DATA SECURITY

HYAS Infosec Announces General Availability of Cybersecurity Solution for Production Environments

HYAS | August 10, 2022 | Read time : 02:00 min

HYAS Infosec Announces General Availability of Cybersecurity Solution
Leading security technology firm HYAS Infosec — whose proactive solutions ensure that businesses can keep moving full forward in our ever-changing world — today announced the general release of its newest product, HYAS Confront, a cybersecurity solution offering complete visibility into every corner of a production environment. HYAS will be demoing Confront at Black Hat USA in Las Vegas from August 8 to August 11.

Production environments are increasingly becoming a target for bad actors, as they want their attacks to cause as much disruption as possible. Afterall, if a company’s production environment is rendered inoperable, its ability to generate income is shut down. HYAS Confront addresses this growing issue by giving DevSecOps teams complete visibility into their production environment. HYAS Confront finally gives them a definitive picture of which devices on their network are communicating with one another, which devices are sending traffic outside the network, and how often and to whom they are sending it. HYAS Confront also automatically identifies communication to known command and control servers as well as other risks and threats.

“We have gotten an excellent response from our first customers, who began using the service during development and testing. “We are extremely proud of the solution we have brought to market and the vital role it fulfills in providing complete network visibility.”

HYAS CEO David Ratner

Most cybersecurity solutions on the market today focus on protecting the perimeter of your network, but unfortunately, regardless of the strength of your outward-facing security posture, you will be breached at some point. The numbers bear this out, with 97 percent of companies reporting having experienced a successful cybersecurity breach at some point.

However, even if bad actors sneak past your perimeter security, they can’t hide from the foundational network monitoring provided by HYAS Confront. Once deployed, a process that usually takes less than 30 minutes, it establishes a baseline of normal, healthy network traffic. With this data, HYAS Confront can recognize aberrations from normal traffic patterns that could indicate a problem. When such an anomaly is discovered, Confront alerts administrators so they can take appropriate action.

But the benefits of full production environment visibility doesn’t end with security. HYAS Confront can also reveal issues like misconfigurations, violations of policies or controls, and incomplete removal of malware after an attack. One of the most difficult aspects of incident response is ensuring that the environment is actually clean again, and HYAS Confront’s visibility can play a vital role in that process. It can also be a useful tool for understanding service assurance. This innovative solution integrates seamlessly with other network management and security infrastructure, working alongside them to enhance the value of these pre-existing investments. This improves overall network health, preventing problems down the road and giving businesses the confidence to move forward at full speed.

“Production environments are so critical to a company’s ability to function, and unfortunately, no matter how strong your perimeter is, bad actors will eventually find a way in,” said Ratner. “HYAS Confront’s distinctive ability to detect anomalies within your production environment ensures that even in these cases, you can uncover the problem before it does damage, letting businesses operate confidently and without fear of costly interruptions.”

About HYAS
HYAS is a valued partner and world-leading authority on cyber adversary infrastructure and communication to that infrastructure. We help businesses see more, do more, and understand more about the nature of the threats they face — or don’t even realize they are facing — in real time. HYAS’s foundational cybersecurity solutions and personalized service provide the confidence and enhanced risk mitigation that today’s businesses need to move forward in an ever-changing data environment.

Spotlight

A cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to the energy supply in the affected countries.


Other News
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

AI-Based Cloud Security Meets Live Professional Monitoring--Rhombus Releases 24/7 Alarm Monitoring with Video Verification and Emergency Dispatch

