F-Secure Leads Open Letter Against Snooper’s Charter

None | January 05, 2016

A group of technology firms, including cybersecurity player F-Secure, has signed an open letter opposing the UK government’s controversial Investigatory Powers Bill, which threatens to mandate that the authorities can bypass encryption to read the content of messages.

Spotlight

In M-Trends 2018, we look at some of the latest trends revealed through incident response investigations by Mandiant, a FireEye company, from October 1, 2016 to September 30, 2017. NEWLY NAMED APT GROUPS FireEye tracks thousands of threat actors, but pays special attention to state-sponsored attackers who carry out advanced persistent threat (APT) attacks. In 2017, FireEye promoted four attackers from previously tracked TEMP groups to APT groups.


Other News
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Absolute Software Adds Trellix Endpoint Security to Application Resilience Ecosystem

Absolute Software | September 20, 2022

Absolute Software™ , the only provider of self-healing, intelligent security solutions, today announced a partnership with Trellix, enabling Absolute Resilience® customers to extend its patented Absolute Persistence® technology to Trellix Endpoint Security (ENS). With this latest addition to the company’s Application Resilience™ ecosystem, joint customers can leverage the power of Absolute’s firmware-embedded connection to ensure Trellix’s leading endpoint protection solution remains healthy, installed, and working effectively. Anchored by its unique Persistence technology residing embedded in more than 600 million endpoints, Absolute provides an undeletable digital tether to every device to help ensure the highest levels of resiliency. Absolute Application Resilience leverages this unbreakable, two-way connection to monitor mission-critical security applications’ health and behavior; detect if missing, corrupted, or not running; and automatically repair or reinstall components when necessary - without requiring human intervention. “Our unique intelligence shows that today’s complex and widely distributed device environments have put endpoint agents at constant risk of colliding with other applications, or being disabled by malicious or negligent users. “By joining our Application Resilience ecosystem, Trellix is taking the critical steps needed to enable our joint customers to harden their mission-critical endpoint application and strengthen their overall endpoint security posture.” Edward Choi, SVP of Global Alliances at Absolute Software “We are proud to collaborate with leading software vendors to improve security outcomes for our customers,” said Britt Norwood, Senior Vice President, Global Channels & Commercial at Trellix. “Organizations across the globe rely on Trellix every day to protect, and adapt to, their changing business needs in a dynamic threat landscape. We’re thrilled to see Absolute Software support Trellix ENS in its Application Resilience ecosystem and extend this value to our joint customers.” Trellix Endpoint Security is part of an integrated suite of technologies that uses analytics and machine learning to provide effective protection—including the flexibility to connect to security products from other vendors. Trellix endpoint solutions enable organizations to apply proactive threat intelligence and defenses across the entire attack lifecycle. Absolute’s expansive Application Resilience catalog is comprised of more than 60 security and business applications needed to enable a secure, reliable, and resilient work from anywhere experience. About Absolute Software Absolute Software is the only provider of self-healing, intelligent security solutions. Embedded in more than 600 million devices, Absolute is the only platform offering a permanent digital connection that intelligently and dynamically applies visibility, control and self-healing capabilities to endpoints, applications, and network connections - helping customers to strengthen cyber resilience against the escalating threat of ransomware and malicious attacks. Trusted by nearly 18,000 customers, G2 recognized Absolute as a leader for the tenth consecutive quarter in the Summer 20022 Grid® Report for Endpoint Management and as a high performer in the G2 Grid Report for Zero Trust Networking.

Read More

DATA SECURITY, ENTERPRISE IDENTITY

Cervello Partners with ST Engineering to Provide Cybersecurity for Rail Operational Networks

Cervello | October 19, 2022

Cervello, a global leader in rail cybersecurity, announced today a new strategic partnership with ST Engineering, a global technology, defense, and engineering group, to incorporate ST Engineering’s cybersecurity services as part of Cervello's patented rail security solution for rail operators and infrastructure managers. This partnership, which has already proven its value by securing the operations of one of the busiest rail networks in APAC, enhances Cervello's ability to offer and support its solution globally. “We are pleased to officially announce our already proven strategic cooperation with ST Engineering, a proven technology and engineering powerhouse, as a significant step toward Cervello's continued global expansion,” states Roie Onn, Cervello's CEO & Co-Founder. “Combining ST Engineering’s decades of experience in empowering cyber resilience across various sectors, together with Cervello’s unparalleled expertise in rail-specific security, we are able to globally support rail organizations with cybersecurity solutions and services that enable them to operate more safely and efficiently.” “Threats in the cyber-physical world are growing at an exponential rate and conventional ways of securing systems and assets are no longer sufficient. “The joint cybersecurity capabilities of ST Engineering and Cervello allow us to build a more comprehensive effective suite of cybersecurity rail solutions that is reliable and ensures business continuity for rail operators." Goh Eng Choon, President, Cyber, ST Engineering About Cervello Cervello accelerates rail digital transformation by securing the industry’s infrastructure and operations from cyber threats. Cervello offers the industry's leading dedicated rail security platform, enabling rail companies to safely deliver connected service. Cervello’s platform gives you the confidence to see, secure, and manage all ​assets connected to your ​critical ​network, combining OT, IoT, IT and physical systems, and turn the associated data into a powerful resource. This means the end of any compromise between security​, safety​ and usability – put simply, this allows you to ​operate with confidence​. The world’s leading rail operators and infrastructure managers trust Cervello to minimize threats and prevent cybersecurity incidents, thereby increasing their safety, reliability, business continuity and service availability.

