DATA SECURITY

Vectra AI Reveals Cybersecurity Blind Spots in PaaS and IaaS Environments with Security Survey

Vectra AI | August 06, 2021

Vectra AI, a leader in threat detection and response, today released the findings of the PaaS & IaaS Security Survey Report. The report compiled the answers of 317 IT executives all using AWS, 70% coming from organizations of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organizations.

As digital transformation efforts continue, the survey found that AWS is becoming an even more critical component to organizations who are regularly deploying new workloads, leveraging deployments in multiple regions and are relying on more than one AWS service. The survey found:

64% of DevOps respondents are deploying new workload services weekly or even more frequently
78% of organizations are running AWS across multiple regions (40% in at least three)
71% of respondents say that they are using more than four AWS services (such as S3, EC2, IAM, etc.)
The expansion of AWS services has naturally led to increased complexity and risk with 100% of companies surveyed having experienced at least one security incident in their public cloud environment. Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration. Some blind spots the Vectra report uncovered include:

30% of organizations surveyed have no formal sign-off before pushing to production
40% of respondents say they do not have a DevSecOps workflow
71% of organizations say that 10 or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers.

Despite these blind spots, the survey showed that companies are taking security seriously. Over half of the companies reported having double-digit security operations center (SOC) headcounts, showing a significant investment in keeping their organizations secure.  

"Securing the cloud with confidence is nearly impossible due to its ever-changing nature," said Matt Pieklik, Senior Consulting Analyst at Vectra. "To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness."

Vectra has answered this industry need through the creation of Detect for AWS which reduces risk of cloud services being exploited, detects threats against AWS services, and automatically responds to attacks against applications running in AWS.

To learn more about the threats facing today's organizations you can download the full Paas & IaaS Security Survey Report or read our companion blog.

About Vectra

Vectra is the leader in threat detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using AI to enrich network metadata it collects and stores with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers four applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed. And Cognito Detect for Office 365 and Azure AD™ finds and stops attacks in enterprise SaaS applications and the Microsoft 365 ecosystem.

Spotlight

"The cyber crime landscape continues to evolve as criminals look to adopt more efficient and profitable attack tactics. At the same time, the market for cyber crime-asa-service is advancing rapidly, with competition among malware vendors leading to increased innovation.

Spotlight

"The cyber crime landscape continues to evolve as criminals look to adopt more efficient and profitable attack tactics. At the same time, the market for cyber crime-asa-service is advancing rapidly, with competition among malware vendors leading to increased innovation.

Related News

END POINT PROTECTION

SentinelOne and Mimecast have teamed up to provide better end-to-end threat protection for corporate devices and email

SentinelOne | February 07, 2022

SentinelOne, an independent cybersecurity platform firm, announced a new integrated solution with Mimecast to increase end-to-end threat prevention, speed incident response, and reduce security team delays. SentinelOne and Mimecast allow security teams to take advantage of cooperative defenses and quickly respond to attacks across email and endpoints using XDR automation for a holistic approach to incident response. Security operations teams are stretched to the limit investigating and remediating each incident as tactics change, threat actors' sophistication grows, and new vulnerabilities are discovered regularly. Email continues to be one of the most widely used attack channels. According to Mimecast's State of Email Security report for 2021, risks have increased by 64% during the pandemic, and 70% of businesses expect to be impacted by an email-borne attack. As a result, organizations are looking for integrated defenses to safeguard email and improve incident response capabilities while reducing complexity, minimizing risk, and relieving pressure on an already overworked security team. “Email inboxes are often a prime vector for attacking the enterprise. Mimecast detects new threats through our multi-layered inspection capabilities, helping security operations teams who are still spending too much time on the manual collection, normalization, and prioritization of data,” said Julian Martin, VP Ecosystem & Alliances, Mimecast. “Our integration with SentinelOne solves for this challenge, improving and accelerating the incident response capabilities we offer our customers. As the cyber threat landscape continues to expand, detecting and responding to these threats in real-time is crucial for an organization’s security infrastructure,It’s important to leverage trusted security platforms like those offered by SentinelOne and Mimecast to help identify and mitigate the risk of cyberattacks.” Ahmed Shah, Senior Vice President of Strategic Alliances, Optiv The integrated solution from SentinelOne and Mimecast strengthens and accelerates incident response capabilities across all security layers, including email, endpoints, and the cloud. For example, when a threat is detected in SentinelOne, the integration takes automatic measures like suspending a particular user's email, blocking that user's email, or quarantining the email account. “The speed and sophistication with which adversaries are attacking organizations has become staggering, and too often SOC teams are burdened with investigating security issues as opposed to solving them,” said Yonni Shelmerdine, VP Product Management, SentinelOne. “The integrated solution enables our customers to accelerate incident response and contain threats faster by automatically quarantining affected users in Mimecast. This ultimately reduces complexity, minimizes risk, and decreases the demands on SOC teams.” With XDR automation, Mimecast and SentinelOne's combined solution provides never-before-seen holistic protection across client email and endpoints, dramatically increasing end-to-end threat detection and incident response.

