FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Monday, February 28, 2022

Leading Maldivian Streaming Service Selects Verimatrix Platform To Protect App, Content and Revenues

AIX-EN-PROVENCE, France & SAN DIEGO–(BUSINESS WIRE)–Regulatory News:

Verimatrix, (Euronext Paris: VMX), the leader in powering the modern connected world with people-centered security, today announced that ECOMXCHANGEMV Pvt Ltd selected the Verimatrix Secure Delivery Platform to utilize its Code Shield and Multi-DRM solutions to protect the fast-growing Baiskoafu video streaming service and its mobile app aimed at the Maldivian market.

Code Shield helps prevent valuable media and entertainment apps such as Baiskoafu from becoming an entry point for hackers while Multi-DRM technologies enable the consistently secure delivery of highly valuable content such as movies, television programming and sports. As a uniquely comprehensive streaming app for the country, Baiskoafu allows users to easily find, stream and download both audio and video content. The app offers a limited free version while also providing valuable premium services surrounding its songs, movies, albums and artists – enabling users to create individualized collections. The Baiskoafu Studio provides added value to users with original content for additional entertainment.

“Our entertainment app provides popular, engaging and highly sought-after content that requires us to put in place solid app security technologies to protect our revenue as well as our content that spans licensed movies to original documentaries and countless other content,” said Mohamed Mirusan, Managing Director at ECOMXCHANGEMV, the makers of Baiskoafu. “The Verimatrix Platform offered a compelling mix of threat defense products, monitoring tools and customer support.”

“Verimatrix prides itself of offering both ease of use and proven protections – a combination that is important for fast-growing streaming services such as Baiskoafu that look to safely scale,” said Asaf Ashkenazi, Chief Operating Officer and President at Verimatrix. “ECOMXCHANGEMV is one of the first streaming organizations to utilize our new Secure Delivery Platform for both cybersecurity and anti-piracy protection – we’re excited to welcome them as a new customer.”

Baiskoafu offers a free trial and is available for download now on iOS (https://apps.apple.com/us/app/baiskoafu/id1421677446?ls=1) and Android (https://play.google.com/store/apps/details?id=com.baiskoafu.main).

About Verimatrix

Verimatrix (Euronext Paris: VMX) helps power the modern connected world with security made for people. We protect digital content, applications, and devices with intuitive, people-centered and frictionless security. Leading brands turn to Verimatrix to secure everything from premium movies and live streaming sports, to sensitive financial and healthcare data, to mission-critical mobile applications. We enable the trusted connections our customers depend on to deliver compelling content and experiences to millions of consumers around the world. Verimatrix helps partners get to market faster, scale easily, protect valuable revenue streams, and win new business. Visit www.verimatrix.com.

The post Leading Maldivian Streaming Service Selects Verimatrix Platform To Protect App, Content and Revenues appeared first on Cybersecurity Insiders.


March 01, 2022 at 09:09AM

Keepit Vice President Chris Braden to Present at Channel Company’s Xchange Conference

DALLAS & FORT WORTH, Texas–(BUSINESS WIRE)–Keepit, the market leader in cloud backup and recovery, and the world’s only independent, vendor-neutral cloud dedicated to SaaS data protection, with a blockchain-verified solution, today announced that Chris Braden, Vice President of Sales and Channels for the Americas, will be presenting a series of roundtable discussions at The Channel Company’s Xchange March 2022 Conference in Dallas, Texas. The conference, titled “Delivering a Digital World with XaaS,” will take place from February 27th through March 1st at the Gaylord Texan Resort & Conference Center. In addition to presenting, Keepit is also an event sponsor.

During the roundtables, Braden will speak to five key considerations for cloud data backup and recovery. The discussions will address opportunities and challenges all businesses face, such as security concerns, scalability issues, storage and compliance needs, and software cost control. In addition to discussing the Keepit solution itself, Braden’s session will highlight Keepit’s main differentiators and the benefits it provides to its partners, including substantial margins; a quick sales cycle; a straightforward, one-price-per-seat cost structure that includes unlimited storage and archiving; and the simplicity of its user interface, which allows customers to have the solution up and running within minutes.

“I am looking forward to this incredible opportunity to engage with partners and customers in person at the Xchange 2022 conference,” said Braden. “Keepit’s data protection service offers customers tremendous advantages as they seek to maximize XaaS (Anything-as-a-Service) revenue streams and navigate complications such as supply chain constrictions, an increasingly remote workforce, and tough labor markets. Although Keepit is a relative newcomer to the United States, the company already has hundreds of direct customers and 75 partners here, along with thousands in Europe and across the globe. We are excited to work more closely with our U.S. customers and expand our presence in the U.S. market.”

About Keepit

Keepit is a Software-as-a-Service company that provides dedicated data protection for companies with data stored in the cloud. Keepit is the world’s only vendor neutral and independent cloud dedicated to SaaS data protection based on a blockchain-verified solution. Headquartered in Copenhagen with offices and data centers globally, Keepit is trusted by thousands of companies worldwide to protect and manage their cloud data. For more information, visit www.keepit.com or follow Keepit | LinkedIn.

The post Keepit Vice President Chris Braden to Present at Channel Company’s Xchange Conference appeared first on Cybersecurity Insiders.


March 01, 2022 at 09:09AM

Less Than Half of Organizations Say They Have High Confidence in the Security of Their Linux Servers, According to New Research from Synaptic Security

ATLANTA–(BUSINESS WIRE)–Following the exposure of massive cybersecurity vulnerabilities over the past two years, three out of four organizations have experienced a cybersecurity attack, one-third of which happened within the last six months, according to new research from Synaptic Security. Further, most organizations believe they are not fully prepared for ransomware and other security threats. The result: cybersecurity is a top business priority for the next 12-24 months, even more important than new customer acquisition and operational efficiency. In fact, 75 percent of those surveyed say the challenges of managing cyber threats, especially within Linux environments, will only increase in 2022 and beyond.

​​These are just a few of the key findings of new global research conducted by Synaptic Security (the emerging leader in cybersecurity for Linux) and independent research firm, Revelocity (www.revelocitygroup.com). The conclusions are based on a survey of security leaders on key priorities, trends and challenges associated with cybersecurity, perceived organizational preparedness, and future plans.

The research quantifies and highlights a widening gap between new security dynamics, ever-expanding vulnerabilities, and exponentially more cyber threats – all which must be managed with limited budget and resources. Organizations are least prepared to address ransomware and cryptojacking, according to the research. However, these same groups are prioritizing spending on ransomware, endpoint detection and response (EDR) and data loss prevention.​

“Our new research reveals that organizations have already experienced tremendous challenges related to their cybersecurity, and unfortunately more impacts are on the horizon,” says Anthony Gadient, CEO, Synaptic Security. “At the start of 2021, companies were struggling to handle the increasing complexity of cyber attacks. New vulnerabilities have further impacted organizations’ preparedness levels, putting them in a more vulnerable state or leaving them even further behind. It’s urgent for organizations to close this cybersecurity gap as it threatens other top business initiatives, such as acquiring new customers and operational efficiency. The time is now for a Linux-first solution.”

