PLATFORM SECURITY

Sophos Announces Sophos X-Ops

Sophos | July 21, 2022 | Read time : 03:00 min

Sophos
Sophos, a global leader in next-generation cybersecurity, today announced Sophos X-Ops, a new cross-operational unit linking SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against constantly changing and increasingly complex cyberattacks. Sophos X-Ops leverages the predictive, real-time, real-world, and deeply researched threat intelligence from each group, which, in turn, collaborate to deliver stronger, more innovative protection, detection and response capabilities.

Sophos today is also issuing “OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks,” research about increased attacks against unpatched Microsoft SQL servers and how attackers used a fake downloading site and grey-market remote access tools to distribute multiple ransomware families. Sophos X-Ops identified and thwarted the attacks because the Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize the adversaries.

“Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged. Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos,” said Joe Levy, chief technology and product officer, Sophos. “We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise. Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response. Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.”

Speaking in March 2022 to the Detroit Economic Club about the FBI partnering with the private sector to counter the cyber threat, FBI Director Christopher Wray said, “What partnership lets us do is hit our adversaries at every point, from the victims’ networks back all the way to the hackers’ own computers, because when it comes to the FBI’s cyber strategy, we know trying to stand in the goal and block shots isn’t going to get the job done.

“We’re disrupting three things: the threat actors, their infrastructure and their money. And we have the most durable impact when we work with all of our partners to disrupt all three together.” Sophos X-Ops is taking a similar approach: gathering and operating on threat intelligence from its own multidisciplinary groups to help stop attackers earlier, preventing or minimizing the harms of ransomware, espionage or other cybercrimes that can befall organizations of all types and sizes, and working with law enforcement to neutralize attacker infrastructure. While Sophos’ internal teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined process necessary to counter equally fast-moving adversaries.

“Effective cybersecurity requires robust collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors at speed at scale. Combining these separate teams into Sophos X-Ops shows that Sophos understands this principle and is acting on it.”

Michael Daniel, president and CEO, Cyber Threat Alliance

Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity due to the aggressive advancements in organized cybercrime. By intertwining the expertise of each group, Sophos is pioneering the concept of an artificial intelligence (AI) assisted Security Operations Center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos believes this approach will dramatically accelerate security workflows and the ability to more quickly detect and respond to novel and priority indicators of compromise.

“The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it. The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups,” said Craig Robinson, IDC research vice president, Security Services. “Combining the ability to cut across a wide breadth of threat intelligence expertise with AI assisted features in the SOC allows organizations to better predict and prepare for imminent and future attacks.”

About Sophos
Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.

Spotlight

If you provide subscription-based content, password sharing can be a significant cause of revenue loss – to the tune of $2.3 billion a year for Netflix, according to a recent study by Cordcutting.com, and $1.5 billion in 2018 for Hulu, according to a CNBC report. In this special report, you’ll discover five industry-leading, bes

Spotlight

If you provide subscription-based content, password sharing can be a significant cause of revenue loss – to the tune of $2.3 billion a year for Netflix, according to a recent study by Cordcutting.com, and $1.5 billion in 2018 for Hulu, according to a CNBC report. In this special report, you’ll discover five industry-leading, bes

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Cymulate Raises $70M Series D Funding for Continuous Security Posture Testing

Cymulate | September 07, 2022

Cymulate, the market leader in Extended Security Posture Management (XSPM), today announced a $70 million Series D investment led by existing investors One Peak, together with Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and Dell Technologies Capital. Cymulate has raised $141M to date. The latest investment, which is among the largest for continuous security testing vendors, doubles Cymulate's funding raised to date and accelerates the Company's global expansion and pace of innovation. In a recent report on Continuous Threat Exposure Management (CTEM) GartnerⓇ analysts observed, "Previous approaches to managing the attack surface are no longer keeping up with digital velocity — in an age where organizations can't fix everything, nor can they be completely sure what vulnerability remediation can be safely postponed. CTEM is a pragmatic and effective systemic approach to continuously refine priorities, walking the tightrope between those two impossible extremes."* The global shortage of 2.72 million cybersecurity professionals, and overstretched in-house security resources further exacerbates the need for Cymulate's real-world solutions which closes security gaps quickly and efficiently, rationalizes technology, helps upskill staff and improves processes. "We are thrilled to lead this round of investment in Cymulate," said David Klein, Managing Partner of One Peak. "Cyber posture management and continuous security validation have dramatically increased in popularity in response to the onslaught of ransomware and cyber warfare for businesses across all size ranges. Cymulate is the clear leader in the sector, and we look forward to continuing to support the Company in further accelerating its already strong growth trajectory." Cymulate sets the industry standard for organizations to use automation to continuously validate their threat exposure and cyber posture, by testing their cloud and on-premise networks against the latest threats in the wild. The Company's Extended Security Posture Management platform leverages its native offensive security technology and capabilities to widely support customers' security and business needs. XSPM incorporates four fundamental pillars tied together with analytics to provide actionable security posture insights: Attack Surface Management, Continuous Automated Red Teaming, Breach & Attack Simulation, and Advanced Purple Teaming. Cymulate's customers see their cyber risk reduced by nearly 50% during the first three months of use. Running daily risk assessments, the cyber risk of Cymulate's customers continues to decrease in the first year without any security drift. The Series D funding will be used to extend Cymulate's technological capabilities and further accelerate its global growth. The Company more than doubled its ARR in 2021 and grew more than 200% in North America alone. Cymulate has more than 500 customers globally, including Fortune 500 companies and strategic partners such as Optiv and Wipro. By the end of this year, Cymulate plans to further expand its staff by 75% to continue supporting its go-to-market efforts. "In a market where every business must be prepared to fight advanced threats, I am proud of our team's ability to innovate and respond quickly to the constant turbulence of cybersecurity. "Our funding from existing investors is a further testament to their confidence in our company, direction, and continued vision. We look forward to reaching our next innovation milestones and expanding into new markets across the globe." Eyal Wachsman, CEO and Co-Founder of Cymulate Alongside their Series D funding, Cymulate also recently announced two C-level executive appointments to bolster the company's leadership, namely the appointment of Maria Mastakas as Chief Operating Officer and Carolyn Crandall as Chief Marketing Officer and Chief Security Advocate of Cymulate. *Gartner, Implement a Continuous Threat Exposure Management (CTEM) Program, July 2022. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. About Cymulate Cymulate's SaaS-based Extended Security Posture Management (XSPM) provides security professionals with the ability to continuously challenge, validate and optimize their on-premises and cloud cyber-security posture with visualization end-to-end across the MITRE ATT&CK® framework. The platform provides automated, expert and threat intelligence led risk assessments that are simple to deploy and use for organizations of all cybersecurity maturity levels. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies.

