DATA SECURITY

AdvIntel & KPMG LLP announce alliance around cyber threat detection and ransomware response

AdvIntel | October 01, 2021

AdvIntel, a leading cybersecurity threat prevention and loss avoidance company with a unique and unparalleled ability to detect and disrupt ransomware and KPMG LLP, the global audit, tax and advisory firm, today announced an alliance around AdvIntel's "Andariel" Threat Prevention & Loss Avoidance Platform.

The profile of ransomware victims has moved upmarket over the past year as the adversaries have enhanced their capabilities faster than cyber defenses at an alarming trend.

 The state of the current cyber security market is full of uncertainties. The current breach response is traditionally reactive, leading to a breach after a breach. Now, with the unique alliance, we are effectively reversing the traditional breach paradigm with the vision to disrupt breaches before they turn into ransomware. Our goal is to bring the world closer to a ransomware-free future via the proactive and preventative breach response.

According to AdvIntel CEO, Vitali Kremez

Andariel' s ability to track botnet initial compromises enables AdvIntel' s customers to take action before data and personally identifiable information is leaked, which could prevent regulatory, reputational, and legal losses related to data breach legal liability.

Ed Goings, KPMG National Lead for Cyber Response Services stated "Intelligence of this level is a complete game changer. Many companies state they provide threat intelligence, but this is the first time I have seen actionable intelligence that can be used to potentially identify corporate ransomware attacks before they happen."

Moreover, some of the tracked botnets have a unique relationship with some of the monitored ransomware families. Therefore, by timely identifying botnet activity in their systems, AdvIntel's clients can identify and potentially avert tremendous losses from ransomware attacks.

Incident response case support through Andariel enables a corporate cyber investigation team by providing immediate information on the "patient zero", the way cyber infection spreads through the system, as well as the vulnerabilities which lead to the compromise. Andariel aims to significantly decrease the time and resources spent on investigations, as well as to decrease the insurance claims and coverage of the remediation effort.

AdvIntel and KPMG will jointly go to market to combat cyber incidents, by providing early-warning alerting, applied threat detection, and long-term strategic threat intelligence. AdvIntel and KPMG are already working jointly with several cyber insurance providers around the threat prevention and loss avoidance needs of their customer base.

About AdvIntel
AdvIntel is the world's first and only cybercrime and adversarial disruption firm which leverages Andariel, a next-generation threat prevention and loss avoidance platform which has visibility beyond a company's own internal network. Andariel sheds light on the botnet and breach ecosystem in order to spot threats and compromises preemptively and proactively. Whether prolific botnets, ransomware syndicates, cyber extortionists, carders, advanced persistent threat groups, or crimeware operators, Andariel ensures ultimate visibility into these threats before they actualize and do harm.

About KPMG LLP
KPMG LLP is the U.S. firm of the KPMG global organization of independent professional services firms providing audit, tax and advisory services. The KPMG global organization operates in 146 countries and territories and has close to 227,000 people working in member firms around the world. Each KPMG firm is a legally distinct and separate entity and describes itself as such. KPMG International Limited is a private English company limited by guarantee. KPMG International Limited and its related entities do not provide services to clients. Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

Spotlight

To not only survive but thrive midst the large-scale disruption faced by the banking industry, large investments are being made in IT transformation. Low interest rates, regulatory pressure to cut fees, growing competition from new ‘digitally-native’ entrants and the disintermediation of payment services as a result of the Payment Services Directive (PSD2), means that basic retail banking services are becoming less profitable. Cutting costs and looking for new ways to do business in a more efficient way are the only ways forward.

Spotlight

To not only survive but thrive midst the large-scale disruption faced by the banking industry, large investments are being made in IT transformation. Low interest rates, regulatory pressure to cut fees, growing competition from new ‘digitally-native’ entrants and the disintermediation of payment services as a result of the Payment Services Directive (PSD2), means that basic retail banking services are becoming less profitable. Cutting costs and looking for new ways to do business in a more efficient way are the only ways forward.

