In this week’s security news, ThreatQuotient published its 2023 State of Cybersecurity Automation Adoption Research Report. Enterprise Times also talked with Leon Ward, Vice President of Product Management at ThreatQuotient, about the findings.
Dragos
Dragos Inc has signed a memorandum of understanding (MOU) with Aramco, whose subsidiary Aramco Ventures is an investor in Dragos. The deal sees the two companies work to “review potential opportunities to help protect critical industrial assets and infrastructure for Aramco and its affiliates, and the Kingdom of Saudi Arabia.”
The MOU is to be the foundation for a longer agreement as part of Saudi Arabia’s Vision 2030. It will consider strategies for the rapid deployment of technologies to protect OT environments and supply chains. It will also see Dragos establish a local hardware assembly facility and training academy in the country.
Robert M. Lee, CEO and Co-Founder of Dragos, said, “Aramco sets a strong example through its commitment to build cybersecurity capabilities and infrastructure that support success for the whole region.
“This MOU will potentially result in more access for organizations to industrial cybersecurity technology and services so they can protect against, detect, and respond to threats, while also developing and training ICS/OT cybersecurity talent to ensure sustainable success.”
Egress
Egress and KnowBe4 have announced the latest update to their strategic partnership. KnowBe4 will use a bi-directional API to leverage live email threat intelligence sourced from the Egress platform. It will enable it to automatically deploy context-based training and phishing simulations.
The Egress adaptive cloud email security uses KnowBe4’s User Risk Score as one of multiple data points to model holistic human risk. The latest announcement sees email threat data from Egress flow back into KnowBe4. The goal is to enable fully automated threat-based training and simulation campaigns.
Tony Pepper, CEO at Egress, commented, “Today marks the beginning of a new and exciting era that focuses on delivering adaptive human protection across the enterprise. This is only possible through the seamless integration of applications within the cybersecurity ecosystem.
“By publishing events from Egress directly to KnowBe4 KMSAT’s User Timeline, we offer insight into the types of attacks people receive, along with how they engage with these threats to surface potential signs of compromise.”
This actionable intelligence is used to automatically tailor individual’s SAT programs to reflect the real threats and incidents they face, offering teachable moments that truly resonate.”
ESET
ESET has announced the launch of its new innovative and streamlined offering for consumers. There are three brand-new customer-centric subscription tiers. Each provides broad and reliable digital life protection via new features. These include a Virtual Private Network (VPN) and a Browser Privacy & Security extension.
The three tiers are ESET HOME Security Essential, ESET HOME Security Premium, and ESET HOME Security Ultimate. The solution will be available on Windows, macOS, Android, and iOS.
ESET HOME Security Essential is an entry-level subscription tier with protection features. Its key features are 24/7 real-time protection, fast scans without interruptions, non-stop safe banking & browsing, along with protected smartphones and smart homes.
ESET HOME Security Premium, extends the feature set further by adding other security functionalities. These include Secure logins with Password Manager and encryption of sensitive data and photos.
ESET HOME Security Ultimate is the most advanced subscription tier. In addition to the features included in Premium, it adds Metadata Cleanup for enhanced privacy, blocks unwanted website notifications and has an Unlimited VPN.
Mária Trnková, Chief Marketing Officer at ESET, said, “At ESET, we’re thrilled to unveil our cutting-edge consumer solutions. It’s more than just security – it’s a comprehensive portfolio designed to keep our customers safe in today’s digital landscape.
“The new ESET HOME Security subscription tiers offer multilayered security, protect privacy, and keep the devices and homes of our customers safe. With ESET, they’re not just protected; they’re empowered to explore, connect, and thrive securely.”
Invicti
Invicti Security has achieved ISO 27001:2022 accreditation for all its products. The company claims it underscores “the organization’s commitment to protecting sensitive information, maintaining data integrity, and providing clients and stakeholders with the highest level of trust.”
Matthew Sciberras, CISO and VP of Information Security and IT at Invicti Security, expressed pride in this achievement, stating: “Our team has worked tirelessly to achieve ISO 27001:2022 certification, and this accomplishment reflects our unwavering commitment to safeguarding the sensitive information entrusted to us. This certification reinforces our clients’ trust in our ability to protect their data and reaffirms our position as a leader in the application security sector.”
LastPass
LastPass has rolled out a new vault user interface (UI) on its iOS and Android mobile applications. It will provide all users with easier, more streamlined access to data in their vaults. IoS users can access the features now, with Android users getting them later in November.
The announcement calls out six key features in this new UI. They are:
- Reduced time searching for information with a refreshed, modern look and feel to get to what you need with fewer clicks so you can spend time on the tasks that matter most.
- Improved accessibility, with dynamic text that adjusts to the preferred reading size settings on users’ mobile devices.
- Intuitive vault organization, helping users find and fill items faster.
- Streamlined sharing of passwords from mobile, allowing simple and secure sharing with friends, colleagues and family from anywhere.
- Refreshed password generator for Android users, allowing easy on-the-go password generation.
