Technology and Enterprise Leaders Combine Efforts to Improve Open Source Security

Red Hat, IBM, Google, Microsoft | August 10, 2020

With the growth of open source software such as Linux and cloud computing becoming more wide spread, a host of tech giants have joined a new group focusing on improving security.

Red Hat – the global leader in Linux open source software and solutions – is part of the Open Source Security Foundation as well as IBM, Red Hat’s owner.

Also signing on are GitHub, Google, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation, ElevenPaths, GitLab, HackerOne, Intel, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, Uber and VMware.

Spotlight

Find out how Microsoft 365 Business can make your technology more manageable while improving employee productivity. You’ll discover ways you can: Help reduce risk with always-on security Achieve more together Work from anywhere

Spotlight

Find out how Microsoft 365 Business can make your technology more manageable while improving employee productivity. You’ll discover ways you can: Help reduce risk with always-on security Achieve more together Work from anywhere

Related News

DATA SECURITY

Balbix Extends Cyber Security Posture Automation to AWS

Balbix | November 02, 2021

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the general availability of the Balbix Connector for AWS. As a result of the new offering, customers gain a comprehensive inventory of their assets spanning on-premises and cloud as well as the ability to discover, prioritize and mitigate unseen risks, including unpatched software vulnerabilities, weak credentials, missing or poor encryption, trust issues and cloud infrastructure misconfigurations. A surge in cloud adoption has made modern IT environments more complex and increased the enterprise attack surface. While gains have been made in cloud security, visibility remains siloed. Proactive cybersecurity tools are typically split into on-premises and cloud silos, making it extremely difficult to get a consolidated view into both environments. In addition, the ability to identify and address the most pressing risks requires the assistance of automation to successfully scale. Improved AWS Security Posture Management The new Connector for AWS provides support for the most popular AWS Cloud services including core services like Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and AWS Identity and Access Management (IAM); database and container services like Amazon Relational Database Service (Amazon RDS), and Amazon Elastic Kubernetes Service (Amazon EKS); and analytics services like Amazon OpenSearch Service. As a result, teams overseeing security of their AWS environments can: Get comprehensive visibility into cloud assets and accurately categorize them into compute, storage, network, and containers Discover exposure to common cloud attack vectors, especially misconfigurations – the most exploited attack vector for the cloud Measure risks in terms of the likelihood and monetary impact of them being exploited in order to prioritize risks for remediation and report on the overall security posture Visibility Across the Entire Network With the addition of the Connector for AWS, Balbix merges cloud and on-premises visibility in one view, eliminating the need for security practitioners to look through multiple dashboards and allowing them to work more productively. "With a significant portion of our IT infrastructure already running in AWS alongside a longer-term cloud-first strategy to migrate most workloads to the cloud, the addition of the Balbix Connector for AWS enables us to drive down risk comprehensively across our enterprise," said Nate Miller, Senior IT Manager, Global Cyber Security and IT Compliance at Cooper-Standard. "However, we know some critical IT infrastructure will remain on-premises. The unified visibility provided by Balbix is key to enable our cyber security teams to make the best decisions for the business and most efficiently minimize the risk of breach." Advanced Risk Analysis AWS data is analyzed using purpose-built AI algorithms to produce a comprehensive view of cyber-risk for organizational cloud assets, along with relevant context and recommended action items. Risk is measured in dollars, which provides a common language that organizations can use to prioritize projects, spending and track the effectiveness of their overall cybersecurity program. "Traditionally, cyber posture tools have been siloed, only offering views for cloud or on-premises, never both,We are excited to introduce the Balbix Connector for AWS to break down the siloed approach and offer AWS customers a holistic view of their overall corporate risk, along with new insights to manage security under the shared responsibility model." Gaurav Banga, CEO at Balbix About Balbix Balbix is the world's leading platform for cybersecurity posture automation. Using Balbix, organizations can discover, prioritize and mitigate unseen risks and vulnerabilities at high velocity. With seamless data collection and petabyte-scale analysis capabilities, Balbix is deployed and operational within hours, and helps to decrease breach risk immediately. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a "Cool Vendor" by Gartner in 2018.

