DATA SECURITY

Perfect storm of cybersecurity risks threatens the hybrid workplace

HP Wolf Security | November 01, 2021

HP Inc. today released its latest HP Wolf Security report: Out of Sight & Out of Mind, a comprehensive global study highlighting how the rise of hybrid work is changing user behavior and creating new cybersecurity challenges for IT departments.

The research shows that a growing number of users are buying and connecting unsanctioned devices outside of IT’s purview. It also highlights that threat levels are rising, with attackers increasingly successful at bypassing defenses and tricking users into initiating attacks through phishing. All of this is making IT support more complex, time-consuming, and costly than ever.

The report combines data from a global YouGov online survey of 8,443 office workers who shifted to Working from Home (WFH) during the pandemic, and a global survey of 1,100 IT decision makers conducted by Toluna. Key findings include:

New Shadow IT buying and installing endpoints with security out of mind: ‘Shadow IT’ typically refers to non-IT departments deploying software beyond the purview of IT. This shadow is now spreading, with individuals procuring and connecting devices without being checked by IT. 45% of office workers surveyed purchased IT equipment (such as printers and PCs) to support home working in the past year. However, 68% said security wasn’t a major consideration in their purchasing decision, while 43% didn’t have their new laptop or PC checked or installed by IT, and 50% said the same of their new printer.

Phishing becoming increasingly successful: 74% of IT teams have seen a rise in the number of employees opening malicious phishing links or attachments on emails in the last 12-months. 40% of office workers surveyed aged 18-to-24 have clicked on a malicious email with almost half (49%) saying they have done so more often since working from home. Of office workers that clicked or nearly clicked a link, 70% didn’t report it to IT – 24% didn’t think it was important, 20% cited the “hassle factor”, while 12% had a fear of reprisal or being punished.
Increase in devices being compromised fuels growth in rebuild rates: 79% of IT teams report rebuild rates increased during the pandemic. Rebuild rates directly correlate to the number of endpoints that require wiping and reimaging because they have been compromised, which implies more attackers are successfully breaching outer defenses. The real figure could be higher still: 80% of IT teams worry that employee devices might be compromised and they don’t know about it.

"People often don't know if they have clicked on something malicious, so the real numbers are likely much higher," comments Ian Pratt, Global Head of Security for Personal Systems, HP Inc. "Threat actors don't always announce themselves, as playing the 'long game' to move laterally and infiltrate higher-value infrastructure has proven to be more lucrative. For example, by using cloud backups to exfiltrate sensitive data in bulk, encrypting data on servers, then demanding a multi-million-dollar ransom.”

Pratt continues: "It shouldn't be this easy for an attacker to get a foothold - clicking on an email attachment should not come with that level of risk. By isolating and containing the threat you can mitigate any harmful impact, preventing persistence and lateral movement."

With threats rising, it’s becoming more difficult for IT teams to deliver security support. 77% of IT teams said the time it takes to triage a threat has increased in the past year, while an estimated 62% of alerts relating to the endpoint are false positives, leading to wasted time. With IT teams tied up dealing with alerts, it’s becoming harder for them to onboard employees and identify threats:

65% of IT teams said that patching endpoint devices is more time-consuming and difficult due to the mass shift to home working, while 64% said the same of provisioning and onboarding new starters with secure devices.
As a result, IT teams estimate the cost of IT support in relation to security has risen by 52% in the last 12-months.

83% of IT teams said the pandemic has put even more strain on IT support because of home worker security problems, while 77% of IT teams say homeworking is making their job much harder and that they fear teams will burnout and consider quitting.
“As IT continues to grow in complexity, security support is becoming unmanageable,” Pratt concludes. "For hybrid working to be a success, IT security teams need to be freed from spending hours provisioning and fielding user access requests so they can focus on tasks that add value. We need a new security architecture that not only protects against known and unknown threats, but that helps to reduce the burden to liberate cybersecurity teams and users alike. By applying the principles of Zero Trust, organizations can design resilient defenses to keep the business safe and recover quickly in the event of a compromise.”

HP is helping organizations to secure the hybrid workplace by delivering endpoint security that provides teams with greater visibility and management tools. With HP Wolf Security1 organizations benefit from robust, built-in protection from the silicon to the cloud, and BIOS to browser. HP Wolf Security provides the ideal support for securing the hybrid workplace – for example HP Sure Click Enterprise2 reduces the attack surface by rendering malware, delivered via email, browser or downloads, harmless through threat containment and isolation. HP Wolf Security enables teams to deliver defense-in-depth and enhanced protection, privacy, and threat intelligence, gathering data at the endpoint to help protect the business at large.

About HP Wolf Security
From the maker of the world’s most secure PCs3 and Printers4, HP Wolf Security is a new breed of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services.

