DATA SECURITY

Vectra AI Reveals Cybersecurity Blind Spots in PaaS and IaaS Environments with Security Survey

Vectra AI | August 06, 2021

Vectra AI, a leader in threat detection and response, today released the findings of the PaaS & IaaS Security Survey Report. The report compiled the answers of 317 IT executives all using AWS, 70% coming from organizations of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organizations.

As digital transformation efforts continue, the survey found that AWS is becoming an even more critical component to organizations who are regularly deploying new workloads, leveraging deployments in multiple regions and are relying on more than one AWS service. The survey found:

64% of DevOps respondents are deploying new workload services weekly or even more frequently
78% of organizations are running AWS across multiple regions (40% in at least three)
71% of respondents say that they are using more than four AWS services (such as S3, EC2, IAM, etc.)
The expansion of AWS services has naturally led to increased complexity and risk with 100% of companies surveyed having experienced at least one security incident in their public cloud environment. Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration. Some blind spots the Vectra report uncovered include:

30% of organizations surveyed have no formal sign-off before pushing to production
40% of respondents say they do not have a DevSecOps workflow
71% of organizations say that 10 or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers.

Despite these blind spots, the survey showed that companies are taking security seriously. Over half of the companies reported having double-digit security operations center (SOC) headcounts, showing a significant investment in keeping their organizations secure.  

"Securing the cloud with confidence is nearly impossible due to its ever-changing nature," said Matt Pieklik, Senior Consulting Analyst at Vectra. "To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness."

Vectra has answered this industry need through the creation of Detect for AWS which reduces risk of cloud services being exploited, detects threats against AWS services, and automatically responds to attacks against applications running in AWS.

To learn more about the threats facing today's organizations you can download the full Paas & IaaS Security Survey Report or read our companion blog.

About Vectra

Vectra is the leader in threat detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using AI to enrich network metadata it collects and stores with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers four applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed. And Cognito Detect for Office 365 and Azure AD™ finds and stops attacks in enterprise SaaS applications and the Microsoft 365 ecosystem.

Spotlight

Learn how you can identify undocumented and unmanaged APIs in the Wallarm console with our new and improved Shadow API Detection capability:

Spotlight

Learn how you can identify undocumented and unmanaged APIs in the Wallarm console with our new and improved Shadow API Detection capability:

Related News

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Qumulo Bolsters Customers’ Security and Ransomware Defenses with Varonis Integration and New Snapshot-Locking Capabilities