Read More

DATA SECURITY,SOFTWARE SECURITY

Appgate Launches Technology Alliance Partnership Program to Help Customers Simplify and Accelerate Zero Trust Advancement

Appgate | September 08, 2022

Appgate (OTC: APGT), the secure access company, today announced the launch of its Technology Alliance Partnership program and four of the program’s featured partners: Illumio, Menlo Security, CrowdStrike and Amazon Web Services (AWS). Appgate’s Technology Alliance Partnership program is designed to help organizations unlock greater performance from their cybersecurity investments and accelerate Zero Trust security adoption. This growing ecosystem of partners demonstrates Appgate’s vision and commitment to build purposeful product integrations that enable its customers to automate cybersecurity processes, optimize operations, reduce risk and improve the user experience. “While many organizations have embraced the principles of Zero Trust security, the reality is their goals cannot be met with any single product, vendor or platform. Our Technology Alliance Partnership program is designed to make it easier for our customers to navigate this complex landscape, simplify deployments and get the most out of their cybersecurity investments. “We’re thrilled to bring more value to our customers through our partnerships with Illumio, Menlo Security, CrowdStrike and AWS.” Barry Field, CEO, Appgate Zero Trust requires all users, devices and workloads—whether inside or outside an organization’s network—to be authenticated, authorized and continuously validated before receiving access to applications and data. Appgate’s Technology Alliance Partnership program enables partners to integrate with the company’s industry-leading Zero Trust Network Access (ZTNA) solution, Appgate SDP, through robust API integrations, clear documentation and dedicated support. Together, Appgate and its technology partners offer comprehensive offerings that help their customers reach Zero Trust goals with ease and speed: Illumio The combination of Appgate SDP and Illumio Core, a leading micro-segmentation solution, enables joint customers to achieve full-compass dynamic Zero Trust segmentation. Appgate SDP ensures secure access to workloads via the network perimeter (north-south traffic) by creating user-to-workload access controls that are cloaked, fine-grained and dynamic. Illumio Core micro-segments workloads within the interior (east-west traffic) to eliminate excess workload-to-workload interconnectivity. When co-deployed and integrated together, these solutions immediately improve any organization’s Zero Trust posture. “Security teams are turning to Zero Trust strategies to build resilience throughout their hybrid IT environments but find that no single vendor or solution can achieve their goals alone—an ecosystem-based approach is required,” said John Skinner, Vice President of Business Development at Illumio. “Both Zero Trust segmentation and ZTNA are important pillars of any Zero Trust strategy. Illumio is delighted to join forces with Appgate to deliver best-of-breed Zero Trust solutions in both categories to our customers to ensure minor breaches can’t grow to become disasters.” Menlo Security The combination of Appgate SDP and the Menlo Security Cloud Platform delivers a comprehensive secure access solution that safeguards all internet traffic, Software-as-a-Service (SaaS) applications and private networked resources. With this integration, enterprises can shift to a seamless, high-security Zero Trust framework with industry-leading data and threat protection, enabling users to browse the internet and access SaaS apps and private enterprise resources safely and securely. “The evolution toward hybrid workforces and public and private cloud infrastructures requires organizations to deploy a new approach to ensure secure access to web and SaaS applications and confidential enterprise data without affecting the user experience or productivity,” said Sanjit Shah, Head of Strategic Alliances, Menlo Security. “Teaming with Appgate enables our joint customers to adopt a comprehensive and scalable ZTNA-based approach that improves deployment and management flexibility, while providing secure web access to application workloads across public and private clouds using Menlo’s Cloud Security Platform with Isolation Core and Zero Trust private access to hybrid resources and IT infrastructure via Appgate SDP.” CrowdStrike Appgate’s integration with CrowdStrike helps organizations reduce their attack surface and mitigate lateral movement. Appgate SDP gathers intelligence provided through CrowdStrike Falcon Zero Trust Assessment (ZTA) to assess user, device and workload risk postures at the time of authentication and on an ongoing basis. This dynamic functionality makes it possible to leverage device health or behavioral changes provided by the CrowdStrike Falcon platform to build policy controls that restrict or deny access, preventing lateral movement across the network. AWS Enterprises that utilize the strong security foundations provided by AWS can augment the network security of their environments with Appgate SDP, which leverages AWS-native capabilities like tagging and auto scaling to provide fine-grained access and enterprise-grade scale. Appgate SDP ensures that only authorized users connect to AWS and hybrid architectures with multiple encrypted tunnels. Appgate SDP is available in the AWS Marketplace. About Appgate Appgate is the secure access company. We empower how people work and connect by providing solutions purpose-built on Zero Trust security principles. This people-defined security approach enables fast, simple and secure connections from any device and location to workloads across any IT infrastructure in cloud, on-premises and hybrid environments. Appgate helps organizations and government agencies worldwide start where they are, accelerate their Zero Trust journey and plan for their future.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Hillstone Networks Targets Cyberattacks at Network Edge with High-End Next Generation Firewall Offerings

