Redcar council excludes public from cyber-attack discussion

BBC | March 07, 2020

Redcar and Cleveland Council's systems have been down since 8 February after a ransomware attack.The Local Democracy Reporting Service understands no ransom has been paid. Concerned about "sensitive" information being discussed, council officials requested not to answer councillors' questions in public. Assistant director of governance Steve Newton said: "There is still a criminal investigation ongoing and I'm not quite sure where these questions will lead." At the resources committee meeting Labour councillor Sue Jeffrey wanted to know what business processes were unavailable. "So things like house searches, the planning portal, registration, building and control - all those sorts of things - access to historical files, regeneration projects, financial transactions?" she said.

Spotlight

Whether public key infrastructure (PKI) is your passion or it’s something you wouldn’t touch with a 39-and-a-half-foot pole, it’s without a doubt become critical to the security of your organization. A rare few companies have an in-house expert or even an entire team dedicated to PKI, but for most, it’s more of a “hot potato” th

Spotlight

Whether public key infrastructure (PKI) is your passion or it’s something you wouldn’t touch with a 39-and-a-half-foot pole, it’s without a doubt become critical to the security of your organization. A rare few companies have an in-house expert or even an entire team dedicated to PKI, but for most, it’s more of a “hot potato” th

Related News

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Veza introduces new solution to deliver SaaS access security and governance for the enterprise

Businesswire | May 03, 2023

Veza, the authorization platform for data security, today announced Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations. With this solution, Veza secures the attack surface associated with SaaS apps while enabling continuous compliance with frameworks like Sarbanes-Oxley, ISO 27001, SOC 2, and GDPR. Organizations today maintain an average of 125 different SaaS applications, costing $1,040 per employee annually, according to Gartner’s 2022 Market Guide for SaaS Management. As SaaS grows in popularity, security and identity teams are under pressure to manage security risks associated with the spread of data in these apps. “SaaS applications are everywhere, holding sensitive data like customer lists, financials, and employee data. This is a new attack surface for the threat actors who misuse identity,” said Tarun Thakur, CEO and co-founder of Veza. “Conventional IAM techniques like authentication are not enough to secure access to data in SaaS apps. We are excited to introduce Veza for SaaS Apps to help our customers protect sensitive data against credential theft, malicious attacks and accidental exposure, putting SaaS access security within reach.” The Veza solution includes integrations to 15 popular SaaS applications, including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. Because Veza uses an out-of-band approach to integrate with apps and systems, customers can integrate in less than a day, unlocking unprecedented visibility and control in just hours. “Using Veza, we have been able to achieve end-to-end visibility over access permissions across our enterprise app stack, including Salesforce,” said Brian Miller, Director, Security Governance, Risk and Compliance at Achieve. “As our customer base continues to expand, Veza helps us maintain least privilege over sensitive financial customer data, giving us the confidence to adopt new apps at lightspeed.” Capabilities of the Veza solution include: Privileged Access Monitoring. Veza alerts security teams when there are new grants of privileged access and privilege drift in SaaS apps, such as new local admins in Salesforce. Veza monitors both human identities and machine identities like service accounts and third-party integrations. User Access Reviews and Entitlement Certifications. Veza automates the identity governance and administration process of periodic access reviews, using workflow rules to route requests for certification and providing decision-makers with authorization context to choose the least-permissive role. Veza makes it possible to graduate from periodic batches to “continuous compliance.” SaaS Misconfigurations. Veza monitors SaaS apps for administrative misconfigurations and policy violations with over 100 pre-built queries to monitor and detect common misconfigurations in permissions and access controls. For example, Veza alerts the security team when users have access to sensitive data but do not have MFA (multi-factor authentication) enabled. SaaS applications contain sensitive data. Securing the access to this data in SaaS apps is complicated given the application-specific RBAC (role-based access control) that grants permissions to humans and services. Because security teams can’t see the reality of who can do what with data, SaaS apps are vulnerable to privilege sprawl and risky misconfigurations. The Veza Authorization Platform creates a comprehensive graph of identity-to-data by ingesting and organizing the authorization metadata (RBAC) from SaaS apps, cloud providers, data systems, and identity providers. About Veza Veza is the authorization platform for data security. Identity and security professionals use Veza to modernize access governance for the new data and SaaS apps landscape. By automating the work of finding and fixing excessive permissions on a continuous basis, Veza helps organizations achieve Least Privilege. Veza’s unique approach ingests metadata from any SaaS app or data system, organizes it as an authorization graph, and makes it searchable in real-time. Global enterprises like Blackstone, Wynn Resorts, and Expedia trust Veza to protect sensitive data and automate access reviews. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures. Visit us at veza.com and follow us on LinkedIn, Twitter, and YouTube.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Vectra Unifies AI-driven Behavior-based Detection and Signature-based Detection in a Single Solution