Read More

DATA SECURITY

IronNet launches AWS Marketplace Premium Professional Services

prnewswire | December 09, 2020

IronNet Cybersecurity, an innovator in Network Detection and Response and Collective Defense, reported today that it is one of the principal Amazon Web Services (AWS) autonomous programming sellers to offer its expert administrations in AWS Marketplace. AWS clients would now be able to discover and buy Red Team, Hunt, and Security Advisory administrations from IronNet in AWS Marketplace, a curated computerized list of programming, information, and administrations that makes it simple to discover, test, purchase, and convey programming and information items that sudden spike in demand for AWS. IronNet offers AWS clients the capacity to handily cite and agreement benefits in AWS Marketplace that assist clients with surveying their cloud and organization security. Inside AWS Marketplace, AWS clients can likewise investigate IronNet's security arrangements, which help ensure undertakings against the most basic digital dangers focusing on enterprises today. As associations relocate to the cloud, they are searching for top tier security capacities and expert administrations, similar to those offered by IronNet. With proficient administrations from IronNet accessible in AWS Marketplace, clients have an improved method to buy and be charged for both programming and related administrations in a brought together spot. Clients can additionally smooth out their acquisition of programming with standard agreement terms to improve and quicken acquirement cycles. "IronNet is honored to participate in this launch and to offer our professional services through AWS Marketplace," said IronNet co-CEO Bill Welch. "Our team is dedicated to helping companies evaluate their overall cybersecurity posture and develop customized strategies to enhance their defenses with our Network Detection and Response and Collective Defense capabilities. We're pleased to be able to make it as easy as possible for AWS customers to obtain these critical services and software from one centralized location, in AWS Marketplace." About IronNet Cybersecurity Founded in 2014 by GEN (Ret.) Keith Alexander, the former Director of the National Security Agency and Founding Commander of United States Cyber Command, IronNet Cybersecurity is a global security leader that revolutionizes how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing a large number of former NSA and U.S. Cyber Command cybersecurity operators with offensive and defensive cyber experience in both the government and the private sector, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing enterprises today.

Read More

DATA SECURITY

Westcoast Limited Strengthens the Cyber Security Portfolio with an AppGuard Malware Disruption Technology Distribution Agreement for Endpoints

prnewswire | February 22, 2021

Westcoast Limited, a main UK wholesaler of IT items and administrations with over £3 billion in yearly incomes, today declared a circulation concurrence with AppGuard, a worldwide endpoint security supplier that shields associations from cyberattacks by disturbing malware from causing hurt. Under the understanding, Westcoast will appropriate AppGuard's malware interruption innovation in the U.K. also, Northern Europe districts, further extending its obligation to empowering Westcoast's affiliates and their clients to more readily guard against cyberattacks by shielding endpoints from being undermined by malware. Conveying driving IT brands like HP, HPE, Microsoft, Lenovo, Apple, and numerous others to an expansive scope of affiliates, retailers and office item vendors in the UK and past, Westcoast and its 9,000 exchanging accomplices and their clients comprehend that network safety is the main test confronting the present organizations. The expansion of AppGuard to Westcoast's network safety portfolio advances propels the organization's obligation to guarantee accomplices and their clients have the guard inside and out they need to ensure against the present progressed malware assaults.

Read More