Home > News > featured news > Partner of FireMon and DLT Solutions to provide public sector Agile Network Security Policy Management

SOFTWARE SECURITY

Partner of FireMon and DLT Solutions to provide public sector Agile Network Security Policy Management

businesswire | December 10, 2020

FireMon, the main organization security strategy the executives organization that brings visibility, control, nimbleness, and mechanization to enterprise cloud and half and half organization infrastructure, today declared it has signed with DLT Solutions, the chief government innovation solutions aggregator. The partnership will encourage FireMon's commitment to public sector clients, simplify purchasing for government agencies, and give DLT's channel partners access to its dexterous organization security strategy the board stage's full capabilities.

As government organizations move to the cloud and zero trust networks, they must oversee security policies over increasingly heterogeneous cross breed networks. Using FireMon, they can quicken their migrations with the certainty that they will stay secure and consistent even notwithstanding increasing rates of progress. Recently, FireMon was considered basic to public security by the United States Treasury, a world class designation which points to the significance FireMon solutions play to public sector customers.

"As the public sector continues its digital transformation to modernize aging systems and infrastructure, new network security considerations and risks are introduced," said Chris Wilkinson, president, DLT Solutions, a Tech Data company. "Adding FireMon's solutions to our cybersecurity portfolio provides our channel partners and their public sector customers with an agile approach to managing network security policy that helps secure our nation's most critical networks."

"As the move to the cloud accelerates, government agencies are challenged with securing complex hybrid networks and implementing zero trust architectures," said Andrew Warren, VP of Global Channel Sales for FireMon. "Working with DLT and its partners, FireMon lets them secure these networks seamlessly, without compromising agility or responsiveness."

About FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management, which is one of the biggest impediments to IT and enterprise agility. Since creating the first-ever network security policy management solution, FireMon has delivered command and control over complex network security infrastructures for more than 1,700 customers located in nearly 70 countries around the world. For more information, visit www.firemon.com.

Spotlight

The Black Vine cyberespionage group

"In early 2014, Anthem was a victim of an attack that exposed 80 million patient records. The breach, which came to light in February 2015, is believed to be the work of a wellresourced cyberespionage group which Symantec calls Black Vine. Anthem wasn’t Black Vine’s only target. Black Vine has been actively conducting its campaigns since 2012 and has been targeting several industries, including aerospace, energy, and healthcare. The group has access to zero-day exploits distributed through the Elderwood framework and has used these exploits as the same time that other advanced attack groups have, such as Hidden Lynx."

More featured news

Spotlight

The Black Vine cyberespionage group

"In early 2014, Anthem was a victim of an attack that exposed 80 million patient records. The breach, which came to light in February 2015, is believed to be the work of a wellresourced cyberespionage group which Symantec calls Black Vine. Anthem wasn’t Black Vine’s only target. Black Vine has been actively conducting its campaigns since 2012 and has been targeting several industries, including aerospace, energy, and healthcare. The group has access to zero-day exploits distributed through the Elderwood framework and has used these exploits as the same time that other advanced attack groups have, such as Hidden Lynx."

