NIBS (credit image/Pixabay/ Ryan McGuire)BATM received a $3 million order from an existing government defence customer for network and cybersecurity services. UK insurer Hiscox, published its seventh annual Cyber Readiness Report showing 53% of companies admit to experiencing a cyber attack.

Babel Street

The Babel Street Insights platform has achieved ISO 27001 Certification. The platform, which provides advanced data analytics and intelligence, has now achieved a new level of trust. The ISO.IEC 27001:2022 certification is limited to the Information Management System in the Babel Streets Insight platform.

Ted LeSueur, Chief Information Security Officer of Babel Street said, “Our ISO 27001 Certification is an achievement that reflects our unwavering dedication to maintaining the highest standards of information security.

“Leading organizations count on the AI-powered Babel Street Insights platform to minimize risks and empower the best outcomes, and this certification allows our stakeholders to have further trust that their sensitive data is secured to the maximal level.”

Check Point Software Technologies

There were multiple announcements from Check Point Software Technologies this week. The first was Ms Jill Smith joining the company’s Board of Directors after her appointment at the 2023 Annual General Meeting. Smith was formerly the President and CEO of Allied Minds, an IP commercialisation company. It will be interesting to see if her responsibilities include better leverage of Check Point’s IP.

Mr Jerry Ungerman, Chairman of Check Point’s Board of Directors, said, “Ms. Smith brings more than 20 years of international leadership experience, including 17 years as chief executive officer of private and public companies in the technology and information.” 

Ms Smith, said, “I am excited to join Check Point, one of the most important companies in the cybersecurity industry at a time when the increased regulatory environment and security needs of enterprises underscore Check Point’s industry leadership.”

The second announcement was its 2023 third-quarter financial results.

  • Total Revenues: $596 million, a 3% increase year over year
  • Security Subscriptions Revenues: $248 million, a 15% increase year over year
  • Deferred Revenues: $1,709 million, a 4% increase year over year
  • GAAP Operating Income: $226 million, representing 38% of revenues
  • Non-GAAP Operating Income: $269 million, representing 45% of revenues
  • GAAP EPS: $1.75, a 19% increase year over year
  • Non-GAAP EPS: $2.07, a 17% increase year over year
  • Cash Balances, Marketable Securities and Short-Term Deposits:$2,989 million as of September 30, 2023, compared to $3,570 million as of September 30, 2022.
  • Cash Flow: During the quarter we acquired Perimeter 81, a pioneering Security Service Edge (SSE) company, and Atmosec, an early-stage SaaS security vendor, for $477 million net cash consideration. Cash flow from operations was $222 million, compared to $240 million in the third quarter of 2022. The operating cash flow for the quarter included a cost of $22 million related to acquisitions.

Gil Shwed, Founder and CEO of Check Point Software, said, “Our third quarter performance was strong, marked by a 17 percent increase in earnings per share and a 15 percent rise in security subscriptions revenues. We achieved total revenues near the top of our forecast range, with earnings per share hitting the peak.

“In the past 60 days, we’ve successfully completed three acquisitions, underscoring our security platform leadership. The acquisition of Perimeter 81 has provided us a single-vendor SASE solution that delivers twice the speed of competitive solutions while ensuring industry-leading prevention-first security.”

Claroty

Claroty and Rockwell Automation have expanded their capabilities to include SaaS-power OT security solution xDome. Rockwell is to add xDome to its global services portfolio, and its customers also have access to all Claroty’s cloud-based and on-premises OT security offerings.

Matt Kennedy, vice president, Global Capabilities and Innovation, Lifecycle Services at Rockwell Automation. “Our partnership with Claroty marks a significant milestone in our journey towards enabling enterprises with the tools they need to remain both competitive and secure. Rockwell Automation combined with Claroty xDome enables industrial organizations to make even greater strides with their digital transformation while keeping operations secure.”

Rockwell Automation’s global portfolio now contains a wide range of Claroty solutions. In addition to xDome there is also the Continuous Threat Detection (CTD) and Secure Remote Access (SRA). They provide coverage of OT, IoT and BMS assets in industrial environments.

Dragos

Dragos has expanded its combined capabilities with Rockwell Automation. It is making the Dragos Platform available to organisations for ICS/OT cybersecurity threat detection. It extends the existing arrangement between the two vendors that already provide the Dragos OT Incident Response Retainer through Rockwell.