Prnewswire | March 27, 2023

Vectra AI, the leader in AI-driven hybrid cloud threat detection and response, today announced the introduction of Vectra Match. Vectra Match brings intrusion detection signature context to Vectra Network Detection and Response (NDR), enabling security teams to accelerate their evolution to AI-driven threat detection and response without sacrificing investments already made in signatures. "As enterprises transform embracing digital identities, supply chains and ecosystems - GRC and SOC teams are forced to keep pace. Keeping pace with existing, evolving and emerging cyber threats requires visibility, context and control for both known and unknown threats. The challenge for many security organizations is doing so without adding complexity and cost," says Kevin Kennedy, SVP Products at Vectra. With the addition of Vectra Match, Vectra NDR addresses core GRC and SOC use cases enabling more efficient and effective: Correlation and validation of threat signals for accuracy. Compliance for network-based CVE detection with compensating controls. Threat hunting, investigation and incident response processes. "CISOs and their SOC teams across Asia Pacific are working with a challenging lack of visibility across their hybrid cloud environments, as attackers continue to evolve. Vectra NDR now enables security teams to unify signatures for known threats and AI-driven behavior-based detection for unknown threats in a single solution," comments David Sajoto, Vice President Vectra Asia Pacific Japan. According to Gartner®, "recent trends in the NDR market indicate many NDR offerings have expanded to capture new categories of events and to analyze additional traffic patterns. This includes new detection techniques: by adding support for more traditional signatures, performance monitoring, threat intelligence and sometimes malware detection engines. This move toward more multifunction network detection aligns well with the use case of network/security operations convergence, but also with midsize enterprises."1 "The attack surface cyber attackers have at their disposal continues to grow exponentially creating unknown threats on top of the tens of thousands of known vulnerabilities that exist. Attackers simply have exponentially more ways to infiltrate an organization and exfiltrate data -- and do so with far more frequency, velocity and impact. Keeping pace with attackers exploiting known vulnerabilities and unknown threats is an immense challenge for every Security, Risk and Compliance officer," says Ronald Heil, Global Risk Advisory Lead for Energy and Natural Resources and Partner at KPMG Netherlands. "Today, cyber-resilience and compliance requires complete visibility and context for both known and unknown attacker methods. Without it, disrupting and containing their impact becomes an exercise in brand reputation and customer trust damage control. Vectra Match capabilities allow us to combine both worlds, having the continued AI-based detection of real-time "movement", while also having the ability to check against specific Suricata indicators -- often required during incident response or proof of compliancy (e.g., Log4J). Consolidating AI-based and signature-based detection enables optimization, because in our case, less is more." "When it comes to shadow IT, we know people with admin rights are 'building boxes off the grid.' Our SOC team cannot protect what we cannot see, thus making these unknown systems prime targets for attackers. No doubt, behavior-based AI-driven detections are great for catching attackers deploying new, evasive methods, but when it comes to attackers leveraging CVEs to compromise unknown, unpatched systems, we need signature-based detection. Combining signature-based detection with behavior-based detection gives our SOC team visibility for both the known-unknown and unknown-unknown threats. It's the best of both worlds," says Brett Fernicola, Sr. Director, Security Operations at Anywhere.re. Vectra NDR with Vectra Match Vectra NDR - a key component of the Vectra platform - provides end-to-end protection against hybrid and multicloud attacks. Deployed on-premises or in the cloud, the Vectra NDR console is a single source of truth (visibility) and first line of defense (control) for attacks traversing cloud and data center networks. By harnessing AI-driven Attack Signal Intelligence, Vectra NDR empowers GRC and SOC teams with: AI-driven Detections that think like an attacker by going beyond signatures and anomalies to understand attacker behavior and zero in on attacker TTPs across the entire cyber kill chain post compromise, with 90% fewer blind spots and 3x more threats proactively identified. AI-driven Triage that knows what is malicious by utilizing ML to analyze detection patterns unique to the customer's environment to score how meaningful each detection is, thus reducing 85% of alert noise - surfacing only relevant true positive events that require analyst attention. AI-driven Prioritization that focuses on what is urgent by automatically correlating attacker TTPs across attack surfaces, evaluating each entity against globally observed attack profiles to create an attack urgency rating enabling analysts to focus on the most critical threats to the organization. Vectra NDR empowers security and risk professionals with next-level intrusion detection. Armed with rich context on both known and unknown threats, GRC and SOC teams not only improve the effectiveness of their threat detection, but the efficiency on their threat hunting, investigation and incident response program and processes. Vectra NDR with Vectra Match is available for evaluation and purchase today. For additional information, please visit the following resources. About Vectra Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. Only Vectra optimizes AI to detect attacker methods - the TTPs at the heart of all attacks - rather than simplistically alerting on "different." The resulting high-fidelity threat signal and clear context enables cybersecurity teams to rapidly respond to threats and stop attacks from becoming breaches. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure - both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, API SECURITY