Related News

SOFTWARE SECURITY

SafeGuard Cyber Delivers Context-Aware Response with Microsoft Azure AD and Okta

SafeGuard Cyber | August 01, 2022

SafeGuard Cyber, the leading provider of security and compliance solutions for email and communication-based threats, today announces automated response and multi-channel user onboarding with Microsoft Azure AD and Okta integrations for its security and risk management platform. These integrations enable automated and workflow-based responses to advanced social engineering threats such as impersonation and account takeover, as well as other threats, business risks, and compliance violations. The integrations extend the SafeGuard Cyber platform's multi-channel detection capabilities, with the ability for security and compliance operation teams to manage and automate responses to threats and risks across all communication channels. "In the current economic climate, organizational leadership needs to ensure optimum resource utilization in security operations and reduce unnecessary costs," said Chris Lehman, CEO of SafeGuard Cyber. "Many of our enterprise customers have made significant investments in Azure AD or Okta to manage identities across their organizations, and our new capabilities allow them to streamline operations and maximize ROI for their security and overall operations." Integrated response through SafeGuard Cyber enables security architects and operations teams to deliver the ideal response to threats and business risks, either in an automated or direct action through the SafeGuard Cyber platform as part of incident management or an investigation. "As the threats of fraud, impersonation, and social engineering increasingly result in material breaches and financial losses through ransomware and business compromise, the need to have a context-aware, zero-trust foundation with detection and response capabilities is more urgent than ever. "Our integrations with Okta and Azure AD enable organizations moving towards a cloud or hybrid workplace to simplify identity-based responses to communication-based threats, while enriching authentication to include context and intent of interactions." Rusty Carter, chief product officer at SafeGuard Cyber Context-aware and advanced integrated response with Okta and Azure AD is available for all SafeGuard Cyber customers and delivers: Automated user onboarding for monitoring communications by group Automatic, risk-based responses that include user-session invalidation Support for all SafeGuard Cyber protected channels SafeGuard Cyber detects attacks and identifies risk by understanding how humans interact and communicate. The company's Natural Language Understanding-based SaaS platform offers the industry's most advanced visibility and detection of phishing, BEC and malware attacks that span the full range of modern business communications channels, including social media, collaboration, mobile messaging, conferencing, CRM and the Microsoft 365 ecosystem. About SafeGuard Cyber SafeGuard Cyber provides the only comprehensive technology solution for addressing cybersecurity threats and compliance risks across the modern cloud workplace. The company's patented and award-winning Natural Language Understanding technology analyzes and correlates conversations across 30 communication channels and 52 languages, including collaboration, social, chat, messaging, and conference platforms, in order to detect and prevent communication-based threats like social engineering. By stopping attacks at the social engineering stage, SafeGuard Cyber allows companies to prevent data breaches, ransomware, invoice fraud, and many other threats. The company's cloud-based Machine Learning also provides compliance solutions for governance and policy enforcement that empower customers to communicate through modern apps and social networking.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

JupiterOne Recognized as a Sample Vendor for Cyber Asset Attack Surface Management (CAASM) in Gartner® Hype Cycle™ for Cyber Risk Management, 2022

JupiterOne | August 19, 2022

JupiterOne, the industry's leading provider of cyber asset attack surface management (CAASM) technology, today announced that it was named as a Sample Vendor for CAASM in the latest release of the Gartner Hype Cycle for Cyber Risk Management, 2022. According to Gartner, "In 2022, the global risk landscape continues to be impacted by the ongoing COVID-19 pandemic conditions, the Russian invasion of Ukraine, labor shortage, worsening climate change, and inflation. In particular, the increased inflation rate and labor market tightness mean that organizations must do more with fewer resources." The Gartner report notes that security and risk management (SRM) leaders continue to struggle to: "Position risk management as a decision-making practice. Either because of their rigid focus on framework-based controls or inability to scale their security and risk controls for individual projects Inform cyber and technology decisions in an ever-expanding operating ecosystem Gain sufficient transparency in evaluating environmental, social and governance risks and incidents, local and worldwide. Mitigate global supply chain risks as these risks continue to form a web of complexity and volatility. Look for ways to automate and inform risk assessment with data-driven insights." One solution category that addresses these challenges is the cyber asset attack surface management (CAASM) space, where solutions aggregate and track assets such as endpoints, servers, devices, and applications. By consolidating internal and external cyber assets, users can use queries to find gaps in coverage for security tools such as vulnerability assessment and endpoint detection and response (EDR) tools. JupiterOne pioneered a graph-based approach to CAASM that allows customers to track and monitor IP addresses and analyze and map all intra-asset relationships. As the Gartner analysts explained, "CAASM enables security teams to improve basic security hygiene by ensuring security controls, security posture, and asset exposure are understood and remediated. Organizations that deploy CAASM reduce dependencies on homegrown systems and manual collection processes, and remediate gaps either manually or via automated workflows. Organizations can visualize security tool coverage, support attack surface management (ASM) processes, and correct systems of record that may have stale or missing data." The drivers of CAASM adoption, according to Gartner, include: "Full visibility into all information technology (IT), Internet of Things (IoT) and operational technology (OT) assets under an organization's control, which improves understanding of the attack surface area and existing security control gaps or serves as part of a wider ASM process. Quicker audit compliance reporting through more accurate, current and comprehensive asset and security control reports. Consolidation of existing products that collect asset and exposure information into a single normalized view, which reduces the need for manual processes or dependencies on homegrown applications. Access to consolidated asset views for multiple individuals and teams across an organization, such as enterprise architects, security operations teams and IT administrators, who can benefit from viewing and querying consolidated asset inventories with a view to achieving business objectives." The recent Gartner report on Top Trends in Cybersecurity 2022 cited "Attack Surface Expansion" as one of the year's top security trends resulting from the expanding digital footprint of modern organizations. According to the report, "A dramatic increase in attack surface is emerging from changes in the use of digital systems, such as new hybrid work, accelerated use of public cloud, more tightly interconnected supply chains, expansion of public-facing digital assets and increased use of operational technology." In our opinion, security leaders who reinvent the cybersecurity function and technology architecture can better position their organizations to maintain and grow value in an increasingly agile, distributed, and decentralized environment. JupiterOne was named a Sample Vendor for CAASM in the latest release of the Gartner Hype Cycle for Security Operations, 2022. The report is available for complimentary download from JupiterOne. Additionally, Gartner recognized JupiterOne as a Representative Provider for CAASM in the Innovation Insights for Attack Surface Management and as a Sample Vendor in the Gartner Hype Cycle for Workload and Network Security, 2022 research reports. "JupiterOne is honored to receive yet another recognition from Gartner. Right now, the world is full of uncertainty, making it challenging to conduct business. More than ever, businesses must prioritize effective security measures. Security leaders can get invaluable insights by tracking their assets and making efficient use of their resources. Overall, organizations can make better data-driven business decisions while keeping security risks in mind." Erkang Zheng, Founder and CEO at JupiterOne About JupiterOne JupiterOne is a cyber asset attack surface management (CAASM) platform company providing visibility and security into your entire cyber asset universe. Using graphs and relationships, JupiterOne provides a contextual knowledge base for an organization's cyber asset operations. With JupiterOne, teams can discover, monitor, understand, and act on changes in their digital environments. Cloud resources, ephemeral devices, identities, access rights, code, pull requests, and much more are collected, graphed, and monitored automatically by JupiterOne.

