Data Security

IBM to Expand Security Portfolio with Plans to Acquire ReaQta

IBM Security today announced an expansion of its cybersecurity threat detection and response capabilities with its plans to acquire ReaQta. ReaQta's endpoint security solutions are designed to leverage AI to automatically identify and manage threats, while remaining undetectable to adversaries. This move will expand IBM's capabilities in the extended detection and response (XDR) market, aligning with IBM's strategy to deliver security with an open approach that extends across disparate tools, data and hybrid cloud environments.

As part of today's announcement, IBM also detailed a new suite of XDR offerings under the QRadar brand. IBM QRadar XDR helps security analysts break down the silos between the proliferation of point products in the industry – providing comprehensive visibility across security tools and data sources, whether in the cloud or on-premises, and equipping security teams with the insights and automation they need to act quickly. Upon closing, ReaQta's offerings will become part of this portfolio, adding expanded native XDR capabilities to IBM's security portfolio aimed at helping clients adopt continuous monitoring and rapid response as part of a zero trust approach.

Companies today are struggling to secure increasingly dispersed IT environments, with the proliferation of devices, users, and technologies spreading across clouds and on-premises infrastructure. As a result, security events are becoming more difficult and costly to detect and contain, with data breaches costing over $4 million per incident and taking an average of 212 days to identify, according to the 2021 Cost of a Data Breach Report from IBM and Ponemon Institute.

"Complexity has created a cloak that attackers are operating under, furthering their ability to circumvent defenders,The future of security is open, using technologies that can connect the security insights that are buried across disparate tools and advanced AI to identify and automatically respond to threats more quickly across their entire infrastructure, from endpoint to cloud. With our expanded capabilities via QRadar XDR and the planned addition of ReaQta, IBM is helping clients get ahead of attackers with the first XDR solution that reduces vendor lock-in via the use of open standards."

Mary O'Brien, General Manager, IBM Security

IBM Announces Intent to Acquire ReaQta
IBM's planned acquisition of ReaQta further differentiates the company's portfolio of connected, open security tools to unify and speed response to security threats. ReaQta, whose primary business office is located in the Netherlands with headquarters in Singapore, will join the IBM Security business unit upon closing. ReaQta was built by an elite group of cybersecurity experts and researchers with AI and machine learning expertise and extensive backgrounds in security operations. Financial terms were not disclosed.  The transaction is expected to close later this year, subject to customary closing conditions and required regulatory reviews.

ReaQta's behavioral-based platform helps stop known and unknown threats in real-time and can be deployed in a hybrid model – on premise or in the cloud as well as air gapped environments. Through deep learning done natively on the endpoint the platform constantly improves on defining threat behavior tailored to each business per endpoint, allowing it to block any abnormal behavior. ReaQta's platform also leverages a unique 'Nano OS' that monitors the operating systems from the outside, helping to prevent interference by adversaries.

"Our mission at ReaQta has been to better equip the defenders, who are tirelessly striving to stay ahead of cyber threats, with advanced technology to quickly identify and block new attacks," said Alberto Pelliccione, CEO at ReaQta. "Joining forces with IBM will enable us to enhance and scale our unique AI capabilities across all types of environments via a proven platform for threat detection and response."

QRadar XDR Suite: Open, Connected Approach to XDR
An evolution of the IBM QRadar security intelligence portfolio, IBM QRadar XDR is a suite of security software built on IBM's open, cloud-native security platform, Cloud Pak for Security. IBM QRadar XDR spans the core foundational capabilities of threat detection, investigation, and response to help organizations modernize their existing IT and security infrastructure.

IBM is implementing an open connected approach to XDR, leveraging its commitment to open security and the Open Cybersecurity Alliance, as well as alliances and integrations with 200 plus cloud and security vendors, creating the industry's largest XDR ecosystem. The QRadar XDR suite also includes IBM native security technologies that customers can choose to leverage for Security Information and Event Management (SIEM), Network Detection and Response (NDR), and Security Orchestration Automation and Response (SOAR).

Now with the addition of ReaQta, the QRadar XDR suite will also include an option for Endpoint Detection and Response (EDR), allowing IBM to provide native capabilities for all core XDR functions, while also providing clients the option to leverage existing investments and third-party tools across IBM's broad partner ecosystem. IBM QRadar XDR will also be designed to deliver more accurate alerts while helping reduce manual processes via pre-built detection and response automations.

IBM QRadar XDR is also designed to be deployed by managed security service providers, including IBM and others.

