Kickstarting a Holistic SaaS Ecosystem Security Program

By Maor Bin, CEO, Adaptive Shield

One piece of advice I like to give security professionals is this – it’s often instructive to view cybersecurity from the threat actor’s perspective. In a SaaS world, that means understanding the behavior patterns of threat actors and then identifying the SaaS entry point they would likely prioritize.

What you’ll likely find is that bad actors often focus on highly coveted access points. Some examples include orphan accounts, unused local admin accounts, and other high-privilege, underutilized accounts that were involved in SaaS app setup.

In the early days of SaaS security, the tools were designed to protect access to SaaS apps, looking mostly at log-ins, passwords, and SSO. What many don’t realize is that SaaS security has evolved into a much more comprehensive security program.

The evolution of SaaS security is essential because businesses are becoming increasingly more SaaS driven—Fortune Business Insights reports that “the global SaaS market is projected to grow from $273.55 billion in 2023 to $908.21 billion by 2030.” This growth demands a holistic SaaS ecosystem security program that can help protect an organization by eliminating vulnerabilities and mitigating risk using the latest cybersecurity methodologies.

Now for the big question—where do you start?

Begin with Identity Fabric

Identity is one of the main barriers that threat actors must overcome. In fact, today, a person’s identity is often all that’s standing between a threat actor and a company’s most sensitive data. Identity fabric is a concept put forth by Gartner, which can be used to prevent this type of attack. This concept, which includes Identity and Access Management (IAM) and Identity Governance and Administration (IGA), requires centralized access control over decentralized applications and must be capable of tracking access from humans and machines, including access granted to third-party applications.

Speed is also important. Identity fabric must be fast, operating with near-imperceptible latency, so it doesn’t impact the user experience. The speed must be accompanied with an effective alert system that sounds the alarm in the event of suspicious activities, such as the creation of new admin accounts.

Complement with Endpoint Protection

Another important element is Endpoint Protection. Today this is rarely considered when teams strategize over SaaS security approaches. This is a big mistake. Computers and other devices that access the SaaS stack are often using outdated operating systems, web browsers, anti-virus software, or other outdated software. All of these can be exploited. For example, a keylogger on a computer used by a high-privileged SaaS admin can hand over the keys to valuable SaaS data.

Endpoint protection is vital to a holistic SaaS ecosystem security program because it allows teams to monitor device operating systems being used to access the SaaS stack, check compliance of the device to global standards and company policy and generate a user risk assessment.

By combining endpoint protection hygiene data with SaaS data and associating devices with users, security teams can manage SaaS risks. With this context, the organization can develop security policies and prioritize and manage the remediation of device vulnerabilities or limit access.

Deploy SaaS Threat Detection

The detection of SaaS threats requires an identity-centric approach. Identity Threat Detection & Response (ITDR) is defined as a set of security measures designed to detect and respond to identity-related Indications of Compromise (IoCs), suspicious activities and malicious applications that have accidentally been installed by users.

Once in the security team’s hands, they can investigate and respond to these threats.

Secure the Breadth and Depth of the Ecosystem

For most organizations, the SaaS stack covers a broad range of applications that touch every department. However, a major mistake many security teams make is that they tend to focus their efforts on the most critical applications, such as CRM or Workspace. As a result, while they protect data in these areas, they are exposing sensitive records stored within all the other applications.

Best practices do dictate that teams begin by securing the most important applications within the organization’s stack, but they don’t suggest stopping there. Securing the SaaS ecosystem requires an approach that is both broad in terms of covering every application and deep in terms of security checks.

The Attainment of SaaS Ecosystem Security

SaaS-enabled businesses are increasingly becoming the norm as companies experience the vast benefits that come with these new cloud offerings. Naturally, these new environments introduce new challenges, especially for security teams.

The best way to secure a growing SaaS stack is through a holistic approach that leverages the SaaS security tools that deliver a comprehensive approach to all SaaS apps in the stack. In addition, they must emphasize securing identity-based access points as well as endpoint devices that access SaaS applications, and review 3rd party applications that are connected to various SaaS hubs while maturing the organization’s ability to prevent threats.

This is how businesses can soar in the cloud while keeping this new and growing environment fully protected.

The post Kickstarting a Holistic SaaS Ecosystem Security Program appeared first on Cybersecurity Insiders.