Respondents expressed a wide range of key concerns with the top three being: Security level provided, protection from new threats, and blocking of “zero day” threats. When it comes to the cybersecurity solution capabilities organizations considered most critical in 2022, the top three were listed as clear insights, identification of attacks in seconds, and defense against file and fileless attacks. Moving forward, 91 percent of organizations believe their spending on cybersecurity solutions will increase over the next 12-24 months, and will be investing to a high or moderate degree in cloud-based cybersecurity solutions that can help close the cybersecurity gap, especially for Linux environments. Further, survey respondents called out sustainability (both economic and environmental) with respect to EDR solutions as “very important.”

The research, conducted by Revelocity, focused on identifying and assessing priorities, trends and challenges associated with endpoint detection and response (EDR) solutions for Linux servers (ransomware, cryptojacking, and data loss prevention). According to Revelocity CEO, Read Ziegler, “the survey clearly underscored the clear and immediate organizational priority for cybersecurity, especially within Linux environments. We were able to confirm and explore this growing sense of urgency, as well as quantify the gap in business preparedness to address the associated challenges.”

Synaptic Security is responding to help customers address these urgent challenges with dedicated information regarding vital technologies to support the future of cybersecurity. To view the survey results and read more about Linux-first cybersecurity, please visit: www.synsec.ai/research.

About the Survey Methodology

The survey was conducted in 2021 through independent research firm REVELOCITY Group via a customized web-based survey. The survey group consisted of decision-makers/recommenders/influencers for cybersecurity solutions for their organizations.

About Synaptic Security

Synaptic Security® is on a mission to help commercial and public organizations simplify and improve cybersecurity before data is compromised. Its industry-first solution, purpose built for Linux, can automatically shield against attacks that have a crucial impact with unparalleled efficacy and minimal CPU impact. The Synaptic Security technology draws on the latest advancements in AI and an open cloud architecture, to help customers close the cybersecurity gap.

Synaptic Security™. Learn more at https://synsec.ai.

SYNAPTIC SECURITY is a trademark of Synaptic Security Systems, Inc. Synaptic Security and other parties may also have trademark rights in other terms used herein.

The post Less Than Half of Organizations Say They Have High Confidence in the Security of Their Linux Servers, According to New Research from Synaptic Security appeared first on Cybersecurity Insiders.


March 01, 2022 at 09:09AM

Assessing Cybersecurity Today to Improve and Protect Tomorrow's Manufacturing Operations

DUBAI , United Arab Emirates–(BUSINESS WIRE)–Process plant automation systems are engineered over a long period to ensure repeatable, reliable, available, and safe operations. However, increased connectivity to business systems has also increased the vulnerability of control systems to cyber-attacks.

Organizations are now pushed to prioritize cybersecurity so that their systems remain secure, stable, and protected. But how and where do they even begin their cybersecurity journey?

Emerson recommends a cybersecurity risk assessment to evaluate gaps in currently implemented strategies, technologies, and policies and procedures. The output of the assessment will provide a roadmap for identifying, prioritizing, and eliminating vulnerabilities.

To begin, operations technology (OT) and information technology (IT) teams must be aware of three common missteps:

  • Assuming the team already knows and understands all the risks

    Cybersecurity is not a set-and-forget solution. It is constantly evolving, and antivirus software and firewalls are no longer sufficient to secure and protect a system. A cyber risk assessment can help teams identify, document, prioritize and build a roadmap around the highest threat vulnerabilities. This roadmap provides a guide for creating solutions and the required framework to protect the plant.
  • Believing in a single solution to fix all risks and threats

    Cybersecurity is not a single solution. There are no shortcuts, especially when dealing with cyber security on an industrial scale. Cybersecurity requires constant testing and evaluation of systems and solutions on their compatibility and effectiveness to a plant’s process.
  • Assigning the cybersecurity program as a low priority with limited funding

    Cybersecurity should be a priority. The simplest example of inaction is assigning a small department handling IT and OT on a limited budget. It is easy for such a team to become overwhelmed because there are so many vulnerabilities to address with their limited resources and funding. Not every problem needs to be fixed at once. Organizations can start with individual solutions and build toward a comprehensive, in-depth strategy to manage budget and resource concerns. A good cybersecurity risk assessment will allow businesses to prioritize what they most need to build an effective first defense system at a reasonable cost.

Increased connectivity to business systems launches businesses forward, but it also raises the relevance of cybersecurity protection to maintain the safety and security of control systems. A cyber risk assessment is one of the most practical ways to begin approaching cybersecurity. This lays the groundwork for a sustainable and robust cybersecurity system that can help future-proof businesses.

To learn more about cybersecurity, read the full article at https://www.controleng.com/articles/assessing-cybersecurity-today-to-improve-tomorrows-manufacturing-operations/.

About Emerson

Emerson (NYSE: EMR), headquartered in St. Louis, Missouri (USA), is a global technology and engineering company providing innovative solutions for customers in industrial, commercial, and residential markets. Our Emerson Automation Solutions business helps process, hybrid, and discrete manufacturers maximize production, protect personnel and the environment while optimizing their energy and operating costs. Our Emerson Commercial and Residential Solutions business helps ensure human comfort and health, protect food quality and safety, advance energy efficiency, and create sustainable infrastructure. For more information visit Emerson.com.

LinkedIn

*Source: AETOSWire

The post Assessing Cybersecurity Today to Improve and Protect Tomorrow's Manufacturing Operations appeared first on Cybersecurity Insiders.


February 28, 2022 at 09:09PM

Insurers to Benefit From Streamlined Underwriting and Risk Evaluation as CyberCube Partners with Duck Creek Technologies

SAN FRANCISCO–(BUSINESS WIRE)–Cyber risk analytics specialist CyberCube announced today that it has partnered with Duck Creek Technologies (Nasdaq: DCT), a leading provider of software as a service (SaaS) insurance core systems, to streamline the underwriting of cyber insurance policies.

The partnership will see the integration of CyberCube’s Risk Scoring Analytics application programming interface (API) into Duck Creek Policy, the award-winning underwriting platform. This means that risks input into Duck Creek Policy will automatically be scanned and scored by CyberCube. The offering automates the flagging and referring of risks that require review, streamlining the underwriting process, increasing efficiency, and improving the ability to identify cyber vulnerabilities.