Matt Kennedy, vice president, Global Capabilities and Innovation, Lifecycle Services at Rockwell Automation. “By offering the value of the Dragos Platform alongside the services and expertise from both Rockwell and Dragos, we will help manufacturers achieve their digital transformation goals while maintaining the safety and security of their OT infrastructure.”

ESET

ESET reports that the Monzi IoT botnet has been taken down via a kill switch. The company saw a drop in Monzi’s activity in India and China in August and later discovered a kill switch that disabled the malware. It also stripped the Monzi bots of their functionality. The change to the botnets was done through an update to the Monzi bots.

What is not clear is why this happened? ESET researcher Ivan Bešina said, “There are two potential instigators for this takedown: the original Mozi botnet creator or Chinese law enforcement, perhaps enlisting or forcing the cooperation of the original actor or actors. The sequential targeting of India and then China suggests that the takedown was carried out deliberately, with one country targeted first and the other a week later.”

Is this the end of Monzi? Maybe not. The botnets are still there, and ESET stops short of saying they can be reactivated.

Europol

Europol has signed an agreement with France to support it during the 2024 Olympic and Paralympic games in 2024. It will increase operational information exchange and coordinate international law enforcement cooperation during the games. Among the plans are special channels for swift cooperation during the event.

Europol with also create a special team that will assist with security arrangements. They will work in close cooperation with the Central Section for Operational Police Cooperation (SCCOPOL).

Ivanti

Ivanti has released its Executive Security Spotlight report (registration required). The 31-page report shows an interesting shift in blockers. Executive buy-in is an issue for just 21% of respondents. Compare that to tech stack complexity at 31%, and it shows that the board is less of a problem than the tools businesses are using.

A major concern from the report is the fact that 49% of CXOs have requested to bypass one or more security measures in the past year. Given these are the people targeted by attackers due to their access to systems, it’s a shocking indictment. But there is worse to come in the report. It highlights several executive cybersecurity habits and behaviours that security professionals need to be aware of:

  • One in five leaders have shared their work password with someone outside the company.
  • 77% use easy-to-remember password hacks, including birthdates or pet names.
  • CXOs are three times more likely to share work devices with unauthorized users, such as friends, families and external freelancers.
  • One in three executives admit to accessing unauthorized work files and data, and nearly two in three say that they could have edited those files/data when accessing them.

Daniel Spicer, Chief Security Officer at Ivanti, said, “When executives are willing to trade security for usability, they may be underestimating just how lucrative of a target they are for threat actors. 

“As our work environments have become digital-first it’s impossible to eliminate all risk – but we should eliminate unnecessary risk. The continued challenge for security leaders is to obtain organizational buy-in and compliance on cyber mandates – particularly with their peers on the executive team to close human-sized gaps and avoid a double standard being applied to the rest of the workforce.”

LiveAction

LiveAction has announced its Visibility as a Service (VaaS) offering to Service Providers (SP) and Managed Service Providers (MSP). The company says it contains “an enhanced portfolio of network and application performance visibility for enterprise customers.”

The new solution takes advantage of LiveSP, LiveNX and LiveWire. In addition to giving customers advanced visibility of their network and applications, it helps optimise network operations and reduces Mean Time to Resolution (MTTR). As organisations build out multi-cloud networks, scale and transformation increase complexity.

VaaS provides enterprises and MSPs with the ability to resolve that complexity and understand what is happening. It also allows MSPs to automate repetitive workflows and monitor SD-WAN performance.

Simon Najarian, Customer Success Manager at LiveAction, said, “Business productivity is more dependent upon network visibility than ever. Just think of all the applications we rely on like Slack, Salesforce, Online Banking, CRM & ERP, Healthcare, etc… where the stability of network is key and which allow us to conduct business rapidly across the globe.

“Jitter or performance drops in any of these crucial applications can slow or even paralyze productivity. That can be enormously expensive for an enterprise and traditional network monitoring tools are often too slow to fix those performance issues. Visibility as a Service comes as a way to remediate these kinds of performance issues cheaply, quickly and easily.”

Logpoint

Logpoint has published an analysis of the Cozy Bear Advanced Persistent Threat (APT) group. Linked to Russia’s intelligence services SVR and FSB, it is directed against high-profile targets, including governments, think tanks, businesses and others, to steal information and intelligence. The 17-page report, Not Too Cozy: Cozy Bear, takes a close look at Cozy Bear and how to protect against it.

