Staying a Step Ahead of Ransomware

BRIAN WALLACE | November 16, 2021 | 88 views

Ransomware attacks are becoming more frequent and far more detrimental to business operation, software infrastructures, privacy safety, and information security. In 2020, the frequency of ransomware attacks grew by 7x or more. This upward trajectory is projected to continue with a minimum of 3 out of 4 IT organizations being confronted with at least 1 ransomware attack by 2025. The true cost of ransomware attacks is up to a whopping $20 billion - the total global ransomware damage costs predicted for 2021.


Ransomware attacks often halt business operations, costing businesses up to 23x more than the ransom itself. The costliness of ransomware attacks varies slightly by enterprise size. In 2019, small to medium enterprises (SMEs) represented 98% of claims.In 2019 alone, ransomware claims ranged between $2,500 and $10.1M, with an average claim of $424,000. Often disregarded when tallying ransomware attack damages, business interruption loss also takes a hefty financial toll on businesses. That same year, for SMEs, the average cost of businesses due to interruption was $1.2 million per incident, with the highest cost being $6.5 million.
The heaviest post-attack costs are data loss, insurance premium increases, and heightened risk of reinfection. 82% of ransomware attack victims report significant data loss, and on average, 61% of ransomware attack victims have lost data to corruption. Insurance premium increases are also financially draining. In the first quarter of 2021, premiums increased 29% in January, 32% in February, and 39% in March. For high-risk organizations, premium increases of up to 50-60% may become the norm. On average, deductibles were raised to $1 million, encouraging more insurance clients to opt for cyber coverage, which has increased from 26% in 2016 to 47% in 2020. Reinfection rates pose financial threats as well. Reinfection occurs 80% of the time with 46% of victims suspecting that it was the same attackers. These damages that ransomware attacks leave behind are worth bracing against.


In 2021, the ransomware group Avaddon made headlines after announcing that they were shutting down. Officially, the group had 88 known victims, but decryption keys were released for 2934 victims. While the full extent of Avaddon’s schemes has yet to be uncovered, it has been safely concluded that if all the victims paid the average reported amount, the group made about $1.8 billion. Unfortunately, just 3% of victims reported Avaddon’s attacks.
Many organizations still think of ransomware as one-off attacks, like the infamous WannaCry attack in 2016.  Today, ransomware is far more complex and many are multifaceted. Ransomware attacks may be deployed along with network penetration (compromising your organization’s network with stolen credentials and/or malware), credential harvesting (collecting login credentials for critical systems, such as Domain Name System (DNS)), attacking backups (data storage can provide a roadmap to what information is most sensitive), and/or double extortion (thread of publicizing data theft after a ransomware attack — often in response to companies saying they won’t pay).  With the pandemic’s reorientation toward remote work and learning, cyber businesses and cyber education are backbones of today’s society, which makes securing them crucial.  Failing to do so can breed a slew of downstream issues including job losses and business losses among a plethora more.


There’s never been a better time to protect your business from ransomware. The best ways to do so are to stay up-to-date, increase employee awareness, back up data, and adopt malware detection. Staying up-to-date involves keeping track of patches and software updates, which are key to protecting yourself against ransomware. Increasing employee awareness entails empowering employees to assess whether an attachment, link, or email is trustworthy. It’s critical to keep data backed up on external devices to aid recovery should there be an attack. Last but not least, adopting malware detection, early detection of suspicious activity, is your first line of defense. 

Spotlight

rSolutions Corporation

Your trusted Information Security and Big Data Analytics advisors. rSolutions is focused on exceptional client experiences, fast time-to-value and on-going care after the sale to help companies maximize their investment and satisfaction with the technologies we help deploy. All data is security relevant where cyber security and business intelligence meet. We offer the power of Splunk Elite Partner status for those seeking to unlock the power of their data, with a impressive compliment of security product vendors that make the rSolutions security focus second to none.