CyberCube’s Ross Wirth, Head of Client Account Management and Technology Services, said: “This new partnership with Duck Creek will bring tangible benefits to the users of Duck Creek’s policy underwriting platform. Prior to the integration, underwriters were making decisions without access to key cyber metrics. They may have missed key flags and would have had to rely solely on external research during the underwriting process. Now, that’s changing. CyberCube’s risk scoring API will act as an early indicator to assist in the underwriting process. Ultimately, underwriters will gain a more complete view of a client’s cyber exposures and vulnerabilities early in the underwriting process so that they can respond accordingly.”

CyberCube is a leading provider of cyber risks analytics to the global insurance industry. Insurers, reinsurers and brokers use CyberCube’s products to gain a greater understanding of their exposure to cyber risk and to assess clients for underwriting purposes. CyberCube’s products also allow risk carriers to stress test their portfolios of risk against modeled systemic cyber events.

Duck Creek Policy enables P&C carriers to deliver insurance products at scale in an era of rapid, customer-centric innovation and growth. The Policy product supports the full insurance policy lifecycle process with automation and workflow management capabilities, an integrated development environment for insurance products, and pre-built content. Using low-code tools and delivered through a software-as-a-service (SaaS) model, carriers can go to market faster, increase operational efficiencies, and improve customer satisfaction.

“Data-enhanced underwriting is a modern risk-selection requirement to effectively and appropriately analyze cybersecurity risks,” said Robert Fletcher, Head of Global Solution Partnerships of Duck Creek Technologies. “With CyberCube, we are bringing better business and underwriting intelligence into Duck Creek Policy, ensuring carriers who underwrite cyber risk have a centralized source of actionable data.”

About CyberCube

CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modeling on thousands of points of technology failure.

The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners and backing from ForgePoint Capital, HSCM Bermuda, MTech Capital and individuals from Stone Point Capital. For more information, please visit www.cybcube.com or email info@cybcube.com.

About Duck Creek Technologies

Duck Creek Technologies (Nasdaq: DCT) is a leading provider of core system solutions to the P&C and general insurance industry. By accessing Duck Creek OnDemand, the company’s enterprise software-as-a-service solution, insurance carriers are able to navigate uncertainty and capture market opportunities faster than their competitors. Duck Creek’s functionally-rich solutions are available on a standalone basis or as a full suite, and all are available via Duck Creek OnDemand. For more information, visit www.duckcreek.com.

The post Insurers to Benefit From Streamlined Underwriting and Risk Evaluation as CyberCube Partners with Duck Creek Technologies appeared first on Cybersecurity Insiders.


February 28, 2022 at 09:09PM

FalconStor Software Names Vincent Sita as Chief Financial Officer

AUSTIN, Texas–(BUSINESS WIRE)–FalconStor Software, Inc. (OTCQB: FALC), the trusted data protection software leader modernizing disaster recovery and backup operations for the hybrid cloud world, today announced that the company has appointed Vincent Sita as chief financial officer. Sita has more than two decades of experience, having worked both in publicly listed and privately held companies, with the past few being spent as a finance consultant and finance executive in medium-sized businesses. In his role at FalconStor, Sita will report to CEO Todd Brooks and will oversee the company’s financial matters, including finance, accounting, tax, treasury, and investor relations.

Throughout his career, Sita has been a leader in finance, having spent 17 years in various finance roles at Bell Canada and the better part of a decade with ACN, the largest direct selling telecommunications and essential services provider in the world, as vice president of finance, North America. The past few years, he was a consultant working with several companies on strategic and value-added initiatives such as market expansion, operational and system integrations, and change management.

“I am pleased to join FalconStor as the company capitalizes on the huge market opportunity for hybrid cloud data protection solutions, both in the end user and the managed service provider (MSP) community,” said Vincent Sita. “I will be collaborating with the worldwide team of FalconStor experts and partners to continue the work they have done in this very important growth phase of the company and make sure we create value for shareholders while supporting our expanding customer base.”

“I am glad that Vincent is joining the FalconStor family and we have his guidance as we execute on our two-pronged strategy to deliver hybrid cloud data protection. He will be an essential member of the executive team as we focus our efforts on enabling managed service providers as our primary channel that we have articulated in 2020 and 2021,” said Todd Brooks, CEO of FalconStor. “With Vincent’s arrival and thanks to his extensive expertise in subscription-based businesses, we remain in an excellent position to drive our strategy forward and deliver for our worldwide partner and shareholder communities.”

About FalconStor

FalconStor is the trusted data protection software leader modernizing disaster recovery and backup operations for the hybrid cloud world. The company enables enterprise customers and managed service providers to secure, migrate, and protect their data while reducing data storage and long-term retention costs by up to 95 percent. More than 1,000 organizations and managed service providers worldwide standardize on FalconStor as the foundation for their cloud first data protection future. The company’s products are offered through and supported by a worldwide network of leading managed service providers (“MSPs”), systems integrators, resellers, and original equipment manufacturers (“OEMs”). To learn more, visit www.falconstor.com and stay connected with us on YouTube, Twitter, and LinkedIn.

The post FalconStor Software Names Vincent Sita as Chief Financial Officer appeared first on Cybersecurity Insiders.


February 28, 2022 at 09:09PM

Keyavi Data Expands Leadership Team with Mark Cundy as VP of Engineering

DURANGO, Colo.–(BUSINESS WIRE)–Keyavi Data Corp., a cybersecurity trailblazer whose breakthrough technology is transforming the very nature of the data security industry, announced today that Mark Cundy has joined the company as vice president of engineering. He brings 27 years of experience producing high-quality software solutions and leading technology innovation at global brands such as Starbucks, AT&T and British Telecom.

At Keyavi, Cundy is responsible for managing the company’s software development, quality assurance and product deployment teams and initiatives. He also contributes to the company’s technical roadmap and helps ensure that the vision for enhancing Keyavi’s already paradigm-shifting data security solution expands through excellence in execution.

“Mark is a software engineering leader of the highest caliber,” said Elliot Lewis, Keyavi’s CEO. “He has a passion for building best-in-class software systems, growing high-performing teams and delivering exceptional products and services for some of the biggest enterprises in the world. Having run his own consulting company, Mark also has an entrepreneurial agility and business mindset that make him a perfect fit for our growth trajectory. We’re delighted to have him join our executive ranks.”

Shai Guday, chief product officer, added, “Mark is a champion of agile transformation initiatives who knows what it takes to lead highly engaged teams at hyperspeed and develop software applications that customers love. He’s a master at accelerating time-to-market for products that drive business value and revenue. His talents and executive focus will be great assets as our company continues building and scaling disruptive data security solutions.”

In 2020, Keyavi unveiled breakthrough technology that embeds actual data with intelligence so that it automatically thinks and protects itself wherever it travels inside or outside a company’s security perimeter. Multilayered security is infused into every piece of data – at the data level – so that no single layer can be compromised without triggering protection mechanisms in the surrounding layers. Data embedded with Keyavi’s patented technology knows where it’s supposed to be and where it isn’t, when it should open or stay locked down, and to report back to its owner in near-real time who has it and what device it’s on.

