DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
LogRhythm | December 20, 2022
LogRhythm, the company empowering security teams to defend against an ever-evolving threat landscape today announced its partnership with SentinelOne, an autonomous cybersecurity platform company. Together, LogRhythm and SentinelOne provide an integrated enterprise security solution to prevent, detect, and respond to threats in your environment. The combined solution streamlines security operations and improves response workflow, helping overwhelmed security teams cut through the noise and gain precise insights into cybersecurity threats.
Legacy solutions have been unable to keep up with the speed, sophistication, and scope of attacks, in which organizations lack the context and global visibility necessary to address these challenges, leaving them vulnerable to attacks. To remain on top of threats, it's essential for enterprises to understand what's occurring in their network and across their endpoints. However, without a centralized way to collect and action log data, that mission can be overwhelming for security teams.
“We are thrilled to formally announce our integration with SentinelOne. This partnership brings together two remarkable platforms that will provide our customers with incomparable visibility for analysts, allowing them to cut through the noise, and recognize and respond to incidents more quickly and effectively. “LogRhythm is committed to helping customers defend themselves against cyberattacks and we will continue to do so by partnering with leading and innovative cybersecurity companies to expand our offerings.”
Andrew Hollister, Chief Information Security Officer at LogRhythm
LogRhythm’s security analytics automatically incorporate rich endpoint telemetry from SentinelOne, enabling real-time threat protection and providing in-depth analytics for comprehensive security monitoring. LogRhythm SmartResponse™ capability leverages the SentinelOne API to effect automated response to malicious activities, such as automatically blacklisting hash values, or disconnecting affected machines from the network, as well as providing capabilities to collect additional information during an investigation. SmartResponse actions may be triggered directly by an Analytic running in LogRhythm’s patented Analytics Engine, or manually launched by an Analyst from the Web Console.
Key benefits of this integration include:
Expanded Visibility: Centralize data collection with events from SentinelOne managed user endpoints and cloud workloads
Focused automation: Initiate automatic endpoint mitigation with LogRhythm SmartResponse actions
Reduced Complexity: Prebuilt integrations and dashboards streamline SOC operations and improve ROI
“Our XDR strategy incorporates the integrations and technologies SentinelOne customers value. We’re excited about our partnership with LogRhythm,” said Yonni Shelmerdine, VP XDR Product Management at SentinelOne. “LogRhythm offers extensive support for - and integration across - the Singularity XDR platform, helping our customers from around the globe protect against modern cyberattacks and reduce risk.”
This announcement marks yet another milestone in the company’s momentous year. In addition to the release of LogRhythm Axon earlier this Fall, a groundbreaking, cloud-native security operations platform, LogRhythm also recently announced its integration with Gigamon that provides customers with a comprehensive view of network traffic.
LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.
LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps. Together, LogRhythm and our customers are ready to defend.
SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Balbix | December 19, 2022
Balbix, the leader in cybersecurity posture automation, announced its support for Microsoft Azure today. With these new capabilities, Balbix now supports the three top cloud service providers – Microsoft Azure, Amazon Web Services and Google Cloud Platform – as well as traditional environments. Balbix also announced enhanced platform support for the Microsoft ecosystem, including Azure services, Windows, Microsoft Store apps and Azure Active Directory single sign-on.
McKinsey estimates that by 2025, organizations aspire to have 60 percent of their IT environments in the cloud. Yet, according to the Cybersecurity Insiders State of Security Posture Report, 62 percent of organizations lack confidence in their security posture. These findings highlight the growing need for effective cloud security solutions.
Balbix's support for Azure cloud services includes Azure Virtual Machines, Azure Service Bus Messaging, Azure Key Vault, Azure Blob Storage, Azure Cosmos DB, Azure Kubernetes Service (AKS), Azure SQL Database, Azure AKS Deployments, and Azure Functions. A new API-based Balbix Connector for Microsoft Azure and optional sensors for virtual machines capture data from Azure for analysis by the Balbix brain.
Cybersecurity teams can now:
Get comprehensive, real-time visibility of Azure assets, categorized into compute, storage, network, containers, database, security, and identity.
Capture system details for virtual machines, including network, storage, open ports, users, software bill of materials (SBOM) and security controls.
Combine Azure cloud data with data from other tools to map over 400 cybersecurity, IT and business attributes to assets.
Obtain visibility into misconfigurations – the most commonly exploited attack vector in cloud-hosted environments.
Leverage (optional) Balbix host sensors to gain visibility into additional types of vulnerabilities, such as unpatched software vulnerabilities, weak credentials, and trust issues.
Unified Visibility for Multi-Cloud Environments
Balbix's new support for Azure means that organizations now have access to an integrated Cyber Asset Attack Surface Management (CAASM) solution that works across the top three cloud providers, traditional data center and office environments, and mobile employee devices. Cybersecurity practitioners get a single tool to automatically combine data from disparate solutions into a unified view of their assets.
Balbix provides more than just visibility. Unlike other solutions, Balbix combines CAASM with Risk-Based Vulnerability Management (RBVM) and Cyber Risk Qualification (CRQ) capabilities. This tight integration enables maximally automated identification, prioritization and mitigation of security issues. Gaps in security controls are identified and rectified quickly. CISOs and their teams can calculate cyber risk for the entire enterprise, across cloud and non-cloud assets, in dollars, and make cybersecurity decisions, informed by real-time data and insights.
"Multi-cloud deployments have added additional complexity for cybersecurity practitioners. These challenges include fragmented visibility across cloud and non-cloud environments and an inability to prioritize vulnerabilities enterprise-wide," said Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. "With support for Microsoft Azure, Balbix now helps users address these challenges across the top three cloud providers."
Broad Support for the Microsoft Ecosystem
Balbix's support for Microsoft Azure also adds to its broader support for the Microsoft ecosystem. These capabilities include security posture automation for assets running Windows and other Microsoft software, and third-party software products running on those assets. For Windows OS, Balbix provides a consolidated view of patch status and compliance across all assets with recommended fixes based on patch precedence.
"I'm very excited to announce our support for Microsoft Azure cloud services. Organizations can manage their cyber risk for Microsoft Azure, multi-cloud and hybrid environments using a single integrated and maximally automated paradigm. "With this software release, we've also enhanced our support for Windows to help Microsoft customers better protect their infrastructure."
Gaurav Banga, Founder and CEO of Balbix
In addition, Balbix now allows security teams to manage the security posture of applications downloaded from the Microsoft Store. Balbix is also announcing a new integration with Microsoft Azure Active Directory single sign-on.
Balbix enables businesses to reduce cyber risk by quickly identifying and mitigating their riskiest cybersecurity issues. Our SaaS platform, the Balbix Security Cloud™, ingests data from businesses' security and IT tools so they can understand every aspect of their cybersecurity posture, build a unified cyber risk model and obtain actionable insights for risk reduction. With Balbix, businesses can automate their cloud and on-premise asset inventory, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data, not opinions.
PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION
Wallarm | January 23, 2023
Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak.
Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data.
With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach:
Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute.
Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio.
Control - Wallarm also continuously monitors and prevents the use of leaked API secrets.
The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation.
Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.