NIBS (credit image/Pixabay/ Ryan McGuire)Last week, Enterprise Times published an interview with Anurag Lal, CEO of Netsfere, the secure enterprise messaging service. He spoke about the need for a secure messaging platform and what NetSfere can bring to organisations. Enterprise Times also spoke with Kalev Pihl, CEO of SK ID Solutions, in a podcast. It has been the trust provider behind the Estonian national identity scheme for over 20 years.

Claroty

Claroty announced the appointment of Jesse Whaley, Amtrak’s Chief Information Security Officer (CISO), to the company’s advisory board. Whaley has signed on to help Claroty realize its vision of safely connecting the cyber and physical worlds.

Yaniv Vardi, CEO of Claroty, said, “We’re excited to welcome such a seasoned and respected authority across the cybersecurity community in Jesse Whaley. From his service in the US Army and Department of Defense to his leadership at Amtrak, Jesse brings a wealth of knowledge and experience in securing critical infrastructure and will prove invaluable to Claroty and our customers as we partner with them on their journey to secure cyber-physical systems across their organizations.”

Whaley said, “Cyber attacks targeting our nation’s critical infrastructure will only increase in the coming years, and the results are potentially devastating, as we learned from the Colonial Pipeline ransomware attack.

“As threat actors grow more brazen and increasingly seek not just financial gains but also disruption to vital services, critical infrastructure owners and operators must invest in securing their cyber-physical systems. I am eager to work with Claroty as the company is laser-focused on meeting this urgent need and has the right team, technology and strategy to do so.”

Cisco

Cisco announced a definitive agreement under which Cisco intends to acquire Splunk for $157 per share in cash. Representing approximately $28 billion in equity value. Upon the close of the acquisition, Splunk President and CEO Gary Steele will join Cisco’s Executive Leadership Team, reporting to Chair and CEO Chuck Robbins.

Chuck Robbins, Chair and CEO of Cisco, said, “We’re excited to bring Cisco and Splunk together. Our combined capabilities will drive the next generation of AI-enabled security and observability. From threat detection and response to threat prediction and prevention, we will help make organizations of all sizes more secure and resilient.”

Gary Steele, President and CEO of Splunk, said, “Uniting with Cisco represents the next phase of Splunk’s growth journey, accelerating our mission to help organizations worldwide become more resilient, while delivering immediate and compelling value to our shareholders.

“Together, we will form a global security and observability leader that harnesses the power of data and AI to deliver excellent customer outcomes and transform the industry.

“We’re thrilled to join forces with a long-time and trusted partner that shares our passion for innovation and world-class customer experience, and we expect our community of Splunk employees will benefit from even greater opportunities as we bring together two respected and purpose-driven organizations.”

Corero

Corero and Akamai Technologies announced a global partnership. Akamai will offer Corero on-premises DDoS protection to extend Akamai Prolexic, Akamai’s comprehensive portfolio of DDoS security solutions.

Ashley Stephenson, Corero Network Security’s Chief Technology Officer, said, “This global partnership to extend Akamai Prolexic with on-premises DDoS protection powered by Corero SmartWall ONE will strategically expand Corero routes to market. The combination of our highly complementary technologies for on-premises and cloud DDoS defense will deliver a best-in-class hybrid DDoS protection solution to meet the evolving needs of customers.”

Sean Lyons, Senior Vice President and General Manager of Infrastructure Security at Akamai, commented, “Our partnership with Corero allows us to deliver robust DDoS protection capabilities while enabling organizations to select the optimal DDoS solution for their individual use cases whether it be on-demand, always-on, cloud, on-premises, or in a hybrid environment.”

Dragos

Dragos has raised a $74 million Series D extension, led by strategic operating and investing firm WestCap. The equity investment is an extension of Dragos’s $200 million Series D in October 2021. This was led by Koch Disruptive Technologies, an investment arm of Koch Industries, with funds and accounts managed by BlackRock, a leading global asset manager. It brings the Series D round to $274 million, with total funds raised to date now approximately $440 million.