Businesswire | May 11, 2023

Qumulo, the simple way to manage exabyte-scale data anywhere, today announced integration with the Varonis Data Security Platform and introduced their new Snapshot-Locking capability to protect customers against ransomware. With an increasing number of ransomware attacks on private businesses, public agencies, and healthcare organizations, managing cybersecurity risk is a bigger priority than ever before. The ongoing threat of cyberattacks forces IT organizations to constantly evolve their ability to detect ransomware and malware outbreaks across petabytes of data, in real time, and respond quickly to minimize the damage inflicted. Qumulo and Varonis have partnered to provide an end-to-end solution that protects Qumulo customers from ransomware in both cloud and on-premises environments. The Varonis Data Security Platform provides real-time visibility and control over cloud and on-premises data and automatically remediates risk. Varonis’ behavior-based threat models detect abnormal activity proactively and can stop threats to data before they become breaches. In the storage layer, Qumulo offers data protection by cryptographically locking snapshots, allowing administrators a simple mechanism to stop attackers from infecting valuable customer data. “Securing unstructured data can be very challenging due to its sheer volume, and the expansive number of places it is stored and used by companies,” said Kiran Bhageshpur, Chief Technology Officer, Qumulo. “Our new integration with Varonis will help our customers have complete visibility into where their most valuable data and key vulnerabilities are, especially for threats like ransomware.” The combined solution operates across three areas to protect against bad actors’ attempts to spread ransomware and malware within Qumulo: Prevention through continuous data exposure and risk monitoring with automatic remediation and least privilege enforcement Detection of anomalous activity and activity patterns that resemble ransomware across data stored in Qumulo Rapid recovery of data in the event of a successful attack Varonis uses Qumulo’s APIs and granular audit logging to monitor user logins, permissions changes, file and folder activity, and pattern detection to warn against suspicious activity that may indicate threat actors or malicious insiders. Qumulo’s Snapshot-Locking feature uses cryptographic protection, where only the customer has access to the cryptographic key-pair required to unlock the snapshot. Together, the Qumulo-Varonis solution offers enterprise IT organizations a simple, secure, and scalable way to manage data anywhere. “Organizations face an uphill climb when it comes to securing vast amounts of data across the cloud — in fact, we surveyed more than 700 companies and found that 81 percent had sensitive SaaS data exposed,” said David Bass, Executive Vice President of Engineering and Chief Technology Officer, Varonis. “We’re pleased to be teaming with Qumulo to provide greater visibility and control for companies looking to secure their critical data and proactively help mitigate the impact of a potential attack.” About Qumulo, Inc. Qumulo is the simple way to manage exabyte-scale data anywhere — edge, core, or cloud — on the platform of your choice. In a world with trillions of files and objects comprising 100+ zettabytes worldwide, companies need a solution that combines the ability to work anywhere with simplicity. This is precisely what Qumulo was founded to accomplish. About Varonis Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. Varonis focuses on protecting enterprise data: sensitive files and emails; confidential customer, patient, and employee data; financial records; strategic and product plans; and other intellectual property. The Varonis Data Security Platform detects cyber threats from both internal and external actors by analyzing data, account activity, and user behavior; prevents and limits disaster by locking down sensitive and stale data; and efficiently sustains a secure state with automation. Varonis products address additional important use cases including data protection, data governance, Zero Trust, compliance, data privacy, classification, and threat detection and response. Varonis started operations in 2005 and has customers spanning leading firms in the financial services, public, healthcare, industrial, insurance, technology, consumer and retail, energy and utilities, construction and engineering, and education sectors. Qumulo, Scale Anywhere(™) and the Qumulo logo are registered trademarks or trademarks of Qumulo, Inc. All other marks and names herein may be trademarks of other companies. Copyright © 2023. All Rights Reserved.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Noname Security Announces the Industry’s First Comprehensive, Hardened API Security Platform

Globenewswire | April 06, 2023

Noname Security, the leading provider of complete and proactive API security, today announced Noname Public Sector’s Hardened Virtual Appliance making the API security platform available to the U.S. Federal Government, highly regulated industry customers, and FedRAMP-authorized vendors. The appliance is the first of its kind in the comprehensive API security space and is designed to deliver a drop-in, secure, and scalable system for discovering, monitoring, and protecting mission-critical APIs and data. “Governments and highly regulated industries have unique security needs. Having worked closely with many Federal agencies during my career, I know how impactful it will be to provide this level of security and insight into APIs and provide options that make it easy to meet government standards,” said Dean Phillips, Executive Director of Public Sector Programs at Noname Security. “The government and regulated industries are not immune from cyber criminals, they are targeted as much if not more than most organizations. We’re excited to arm them with the tools they need to protect their assets.” Federal agencies can use the Noname API Security Platform to protect their APIs in real-time and detect vulnerabilities before they are exploited. Noname Security’s Hardened Virtual Appliance makes the API security platform available completely offline with no reliance on internet connectivity, perfect for isolated and controlled environments. It is a finely tuned package of advanced software and premium support built and secured to Federal Government specifications, enabling customers to comply with the most rigorous standards, including Federal Information Processing Standards (FIPS)1 and Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIGs)2. Noname collaborated with a FedRAMP 3PAO, The MindPoint Group, on the development of the Noname Hardened Virtual Appliance. Noname Security’s Hardened Virtual Appliance enables access to a powerful, complete, and easy-to-use API security platform that helps: Discover all APIs, data, and metadata - Unlike other API solutions that only look at traffic sources, Noname Security discovers more APIs by combining traffic sources with the configuration of infrastructure and applications. The end result: visibility into more APIs and deeper insights into customers’ API security posture. Analyze API behavior and detect all API threats - The Noname API Security Platform uses AI-based detection to identify the broadest set of API vulnerabilities, including data leakage, data tampering, misconfigurations, data policy violations, suspicious behavior, and cyber attacks. Prevent attacks and remediate API vulnerabilities - Noname Security allows federal customers to prevent attacks in real-time, fix misconfigurations, automatically update firewall rules, webhook into their WAFs and gateways to create new policies against suspicious behavior, and integrate with existing workflows (ticketing and SIEMs). Noname Public Sector LLC has made it easier to deploy, configure and manage the platform via the new Noshell(™) interface. The shell offers innovative features such as the ability to perform on-demand STIG audits of the internal system itself, while aiming to reduce the overall attack surface of the system. About Noname Security & Noname Public Sector LLC Noname Public Sector LLC empowers the world’s most critical organizations to protect their most important data. With decades of military and civilian public sector experience, Noname Public Sector combines a deep understanding of government agency requirements with leading expertise on their unique API security considerations. Government agencies using Noname’s complete, proactive API security solutions can securely harness their data to serve the public and stay ahead of adversaries. Noname Public Sector LLC is privately-held and based in Herndon, VA. Noname Security is the leading provider of complete, proactive API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Security, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.