OTHER ARTICLES
DATA SECURITY, ENTERPRISE SECURITY

The Great CISO Resignation

Article | November 22, 2022

CISOs Are Leaving in Droves The Great Resignation has been front-page news since Covid lockdowns, with many employees looking for the work-life balance they enjoyed at the time. Now, the phenomenon has spread to the role of Chief Information Security Officer (CISO) and shows no signs of letting up. In fact, industry experts predict that it is likely to worsen. A recent study from cybersecurity company BlackFog found that 32% of CISOs in the U.K. and U.S. have considered leaving and many planned to do so in just six months. The majority noted that the top reason for leaving was a lack of work-life balance. The CISO role is demanding, with firefighting and frequent changes in regulations and customer expectations taking up significant time both on and off the job. In another recent study in which 581 CISOs were surveyed, the IANS Research and Artico Search explored CISO compensation and job satisfaction. Three-fourths of CISOs are satisfied with their job, which is 7% higher than in the 2021 sample and more than double that of the 2020 sample. The main drivers of satisfaction are compensation, budget, executive visibility, and organizational support. However, despite high satisfaction numbers, the study found that as many as 44% of respondents are considering a job change. CISO Challenges LIABILITY AND EXPOSURE OF THE CISO There is a perception that CISOs face heightened liability for cyber intrusions and the response to cyber events. One extraordinary example is the recent conviction of Uber’s former security officer, which represents the first time a security executive has faced federal crime prosecution over a data security response. In this case the finding was that he obstructed justice by concealing information about a breach, destroying data, and covering up the incident. CISOs are often in the hot seat when it comes to cyber-intrusions and how they are handled. The Board of Directors (possibly including named corporate officers) in most cases are protected by being diligent about the Business Judgement Rule (BJR). Heavily adopted in Delaware case law and since adopted in various forms in many states, this “rule” stipulates that proper oversight includes demonstrating the duty of loyalty (no conflicting interests) and duty of care (make informed decisions) to be protected from liability. There are few cases (although Enron being one) where liability was found but it was for illegalities and poor business judgment. Since CISOs are not named corporate officers in most cases, BJR does not provide comfort. Similarly, liability insurance which covers legal defense fees and cash judgments often covers only directors and named corporate officers unless the CISO has been specifically included in the policy. DUTY TO REPORT Improving Board-CISO Transparency There is a mechanism found in corporate governance best-practices for ensuring that the most senior people in an organization get direct, unfiltered input from a key executive, regardless of reporting structure. It is called the executive session. This is in common use by Boards of Directors who meet individually with the Chief Financial Officer, Controller, and other key executives, notably without other management in the room. Questions are intended to be penetrating and the respondent is expected to respond openly. Now that cybersecurity has risen to a top risk for the enterprise, the CISO position should be among those who appear individually in an executive session with the highest governing body of an enterprise at least annually. This addition to governance best-practices would give Board members and State governors unfiltered information on cybersecurity matters, thereby helping to fulfil their oversight responsibility. Bob Zukis, founder and CEO of the Digital Directors Network, reports that a survey of its membership of more than 900 IT, cyber, and boardroom leaders shows nearly half of the respondents already have some form of this policy in practice. However, this is still a minority of the overall CISO population, signaling more transparency between the CISO and Board is needed. CISOs in State Governments Government organizations also face many of these issues. Evidence shows that CISOs in state governments are as vulnerable to other job offers as CISOs in the private sector. In the span of eight days in October 2022, there were several reports of state CISOs resigning, including Oklahoma, Georgia, Pennsylvania, and North Dakota. [1] Legal liability is not an issue the government CISO needs to be worried about since governments and their employees are immune from legal suits. However, government CISOs are highly concerned about shouldering blame, especially in the press, for security intrusions or their coverup. As with private industry, state governments should also institute this recommended practice. NCC recommends CISOs be called upon to appear in an executive session with agency heads and even the governor at least once a year. The State of Texas, for example, already has a version of this policy implemented in a statute and in practice. Texas Administrative Code includes provisions for: Reporting, at least annually, directly to the agency head the status and effectiveness of the security program and its controls. Informing any relevant parties in the event of noncompliance with the state agency’s information security policies Resolving the Great CISO Resignation For organizations across the public and private sectors, cybersecurity has risen to one of the top risks and has increased the importance of the role of the CISO. Most are looking to improve their work-life balance and reduce some of the stressors of the job. While many CISOs are also concerned about trends in liability and becoming headline news for decisions made on the job, requiring CISOs to appear in executive sessions with board members or state governors can help to alleviate these concerns and improve CISO job satisfaction while at the same time improving how the most senior levels of organizations fulfil their responsibilities for oversight of top risks.