Read More

PLATFORM SECURITY

Sophos Announces Sophos X-Ops

Sophos | July 21, 2022

Sophos, a global leader in next-generation cybersecurity, today announced Sophos X-Ops, a new cross-operational unit linking SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against constantly changing and increasingly complex cyberattacks. Sophos X-Ops leverages the predictive, real-time, real-world, and deeply researched threat intelligence from each group, which, in turn, collaborate to deliver stronger, more innovative protection, detection and response capabilities. Sophos today is also issuing “OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks,” research about increased attacks against unpatched Microsoft SQL servers and how attackers used a fake downloading site and grey-market remote access tools to distribute multiple ransomware families. Sophos X-Ops identified and thwarted the attacks because the Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize the adversaries. “Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged. Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos,” said Joe Levy, chief technology and product officer, Sophos. “We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise. Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response. Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.” Speaking in March 2022 to the Detroit Economic Club about the FBI partnering with the private sector to counter the cyber threat, FBI Director Christopher Wray said, “What partnership lets us do is hit our adversaries at every point, from the victims’ networks back all the way to the hackers’ own computers, because when it comes to the FBI’s cyber strategy, we know trying to stand in the goal and block shots isn’t going to get the job done. “We’re disrupting three things: the threat actors, their infrastructure and their money. And we have the most durable impact when we work with all of our partners to disrupt all three together.” Sophos X-Ops is taking a similar approach: gathering and operating on threat intelligence from its own multidisciplinary groups to help stop attackers earlier, preventing or minimizing the harms of ransomware, espionage or other cybercrimes that can befall organizations of all types and sizes, and working with law enforcement to neutralize attacker infrastructure. While Sophos’ internal teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined process necessary to counter equally fast-moving adversaries. “Effective cybersecurity requires robust collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors at speed at scale. Combining these separate teams into Sophos X-Ops shows that Sophos understands this principle and is acting on it.” Michael Daniel, president and CEO, Cyber Threat Alliance Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity due to the aggressive advancements in organized cybercrime. By intertwining the expertise of each group, Sophos is pioneering the concept of an artificial intelligence (AI) assisted Security Operations Center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos believes this approach will dramatically accelerate security workflows and the ability to more quickly detect and respond to novel and priority indicators of compromise. “The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it. The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups,” said Craig Robinson, IDC research vice president, Security Services. “Combining the ability to cut across a wide breadth of threat intelligence expertise with AI assisted features in the SOC allows organizations to better predict and prepare for imminent and future attacks.” About Sophos Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.