Read More

DATA SECURITY, INFOSEC PROJECT MANAGEMENT

LogRhythm Announces Partnership with Zscaler to Address Cloud Access Security Challenges Faced by the Modern SOC

Businesswire | April 24, 2023

LogRhythm, the company empowering security teams to navigate the ever-changing threat landscape with confidence, announced its partnership with Zscaler, the leader in cloud security. LogRhythm and Zscaler work together to help organizations around the globe increase network insight and address a variety of cloud access security challenges faced by the modern SOC. LogRhythm SIEM and the Zscaler Zero Trust Exchange™ platform provide unparalleled visibility and security to facilitate a modern Zero Trust architecture. Zscaler secures all user, workload, and device communications over any network, anywhere. The integration with LogRhythm provides visibility into everything occurring in your network, and the websites and cloud-based resources employees are using. This level of visibility is crucial to protecting organizations. With a Zero Trust approach on many organizations’ minds, it’s imperative to have the right tools to defend against cyber threats. The LogRhythm SmartResponse™ for Zscaler Internet Access (ZIA)™ enables remediation actions from the LogRhythm console. As logs are ingested from Zscaler’s Nanolog Streaming Service (NSS) into the LogRhythm SIEM platform, the LogRhythm SmartResponse™ for Zscaler can also automatically denylist the URL in Zscaler when a banned keyword or URL is detected. “Securing an organization’s systems and networks begins with high-fidelity and trustworthy log data. LogRhythm’s expertise in turning log data into actionable insights delivered through dashboards and analytics is unrivaled in the industry,” said Andrew Hollister, Chief Information Security Officer at LogRhythm. “The combined benefits of LogRhythm SmartResponse™ and Zscaler Internet Access facilitate modern Zero Trust architecture that is the security backbone of companies across the globe.” The LogRhythm SmartResponse™ for Zscaler performs several actions including denylisting a URL, getting policy information, and adding a URL category. It simplifies running actions between the SIEM and Zscaler by centralizing day-to-day security tasks to a single console. Other key benefits of this integration include: Simplified ingestion and contextualization of Zscaler log data Accelerated detection of unwanted or denylisted URLs Use of a single console to investigate and block suspicious website access Faster response with enhanced investigative capabilities “Zscaler’s Zero Trust Exchange reduces the attack surface and enforces cybersecurity policies, and this new integration with LogRhythm can help security teams with richer insights," said Amit Raikar, VP of Technology Partnerships at Zscaler. "By leveraging Zscaler APIs for cloud-to-cloud log streaming, LogRhythm customers can gather threat and policy telemetry across a hybrid workforce accessing multicloud and SaaS applications, giving analysts a complete picture from the depth of information in Zsacler logs for optimal threat hunting and investigations." This new announcement continues LogRhythm’s impressive momentum from 2022 into this year. In addition to announcing a series of expanded capabilities and integrations for its security operations solutions, which included updates to the company’s cloud-native LogRhythm Axon platform, LogRhythm also announced its integration with SentinelOne. The integration streamlines security operations and improves response workflow, helping overwhelmed security teams cut through the noise and gain precise insights into cybersecurity threats. About LogRhythm LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency. With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks.

Read More