ThreatConnect partners Microsoft Graph Security API to Strengthen Security Automation

ThreatConnect | August 19, 2020

ThreatConnect, Inc.®, provider of the industry’s only intelligence-driven security operations solutions, announced today that it has joined the Microsoft Intelligent Security Association and will integrate Microsoft solutions with the ThreatConnect Threat Intelligence (TIP) and Security Orchestration Automation and Response (SOAR) Platform using the Microsoft Graph Security API. This integration allows ThreatConnect clients to connect with nearly any piece of Microsoft technology, including Azure Sentinel, O365, and Microsoft Defender ATP, using the Microsoft Graph Security API. The integration allows clients to retrieve alerts, perform data enrichment, gain relevant threat intelligence, and carry out incident response actions.

The Microsoft Graph Security API is a single interface that connects to Microsoft security products. Through this integration, made possible by ThreatConnect’s robust App Services capability, clients are able to subscribe to and listen for Microsoft Graph Notifications, parse these notifications for subsequent operations, and manage Graph Mail and security alerts via ThreatConnect Playbooks. Some examples of actions supported:

Spotlight

To say IT professionals, have “challenging” careers would be a vast understatement. Network security specialists today feel like they’re fighting a perpetual battle. In many cases they are understaffed, undertrained and lack support to do the job they are being asked to do. It doesn’t have to be all doom and gloom. By acquiring

Spotlight

To say IT professionals, have “challenging” careers would be a vast understatement. Network security specialists today feel like they’re fighting a perpetual battle. In many cases they are understaffed, undertrained and lack support to do the job they are being asked to do. It doesn’t have to be all doom and gloom. By acquiring

Related News

DATA SECURITY,NETWORK THREAT DETECTION,PLATFORM SECURITY

NetSPI Launches Partner Program to Broaden Delivery of Offensive Security Services

NetSPI | August 18, 2022

NetSPI, the leader in enterprise penetration testing and attack surface management, today announced the launch of the NetSPI Partner Program which empowers its global channel and technology partners to deliver offensive security services during a time when it's needed most. Partners within the program can offer end users NetSPI's proven vulnerability management technologies and human-delivered offensive security services, allowing both the partner and NetSPI to expand product and service offerings, further develop customer relationships, and enter new markets. Additionally, last month NetSPI joined the AWS Marketplace, simplifying the procurement process for enterprise organizations with existing AWS relationships by allowing them to purchase NetSPI's offerings directly via the marketplace. The program is led by NetSPI's Vice President of Business Development and Strategic Alliances, Lauren Gimmillaro. Gimmillaro has a track record of launching four successful partner programs, consisting of working with channel, referral, reseller, and technology partners. "As today's global attack surface evolves and cybercriminals become more sophisticated in nature, it's critical to provide end users with the tools, services, and skill sets they need to take an offensive approach to security," said Gimmillaro. "Centered around our customer-first approach, the NetSPI Partner Program will allow our team to extend our world-class pentesting capabilities to a variety of diverse and trusted partners, strengthening organizations' cyber security efforts across the globe." The NetSPI Partner Program encompasses the following partnership types: Channel Partners: NetSPI provides its full suite of security services and products through a global channel network of referral and reseller partners. To meet partners' requirements, the programs include a tier-based model consisting of referral fees, preferred client pricing, and reseller discounts. Technology Partners: Security and third-party software companies help build meaningful integrations with NetSPI to improve overall customer experiences. For both, NetSPI offers technical and sales support to help partners achieve their business and go-to-market goals. "Through the NetSPI Partner Program, SecureLink has been able to provide enterprises in the Middle East and Africa region access to NetSPI's continuous and scalable suite of offensive security solutions. "With NetSPI, we are proud to offer unmatched sophistication, methodology, and value to our global customer base." Manish Pardeshi, director of cybersecurity practices at SecureLink "Apiiro is proud to be part of the NetSPI Partner Program. The partnership has provided our customers with next-gen, context aware pentesting capabilities and NetSPI customers with our ability to detect and fix critical risks in cloud-native applications," said John Leon, vice president of business development at Apiiro. "Being a member of the NetSPI Partner Program allows us to achieve our sales goals while providing mutual customers with industry leading services and expertise." About NetSPI NetSPI is the leader in enterprise security testing and attack surface management, partnering with nine of the top 10 U.S. banks, three of the world's five largest healthcare companies, the largest global cloud providers, and many of the Fortune® 500. NetSPI offers Penetration Testing as a Service (PTaaS) through its Resolve™ penetration testing and vulnerability management platform. Its experts perform deep dive manual penetration testing of application, network, and cloud attack surfaces, historically testing over 1 million assets to find 4 million unique vulnerabilities. NetSPI is headquartered in Minneapolis, MN and is a portfolio company of private equity firms Sunstone Partners, KKR, and Ten Eleven Ventures.