Connecting Existing Investments
Building further on IBM's open approach to XDR, the company also introduced XDR Connect, which helps companies connect and automate threat detection and response across existing toolsets. Part of the QRadar XDR suite, XDR Connect provides a unified streamlined workflow for alert triage, investigation and threat hunting, automated root cause analysis, and response, by connecting to organizations' existing tools or IBM's own XDR technologies.

XDR Connect offers a centralized management of security incidents with pre-defined detection and response rules via more than 30 open source, pre-built integrations, and data connectors. It also provides access to the latest threat intelligence insights and data from IBM and third parties. This unique approach allows companies to better capitalize on existing security investments, modernize with new security tools and data sources, and simplify their overall security operations with unified, AI-driven workflows designed for faster, streamlined response.

About ReaQta
ReaQta is a top-tiered AI Autonomous Detection & Response platform, built by an elite group of cyber security experts and AI/ML researchers. Built with advanced automated threat-hunting features, ReaQta allows organizations to eliminate the most advanced threats in real-time. As experts in AI and behavioral analysis, ReaQta's proprietary dual-AI engines provide organizations across all industries with autonomous, real-time and fully customizable endpoint security, minus the complexity. As a result of automation coupled with intuitive design, ReaQta's customers and partners benefit from performance improvements and are now able to manage and secure more endpoints without the need for highly skilled staff.

About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide.

Spotlight

Other News
API Security

Wallarm Announces Policy Integration with MuleSoft AnyPoint Platform

Wallarm | October 13, 2023

Wallarm has announced the availability of Application and API Security policies seamless integration with the MuleSoft AnyPoint Platform, providing essential protection for apps and APIs in various deployment scenarios. This integration of Wallarm and MuleSoft presents a compelling choice for organizations dedicated to comprehensively safeguarding and managing their API security management, ensuring robust protection for their digital assets. In the digital age, enterprises heavily depend on APIs to facilitate application connections and drive their digital transformation. Wallarm's latest offering seamlessly integrates with the MuleSoft API management and integration platform, bolstering cloud security and compliance to meet the evolving needs of modern businesses. Effective API management is paramount for organizations, and the market offers numerous commercial solutions, each with its unique features. Whether opting for well-known platforms such as MuleSoft, Kong, or Apigee, or exploring external tools like Akamai Edge and Azion Edge, the decision on how to deploy and manage crucial APIs depends on factors such as scalability, performance, and existing infrastructure. Regardless of the chosen approach, the demand for robust API security that effortlessly aligns with these varied deployment methods remains a top priority. CEO and Co-founder of Wallarm, Ivan Novikov, said, Wallarm is keen to unveil a cutting-edge cloud-based security policy that is agile and fully integrated with MuleSoft, a leading integration and API management platform in the market. [Source – Business Wire] About Wallarm Wallarm is a leading provider of robust protection for APIs, microservices, web applications, and serverless workloads in cloud-native environments. Trusted by numerous Security and DevOps teams, Wallarm excels in comprehensive web app and API endpoint discovery, shielding against emerging threats across their API portfolio, and automating incident response for enhanced risk management. The platform is designed to support modern tech stacks, offering a myriad of deployment options in both cloud and Kubernetes-based environments, including a full cloud solution. Based in San Francisco, California, Wallarm is backed by prominent investors like Y Combinator, Toba Capital, Partech, and others.