Robert M. Lee, Chief Executive Officer and Co-Founder of Dragos, Inc, commented, “The industrial threat landscape irreversibly changed this past year, and critical industries are seeking solutions that give them visibility into their OT networks and defend against the threats making headlines and driving government action.

“Demand for OT cybersecurity continues to be strong, and this extension allows us to scale. What’s really exciting is that WestCap, as lead investor, is a partner in our success and shares our commitment to build the collective defense to protect industrial organizations and the communities they serve.”

Dragos announced an expansion of their partnership with CrowdStrike featuring two new integrations providing bilateral data sharing. Now, joint customers can get full visibility into IoT/OT assets and vulnerabilities in the industry-leading CrowdStrike Falcon platform. They can also enrich the Dragos platform with additional threat telemetry to accelerate cyber incident detection, investigation, and response.

The partnership will provide industrial organizations with new capabilities to strengthen both their IT and OT security postures by:

  • Improving OT asset visibility and threat detection
  • Gathering the data they need on a platform they know
  • Receiving early warnings of OT threat activity network
  • Simplifying the OT cybersecurity journey

Robert M. Lee, Chief Executive Officer and Co-Founder of Dragos, Inc., commented, “This partnership between Dragos and CrowdStrike brings industrial organizations complete situational awareness and speed in defending their entire, interconnected OT and IT networks like never before.

“Through the integration of best-in-class OT and IT cybersecurity solutions, organizations now can monitor, detect and respond to threats moving across their IT and OT environments. Defenders have maximum visibility into events happening at the endpoints and other devices, no matter where they are.”

ESET

ESET researchers have analyzed two campaigns by the Iran-aligned OilRig APT group:

  • Outer Space from 2021 and Juicy Mix from 2022. Both cyberespionage campaigns targeted Israeli organizations exclusively, which aligns with the group’s focus on the Middle East, and used the same playbook.
  • OilRig first compromised a legitimate website to use as a C&C server and then delivered previously undocumented backdoors to its victims. While deploying various post-compromise tools mostly used for data exfiltration from the target systems. Specifically, they were used to collect credentials from Windows Credential Manager and major browsers, credentials, cookies and browsing history.

The reports go into some detail about the attacks.

Europol

In a significant victory against dark web criminals, the Finnish Customs (Tulli) and its European partners have successfully taken down the dark web marketplace ‘Piilopuoti’.

Drugs and other illegal commodities have been sold in large quantities on this Finnish-language platform, operating on the Onion Router (Tor) network since May 2022.

This successful action by the Finnish Customs was supported, among others, by the German Federal Criminal Office (Bundeskriminalamt) and the Lithuanian Criminal Police Bureau (Lietuvos kriminalinės policijos biuras). Europol’s European Cybercrime Centre coordinated the international activity and provided operational support and technical expertise.

F-Secure

F-Secure research indicates at least 1 in 6 adults surveyed have had personal data leaked in the past year. Yet, 77% still rarely or never check if their data has been stolen or leaked.

Most internet users remain in the dark about the dark web. Which, among other things, is a destination for cybercriminals to buy stolen personal data. While most — 80% of those surveyed — have heard of the dark web, only 32% accurately answered that the dark web is a part of the Internet that can only be accessed using special browsers.

In addition to the 1 in 6 who report that their data has leaked online in the last twelve months, nearly 4 in 10 (39%) said they don’t know if their data has leaked.

Tom Gaffney, Principal Consultant at F-Secure, comments, “Data leaks can happen to anyone, leading to identity theft, financial fraud, and other forms of cybercrime. This emphasizes the need for individuals to be proactive in safeguarding their data and understanding the steps they can take to mitigate risks.