The company recently released an enhanced 2.0 product suite with new, single sign-on and account management capabilities that enable global enterprises to share and manage their data with employees and third parties seamlessly and securely on any device, anywhere, at any time. As a result, enterprises can quickly and securely authenticate user identities and grant or change policy permissions for access to business data on the fly.

“Keyavi’s jaw-dropping tech and vision for solving fundamental human data security challenges are truly inspiring,” said Cundy. “So is being part of a transparent culture where ideas are shared cross-functionally with experts at the tops of their fields. I’m thrilled to be part of a company that’s changing the way the world thinks about data security.”

During his formidable career, Cundy has designed and overseen the implementation of software and mobile deployments at global enterprises, small startups and for clients at his own consultancy who needed help migrating to the cloud. He has also led organizations through large-scale digital transformations.

Cundy began his career with GTE (now Verizon) as a software engineer and later became global leader of computer telephony integration systems. He transitioned to British Telecom in 1995 as chief architect and group manager in voice solutions design.

In 2007, while serving as director of quality assurance and lifecycle management at Cingular Wireless, Cundy was at the forefront of developing, testing and launching v1.0 of the Apple iPhone and iOs apps.

Over the next eight years, he executed the technology vision and strategy for AT&T’s third-party API platform and developer ecosystem, pivoting to open source, cloud and Service-Oriented Architecture so that software components would be reusable and interoperable.

Cundy joined Starbucks in 2016, helping lead the redesign of the company’s mobile order and pay, loyalty/rewards and payment programs with a new digital experience for some 15 million customers. As part of this two-year initiative, he also led the software development for key revenue-generating services at Starbucks’ retail stores and scaled its loyalty program and stored value/payment system, including migrating the new infrastructure and applications to Microsoft’s Azure cloud computing platform.

Most recently, Cundy served as VP of software engineering at Allstate Identity Protection, where he led all phases of software development for the company’s flagship Software-as-a-Service (SaaS) microservices platform.

He also founded Leveragility, a solutions partner and strategic differentiator for modernizing software applications to enable digital workflows and business models and re-hosting cloud services to significantly reduce operational costs and time-to-market.

To learn more about Keyavi’s revolutionary data security technology, visit https://keyavi.com or watch video highlights:

Note to Editors: a headshot of Mark Cundy is available for download at www.keyavidata.com/leadership/.

About Keyavi Data Corp.

Headquartered in Durango, Colorado, Keyavi’s multi-award-winning, self-protecting, intelligent and self-aware cybersecurity technology enables an individual piece of data to think for itself; secure itself; control where, when and who is allowed to access it; refuse access to unauthorized users; stay continually aware of its surroundings; and automatically report back to its owner – with all these capabilities built into the data itself. The company’s API platform and a full suite of applications riding on that platform also provide data owners with powerful controls to allow, revoke or deny access to their information – no matter who has it, on any platform or device or where it’s stored, or how many copies exist. Under development for years before launching in 2020, this multi-patented technology is so unique and innovative that leading industry analyst firm Omdia designated “self-protecting data solutions” as a new cybersecurity industry category, with Keyavi as the clear leader. Keyavi’s easy-to-use yet robust solution delivers the ultimate in peace of mind for public and private organizations, their remote workforces and partner ecosystems in solving the security challenges of controlling confidential and intellectual property from data leaks, breaches and ransomware. To learn more about Keyavi and its breakthrough technology, visit https://keyavi.com/our-technology/. Follow Keyavi on LinkedIn, Facebook, YouTube and Twitter using the @KeyaviData handle and hashtag #Keyavi. Keyavi Data™ and Intelligent Directory™ are trademarks of Keyavi Data Corp. All rights reserved.

The post Keyavi Data Expands Leadership Team with Mark Cundy as VP of Engineering appeared first on Cybersecurity Insiders.


February 28, 2022 at 09:09PM

Deep Instinct 2022 Threat Landscape Report Finds 125% Increase in Threat Types and Novel Evasion Techniques

NEW YORK–(BUSINESS WIRE)–Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, today unveiled findings from its bi-annual Threat Landscape Report. The Deep Instinct Threat Research team extensively monitored attack volumes and types and then extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and most importantly, lays out the steps organizations can take now in order to protect themselves in the future. One of the most pronounced takeaways from this research on 2021 threat trends is that bad actors are becoming more successful at evading AI/ML technologies, prompting organizations to redouble efforts in the innovation race.

Specific attack vectors have grown substantially, including a 170% rise in the use of Office droppers along with a 125% uptick in all threat types combined. The volume of all malware types is substantially higher versus pre-pandemic. In addition, threat actors have made a discernable shift away from older programming languages, such as C and C++, in favor of newer languages, such as Python and Go. Not only are these newer languages easier to learn and to program versus their predecessors, but they also have been less commonly used and are therefore less likely to be detected by cybersecurity tools or analyzed by security researchers.

“Recent major events, such as Log4j and Microsoft Exchange server attacks, have placed a heightened priority on security, but these threats have long deserved the attention they’re just now getting on a global level,” said Guy Caspi, CEO of Deep Instinct. “The results of this research shed light on the wide-ranging security challenges that organizations face on a daily basis. Deep Instinct was founded to bring a new approach based on deep learning to cybersecurity. We’re on a mission to provide relief to cyber defenders facing advanced threats that continue to spike in volume and sophistication.”

Additional report findings include the following key takeaways:

  • Supply chain attacks: Large service offering companies became targets of significant supply chain attacks this past year with threat actors looking to not only gain access to their environments, but also target the environments of their customers by proxy. The most notable supply chain attack, Kaseya, compromised more than 1,500 companies through one unpatched zero-day vulnerability.
  • The shift to high-impact and high-profile attacks vs. stealth and long dwell-time attacks: In 2021, Deep Instinct saw a transition to high-profile attacks with a massive impact. The most significant incident in 2021 was the Colonial Pipeline breach, which halted operations for six days, causing major disruptions across the U.S. and demonstrated the significant and cascading impact of a well-executed malware attack.
  • Public and Private Sector collaborations become more common: As Deep Instinct had predicted, there was greater partnership amongst international task forces this past year to identify and bring to justice key threat actors around the world. In early 2021, an international taskforce coordinated by Europol and Eurojust seized Emotet infrastructure and arrested some of its operators. Other high-profile threat actors such as Glupteba became the target of private companies that joined forces to interrupt their activity as much as possible.
  • The immediate impact of zero-day: In 2021, there were major vulnerabilities being exploited and used within a single day of disclosing the vulnerability. One of the examples was the HAFNIUM Group, which surfaced shortly after Microsoft revealed multiple zero-day vulnerabilities.
  • Cloud as a gateway for attackers: The transition to remote work has prompted many organizations to enable most of their services in the cloud rather than on premises. For those that are not experienced working with cloud services, there is the risk that misconfigurations or vulnerable, out-of-date components with external API access could be exploited.