Swachchhanda Shrawan Poudel, Logpoint Security Research Engineer, said, “Cozy Bear has continuously demonstrated a striking level of consistency in their techniques, making only sporadic modifications.

“What stands out is their ability to carry out successful campaigns repeatedly, evidently without changing techniques or encountering substantial issues or setbacks. Their operations’ unwavering resilience and effectiveness emphasizes Cozy Bear’s sophistication and adaptability as a threat actor.”

Recently, Cozy Bear has been seen concentrating its efforts on foreign embassies in Ukraine. Logpoint also says that it is “attempting to deceive nations that are normally supportive of Russia.” Why that is, is unclear.

The report makes for interesting reading, especially the section on detection and persistence of attacks. Importantly, Logpoint says that organisations need to constantly monitor for Cozy Bear as its attacks evolve.

LogRhythm

LogRhythm has been named as an official cybersecurity solution provider to government agencies in Romania. It allows all government departments to access LogRhythm SIEM to protect against cybersecurity attacks. Importantly, it also allows them to coordinate their response to incidents by providing a single source of analytics.

Kev Eley, Vice President of Sales, UK & Europe at LogRhythm, said, “We are thrilled to see LogRhythm recognized as an official cybersecurity solution provider to Romanian governments, and we look forward to helping take the cybersecurity posture of the country to the next level. This is a very important step forward for us as we continue to keep modern IT environments safe from the most critical security challenges.”

LogRhythm has announced the appointment of Matthew Lowe as Australia and New Zealand Country Manager. Lowe joins from Avanti, where he was Vice President for Australia and New Zealand for six years. He was responsible for growing the company’s market share and business momentum.

Jerry Tng, Vice President, APJ, LogRhythm said, “Matthew brings a wealth of regional sales expertise to LogRhythm having helped several innovative industry leaders build their brands into dominant forces.

“His leadership, experience, and knowledge will help support our customers and channel partners as we further accelerate growth and continue to meet the evolving cybersecurity needs of Australian and New Zealand enterprises as they continue their digital transformation journeys.”

In a busy news week, LogRhythm also announced a partnership with 3D Security. It will see LogRhythm Axon SIEM and D3 Smart SOAR’s come together. The company says it will provide “security teams with a powerful, integrated solution to streamline their security operations.

Andrew Hollister, CISO of LogRhythm, said, “Our partnership with D3 Security represents a significant step forward in empowering security teams to navigate the complexities of today’s threat landscape with confidence. By combining LogRhythm Axon SIEM with D3 Smart SOAR’s automation and orchestration capabilities, we are enabling security professionals to focus on what matters most: protecting their organizations.” 

Microsoft

In a blog, Charlie Bell, Executive Vice President, Microsoft Security, announced Microsoft Secure Future Initiative to advance security engineering. The Secure Future Initiative aims to bring together all of Microsoft’s teams to advance cybersecurity protection. It consists of “three pillars, focused on AI-based cyber defenses, advances in fundamental software engineering, and advocacy for stronger application of international norms to protect civilians from cyber threats.”

Bell says that the use of automation and AI will help Microsoft deliver “software that is secure by design by default, in operation and in operation.” Microsoft will also evolve its Security Development Lifecycle (SDL) to become dynamic SDL (dSDL). Part of that means applying CI/CD to “continuously integrate protections against emerging patterns as we code, test, deploy, and operate.”

Microsoft is also continuing to focus on improving identity and the verification of identity, be that user, device or service. It is doing that through Azure HSM and the enforcement of standard identity libraries.

The final point that Bell calls out is the move to mitigate cloud vulnerabilities by 50%.

Mimecast

Mimecast has expanded its Email Security Cloud Integrated solution to more global markets. The announcement says, “This gateway-less solution is designed to optimize protection for Microsoft 365 environments with scalable, best-in-class email and collaboration security.”

In November 2022, analysis of logs showed that “for every 1 million emails Microsoft 365 delivered, 24,500 on average were untrustworthy or contained malware or phishing.” Mimecast claims that its solution can be deployed in less than five minutes and will improve detection of those emails.

In July, Mimecast also released Protection for Microsoft Teams to protect those users and data from attack.

David Raissipour, Mimecast Chief Technology & Product Officer, said, “Backed by nearly two decades of email security expertise and a rich history of innovation, Mimecast is uniquely positioned to offer a flexible, gateway-less solution that helps organizations proactively enhance their security posture.