Read More

Platform Security

SentinelOne Launches RemoteOps Forensics for Faster Incident Response

SentinelOne | September 18, 2023

SentinelOne, a global leader in autonomous cybersecurity, is addressing the pressing need for rapid and effective responses to the escalating wave of cyber breaches. Today, the company announced the launch of Singularity RemoteOps Forensics, a pioneering digital forensics product designed to streamline and accelerate incident response readiness. This innovative solution promises to empower organizations of all sizes, ushering in a new era of efficient and scalable investigation and response capabilities in the face of evolving cybersecurity challenges. Integrated seamlessly with the SentinelOne Singularity Platform and as an add-on to Sentinel One's Endpoint and Cloud Workload Security solutions, RemoteOps Forensics offers a rapid, adaptable digital forensics and incident response solution. Security teams can leverage this tool to enhance efficiency by optimizing resources and accelerating Mean Time to Resolution. With the capability for targeted investigations on various assets, including endpoints and server workloads, it enables conditional trigger-based evidence collection. This automation efficiently gathers evidence, such as process data, ports, service listings, MFT, Amcache, JumpLists, and memory dumps, orchestrating them in under a minute. Consolidating evidence into the Singularity Security DataLake allows for the correlation of SentinelOne and partner data with forensics data in a unified search, facilitating a comprehensive view of attacks, rapid root cause identification, and risk mitigation. Furthermore, it provides the ability to analyze collected evidence alongside Endpoint Detection and Response (EDR) data within a single console, empowering proactive defense against future threats. The integration and analysis of this combined data unveil concealed indicators of compromise, detect advanced attack patterns, and offer insights into threat actors' tactics, techniques, and procedures. RemoteOps Forensics is a cost-effective and resource-efficient solution that seamlessly integrates with the SentinelOne agent. This integration alleviates the necessity of deploying and provisioning multiple tools throughout the investigative process, resulting in significant time and resource savings for organizations. In addition, this innovative solution prioritizes the maintenance of forensic integrity by minimizing changes made to the disk, and it leverages SentinelOne's anti-tampering and metadata collection capabilities to safeguard data integrity. In doing so, it streamlines investigations and upholds the highest standards of forensic rigor, reinforcing organizations' cybersecurity defenses with a comprehensive and efficient approach. Jane Wong, Senior Vice President of Products and Strategy at SentinelOne, said, As timelines for reporting and responding to breaches shrink, it is imperative that the security teams have advanced forensics capabilities that can make investigations faster and more efficient, and with Singularity RemoteOps Forensics, the team is delivering them. [Source – Business Wire] SentinelOne's new forensic capabilities help develop incident response by enabling security teams to conduct thorough investigations more quickly, Jane also mentioned eliminating the requirement for specialized expertise or additional tools. About SentinelOne SentinelOne is a leading provider of autonomous cybersecurity solutions. With its identified Singularity Platform, the company excels at detecting, preventing, and responding swiftly to cyber threats. SentinelOne enables businesses to protect their endpoints, cloud workloads, containers, and identities, as well as their mobile and network-connected devices, with unparalleled speed, accuracy, and ease of use. With a formidable clientele comprising over 11,000 customers, SentinelOne has proven itself as the trusted guardian of a secure digital future.

Read More

Cloud Security

Checkmarx Announces Technology Partner Program to Enable the Industry's Most Extensible, Code-to-Cloud Enterprise AppSec Ecosystem

PR Newswire | October 19, 2023