- Mobile support for one-time passcodes for B2B customers allowing access to these passcodes from anywhere, anytime. Jordan Girman, vice president of product management, LastPass, said, “Today’s password manager users expect to be able to access their data from anywhere, quickly and seamlessly. This new UI release is part of LastPass’ ongoing effort to meet our customers where they are – at work, home, school, or on the go – and streamline their experience across the devices and browsers they use.
LogRhythm
LogRhythm has expanded its presence in the Kingdom of Saudi Arabia (KSA) to secure and protect the country’s growing digital infrastructure. It has launched a new regional headquarters (HQ) for India, the Middle East, Turkey, and Africa (IMETA) in Riyadh. The company has strengthened its existing on-the-ground support for local customers, enabling them to effectively bolster their cybersecurity postures.
The KSA introduced the KSA’s Essential Cybersecurity Controls (ECC). Opening an office in Riyadh will help LogRhythm support the KSA in its plans for Saudi Vision 2030.
Mazen Adnan Dohaji, Vice President & General Manager IMETA, LogRhythm, said, “The Kingdom has one of the fastest growing economies in the world and a rapidly developing IT sector, and this is attracting more tech companies to make the move into the region. With huge digital growth comes rising demand for cybersecurity as threat actors look to exploit this innovation.
“Our expanded presence in KSA enables more locally based organizations to bolster their cybersecurity posture in an increasingly interconnected world. It is fantastic to witness LogRhythm’s growth in the Middle East first-hand and we look forward to closely supporting more of our customers.”
Microsoft
Microsoft has announced its new generative AI solution—Microsoft Security Copilot—combined with our massive data advantage and end-to-end security, all built on the principles of Zero Trust. It creates a flywheel of protection to change the asymmetry of the digital threat landscape and favor security teams in this new era of security.
The announcement came in a blog by Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management. Jakkal also quoted from a recent Microsoft study that showed Security Copilot improved productivity for “new in career” security analysts. It showed:
- 44% more accurate responses and were 26% faster across all tasks
- 86% reported that Security Copilot helped them improve the quality of their work.
- 83% stated that Security Copilot reduced the effort needed to complete the task.
- 86% said that Security Copilot made them more productive.
- 90% expressed their desire to use Security Copilot next time they do the same task.
Privacera
Privacera has announced the results of its latest survey on generative AI data security trends. It reveals that an overwhelming majority of business leaders (96%), including Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), Chief Data Officers (CDOs), and Heads of AI, have either implemented or are exploring generative AI for their business and product enhancement.
Other findings from the survey show:
- 66% plan to implement an AI data security and governance strategy to avoid the misuse of generative AI models.
- 52% of respondents have already integrated generative AI into their business processes and products.
- 66% of respondents embracing or exploring generative AI said they prioritize the implementation of AI data security and governance strategies.
- Additionally, 57% of respondents indicated a preference for utilizing a dedicated data security platform.
- 98% have an automated approach to data security
Piet Loubser, SVP of Marketing at Privacera, said, “With the emergence of generative AI, public and private Large Language Models, organizations are looking for strategies to deploy and apply universal data security and governance as part of the end-to-end lifecycle for modern AI applications.
“These broader security considerations must include together, the securing and compliant use of data for training and fine-tuning of AI models in a consistent manner. While businesses of any size prioritize security, simply piecing together tools and point solutions for specific use cases will not suffice. Data-driven organizations need a comprehensive, unified data security platform to safeguard a wide range of use cases and data applications effectively and at scale.”
Qualys
Qualys is to participate in the Microsoft Security Co-Pilot Partner Private Preview. The company says it is working with Microsoft product teams to help shape Security Copilot product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Security Copilot extensibility.
Pinkesh Shah, chief product officer, Qualys, said, “Recognizing Microsoft’s commitment to enhancing global cybersecurity, we’re thrilled to collaborate with them as AI’s influence on the changing cybersecurity landscape is undeniable. While attackers are harnessing AI’s untapped potential, it’s time for the cyber risk defenders to get ahead.
“This is why we’re working alongside Microsoft in this important initiative of managing cyber risk proactively, not just reactively, which aligns with our Enterprise TruRisk Platform, enabling organizations to measure, communicate and eliminate their cyber risk more effectively.”
Sophos
There were two announcements from Sophos last week, both based on its Active Adversary Report for Security Practitioners. It delivers some shocking warnings that will resonate with security teams.
One of the concerns is that telemetry about attacks is missing in 42% of cases, mainly dues to attackers wiping data to cover their tracks. It makes it hard to know what has happened in the early stages of Incident Response. Those numbers come from an analysis of attacks over an 18-month period.
John Shier, field CTO, Sophos, said, “Time is critical when responding to an active threat; the time between spotting the initial access event and full threat mitigation should be as short as possible. The farther along in the attack chain an attacker makes it, the bigger the headache for responders.
“Missing telemetry only adds time to remediations that most organizations can’t afford. This is why complete and accurate logging is essential, but we’re seeing that, all too frequently, organizations don’t have the data they need.”
There has also been a shift in the dwell time, the length of time attackers are in a network before launching an attack. In 38% of cases of ransomware attacks, that time is now down to under five days. Sophos terms these fast attacks compared to longer dwell times that are slow attacks. Of interest, is that the attacks look the same. Sophos says that this does not require defenders to change their tools or approaches.