September 21, 2023 at 02:07AM

Read More

How a data-driven approach to threat exposure can fix ‘the short blanket problem’

By Dr Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs

Like a short blanket that covers the wearer’s head or feet, but never both at the same time, security teams can only dedicate their time, money, and resources to so many problems at once. The short blanket dilemma is a perennial issue in IT security. Teams deploy their budgets and resources to cover one exposed spot, but this inevitably leaves other areas out in the cold. A perfect example is the choice organizations face between preventing and detecting threats. Unfortunately, it is very rare for organizations to excel at both.

Picus recently conducted an analysis of 14 million cyberattack simulations performed by our platform in the first half of 2023, revealing the extent of this short blanket problem. Our Blue Report highlights four ‘impossible trade-offs’ that hinder organizations’ readiness to defend themselves against the latest threats.

1. Choosing which attacks to prioritize

With unlimited time, resources, and knowledge, security could be an easy job. In reality, however, every security team must choose which attacks to prioritize and which to de-prioritize based on their own time and resource constraints.

Our simulation data shows that, on average, organizations’ security controls (such as next-gen firewalls and intrusion prevention solutions) will prevent 6 out of every 10 attacks. However, some types of attacks are prevented far more effectively than others. For instance, organizations can prevent 73% of malware downloads but only 18% of data exfiltration attacks.

There are also wide variations in organizations’ ability to prevent specific threats. For example, more than a third of organizations can prevent Black Basta and BianLian ransomware attacks but only 17% can prevent Mount Locker. This is despite Mount Locker’s emergence in 2021, long before the other two malware types. It suggests that security teams are having to prioritize and deprioritize their defense against different ransomware groups over time.

2. Choosing which vulnerabilities to remediate

The Blue Report also reveals the limitations of security teams’ approach to managing common vulnerabilities and exposures (CVEs). Some organizations focus on fixing long-standing vulnerabilities first, but others will actively prioritize more recent vulnerabilities over older ones.

Today, the majority of organizations remain exposed to several critical and high risk CVEs that have been known for years. Some CVEs discovered in 2019 remain a threat to more than 80% of organizations. With limited resources, vulnerability management teams must choose to remediate some CVEs over others – at their peril.

3. Choosing to optimize prevention or detection controls

The data shows that the better an organization is at preventing threats, the weaker it is at detecting them, and vice versa. For instance, globally, healthcare is the least effective sector at preventing attacks but is twice as successful as the average organization when it comes to detecting them. North American organizations are almost twice as successful at preventing attacks as they are at triggering alerts to detect attacks in progress.

Different organizations, sectors, and even regions all have a reason to choose between a prevention or detection-first approach to security. However, the data shows in black and white that most organizations struggle to be proficient at both.

4. Choosing to log or create an alert

Organizations leveraging security event and incident management (SIEM) solutions also face decisions about how much to invest in attack detection. In most cases, organizations will prioritize logging over alerting, but do neither very well. Simulation data shows that, on average, organizations log 4 out of 10 attacks but only generate alerts for 2 in 10 attacks.

Faced with a trade-off in time and resources, organizations are prioritizing logging over alerting – but both areas require improvement.

The short blanket problem solved

Since preventing and detecting every threat is practically impossible, security teams will always have to prioritize some aspects of security more than others. It may not be possible to ask the board for a bigger blanket. However, it should be possible to ensure that it is always applied where it is needed to fit the needs of its wearer.

The goal for CISOs is to consistently make the best decisions for their organization’s specific needs. They need real-time data to prove where there are gaps in their defenses at any given moment. They need to be honest about which parts of the business are out in the cold, so that they can determine the level of risk they are prepared to accept.

This requires being proactive rather than reactive, and discovering the potential for  security incidents before they happen. Indeed, CISOs are increasingly following the principles of continuous threat exposure management (CTEM) to achieve a more holistic view of their risks. By adopting a more unified approach that incorporates insights from attack simulations combined with attack surface and vulnerability data, security teams can allocate resources efficiently and effectively to address their most critical exposures. As a result, they can simultaneously improve their ability to prioritize their attention in the areas that will have the greatest security impact.

The post How a data-driven approach to threat exposure can fix ‘the short blanket problem’ appeared first on Cybersecurity Insiders.

September 20, 2023 at 10:55PM

Read More

CrowdStrike acquires Bionic

Bionic, a pioneering provider of Application Security Posture Management (ASPM) solutions, is celebrating a significant development as it becomes an integral part of CrowdStrike’s talented team. The acquisition of Bionic by CrowdStrike, a leading cybersecurity solutions company, has been completed for an undisclosed amount, believed to consist mostly of cash with a portion in stock, totaling an estimated $340 million.