Checkmarx, the industry leader in cloud-native application security for the enterprise, today announced its Checkmarx Technology Partner program, enabling organizations to easily extend the leading AppSec platform with a wide range of technology partner capabilities. The combination of best-of-breed technology partners with the leading enterprise AppSec platform helps organizations shift everywhere, from code to cloud, with a unified AppSec posture integrated into the software development life cycle (SDLC). Checkmarx' Technology Partner Program helps organizations simplify management across their AppSec programs, get more value out of existing AppSec solutions and drive better security outcomes. Providing broad support for greater AppSec maturity throughout the entire SDLC, the Checkmarx Technology Partner program enables partners and their customers to centralize and simplify discovery in these key areas through Checkmarx One: Vulnerability and risk management systems: Aggregate, normalize and prioritize vulnerabilities and risks with a unified, holistic view with partners like ArmorCode, Brinqa and ServiceNow. SDLC tools: Integrate AppSec at all stages of the software development lifecycle within the environments and tools used daily by analysts, developers and testers with partners like GitLab, JetBrains and Security Compass. Cloud and runtime security: Match cloud assets at runtime with application source code projects so that vulnerabilities found in the developer source code are enriched with runtime context, and runtime cloud security inventories are enriched with AppSec findings – all possible through partners like AWS, Cisco Panoptica and Sysdig. Emerging technologies: Work with the most innovative startups and technologies including AI and GenAI to shape tomorrow's AppSec solutions landscape with partners like Mobb.ai. Expanding this ecosystem simplifies the process of mitigating AppSec risk for our partners' customers, making their applications exponentially more secure during a time of escalating threats, said Kobi Tzruya, Chief Research and Development Officer at Checkmarx. From protecting AI-generated code to helping build trust between developers and security teams, Checkmarx One is already the AI-driven, enterprise-ready AppSec platform of choice. Now working with other leading technology companies to meet the need for streamlined, consolidated solutions will make life easier and applications safer for everyone. Checkmarx recently announced Sysdig as its latest technology partner, bringing runtime container insights into Checkmarx One so organizations can prioritize vulnerabilities associated with container packages that are actually running and that pose the most risk. "The top application security vendors have a responsibility to team up to provide more robust and complete solutions for the world's enterprises," said Bryan Smoltz, VP of Technology Alliances at Sysdig. "By delivering runtime insights within Checkmarx One, customers have clear visibility into the workloads that are running in production so they can make better-informed security decisions. Together, we're helping to bring maximum protection at cloud speed." Technology partners also benefit from the program with new marketing and sales opportunities, and by making their solution readily accessible to Checkmarx' more than 1,800 customers, including 60% of the Fortune 100. The Checkmarx One platform scans more than 100 billion lines of code monthly and its world-renowned Checkmarx Labs security research team provides ongoing threat intelligence to inform product development and to advise customers of their best defenses in today's threat landscape. For more information about becoming a Checkmarx Technology Partner, visit this page. Click here to explore the Checkmarx One partnership ecosystem. About Checkmarx Checkmarx is the enterprise application security leader and the provider of Checkmarx One™, the industry-leading cloud-native AppSec platform that helps enterprises build #DevSecTrust. Powered by the intelligence from our industry-leading AppSec security research team, and our AI-driven technology and services, our platform is designed to enable CISOs, AppSec and development leaders to prioritize their teams' focus on what impacts their business. Our offerings secure every phase of development for every application, from the very first line of code through production, while simultaneously balancing the dynamic needs of security and development teams. It's no longer just about shifting left or right - it's about shifting everywhere. We are honored to serve more than 1,800 customers, which includes 60 percent of all Fortune 100 organizations. We are committed to moving forward with unwavering dedication to the safety and security of our customers, and the applications that power our day-to-day lives. Checkmarx. Make Shift Happen.