While the increase in the highest profile threat, ransomware, has not continued to increase at the exponential rates initially seen during the outbreak of COVID-19 in spring 2020, Deep Instinct has still recorded double digit (15.8 percent) growth of these threats in 2021. Last year proved to both CISOs and cyberattackers that work-from-anywhere and hybrid models would likely become a permanent fixture. CISOs will need to carefully review, monitor, and update security considerations to ensure full coverage and protection.

A ransomware attack can affect any organization, regardless of size, industry, or location. As more and more security vendors use machine learning (ML) and artificial intelligence (AI) in their products and take actions to improve their existing defense mechanisms, bad actors will also continue to hone and improve efforts to evade and fool both traditional and AI-based defenses. Defense evasion and privilege escalation are becoming more prevalent and we expect to see a continuation of EPP/EDR evasion techniques in 2022. Bad actors are clearly investing in anti-AI and adversarial attack techniques and integrating these methods into their larger evasion strategy.

To learn more about the process behind Deep Instinct’s 2022 Threat Landscape Report and dive deeper into all the findings and key takeaways, including the top five malware and ransomware families, please visit https://www.deepinstinct.com/resources.

About Deep Instinct

Deep Instinct takes a prevention-first approach to stopping ransomware and other malware using the world’s first and only purpose-built, deep learning cybersecurity framework. We predict and prevent known, unknown, and zero-day threats in <20 milliseconds, 750X faster than the fastest ransomware can encrypt. Deep Instinct has >99% zero-day accuracy and promises a <0.1% false positive rate. The Deep Instinct Prevention Platform is an essential addition to every security stack—providing complete, multi-layered protection against threats across hybrid environments. For more, visit www.deepinstinct.com.

The post Deep Instinct 2022 Threat Landscape Report Finds 125% Increase in Threat Types and Novel Evasion Techniques appeared first on Cybersecurity Insiders.


February 28, 2022 at 09:09PM

Convergint Announces 16th Annual International Conference, Celebrating Colleagues and Fostering Collaboration With Global Partners

SCHAUMBURG, Ill.–(BUSINESS WIRE)–Convergint, a global leader in service-based systems integration, today announced that its annual Convergint InterNational Conference will take place March 6-9, 2022 at the Gaylord Texan Resort & Convention Center in Grapevine, Texas. This year’s conference boasts exclusive partner presentations across a variety of technology verticals, as well as educational and networking opportunities for Convergint colleagues to encourage industry innovation, fuel professional development, and strengthen the company’s long-standing Values and Beliefs.

The 2022 Convergint InterNational Conference will include a keynote from Nimsdai Purja focused on leadership and teamwork, business updates from Convergint leaders, and colleague recognition, along with opportunities for professional development. Colleagues are invited to sharpen their skillsets and participate in a variety of breakout sessions, including:

  • Convergint Culture, The Story Continues
  • Customer Success, Tools to Deliver Results
  • Leadership, Business Leader Boot Camp
  • Operations, Level Up Your Project Execution
  • Sales, Secrets to Selling Service

“The Convergint InterNational Conference is an opportunity to unite our global colleagues and partners, helping to build meaningful relationships and strengthen our corporate culture,” said Ken Lochiatto, CEO and President of Convergint. “Our dedication to fostering a collaborative and people-first environment, upskilling our colleagues, and celebrating their achievements is an annual highlight for the entire Convergint community.”

The conference will feature an exclusive partner trade show and education opportunities covering topics including video surveillance, access control, fire and life safety, cybersecurity, credentials, identity management, cloud solutions, physical security, healthcare technology, emergency communications, building automation, and situational awareness. As recognition is a pillar of Convergint InterNational conferences, Convergint colleagues will be toasted at an annual awards dinner, recognizing standout achievement and success among colleagues, and celebrating global growth across the organization.

About Convergint

Convergint is a $1.8 billion global, industry-leading systems integrator that designs, installs, and services electronic security, cybersecurity, fire and life safety, building automation, and audio-visual systems. Listed as the #1 systems integrator in SDM Magazine‘s Top Systems Integrators Report for the past 4 years, Convergint leads with over 7,500 colleagues and more than 160 locations worldwide. To learn more about Convergint, visit www.convergint.com.

The post Convergint Announces 16th Annual International Conference, Celebrating Colleagues and Fostering Collaboration With Global Partners appeared first on Cybersecurity Insiders.


February 28, 2022 at 09:09PM

Sunday, February 27, 2022

Ransomware attack on NVIDIA

NVIDIA, the silicon processor making company of North America, has issued a public statement that few of its servers were affected by a ransomware attack that has nothing to do with the ongoing war between Russia and Ukraine.

As the business and the other commercial activities remain uninterrupted, NVIDIA has pressed a few of its members from its technical team to investigate the nature and scope of the event; as most of its email and intercom, communication has been deeply affected.

The attack was first detected on Friday last week, and was initially determined to be an act of digital war launched by Russia on the west. However, high placed sources from NVIDIA’s senior management confirmed that the incident has nothing to do with the ongoing war and might be conducted for other purposes.

Meanwhile, a short news story emerged in one of the renowned news channels stating that NVIDIA launched a retaliatory cyber attack on the cyber criminals who compromised its network and stole around 1TB of confidential data only to publish them on the dark web on Saturday last week.

Although the chip maker did not confirm the threat actors behind the incident, a British news outlet revealed the hackers’ name as Lapsus$ ransomware group that threatened Nvidia on February 19th, 2022 of facing serious consequences if its demands were left unattended.

Interestingly, those who launched a retaliatory attack (probably related to NVIDIA or few members of Nvidia’s technical team) took down the telegram channel of Lapsus$ Ransomware group and posted X rated content on it, pushing the criminals towards more embarrassment.

The post Ransomware attack on NVIDIA appeared first on Cybersecurity Insiders.


February 28, 2022 at 11:00AM

MuddyWater Cyber Alert issued by CISA

United States Cybersecurity and Infrastructure Security Agency has issued a warning against Iranian Intelligence backed hacking group dubbed MuddyWater. And as per the warning, the group filled with Advanced Persistent Threat (APT) actors is reportedly conducting espionage on critical infrastructure operating in Asia, Africa, Europe and North America and was found mostly targeting industries from telecommunications, defense, local government and oil & natural gas.

CISA claims that MuddyWater also known with other names Earth Vetla, Mercury, Static Kitten, Seedworm and TEMP.Zagros has been found providing stolen data and computer network accesses to both Iranian government and other threat groups since 2018 and is being funded by the Iranian Ministry of Intelligence and Security (MOIS).

As per the study conducted by CISA in association with FBI and NCSC, APT actors is capable of side loading DLLS and will force legitimate programs run malware/backdoor access and will also C2 functions take place on a victimized computer by obfuscating PowerShell Scripts.