This strategic move will see CrowdStrike incorporate Bionic’s ASPM technology into its in-house Cloud Native Application Protection Platform (CNAPP), bolstering its capabilities in risk visibility and cloud estate protection.

The announcement of this acquisition took place during CrowdStrike’s Falcon Conference 2023, which coincided with the release of its latest financial results. According to CrowdStrike’s 2023 Global Threat Report, incidents of cloud exploitations have surged threefold in the past year, and this trend is expected to continue its exponential growth in the coming years. As threat actors leverage AI-based tools to become more sophisticated, the threat landscape could become even more alarming by 2025.

Despite these escalating threats, the adoption of cloud computing remains steadfast in both corporate and public IT environments. The advantages of cloud computing far outweigh the drawbacks.

With Bionic’s technology, which includes both agent and agentless protection solutions for cloud infrastructure, CrowdStrike’s customers will gain real-time, frictionless application visibility. They will be able to swiftly prioritize vulnerabilities at the application level and enjoy comprehensive visibility into serverless infrastructure. This strategic integration positions CrowdStrike to effectively address the evolving cybersecurity challenges posed by the rapid growth of cloud-based technologies.

The post CrowdStrike acquires Bionic appeared first on Cybersecurity Insiders.

September 20, 2023 at 08:16PM

Read More

Mobile security challenges in work from home environments

In recent years, the global workforce has witnessed a significant shift towards remote work, catalyzed by the COVID-19 pandemic. This transformation has led to a surge in the use of mo-bile devices as essential tools for work-related tasks. While the adoption of remote work has offered newfound flexibility and convenience, it has also introduced a host of mobile security challenges in work-from-home environments. In this article, we will explore these challenges and provide insights into how individuals and organizations can mitigate them.

1.Increased Attack Surface: One of the primary challenges of remote work is the expanded attack surface. Mobile devices, such as smartphones and tablets, are more susceptible to security threats compared to traditional desktops or laptops. Each device represents a potential entry point for cyber-criminals to gain unauthorized access to an organization’s sensitive data.

Solution: Employ robust mobile device management (MDM) solutions to monitor and secure devices. Enforce strong password policies, encryption, and remote wipe capabilities to protect sensitive data.

2.Insecure Wi-Fi Networks: Remote workers often connect to various Wi-Fi networks, some of which may be unsecured or compromised. Using unsecured networks can expose devices to eavesdropping, data interception, and other cyber threats.

Solution: Encourage the use of Virtual Private Networks (VPNs) to create secure tunnels for data transmission. Implement strict policies regarding Wi-Fi network usage and educate employees about the risks of connecting to public or unsecured networks.

3. Phishing and Social Engineering: Cyber-criminals frequently use phishing attacks to trick remote workers into revealing sensitive information or clicking on malicious links. In a remote work setting, individuals may be more susceptible to such attacks due to reduced oversight.

Solution: Conduct regular cybersecurity training sessions to educate employees about phishing threats. Encourage them to verify the authenticity of emails and avoid clicking on suspicious links or downloading attachments from unknown sources.

4. Device Management and Updates: Keeping mobile devices up-to-date with the latest security patches and software updates is often overlooked. Outdated operating systems and apps can contain known vulnerabilities that attackers can exploit.

Solution: Implement automatic updates whenever possible and educate employees on the importance of keeping their devices and applications current.

5.Personal vs. Work Data Separation: Many remote workers use their personal devices for work-related tasks, blurring the lines between personal and professional data. This creates challenges in securing corporate information without invading personal privacy.

Solution: Encourage the use of containerization solutions that create separate environments for work and personal data on the same device. This ensures that corporate data remains secure without infringing on personal privacy.

6.Lost or Stolen Devices: Mobile devices are easily misplaced or stolen, potentially resulting in data breaches. In a work-from-home scenario, the risk of this happening increases.

Solution: Implement remote tracking and wipe capabilities to safeguard data in case of device loss or theft. Encourage employees to report lost or stolen devices immediately.

7. Over-reliance on Default Security Settings: Many users rely on default security settings, which may not be sufficient to protect against sophisticated threats.

Solution: Customize security settings to meet the specific needs of your organization. Implement multi-factor authentication (MFA) wherever possible to add an extra layer of protection.

In conclusion, the proliferation of mobile devices in work-from-home environments has introduced new and complex security challenges. Addressing these challenges requires a proactive approach, including robust policies, employee training, and the adoption of modern security technologies. By recognizing and mitigating these mobile security risks, organizations can reap the benefits of remote work while safeguarding their sensitive data and information.