Read More

Software Security

Axiado Launches AI Security Platform Featuring OCP Compliant Modules, Strategic Software Alliances, and Premier System Partners

PR Newswire | October 17, 2023

Axiado, a leading innovator in AI-enabled hardware secure solutions, today announced its readiness to deploy its TCU (Trusted Control/Compute Unit) platform security solution for the world of cloud, 5G and network switching technologies. "Cloud security is going through an inflection point. Axiado's comprehensive approach to secure platforms at the hardware level and their commitment to collaborative partnerships position them as a key player in shaping the future of this space," said Patrick Moorhead, CEO and Chief Analyst, Moor Insights & Strategy. Axiado's is responding to today's disruptive market landscape by offering a turnkey solution by showcasing the following key milestones: Open Compute Project (OCP)-compliant modules: Axiado has launched innovative DC-SCM 2.0 (Data Center Secure Control Module) modules in both horizontal and 1U vertical form factors – an industry first. The portfolio also includes network compute modules (NCMs) to accelerate secure network processing. This offering enables complex hardware interoperability, making it easier and more efficient for engineers to develop and deploy secure solutions. ODM/OEM strategic partnerships: Axiado has worked closely with ODM/OEM industry leaders to build complete systems integrated with essential security and control features, ensuring that Axiado's solutions meet the full requirements of end customers. Demos of these TCU-based ODM/OEM systems for each of the target applications (cloud, 5G and enterprise switching) will be unveiled at the OCP Global Summit. Collaboration with trusted firmware players: Axiado is collaborating with industry-leading software companies such as Insyde and AMI, ensuring integration of Axiado solutions into the software ecosystem. Engagement with the OCP community: Selected by OCP to be part of its new Startup Program, Axiado is actively engaging with the OCP community to introduce a vertical version of DC-SCM2.0 / 1U. In addition, Axiado is adopting Caliptra Silicon root of trust (RoT) as an option on its TCU platform and will demonstrate the use of Caliptra to perform silicon RoT with a CPU host. Go-to-market acceleration: Turnkey kits, including full software for management and security running on the TCU while interfacing to a host CPU, are available now for proof-of-concept, system integration and key security implementation. Axiado's mission is to provide engineering excellence and innovative solutions that empower the industries of tomorrow, said Gopi Sirineni, President and CEO, Axiado. We believe that by addressing the complex challenges faced in the cloud, 5G and network switching markets, we are enabling our customers to achieve their goals more efficiently and securely. Demonstrations at OCP Summit 2023 Axiado, in collaboration with its partners AEI, AMD, Gigabyte, Sanmina, Senao, Tyan, VVDN and Wiwynn, will demonstrate its full platform security solution at the 2023 OCP Global Summit on October 17-19. In addition, at Station 4 at the OCP Experience Center, Axiado will showcase a DC-SCM2.0 demonstration for Caliptra silicon RoT alongside Tyan and AMD. Supporting Quotes: What Industry Leaders are Saying about Axiado's Platform Security Solution Harry Soin, Senior Director of Technical Marketing, Advanced Energy "Employing the latest advances in security is mandatory to protect next generation cloud computing. I've seen Axiado, with its TCU building block, be a good match with our power products to enhance the level of security and protection of our customer's server power systems." Srivatsan Ramachandran, Vice President and General Manager, Global Strategic Business, AMI "AMI has been a driving force behind modern compute environments, providing scalability, security, and sustainability. We're thrilled to team up with the cybersecurity innovators at Axiado, integrating AI-infused hardware solutions to embrace the next wave of technological change. Together, we're shaping the future of tech." Daniel Hou, General Manager, Giga Computing "The enterprise server market is demanding advanced security features that require a new breed of chip solutions and AI-driven approaches. The Axiado TCU AX2000/AX3000 family offers a fresh and new approach to platform security. Early adoption of innovative technologies like Axiado's will enable a continued leadership position for GIGABYTE with our enterprise customer base." Stephen Gentile, Chief Marketing Officer, Insyde Software "As a leading independent firmware supplier, Insyde Software fully understands the evolving security and management landscape and the importance of continual innovation in this area. That's why we are thrilled to collaborate with innovative newcomers like Axiado, ensuring our mutual customers have best-in-class platform security solutions." Bou Lin, President, Senao "Our clients consistently express the need for enhanced security protection in our next-generation product line, including enterprise-class top-of-rack switches. By integrating the Axiado TCU into Senao's leading enterprise switches, we can deliver the enhanced security features our clients demand today." Eric Kuo, Vice President of MiTAC Computing Technology Corporation's Server Infrastructure Business Unit, Tyan Computer Corporation "TYAN is a strong believer in modularized server systems for enterprise customers as well as cloud service providers. We therefore work closely with silicon players like Axiado to ensure a new wave of platform security solutions can fit well within OCP's DC-SCM2.0 specifications. Our engineering teams collaborate to ensure interoperability between TCU - based DC-SCM and TYAN's industry leading Host Processor Modules." William Lin, President of Enterprise & Networking Business Group, Wistron Corp. "Wistron is a key proponent for OCP based initiatives such as DC-SCM as it aligns well with our end customers in the Enterprise and CSP markets. We are therefore excited to look for opportunities to collaborate with chip-level disruptors such as Axiado which complement our go-to-market vision and provide new innovations in platform security. Steven Lu, Executive Vice President, Wiwynn "The collaboration between Wiwynn and Axiado signifies a critical leap forward for the cloud service provider and enterprise markets. This shift toward modular systems aligns perfectly with the industry's trajectory and reinforces Wiwynn's position as a Tier 1 player." About Axiado's TCU The Axiado AX3000/AX2000 TCUs represent a new category of forensic-enabled cybersecurity processors designed to enhance existing zero-trust models. TCUs combine silicon, AI and data collection, and software into a compact, power-efficient SoC with unique AI functionality explicitly designed for security. The single-chip solution is rooted in real-time and proactive AI with pre-emptive threat detection and comprehensive protection provided by a dedicated coprocessor that allows manufacturers to build safe, secure, and resilient solutions by design and default. The TCU relies extensively on AI-based real-time threat mitigation with forensic-enabled hardware fingerprints as well as platform monitoring and optimization (clocks/voltages/temperature) using AI and machine learning (ML). The TCU solution includes root of trust (RoT), baseboard management controller (BMC), trusted platform module (TPM), hardware security module, SmartNIC, firewall, and AI and ML technologies. About Axiado Axiado is a cybersecurity semiconductor company deploying a novel, AI-driven approach to platform security against ransomware, supply chain, side-channel and other cyberattacks in the growing ecosystem of cloud data centers, 5G networks and other disaggregated compute networks. The company is developing new class of processors called the trusted control/compute unit (TCU) that redefines security from the ground-up: its hardware-anchored and AI-driven security technologies include Secure Vault root-of-trust/cryptography core and per-platform Secure AI pre-emptive threat detection engine. Axiado is a San Jose based company with a mission to protect the users of everyday technologies from digital threats. For more information, go to axiado.com or follow us on LinkedIn.

Read More