Read More

DATA SECURITY,ENTERPRISE SECURITY,PLATFORM SECURITY

Laminar Supports Launch of Amazon Security Lake

Laminar | November 30, 2022

Laminar, a leader in public cloud data security, today announced it is supporting the launch of Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes an organization’s security data from cloud, on-premises, and custom sources into a customer owned purpose-built data lake. With support for the Open Cybersecurity Schema Framework (OCSF) standard, Amazon Security Lake reduces the complexity and costs for customers to make their security solutions data accessible to address a variety of security use cases such as threat detection, investigation, and incident response. “All cybersecurity in the end is about protecting data and all cybersecurity is more effective and efficient with data-context. “Laminar is proud to be a launch partner for Amazon Security Lake, adding data-context to security events for better risk models, effective investigations and efficient remediation.” Amit Shaked, co-founder and CEO, Laminar Amazon Security Lake helps organizations aggregate, manage, and derive value from log and event data on the cloud and on-premises to give security teams greater visibility across their organizations. With Amazon Security Lake, customers can use the security and analytics solutions of their choice to simply query that data in place or ingest the OCSF-compliant data to address further use cases. Amazon Security Lake helps customers optimize security log data retention by optimizing the partitioning of data to improve performance and reduce costs. Now, analysts and engineers can easily build and use a centralized security data lake to improve the protection of workloads, applications, and data. Laminar is a Data Security Posture Management (DSPM) leader that delivers autonomous, agentless, and continuous data security for everything that you build and run on the cloud. Laminar provides autonomous discovery and classification for all data across AWS and hybrid cloud environments into a cloud data catalog, prioritization of data assets by our proprietary risk model, and an agentless and asynchronous approach to DSPM to reduce the exposure surface without impacting performance. “Data is every enterprise’s most valuable asset, which makes protecting it a critical capability for all cybersecurity solutions,” said Rod Wallace, General Manager for Amazon Security Lake. “Amazon Security Lake enables security teams to optimize security log data collection and retention by optimizing the partitioning of data to improve performance and reduce costs. With the Laminar integration, analysts and engineers can store their data in the OCSF format for further analytics to improve the protection of workloads, applications, and data.” About Laminar Laminar’s Cloud Data Security Platform protects data for everything you build and run in the cloud across cloud providers and cloud data warehouses. The platform autonomously and continuously discovers and classifies new datastores for complete visibility, prioritizes risk based on sensitivity and data risk posture, secures data by remediating weak controls and actively monitors for egress and access anomalies. Designed for the multi cloud, the architecture takes an API-only approach, without any agents, and without sensitive data ever leaving your environment. Founded in 2020 by a brilliant team of award winning Israeli red team experts, Laminar is proudly backed by Insight Partners, Tiger Global, Salesforce Ventures, TLV Partners, and SentinelOne.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Abnormal Security Redefines Cloud Email Security with the Launch of Security Posture Management to Protect Against Email Platform Attacks