The post Mobile security challenges in work from home environments appeared first on Cybersecurity Insiders.

September 20, 2023 at 03:42PM

Read More

Effective 7 Responses that should be given by CEOs and CTOs during a Cyber Attack

In the face of a cyber attack targeting a company’s IT infrastructure, the world expects swift and effective responses from its CEOs and CTOs to mitigate risks and minimize losses. However, many find themselves in a state of panic during such incidents due to a lack of preparedness. Here, we provide a comprehensive list of guidelines and recommended reactions for CEOs and CTOs when dealing with a digital attack:

Transparent Communication: It is crucial to maintain transparency during a cyber attack. While fear may drive some CEOs and CTOs to conceal the incident, the law mandates reporting any cyber incident resulting in data breach or theft within a 72-hour timeframe. Instead of providing hourly updates to the public through the media, consider issuing weekly status updates to maintain control over the narrative.

Government Notification: Wise CEOs and CTOs promptly inform government agencies such as the SEC and law enforcement, including the FBI. This collaboration can lead to timely warnings that help prevent others from falling victim to the same attack, thus averting a crisis.

Know Whom to Contact: Prior knowledge of whom to contact within government agencies overseeing cyberattacks and information sharing is essential. CEOs and CTOs should be well-prepared in this regard.

Proactive Approach: Adopt a proactive approach to cybersecurity. Regular tabletop exercises and preparedness plans should be established and executed annually to validate their effectiveness. Additionally, the company must outline clear procedures for contacting the relevant parties in case of a ransomware attack or similar events.

Network Architecture Preparedness: CEOs and CTOs should possess a comprehensive understanding of their business IT networks and operational frameworks. Identifying and addressing vulnerabilities in advance is crucial. Being aware of what to do beforehand allows for quick reactions tailored to the situation, reducing risks.

Access to Expert Assistance: Not all companies can maintain an in-house security team. In such cases, consider hiring security experts when needed. Having a forensic expert available to negotiate with hackers during a malware attack can be invaluable.

Handling Public Scrutiny: Digital attacks often result in negative attention on CEOs and CTOs. While some display resilience in facing the situation head-on, a few opt to resign due to the pressure of the blame game. To navigate this, all CEOs and CTOs should possess the mental fortitude to withstand scrutiny and focus on finding solutions to the immediate problem.

In conclusion, the strategies outlined above provide CEOs and CTOs with a structured approach to dealing with cyber attacks, promoting transparency, collaboration, and preparedness. As the landscape of cyber threats continues to evolve, adapting and refining these responses will be essential to safeguarding the integrity and security of a company’s digital assets.

The post Effective 7 Responses that should be given by CEOs and CTOs during a Cyber Attack appeared first on Cybersecurity Insiders.

September 20, 2023 at 03:37PM

Read More

Resilient networks: Building blocks of modern Cybersecurity architecture

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In today’s interconnected digital landscape, where data flows like a river through intricate networks, the importance of cybersecurity has never been more pronounced.

As our reliance on digital networks grows, so do the threats that seek to exploit vulnerabilities in these very networks. This is where the concept of resilient networks steps in, acting as the guardians of our digital realms. In this article, we delve into the world of resilient networks, exploring their significance as the cornerstone of modern cybersecurity architecture.

Understanding resilient networks

Imagine a web of interconnected roads, each leading to a different destination. In the realm of cybersecurity, these roads are the networks that enable communication, data exchange, and collaboration. Resilient networks are like well-constructed highways with multiple lanes, built to withstand unexpected disruptions.

They aren’t just about preventing breaches; they’re about enabling the network to adapt, recover, and continue functioning even in the face of a successful attack. Network resilience stands as a critical component in the realm of modern cybersecurity, complementing traditional security measures like utilizing proxy servers by focusing on the ability to endure and recover.

Network security

It’s essential to distinguish between network security and network resilience.

Network security involves fortifying the network against threats, employing firewalls, antivirus software, and encryption methods.

On the other hand, network resilience goes beyond this, acknowledging that breaches might still occur despite stringent security measures.

Resilience

Resilience entails the ability to detect, contain, and recover from these breaches while minimizing damage. It’s like preparing for a storm by not only building strong walls but also having an emergency plan in case the walls are breached.

Resilient networks aim to reduce downtime, data loss, and financial impact, making them a critical investment for organizations of all sizes.

