Anjuna launched Seaglass, a universal confidential computing platform that is infrastructure and application-agnostic. Orange Cyberdefense released its Security Navigator 2023, showing that cyber extortion soared 46% during the year.
NOYB lodged a complaint against Meta over the social media giant’s plans to get people to pay not to have their PII used for marketing purposes. Egress added advanced graymail detection to its email solution.
BlueVoyant
BlueVoyant has acquired Conquest Cyber, whose SaaS-based technology is targeted at streamlining risk management across an organisation’s cyber program. Conquest Cyber has a number of customers with high-security environments, including governments and the US Defence Partners.
The deal was funded by a US $140 million Series E funding round, but the actual price paid was not disclosed. The funding round was led by Liberty Strategic Capital and ISTARI. Eden Global Capital Partners served as a strategic advisor.
The acquisition and enhanced capabilities come at a critical time for high-security areas such as the Defense Industrial Base and Government sector. The US Department of Defense is set to enforce new cybersecurity rules, CMMC 2.0, while State and Local Governments face a surge in cyber incidents.
James Rosenthal, CEO and co-founder of BlueVoyant. said, “Despite the extensive range of cybersecurity vendors, a significant gap persists in the market concerning comprehensive solutions that empower clients to assess, operationalise, validate, and mitigate risks.
“The integration of BlueVoyant’s and Conquest Cyber’s capabilities addresses this shortfall, bolstering our ability to protect clients’ internal and external digital ecosystems in a more comprehensive manner.”
Cisco
There were two main announcements from Cisco this week at AWS re:Invent 2023 in Las Vegas. The first covers new integrations between Cisco ThousandEyes and Amazon CloudWatch Internet Monitor. It will give customers far deeper operational insights so that they can place assets where they are most effective. It will also provide greater monitoring based on customer profiles.
Mohit Lad, Senior Vice President and General Manager, Network Assurance, Cisco and Co-Founder, ThousandEyes, said, “Customers today need to assure digital experiences over any network—the ones they own and the ones they don’t. As the leader in Internet visibility, Cisco is on a mission to deliver unmatched end-to-end network assurance. Today’s integration with AWS demonstrates our shared commitment to empower our customers to more effectively monitor and manage their cloud environments.”
The Amazon CloudWatch Internet Monitor integration will be available in Cisco ThousandEyes in spring 2024.
The second announcement covered new business metrics in Cisco Cloud Observability. What makes this different from other monitoring solutions is that it is integrated with AWS services and application performance monitoring (APM). Cisco says the capability delivers:
- Support for multiple business metrics within a business transaction.
- Easy identification of business transactions configured with business metrics for troubleshooting.
- User-friendly configuration interface that enables users to preview business transaction attributes for accuracy and set up mission-critical metric alerts.
- Advanced KPI visualization including baseline performance and a historical analysis trend line, to easily identify when business performance is abnormal.
- Data segmentation by selected attribute values for quick visibility of customer segments being affected most.
Ronak Desai, Senior Vice President and General Manager for Cisco AppDynamics and Full-Stack Observability, said, “By elevating business metrics to first-class status, similar to other performance-related metrics, we enable organizations to mature their observability practice by empowering technical teams to prioritize technical issues that are aligned with business outcomes.”
Europol
Europol, Eurojust and seven countries collaborated to dismantle a ransomware operation being run from Ukraine. The operation saw 30 properties searched in the regions of Kyiv, Cherkasy, Rivne and Vinnytsia. The 32-year-old ringleader and four most active accomplices were arrested.
Intelligence for the raid came from devices seized in other operations over the past few years. That intelligence was spread across Europol offices and in Norway.
The individuals under investigation are believed to be part of a network responsible for a series of high-profile ransomware attacks against organisations in 71 countries. The investigation determined that the perpetrators encrypted over 250 servers belonging to large corporations, resulting in losses exceeding several hundreds of millions of euros.
Forescout
Forescout has officially opened its new Ottawa office. It is an expanded research & development (R&D) facility. Its focus will be on helping enterprises more effectively manage cyber risks and threats targeting their IT, OT and IoT devices and cyber assets.