“Our data clearly shows that Microsoft 365 alone is not sufficient to provide organizations with protection from cyber threats.” 

noname Security

noname Security has released its latest research report, The API Security Disconnect 2023 (registration required). It reveals confidence in API Security tools is high (96%). However, that confidence may be misplaced, with 77% admitting they had experienced a security incident in 2023.

These organizations manage and store highly regulated and confidential personally identifiable information (PII) relating to healthcare, finances, employment, and more, putting citizens at risk when an incident occurs.

Dean Phillips, Executive Director of Public Sector Programs at Noname Security, said, “When it comes to API security, we continue to see a major disconnect between what security professionals believe to be true and what they actually experience.

“An API security incident in the public sector has the potential to impact every citizen. The government and highly regulated industries have unique security needs, and it is imperative for the public sector to be equipped with the right tools to prevent a devastating cyber attack and, ultimately, protect national security.”

Other findings from the survey are:

  • Nearly 90% of government and public sector respondents say that API security is more of a priority now than it was 12 months ago
  • More than half (59%) of respondents shared that they suffered loss of customer goodwill and churned accounts
  • Additionally, 47% of respondents reported a loss of productivity, 44% cited they incurred fees to remediate the problem, and 43% said the cost of fines from regulators was an unwelcome impact.
  • API gateways are a top attack vector (24%), followed by network firewall attacks (21%) in second place, followed by authorization vulnerabilities (17%) in third place
  • As the report highlights, government agencies and the public sector identified API security as a priority for protecting citizen’s data and services. Additionally, API security can be a critical factor in maintaining regulatory compliance. API security platforms are now a critical piece of the puzzle, with 72% of government and public sector respondents saying that their API security platform partner helps them to maintain regulatory compliance.

Qualys

Qualys has announced its third quarter 2023 financial results ahead of its user conference in Orlando next week. Revenue is up 13% and GAAP net income increased by 68% over the same period in 2022.

Sumedh Thakar, Qualys’ president and CEO, said, “In Q3 we delivered another quarter of healthy revenue growth, strong profitability and cash flow generation. Our continuous innovation is solving a growing number of modern security challenges in on-prem, cloud and multi-cloud environments while empowering customers to consolidate tools, simplify operations, reduce costs, and achieve better protection.

“We believe Qualys’ comprehensive cyber risk posture assessment and remediation platform provides strong competitive differentiation and a firm foundation for future growth in both our core and cloud expansion markets.”

Key highlights from the third quarter 2023, include:

  • Revenues: Up 13% to $142.0 million compared to $125.6 million for the same quarter in 2022.
  • Gross Profit: Increased by 16% to $115.3 million compared to $99.6 million for the same quarter in 2022.
  • GAAP gross margin: 81% for the third quarter of 2023 compared to 79% for the same quarter in 2022.
  • Non-GAAP gross profit: Increased by 15% to $118.0 million compared to $102.2 million for the same quarter in 2022.
  • Non-GAAP gross margin: 83% for the third quarter of 2023 compared to 81% for the same quarter in 2022.
  • GAAP operating income: Increased by 31% to $43.6 million compared to $33.3 million for the same quarter in 2022. As a percentage of revenues, GAAP operating income was 31% for the third quarter of 2023 compared to 27% for the same quarter in 2022.
  • Non-GAAP operating income: Increased by 31% to $62.9 million compared to $48.0 million for the same quarter in 2022. As a percentage of revenues, non-GAAP operating income was 44% for the third quarter of 2023 compared to 38% for the same quarter in 2022.
  • GAAP net income: Up 68% to $46.5 million, or $1.24 per diluted share (of which approximately $11.0 million or $0.29 per diluted share was the result of a change in our tax estimates), compared to $27.7 million, or $0.71 per diluted share, for the same quarter in 2022. As a percentage of revenues, GAAP net income was 33% for the third quarter of 2023 compared to 22% for the same quarter in 2022.
  • Non-GAAP net income: $56.7 million, or $1.51 per diluted share (of which approximately $5.5 million or $0.15 per diluted share was the result of a change in our tax estimates), compared to $36.8 million, or $0.94 per diluted share, for the same quarter in 2022. As a percentage of revenues, non-GAAP net income was 40% for the third quarter of 2023 compared to 29% for the same quarter in 2022.
  • Adjusted EBITDA: (a non-GAAP financial measure) for the third quarter of 2023 increased by 25% to $68.8 million compared to $54.9 million for the same quarter in 2022. As a percentage of revenues, Adjusted EBITDA was 48% for the third quarter of 2023 compared to 44% for the same quarter in 2022.
  • Operating cash flow: Increased by 119% to $92.4 million compared to $42.2 million for the same quarter in 2022. As a percentage of revenues, operating cash flow was 65% for the third quarter of 2023 compared to 34% for the same quarter in 2022.