“Almost a third of adults surveyed (30%) don’t know what action they can take to mitigate the risks of their data being on the dark web. We must work together to change that.”

Logpoint

Logpoint has partnered with METCLOUD in the UK. They aim to address fundamental cybersecurity challenges for organisations. As the threat landscape worsens and cybersecurity expertise becomes increasingly scarce, METCLOUD will offer Logpoint Converged SIEM, including SIEM, SOAR, UEBA, AgentX, and Business-Critical Security (BCS) technologies, to empower customers to efficiently manage, identify and remediate cyber threats across the business landscape.

Ian Vickers, CEO at METCLOUD, said, “Logpoint’s solutions give us a greater breadth of capabilities around predictive and preventative analytics, and management and insights across the technology landscape. Logpoint has a unique offering with BCS for SAP, enabling us to address the significant SAP ERP market.

“SAP customers account for 87% of global commerce, which is an enticing target for cybercriminals. Furthermore, the rapid adoption of AI/ML, IoT, OT, VR, Digital Twins, Robotics and Automation makes for a more connected world and, as such significantly increases the risks of cyber attacks.”

LogRhythm

LogRhythm has extended its partnership with Novacoast. Novacoast becomes the first LogRhythm Axon service provider. Ther provide level one and two analyst services and custom content for the cloud-native SaaS SIEM platform. LogRhythm is also taking a strategic step forward by transitioning its security operations to the new Axon platform.

Andrew Hollister, Chief Information Security Officer at LogRhythm, commented, “LogRhythm’s migration to the Axon platform is a testament to our confidence in the new platform to protect us and our customers in a continually evolving threat landscape. Our partnership with Novacoast in delivering services on the new platform furthers our mission of empowering security teams.

“Axon provides a highly intuitive experience that enables security teams to cut through the noise and get the visibility they need to secure their environments. With Novacoast’s expertise and Axon’s advanced capabilities we are confident in providing unparalleled security coverage for our organization and our customers.”

Privacera

Privacera announced its integration with Collibra, the Data Intelligence company, enabling seamless end-to-end data security and governance. The integration automates data governance and streamlines compliance and auditing. From data cataloguing and classification to enforcement of data access policies.

The new Privacera connector functionality for Collibra enables users to:

  • Import Collibra’s data classification tags into Privacera, ensuring consistent classification definitions between the data catalogue and data security governance platforms
  • Automatically create and enforce Privacera’s data access and security policies, including data masking and encryption based on Collibra data classifications
  • Surface Privacera’s data access policies through Collibra UI, achieving a single and complete view for compliance

Balaji Ganesan, CEO and Co-Founder at Privacera, commented, “Together with Collibra, we are enabling our joint users to build fully-automated data security and governance workflows with ease.

“This includes the initial step of discovering and classifying sensitive data, ensuring the automatic enforcement of relevant data policies, and the ability to streamline audits. This integration is taking away the burden for users of performing manual, complex and error-prone tasks in an increasingly complex data and AI landscape.”

Qualys

Qualys announced it will open a new shared cloud platform (SCP) hosting Qualys’ cyber risk management portfolio in Italy. This new shared platform aligns with the country’s National Cybersecurity Perimeter (NCSP) cloud strategy. It will allow Qualys customers in Italy to meet privacy and sovereignty requirements by storing data locally.

Alberto Manfredi, Country Leader and President of Cloud Security Alliance Italy stated, “Qualys is in active pursuit of authorization from the National Cybersecurity Agency (ACN) for its shared cloud platform in Italy.

“This endeavour is expected to culminate in a CSA STAR certification, representing a significant outcome of our independent research efforts. Such accomplishments are made feasible through the unwavering backing of our global network of expert volunteers and esteemed corporate collaborators like Qualys.”

SonicWall

SonicWall announced the introduction of its newly enhanced SecureFirst Partner Program to its existing and prospective North American customers. This is a culmination of actively listening to its partner community and implementing requested and recommended changes.

