DATA SECURITY

When Safeguarding Digital Communications,IT Security Leaders Come Across Continued Vulnerabilities

SafeGuard Cyber | July 13, 2021

The only SaaS platform dedicated to managing the entire lifecycle of digital risk protection, SafeGuard Cyber, has released conclusions from a survey of 100 IT security leaders about their safeguarding digital communications and digital risk processes. The finding of the survey indicates that cybersecurity leaders recognize what is required for adequate digital risk protection. But, they are still dealing with boundaries and susceptibilities in defending these communications, such asthird-party cloud application engagement.

The survey was conducted in June 2021 in coordination with the research community Pulse. The main point covered in the survey was uncovering how cybersecurity leaders are managing digital risks on third-party applications. In addition, the survey was also focused on recognizing who owns the responsibility for securing them and what all can be done to progress their administration's security posture for various cloud applications. 100 senior enterprise IT and security professionals from companies with over 5,000 employees were included in the survey.

The main findings from the survey include:

• The biggest challenge for security leaders, who targets to uphold security and compliance across all professional communications, is lack of visibility (39%)
• Security leaders are most concerned about data loss (46%) regarding digital communication risks, followed by malware and ransomware attacks (37%).
• Only 10% of cybersecurity leaders have a tech stack that provides complete visibility for detecting and responding to threats in cloud applications outside of their network.
• Security leaders often restrict access as a means of managing risk where they lack granular visibility. For example, to ensure security and compliance on social media, collaboration, and mobile chat applications, most security leaders (77%) turn to tools that restrict access to third-party communication apps.


About SafeGuard Cyber 

SafeGuard Cyber guards the human connections establishments need to flourish in a digital world. The cloud-native SafeGuard platform authorizes the secure and compliant acceptance of social, mobile, and cloud-based communication channels at the scale of worldwide corporate. With SafeGuard, customers gain business agility with better security and time to value. Current customers include small businesses, Global100 enterprises, municipalities, and various national governments.

Spotlight

It’s a never ending cat-and-mouse game: bad guys develop malware and good guys try to detect and mitigate malware to protect the end user. Whenever manufacturers of antivirus software come up with a new method of detecting malicious code or files, hackers find a way to circumvent that technique. One particularly elegant technique of transmitting and executing malware has gained popularity in the last couple of years with both hackers and pentesters alike: Microsoft’s built-in tool PowerShell. It provided a convenient way of executing code directly in-memory without ever touching the disk. Since many antivirus products relied on scanning executables which are written on the disk, this attack vector was completely invisible to them.

Spotlight

It’s a never ending cat-and-mouse game: bad guys develop malware and good guys try to detect and mitigate malware to protect the end user. Whenever manufacturers of antivirus software come up with a new method of detecting malicious code or files, hackers find a way to circumvent that technique. One particularly elegant technique of transmitting and executing malware has gained popularity in the last couple of years with both hackers and pentesters alike: Microsoft’s built-in tool PowerShell. It provided a convenient way of executing code directly in-memory without ever touching the disk. Since many antivirus products relied on scanning executables which are written on the disk, this attack vector was completely invisible to them.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

SentinelOne and Perception Point Partner for Unparalleled Advanced Threat Protection and Rapid Remediation Across Principal Attack Vectors