Hillstone Networks | August 25, 2022

Hillstone Networks, an innovative and accessible cybersecurity solutions provider, today unveiled new models in the Hillstone Networks A-Series Next Generation Firewalls (NGFW), the A7600 and A6800, to help enterprises secure their expanding network edge, deliver powerful network security capabilities, and drive sustainability with solutions in a compact 1RU form factor. According to IBM’s Cost of a Breach 2022 report, 83% of organizations studied have had more than one breach. Cyberattacks are not abating, and the cost, damages and recovery from a single breach continue to rise. Against an aggressive cyberattack backdrop, the volume and complexity of traffic in today’s IT environments continue to exponentially increase due to the expansion of different services such as videos, apps, and cloud-based-everything. With increased connectivity to services comes an increased complexity of vulnerabilities to secure against. Secure An Expanded Network Edge with Hillstone A-Series Next Generation Firewalls Enterprises need high-performing next-generation firewalls to meet today’s bandwidth requirements, service levels, and defend against more advanced threats. As the network edge expands from the traditional on-premises network perimeter, IT teams now must secure unforeseen levels of depth, as all layers of the IT stack must be secured at the edge. Minimize the Speed versus Security Trade-off with Proprietary Hardware Acceleration Engine IT teams regularly compromise one need over another, based on budget or resources. Hillstone’s proprietary Hardware (HW) Acceleration Engine offloads network traffic from the processor, allowing more resources to be dedicated for comprehensive security services, bringing streamlined threat detection and prevention capabilities to high-traffic applications and scenarios. The HW Acceleration Engine delivers ultra-low latency in network packet forwarding, allowing the NGFW to sift through and secure even the most latency-sensitive applications, including multimedia streaming, broker services, and other high-volume transactions. Native Cyberresilience Combined with High Throughput/Low Latency Deliver on App and Customer Experience Raw processing speed, with throughputs of 200 Gbps and 280 Gbps, allow for packet forwarding within a few microseconds, delivering quality of service across networks. Enterprise-grade security features come native with these offerings, including comprehensive and advanced threat protection for known and unknown malware with multiple security services, including Intrusion Prevention, IP Reputation, URL Filtering, Anti-Spam, Anti-Virus, Cloud Sandbox, Botnet C2, among others. “Because today’s network traffic across all applications and services is increasing both in complexity, and in volume across hybrid and multi-cloud deployments, a high performing NGFW is no longer optional – it is now mandatory. “Today’s data centers, edge locations, service providers are looking for a powerful solution that delivers on multiple fronts – security, performance, and customer experience. The new NGFW offerings deliver the on the needs of our customers today with the flexibility of multiple deployment models.” Tim Liu, co-founder & CTO, Hillstone Networks The A-Series NGFW is a solid platform for enterprise customers to enable an SD-WAN solution to bridge connectivity and security needs. The integration consolidates network VPN and security in one device or client, allowing for a faster, lower-cost and more secure local internet connection at remote locations. In addition, customers can also unlock a Zero Trust Network Access (ZTNA) solution, to meet remote access security requirements, including identity-based, least-privileged secure access, as well as context-aware, adaptive access control, enhancing both security and effectiveness for the remote connections. About Hillstone Networks Hillstone Networks’ innovative and accessible cybersecurity solutions reshape enterprise and service provider security, enabling cyber resilience while lowering TCO. Providing comprehensive visibility, superior intelligence, and rapid protection to see, understand, and act against cyberthreats from edge to cloud, Hillstone is favorably rated by leading analysts and trusted by global companies.

Read More