SonicWall has recently made several significant changes. These include strengthening its executive leadership team, implementing valuable incentives, and enhancing the global partner program. The new program is designed with MSP and MSSP business models in mind. Helping new and existing SonicWall partners succeed in 2023 and beyond.

Bob Vankirk, SonicWall President and CEO, said, “Our partners are at the heart of every decision we make at SonicWall. We’re thrilled to unveil a partner program that caters to our partners’ unique needs and aspirations. Our primary goal is to empower our partners and help them thrive and excel in their respective industries and business models.

“SonicWall’s new partner program allows its partners to determine their level of engagement, it allows for competitive pricing regardless of tier, and it helps increase profitability and efficiency to establish an easier way of doing business with us.”

Sophos

Sophos released findings on a major shā zhū pán (pig butchering) operation. Utilizing fake trading pools of cryptocurrency (liquidity pools) to steal more than $1 million. The report, “Latest Evolution of ‘Pig Butchering’ Scam Lures Victim in Fake Mining Scheme,” details the story of one of the scammed victims in the pools, named *Frank. It shows how he lost $22,000 in one week. After “someone” pretending to be “Vivian” on the dating app MeetMe contacted him.

After Sophos X-Ops investigated Frank’s story, the team uncovered a total of 14 domains associated with the scam operation. As well as dozens of nearly identical fraud sites. Together, they netted this one “ring” of pig butcherers more than $1 million in three months.

Sean Gallagher, Principal Threat Researcher, Sophos, said, “When we first discovered these fake liquidity pools, it was rather primitive and still developing. Now, we’re seeing sha zhu pan scammers taking this particular brand of cryptocurrency fraud and seamlessly integrating it into their existing tactics, such as luring targets over dating apps.

“Very few understand how legitimate cryptocurrency trading works, so it’s easy for these scammers to con their targets. There are even toolkits now for this scam, making it simple for different pig butchering operations to add this type of crypto fraud to their arsenal. While last year, Sophos tracked dozens of these fraudulent ‘liquidity pool’ sites; now we’re seeing more than 500.”

For more about the rise of liquidity mining scams in “Latest Evolution of ‘Pig Butchering’ Scam Lures Victim in Fake Mining Scheme,” go to Sophos.com.

Trend Micro

Trend Micro published data revealing that one in every six ransomware attacks targeting US government offices was traced back to the LockBit ransomware group. The report also noted that new victims increased by 47% from the second half of 2022. It also noted that many ransomware threat actors are no longer going after “big game” targets. Instead, focusing on smaller organizations they presume to be less well-defended.

Jon Clay, VP of threat intelligence at Trend, said, “We’ve observed a significant increase in the number of ransomware victims since the second half of 2022. Threat actors continue to innovate, target more victims, and cause significant financial and reputational damage.

“Organizations of all sizes must prioritize and enhance their cybersecurity posture. Our report should help network defenders, policymakers, and other stakeholders make better-informed decisions in the ongoing fight against ransomware.”

Trend Micro announced that thousands of its employees will participate in the company’s upcoming AI competition. This is designed to enhance understanding, awareness and expertise in the emerging technology.

Eva Chen, CEO, said, “The AI contest is built to empower Trenders through a fun and competitive format, allowing them to showcase their creativity and become familiar with AI technology. It’s important for us to find joy in the process of innovation without being constrained by daily work. As we develop a better understanding of this technology, we will naturally apply it to our work to continue driving progress at Trend.”

While the contest is internal, industry partners have signalled interest in the outcome. As organizations work towards the common goal of realizing the potential of artificial intelligence. Microsoft is sponsoring the event, which will run on Trend’s AI platform powered by Azure OpenAI. The competition’s preliminary hackathon event will begin in late August before a final to be held in early December.

