SOFTWARE SECURITY

LogRhythm Accelerates Threat Detection Capabilities with Innovations to Product Suite

LogRhythm | July 06, 2022 | Read time : 3 min

LogRhythm
LogRhythm, the company helping busy and lean security operation teams save the day, today announced the launch of version 7.9 of the LogRhythm SIEM Platform and updates to LogRhythm NDR and LogRhythm UEBA.

“LogRhythm arms security teams with intelligent analytics and automated responses to reduce cybersecurity exposure, eliminate blind spots and quickly shut down attacks,” said Kish Dill, chief product and customer officer at LogRhythm. "The company is changing the way we work by becoming customer-centric throughout our whole organization. We are listening to our customers and promise to deliver quarterly innovations that address the challenges our customers face every day. We recognize that security teams don’t have time to spare on long processes and inefficient workflows. With these latest updates, security teams will have the tools they need to make operations more effective and efficient to defend their organization against today’s top threats.”

LogRhythm 7.9, LogRhythm NDR and LogRhythm UEBA (formerly CloudAI) provide new features designed to help security teams overcome everyday obstacles by accelerating threat response, improving workflows and simplifying processes, including:

Faster time to value through improved analyst workflows
  • Enhanced automation with Admin API: LogRhythm 7.9 improves the Admin API by adding system monitoring management (LogRhythm SysMon) endpoints to the API library. This enables SIEM administrators to connect through the Admin API and manage the SysMon agent, allowing for automated process batching.
  • Embedded Expertise: LogRhythm accelerates customer time to value through its out of the box LogRhythm SmartResponse™. LogRhythm 7.9 includes added and enhanced SmartResponses to its already extensive library of over 120 integrations.
  • Enable packet capture in UI: LogRhythm NDR users can download PCAP files for specific incidents and cases to pull in more detail, helping investigations and improving threat hunting.
  • Easier and faster event log filtering: LogRhythm 7.9 includes a new way to filter logs at the agent. Users can now select the types of Windows event logs the agent queries, accelerating the time to process logs and removing the burden on the collection pipeline.

Expanded threat detection capabilities
  • Enhanced LogRhythm NDR detection models: Users can detect a wider array of ransomware attacks with LogRhythm NDR’s improved analytics capabilities.
  • Advanced analytics models: LogRhythm UEBA offers advanced UEBA analytics as a cloud-native, easy to deploy add-on for LogRhythm 7.9 users. Models were improved and new models added to ensure today's complex attacks can be detected and anomalies requiring priority attention can be identified, further reducing alert fatigue and accelerating response times.
  • Policy violation alerts: LogRhythm NDR offers alerts about expired certificates, weak ciphers used in connections, and authentication activity happening in clear text, offering additional context to what could represent a risk.

Extended flexibility
  • Controlled overages with powerful license metering reporting: LogRhythm added a new reporting feature to make licensing overages more visible and easier to understand by displaying any overages in the past 30 days. This feature will help teams better manage license usage and costs.
  • Expanded endpoint integrations: LogRhythm now includes Cisco Secure Endpoint (formerly AMP for Endpoints) in its family of EDR integrations.

About LogRhythm
LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.

Spotlight

Credit card fraud is the most common form of identity theft, with over 14.2 million accounts exposed and fraud losses totaling $905 million in 2017, according to a report by the Federal Trade Commission (FTC)1. At Twilio, we understand with stakes this high, mitigating the risk of a potential security breach is paramount. Twilio’s Payment Card Industry Data Security Standard Level 1 (PCI DSS) compliance and certification extensively expands the scope of how customers can accelerate their business by using our trusted cloud communications platform and APIs.

Spotlight

Credit card fraud is the most common form of identity theft, with over 14.2 million accounts exposed and fraud losses totaling $905 million in 2017, according to a report by the Federal Trade Commission (FTC)1. At Twilio, we understand with stakes this high, mitigating the risk of a potential security breach is paramount. Twilio’s Payment Card Industry Data Security Standard Level 1 (PCI DSS) compliance and certification extensively expands the scope of how customers can accelerate their business by using our trusted cloud communications platform and APIs.

