Software Security
PR Newswire | October 06, 2023
IBM (NYSE: IBM) today unveiled the next evolution of its managed detection and response service offerings with new AI technologies, including the ability to automatically escalate or close up to 85% of alerts,1 helping to accelerate security response timelines for clients.
The new Threat Detection and Response Services (TDR) provide 24x7 monitoring, investigation, and automated remediation of security alerts from all relevant technologies across client's hybrid cloud environments – including existing security tools and investments, as well as cloud, on-premise, and operational technologies (OT). The managed services are delivered by IBM Consulting's global team of security analysts via IBM's advanced security services platform, which applies multiple layers of AI and contextual threat intelligence from the company's vast global security network – helping automate away the noise while quickly escalating critical threats.
Security teams today are not just outnumbered by attackers, but also by the number of vulnerabilities, alerts and security tools and systems they're tasked with managing on a day-to-day basis, said Chris McCurdy, General Manager, Worldwide IBM Consulting Cybersecurity Services. By combining advanced analytics and real-time threat intelligence with human expertise, IBM's new Threat Detection and Response Services can augment organization's security defenses with a capability that is scalable, continuously improving and strong enough for tomorrow's threats.
Intelligently Adapting Threat Defenses
The new TDR Services are underpinned by a set of AI-powered security technologies that support thousands of clients across the world, monitoring billions of potential security events per day. It leverages AI models that continuously learn from real-world client data, including security analyst responses, engineered to automatically close low priority and false positive alerts based on a client-defined confidence level. This capability also automatically escalates high risk alerts that require immediate action by security teams and provides investigation context.
IBM's TDR Services are designed to provide:
Crowdsourced detection rules, Optimized alerts. Leveraging real-time insights from IBM's threat management engagements, the new services use AI to continuously assess and auto-recommend the most effective detection rules – helping to improve alert quality, and speed response times. This capability helped reduce low-value SIEM alerts by 45% and auto escalate 79% more high-value alerts that required immediate attention2. Organizations can approve and update detection rules with just two clicks through its co-managed portal.
MITRE ATT&CK assessment. To stay prepared for ransomware and wipe-out attacks, organizations will be able to see how their environment is covering MITRE ATT&CK framework tactics, techniques, and procedures as compared to their industry and geography peers. By applying AI, the new services are designed to reconcile the multiple detection tools and policies currently in place at an organization, providing an enterprise view into how to best detect threats and assess gaps to update within an ATT&CK framework.
Seamless end-to-end integration. With its open API approach, the new services can quickly integrate with a client's enterprise-wide security assets, whether on premise or in the cloud. Organizations can continue to access their ecosystem while also having the option to connect and collaborate and define their own response playbooks through a co-managed portal. This provides a unified enterprise view, precise remediation capabilities, and consistently enforces security policies across IT & OT.
24x7 global support. Organizations will have access to more than 6,000 IBM Cybersecurity Services professionals across the globe 24/7 x 365 to help augment security programs. IBM Consulting Cybersecurity Services' vast global network serves more than 3,000 clients around the world – managing more than 2 million endpoints and 150 billion security events per day.
"Security leaders today are trying to escape the vicious cycle of staff shortages, increased threats, and rising demands from the C-Suite to mature their cyber program without breaking the bank. For many organizations the old playbook of swapping out their tools for a vendor's preferred platform does not work, as they cannot afford to write off prior SOC investments," said Craig Robinson, IDC Research VP of Security Services. "A service like IBM's Threat Detection and Response offering can provide an off-ramp to these concerns, without requiring a full rip-and-replace of their prior security investments and help shift their human capital in the SOC to more of a proactive mode."
To support continuous improvement for security operations capabilities, IBM's TDR Services, which are now available, include access to IBM's X- Force Incident Response Services along with the option to include additional proactive security services from IBM X-Force, such as penetration testing, adversary simulation or vulnerability management. X-Force will also provide guidance to help clients improve their security operations over time, based on the current threat landscape, clients' evolving IT environment, and insights gleaned from engagements with thousands of IBM Cybersecurity Services clients around the world.
Read More
Network Threat Detection
iTWire | October 30, 2023
Fortinet, the global cybersecurity leader driving the convergence of networking and security, has announced the expansion of its Universal SASE offering to empower today’s hybrid workforce with FortiOS everywhere.
Ken Xie, founder, chairman of the board, and chief executive officer, said, The Fortinet operating system, FortiOS, is the industry’s only enterprise-grade converged operating system able to support all secure access service edge (SASE) functions, including firewall, software-defined wide area network (SD-WAN), secure web gateway, encryption/decryption, cloud access security broker (CASB), data loss prevention (DLP), and zero trust network access (ZTNA), whether deployed in an appliance or cloud-delivered from Fortinet.
“This approach enables over 30 converged networking and security functions to be managed through a single console. Fourteen of these functions are accelerated when deployed on our new FortiASIC Security Processor 5-based FortiGate 120G SASE appliance.”