Read More

SOFTWARE SECURITY

SafeGuard Cyber Delivers Context-Aware Response with Microsoft Azure AD and Okta

SafeGuard Cyber | August 01, 2022

SafeGuard Cyber, the leading provider of security and compliance solutions for email and communication-based threats, today announces automated response and multi-channel user onboarding with Microsoft Azure AD and Okta integrations for its security and risk management platform. These integrations enable automated and workflow-based responses to advanced social engineering threats such as impersonation and account takeover, as well as other threats, business risks, and compliance violations. The integrations extend the SafeGuard Cyber platform's multi-channel detection capabilities, with the ability for security and compliance operation teams to manage and automate responses to threats and risks across all communication channels. "In the current economic climate, organizational leadership needs to ensure optimum resource utilization in security operations and reduce unnecessary costs," said Chris Lehman, CEO of SafeGuard Cyber. "Many of our enterprise customers have made significant investments in Azure AD or Okta to manage identities across their organizations, and our new capabilities allow them to streamline operations and maximize ROI for their security and overall operations." Integrated response through SafeGuard Cyber enables security architects and operations teams to deliver the ideal response to threats and business risks, either in an automated or direct action through the SafeGuard Cyber platform as part of incident management or an investigation. "As the threats of fraud, impersonation, and social engineering increasingly result in material breaches and financial losses through ransomware and business compromise, the need to have a context-aware, zero-trust foundation with detection and response capabilities is more urgent than ever. "Our integrations with Okta and Azure AD enable organizations moving towards a cloud or hybrid workplace to simplify identity-based responses to communication-based threats, while enriching authentication to include context and intent of interactions." Rusty Carter, chief product officer at SafeGuard Cyber Context-aware and advanced integrated response with Okta and Azure AD is available for all SafeGuard Cyber customers and delivers: Automated user onboarding for monitoring communications by group Automatic, risk-based responses that include user-session invalidation Support for all SafeGuard Cyber protected channels SafeGuard Cyber detects attacks and identifies risk by understanding how humans interact and communicate. The company's Natural Language Understanding-based SaaS platform offers the industry's most advanced visibility and detection of phishing, BEC and malware attacks that span the full range of modern business communications channels, including social media, collaboration, mobile messaging, conferencing, CRM and the Microsoft 365 ecosystem. About SafeGuard Cyber SafeGuard Cyber provides the only comprehensive technology solution for addressing cybersecurity threats and compliance risks across the modern cloud workplace. The company's patented and award-winning Natural Language Understanding technology analyzes and correlates conversations across 30 communication channels and 52 languages, including collaboration, social, chat, messaging, and conference platforms, in order to detect and prevent communication-based threats like social engineering. By stopping attacks at the social engineering stage, SafeGuard Cyber allows companies to prevent data breaches, ransomware, invoice fraud, and many other threats. The company's cloud-based Machine Learning also provides compliance solutions for governance and policy enforcement that empower customers to communicate through modern apps and social networking.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

JupiterOne Recognized as a Sample Vendor for Cyber Asset Attack Surface Management (CAASM) in Gartner® Hype Cycle™ for Cyber Risk Management, 2022

JupiterOne | August 19, 2022

JupiterOne, the industry's leading provider of cyber asset attack surface management (CAASM) technology, today announced that it was named as a Sample Vendor for CAASM in the latest release of the Gartner Hype Cycle for Cyber Risk Management, 2022. According to Gartner, "In 2022, the global risk landscape continues to be impacted by the ongoing COVID-19 pandemic conditions, the Russian invasion of Ukraine, labor shortage, worsening climate change, and inflation. In particular, the increased inflation rate and labor market tightness mean that organizations must do more with fewer resources." The Gartner report notes that security and risk management (SRM) leaders continue to struggle to: "Position risk management as a decision-making practice. Either because of their rigid focus on framework-based controls or inability to scale their security and risk controls for individual projects Inform cyber and technology decisions in an ever-expanding operating ecosystem Gain sufficient transparency in evaluating environmental, social and governance risks and incidents, local and worldwide. Mitigate global supply chain risks as these risks continue to form a web of complexity and volatility. Look for ways to automate and inform risk assessment with data-driven insights." One solution category that addresses these challenges is the cyber asset attack surface management (CAASM) space, where solutions aggregate and track assets such as endpoints, servers, devices, and applications. By consolidating internal and external cyber assets, users can use queries to find gaps in coverage for security tools such as vulnerability assessment and endpoint detection and response (EDR) tools. JupiterOne pioneered a graph-based approach to CAASM that allows customers to track and monitor IP addresses and analyze and map all intra-asset relationships. As the Gartner analysts explained, "CAASM enables security teams to improve basic security hygiene by ensuring security controls, security posture, and asset exposure are understood and remediated. Organizations that deploy CAASM reduce dependencies on homegrown systems and manual collection processes, and remediate gaps either manually or via automated workflows. Organizations can visualize security tool coverage, support attack surface management (ASM) processes, and correct systems of record that may have stale or missing data." The drivers of CAASM adoption, according to Gartner, include: "Full visibility into all information technology (IT), Internet of Things (IoT) and operational technology (OT) assets under an organization's control, which improves understanding of the attack surface area and existing security control gaps or serves as part of a wider ASM process. Quicker audit compliance reporting through more accurate, current and comprehensive asset and security control reports. Consolidation of existing products that collect asset and exposure information into a single normalized view, which reduces the need for manual processes or dependencies on homegrown applications. Access to consolidated asset views for multiple individuals and teams across an organization, such as enterprise architects, security operations teams and IT administrators, who can benefit from viewing and querying consolidated asset inventories with a view to achieving business objectives." The recent Gartner report on Top Trends in Cybersecurity 2022 cited "Attack Surface Expansion" as one of the year's top security trends resulting from the expanding digital footprint of modern organizations. According to the report, "A dramatic increase in attack surface is emerging from changes in the use of digital systems, such as new hybrid work, accelerated use of public cloud, more tightly interconnected supply chains, expansion of public-facing digital assets and increased use of operational technology." In our opinion, security leaders who reinvent the cybersecurity function and technology architecture can better position their organizations to maintain and grow value in an increasingly agile, distributed, and decentralized environment. JupiterOne was named a Sample Vendor for CAASM in the latest release of the Gartner Hype Cycle for Security Operations, 2022. The report is available for complimentary download from JupiterOne. Additionally, Gartner recognized JupiterOne as a Representative Provider for CAASM in the Innovation Insights for Attack Surface Management and as a Sample Vendor in the Gartner Hype Cycle for Workload and Network Security, 2022 research reports. "JupiterOne is honored to receive yet another recognition from Gartner. Right now, the world is full of uncertainty, making it challenging to conduct business. More than ever, businesses must prioritize effective security measures. Security leaders can get invaluable insights by tracking their assets and making efficient use of their resources. Overall, organizations can make better data-driven business decisions while keeping security risks in mind." Erkang Zheng, Founder and CEO at JupiterOne About JupiterOne JupiterOne is a cyber asset attack surface management (CAASM) platform company providing visibility and security into your entire cyber asset universe. Using graphs and relationships, JupiterOne provides a contextual knowledge base for an organization's cyber asset operations. With JupiterOne, teams can discover, monitor, understand, and act on changes in their digital environments. Cloud resources, ephemeral devices, identities, access rights, code, pull requests, and much more are collected, graphed, and monitored automatically by JupiterOne.