Perception Point | September 30, 2022

Perception Point, a leading provider of advanced threat protection across digital channels, today announced that it has partnered with SentinelOne, an autonomous cybersecurity platform company, to provide customers unparalleled advanced threat detection and rapid remediation across enterprise endpoints, email, and cloud collaboration channels. SentinelOne Singularity XDR unifies prevention, detection, and response into a single platform driven by patented machine learning and intelligent automation. Perception Point isolates, detects and remediates all threats across the organization's main attack vectors, including email and cloud collaboration channels, from a single platform. Perception Point's integration with SentinelOne offers users the unique ability to simplify and consolidate protection across these attack vectors, and rapidly remediate any threat autonomously across them. Joint customers benefit from: Rapid remediation with additional triage from Perception Point's managed Incident Response service Reduced workloads on the SOC team by up to 75%, simplifying and shortening containment time Full visibility into attacks across the endpoint, email, and cloud collaboration apps "The threat landscape is only becoming more complex with attacks threatening organizations across multiple vectors. "We're excited to partner with SentinelOne to protect users from all threat types across their most used communication channels - endpoints, email, cloud collaboration apps, and cloud storage. The integration consolidates and simplifies threat prevention and remediation, boosting our customers' security posture while reducing the SOC team's workloads." Orit Shilvock, VP Sales at Perception Point "SentinelOne is committed to enabling choice and flexibility for our customers with Singularity Marketplace," said Ruby Sharma, Head of Technology Ecosystem, SentinelOne. "Partnering with Perception Point brings together leading detection and response capabilities to address threats across endpoint, email, cloud and collaboration attack surfaces." Perception Point's advanced threat protection solution is now available on the SentinelOne Singularity Marketplace. About Perception Point Perception Point is a Prevention-as-a-Service company for the fastest and most accurate next-generation detection and response to all attacks across email, cloud collaboration channels, and web browsers. The solution's natively integrated incident response service acts as a force multiplier to the SOC team, reducing management overhead, improving user experience and delivering continuous insights; providing proven best protection for all organizations. Deployed in minutes, with no change to the enterprise's infrastructure, the patented, cloud-native and easy-to-use service replaces cumbersome legacy systems to prevent phishing, BEC, spam, malware, Zero-days, ATO, and other advanced attacks well before they reach end-users. Fortune 500 enterprises and organizations across the globe are preventing content-borne attacks across their email and cloud collaboration channels with Perception Point. About SentinelOne SentinelOne is pioneering autonomous cybersecurity to prevent, detect, and respond to cyber attacks faster and with higher accuracy than ever before. Our Singularity XDR platform protects and empowers leading global enterprises with real-time visibility into attack surfaces, cross-platform correlation, and AI-powered response. Achieve more capability with less complexity.

Read More

SOFTWARE SECURITY

Aqua Launches the Industry’s First Out-of-the-Box Runtime Security with Advanced Protection Against the Most Sophisticated Threats

Aqua Security | July 26, 2022

Aqua Security, the leading pure-play cloud native security provider, today announced the launch of out-of-the-box runtime protection with minimal configuration to stop attacks in real time on running workloads. Protection is composed of new curated and optimized default security controls, as well as advanced threat intel from observations of real attacks on cloud native environments. Both the controls and threat intel are the result of knowledge gained through years of securing customers’ live production environments. Customers can now apply this knowledge to achieve trusted and advanced runtime protection in minutes without requiring in-depth knowledge of their applications and environments. Using eBPF technology and threat intel from cyber research team Aqua Nautilus to identify advanced threats, Aqua surfaces the most critical issues in real time while also implementing a set of controls to protect running workloads immediately, without disrupting the business. “Aqua is transforming the runtime security paradigm. “Traditional runtime security requires security teams to have a great deal of cloud native knowledge, and as a result has been slow to adopt. Aqua is removing this barrier to adoption by making cloud workload threat protection immediately effective and easy for security professionals.” Amir Jerbi, CTO and co-founder, Aqua Security Stopping Attacks in Real Time with Runtime Security Recent data from Nautilus shows that one in three live attacks could be missed when relying exclusively on snapshot scanning of running workload images. Nautilus also found tens of thousands of instances of in-memory attacks and fileless attacks in a one-month period—attacks that would not be seen or stopped without kernel-level visibility. Aqua’s detection of anomalous behavior goes beyond point-in-time snapshots and catches malicious behavior of known and unknown threats in real time—this includes both known CVEs and zero-day exploits that have yet to be discovered. The new default runtime controls are based on ongoing recommendations from Aqua Nautilus, who detect and analyze 80,000 attacks a month using Aqua’s open source eBPF-based threat detection engine, Aqua Tracee. The result is real-time visibility at the kernel level that alerts customers the moment an attacker breaches a running workload, reducing attackers’ dwell time from months to milliseconds. Aqua’s Runtime Protection solution is part of Aqua’s fully integrated Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. Customers of the Aqua Platform also have access to the entire, full set of customizable, advanced runtime capabilities if and when they decide to define and implement more stringent policies. Key benefits of Aqua Runtime Protection include: Discover attacks immediately with continuously updated kernel-level behavioral detection. Updates are based on cloud native threat research from Aqua Nautilus along with years of experience securing customer workloads in production. Respond faster and reduce attacker dwell time by stopping attacks with pattern-based anti-malware in production and the option to block or delete malware on access. Simplify incident investigation and rapidly determine the impact and attack path of a security incident with a detailed incident timeline including rich contextual information. “Unlike overly complex runtime solutions, legacy solutions not designed for cloud-native applications, or solutions that can’t detect in real time, our goal with this release is to provide runtime security that is simple to deploy, giving you effective real-time security out-of-the-box,” said Jerbi. “What this boils down to is that, unlike alternative solutions, Aqua’s Platform will both detect sophisticated attacks and stop them in real time.” Aqua’s out-of-the-box Runtime Protection is now available and will make an industry debut at AWS re:Inforce on July 26-27 in Boston at Booth 104. To learn more, visit Aqua’s YouTube. About Aqua Security Aqua Security stops cloud native attacks and is the only company with a $1 Million Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry’s most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston and Ramat Gan, Israel, with Fortune 1000 customers in over 40 countries.