Read More
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Top 5 Application Security Trends Businesses Must Be Aware of in 2023

Article | May 10, 2023

Introduction Top 5 Trends for Businesses to Improve Their Existing Application Security 1.AppSec and Convergence 2.Adoption of Automated AI Security Capabilities 3.Emphasis on Securing the Software Supply Chain 4.Extreme 'Shift Left' 5.Upsurge in Demand for Vulnerability Prioritization Moving Forward with Application Security Introduction The proliferation of applications and their usage across the business landscape has made application security a strategic initiative that spans departments rather than an activity. Several factors are driving the rethinking of application security as a broader strategic program, including the evolving threat landscape, more incremental software development frameworks, and the adoption of nimbler. With the acceleration of software development and the greater-than-ever role of code in current business infrastructure, application security is shifting left in the process and infusing every step to ensure that the applications reaching customers' hands are secure and reliable. Top 5 Trends for Businesses to Improve Their Existing Application Security Applications serve as a doorway to servers and networks, making them an excellent target for malicious actors. Since cyber attackers constantly improve their techniques for breaking into software, it is becoming essential for businesses to gain insights into ever-evolving trends in the AppSec space. Here are some of the prominent trends that businesses should aware of to improve their existing application security. Trend 1: AppSec and CloudSec Convergence To accurately estimate attack surface and overall security posture, both application code vulnerabilities and cloud service hosting misconfigurations must be examined. The convergence of AppSec and CloudSec is becoming a critical component of modern security operations. It allows organizations to gain a comprehensive view of the attack surface and better understand the risks posed by application code and cloud service providers. By looking at these two areas cohesively, organizations can identify business-critical vulnerabilities and prioritize their remediation efforts. Trend 2: Adoption of Automated AI Security Capabilities The increasing volume and complexity of security threats pose significant challenges for organizations, causing strain on their threat detection and response capabilities. This leads to slower response times, higher costs, and a greater impact on security incidents. To address this issue, many companies are turning to security automation as a potential solution. One of such approaches involves the use of artificial intelligence (AI), which can automate data gathering, threat identification, and incident response processes. By adopting security automation, companies can optimize the use of limited security personnel and resources, enabling them to focus on high-value activities that provide maximum benefit to the organization. Trend 3: Emphasis on Securing the Software Supply Chain The software supply chain is emerging as a primary area of focus due to the heightened risks associated with software development. This urgency has been further compounded by the recent attack, such as Solarwind data breach and the Log4j attack on Apache, increasing the significance of software security measures. Companies are taking a more proactive approach for making enhancements in the software supply chain to protect their applications, including conducting Static Application Security Testing (SAST) to identify and address vulnerabilities before malicious actors can exploit them. Trend 4: Extreme 'Shift Left' The ‘shift left’ in software development has gained significant momentum in recent years. The idea behind this approach is to prioritize security and other critical aspects of software development at the earliest possible stage in the development process. By doing so, organizations can make more informed security decisions and identify and address security vulnerabilities before they cause any damage. As the pace of development continues to increase, organizations are increasingly adopting this approach in their software development processes to protect their systems and data from security risks. Trend 5: Upsurge in Demand for Vulnerability Prioritization Managing vulnerabilities in a software system requires analyzing vast amounts of data to determine issues that require immediate attention and prioritization. However, the growing presence of false positives is negatively impacting this process, resulting in decreased efficiency and wasted resources. Organizations are increasingly looking for vendors to provide vulnerability management tools that can reduce false positives, differentiate between low-priority issues and severe security threats, and offer actionable insights to mitigate them. Moving Forward with Application Security Applications security has become more critical than ever before for businesses in the current digital scape. With the attack surface constantly expanding and the frequency of threats on the rise, organizations must remain agile and employ the best effective strategies to protect their applications from potential cyberattacks. The significance of application security has not gone unnoticed. As organizations continue to invest in security measures, they are increasingly upgrading themselves as per emerging security trends to protect themselves against evolving cyber threats. This includes adopting the ‘shift left’ approach, tightening controls, and having a clear definition of remediation processes.