Related News

SOFTWARE SECURITY

iboss Achieves FedRAMP Authorization for its Zero Trust Edge Cloud Security Solution

iboss, Inc. | July 29, 2022

iboss, the leading Zero Trust Edge cloud security provider, announces that it has obtained Federal Risk and Authorization Management Program (FedRAMP) Authorization. The achievement is reflective of the company’s commitment to work alongside federal agencies to protect government entities and civilians from growing and increasingly sophisticated cyberthreats. Earlier this year, the United States Office of Management and Budget unveiled a strategy designed to prevent damaging hacks and breaches by moving federal agencies toward a zero trust cybersecurity approach. The announcement followed a 2021 Biden Administration executive order aimed at protecting federal networks by modernizing government cybersecurity, including through the implementation of zero trust security architecture as defined in the National Institute of Standards and Technology (NIST). The iboss platform is a purpose-built, patented, cloud delivered security solution that has been trusted by organizations worldwide to implement Zero Trust architecture as laid out specifically in the NIST 800-207 Special Publication. The company’s containerized cloud architecture makes it the only platform that can control what NIST refers to as the “Implicit Trust Zone” to ensure that all data and resources are completely private. The FedRAMP authorization now extends iboss’s leading platform to all U.S. government customers. “Our Zero Trust Edge platform prevents breaches by making applications and data inaccessible to attackers while allowing trusted users to securely and directly connect to resources from anywhere. “In today’s work-from-anywhere world, protecting sensitive information, regardless of who is accessing it or where, is critical. We look forward to continuing to extend our platform and expertise to U.S. government agencies.” iboss CEO Paul Martini A Zero Trust Architecture built on iboss consolidates network security technologies (SWG, CASB, DLP, IPS, malware defense, browser isolation, firewall) into a single unified cloud platform and eliminates the need for a VPN while securing any device, regardless of location. By making all applications private, iboss eliminates the top three initial ransomware infection vectors as identified by the Cybersecurity and Infrastructure Security Agency (CISA). With applications, data and services made accessible only through the iboss Zero Trust Edge, cyber risk is greatly reduced, breaches and data loss are prevented, and visibility and security are delivered consistently throughout an organization. FedRAMP is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. About iboss, Inc. iboss is a cloud security company that enables organizations to reduce cyber risk by delivering a Zero Trust service designed to protect resources and users in the modern distributed world. Applications, data and services have moved to the cloud and are located everywhere while users needing access to those resources are working from anywhere. Built on a containerized cloud architecture, iboss delivers security capabilities such as SWG, malware defense, browser isolation, CASB and data loss prevention to protect all resources, via the cloud, instantaneously and at scale. This shifts the focus from protecting buildings to protecting people and resources wherever they are located. Leveraging a purpose-built cloud architecture backed by 230+ issued and pending patents and more than 100 points of presence globally, iboss processes over 150 billion transactions daily, blocking 4 billion threats per day. More than 4,000 global enterprises trust the iboss Cloud Platform to support their modern workforces, including a large number of Fortune 50 companies. iboss was named one of the Top 25 Cybersecurity Companies by The Software Report, one of the 25 highest-rated Private Cloud Computing Companies to work for by Battery Ventures, and CRN’s Top 20 Coolest Cloud Security Companies of 2022.