Related News

DATA SECURITY, ENTERPRISE IDENTITY, SOFTWARE SECURITY

Tanium Unveils Groundbreaking Integration with Microsoft Sentinel

Tanium | September 16, 2022

Tanium, the industry’s only provider of converged endpoint management (XEM), today announced the first of several powerful integrations between Microsoft and the Tanium XEM platform. The integration marks the latest expansion in a relationship that includes Tanium’s membership in the Microsoft Intelligent Security Association (MISA) and its availability in the Microsoft Azure Marketplace. By making Tanium’s rich, real-time endpoint data accessible directly from the Sentinel console, the integration enables IT organizations to comprehensively detect, investigate, triage, prioritize, and remediate threats automatically, extending Sentinel’s advanced security and analytics capabilities, reducing the number of false positives that require disposition, and allowing security practitioners to better identify threats that might otherwise be missed. “Environments like ours are complex — there’s a great diversity of the types of devices and a large number of users accessing sensitive information,” said Mark Wantling, CIO the University of Salford. “It‘s a lot for my relatively small InfoSec team to manage, so I'm very excited about Tanium's integration with Microsoft Sentinel. Now my team can investigate, identify, triage, and remediate threats quickly without even leaving the Sentinel console, and that's a gamechanger.” The Tanium integration with Sentinel also enables active threat hunting. With Tanium’s detailed real-time data taken directly from the endpoint, security practitioners are better able to contextualize and correlate alerts sourced from both Microsoft and Tanium with almost no delay across an entire IT environment. They get accurate real-time data rather than information that may no longer be correct as a result of inherent latency. Additionally, Tanium gives incident responders the ability to take immediate action on alerts as they happen including quarantining a device, deploying a patch, or updating software, all from the Sentinel console. Customers benefit from proactive, predictive, automated management of their entire IT stack. Tanium + Sentinel gives Microsoft customers the ability to monitor and ensure their Microsoft’s solutions are highly available and operate at optimal health. With its real-time distributed architecture, Tanium can independently verify that all Microsoft services are deployed and up-to-date and validate that it is fully performant on every endpoint. If needed, customers can easily deploy a patch or quarantine a device in seconds to ensure they get the most out of their Microsoft investments. “We’re excited to continue to expand our relationship with Microsoft. “Already we work together to make Microsoft environments healthier and more secure by reducing risks for customers and protecting their investments in Azure, and soon we’ll be releasing a series of powerful integrations with Microsoft tools in addition to our Sentinel Integration.” Rob Jenks, SVP of corporate strategy at Tanium In addition to joining MISA, Tanium is available in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. Customers can purchase and provision Tanium directly from the marketplace and apply the purchase to their Microsoft Azure Consumption Commitments (MACC). Tune in now to hear Tanium CEO Orion Hindawi and Microsoft Corporate VP of Cybersecurity Ann Johnson discuss the vision for the partnership and how Tanium’s real-time data and control can enhance security, performance, and automation for today’s growing enterprises. You can also visit www.youtube.com/watch?v=S-gZC9M3lkE. About Tanium Tanium, the industry’s only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, Compliance, Security, and Risk into a single platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium has been named to the Forbes Cloud 100 list for seven consecutive years and ranks on Fortune’s list of the Best Large Workplaces in Technology. In fact, more than half of the Fortune 100 and the U.S. armed forces trust Tanium to protect people; defend data; secure systems; and see and control every endpoint, team, and workflow everywhere. That’s the power of certainty.