Abnormal | November 16, 2022

Abnormal Security, the leading behavioral AI-based security platform, announced today its newest addition to the product portfolio as the company progresses toward delivering the most comprehensive cloud email security in the market. The latest innovation protects customers from emerging email platform attacks that are increasing in volume and severity as attackers find new ways to target organizations. The open, interconnected nature of cloud email platforms creates new entry points for attackers to exploit and manipulate—increasing the need for security tools that protect organizations from attacks beyond those that are delivered through inbound email. While advanced inbound email attacks like business email compromise and credential phishing remain the primary cloud email attack vector, accounting for $43 billion in exposed losses since 2016, this addition to the Abnormal product portfolio expands the capabilities of cloud email security to protect against side-channel attacks that directly target the entire email platform. In recent headlines, cybercriminals have exploited unguarded entry and exit points to carry out sophisticated platform attacks, including: Compromising user and administrator accounts by bypassing MFA policies Exploiting global administrator privileges by setting up tenant-wide email forwarding rules that send company emails to attacker inboxes Tricking employees into installing malicious OAuth applications through consent phishing email links disguised as file-sharing links These examples showcase the need for security tools that can detect changes to the cloud email environment and provide full visibility into the current posture. But because security teams often share responsibility for these platforms alongside IT and messaging teams, it is operationally difficult and manual to understand the full scope of potential configurations across thousands of users, third-party applications and email tenants, and manage them accordingly. “As we’ve spoken to our customers, we’ve heard increasing concerns about this next generation of attacks. Since they have implemented Abnormal to secure the inbound channel against advanced attacks such as BEC, attackers are looking for new ways to access their inboxes and email platforms. “Implementing a solution that can alert security teams to new integrated applications, over-permissioned users, and other potentially risky events will be extremely helpful to security leaders, and Abnormal is excited to evolve our inbound email security platform to provide this capability and better protect our customers from the full spectrum of attacks.” Mike Britton, chief information security officer at Abnormal Security The new Security Posture Management product from Abnormal gives security teams immediate visibility to each of the potential entry and exit points to the cloud email platform. Increased visibility begins with three new Knowledge Bases, in addition to the existing VendorBase, which present comprehensive databases of employees, third-party applications, and email tenants. Each of the three new Knowledge Bases provides the foundational visibility security teams need to understand potentially exposed surface areas in Microsoft 365 and conduct security investigations. AppBase: Provides a running inventory of all of the third-party applications that have access to data within Microsoft 365. It provides a summary of important information about application permissions and data access, as well as an activity timeline of recent events. PeopleBase: Provides a directory of each active user in the environment. It uses contextual, behavioral data to build a dynamic user genome. PeopleBase also provides an activity timeline of recent events, including sign-on patterns, suspicious email activity, and more. TenantBase: Provides a catalog of each of the email tenants Abnormal Security protects and relevant permissions governing access to them. Taking the information derived from these Knowledge Bases, the new Security Posture Management product then monitors each entity for potentially risky configuration changes. Key changes may include the escalation of administrator privileges or the integration of new unverified applications with read-write access to mailboxes. When changes occur, Security Posture Management alerts administrators so they can understand the impact and take appropriate downstream action to protect their cloud email platform from insider threats or attacker infiltration. While the monitoring and alerting capabilities of Security Posture Management are available as an add-on purchase to Inbound Email Security, Abnormal is providing the foundational visibility of its new Knowledge Bases at no cost to all customers with Microsoft 365. New Product Continues to Drive Abnormal Growth in the Email Security Market The posture management offering underscores Abnormal’s commitment to providing its customers with the most effective email security platform on the market. In recent weeks, Abnormal was named to the CNBC Top 25 Startups for the Enterprise list of companies that are best suited to meet the needs of large enterprises, as well as the Madrona Intelligent Applications 40 list for the platform’s superior capabilities in using machine learning to extract useful information from real-time and historical data. These awards highlight the continued success of the company as Abnormal continues to experience more than 2x growth per year, with notable customers including Xerox, Urban Outfitters, Royal Caribbean International, and Groupon. The company maintains a 4.8-star review on Gartner Peer Insights, with 100% recommendation from participating companies. This continued growth is driven by the recent Series C funding round in which Abnormal raised $210 million with backing from Insight Partners, Greylock Partners, and Menlo Ventures. Security Posture Management is the second major product launch in the past six months, with Abnormal releasing the Email Productivity module in August 2022. The Email Productivity add-on uses behavioral AI to filter time-wasting promotional emails away from employee and executive inboxes, automatically personalizing protection to each user based on behavior cues like folder moves. By shielding employees and executives from the growing barrage of promotional emails, including vendor cold calls, newsletters, and marketing promotions, Email Productivity saves enterprises multiple hours per employee per month. Both new products are part of the Abnormal Cloud Email Security platform, which stops the full spectrum of email-borne attacks. About Abnormal Abnormal Security provides the leading behavioral AI-based security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine leverages identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails in milliseconds—all while providing visibility into configuration drifts across your environment. You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly.

Read More

Spotlight

In M-Trends 2018, we look at some of the latest trends revealed through incident response investigations by Mandiant, a FireEye company, from October 1, 2016 to September 30, 2017. NEWLY NAMED APT GROUPS FireEye tracks thousands of threat actors, but pays special attention to state-sponsored attackers who carry out advanced persistent threat (APT) attacks. In 2017, FireEye promoted four attackers from previously tracked TEMP groups to APT groups.

Resources