Barry Mainz, CEO, Forescout, said, “The cloud-native cybersecurity SaaS, developed by the Ottawa team and acquired with the purchase of Cysiv in 2022, is central to our business strategy and to our customers’ need for solutions that support on-premise, cloud and hybrid deployment models. With the rapid growth in demand we’re seeing globally, now is the time to further invest in Ottawa, and that starts with our new office.
“We are a company poised for more opportunities to partner at deeper levels with clients and accelerate our cyber-solutions roadmap in 2024.”
LiveAction
LiveAction has announced its first Middle East distribution partner, Shifra. Shifra will deliver LiveAction’s full product portfolio in addition to technical, pre- and post-sales support.
The offering will include LiveAction’s leading network performance management (NPM) solutions. LiveAction’s LiveNX NPM platform enables comprehensive network observability that spans the entire network – on-premises, WAN, SD-WAN, cloud, or hybrid. The LiveWire packet capture solution solves complex network events faster with forensic-level analytics that help eliminate blind spots in any network.
Luke Millar, International Channel Director, LiveAction, said, “There’s a massive opportunity for LiveAction and our partners in the Middle East. Our partnership with Shifra not only plays an important role in our growth into new verticals and geographies, but it upholds our commitment to providing our partners and customers with end-to-end performance visibility.”
Logpoint
Logpoint has published a deep analysis of the Cactus ransomware that emerged in March 2023. Since then, it has been credited with 58 victims and is seen as a dangerous new piece of malware. One reason for this is the sophistication of its attacks.
Among the TTPs Cactus uses, are some sophisticated features such as auto-encryption. It also uses a consecutive change of file extensions post-encryption.
Bibek Thapa Magar, Logpoint Security Analytics Engineer, said, “Cactus is a good example of ransomware groups employing increasingly sophisticated TTPs in their attacks. What stands out in this case is that the malware encrypts itself to evade detection.
“The smooth way of avoiding defenses shows that the group is good at the game. Cactus has quickly made a significant impact, using double extortion, compromising sensitive data, and leaving victims with limited choices.”
ManageEngine
ManageEngine has unveiled what it calls “the industry’s first dual-layered threat detection system in its security information and event management (SIEM) solution, Log360.” Available in Vigil IQ, it delivers improved accuracy and enhanced precision for SOC teams when it comes to threat detection.
The company has called out three key features of Vigil IQ:
Smart Alerts: Vigil IQ, the TDIR module of Log360, now combines the power of both accuracy and precision in threat detection. With its dynamic learning capability, Vigil IQ adapts to the changing nature of network behavior to cover more threat instances accurately. It will spot threats that get overlooked due to manual threshold settings, thereby improving the detection system’s reliability.
Proactive Predictive Analytics: Leveraging predictive analytics based on historical data patterns, Vigil IQ predicts potential security threats, facilitating the implementation of proactive measures before incidents occur. This predictive intelligence drastically reduces the mean time to detect (MTTD) threats.
Contextual Intelligence: Vigil IQ enriches alerts with deep contextual information, providing security analysts with comprehensive threat insights. This enrichment of alerts with non-event context accelerates the mean time to respond (MTTR) by delivering pertinent, precise information.
Manikandan Thangaraj, vice president at ManageEngine, said, “We pioneered a dual-layered, ML approach to heighten the precision and consistency of threat detection. First, Vigil IQ ensures genuine threats are discerned from false positives.
“Second, the system facilitates targeted threat identification and response. This advanced system significantly improves the accuracy of identifying threats, streamlining the detection process and allowing SOC analysts to focus their valuable time on investigating real threats.”
Menlo Security
Menlo Security has made two executive leadership appointments. Pejman Roshan is the new Chief Marketing Officer, and Naresh Bansal is to be the Chief Financial Officer. Both come with extensive leadership and industry experience as the company sets itself up for a strong 2024.
Pejman Roshan, said, “Menlo Security addresses an attack vector often ignored in security strategies, yet highly sought after by sophisticated cybercriminals – the browser. I’m thrilled to be joining this team at a time when AI is driving both new and rapidly evolving threats, as well as being harnessed to address these security challenges with innovative solutions.
“Menlo is at the forefront of this intersection and is empowering its wide customer base including a long list of blue-chip companies to eliminate the threat of malware from web, documents, and email.”