Read More

DATA SECURITY, NETWORK THREAT DETECTION, PLATFORM SECURITY

Exabeam Introduces New-Scale SIEM™

Exabeam | October 17, 2022

Exabeam, a global cybersecurity leader and creator of New-Scale SIEM for advancing security operations, today announced a groundbreaking cloud-native portfolio of products that enables security teams everywhere to Detect the Undetectable™. New-Scale SIEM is a powerful combination of cloud-scale security log management, industry-leading behavioral analytics, and an automated investigation experience. Built on the cloud-native Exabeam Security Operations Platform, the New-Scale SIEM product portfolio gives worldwide security teams the greatest fighting chance at defeating adversaries with advanced threat detection, investigation, and response (TDIR). The new product portfolio is generally available (GA) today. “Security operations teams have faced difficulty defending against complex threats and evolving adversarial behavior because technology innovation has not kept up in the realm where big data meets cybersecurity. “Exabeam is known for having the best behavioral analytics product on the market — it’s why so many of the world’s largest organizations count on Exabeam every day to help stop adversaries, including the majority now utilizing valid credentials. We are marrying behavior analytics with the world's most modern, hyperscale, cloud-native data lake to ingest, parse, store, and search data in real time from anywhere. The SIEM industry has been ripe for evolution for some time and New-Scale SIEM represents that evolution.” Michael DeCesare, CEO and President Exabeam Unmatched Performance Significantly more affordable than competitive offerings, the new Exabeam cloud-native product portfolio is built on an open platform that integrates with more than 500 different third-party products and includes nearly 8,000 pre-built parsers, greatly reducing onboarding, deployment, and run times. An industry-first, security teams can now search query responses across petabytes of hot, warm, and cold data in seconds. Organizations can now also process logs at sustained speeds of over one million events per second. “The Exabeam Security Operations Platform and portfolio of products are designed like no other on the market. We deliver the single solution security operations analysts can count on to conduct accelerated, thorough threat detection, investigation, and response (TDIR) with the most consistent and successful outcomes,” said Adam Geller, Chief Product Officer, Exabeam. “We provide security teams with a holistic picture of their environment –– data from core security products, IT infrastructure, and business applications joined with critical user and device context and timely threat intelligence data –– to detect what competitive SIEMs simply can’t. In addition to our industry-leading behavioral analytics, we’re proud to deliver world-class security log management and new modular SIEM solutions for organizations at all stages of their data growth and security journey.” Understanding Normal Behavior to Detect and Prioritize Anomalies Organizations can use Exabeam to defend against the rising threat of external and internal attacks that in today’s world are more often than not leveraging compromised credentials. More than 750 behavioral models power 1,200 anomaly detection rules in Exabeam to baseline normal behavior for every user and device. This is beyond anything a legacy SIEM can possibly create with correlation rules. For example, for an organization with basic logging, 20,000 users, and 50,000 assets, Exabeam can dynamically build and update 50 million unique detection rules. According to the 2022 Verizon DBIR, over 90% of breaches are rooted in compromised credentials. Whether it’s phishing, ransomware, malware, or other external threats, valid credentials have emerged as the adversaries’ primary target. This combined with explosive amounts of data demands a shift in investment from legacy on-premises, rule-based detections to cloud-native SIEM platforms that uniquely understand normal behavior, even as normal keeps changing. “It’s all about the credentials. Today’s announcement takes Exabeam, our customers, partners, and the SIEM market into an entirely new stratosphere,” said Ralph Pisani, President, Exabeam. “Detecting stolen or misused credentials –– and the abnormal behavior that follows –– is not possible without understanding normal behavior. If you don’t know normal behavior for every single user and device in your environment, understanding abnormal behavior in your organization is a near impossible undertaking –– this is a fundamental capability that only Exabeam can deliver on at scale.” Whether replacing a legacy product with New-Scale SIEM, or complementing an ineffective third-party SIEM solution by adding the industry’s most powerful behavioral analytics and automation to it, Exabeam can help organizations achieve security operations success. Exabeam customers are moving to and experiencing the benefits of New-Scale SIEM. “Exabeam is our holistic security operations platform that provides and coordinates automated visibility, detection, analytics, investigation, and response across our key operating environments,” said Jerry Larsen, IT Security Manager, Patrick Industries. “We have several ERP systems that all need to be protected and Exabeam does the job better than any legacy SIEM we looked at –– we’re excited to be an Exabeam customer and part of their innovation machine.” “At NEC Australia, securing our data, users, devices and infrastructure are paramount to how we operate as a technology company. Having broad and accurate visibility of our IT environment as well as the ability to recognise what’s normal behavior for our users and entities is key,” said Peter Fröchtenicht, National Service Manager – Security and Compliance, NEC Australia. “Deploying Exabeam’s SIEM has enabled our team to effectively prioritize security alerts, which has freed up time for our analysts to focus on other security tasks, whilst also having a greater understanding of our attack surface and how all our employees interact with our resources.” New Exabeam products include: Exabeam Security Log Management - Cloud-scale security log management to ingest, parse, store, and search log data with powerful dashboarding and correlation. Exabeam SIEM - Cloud-native SIEM at hyperscale with fast, modern search, and powerful correlation, reporting, dashboarding, and case management. Exabeam Fusion - New-Scale SIEM™, powered by modern, scalable security log management, powerful behavioral analytics, and automated TDIR. Exabeam Security Analytics - Automated threat detection powered by user and entity behavior analytics with correlation and threat intelligence. Exabeam Security Investigation - TDIR powered by user and entity behavior analytics, correlation rules, and threat intelligence, supported by alerting, incident management, automated triage, and response workflows. Exabeam architected its new security operations platform and New-Scale SIEM product portfolio on Google Cloud (NASDAQ: GOOGL). “We are delighted that Exabeam has built its platform and portfolio of products on Google Cloud to help more companies securely leverage their data at cloud scale,” said Gerrit Kazmaier, Vice President and General Manager, Data Analytics and Business Intelligence at Google Cloud. “The combination of Exabeam cybersecurity products with Google's Data Cloud capabilities removes limits on security team productivity, storage, and speed to fully optimize security operations.” About Exabeam Exabeam is a global cybersecurity leader that created New-Scale SIEMTM for advancing security operations. Built for security people by security people, we reduce business risk and elevate human performance. The powerful combination of our cloud-scale security log management, behavioral analytics, and automated investigation experience gives security operations an unprecedented advantage over adversaries including insider threats, nation states, and other cyber criminals. We Detect the UndetectableTM by understanding normal behavior, even as normal keeps changing – giving security operations teams a holistic view of incidents for faster, more complete response.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Mimecast Partners With Okta to Safeguard Enterprises from Insider Threat Attacks