Veeam

Veeam announced the Veeam Data Platform has achieved Common Criteria certification from the National Information Assurance Partnership (NIAP). It is listed on the NIAP Product Compliant List (PCL). The listing signifies a significant step towards reinforcing data security. It also ensures confidentiality, integrity and availability of sensitive and critical information.

Common Criteria certification assures partners, customers, and governments of Veeam’s commitment to quality and risk mitigation. Also, validates alignment with the most stringent cyber security regulatory requirements. This provides a proven competitive advantage, fosters trust, and reflects a dedication to long-term viability.

Anand Eswaran, CEO at Veeam, said, “State and government agencies are deploying Veeam technologies at record levels. As they continue to be a target for cyber incidents, which threaten national security, critical infrastructure, privacy, and citizens, agencies are turning to us for the most reliable, secure and proven solutions as the number 1 trusted and preferred vendor.

“Combatting cyber threats requires cross-industry partnership, and the Common Criteria certification is a great example of how government bodies have come together to ensure technology meets the best standards to keep organizations safe.

“Veeam is dedicated to working alongside partners and alliances to innovate and create a united front against cyber threats and attacks. We are proud of the results of this rigorous testing and product evaluation, and that Veeam is a part of this global effort.”

WatchGuard

WatchGuard Technologies announced the acquisition of CyGlass Technology Services. A leading provider of Cloud and network-centric threat detection and response solutions. It helps organizations see risks, stop threats, and prove compliance.

CyGlass’s 100% cloud-native platform utilizes advanced artificial intelligence (AI) and machine learning (ML) capabilities. It delivers enterprise-class cyber defence across hybrid networks to mid-sized and small organizations at an affordable cost and without hardware.

The CyGlass technology will add to the WatchGuard Unified Security Platform architecture. Delivering AI-based detection of network anomalies with a future Network Detection and Response (NDR) service. It will accelerate Open eXtended detection and response (XDR) capabilities within WatchGuard ThreatSync.

Andrew Young, Chief Product Officer at WatchGuard, said, “The success of CyGlass in the last year demonstrates that mid-sized companies and MSPs are seeking innovative detection and response solutions that are not reliant on costly hardware. The WatchGuard solutions built on CyGlass technology will create a competitive advantage for our partners that will drive increased revenue and margin opportunities.

“When integrated into WatchGuard’s Unified Security Platform architecture, partners and customers alike will benefit from the latest security advances to keep network attacks at bay, enhanced XDR insights and actions with telemetry from 3rd-party devices including switches, and easier regulatory and cyber-insurance compliance with powerful built-in reports.”

WSO2

WSO2 launched the WSO2 API Platform for Kubernetes (WSO2 APK). Built on a Kubernetes-native microservice architecture. The WSO2 APK next-generation, open-source API management platform enables enterprises to speed the delivery of cloud-native applications in their Kubernetes environments.

WSO2 APK is a comprehensive API management solution. This has been purposefully engineered from the ground up to leverage the inherent strengths of Kubernetes. The fully open-source platform adheres to the Kubernetes Gateway API specification. It seamlessly integrates with Kubernetes’ robust features. Including container orchestration, namespaces for organizing clusters, scalability, and service discovery, among others.

As a result, enterprises using WSO2 APK can optimize their API management practices and workflows. While accelerating the delivery of solutions within their Kubernetes environments.

Chris Davey, WSO2 Vice President and General Manager – API & integration software business unit, said, “For more than a decade, WSO2 has been delivering industry-first API management solutions to address development teams’ evolving needs. WSO2 APK builds on this commitment by providing a comprehensive API management platform designed specifically to utilize and integrate with the Kubernetes capabilities developers rely on for their modern, cloud-native applications.

“We believe that WSO2 APK will drive innovation, enable faster development, and unlock new possibilities for organizations looking to harness the full potential of their APIs within Kubernetes deployments.”

The platform offers auto-scaling, advanced security and advanced rate limiting.

Security news from the week beginning 11th September 2023

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here