Read More
ENTERPRISE SECURITY

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | July 20, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | February 12, 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

Spotlight

rSolutions Corporation

Your trusted Information Security and Big Data Analytics advisors. rSolutions is focused on exceptional client experiences, fast time-to-value and on-going care after the sale to help companies maximize their investment and satisfaction with the technologies we help deploy. All data is security relevant where cyber security and business intelligence meet. We offer the power of Splunk Elite Partner status for those seeking to unlock the power of their data, with a impressive compliment of security product vendors that make the rSolutions security focus second to none.

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Netskope Intelligent SSE Integrates with Amazon Security Lake to Enable Faster Threat Detection and Response in Hybrid Work Environments

Prnewswire | May 31, 2023

Netskope, a leader in Secure Access Service Edge (SASE), today announced an integration between Netskope's Intelligent Security Service Edge (SSE) platform and Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake is a service that automatically centralizes an organization's security data from across their AWS environments, leading SaaS providers, on-premises, and cloud sources into a purpose-built data lake, so customers can act on security data faster and simplify security data management across hybrid and multi cloud environments. Organizations want more visibility across all their security data sources, including on-premises and cloud, to quickly identify and respond to potential threats. To do this, they must enable logging across their security infrastructure, but often face challenges with incompatible data formats and no centralized place to store the logs for useful analysis. To help solve these challenges, Netskope customers can now export logs from the Netskope Intelligent SSE platform to Amazon Security Lake. Amazon Security Lake manages data throughout its lifecycle with customizable data retention settings and converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF), an open community schema. This makes it easier to automatically normalize security data from AWS and combine it with dozens of pre-integrated third-party security data sources. Netskope and AWS can help customers detect and investigate threats faster, by providing: Centralized Visibility: Organizations can now export logs, events and alerts collected by Netskope Cloud Exchange to Amazon Security Lake to get a holistic view of threats and vulnerabilities in their overall environment. Centralize years of cloud and on-premises security data at petabyte scale for detailed analysis. Stronger Security Posture: Organizations can use Netskope logs and Amazon Security Lake analysis tools to quickly discover and remediate threats and vulnerabilities across their environment to strengthen their security posture. Centralized Threat Remediation: Organizations can use Netskope and AWS services to respond to alerts and remediate threats from the centralized Amazon Security Lake console. "As security threats increase along with the ongoing shift to hybrid work, organizations want to be confident that their data, employees, and resources are safe from potential attacks and other nefarious activities," said Andy Horwitz, Vice President of Business Development, Netskope. "Netskope has helped thousands of customers improve their security posture through the use of our Netskope Intelligent SSE platform. By meeting the rigorous standards in support of Amazon Security Lake, organizations can have greater confidence in Netskope's deep technical expertise on AWS and our proven track record in securing even the most complex cloud environments." To learn more about how Netskope helps organizations further strengthen their security posture by sharing security-related logs and threat information with Amazon Security Lake, visit here. About Netskope Netskope, a global SASE leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Contrast Security Positioned as a Visionary in the 2023 Gartner® Magic Quadrant™ for Application Security Testing

Prnewswire | May 30, 2023

Contrast Security (Contrast), the code security platform built for developers and trusted by security, today announced it has been recognized as a Visionary by Gartner in the new "Magic Quadrant for Application Security Testing" for 2023. We believe the recognition further validates that the Contrast Secure Code Platform is a strong fit for organizations looking to improve their application security posture. "The application security testing market continues to be saturated with solutions that lack context and overwhelm DevSecOps teams with false positives," said Steven Phillips, Vice President of Product Marketing at Contrast Security. "We've listened to feedback from our customers and have put a focus on delivering a comprehensive platform that helps overcome these challenges. It's encouraging to see our position within the Magic Quadrant due to our Ability to Execute and the Completeness of our Vision. We provide customers with the tools they need to deploy real-time security tools accurately." The Contrast Secure Code Platform provides customers the ability to "Shift Smart" allowing DevSecOps teams to apply security testing throughout the development process across the entire software development lifecycle. As the only unified code security platform on the market, Contrast leverages the power of instrumentation to embed security within the application's runtime. This solves the challenges of legacy application security tools present in modern software environments. Furthermore, this inside-outside approach allows organizations to very cleanly combine results from the various tools, coordinate actions between them and write and execute complex security and testing policies with very little overhead visible to developers. Those are the features that more complex offerings often fail to achieve. A full, complimentary copy of the Gartner "Magic Quadrant for Application Security Testing" for 2023 can be downloaded here. About Gartner Magic Quadrant Gartner evaluates companies based on completeness of vision and ability to execute criteria. Evaluation criteria for completeness of vision include market understanding, market strategy, sales strategy, offering (product) strategy, business model, vertical/industry strategy, innovation, and geographic strategy. Criteria for a vendor's ability to execute include product or service, overall viability, sales execution/pricing, market responsiveness/record, marketing execution, customer experience, and operations. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. About Contrast Security (Contrast) A world-leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete Software Development Life Cycle (SDLC) with Contrast to protect against today's targeted Application Security (AppSec) attacks. Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today's pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of Common Vulnerabilities and Exposure (CVEs). This allows security teams to avoid spending time focusing on false positives so as to remediate true vulnerabilities faster. Contrast's platform solutions for code assessment, testing, protection, serverless, supply chain, application programming interfaces (APIs) and languages help enterprises achieve true DevSecOps transformation and compliance. Contrast protects against major cybersecurity attacks for its customer base, which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, Sompo Japan and The American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM, GuidePoint Security, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers. The growing demand for the world's only platform for code security has landed the company on some of the most prestigious lists, including the Inc. 5000 List of America's Fastest-Growing Companies and the Deloitte Technology Fast 500 List of fastest-growing companies.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