Moving to the other cyber alert issued by CISA, threat actors are seen exploiting vulnerabilities on Zabbix Servers. Technically speaking, Zabbix is open source software that is available to monitor servers, computer networks, VMs and Cloud components.

And was recently detected in a security analysis that the susceptibility could allow remote code execution with root privileges.

Ukrainian Computer Emergency Response Team (CERT) that has been away from action on a temporary note because of the war between Russia and Ukraine published a warning a couple of weeks back leaving Zabbix servers with two vulnerabilities that are expected to be fixed by March 8th,2022.

The post MuddyWater Cyber Alert issued by CISA appeared first on Cybersecurity Insiders.


February 28, 2022 at 10:57AM

Saturday, February 26, 2022

Three things you should know about SASE and SD-WAN

How do SASE and SD-WAN compare?

As organizations have accelerated their plans to better enable dispersed workforces in a post-pandemic reality, many technology decision-makers are broadly rethinking their network architectures. Inevitably their discussions lead to comparisons and debates over both software-defined wide area network (SD-WAN) and secure access service edge (SASE) technologies.

The similarities of SD-WAN and SASE can sometimes lead people to conflate the two technology categories. After all, both SD-WAN and SASE are network architectural approaches designed to help administrators better manage distributed computing environments. They both enable branch and remote workers to securely connect to enterprise assets with improved performance over legacy MPLS and VPN connections. And both use software-based virtualization to deliver bandwidth optimization and traffic prioritization, as opposed to leaning on traditional on-premises hardware like network routers.

However, SASE offers native security and performance features that extend the value proposition of SD-WAN management. The two technologies handle cloud connections differently and they also tend to support different network topologies. This point is why it is crucial for organizations to understand the differences and the relationship between SASE and SD-WAN.

The following are three big factors that should inform how leaders chart a path for future-proofed connectivity.

SASE encompasses (and extends) SD-WAN principles

Comparing SASE with SD-WAN is no apples-to-apples affair, because in truth SD-WAN functionality is a subset of the broader SASE feature set.

Since SD-WAN first started to gain steam in the early 2010s, the draw has been its ability to optimize traffic across widely dispersed geographic locations, securely terminate traffic, and do it all with the required remediation to different destinations.  It does this using a virtualized network control plane that has the flexibility to use a range of transport services, whether broadband internet, MPLS, or LTE, to connect sites and services.  That control plane centralizes management and makes it much easier and more affordable for large organizations to unify the connection of branch offices to corporate networks.

The connections are secure, but the sticking point is that SD-WAN is not designed to inspect traffic or apply robust security policies. Security teams still need to layer in a mix of secure web gateways, application firewalls, and cloud controls to achieve their risk management goals. This means that SD-WAN traffic must traverse across a central inspection point for appropriate security controls to preside over it. This greatly limits the secure flexibility of SD-WAN in cloud environments or when connecting remote users or IoT devices to anything other than the main corporate network. This is because all traffic must be backhauled to the corporate network in order for it to be managed from a security perspective, incurring latency and performance problems in the process.

The big difference with SASE is it takes that centralized management principle of SD-WAN and bolsters it with a full slate of security controls that are administered through a cloud-based service that pushes traffic inspection out to the edge.   

SASE is designed with key security controls baked in

When Gartner first defined the SASE category back in 2019, it laid out the bare minimum five ingredients that create the category. SASE technology combines SD-WAN network controls with four other security control functions directly baked into the architectural framework:

  • Secure Web Gateway (SWG),
  • Cloud access security brokers (CASB),
  • Zero trust network architecture (ZTNA), and
  • Firewall as a service (FWaaS)

As SASE technology evolves, other functionality like next generation anti-malware (NGAV) and managed detection and response (MDR) has been added to that mix to create a more complete package of security management capabilities.

SASE topology looks more like a mesh than secured SD-WAN’s hub and spoke

That built-in security functionality is bundled up into a single SASE cloud service that applies the security controls and inspection from a distributed set of SASE points of presence (POPs) located close to the connecting device. In this way, SASE topology looks much more like a mesh than the hub-and-spoke model necessary for secure management of SD-WAN traffic.

This cloud-native model concurrently enables a higher level of security assurance while maximizing performance and operational efficiency in an era of cloud-first, IoT-heavy environments.

SASE unifies management of hybrid environments while dispersing network inspection, and when that’s paired with Artificial Intelligence for IT operations (AIOps) technology, IT teams are able to scale up visibility and management of edge devices. SASE and AIOps together can help organizations automate more management functionality and keep tabs on a diverse portfolio of network devices that keeps getting bigger as IoT devices rapidly proliferate.

Many organizations have delayed their SD-WAN implementation for fear of transitional bumps or shocks. Adding SASE options can sometimes compound that fear and elicit analysis paralysis.

Technology and business leaders should rest easy with the understanding that while SASE does extend SD-WAN principles, there’s no SD-WAN prerequisite for embarking on a SASE journey.

Companies with no SD-WAN infrastructure can reap the benefits of greenfield SASE deployments in as little as six months. In that same vein, it’s important to understand that getting started with SASE is not a big-bang proposition. SASE is not all or nothing and it can most definitely be rolled out incrementally. There is a simple step-by step process that can get an organization where it needs to be to achieve gains in network and application performance, as well as visibility and policy control along the way.

There are options, AT&T can help you systematically move in that direction based on your existing implementations and your goals for security, network performance, and business enablement.

Learn more about how AT&T SASE can help your organization continue your transformative journey toward superior user experience and better protection.

Check out this e-book on SASE.

The post Three things you should know about SASE and SD-WAN appeared first on Cybersecurity Insiders.


February 27, 2022 at 09:09AM

5 Benefits of Detection-as-Code

How modern teams can automate security analysis at scale in the era of everything-as-code.

Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up. How can teams automate security analysis at scale and address the challenges that threaten business objectives? The answer lies in treating threat detections like software or detection-as-code.

Watch our On Demand Webinar: Scaling Security with Detection-as-Code with Cedar to find out how Cedar uses Panther to leverage Detection-as-Code to build high-signal alerts.

Detection-as-Code: A New (Hope) Paradigm Detections define logic for analyzing security log data to identify attacker behaviors. When a rule is matched, an alert gets sent to your team for containment or investigation.

What is detection-as-code?

Detection-as-Code is a modern, flexible, and structured approach to writing detections that apply software engineering best practices to security. By adopting this new paradigm, teams can build scalable processes for writing and hardening detections to identify sophisticated threats across rapidly expanding environments.

Benefits of Adopting a Code-Driven Workflow

Threat detection programs that are fine-tuned for specific environments and systems are the most impactful. By treating detections as well-written code that can be tested, checked into source control, and code-reviewed by peers, teams can produce higher-quality alerts that reduce fatigue and quickly flag suspicious activity.