Key components of resilient networks

Consider your home’s architecture. You have multiple exits, fire alarms, and safety measures in place to ensure your well-being in case of emergencies. Similarly, resilient networks are built with specific components that enable them to weather the storms of cyber threats.

Redundancy, diversity, segmentation and isolation, and adaptive monitoring and threat detection are the pillars of network resilience.

Redundancy

Redundancy involves creating backup systems or pathways. It’s like having alternate routes to reach your destination in case one road is blocked. In the digital realm, redundant systems ensure that if one part of the network fails, traffic is seamlessly rerouted, minimizing disruptions.

Diversity

Diversity, on the other hand, means not putting all your eggs in one basket. A diverse network employs various hardware, software, and protocols, reducing the risk of a single point of failure. Think of it as a portfolio of investments – if one fails, the others remain intact.

Segmentation and isolation

Segmentation and Isolation play a crucial role in containing potential threats. Imagine a building with multiple compartments, each serving a different purpose. If a fire breaks out in one compartment, it’s isolated, preventing the entire building from burning down.

Similarly, network segmentation involves dividing the network into smaller segments, each with its access controls. If one segment is compromised, the damage is contained, preventing lateral movement for attackers. Isolation takes this a step further, isolating critical assets from the main network. It’s like storing your most valuable possessions in a secure vault.

Adaptive monitoring and threat detection

Adaptive monitoring and threat detection are the vigilant guards of a resilient network. Picture a sentry who not only stands watch but also learns to identify potential threats based on patterns. Adaptive monitoring involves employing sophisticated tools that learn normal network behavior and raise alerts when anomalies are detected.

Threat detection utilizes advanced algorithms and AI to spot suspicious activities, even those that might evade traditional security measures. These components work hand in hand to identify and mitigate threats in real time, enhancing the overall resilience of the network.

Strategies for building resilient networks

Building a resilient network requires a strategic approach that blends several components to create a robust defense against cyber threats.

One key strategy is the implementation of a multi-layered defense. This approach involves placing defense mechanisms at various layers of the network architecture. It’s like having security checkpoints at different points along a journey. Firewalls, intrusion detection systems, and encryption protocols are examples of these defense mechanisms.

Each layer adds an additional barrier, making it more challenging for attackers to penetrate the network.

Zero trust architecture

The Zero Trust Architecture takes a departure from the traditional perimeter-based security model. Imagine a medieval castle surrounded by walls; anyone inside the walls is trusted, and anyone outside is considered a potential threat.

The Zero Trust model, on the other hand, operates on the principle of “never trust, always verify.” In this approach, no entity, whether inside or outside the network, is inherently trusted. Every user, device, and application must be verified before being granted access. This concept prevents lateral movement by attackers who manage to breach the perimeter defenses.

Elastic scalability

Elastic scalability is another vital strategy in building resilient networks. In a digital world where traffic patterns can change rapidly, network capacity needs to be flexible. Imagine a bridge that can stretch or shrink based on the number of vehicles crossing it.

Cloud-based solutions offer this elasticity by allowing organizations to scale their network resources up or down as needed. This capability is particularly crucial during unexpected spikes in traffic, such as during major online events or cyberattacks.

Case studies

Let’s dive into some real-world scenarios to understand how resilient networks make a tangible difference.

In the banking and financial sector, data breaches can have severe consequences, not only in terms of financial loss but also the erosion of customer trust. Resilient networks are the foundation of secure online banking and transactions.

In case of an attempted breach, redundant systems ensure that customers can continue accessing their accounts while the threat is contained. Moreover, adaptive monitoring tools can swiftly detect suspicious activities, preventing potential breaches before they escalate.

The healthcare industry holds a treasure trove of sensitive patient data.

Resilient networks are paramount to ensure patient privacy and data integrity. Imagine a hospital’s network segmented into different sections: patient records, medical devices, and administrative systems.

If a cybercriminal gains access to one section, the segmented architecture prevents lateral movement, safeguarding other areas. Additionally, adaptive monitoring tools can identify abnormal patterns in medical device behavior, preventing potential cyberattacks that might impact patient care.

Challenges and future trends

As technology advances, so do the techniques used by cybercriminals. Resilient networks must stay ahead of these evolving threats. The use of artificial intelligence (AI) and machine learning (ML) is becoming increasingly prominent in predicting and mitigating attacks.