SOC Prime Launches Integration with Amazon Security Lake to Supercharge Security Operations

Businesswire | May 31, 2023

SOC Prime, provider of the world’s largest and most advanced platform for collective cyber defense, today announced its integration with Amazon Security Lake, the AWS security service that enables organizations to automatically centralize security data from the cloud, on-premises, and custom data sources into a purpose-driven data lake stored in their account. SOC Prime drives a transformational change in cybersecurity relying on zero-trust & multi-cloud approach to empower smart data orchestration, dynamic attack surface visibility, and cost-efficient threat hunting. Backed by its advanced cybersecurity solutions, Uncoder AI, Attack Detective, and The Prime Hunt, SOC Prime enables organizations to boost their cyber defense capabilities at scale, unleashing the power of Amazon Security Lake. Leveraging SOC Prime’s Uncoder AI, an Augmented Intelligence framework, security teams can save development time and migration costs with re-usable threat hunting queries automatically convertible to Amazon Athena and OpenSearch in the standard Open Cybersecurity Schema Framework (OSCF) format. SOC Prime’s Attack Detective tool intelligently and automatically queries security logs in the customer's Amazon Security Lake account via Amazon Athena and Amazon OpenSearch to identify data sources and then scan them in real time with a curated set of threat hunting queries. By leveraging Attack Detective, security engineers can channel their efforts directly into incident investigation rather than analyzing overwhelming volumes of alerts and accelerate threat research by validating over 10,000 adversary behaviors against the stored log sources in a matter of hours. Attack Detective follows core Zero-Trust Architecture (ZTA) principles segregating the data plane and control plane to ensure that no SIEM or EDR access credentials are shared or inherited within the Company profile. The tool provides complete threat visibility based on the organization-specific logs by linking and correlating with SIEM and EDR on-premises data in its native location without the need to migrate it to the cloud, which contributes to significant cost savings and ensures compliance with zero-trust basic tenets. Adding to investment optimization capabilities, The Prime Hunt open-source browser extension enables security professionals to extract valuable data from large datasets at a lower cost. Users can seamlessly run threat hunting queries on security logs within the Amazon Security Lake account via a web browser in both Athena and OpenSearch and automatically identify accounts and assets affected by the suspected activity. About SOC Prime Headquartered in Boston, SOC Prime operates the world’s largest and most advanced platform for collective cyber defense that cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules compatible with over 27 SIEM, EDR, and XDR platforms. SOC Prime’s innovation, backed by the vendor-agnostic and zero-trust cybersecurity approach, and cutting-edge technology leveraging Sigma language and MITRE ATT&CK® as core pillars are recognized by the independent research companies, credited by the leading SIEM, XDR & MDR vendors, and trusted by 8,000+ organizations, including 42% of Fortune 100 and 21% of Forbes Global 2000. Flexible subscriptions ensure that both organizations and individual operators can benefit from SOC Prime’s curated detection content and enhanced cyber defense capabilities. SOC Prime is backed by DNX Ventures, Streamlined Ventures, and Rembrandt Venture Partners, having received $11.5M in funding in October 2021. For more information, visit https://socprime.com or follow us on LinkedIn & Twitter.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Netskope Intelligent SSE Integrates with Amazon Security Lake to Enable Faster Threat Detection and Response in Hybrid Work Environments