Read More

DATA SECURITY

CYFIRMA launches Threat Visibility and Cyber Intelligence Capabilities in AWS Marketplace; joins AWS ISV Accelerate Program

CYFIRMA | August 17, 2021

CYFIRMA, a threat discovery and cyber-intelligence platform company funded by Goldman Sachs, Zodius Capital and Z3Partners, today announced the availability of CYFIRMA's two core products, DeCYFIR and DeTCT, in Amazon Web Services (AWS) Marketplace. AWS offers an unmatched portfolio of cloud services designed to help organizations build secure, resilient, and efficient infrastructure for their applications. DeCYFIR and DeTCT provide an added layer of security to help businesses navigate the evolving threat landscape. CYFIRMA has also been inducted into the AWS Independent Software Vendors (ISV) Accelerate program, which provides CYFIRMA with co-sell support and benefits to easily gain access to millions of active AWS customers with AWS field sellers globally. DeCYFIR is a threat discovery and cyber-intelligence platform that arms businesses with personalized and predictive intelligence. To prevent data breaches and cyberattacks, DeCYFIR employs a systematic approach guiding defenders to swiftly identify threats and applying remedial actions to avoid financial and brand damage. The cloud-based, software-as-a-service (SaaS) platform is non-intrusive, can on-board customers within two hours, and provides customers with insights related to their threat landscape within 24 hours. DeCYFIR provides visibility into the external threat landscape by monitoring the dark web, hacker forums and various closed communities to look for threat indicators that would signal cybercriminals planning to exploit security weaknesses that could lead to business disruption. DeCYFIR helps customers complement AWS's robust cloud security features and services by delivering six foundation pillars of threat discovery and cyber-intelligence on a single unified platform. DeTCT is a digital risk protection platform with risk and hackability scores to help cybersecurity leaders gain real-time insights into their security profiles. DeTCT uncovers potential attack surfaces, provides vulnerability and brand intelligence, and discovers data breaches and leaks, impersonation and infringement. DeTCT then assists firms in prioritizing measures to increase their security. By making DeCYFIR and DeTCT available in AWS Marketplace, businesses can further increase cloud security by using threat intelligence to protect themselves against cyberattacks. "Customer safety and their personal information remain our utmost priority at Mitsubishi Motors Corporation. With the rising level of cyberattacks, cybersecurity threat intelligence information becomes paramount as a countermeasure and deterrence to these risks. We are confident that CYFIRMA is the right partner for us to work with," said Mr. Yoshinori Yamane, General Manager of Information Security Management Office, Mitsubishi Motors. "DeCYFIR is a powerful platform that enhances our cybersecurity posture as it goes one step further in providing critical early warning intelligence to identify attack surfaces and vulnerabilities at the earliest stages, allowing our security team to take rapid action in mitigating risk." "As a healthcare services company delivering life-saving medicines to those who need them the most, we own and operate some of the most advanced cold chain facilities, managing temperature-sensitive medicines through innovative and digitalized processes. The rapidly evolving threat landscape in the healthcare industry has shown us the importance of managing cybersecurity in dynamic ways, particularly as we continue rolling out more digitalization initiatives. CYFIRMA's DeCYFIR has guided us in our response to cyber risks by providing us with real-time insights and early warnings to malicious activities targeting us," said Mike Brewster, Vice President Technology, Zuellig Pharma. "At AWS, security will always be our top priority, and the availability of a broad and deep set of Cloud security services is why customers choose AWS Cloud to run their mission-critical workloads. To augment our native cloud security services, AWS is committed to building a partner ecosystem to provide our customers with the most comprehensive range of security offerings available today. The AWS Marketplace helps ASEAN ISVs scale internationally and we are excited to add CYFIRMA's cybersecurity platforms so that AWS's millions of active customers across the globe can benefit from their offerings," said Conor McNamara, Managing Director, ASEAN at AWS. "According to Interpol, in just over a year, cyber threats have increased multifold, leading many firms to reassess how they have been managing cybersecurity. We are happy to make our two key products, DeCYFIR and DeTCT, available in AWS Marketplace to assist businesses globally with strengthening their cloud security. With DeCYFIR, clients will acquire threats insights to perform successful intelligence hunting and attribution, connecting the dots between hacker, motive, campaign, and method to gain a full perspective of their threat landscape - all on a single unified platform. DeTCT's real-time digital risk profiling will enable businesses with the much-needed visibility into their risk state, allowing them to take action to enhance their cybersecurity posture. With both DeCYFIR and DeTCT, businesses of all sizes can accelerate their digitalization journeys knowing we have got their back when it comes to fending off cyberattacks," said Kumar Ritesh, Founder & CEO of CYFIRMA. ABOUT CYFIRMA CYFIRMA is a threat discovery and cyber-intelligence platform company. We combine cyber intelligence with attack surface discovery and digital risk protection to deliver predictive, personalized, contextual, outside-in, and multi-layered insights. We harness our cloud-based AI and ML-powered analytics platform to help organizations proactively identify potential threats at the planning stage of cyberattacks. Our unique approach of providing the hacker's view and deep insights into the external cyber landscape help clients prepare for upcoming attacks.