Read More

DATA SECURITY

SentinelOne and Cribl Partner to Deliver Data Flexibility Across Cybersecurity and Observability

Cribl | August 04, 2022

Cribl, the leader in enabling open observability, today announced a new partnership with SentinelOne, an autonomous cybersecurity platform company. The partnership enables SentinelOne customers to leverage Cribl's observability product suite to streamline cybersecurity triage, optimize data collection, and provide security teams control of their data. By integrating Cribl's observability product suite with Singularity XDR, SentinelOne customers can now unlock the value of all observability data. Key benefits include the ability to: 1) Operationalize endpoint and extended detection and response (EDR & XDR) of data sources in joint customer environments, 2) Streamline for triage and investigative functions in the Security Operations Center (SOC), and 3) Progress cybersecurity programs with enhanced threat intelligence, threat hunting, and adversary simulation. "Today's cybersecurity risk levels are increasingly associated with the ability to understand data across enterprise assets. "Our partnership with Cribl helps optimize data collection at scale, enabling security teams to minimize risk and save time." Chuck Fontana, SVP Business Development at SentinelOne "We're excited to partner with the SentinelOne team," said Zac Kilpatrick, VP of Channel and Alliances at Cribl. "To keep up with persistent threats and the ever-changing security landscape, SOC activity must move from reactivity to proactivity. SentinelOne's autonomous and proactive approach to cybersecurity is differentiated in the market and aligns with Cribl's objective of optimizing analytics platform cost and performance." Integration with SentinelOne's Cloud Funnel Cribl's product suite now integrates with SentinelOne's Cloud Funnel, a data subscription enabling XDR data to be stored locally in an enterprise's data lake. This solution works with any data type, such as file, process, DNS, flow, behavioral, registry, commands, scripts, and more. Cloud Funnel's flexibility provides SentinelOne customers the ability to choose which data type they need, optimize it to find the right signal, and route it for maximum efficiency - all at machine speed. Integration with DataSet Cribl Stream now supports SentinelOne's DataSet as a destination to seamlessly route data from legacy log analytics solutions. DevOps and IT teams choose DataSet to analyze data in real-time, effortlessly scale to petabytes, and cost-effectively retain data for longer periods of time for compliance and audit purposes. The new integration enables Cribl customers to pipeline their data to DataSet without changing their data instrumentation, collection, and ingestion. SentinelOne and Cribl will also continue bringing new offerings to market, including integrating Cribl Stream into SentinelOne's Singularity XDR platform. About Cribl Cribl makes open observability a reality for today's tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It's enterprise software that doesn't suck, enables tech professionals to do what they need to do, and gives them the ability to say "Yes." With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future. Founded in 2017, Cribl is a remote-first company with an office in San Francisco, CA.

Read More