Mimecast | November 09, 2022

Mimecast Limited, an advanced email and collaboration security company, today announced a new strategic integration with Okta, Inc., one of the leading independent identity providers, designed for enterprise customers to proactively mitigate the increasing risk and complexity of insider threat attacks. Building on Mimecast’s extensive library of API integrations, the integration partnership will further enable organizations to Work Protected™ amidst the proliferation of social engineering attacks targeting their hybrid workforce, customers, and supply chain. The integration of these solutions can empower strained IT teams with an expanded arsenal of AI-enabled tools and technologies that strengthen protection at the intersection of business communications, people, and data. The increased prevalence and damaging ramifications of insider threat attacks are well-documented. IBM’s 2022 Cost of a Data Breach Report found that stolen or compromised credentials were the most common cause of data breaches over the previous year, serving as the primary attack vector in nearly 20% of breaches. They also had the longest lifecycle of all breaches, taking approximately 243 days to identify and another 84 days to contain, and resulted in an average of $4.50 million in losses. However, according to the same study, organizations with fully deployed security AI and automation experienced breach lifecycles that were 74 days shorter, on average, and cost a median of $3.05 million less. By integrating Mimecast’s purpose-built, cloud-native email and collaboration security with Okta’s world-renowned identity access management offerings, organizations can deploy AI-enabled automation to help mitigate the impact of compromised account activity – streamlining human workflows through real-time threat intelligence sharing and automated response actions across two best-of-breed solution architectures. Optimized for rapid deployment flexibility and simplicity of use, the integration is engineered to allow administrators to seamlessly assume granular control within minutes regardless of their level of IT expertise. “Our integration partnership with Okta comes at a pivotal time as insider threats have emerged as a critical vulnerability for the modern hybrid enterprise. “This integration is a microcosm of the Mimecast mission to extend our services beyond email and collaboration security alone. Joining forces with a fellow industry pioneer like Okta enables us to execute a vital ‘team sport’ approach to cybersecurity, building on the existing security investments, capabilities, and tools of our customers to ensure their organizations remain safe.” Jules Martin, Mimecast vice president of ecosystems & alliance “With the ever-evolving nature of the cyber threat landscape, it’s imperative that we amplify our identity access management services to address new and emerging attack vectors,” said John Grundy, Okta senior strategic alliance manager. “This integration partnership with Mimecast enables us to do exactly that, creating a holistic automation framework that empowers enterprises to enhance the efficiency of their insider threat detection and response posture.” Mimecast, a Gold Sponsor of Oktane22, will be presenting a live demo of the integration at the annual conference on November 8-10, 2022. Mimecast: Work Protected™ Since 2003, Mimecast has stopped bad things from happening to good organizations by enabling them to Work Protected. We empower more than 40,000 customers to help mitigate risk and manage complexities across a threat landscape driven by malicious cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today. Mimecast solutions are designed to transform email and collaboration security into the eyes and ears of organizations worldwide.

Read More