ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Prnewswire | May 31, 2023
Netskope, a leader in Secure Access Service Edge (SASE), today announced an integration between Netskope's Intelligent Security Service Edge (SSE) platform and Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake is a service that automatically centralizes an organization's security data from across their AWS environments, leading SaaS providers, on-premises, and cloud sources into a purpose-built data lake, so customers can act on security data faster and simplify security data management across hybrid and multi cloud environments.
Organizations want more visibility across all their security data sources, including on-premises and cloud, to quickly identify and respond to potential threats. To do this, they must enable logging across their security infrastructure, but often face challenges with incompatible data formats and no centralized place to store the logs for useful analysis.
To help solve these challenges, Netskope customers can now export logs from the Netskope Intelligent SSE platform to Amazon Security Lake. Amazon Security Lake manages data throughout its lifecycle with customizable data retention settings and converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF), an open community schema. This makes it easier to automatically normalize security data from AWS and combine it with dozens of pre-integrated third-party security data sources.
Netskope and AWS can help customers detect and investigate threats faster, by providing:
Centralized Visibility: Organizations can now export logs, events and alerts collected by Netskope Cloud Exchange to Amazon Security Lake to get a holistic view of threats and vulnerabilities in their overall environment. Centralize years of cloud and on-premises security data at petabyte scale for detailed analysis.
Stronger Security Posture: Organizations can use Netskope logs and Amazon Security Lake analysis tools to quickly discover and remediate threats and vulnerabilities across their environment to strengthen their security posture.
Centralized Threat Remediation: Organizations can use Netskope and AWS services to respond to alerts and remediate threats from the centralized Amazon Security Lake console.
"As security threats increase along with the ongoing shift to hybrid work, organizations want to be confident that their data, employees, and resources are safe from potential attacks and other nefarious activities," said Andy Horwitz, Vice President of Business Development, Netskope. "Netskope has helped thousands of customers improve their security posture through the use of our Netskope Intelligent SSE platform. By meeting the rigorous standards in support of Amazon Security Lake, organizations can have greater confidence in Netskope's deep technical expertise on AWS and our proven track record in securing even the most complex cloud environments."
To learn more about how Netskope helps organizations further strengthen their security posture by sharing security-related logs and threat information with Amazon Security Lake, visit here.
Netskope, a global SASE leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Prnewswire | June 02, 2023
Secureworks® (NASDAQ: SCWX), a global leader in cybersecurity, today announced two new offerings to unify the way industrial organizations prevent, detect, and respond to threats across the OT and IT landscapes.
Taegis XDR for OT – Secureworks award-winning XDR platform that combines intelligence from OT with security telemetry across the IT landscape into a single unified threat prevention, detection and response platform. The platform is for Managed Security Service Providers (MSSPs) who want to deliver Managed Detection and Response (MDR) solutions, and for organizations that manage their own SOCs.
Taegis ManagedXDR for OT – Secureworks MDR offering that empowers industrial organizations, such as manufacturers, to secure both OT and IT environments with a team of security experts detecting, investigating, and responding to threats 24x7.
The convergence of OT and IT in the industrial sector brings technological and economic benefits, but also increases risk. The more OT systems are digitally connected, the larger the overall attack surface becomes, making OT an increasingly attractive target for threat actors. This, combined with a global cybersecurity talent shortage numbering in the millions, has led to unprecedented levels of cyberattacks impacting the industrial sector. According to Gartner®1, manufacturing companies are now among the most targeted for cyberattacks, comprising 23% of all attacks. Secureworks Counter Threat Unit™ data shows that approximately 22% of Secureworks' emergency incident response engagements between April 2022 and April 2023 were in the manufacturing industry alone. Manufacturing made up 20% of all ransomware-based incident response engagements that Secureworks remediated in the same period. Gartner also predicts that by 2025, 70% of asset-intensive organizations will have converged their security functions across both enterprise and operational environments.2 Yet, in industrial environments overall, OT is often managed differently from IT with no centralized visibility across both.
"As OT and IT systems infrastructure becomes more interdependent and connected, the risks from threats traversing these environments are rapidly escalating," said Dave Gruber, Principal Analyst with Enterprise Security Group. "Security operations teams need visibility into the combined OT/IT environment to detect, investigate, and respond to these complex threats. Secureworks' move to offer a specialized OT security solution by leveraging its own, proven Taegis XDR platform highlights the importance of this increasing threat."
"Industrial organizations will continue to be challenged by an expanding attack surface and evolving threat landscape. Their risks include unplanned shutdowns, financial losses, and harm to human populations that rely on critical services," said Kyle Falkenhagen, Chief Product Officer, Secureworks. "And the potential costs are staggering. For example, manufacturers lose an average of $148 per second3 of unplanned downtime – almost $9,000 per minute. As a managed solution that unifies threat prevention, detection and response of OT and IT into a single platform, Secureworks helps organizations with OT environments reduce cyber risks and enhance their security postures as they complete their digital transformations," Falkenhagen concluded.
Taegis ManagedXDR for OT
Industrial organizations can reduce risk by bringing Taegis XDR's threat monitoring, detection, investigation and response capabilities across both OT and IT environments, eliminating the visibility challenges often associated with OT and IT systems. Taegis XDR is already used by five of the top 20 manufacturers in the world. Now, with the first integrated MDR solution for OT and IT, organizations can unify their security monitoring and visibility strategies under a single platform, while gaining the benefits of a fully managed security solution using Taegis ManagedXDR.