Think of AI as a digital detective that learns from patterns and can predict potential threats before they materialize. ML algorithms can identify even subtle anomalies that might escape human notice, enhancing the effectiveness of threat detection mechanisms.

The integration of the internet of things (IoT) and 5G networks brings both convenience and challenges. Imagine a smart home with interconnected devices, from thermostats to refrigerators. While these devices offer convenience, they also open up new avenues for cyberattacks.

Resilient networks must adapt to secure these diverse devices, each with its potential vulnerabilities. Resilient networks must evolve to accommodate the unique challenges posed by these technologies.

Best practices for implementing resilient networks

To reap the benefits of resilient networks, organizations should follow several best practices:

• Regular security audits and assessments: Conduct routine assessments to identify vulnerabilities and areas for improvement within the network.
• Employee training and awareness: Train staff about the importance of cybersecurity and their role in maintaining network resilience.
• Collaboration with security experts: Work with cybersecurity professionals to implement the latest strategies and technologies.
• Continuous improvement and adaptation: Cyber threats evolve, and so must your network. Regularly update and upgrade your network’s defenses.

Conclusion

Resilient networks stand as the guardians of our digital age, fortifying our interconnected world against the constant barrage of cyber threats. In an era where data breaches can have far-reaching consequences, the significance of network resilience cannot be overstated.

By understanding its components, strategies, and real-world applications, organizations can build a robust cybersecurity architecture that not only defends against attacks but also adapts and recovers when breaches occur.

As technology marches forward, the resilience of our networks will be a decisive factor in determining our ability to navigate the digital landscape safely and securely. Remember, in the realm of resilient networks, preparation is protection, and adaptation is strength.

The post Resilient networks: Building blocks of modern Cybersecurity architecture appeared first on Cybersecurity Insiders.

September 20, 2023 at 09:10AM

Read More

Enea Unveils Qosmos Threat Detection SDK to Boost Network Security

As the networking landscape rapidly shifts with data, applications, and infrastructure migrating to the cloud, Enea, a leader in telecom and cybersecurity, has launched its Qosmos Threat Detection SDK. This SDK addresses the limitations of conventional intrusion detection systems (IDS), which struggle to meet the evolving demands of cloud-based, multifunction security platforms.

Filling the Gap in Conventional IDS

Traditional IDS platforms have become increasingly important as traditional network perimeters disappear, but they often fall short in terms of scalability and performance in modern cloud environments. Enea’s Qosmos Threat Detection SDK offers a comprehensive approach to IDS that meets both technical and functional threat detection requirements. It combines Suricata’s industry-leading IDS functionalities with Enea’s Qosmos ixEngine, thereby eliminating the need for double packet processing and significantly accelerating parsing speed.

Performance and Scalability

The SDK doubles the performance by leveraging Enea’s Qosmos ixEngine for packet acquisition and parsing. By optimizing resources, it vastly expands traffic insights, providing significantly higher native throughput than traditional IDS systems.

Jean-Pierre Coury, Vice President of Enea Traffic Intelligence, added, “Faced with the performance and scale requirements of today’s cloud-centric, multifunction IT platforms, traditional IDS/IPS systems are falling behind. Enea Qosmos Threat Detection SDK meets these challenges with a threat detection engine delivered in the format of a software development kit capable of tight integration with third-party solutions, easy customization, and radically improved cybersecurity performance.”

Enhanced Accuracy and Customizability

One of the SDK’s key features is its full traffic visibility, even into encrypted communications. Coupled with enhanced parsing capabilities, this significantly reduces both false negatives and false positives. The SDK allows for the easy creation of custom rulesets, providing cybersecurity solution developers with more accurate and rapid threat detection capabilities.

Roy Chua, Founder and Principal at AvidThink, added, “Modern cybersecurity models rely heavily on DPI. A strong DPI engine not only enables better network traffic visibility but also provides the data needed to create custom rules specific to each environment.”

Simplified Integration and Deployment

Designed with cybersecurity software developers in mind, the Qosmos Threat Detection SDK allows for tight integration into various cybersecurity solutions while maintaining flexibility and scalability. It supports standard rulesets with Suricata syntax, making deployment easier. The SDK also makes Qosmos ixEngine metadata available in rule syntax, further improving threat detection and simplifying integration.

To learn more please visit: https://www.enea.com/solutions/dpi-traffic-intelligence/threat-detection-sdk/

 

The post Enea Unveils Qosmos Threat Detection SDK to Boost Network Security appeared first on Cybersecurity Insiders.

September 20, 2023 at 12:57AM

Read More