their own detections to assess, prioritize and remediate the risk associated with first-party software and its embedded open-source components.
The new Qualys solution enables organizations to bring their own detection and remediation scripts created using popular languages like PowerShell and Python to Qualys Vulnerability Management, Detection and Response (VMDR) as Qualys ID (QIDs), which the Qualys Cloud Agent executes in a secure and controlled manner. Qualys TruRisk then detects and prioritizes the findings in the same workflow and reporting as used for the third-party software findings.
Using the new solution, security teams can build their own signatures, proactively detect, manage and reduce supply chain risks and effectively communicate risk with unified reports and dashboards.
Sumedh Thakar, president and CEO of Qualys, said, “First-party applications, being proprietary, often lack adequate risk detection, prioritization and remediation support from scanning tools. Our first-in industry capabilities enable organizations to leverage the Qualys platform’s capabilities, identifying and analyzing both first-party and third-party software risks to develop an overall TruRisk score for a comprehensive view of the organization’s overall risk.”
Sonatype
Research from Sonatype revealed that President Biden’s Executive Order on improving the Nation’s Cybersecurity had driven wide-scale changes in software development practices in both the UK and the US in the two years since it launched.
Since the Order’s introduction, 76% of enterprises have adopted a Software Bill of Materials (SBOM). Another 16% plan to implement SBOMs within the next year, thus showing increasing recognition of the correlation between open-source hygiene and cybersecurity posture. Only 4% of those that have adopted SBOM had done so more than three years ago.
The adoption of SBOMs is increasingly important in procurement, with 60% of respondents mandate that the businesses they work with maintain an SBOM, and 37% said they will do so.
Brian Fox, CTO and Co-Founder at Sonatype, said, “While it’s good to finally see widespread adoption of SBOMs, it’s equally concerning to see nearly a quarter of large enterprises have yet to implement them.
“It echoes our research findings last year showing many organizations are a lot farther behind on software supply chain management than they think they are. SBOMs are just ‘step one’ to cyber resilience – there’s a whole lot more that comes after that list of ingredients if you want to achieve good software hygiene, like investing in tools for software composition analysis. If you’re not at that first step yet, you’re going to fall behind.”
Sophos
Sophos released new findings on CryptoRom scams—a subset of pig butchering (shā zhū pán) schemes designed to trick users of dating apps into making fake cryptocurrency investments—in its latest report, “Sha Zhu Pan Scam Uses AI Chat Tool to Target iPhone and Android Users.”
Since May, Sophos X-Ops has observed CryptoRom fraudsters refining their techniques, including adding an AI chat tool, like ChatGPT, to their toolset. Scammers also expanded their coercion tactics by telling victims their crypto accounts were hacked and more upfront money is needed.
Sophos X-Ops additionally discovered that scammers could sneak seven new fake cryptocurrency investment apps into the official Apple App and Google Play stores, upping the potential for victims.
Sean Gallagher, principal threat researcher Sophos, commented, “Since OpenAI announced the release of ChatGPT, there has been broad speculation that cybercriminals may use the program for their own malicious activities. We can now say that, at least in the case of pig butchering scams, this is, in fact, happening.
“One of the main challenges for fraudsters with CryptoRom scams is carrying out convincing, sustained conversations of a romantic nature with targets; these conversations are mostly written by ‘keyboarders,’ who are primarily based out of Asia and have a language barrier.
“Using something like ChatGPT can be a more efficient and effective way to keep these conversations going, making the scams less labor intensive and more authentic. It also enables keyboarders to simultaneously engage with multiple victims at one time.”
Sophos X-Ops also uncovered a new scammer tactic designed to extort additional money. Traditionally, when victims of CryptoRom scams attempt to cash in on their “profits,” fraudsters will tell them they need to pay a 20% tax on their funds before completing any withdrawals.
However, a recent victim revealed that after paying the “tax” to withdraw money, the fraudsters said the funds had been “hacked” and they would need another 20% deposit before receiving the funds.
Tenable
Tenable announced new enhancements to Tenable OT Security, helping customers strengthen the security of their OT environments through the broadest and deepest visibility, granularity, management and control of IT/OT and IoT assets on the market. Tenable OT Security now features increased visibility of Building Management Systems (BMS) — including devices such as security cameras, HVAC systems, badge scanners and entrance security systems, lighting control, programming systems and other assets.
Marty Edwards, Deputy CTO for OT/IoT at Tenable, said, ”All too often, OT, IoT and BMS devices are overlooked, yet in today’s converged environments, security teams need a simple, unified view of their overall risk. Tenable OT Security addresses this, enhancing visibility to reduce the attack surface.”
VMWare
VMWare has added new cloud-native detection and response capabilities to Carbon Black Extended Detection and Response (XDR). VMware Carbon Black’s new CNDR capabilities expand its leading XDR solution and are designed to deliver enhanced threat detection for containers and Kubernetes within a single, unified platform. These enhancements aim to deliver runtime protection for Linux containers, providing a scalable approach for protecting applications from emerging threats and helping eliminate blind spots for attackers to exploit.
The new capabilities include:
- Enhanced visibility
- Context and historical data: Due to the ephemeral nature of containers
- Simple alert triaging
Jason Rolleston, vice president and general manager of VMware Carbon Black, said, “The rise of containers, and often the resulting lack of visibility and limited control security teams have, has created a perfect storm for attackers to target cloud-native applications as a means of entry into an enterprise.
“In Order for security teams to keep up, it’s critical that organizations have security visibility and control that spans the entire application lifecycle and does not require them to be experts in containers and Kubernetes. With our advanced CNDR solution, VMware Carbon Black is the only partner that delivers threat detection and response from a single console across endpoints, workloads, and containers.”