Read More

PLATFORM SECURITY

Sophos Announces Sophos X-Ops

Sophos | July 21, 2022

Sophos, a global leader in next-generation cybersecurity, today announced Sophos X-Ops, a new cross-operational unit linking SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against constantly changing and increasingly complex cyberattacks. Sophos X-Ops leverages the predictive, real-time, real-world, and deeply researched threat intelligence from each group, which, in turn, collaborate to deliver stronger, more innovative protection, detection and response capabilities. Sophos today is also issuing “OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks,” research about increased attacks against unpatched Microsoft SQL servers and how attackers used a fake downloading site and grey-market remote access tools to distribute multiple ransomware families. Sophos X-Ops identified and thwarted the attacks because the Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize the adversaries. “Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged. Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos,” said Joe Levy, chief technology and product officer, Sophos. “We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise. Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response. Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.” Speaking in March 2022 to the Detroit Economic Club about the FBI partnering with the private sector to counter the cyber threat, FBI Director Christopher Wray said, “What partnership lets us do is hit our adversaries at every point, from the victims’ networks back all the way to the hackers’ own computers, because when it comes to the FBI’s cyber strategy, we know trying to stand in the goal and block shots isn’t going to get the job done. “We’re disrupting three things: the threat actors, their infrastructure and their money. And we have the most durable impact when we work with all of our partners to disrupt all three together.” Sophos X-Ops is taking a similar approach: gathering and operating on threat intelligence from its own multidisciplinary groups to help stop attackers earlier, preventing or minimizing the harms of ransomware, espionage or other cybercrimes that can befall organizations of all types and sizes, and working with law enforcement to neutralize attacker infrastructure. While Sophos’ internal teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined process necessary to counter equally fast-moving adversaries. “Effective cybersecurity requires robust collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors at speed at scale. Combining these separate teams into Sophos X-Ops shows that Sophos understands this principle and is acting on it.” Michael Daniel, president and CEO, Cyber Threat Alliance Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity due to the aggressive advancements in organized cybercrime. By intertwining the expertise of each group, Sophos is pioneering the concept of an artificial intelligence (AI) assisted Security Operations Center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos believes this approach will dramatically accelerate security workflows and the ability to more quickly detect and respond to novel and priority indicators of compromise. “The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it. The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups,” said Craig Robinson, IDC research vice president, Security Services. “Combining the ability to cut across a wide breadth of threat intelligence expertise with AI assisted features in the SOC allows organizations to better predict and prepare for imminent and future attacks.” About Sophos Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.

Read More

More featured news