Spotlight

This is the half-year report of our Business Main-Test Series. 1 , containing the results of the Business Malware Protection Test (March), Business Real-World Protection Test (March-June), Business Performance Test (June), as well as the Product Reviews. Products of 16 different vendors are included in this public test report. The test series consists of three main parts: The Real-World Protection Test mimics online malware attacks that a typical business user might encounter mostly when surfing the Internet. The Malware Protection Test considers a scenario in which the malware enters the test system via e.g. the local area network or removable device, rather than directly from the Internet.

Spotlight

This is the half-year report of our Business Main-Test Series. 1 , containing the results of the Business Malware Protection Test (March), Business Real-World Protection Test (March-June), Business Performance Test (June), as well as the Product Reviews. Products of 16 different vendors are included in this public test report. The test series consists of three main parts: The Real-World Protection Test mimics online malware attacks that a typical business user might encounter mostly when surfing the Internet. The Malware Protection Test considers a scenario in which the malware enters the test system via e.g. the local area network or removable device, rather than directly from the Internet.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

SentinelOne LABScon Security Research Conference Unifies Private and Public Sector Through Groundbreaking Cybersecurity Discoveries

SentinelOne | September 22, 2022

SentinelOne, an autonomous cybersecurity platform company, today launched the inaugural LABScon, a conference dedicated to advancing cybersecurity research for the benefit of collective digital defense. The event features novel findings from sought-after voices in cybersecurity and groundbreaking research by leading research teams. “The goal of LABScon is to provide a venue for advanced security collaboration and community building,” said Migo Kedem, VP Growth and Head of SentinelLabs, SentinelOne. “We are pleased to unite the cybersecurity community - researchers, vendors, and practitioners - to strengthen collective understanding of the security landscape. Only through shared knowledge and collaboration will cybersecurity evolve.” The conference lineup features prominent speakers and world-class researchers presenting on today's most important cyber security topics. Conference highlights include: Mark Russinovich, Microsoft Azure CTO, presents the story of his seminal malware analysis toolkit, which transformed malware analysis and forensic investigation Dmitri Alperovitch, Executive Chairman of the Silverado Policy Accelerator and CrowdStrike Co-Founder and former CTO, discusses cyberwarfare and effective policies Morgan Adamski, Director of NSA's Cyber Collaboration Center, keynotes “Operational Collaboration: The Realities of Success” Chris Krebs, the first director of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Partner of the Krebs Stamos Group, shares in-the-trenches perspectives on cybersecurity and government M.J. Emanuel, CISA Incident Response Analyst, delves into recent cyberattacks targeting satellite communications and critical infrastructure Mauro Vignati, International Red Cross, discusses the line between combatants and digital collaborators in war Thomas Rid, Professor of Strategic Studies and founding director of the Alperovitch Institute for Cybersecurity Studies at Johns Hopkins SAIS, debuts cybersecurity discoveries Kim Zetter, world-renowned cybersecurity author, facilitates fireside chats and shares perspectives on cyberwar Kris McConkey, PwC’s Global Cyber Threat Intelligence Practice Lead, releases research detailing new activity emanating from Chinese advanced persistent threat (APT) groups Mandiant, Sophos, Volexity, BlackLotus, PwC, and Binarly drops new APT research and vulnerabilities SentinelLabs releases “Metador,” our most ambitious APT research to date LABScon is hosted by SentinelLabs, a world-class team of security researchers that identifies critical vulnerabilities, new attack vectors, malware strains, and threat actors. The event is sponsored by Stairwell, Luta Security, Cisco Talos, GreyNoise, HP Wolf Security, Aesir, Binarly, Team Cymru, and ReversingLabs. To stay updated with groundbreaking threat research and cybersecurity discoveries, visit https://www.sentinelone.com/labs/ About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

SOFTWARE SECURITY

LogRhythm Accelerates Threat Detection Capabilities with Innovations to Product Suite