Read More

DATA SECURITY,ENTERPRISE IDENTITY

Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface

Illumio | September 29, 2022

Illumio, Inc., the Zero Trust Segmentation company, today announced Illumio Endpoint®, a reimagined way to prevent breaches from spreading to clouds and data centers from laptops. Hybrid work has expanded the attack surface, introducing new threats and making organizations more vulnerable, so it’s become increasingly important for employees to have secure access to applications and data wherever they are located. Unlike other Zero Trust Segmentation solutions, Illumio Endpoint lets your policy follow your teams’ laptops wherever they work, whether at home, in the office, or at a coffee shop. With Illumio Endpoint, the first device that gets infected will also be the last. Organizations are more interconnected and vulnerable in hybrid workplaces, and the attack surface is growing increasingly complex. Additionally, attacks on hybrid work environments are more expensive, costing an average of about $600K more than the global average. Even with endpoint detection and response tools in place, endpoints still get breached – according to ESG, 76 percent of organizations experienced a ransomware attack in the past two years alone. Illumio Endpoint includes: Extended visibility and segmentation policy controls for macOS and Windows devices, allowing organizations to see risk and stop attacks from spreading from laptops, workstations, and VDIs. A single, unified console to see and manage visibility and segmentation policy across endpoints, clouds, and data centers, making Zero Trust Segmentation easier, faster, and more efficient for security teams. Work from anywhere support with segmentation policy that follows the device, so organizations have the confidence that their networks are secure, and their employees can remain productive while working from anywhere. The ability to control application access so users can only reach the necessary applications from their device, not the entire data center and cloud, minimizing the organization's risk from vulnerable or compromised endpoints. "Before Illumio, we had only a slim idea of what kind of communications were running across our network. But with Illumio, we clearly see exactly what's connecting to individual endpoints. David Ault, VP of Information Security at Telhio Credit Union “The hybrid workforce is here to stay, which exposes organizations to a more complex attack surface and more risk, particularly on the endpoint,” said Mario Espinoza, Chief Product Officer at Illumio. “It’s important to have tools that can detect and respond to an identified breach, but unidentified attacks can spread throughout the organization to access critical data and assets when Zero Trust Segmentation is not in place to proactively contain the breach. With Illumio Endpoint, security leaders will gain the comprehensive protection needed to build resilience to attacks throughout their hybrid IT and as employees work from anywhere.” “Ransomware and other cyberattacks often involve end user devices somewhere in the attack chain, moving laterally on to other higher-value assets,” said Dave Gruber, Principal Analyst, ESG. “Because attackers continue to find ways in and move laterally fast, prevention, detection and response mechanisms can fall short stopping these fast-moving attacks. Containment strategies such as Zero Trust Segmentation across endpoint devices can proactively stop ransomware and other fast-moving attacks from spreading to critical infrastructure and assets, reducing risk.” About Illumio Illumio, the Zero Trust Segmentation company, stops breaches and ransomware from spreading across the hybrid attack surface. The Illumio ZTS Platform visualizes all traffic flows between workloads, devices and the internet, automatically sets granular segmentation policies to control communications, and isolates high-value assets and compromised systems proactively or in response to active attacks. Illumio protects organizations of all sizes, from Fortune 100 to small business, by stopping breaches and ransomware in minutes, saving millions of dollars in application downtime, and accelerating cloud and digital transformation projects.

Read More

PLATFORM SECURITY

SecurityScorecard Helps CISOs See, Resolve and Communicate Cyber Risks Clearly with Integration of Ratings Platform and Suite of Professional Services

SecurityScorecard | August 10, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced the integration of its Professional Services offering with its ratings platform to provide a single point of orchestration to manage cybersecurity risks. SecurityScorecard’s Professional Services team can help any customer manage cybersecurity risk in concert with the industry’s largest and most comprehensive global, cyber risk data set, setting the industry standard for how cyber risk is quantified, measured and reduced. SecurityScorecard delivers strategic, proactive and acute-scenario services paired with its industry-leading ratings platform that together provide end-to-end cyber risk management from monitoring to remediation. “CISOs are under pressure to protect their organizations, and are now accountable to the Board of Directors, but they lack a single-point of orchestration for cybersecurity workflow and to define success. “Our services and software platform provides CISOs with peace of mind that they have the broad visibility to take action quickly, hold their vendors accountable and communicate those actions promptly.” Aleksandr Yampolskiy, co-founder and CEO, SecurityScorecard SecurityScorecard’s Professional Services team utilizes the combined data and dynamic risk intelligence from the SecurityScorecard platform together with customized data derived from dark web mining to give each customer a holistic, full-spectrum view of their risk posture that is continuously assessed and triaged. SecurityScorecard’s suite of Professional Services is supported by a team of 24/7 Digital Forensic Incident Response (DFIR) experts and include: Cyber Risk Intelligence-as-a-Service provides organizations with tailored, actionable intelligence via SecurityScorecard’s threat intelligence team. Third-Party Risk Management (TPRM) Program includes workshops and customized roadmaps to help organizations mature their programs. Tabletop Exercises help test teams’ cyber readiness against a real-world cyber incident by practicing incident response scenarios. Penetration Testing and Red Team Exercises engage covert teams of ethical hackers to identify weaknesses. Digital Forensics & Incident Response (DFIR) support helps to collect, preserve and analyze digital evidence when responding to an incident, whether that be an insider threat situation or a nation state attack. SecurityScorecard’s team of experts regularly testify in court and collaborate with law enforcement. Incident Response support is also available 24/7 and onsite during a crisis, such as a ransomware incident, to help contain attacks, identify the threat actors and safely progress to the eradication phase. SecurityScorecard’s Professional Services team also helps prevent churn across internal security and TPRM teams by giving them the expertise to maintain program integrity and business uptime, particularly for under-resourced teams, regardless of cyber or third-party risk maturity. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More