  1. Build Custom, Flexible Detections with a Programming Language

Writing detections in a universally-recognized, flexible, and expressive language such as Python offers several advantages instead of using domain-specific languages (DSL) that are too limited. With languages, such as Python, you can write more sophisticated and tailored detections to fit the needs specific to your enterprise. These rules also tend to be more readable and easy to understand as the complexity increases.

Another benefit of this approach is utilizing a rich set of built-in or third-party libraries developed by the security community for interacting with APIs or processing data, which increases the effectiveness of the detection.

2. Test-Driven Development (TDD)

A proper QA for detection code can enable teams to discover detection blind-spots early on, cover testing for false alerts, and promote detection efficacy. A TDD approach allows security teams to think like an attacker, document that knowledge, and curate an internal repository of insight into the attacker’s lifecycle.

The advantage of TDD is more than just validation of code correctness. A TDD approach to writing detections improves the quality of detection code and enables more modular, extensible, and flexible detections. Engineers can easily make changes to their detection without fear of breaking alerts or hamstringing everyday operations.

  1. Collaboration with Version Control Systems

When writing new detections or modifying them, version control allows teams to quickly and easily revert to previous states. It also confirms that teams are using the most up-to-date detection rather than referencing outdated or wrong code. Version control can also help give needed context for specific detections that triggered an alert or help pinpoint when detections are changed.

As new and additional data enters the system over time, detections must also change. A change control process is essential to help teams address and adjust the detections as needed, while simultaneously ensuring that all changes are well-documented and well-reviewed.

  1. Automated Workflows for Reliable Detections

A Continuous Integration/Continuous Deployment (CI/CD) pipeline can be beneficial for security teams that have long wanted to move security further left. Using a CI/CD pipeline helps achieve the following two goals:

  • Eliminate silos between teams as they work together on a common platform, code-review each other’s work, and stay organized.
  • Provide automated testing and delivery pipelines for your security detections. Teams can stay agile by focusing on building fine-tuned detections. Instead of manually testing, deploying, and ensuring that the detections aren’t overly tuned, which could trigger false alerts.
  1. Reusable Code

Last but not least, Detection-as-Code can promote code reusability across a large set of detections. As teams write large numbers of detections over time, they start to see specific patterns emerge. Engineers can reuse the existing code to perform the same or very similar function across different detections without starting from scratch.

Code reusability can be a vital part of detection-writing that allows teams to share functions between detections or modify and adapt detections for specific use-cases. For example, suppose you needed to repeat a set of Allow/Deny lists (let’s say for access management) or a particular processing logic in multiple places. In that case, you can use Helpers in languages such as Python to share functions between detections.

Introduction to Panther

Panther is a security analytics platform designed to alleviate the problems of traditional SIEMs. Panther is built for security engineers, by security engineers. Rather than inventing yet another proprietary language for expressing detection logic, Panther offers security teams a Python rules-engine to write expressive threat detection and automate detection and response at cloud-scale. Panther’s modular and open approach offers easy integrations and flexible detections to help you build a modern security operations pipeline.

Panther’s Approach to Detection-as-Code

Panther offers reliable and resilient detections that can make it easy to:

  • Write expressive and flexible detections in Python for needs specific to your enterprise.
  • Structure and normalize logs into a strict schema that enables detections with Python and queries with SQL.
  • Perform real-time threat detection and power investigations against massive volumes of security data.
  • Benefit from 200+ pre-built detections mapped to specific threats, suspicious activity, and security frameworks like MITRE ATT&CK.

Detection-as-Code workflow in Panther

An Example Detection in Panther

When writing a detection in Panther, you start with a rule() function that identifies a specific behavior to identify. For example, let’s suppose you want an alert when a brute force Okta login is suspected. The following detection can help identify this behavior with Panther:

Okta Brute Force Login Rule in Panther

In the above example:

  • The rule() function takes one argument of ‘event’ and returns a boolean value.
  • The title() function controls the generated alert message sent to analysts. Values from the events can then be interpolated to add helpful contexts.

Rules can be enabled and tested directly in the Panther UI, or modified and uploaded programmatically with the Panther Analysis tool, which enables you to test, package, and deploy detections via the command-line interface (CLI). And to assist with incident triage, Panther rules contain metadata such as severity, log types, unit tests, runbooks, and more.

Get Started

Are you taking full advantage of all your security data to detect threats and suspicious activity? Learn how to secure your cloud, network, applications, and endpoints with Panther Enterprise. Request a demo today.

To learn how you can write custom Python detections in Panther, watch Panther’s on-demand webinar.

The post 5 Benefits of Detection-as-Code appeared first on Cybersecurity Insiders.


February 27, 2022 at 01:55AM

Blocking Bots: Why We Need Advanced WAF?

With everyone living online these days, web traffic to the online channels is on the upsurge. However, if you delve into the traffic, you’ll see that most of the traffic is not from legitimate users.  Only less than half of the traffic is actual humans, the rest are bots including both good and bad bots.

In the early days, the bots were used only for spamming or small scraping attempts. Today, bot operators are taking advantage of automation at scale to perform malicious activities. Such activities include taking over user accounts, abusing APIs, performing DDoS attacks, scraping unique pricing information, competitive data mining, web scraping, digital fraud, financial data harvesting, transaction fraud, brute-force login, and many more.

Despite serious impacts, are organizations adopting an effective bot management approach? The answer is, No.

Many businesses are still trying to block bots with traditional solutions, putting security at risk.   So why does the traditional WAF approach for bot mitigation fail?

Let’s look into the reasons behind the failure of WAF in bot management and the benefits of Advanced WAF protection.

Why Is Traditional WAF Protection Inadequate?

To understand the importance of Advanced WAF for bot detection and mitigation let’s explore the common security measures taken by businesses to block bot attacks and why they’re ineffective.

  • Code-Level Security – this practice implements security at the initial stage of development rather than regretting it at the end of the life cycle. However, this basic security level is not adequate to block today’s evolving bots as they perfectly mimic human users. This practice also lacks the capability of fraud intelligence against bots patterns.
  • Traditional IP Blocking – if a company wants to block a subset of traffic to their website, IP blocking is one of the most effective methods. With evolving fraud patterns, this method is not adequate for all scenarios. Blocking IP may sometimes end up blocking the legitimate users using the IP.
  • Traditional Web Application Firewall – WAFs are primarily designed to protect the website and web applications against attacks like SQL Injections, XSS (Cross-site scripting), Session Hijacking, Cross-site request forgery, and other web attacks. Most of the web application firewall is inadequate to match with the changes of the user profiles and apps, which undergo continuous change.

Though Next-generation firewalls (NGFW) claim to be application-aware, they still rely on basic bot mitigation capabilities like blocking IPs, users generating repetitive requests, or fingerprinting the browsers. They examine the first few bytes of the payload, as a result, next-generation bots, which use modern techniques remain undetected.