The second announcement introduces new security solutions. These are a mix of new solutions and enhancements to other tools. It includes:
- New Sophos Firewall v20 software with Active Threat Response
- Sophos Network Detection and Response (NDR) with Extended Detection and Response (XDR)
- Sophos XDR enhancements
Tenable
Tenable claims that UK cybersecurity teams are overwhelmed when dealing with cyber-attacks. In a recent whitepaper (registration required), it says that 48% of attacks are successful. With cybersecurity teams busy reacting to those attacks, they don’t have time to strengthen defences.
Tenable goes on to say that “60% of U.K. organisations [are] confident that their cybersecurity practices are capable of successfully reducing the organisation’s risk exposure.” The statements suggest that some companies are relying on what they have, rather than improving their defences to ward off new attacks.
The company goes on to say, “Nearly two-thirds of respondents (65%) believe their organisation would be more successful at defending against cyberattacks if it devoted more resources to preventive cybersecurity. Yet six in 10 respondents (60%) say the cybersecurity team is too busy fighting critical incidents to take a preventive approach to reducing their organisation’s exposure.”
Bernard Montel, EMEA Technical Director and Security Strategist, Tenable, said, “While reducing cyber risks has to be the priority, it seems easier said than done. Our study confirms that security teams are being overwhelmed by the sheer volume of cyberattacks they have to react to. As the attack surface becomes ever more complex, this imbalance will only worsen.
“Something has to change to stem the tide of successful attacks. Security leadership needs to be involved in high-end business decision making. Only then can the organisation hope to reduce its risks and take steps to address the challenges standing in the way.”
Trustwave
Trustwave SpiderLabs has released research highlighting critical risks to retailers. With Black Friday and Cyber Monday about to happen, the report could not have come at a better time. The report, “2023 Retail Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies,” (registration required), looks at threat groups and their tactics from entry to exfiltration.
Four highlights from the report include:
- The threat group LockBit accounted for 34% of ransomware incidents targeting the retail sector.
- A majority of the targeted retailers who reported a breach were from the United States (57%), with the United Kingdom (8%), and Canada (7%) coming in a far second and third, respectively.
- 30% of all reported incidents in retail can be attributed to Credential Access, of which 90% are through brute force.
- As lures for phishing emails, 59% use “Payroll Diversion,” followed by 19% “Request for Contract.”
The report lists 8 threat actors, including BlackCat/ALPHV, who filed a complaint with the SEC about one of their victims. It also lists 10 threat tactics that the threat groups are using.
According to Trustwave CISO Kory Daniels, “The significant shift towards digital commerce that unfolded during the global pandemic marked a pivotal moment for retailers. An industry historically focused on compliance and point-of-sale security had to rapidly adapt to surging consumer demands, virtual workforces, and evolving threat actors.
“Our latest threat briefing is a valuable resource for retail leaders and cyber defenders, providing a comprehensive view of the threats observed by our Trustwave SpiderLabs team, along with specific mitigation strategies to help organizations protect themselves, their consumers, and their assets.”
Veeam
Veeam Software has launched Veeam Backup for Salesforce v2. The solution is available on Salesforce AppExchange Veeam Backup for Salesforce. The company claims it eliminates the risks of Salesforce data and metadata loss from human, integration, and corruption errors.
This version adds new features and can be deployed on-premise or in the cloud. The new capabilities of Veeam Backup for Salesforce include:
- Salesforce business applications: Extended support of the Salesforce platform, including Salesforce Government and Education Clouds, Field Service, CPQ, Person Accounts, and managed packages, is now part of data backup offerings to ensure critical field service data meets compliance and is protected when off-site.
- Salesforce SSO and MFA: Enable role-based access for backup and restore operators via Salesforce to simplify and improve the security of your systems. Audit trail will keep track of all the sensitive operations.
- Sandbox seeding and enhanced restores: Restore to your sandbox with data from production or from another sandbox. Set alternate keys and get better controls over hierarchy restores. Enhance your company’s ability to test, develop and troubleshoot with the option to restore production data to your sandbox.
Danny Allan, CTO at Veeam, commented, “Reliability and consistency of protecting SaaS data is a key driver for improving data protection in 2023, according to the Veeam Data Protection Trends Report 2023. However, many organizations still don’t believe that Salesforce needs to be protected and that their data and metadata are safe in a cloud somewhere. We disagree – and so does Salesforce.”
Zimperium
Zimperium has joined the Microsoft Security Copilot Partner Private Preview. Its focus is on security for mobile devices and mobile apps.
Jon Paterson, Chief Technology Officer for Zimperium, said, “Zimperium is committed to securing mobile-powered businesses and protecting mobile endpoints and applications from today’s most advanced cyber threats and risks. We know that generative AI holds immense power in advancing this goal and empowering security professionals to stay strides ahead of these attacks.
“By partnering with Microsoft as a part of the Security Copilot Partner Private Preview, we are proud to help influence the future of AI in cybersecurity, offering our customers new and innovative tools to help security operations investigate and remediate mobile-related incidents quickly and at scale.”