The solution includes:
24x7 threat monitoring with unlimited access to security experts in 90 seconds or less, collaborative design of OT and IT response processes, customizable rules and playbooks, quarterly expert security reviews, monthly threat hunting, onboarding support, and access to proactive services (including incident response planning and adversarial testing).
Taegis XDR platform, a SaaS security platform that processes more than 640 billion events daily across more than 2,000 customers to enable superior detection and response. The Taegis platform integrates feeds from third-party tools that are normalized and analyzed, along with Secureworks own proprietary data and global threat intelligence curated by the Counter Threat Unit.
Secureworks Taegis endpoint agent and the Secureworks Taegis iSensor IDS/IPS device for monitoring IT and OT traffic.
Integrations with leading OT solutions.
Hundreds of out-of-the-box integrations across different technology solutions including Google, Mimecast, AWS, Microsoft, and Netskope among others.
Access to a full suite of proactive security testing services to raise cyber resiliency across OT and IT environments.
Secureworks brings the power of Taegis XDR to OT environments by delivering:
Superior threat detection and unmatched response across OT and IT environments through the Taegis XDR platform. Taegis XDR uses advanced analytics and machine learning to discover stealthy threats while automatically prioritizing the most serious threats. The platform includes more than 700,000 curated threat indicators and 20,000 curated countermeasures. Designed as an open platform, Taegis continuously interprets telemetry from proprietary and third-party sources while providing the best support for environments with endpoint solutions from different providers.
Vast insights into threats targeting industrial environments. The Secureworks Counter Threat Unit research team analyzes and uncovers new threats targeting industrial environments, from manufacturers to critical infrastructure services, using over 20 years of defending organizations all over the world. Threat insights are developed from elite threat researchers tracking over 175 active threat groups, findings from over 3,000 incident response and testing engagements each year, and a diversity of attack data from Taegis.
Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers' ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY
Prnewswire | June 07, 2023
Lacework, the data-driven security platform, today announced new CIEM functionality that empowers teams to gain observability of all cloud identities, know precisely who can perform what actions, and easily identify which identities pose the greatest risk. Furthermore, Lacework's actionable approach to CIEM provides customers with recommendations on how to reduce their identity risk. By combining these new capabilities with cloud security posture management, attack path analysis, and threat detection into a single platform, Lacework gives customers a clear understanding of their cloud identity landscape, visibility into cloud identity and access management (IAM) misconfigurations and exposed secrets, and continuous discovery of identity threats.
The benefits of public cloud come with complex challenges in managing identity risk. With over 35,000 granular permissions across hyperscale cloud providers, organizations struggle to limit unnecessary access. Most cloud users and instances are granted far more permissions than they actually need, leaving organizations highly exposed to cloud breach, account takeover, and data exfiltration. And the fact that machine identities in the cloud typically outnumber humans by an order of magnitude intensifies the issue.
"Enforcing least privilege and having visibility of identities and entitlements is a top cloud security challenge for IDC clients. With this innovation from Lacework, security teams can automatically see which identities are overly-permissive, and zero in on the ones that pose the greatest risk," said Philip Bues, Research Manager for Cloud Security, at IDC. "Beyond prioritizing risks, this will also allow teams to confidently suggest policy changes and reduce their overall attack surface risk."
Preventing Cloud Identity Risk with New Entitlement Management Technology
Lacework dynamically discovers cloud user, resource, group and role identities and their net-effective permissions and then automatically correlates granted versus used permissions to determine identities with excessive privileges. The platform calculates a risk score for each identity, determines the riskiest identities based on attack path analysis, and auto-generates high-confidence recommendations for right-sizing permissions based on historical observations. This means Lacework not only informs customers of risky identities and entitlements, but also shows those identities that are hardly used or even need entitlements to begin with.
"CIEM is a vital facet of a comprehensive cloud security strategy," said Paolo del Mundo, Director of Application Security, The Motley Fool. "It's encouraging to see Lacework incorporating this into their well-rounded CNAPP solution, potentially providing a robust response to the challenge of managing cloud access permissions effectively."
Combined with Lacework's ability to prioritize risks from an attack path context, as well as detect user and entity behavior anomalies, customers are able to:
Continuously comply with IAM security and regulatory compliance requirements.
Identify cloud user, application and service identities, know exactly what actions each can take, and prioritize the identities that pose the greatest risk.
Limit the blast radius of compromised cloud accounts, achieve least privilege, and establish trust with engineering teams.
Continuously discover risky behavior, including lateral movement and privilege escalation, without needing to write rules or stitching together disparate alerts.
Rapidly detect insider threats associated with malicious or accidental abuse of permissions.
"Our customers need to know what entities are actually doing in their cloud and whether it's malicious or inappropriate, and it can't get in the way of their ability to move fast," said Adam Leftik, Vice President, Product, Lacework. "Now Lacework customers can address both sides of the identity security issue with a single platform that prevents identity risk exposure and detects identity threats at scale, with the context to quickly investigate, prioritize, and respond to identity alerts. It's the latest step in our mission to give enterprises the confidence to rapidly innovate in the cloud and drive their business forward."
Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization's AWS, Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at www.lacework.com.