Read More

NETWORK THREAT DETECTION

Lacework Quarterly Cloud Threat Report Shows the Automated Techniques Cybercriminals are Using to Attack Businesses in the Cloud

Lacework | August 31, 2021

Lacework, the data-driven security platform for the cloud, today released its quarterly cloud threat report, unveiling the new techniques and avenues cybercriminals are infiltrating to profit from businesses. The rapid shift of applications and infrastructure to the cloud creates gaps in the security posture of organizations everywhere. This has increased the opportunities for cybercriminals to steal data, take advantage of an organization's assets, and to gain illicit network access. "It's in enterprises' best interest to start thinking of cybercriminals as business competitors," said James Condon, Director of Research at Lacework. "Last year alone, cybercrime and ransomware attacks cost companies $4 billion in damages. As more companies shift to cloud environments, we're seeing an increase in demand for stolen access to cloud accounts and evolving techniques from cybercriminals, making enterprises even more vulnerable to cloud threats." New research from Lacework Labs, the dedicated research team at Lacework that focuses on new threats and attack surface risks within the public cloud, sheds light on the crimeware and growing ransomware landscape in the face of new threat models and emerging cybersecurity challenges. Based on anonymized data across the Lacework platform from May 2021 - July 2021, key findings of the report include: Initial Access Brokers (IABs) Expand to Cloud Accounts As corporate infrastructure continues to expand to the cloud, so do opportunistic adversaries as they look to capitalize on the opportunity. Illicit access into cloud infrastructure of companies with valuable data/resources or wide-reaching access into other organizations offers attackers an incredible return on investment. In particular, Lacework Labs found Amazon AWS, Google Cloud, and Azure administrative accounts are gaining popularity in underground marketplaces. Threat Actor Campaigns Continue to Evolve: Lacework Labs has observed a variety of malicious activity originating from known adversary groups and malware families. This section showcases those who continue evolving their operators as a valuable return on investment: 8220 Gang Botnet and Custom Miner: Lacework Labs recently found a new cluster of activity linked to an 8220 Gang adversary group campaign of infecting hosts, primarily through common cloud services, with a custom miner and IRC bot for further attacks and remote control. This cluster shows operations are evolving on many levels, including efforts of hiding botnet scale and mining profits.This is indicative of attacks growing in size. TeamTNT Docker Image Compromise: The Lacework Labs team discovered threat actor TeamTNT backdooring legitimate Docker Images in a supply chain-like attack. Networks running the trusted image were unknowingly infected. Developer teams need to be certain they know what's in the image they pull. They need to validate the source or they could open a door to their environment. Popular cloud relevant crimeware and actors: Cpuminer, the open-source multi-algorithm miner, has been legitimately used for years. However, Lacework Labs observed an increase in its illicit use for cryptomining altcoins. Monero and XMRig are the most common accounts for cryptomining against cloud resources, hence activity involving lesser-seen coins and tools may be more likely to go undetected. Cloud services probing: Lacework Labs captures a range of telemetry in both product deployments and custom honeypots, which allows the company to see trends relevant to cloud defense purposes. For these sources, many cloud-relevant applications are continually targeted, but Lacework found that AWS S3, SSH, Docker, SQL and Redis were by far the most targeted. Based on the findings of this report, Lacework Labs recommends that defenders: Ensure Docker sockets are not publicly exposed and appropriate firewall rules/ security groups and other network controls are in place. This will help to prevent unauthorized access to network services running in an organization. Ensure the access policies you set via the console on S3 buckets are not being overridden by an automation tool. Frequent auditing of S3 policies and automation around S3 bucket creation can ensure data stays private. About Lacework Lacework is the data-driven security platform for the cloud. The Lacework Cloud Security Platform, powered by Polygraph, automates cloud security at scale so our customers can innovate with speed and safety. Polygraph is the only security solution that can collect, analyze, and accurately correlate data across an organization's AWS, Azure, GCP, and Kubernetes environments, and narrow it down to the handful of security events that matter. Customers all over the globe depend on Lacework to drive revenue, bring products to market faster and safer and consolidate point security solutions into a single platform. Founded in 2015 and headquartered in San Jose, Calif., with offices all over the world, Lacework is backed by leading investors like Sutter Hill Ventures, Altimeter Capital, Liberty Global Ventures, and Snowflake Ventures, among others.

Read More