Naresh Bansal commented, “I’m ecstatic to be joining the incredible team at Menlo Security and have already seen the unique growth and market opportunity of the company and its product suite. I have witnessed the challenges companies face in building global finance teams that stay abreast of the changing regulatory, financial and investor changes, and I’m eager to help usher Menlo Security to the next stage of growth and expansion.”
Mimecast
Mimecast has also made a new appointment this week. Janet Prosper is to become the Chief Human Resources Officer. The appointment confirms Prosper in position as she has been the interim CHRO since October 2022. Along with leading human resources, Prosper is also charged with leading Mimecast’s diversity, equity, and inclusion initiatives.
Prosper commented, “It is an honor to lead Mimecast’s fabulous and talented team of human resources professionals. I look forward to continuing our work together and partnering with our business leaders to foster an innovative and inclusive culture where people can do their best work, driven by our Mimecast Way values.”
Okta
Okta is another vendor making pre-Christmas announcements in preparation for 2024. It has announced the appointment of Jon Addison as Chief Revenue Officer (CRO), and Kerry Ok as Chief Marketing Officer (CMO). Addison is effectively confirmed in a role he has held since February 2023. Kerry joined with Okta acquired AuthO in 2021.
Addison commented, “Our customers are looking to address the threat landscape by leveraging AI, building seamless customer experiences and implementing Zero Trust security. I’m honored to serve as Chief Revenue Officer and to help address this mission-critical need, backed by an industry-leading team skilled at driving innovation. It’s an incredibly exciting time to focus on AI and identity, and Okta is well-positioned to expand its leadership position.”
Ok, said, “There’s never been a more complex landscape for security professionals, IT admins, developers and marketers than today, and Okta is uniquely positioned at the center of each of these worlds. We have a huge opportunity to educate and engage our customers about the power of identity in this pivotal moment, and I’m thrilled with the opportunity to help lead our team.”
Privacera
At AWS re:Invent 2023, Privacera revealed that Privacera AI Governance (PAIG) now integrates with Amazon Web Services (AWS) on security for foundation models (FMs) used for generative AI. Using Amazon Bedrock and Amazon SageMaker, PAIG delivers governance and the protection of sensitive data in FMs and Gen AI applications.
Balaji Ganesan, Privacera co-founder and CEO. “Today, we are thrilled to announce the integration of PAIG with Amazon Bedrock and Amazon SageMaker. It’s a testament to our commitment to AWS and to seamlessly integrate with AWS AI and ML services to help enterprises address critical security, governance, and compliance requirements.”
Proofpoint
Proofpoint has appointed Sumit Dhawan as Chief Executive Officer, effective immediately. He will replace Rémi Thomas, who has been interim CEO since October 25th. Thomas will continue to serve as the company’s CFO.
Seth Boro, managing partner at Thoma Bravo, said, “The Proofpoint board of directors could not be more excited to partner with Sumit as he joins Proofpoint to usher in a new stage of growth.
“Sumit brings a wealth of valuable experience and expertise in building category-leading, scaled companies and businesses. We are confident his customer-centric passion and strong legacy of leadership will continue to carry Proofpoint’s mission forward in providing people-centric cybersecurity solutions that address some of the most challenging risks facing organizations today.”
Quantum Dice
Quantum Dice, a spinout from the University of Oxford’s quantum optics laboratory, and SpeQtral, a leading quantum communications technology company, have announced the launch and use of the Zenith Quantum Random Number Generator (QRNG). The QRNG is designed to enable secure quantum communication technologies in the upcoming SpeQtral-1 satellite mission.
SpeQtral-1 is SpeQtral’s second quantum key distribution (QKD) satellite that builds on the existing SpeQtre mission. It will serve as a commercial pathfinder and demonstrator to define the future of global quantum secure communication services. It features the QRNG, SpeQtral’s entanglement and weak coherent quantum payloads, and a laser communications system in a 16U CubeSat.
This will allow SpeQtral to showcase and experiment with different quantum-secure protocols, including QKD based on entanglement, weak coherent pulses, as well as alternative higher-speed key delivery techniques.
Marko von der Leyen, Quantum Dice CTO, remarked: “Quantum Dice’s Zenith device has been engineered to withstand harsh environments in space without compromising on the security standards of the continuous live verification of our quantum randomness. We are proud to be a partner on the SpeQtral mission with our ultra-fast Gbps-class system, supporting an important domain of future communications.”