Rhombus | September 17, 2022

Rhombus, a leader in enterprise cloud physical security, has released Alarm Monitoring, a 24/7 service that deters threats in real time and enhances an organization's after-hours security by combining AI-based alerts with live professional monitoring. "Many IT and Safety Managers love that Rhombus automatically sends AI-based alerts but don't have the staff on call to respond after hours. "This is where Alarm Monitoring comes in. When an alert is triggered—for instance, if human movement is detected when a building should be empty—an audible deterrent can be issued to deescalate a threatening situation and a live dispatcher will verify the alert to determine the appropriate course of action. The combination of issuing a deterrent while conducting a live investigation not only reduces false alarms but also accelerates incident resolution and emergency response." Rickey Cox, Director of Product at Rhombus Once an alert is triggered, live agents will automatically verify the alert and will text/call an organization's contact list or immediately dispatch emergency services if a threat to a person or property is identified. Additionally, with the Rhombus A100 Audio Gateway, an audible deterrent can be issued, such as a police siren, loud alarm, or custom message. Monitoring agents can also use the A100 as a two-way communication device, informing perpetrators that the authorities are on their way and to vacate the property. The use of an audible deterrent helps neutralize damage or threats in real-time as emergency services are en route. Within minutes, Rhombus can trigger an alert, issue an audible deterrent, verify an alert, contact essential personnel regarding the situation, send emergency services, and provide contextual information to first responders, including alert footage, live streams, and location details. Alarm Monitoring utilizes fully redundant, Five Diamond, UL-Listed Central Monitoring Centers and the full suite of Rhombus products –including smart cameras, sensors, and industry-leading AI analytics—to provide best-in-class coverage to enterprise organizations. Rhombus Alarm Monitoring is now available starting at $1,799 per year, per location. About Rhombus Rhombus is a cloud physical security platform designed to bring greater intelligence, security, and productivity to enterprise organizations. Rhombus delivers NDAA-compliant smart cameras and connected sensors that can be managed from a single pane of glass to simplify infrastructure and security management at scale.

Read More

SOFTWARE SECURITY

Red Canary and Palo Alto Networks expand collaboration to provide detection and response across security landscape

Red Canary | July 08, 2022

Red Canary, the Managed Detection and Response (MDR) trailblazer, has expanded its collaboration with industry leader Palo Alto Networks to help deliver on a bold vision: unifying threat investigation across a wide range of Palo Alto Networks products. To help achieve this goal Red Canary is now a part of the Palo Alto Networks Cortex® MSSP partner program. Today, Red Canary MDR supports Palo Alto Networks firewalls by integrating with PAN-OS version 9 and higher. This integration allows security alerts and event data generated by firewall appliances to feed into the Red Canary MDR platform for further investigation and remediation. Red Canary is working with Palo Alto Networks as an MDR partner for the Cortex XDR product, which includes built-in endpoint protection. While many MDR offerings simply ingest alerts generated by endpoint security tools, Red Canary is working toward being able to ingest raw telemetry as well as alerts from the Cortex XDR endpoint agent. Red Canary anticipates this will allow it to reduce false positives by up to 99% and significantly increase the detection of confirmed threats compared to what endpoint security tools can identify on their own. "The detailed endpoint telemetry generated by Cortex XDR enables leading scores in actual hands-on tests, such as MITRE's recent ATT&CK® evaluation," said Rick Caccia, SVP of Marketing for Palo Alto Networks. "Red Canary's ability to manage and analyze large volumes of endpoint, network, and other types of telemetry will make them an ideal partner for solving customers' most pressing security challenges. Together, we can help protect organizations from ransomware, phishing, and other modern threats." To complete our vision of unifying threat investigation across the Palo Alto Networks product line, Red Canary is also developing integrations for Prisma® Cloud, Threat Prevention, and the WildFire Analysis Environment. Red Canary's MDR everywhere strategy allows events from Palo Alto Networks products to be combined with multi-vendor events in a unified timeline. To learn more, visit https://redcanary.com/cyber-threat-investigation/. "Red Canary is meeting customer demand for security across the modern IT environment by integrating alert data from network, identity, and SaaS applications – all in a unified timeline. Our collaboration with Palo Alto Networks layers best-in-class managed detection and response across an industry-leading portfolio of cybersecurity solutions. The result is more choice and better security for our customers." Chris Rothe, CTO, Red Canary About Red Canary Red Canary stops cyber threats no one else does so organizations can fearlessly pursue their missions. The company's managed detection and response (MDR) solution works across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. Red Canary operates as a security ally for customers and partners by providing unlimited 24×7 support, deep threat expertise and hands-on remediation to prevent threats from turning into business-defining incidents.