Prnewswire | May 31, 2023

Netskope, a leader in Secure Access Service Edge (SASE), today announced an integration between Netskope's Intelligent Security Service Edge (SSE) platform and Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake is a service that automatically centralizes an organization's security data from across their AWS environments, leading SaaS providers, on-premises, and cloud sources into a purpose-built data lake, so customers can act on security data faster and simplify security data management across hybrid and multi cloud environments. Organizations want more visibility across all their security data sources, including on-premises and cloud, to quickly identify and respond to potential threats. To do this, they must enable logging across their security infrastructure, but often face challenges with incompatible data formats and no centralized place to store the logs for useful analysis. To help solve these challenges, Netskope customers can now export logs from the Netskope Intelligent SSE platform to Amazon Security Lake. Amazon Security Lake manages data throughout its lifecycle with customizable data retention settings and converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF), an open community schema. This makes it easier to automatically normalize security data from AWS and combine it with dozens of pre-integrated third-party security data sources. Netskope and AWS can help customers detect and investigate threats faster, by providing: Centralized Visibility: Organizations can now export logs, events and alerts collected by Netskope Cloud Exchange to Amazon Security Lake to get a holistic view of threats and vulnerabilities in their overall environment. Centralize years of cloud and on-premises security data at petabyte scale for detailed analysis. Stronger Security Posture: Organizations can use Netskope logs and Amazon Security Lake analysis tools to quickly discover and remediate threats and vulnerabilities across their environment to strengthen their security posture. Centralized Threat Remediation: Organizations can use Netskope and AWS services to respond to alerts and remediate threats from the centralized Amazon Security Lake console. "As security threats increase along with the ongoing shift to hybrid work, organizations want to be confident that their data, employees, and resources are safe from potential attacks and other nefarious activities," said Andy Horwitz, Vice President of Business Development, Netskope. "Netskope has helped thousands of customers improve their security posture through the use of our Netskope Intelligent SSE platform. By meeting the rigorous standards in support of Amazon Security Lake, organizations can have greater confidence in Netskope's deep technical expertise on AWS and our proven track record in securing even the most complex cloud environments." To learn more about how Netskope helps organizations further strengthen their security posture by sharing security-related logs and threat information with Amazon Security Lake, visit here. About Netskope Netskope, a global SASE leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Contrast Security Positioned as a Visionary in the 2023 Gartner® Magic Quadrant™ for Application Security Testing

Prnewswire | May 30, 2023

Contrast Security (Contrast), the code security platform built for developers and trusted by security, today announced it has been recognized as a Visionary by Gartner in the new "Magic Quadrant for Application Security Testing" for 2023. We believe the recognition further validates that the Contrast Secure Code Platform is a strong fit for organizations looking to improve their application security posture. "The application security testing market continues to be saturated with solutions that lack context and overwhelm DevSecOps teams with false positives," said Steven Phillips, Vice President of Product Marketing at Contrast Security. "We've listened to feedback from our customers and have put a focus on delivering a comprehensive platform that helps overcome these challenges. It's encouraging to see our position within the Magic Quadrant due to our Ability to Execute and the Completeness of our Vision. We provide customers with the tools they need to deploy real-time security tools accurately." The Contrast Secure Code Platform provides customers the ability to "Shift Smart" allowing DevSecOps teams to apply security testing throughout the development process across the entire software development lifecycle. As the only unified code security platform on the market, Contrast leverages the power of instrumentation to embed security within the application's runtime. This solves the challenges of legacy application security tools present in modern software environments. Furthermore, this inside-outside approach allows organizations to very cleanly combine results from the various tools, coordinate actions between them and write and execute complex security and testing policies with very little overhead visible to developers. Those are the features that more complex offerings often fail to achieve. A full, complimentary copy of the Gartner "Magic Quadrant for Application Security Testing" for 2023 can be downloaded here. About Gartner Magic Quadrant Gartner evaluates companies based on completeness of vision and ability to execute criteria. Evaluation criteria for completeness of vision include market understanding, market strategy, sales strategy, offering (product) strategy, business model, vertical/industry strategy, innovation, and geographic strategy. Criteria for a vendor's ability to execute include product or service, overall viability, sales execution/pricing, market responsiveness/record, marketing execution, customer experience, and operations. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. About Contrast Security (Contrast) A world-leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete Software Development Life Cycle (SDLC) with Contrast to protect against today's targeted Application Security (AppSec) attacks. Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today's pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of Common Vulnerabilities and Exposure (CVEs). This allows security teams to avoid spending time focusing on false positives so as to remediate true vulnerabilities faster. Contrast's platform solutions for code assessment, testing, protection, serverless, supply chain, application programming interfaces (APIs) and languages help enterprises achieve true DevSecOps transformation and compliance. Contrast protects against major cybersecurity attacks for its customer base, which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, Sompo Japan and The American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM, GuidePoint Security, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers. The growing demand for the world's only platform for code security has landed the company on some of the most prestigious lists, including the Inc. 5000 List of America's Fastest-Growing Companies and the Deloitte Technology Fast 500 List of fastest-growing companies.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