Sonatype
At AWS re:Invent 2023, Sonatype made two announcements. The headline announcement was that it had achieved AWS DevOps Competency Status. The company also revealed that it has expanded its AWS Marketplace presence by adding Sonatype Lifecycle SaaS.
“Achieving the AWS DevOps Competency is a testament to the value our software supply chain management platform provides,” said Wayne Jackson, CEO at Sonatype.
“In a world where the faster companies bring value to market, the more the market rewards them – we know how vital speed is for true innovation. But, not at the expense of security. Sonatype is committed to helping companies control risk across the full software development life cycle (SDLC), in a way that accelerates development processes.”
Sophos
Sophos released two reports this week, both looking at the use of AI in cybercrime. The first report—“The Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AI”—demonstrates how, in the future, scammers could leverage technology like ChatGPT to conduct fraud on a massive scale with minimal technical skills.
What is interesting is how Sophos chose to validate its view of the importance of AI as a tool for attackers. It describes how it used publicly available e-commerce templates and LLM tools to create a fake website with little technical skill. It was then able to use that to generate hundreds of similar websites in minutes. Such automation makes it easier for attackers to build and rotate infrastructure.
The second report, titled “Cybercriminals Can’t Agree on GPTs,” found that, despite AI’s potential, rather than embracing large language models (LLMs) like ChatGPT, some cybercriminals are skeptical and even concerned about using AI for their attacks.
The second report is just as interesting as the first. While looking for AI as a social engineering tool, Sophos discovered something else. Attackers were looking at how to abuse and jailbreak the protections in LLMs.
Trend Micro
It was a busy week for Trend Micro. Four major announcements, including new products and recognition of its competency by AWS when it comes to Security and Cloud Operations. The announcements are:
- An AI-powered Cybersecurity assistant for security teams called Trend Companion. It is part of the Trend Vision One platform, and the company believes it could reduce time spent on manual risk assessments by 50% or more.
- The addition of cloud risk management to the Trend Vision One platform. The new solution is called the Attack Surface Risk Management (ASRM) and is designed to give teams a wider view of their cloud security risks.
- The use of generative AI and the integration of its global threat intelligence and millions of diverse sensor types to deliver better visibility in its flagship Trend Vision One platform.
- Achieving the Amazon Web Services (AWS) Built-in Competency in the Security and Cloud Operations category. It recognises that Trend Micro is providing customers with an AWS built-in co-build solution that is designed to automatically install, configure, and integrate with key foundational AWS services using a well-architected modular code repository (MCR) in an automated deployment package validated by AWS experts, increasing the customer’s time to value.
Veeam
Veeam has announced the Zero Trust Data Resilience (ZTDR). It is a model to help organizations reduce the risk of growing data security threats and improve their overall resilience. Importantly, it was developed in collaboration with Zero Trust expert Jason Garbis of Numberline Security.
ZTDR applies Zero Trust principles to backup and recovery as an extension to the Cybersecurity & Infrastructure Security Agency (CISA) Zero Trust Maturity Model. Essential to ZTDR is the separation of backup management systems and their storage tiers into distinct resilience zones. This reduces the attack surface, limits the potential blast radius from breaches and delivers immutable backup storage.
“Backup infrastructure by its nature has a large attack surface, because it must have read and write access to production, spanning virtually all enterprise applications and data sources, both on-premises and in the cloud,” said Jason Garbis, Founder at Numberline Security.
“To reduce that risk, Numberline and Veeam are proposing practical Zero Trust Data Resilience tools, including core principles, an architecture, and a maturity model. Our goal is to help organizations fill a gap in their security strategy by extending Zero Trust to backup and recovery to achieve greater cyber resilience.”
WatchGuard
WatchGuard is the latest security vendor to release its 2024 cybersecurity predictions. They are dominated by dire warnings about the use of AI by attackers, the risk to VR/AR headsets, better spear phishing tools and QR code abuse.
Corey Nachreiner, chief security officer at WatchGuard Technologies, said, “Every new technology trend opens up new attack vectors for cybercriminals. In 2024, the emerging threats targeting companies and individuals will be even more intense, complicated, and difficult to manage.
“With an ongoing cybersecurity skills shortage, the need for MSPs, unified security, and automated platforms to bolster cybersecurity and protect organizations from the ever-evolving threat landscape have never been greater.”
