DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
IronNet, Inc. | January 05, 2023
IronNet, Inc., a pioneer in transforming cybersecurity through collective defenseSM, has announced that its network detection and response (NDR) solution, IronDefense, now has more features. IronDefense, awarded the best possible grade by SE Labs for Enterprise Advanced Security NDR Detection, enables advanced and early visibility of unidentified cybersecurity threats that have evaded endpoint and firewall detection and infiltrated the network, regardless of whether it is on-premises or in the cloud.
With IronNet's most recent NDR enhancements, Security Operations Center (SOC) analysts can use IronDefense to identify VPN misuse, including high abnormal login times, password spraying, and unsuccessful logins, all of which may be suggestive of brute force attacks or unauthorized access attempts. Additional analytics enhancements enable the identification of ongoing patterns of both randomized-timing and fixed-interval beacon activity, as well as the detection of DNS tunnels utilizing innovative encoding techniques employed by cybercriminals.
The IronNet product development team has also improved IronDefense's usability. Specifically, new sensors can now be automatically commissioned and upgraded without the intervention of SOC personnel.
IronDefense allows customers utilizing SentinelOne endpoint detection and response (EDR) to remotely establish and update network inventory and isolate a device in a SentinelOne-deployed network through the Entity page of the IronDefense user interface. CarbonBlack and Crowdstrike endpoints offer equivalent capabilities.
About IronNet, Inc.
IronNet, Inc., founded in 2014 by GEN (Ret.) Keith Alexander, is a global leader in cybersecurity that is revolutionizing how enterprises safeguard their networks by providing the first-ever Collective Defense technology operating at scale. IronNet, which employs a number of ex-NSA cybersecurity operators with both offensive and defensive cyber experience, incorporates extensive tradecraft knowledge into its industry-leading technologies to address the world's most difficult cyber problems.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
LogRhythm | December 20, 2022
LogRhythm, the company empowering security teams to defend against an ever-evolving threat landscape today announced its partnership with SentinelOne, an autonomous cybersecurity platform company. Together, LogRhythm and SentinelOne provide an integrated enterprise security solution to prevent, detect, and respond to threats in your environment. The combined solution streamlines security operations and improves response workflow, helping overwhelmed security teams cut through the noise and gain precise insights into cybersecurity threats.
Legacy solutions have been unable to keep up with the speed, sophistication, and scope of attacks, in which organizations lack the context and global visibility necessary to address these challenges, leaving them vulnerable to attacks. To remain on top of threats, it's essential for enterprises to understand what's occurring in their network and across their endpoints. However, without a centralized way to collect and action log data, that mission can be overwhelming for security teams.
“We are thrilled to formally announce our integration with SentinelOne. This partnership brings together two remarkable platforms that will provide our customers with incomparable visibility for analysts, allowing them to cut through the noise, and recognize and respond to incidents more quickly and effectively. “LogRhythm is committed to helping customers defend themselves against cyberattacks and we will continue to do so by partnering with leading and innovative cybersecurity companies to expand our offerings.”
Andrew Hollister, Chief Information Security Officer at LogRhythm
LogRhythm’s security analytics automatically incorporate rich endpoint telemetry from SentinelOne, enabling real-time threat protection and providing in-depth analytics for comprehensive security monitoring. LogRhythm SmartResponse™ capability leverages the SentinelOne API to effect automated response to malicious activities, such as automatically blacklisting hash values, or disconnecting affected machines from the network, as well as providing capabilities to collect additional information during an investigation. SmartResponse actions may be triggered directly by an Analytic running in LogRhythm’s patented Analytics Engine, or manually launched by an Analyst from the Web Console.
Key benefits of this integration include:
Expanded Visibility: Centralize data collection with events from SentinelOne managed user endpoints and cloud workloads
Focused automation: Initiate automatic endpoint mitigation with LogRhythm SmartResponse actions
Reduced Complexity: Prebuilt integrations and dashboards streamline SOC operations and improve ROI
“Our XDR strategy incorporates the integrations and technologies SentinelOne customers value. We’re excited about our partnership with LogRhythm,” said Yonni Shelmerdine, VP XDR Product Management at SentinelOne. “LogRhythm offers extensive support for - and integration across - the Singularity XDR platform, helping our customers from around the globe protect against modern cyberattacks and reduce risk.”
This announcement marks yet another milestone in the company’s momentous year. In addition to the release of LogRhythm Axon earlier this Fall, a groundbreaking, cloud-native security operations platform, LogRhythm also recently announced its integration with Gigamon that provides customers with a comprehensive view of network traffic.
LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.
LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps. Together, LogRhythm and our customers are ready to defend.
SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.
ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Wiz | December 15, 2022
Wiz, the leading cloud security platform that rapidly enables customers to find and remove critical cloud risks, today announced its newest project, The PEACH framework, a tenant isolation framework for cloud applications. This framework will enable industry-wide collaboration and provide cloud customers and cloud application developers with the necessary guidance to build cloud services securely and prevent critical risks in the implementation process.
"Over the past year and a half, Wiz researchers and other members of the cloud security community discovered several cross-tenant vulnerabilities in various multi-tenant cloud applications. "Although these issues have been reported extensively and were dealt with appropriately by the relevant vendors, we've seen little public discussion on how to mitigate such vulnerabilities across the entire industry. This is where we see an opportunity to strengthen the collaboration between members of the security community."
Wiz CEO Assaf Rappaport
Beyond offering a guideline for organizations, PEACH is a starting point for empowering security teams to work together to establish standard transparency and common language when it comes to mitigating cloud threats.
Serving as a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, PEACH manages the attack surface exposed by user interfaces and provides a clear standard for transparency on tenant isolation assurance. Wiz developed the following parameters based on lessons learned to address the rising cross-tenant vulnerabilities, lack of a standard for transparency, and missing common langue among vendors:
Privilege hardening – ensure tenants and hosts have minimal permissions in the service environment.
Encryption hardening – confirm the data belonging to each tenant is encrypted with a unique key, regardless of where the information is stored.
Authentication hardening – validate that communication between each tenant and the control plane use authentication with a validated key unique to each tenant.
Connectivity hardening – establish that all inter-host connectivity is blocked by default unless explicitly approved by the tenants involved.
Hygiene – verify that unnecessary secrets, software and logs scattered throughout the environment are purged to avoid leaving clues or enabling quick wins for malicious actors.
The second part of the security review process consists of remediation steps to manage the risk of cross-tenant vulnerabilities and improve isolation as necessary. These include reducing interface complexity, enhancing tenant separation, and increasing interface duplication -- all while accounting for operational context such as budget constraints, compliance requirements, and expected use-case characteristics of the service.
This framework was reviewed and collaborated on with cloud security industry experts from AWS, Google, IBM, Netflix and Cisco. Instead of commercializing PEACH though, Wiz will be offering the framework for free.
Wiz secures everything organizations build and run in the cloud. Founded in 2020, Wiz is the fastest-growing software company in the world, scaling from $1M to $100M ARR in 18 months. Wiz enables hundreds of organizations worldwide, including 30 percent of the Fortune 100, to rapidly identify and remove critical risks in cloud environments. Its customers include Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline, Cushman & Wakefield, DocuSign, Plaid, and Agoda, among others. Wiz is backed by Sequoia, Index Ventures, Insight Partners, Salesforce, Blackstone, Advent, Greenoaks and Aglaé.