Read More

SOFTWARE SECURITY

LogRhythm Accelerates Threat Detection Capabilities with Innovations to Product Suite

LogRhythm | July 06, 2022

LogRhythm, the company helping busy and lean security operation teams save the day, today announced the launch of version 7.9 of the LogRhythm SIEM Platform and updates to LogRhythm NDR and LogRhythm UEBA. “LogRhythm arms security teams with intelligent analytics and automated responses to reduce cybersecurity exposure, eliminate blind spots and quickly shut down attacks,” said Kish Dill, chief product and customer officer at LogRhythm. "The company is changing the way we work by becoming customer-centric throughout our whole organization. We are listening to our customers and promise to deliver quarterly innovations that address the challenges our customers face every day. We recognize that security teams don’t have time to spare on long processes and inefficient workflows. With these latest updates, security teams will have the tools they need to make operations more effective and efficient to defend their organization against today’s top threats.” LogRhythm 7.9, LogRhythm NDR and LogRhythm UEBA (formerly CloudAI) provide new features designed to help security teams overcome everyday obstacles by accelerating threat response, improving workflows and simplifying processes, including: Faster time to value through improved analyst workflows Enhanced automation with Admin API: LogRhythm 7.9 improves the Admin API by adding system monitoring management (LogRhythm SysMon) endpoints to the API library. This enables SIEM administrators to connect through the Admin API and manage the SysMon agent, allowing for automated process batching. Embedded Expertise: LogRhythm accelerates customer time to value through its out of the box LogRhythm SmartResponse™. LogRhythm 7.9 includes added and enhanced SmartResponses to its already extensive library of over 120 integrations. Enable packet capture in UI: LogRhythm NDR users can download PCAP files for specific incidents and cases to pull in more detail, helping investigations and improving threat hunting. Easier and faster event log filtering: LogRhythm 7.9 includes a new way to filter logs at the agent. Users can now select the types of Windows event logs the agent queries, accelerating the time to process logs and removing the burden on the collection pipeline. Expanded threat detection capabilities Enhanced LogRhythm NDR detection models: Users can detect a wider array of ransomware attacks with LogRhythm NDR’s improved analytics capabilities. Advanced analytics models: LogRhythm UEBA offers advanced UEBA analytics as a cloud-native, easy to deploy add-on for LogRhythm 7.9 users. Models were improved and new models added to ensure today's complex attacks can be detected and anomalies requiring priority attention can be identified, further reducing alert fatigue and accelerating response times. Policy violation alerts: LogRhythm NDR offers alerts about expired certificates, weak ciphers used in connections, and authentication activity happening in clear text, offering additional context to what could represent a risk. Extended flexibility Controlled overages with powerful license metering reporting: LogRhythm added a new reporting feature to make licensing overages more visible and easier to understand by displaying any overages in the past 30 days. This feature will help teams better manage license usage and costs. Expanded endpoint integrations: LogRhythm now includes Cisco Secure Endpoint (formerly AMP for Endpoints) in its family of EDR integrations. About LogRhythm LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Radware Launches New Cloud Security Center in the United Arab Emirates

Radware | September 14, 2022

Radware® , a leading provider of cyber security and application delivery solutions, announced the launch of a new cloud security center in the United Arab Emirates. Located in Dubai, the facility will reduce latency for in-region traffic and offer customers faster mitigation response times against denial-of-service attacks, web application attacks, malicious bot traffic, and attacks on APIs. It will also mitigate compliance processes involved in offshore routing. The Dubai addition complements Radware’s existing cloud security network. Today, the network includes over 10Tbps of mitigation capacity across more than 50 security centers located around the globe. “As part of our strategic cloud services initiative, we continue to accelerate cloud innovation to provide our customers with the highest level of cyber security services. “This includes increasing the fighting capacity of our cloud infrastructure to help our customers manage the increasing complexity and sheer volume of cyberattacks with as little disruption as possible.” Haim Zelikovsky, vice president of cloud security services for Radware According to Radware’s First Half 2022 Global Threat Analysis Report, the first six months of 2022 saw a dramatic increase in cyberattacks across the globe. The number of DDoS attacks climbed 203% and malicious web application transactions grew by 38% compared to the same period last year. “The new site in Dubai fills a growing demand for a local security presence that can deliver rapid response times with accuracy for organizations in the public and private sector,” said Nikhil Karan Taneja, Radware’s vice president and managing director for India, the Middle East, and South Asia. “The launch of the center underscores our ongoing commitment to delivering state-of-the-art cyber protection and scaling our capacity in a way that will benefit the whole region.” About Radware Radware® is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website. Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android. ©2022 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

Read More