LogRhythm | July 06, 2022

LogRhythm, the company helping busy and lean security operation teams save the day, today announced the launch of version 7.9 of the LogRhythm SIEM Platform and updates to LogRhythm NDR and LogRhythm UEBA. “LogRhythm arms security teams with intelligent analytics and automated responses to reduce cybersecurity exposure, eliminate blind spots and quickly shut down attacks,” said Kish Dill, chief product and customer officer at LogRhythm. "The company is changing the way we work by becoming customer-centric throughout our whole organization. We are listening to our customers and promise to deliver quarterly innovations that address the challenges our customers face every day. We recognize that security teams don’t have time to spare on long processes and inefficient workflows. With these latest updates, security teams will have the tools they need to make operations more effective and efficient to defend their organization against today’s top threats.” LogRhythm 7.9, LogRhythm NDR and LogRhythm UEBA (formerly CloudAI) provide new features designed to help security teams overcome everyday obstacles by accelerating threat response, improving workflows and simplifying processes, including: Faster time to value through improved analyst workflows Enhanced automation with Admin API: LogRhythm 7.9 improves the Admin API by adding system monitoring management (LogRhythm SysMon) endpoints to the API library. This enables SIEM administrators to connect through the Admin API and manage the SysMon agent, allowing for automated process batching. Embedded Expertise: LogRhythm accelerates customer time to value through its out of the box LogRhythm SmartResponse™. LogRhythm 7.9 includes added and enhanced SmartResponses to its already extensive library of over 120 integrations. Enable packet capture in UI: LogRhythm NDR users can download PCAP files for specific incidents and cases to pull in more detail, helping investigations and improving threat hunting. Easier and faster event log filtering: LogRhythm 7.9 includes a new way to filter logs at the agent. Users can now select the types of Windows event logs the agent queries, accelerating the time to process logs and removing the burden on the collection pipeline. Expanded threat detection capabilities Enhanced LogRhythm NDR detection models: Users can detect a wider array of ransomware attacks with LogRhythm NDR’s improved analytics capabilities. Advanced analytics models: LogRhythm UEBA offers advanced UEBA analytics as a cloud-native, easy to deploy add-on for LogRhythm 7.9 users. Models were improved and new models added to ensure today's complex attacks can be detected and anomalies requiring priority attention can be identified, further reducing alert fatigue and accelerating response times. Policy violation alerts: LogRhythm NDR offers alerts about expired certificates, weak ciphers used in connections, and authentication activity happening in clear text, offering additional context to what could represent a risk. Extended flexibility Controlled overages with powerful license metering reporting: LogRhythm added a new reporting feature to make licensing overages more visible and easier to understand by displaying any overages in the past 30 days. This feature will help teams better manage license usage and costs. Expanded endpoint integrations: LogRhythm now includes Cisco Secure Endpoint (formerly AMP for Endpoints) in its family of EDR integrations. About LogRhythm LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

ReasonLabs' RAV Endpoint Protection Achieves Gold OPSWAT Access Control Certification for Endpoint Security Applications

ReasonLabs | September 05, 2022

ReasonLabs, a leading cybersecurity company providing enterprise-grade protection to users all around the world, has today announced that its RAV Endpoint Protection solution has received Gold Certification from Access Technologies (OPSWAT), a leader in critical infrastructure protection. OPSWAT's Access Control Certification Program provides reliable and consistent metrics for validating the effectiveness of anti-malware products and establishing device trust. The program's Gold certification badge is awarded to applications that achieve access control compatibility. "Achieving Gold Certification in OPSWAT's Access Control Center Program further validates RAV Endpoint Protection as an industry-leading next-generation consumer solution. "The certification has created an easy way for customers to validate our solution's capabilities. End users can be assured that RAV Endpoint Protection secures endpoints with a high degree of confidence." Kobi Kalif, CEO of ReasonLabs ReasonLabs is the first Next-Generation Antivirus (NGAV) software with Endpoint Detection and Response (EDR) capabilities built specifically for home users. Whereas traditional antiviruses use a one-to-one detection technology to fight breaches and malware, ReasonLabs's intuitive engine utilizes a variety of technologies and techniques to predict and prevent virus attacks. By leveraging machine learning algorithms and AI, RAV Endpoint Protection sorts through millions of files to easily identify potentially hazardous ones and ensures proactive detection and resolution of the most complex malware. "From OPSWAT's inception, we have pioneered the concept of zero trust," said Benny Czarny, founder and CEO of OPSWAT. "The OPSWAT Access Control Certification Program extends this idea to IT System Administrators by relieving them from the daunting task of researching, testing and identifying the right endpoint anti-malware and encryption solutions by having us test it for them. We've done the work and verified applications that meet our exacting zero trust standards." Since RAV Endpoint Protection utilizes state-of-the-art EDR technology powered by artificial intelligence, ReasonLabs is able to provide the strongest defense for customers' personal assets. By utilizing an EDR approach, RAV is able to detect threats virtually anywhere, in contrast to systems built with a legacy one-to-one detection method. When coupled with its other security products including RAV VPN, RAV Safer Web, RAV Online Security, and FamilyKeeper, users can feel confident knowing every single endpoint is secured. "We developed the OPSWAT Access Control Certification Program to recognize the very best security solutions in the market, and ReasonLabs' RAV Endpoint Protection solution has met these demanding requirements," said Hamid Karimi, VP Technology Alliances and OEM at OPSWAT. "Gold certification is a badge of trust that certifies that a vendor's solutions do what they say they do and are effective against the latest emerging threats. IT professionals who are looking for the most effective antivirus solutions rely on Gold Certified vendors, and now they should consider ReasonLabs' RAV Endpoint Protection." About ReasonLabs ReasonLabs is a cybersecurity pioneer equipping tens of millions of families and individuals worldwide with the same level of cyber protection enjoyed by Fortune 500 companies. Its AI-powered, next-generation antivirus engine scans billions of files around the world to predict and prevent cyberattacks in real-time, 24/7. Its flagship product, RAV Endpoint Protection, together with its other products combine to form a multilayered solution that safeguards home users against next-generation threats. Co-Founded in 2016 by seasoned cybersecurity expert Andrew Newman—an architect of Microsoft's native cybersecurity program, Microsoft Defender—ReasonLabs is based in New York and Tel Aviv.

Read More