Expanding Fortinet Universal SASE
Single-vendor SASE provides flexible access to critical resources and applications for users and devices. However, most enterprises rely on different vendors for each SASE function, which introduces significant challenges of controlling different operating system functionality and management consoles. Fortinet Universal SASE takes traditional single-vendor SASE one step further, providing consistent policies and controls on-prem and in the cloud while delivering seamless integration across all functions and deployments to better support today’s hybrid workforce while reducing information technology (IT) overhead.
FortiOS runs the full SASE stack, including a bi-directional firewall, SD-WAN, secure web gateway, encryption/decryption, CASB, DLP, and ZTNA. It also has the flexibility to run on an appliance in accelerated mode as well as in the FortiSASE cloud, providing consistent networking, security, and policy management for every edge. This is further enhanced by FortiGuard artificial intelligence (AI)-powered security services, such as intrusion prevention system (IPS), domain name system (DNS) filtering, URL filtering, anti-malware, sandboxing, and more.
This news expands Fortinet’s investment in Universal SASE by expanding the reach of its SASE stack in three key areas of the portfolio:
Worldwide coverage of FortiSASE cloud locations
FortiSASE, built on a global, scalable cloud network, delivers the same SASE stack as FortiGate appliances through its regional FortiSASE cloud locations. To deliver the best user experience and higher service availability, Fortinet now delivers over 100 FortiSASE cloud locations globally.
Bringing accelerated SASE to the campus and branch
To bring the full SASE stack to campus and branch locations, Fortinet is announcing the new FortiGate 120G SASE appliance. Because it is powered by Fortinet’s patented security processor 5 (SP5) custom application-specific integrated circuit (ASIC), it can accelerate many elements of the SASE stack, such as delivering three gigabits per second (Gbps) of secure sockets layer (SSL) inspection—an average of six times faster than the industry average—for visibility into encrypted traffic at scale. The following Secure Compute Rating table provides a comparison between equivalent solutions:
Flexible consumption extended to Universal SASE
FortiFlex, Fortinet’s flexible consumption program, has now been extended to Fortinet Universal SASE solutions. The entire SASE stack from Fortinet can be consumed as part of FortiFlex, whether customers want to use on-prem or FortiSASE cloud-based services. FortiFlex offers usage-based licensing across cloud, hybrid cloud, and on-premises deployments to give IT teams the flexibility to continually right-size their deployments, reduce excessive procurement cycles for new security solutions, simplify the deployment and provisioning of new services, and maximise budget and return on investment by enabling IT teams to scale down or pause services as needed.
Read More
Software Security
Palo Alto Networks | November 08, 2023
Palo Alto Networks plans to acquire Talon Cyber Security to enhance its Secure Access Service Edge (SASE) solution.
Talon's Enterprise Browser technology, when integrated with Prisma SASE, will provide secure access to business applications.
The acquisition reflects the importance of adapting SASE solutions to ensure consistent security for unmanaged devices.
Palo Alto Networks, a global cybersecurity leader, has announced its intent to acquire Talon Cyber Security, an enterprise browser technology pioneer, to enhance its Secure Access Service Edge (SASE) solution and provide comprehensive protection for managed and unmanaged devices. In today's digital landscape, unmanaged devices often connect to enterprise applications without adequate security measures, making them susceptible entry points for attackers seeking to access sensitive information.
Lee Klarich, Chief Product Officer of Palo Alto Networks, emphasized the importance of securing all work activity through an Enterprise Browser without compromising device privacy to protect users and applications effectively. He continued that the integration of Talon's technology with Prisma SASE aims to provide consistent security for all users and devices. Anand Oswal, SVP and GM at Palo Alto Networks highlighted the significance of securing unmanaged devices with the same robust security as managed devices, especially in today's dynamic threat landscape. HE further stated that the combination of Prisma SASE and Talon's Enterprise Browser is poised to revolutionize security measures in modern digital environments.
Talon Cyber Security's Enterprise Browser technology offers an innovative solution that, when integrated with Prisma SASE, will enable users to securely access business applications from any device, including non-corporate devices, while ensuring a seamless user experience. This strategic move by Palo Alto Networks addresses the evolving security challenges in a connected world.
Talon's Co-Founder and CEO, Ofer Ben-Noon, acknowledged the shifting work models and user preferences and the need for powerful last-mile security solutions. Talon's Enterprise Browser is designed to offer familiar user experiences with enterprise-grade protection. Ben emphasized that partnership with Palo Alto Networks is seen as a catalyst to accelerate its mission of delivering superior outcomes for customers.
Talon, founded by Ofer Ben-Noon and Ohad Bobrov, secured the RSA Conference's Innovation Sandbox contest in 2022. The co-founders will continue to lead their teams within the Prisma SASE team at Palo Alto Networks upon the completion of the acquisition.
Anand Oswal, Senior Vice President and General Manager at Palo Alto Networks, highlighted the advantages and security risks associated with Bring Your Own Device (BYOD) policies. He noted that Talon's Enterprise Browser provided security teams enhanced visibility and control over work-related Software as a Service (SaaS) and web activity across all devices, including personal and unmanaged endpoints. Anand emphasized the need for Secure Access Service Edge (SASE) solutions to adapt in order to secure unmanaged devices with the same consistent security measures applied to managed devices. This would enable users to access business applications securely from any device and location.
Read More