The WAF technologies undergo several improvements, but it depends on the filter-based approach to detect malicious payloads that have proven inadequate against blocking bots and other automated threats.

Further, managing WAF policies compiled with operational complexity has caused several companies to leave web apps unprotected. In several cases, a known vulnerability was exploited because the targeted enterprise couldn’t patch the vulnerabilities quickly enough.

Combining these challenges, the easy availability of bots for hire and innovations in automation technologies has made bot detection and mitigation much harder.

To deploy effective bot management and protection, organizations need Web application firewall technology, which evolves and fine-tunes itself automatically to detect the most sophisticated bots and delivers continuous security. The good news is, Advanced WAF employs effective measures to detect and stop evolving botnets.

Benefits of Advanced WAF Protection in Bot Management

In the case of Advanced WAF protection, the combination of WAF technology and behavior analysis, which detects malicious bot activity makes it easier to spot bot traffic without human intervention.

Bot detection of Advanced WAF includes components like:

  • Custom rules for bot mitigation
  • Spots the bots based on the behavior of past traffic and blocks them
  • Close to zero false-positive which in turn ensure legitimate traffic is not blocked

With proactive bot defense, advanced WAF tracks attackers beyond their IP address detects the nature of the user, and differentiate legitimate bots from a malicious one. It also eliminates the impact to the UX (User Experience) connected with CAPTCHA challenges.

Besides the out-of-box fully managed WAF features that block attacks, companies can create their own custom policies and rules to block bot attacks, which they’re receiving or that they fear they may receive.

For instance – it is possible to make a rule to block access to the password reset request on the website if repetitive requests are made from the same IP within a short span.

With a threat intelligence database, which holds details of all the recent attacks, associated IP addresses, locations, whether those attacks were machine or man generated. This database is updated all the time. If any request is made from any suspicious IP address, that address will be blocked automatically.

Comparing Traditional WAF with Advanced WAF

Security Capabilities Traditional WAFs Advanced WAF
Protection from OWASP Top 10 Vulnerabilities Yes Yes
Protection from Simple bots Yes Yes
Customized actions against suspicious bot types No Yes
Collective bot intelligence (behavioral patterns, fingerprints, & IP) No Yes
Risk of false positives High None
Detection of sophisticated bot attacks No Yes
Mitigation of dynamic IP Limited Yes
Fingerprinting of malicious devices Yes Yes
HTTP Traffic Inspection Yes Yes

 

The Closure

Web applications are targeted around the clock and the hackers are figuring out new ways to breach the website and cause chaos. Onboarding fully managed cloud-based WAF, you are not only reducing the risks of botnets but also minimizing the processing loads on your infrastructure by blocking malicious bot traffic.

The post Blocking Bots: Why We Need Advanced WAF? appeared first on Cybersecurity Insiders.


February 27, 2022 at 12:35AM

XDR: Three Reasons It Should Drive Your Security Strategy

By Yossi Naar, Chief Visionary Officer and Co-founder, Cybereason

Security teams are short-staffed, network complexity continues to increase, and the cost of data breaches are growing. But XDR offers an opportunity to reverse these trends and more.

A recent SecBI survey found that many organizations are in the process of adopting Extended Detection and Response ((XDR) solutions. Nearly 80 percent of infosec personnel who responded to the survey said that XDR should be a top security priority for their organization.

In support of this viewpoint, 68 percent of survey participants also said that their organizations were planning to implement XDR in 2022. The survey findings presented above emphasize the following reality: XDR needs to drive security strategies for organizations in 2022. There are three reasons for this – let’s explore each of them in detail below.

XDR Addresses the Security Skills Shortage

First, the cybersecurity skills shortage remains a problem for many organizations, and a recent report conducted by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG) provides some insights. It revealed that a heavier workload (62 percent), unfilled positions (38 percent) and worker burnout (38 percent) are contributing to the skills gap, and most (95 percent) said they believe the gap has not improved in recent years.

The problem with the skills gap is that it complicates organizations’ security efforts. Together, these factors make it more difficult for security personnel to weed through things like false positives so that they can defend their employers against legitimate security concerns.

Infosec teams are also facing burnout and overload from low-context alerts and false positives. As organizations expand, SIEM and SOAR solutions struggle to scale and become increasingly cost-prohibitive. An advanced XDR solution provides a unified investigation and response experience that correlates telemetry across remote endpoints, mobile devices, cloud platforms, and applications in order to predict, prevent and end malicious operations.

XDR Addresses Growing Network Complexity

Second, organizations use lots of different security tools, which is contributing to complexity across their environment. In fact, according to a recent Reliaquest survey, enterprises use an average of 19 different security tools and many survey participants weren’t convinced of the effectiveness of the tools.

For example, 85 percent of security decision makers said in the study that they’re deploying new technologies faster than they can productively use them.

An advanced XDR solution works to break down the data silos across devices, applications, productivity suites, user identities, and cloud deployments that attackers rely on to remain undetected. Advanced XDR unifies network, device and identity correlations for faster, more effective threat detection and response while unlocking new predictive capabilities that will enable defenders to anticipate an attacker’s next move and block them proactively.

XDR Addresses Rising Data Breach Costs

A recent global research report conducted by Cybereason, titled Ransomware: The True Cost to Business, revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization’s brand, unplanned workforce reductions and business disruptions.

Additionally, the average cost of a data breach continues to rise. The IBM Cost of a Data Breach Study 2021 found that the price tag for a breach had increased to $4.24 million, the highest total cost in the history of the IBM report.

The study found that it took an average of 287 days for an organization to find and detect a breach. This is a concern for organizations, as data breaches that last for longer than 200 days cost an average of $4.87 million. That’s compared to $3.61 million for breaches that organizations detect in fewer than 200 days.

An advanced XDR solution can automate threat detection and remediation to save analysts both time and effort by autonomously uncovering attacks and hunting for malicious activity and tactics, techniques, and procedures (TTPs) used by attackers in real-world campaigns.

XDR provides security teams with the complete attack story, including all related attack elements from root cause across all affected machines and users. Your team will have the full context of an incident without all the noise of false positives, so they can instantly understand an attack and focus on what matters most. This allows security teams to detect sooner and remediate faster, ultimately reducing attacker dwell time and reducing the cost of security incidents.

The XDR Advantage

An advanced XDR solution enables organizations to embrace an operation-centric approach to security that delivers the visibility organizations require to be confident in their security posture across all network assets, and the automated responses to halt attack progressions at the earliest stages.

An XDR solution should also provide Defenders with the ability to predict, detect and respond to cyberattacks across the entire enterprise, including endpoints, networks, identities, cloud, and application workspaces.

The post XDR: Three Reasons It Should Drive Your Security Strategy appeared first on Cybersecurity Insiders.


February 26, 2022 at 10:57PM