Read More

SOFTWARE SECURITY

GuidePoint Security Achieves AWS Security Competency Status

GuidePoint Security | July 27, 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that it has achieved the Compliance and Privacy distinction in the Amazon Web Services (AWS) Security Competency. This designation recognizes that GuidePoint Security has demonstrated and successfully met AWS’s technical and quality requirements for providing customers with a deep level of consulting services expertise in Compliance and Privacy to help them achieve their cloud security goals. Achieving the Compliance and Privacy distinction in the AWS Security Competency differentiates GuidePoint Security as an AWS Partner that provides specialized consulting services designed to help companies from startups and mid-sized businesses to the largest global enterprises to adopt, develop, and deploy security into their AWS environments, increasing their overall security posture on AWS. To receive the designation, partners must possess deep AWS expertise and deliver solutions seamlessly on AWS. “GuidePoint Security was an original AWS Security Competency launch partner and we are proud to be launch partner yet again for the updated AWS Security Competency program having achieved the Compliance and Privacy distinction,” said Anil Badruddin, Practice Director – AWS Cloud Security, GuidePoint Security. “Our team is dedicated to helping organizations achieve their security goals by combining our in-depth knowledge of technical solutions along with our deep expertise of the powerful security tools AWS provides.” AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise. GuidePoint Security’s distinction for Compliance and Privacy is based on the following attributes: Specialized consulting service offerings including: cloud security assessments, cloud governance, solution design and implementation, and security automation The ability to develop enterprise-wide security playbooks to help organizations mature their cybersecurity programs Deep technical expertise for a wide range of third-party security solution providers and AWS native services to help customers identify, implement, and manage the right solutions for their environment and business Expertise in helping customers ensure Payment Card Industry Data Security Standard (PCI DSS) compliance on AWS (GuidePoint Security is certified as a PCI QSA) About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk.

Read More

DATA SECURITY,PLATFORM SECURITY

SCYTHE New Version 4.0 Enhances Collaboration Across Multiple Security Team Roles

SCYTHE | September 09, 2022

SCYTHE, a leader in adversarial emulation, announced the release of version 4.0 of the company’s flagship cybersecurity platform, offering new features and functionality that will extend capabilities for greater collaboration between blue, red, and purple teams. SCYTHE runs real-world adversary emulations that help security teams reduce detection and response rates, validate controls, and optimize resources by enabling teams to prioritize vulnerabilities, and focus on the highest risk issues to the business. Its scalable platform automates adversary emulations and expands your team’s threat intelligence skills so that you can multiply your cybersecurity team’s velocity and reduce cybersecurity risk. SCYTHE has the largest, public library of threats in the breach attack simulation industry and has more capabilities than all other competitors combined as shown by Tidal Cyber’s Community Edition of their SaaS threat-informed defense platform. With a redesigned UI, SCYTHE 4.0 makes threats easier to manage by bringing campaign details to the surface, allows for greater communication between team members, and makes it simpler to take action via Jira integrations—all available as an on-prem or SaaS offering. Through automation, communication, and integrations, SCYTHE 4.0 is designed to help security teams collaborate, as a purple team, on adversary emulation. “The new SCYTHE 4.0 platform sets a new standard for adversary emulation automation for offensive, defensive, and hybrid purple teams to help customers strengthen defenses, share actionable data between teams to better resolve real-world cybersecurity concerns quickly, and improve collaboration,” said Stephanie Simpson, VP, Product. “Version 4.0 is based on feedback from our customers and prospects about what they need to optimize their teams’ breach and attack simulation (BAS) capabilities.” In addition to this, SCYTHE’s Cyber Threat Intelligence (CTI) Team just released offerings that are complementary to the SCYTHE platform capabilities and services that can serve as an extension of your security team. This includes emergency action emulation plans, custom plans, cloud-focused plans, and emulation plans covering more diverse tactics, techniques and procedures. What’s New With 4.0? SCYTHE version 4.0 was designed to enhance collaboration within security teams and improve the user experience. These updates include: Collaboration features — SCYTHE enables greater collaboration between blue, red, and purple teams to create and leverage existing adversary emulation plans. The updated, user-friendly dashboard clearly displays outcomes and severity of campaign results. Users can have different access levels to create and personalize realistic attacks or re-run existing attacks. In-platform messaging now allows for better and faster communication between users. Workflow automation — Users can take a more collaborative team approach and seamlessly share actionable insights through a Jira integration. SaaS and on-prem — Previously an exclusively on-prem solution, SCYTHE 4.0 now has a SaaS offering available to provide flexibility to customers in any type of environment. SCYTHE 4.0 will be available for customers in Q4. About SCYTHE SCYTHE is like hiring the hacker you always wanted, but could never afford. SCYTHE transforms your organization’s capabilities and defines a new technology category: Attack, Detect, and Respond to integrate cybersecurity risk management across people, process, and technology. The SCYTHE 4.0 platform enables collaboration between red, blue, and purple teams to build and emulate real-world adversarial campaigns. Customers can easily and quickly validate the risk posture and exposure of their business and employees and the performance of enterprise security teams and existing security solutions.

Read More

Spotlight

A cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to the energy supply in the affected countries.

Resources