Qualys also announced the availability of its award-winning VMDR TruRisk, FixIT, and ProtectIT capabilities in the AWS Marketplace. The solutions are priced and packaged for small-to-medium-sized businesses (SMBs) and small-to-medium enterprises (SMEs).

The three solutions can be accessed through a single engine:

  • VMDR TruRisk: Brings the power of Qualys Cloud Platform and the capabilities of VMDR to small and medium-sized businesses. With VMDR TruRisk, smaller organizations can now access enterprise-grade asset visibility, vulnerability management, risk assessment, and prioritized remediation workflows.
  • VMDR TruRisk FixIT: Provides all the benefits of VMDR TruRisk as well as Qualys Patch Management for risk-based detection and remediation. With VMDR TruRisk FixIT, customers can prioritize vulnerabilities and automate patching based on business criticality.
  • VMDR TruRisk ProtectIT: Delivers all the benefits of VMDR TruRisk FixIT plus additional machine learning-based anti-malware and threat protection layered with business context via Qualys Multi-Vector EDR.

According to Pinkesh Shah, Chief Product Officer, Qualys, “Many smaller businesses don’t have the budgets or personnel necessary to support an enterprise-grade cyber risk management program.

“By working with AWS to offer Qualys TruRisk SME- and SMB-focused packages, we can help companies access the security expertise they need to combat the growing risks of ransomware and stay compliant with regulations such as PCI, HIPPA, GDPR, and more.”

Sophos

Sophos has released the State of Ransomware in Healthcare 2023 (registration required). The report revealed that 75% of ransomware attacks against healthcare organisations were successful in encrypting data. That number is up from 61% in 2022.

Additional key findings from the report include:

  • In 37% of ransomware attacks where data was successfully encrypted, data was also stolen, suggesting a rise in the “double dip” method

  • Healthcare organizations are now taking longer to recover, with 47% recovering in a week, compared to 54% last year

  • The overall number of ransomware attacks against healthcare organizations surveyed declined from 66% in 2022 to 60% this year.

  • Compromised credentials were the number one root cause of ransomware attacks against healthcare organizations, followed by exploits.

  • The number of healthcare organizations surveyed that paid ransom payments declined from 61% last year to 42% this year. This is lower than the cross-sector average of 46%

Chester Wisniewski, director, field CTO, Sophos, said, “To me, the percentage of organizations that successfully stop an attack before encryption is a strong indicator of security maturity. For the healthcare sector, however, this number is quite low—only 24%. What’s more, this number is declining, which suggests the sector is actively losing ground against cyberattackers and is increasingly unable to detect and stop an attack in progress. 

“The ransomware threat has simply become too complex for most companies to go at it alone. All organizations, especially those in healthcare, need to modernize their defensive approach to cybercrime, moving from being solely preventative to actively monitoring and investigating alerts 24/7 and securing outside help in the form of services like managed detection and response (MDR).”

Tenable

Tenable has published a new study called Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams” (registration required). It revealed that the average organisation was prepared to preventatively defend or block 57% of cyber-attacks it encountered. The remaining 43% were successful and required remediation.

The number of cyber-attacks organisations face is taking its toll. 58% of respondents say they spend almost all their time fighting successful attacks rather than working to prevent them. Worryingly, the main cause is an inability to reduce potential risks before they happen. Poor visibility of an organisation’s attack surface, assets, code weakness and user entitlement contributes to that.

Robert Huber, chief security officer and head of research, Tenable, said, “The scattershot firefighting by security organizations is a recipe for failure, especially with the expansion of the attack surface and exposure points caused by trends like cloud migration and AI.

“We’re speaking with more and more organizations about the importance of proactively understanding and reducing risk, and this research underscores that many of them know this intuitively, but are struggling with headwinds that are often beyond their control.

“We hope to foster more collaborative discussion between stakeholders to simplify their practices and get to the risk data they actually need for faster prioritization and remediation.” 

Security news from the week beginning 23 October 2023

LEAVE A REPLY

Please enter your comment!
Please enter your name here