Waratek Introduces World's First Java Security Platform with API Security Capabilities

Prnewswire | May 09, 2023

Waratek, an industry leader making Java security achievable for every mission-critical application and API, today introduced API security to its Java Security Platform, giving customers the ability to scale strategic risk mitigation in the enterprise. This unique combination provides turnkey protection against bytecode and serialization vulnerabilities, classpath manipulation, and sandbox escapes that are unique to the Java Virtual Machine. Additionally, Waratek released today its Log4J Vulnerability Scanner, giving users an in-depth view of any remaining issues in their IT systems. The scanner makes it simple to quickly scan all applications for Log4shell vulnerabilities, then sends out non-invasive payloads to a company's libraries, automatically building a table of remaining instances of Log4J and where to find them. "In 2022, we were the first company that released a Log4j patch, even faster than Oracle. Today, researchers warn that the infamous Log4j vulnerability is still present in far too many systems worldwide, and that attackers will be successfully exploiting it for years. With 80 percent of Log4shell-impacted companies remaining vulnerable today, we recognized the immediate need to offer this security innovation to our customers," said Doug Ennis, CEO of Waratek. Signature-based security approaches have worked well for non-complicated languages, but languages like Java that are compiled into bytecode require expert-level domain knowledge to secure due to the unique characteristics of the Java programming language and its execution environment. When API security is added to the mix, the issue is exasperated. Now companies can solve this problem by combining the domain expertise of a Java software engineer and the knowledge of a security engineer in one platform. According to a recent survey, more than 60 percent of enterprise companies that use Java were affected by Log4j vulnerabilities, with 41 percent of those companies stating that between 51 and 75 percent of their apps were affected. Today, 81 percent of companies report still having problems as a result of Log4j, and 70 percent of companies surveyed still have not put a patch in place. A long-term Waratek customer, one of the top five semiconductor businesses in the world, expressed Log4j vulnerability concerns and worried that hundreds of hours would be required to resolve the issues. Utilizing Waratek's Java Security Platform with API capabilities, 2,500 of the company's applications were fully remediated of Log4j vulnerabilities without code changes or application redeployments in under four hours. "For Java applications and APIs our unprecedented Java Security Platform helps security teams fill the knowledge gap on Java and address its unique security nuances, such as Insecure Deserialization, accurately and instantly," said Ennis. "Waratek's Java Security Platform has become the essential line item in our security budget," said a CISO at one of the top three largest global hotel chains. "We originally implemented it to fix insecure deserialization across our applications. Since then, it's scaled to 2,500 applications without introducing new headcount, because to date it's never generated a false-positive." ABOUT WARATEK Waratek is the industry pioneer making Java security achievable for every mission-critical application and API. Headquartered in Chicago, IL and Dublin, Ireland, Waratek's multiple-award winning solution is trusted by some of the world's most recognizable brands including IBM, Google, Amazon, Microsoft, and more. The company has been recognized and awarded for its innovation in security deployment by CRN, CDM, Gartner Group, RSA, FinTech Innovation Lab, Computer Technology Review, and Government Computer News. For more information visit www.waratek.com or connect with us on LinkedIn, Twitter, or YouTube.

Read More