SOC Prime Launches Integration with Amazon Security Lake to Supercharge Security Operations

Businesswire | May 31, 2023

SOC Prime, provider of the world’s largest and most advanced platform for collective cyber defense, today announced its integration with Amazon Security Lake, the AWS security service that enables organizations to automatically centralize security data from the cloud, on-premises, and custom data sources into a purpose-driven data lake stored in their account. SOC Prime drives a transformational change in cybersecurity relying on zero-trust & multi-cloud approach to empower smart data orchestration, dynamic attack surface visibility, and cost-efficient threat hunting. Backed by its advanced cybersecurity solutions, Uncoder AI, Attack Detective, and The Prime Hunt, SOC Prime enables organizations to boost their cyber defense capabilities at scale, unleashing the power of Amazon Security Lake. Leveraging SOC Prime’s Uncoder AI, an Augmented Intelligence framework, security teams can save development time and migration costs with re-usable threat hunting queries automatically convertible to Amazon Athena and OpenSearch in the standard Open Cybersecurity Schema Framework (OSCF) format. SOC Prime’s Attack Detective tool intelligently and automatically queries security logs in the customer's Amazon Security Lake account via Amazon Athena and Amazon OpenSearch to identify data sources and then scan them in real time with a curated set of threat hunting queries. By leveraging Attack Detective, security engineers can channel their efforts directly into incident investigation rather than analyzing overwhelming volumes of alerts and accelerate threat research by validating over 10,000 adversary behaviors against the stored log sources in a matter of hours. Attack Detective follows core Zero-Trust Architecture (ZTA) principles segregating the data plane and control plane to ensure that no SIEM or EDR access credentials are shared or inherited within the Company profile. The tool provides complete threat visibility based on the organization-specific logs by linking and correlating with SIEM and EDR on-premises data in its native location without the need to migrate it to the cloud, which contributes to significant cost savings and ensures compliance with zero-trust basic tenets. Adding to investment optimization capabilities, The Prime Hunt open-source browser extension enables security professionals to extract valuable data from large datasets at a lower cost. Users can seamlessly run threat hunting queries on security logs within the Amazon Security Lake account via a web browser in both Athena and OpenSearch and automatically identify accounts and assets affected by the suspected activity. About SOC Prime Headquartered in Boston, SOC Prime operates the world’s largest and most advanced platform for collective cyber defense that cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules compatible with over 27 SIEM, EDR, and XDR platforms. SOC Prime’s innovation, backed by the vendor-agnostic and zero-trust cybersecurity approach, and cutting-edge technology leveraging Sigma language and MITRE ATT&CK® as core pillars are recognized by the independent research companies, credited by the leading SIEM, XDR & MDR vendors, and trusted by 8,000+ organizations, including 42% of Fortune 100 and 21% of Forbes Global 2000. Flexible subscriptions ensure that both organizations and individual operators can benefit from SOC Prime’s curated detection content and enhanced cyber defense capabilities. SOC Prime is backed by DNX Ventures, Streamlined Ventures, and Rembrandt Venture Partners, having received $11.5M in funding in October 2021. For more information, visit https://socprime.com or follow us on LinkedIn & Twitter.

Read More

Events