Information Security Analytics

The following is an excerpt from Information Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data by authors Mark Ryan Talabis, Robert McPherson, Inez Miyamoto and Jason L. Martin and published by Syngress. This section from chapter 7 explores security intelligence.

Spotlight

Other News
Software Security

Lacework and Snowflake Expand Their Alliance to Secure Cloud Business

Lacework | September 15, 2023

Lacework, a company specializing in data-driven cloud security, and Snowflake, a prominent Data Cloud company, have jointly announced an expanded partnership. This partnership aims to propel the evolution of cloud infrastructure while enhancing cloud security automation at scale. Through this extended collaboration, security teams gain direct access to their Lacework cloud security data using Snowflake's secure data sharing, thus enabling unified visibility and tailored automation. Ulfar Erlingsson, Chief Architect, Lacework, said, Snowflake has been a dedicated platform partner as Lacework has scaled our business to support over 900 customers — ranging from small, early-stage startups to some of the most sophisticated enterprises running in the cloud space today — whose operations result in tremendous volume, variety, and velocity of security-relevant data. [Source – Cision PR Newswire] Erlingsson mentioned that, over the past seven years, Lacework had successfully conducted timely and efficient data processing by utilizing the Snowflake Data Cloud, even among a highly skewed set of customers. He further explained that their extended partnership with Snowflake would enhance their ability to serve joint customers at a cloud scale. This would apply whether customers needed them to handle only a small amount of security data or data processing at rates as high as 10s of gigabytes per second. As generative AI advances and becomes more accessible across various industries, the frequency and severity of cybersecurity threats are on the rise. This trend is driven by businesses accelerating their development processes and increasing cloud data generation. Addressing this new era of cloud security necessitates a fundamentally fresh approach, and Lacework's platform is designed to efficiently manage the substantial volume of data within an organization's cloud ecosystem. This includes data related to code, identities, containers, and multi-cloud infrastructure, with Snowflake serving as a critical platform partner. Through the combined capabilities of Lacework's security platform and Snowflake's Data Cloud, customers gain the ability to extend the value of cloud security data throughout their organization. This enables organizations to thoroughly assess their security and compliance status. Head of Cybersecurity Strategy at Snowflake, Omer Singer, said, Among the many potential advantages of generative AI is the ability for enterprises to deploy new applications faster, which places even more emphasis on the need to have scalable infrastructure and solutions. The combination of Snowflake and Lacework will continue to assist organizations scale their cloud businesses securely in the new era. [Source – Cision PR Newswire] About Lacework Lacework protects organizations in the cloud, enabling them to innovate with greater speed and assurance. Lacework's platform is designed to scale with the variety, volume, and velocity of cloud data across an organization's cloud environment, including code, containers, identities, and multi-cloud infrastructure. Only Lacework provides Security and Development teams with a connected and prioritized end-to-end view that identifies the most significant hazards and security events. About Snowflake The Snowflake enables all organizations to mobilize their data with its Data Cloud. Customers utilize the Data Cloud to integrate disparate data sources, power data applications, discover and securely share data, and implement a variety of AI/ML and analytic workloads. Snowflake provides a singular data experience that transcends multiple clouds and geographies, regardless of where data or users reside. Snowflake Data Cloud is used by thousands of customers across numerous industries, including 639 of the 2023 Forbes Global 2000 as of July 31, 2023.

Read More

Software Security

Axiado Launches AI Security Platform Featuring OCP Compliant Modules, Strategic Software Alliances, and Premier System Partners

PR Newswire | October 17, 2023

Axiado, a leading innovator in AI-enabled hardware secure solutions, today announced its readiness to deploy its TCU (Trusted Control/Compute Unit) platform security solution for the world of cloud, 5G and network switching technologies. "Cloud security is going through an inflection point. Axiado's comprehensive approach to secure platforms at the hardware level and their commitment to collaborative partnerships position them as a key player in shaping the future of this space," said Patrick Moorhead, CEO and Chief Analyst, Moor Insights & Strategy. Axiado's is responding to today's disruptive market landscape by offering a turnkey solution by showcasing the following key milestones: Open Compute Project (OCP)-compliant modules: Axiado has launched innovative DC-SCM 2.0 (Data Center Secure Control Module) modules in both horizontal and 1U vertical form factors – an industry first. The portfolio also includes network compute modules (NCMs) to accelerate secure network processing. This offering enables complex hardware interoperability, making it easier and more efficient for engineers to develop and deploy secure solutions. ODM/OEM strategic partnerships: Axiado has worked closely with ODM/OEM industry leaders to build complete systems integrated with essential security and control features, ensuring that Axiado's solutions meet the full requirements of end customers. Demos of these TCU-based ODM/OEM systems for each of the target applications (cloud, 5G and enterprise switching) will be unveiled at the OCP Global Summit. Collaboration with trusted firmware players: Axiado is collaborating with industry-leading software companies such as Insyde and AMI, ensuring integration of Axiado solutions into the software ecosystem. Engagement with the OCP community: Selected by OCP to be part of its new Startup Program, Axiado is actively engaging with the OCP community to introduce a vertical version of DC-SCM2.0 / 1U. In addition, Axiado is adopting Caliptra Silicon root of trust (RoT) as an option on its TCU platform and will demonstrate the use of Caliptra to perform silicon RoT with a CPU host. Go-to-market acceleration: Turnkey kits, including full software for management and security running on the TCU while interfacing to a host CPU, are available now for proof-of-concept, system integration and key security implementation. Axiado's mission is to provide engineering excellence and innovative solutions that empower the industries of tomorrow, said Gopi Sirineni, President and CEO, Axiado. We believe that by addressing the complex challenges faced in the cloud, 5G and network switching markets, we are enabling our customers to achieve their goals more efficiently and securely. Demonstrations at OCP Summit 2023 Axiado, in collaboration with its partners AEI, AMD, Gigabyte, Sanmina, Senao, Tyan, VVDN and Wiwynn, will demonstrate its full platform security solution at the 2023 OCP Global Summit on October 17-19. In addition, at Station 4 at the OCP Experience Center, Axiado will showcase a DC-SCM2.0 demonstration for Caliptra silicon RoT alongside Tyan and AMD. Supporting Quotes: What Industry Leaders are Saying about Axiado's Platform Security Solution Harry Soin, Senior Director of Technical Marketing, Advanced Energy "Employing the latest advances in security is mandatory to protect next generation cloud computing. I've seen Axiado, with its TCU building block, be a good match with our power products to enhance the level of security and protection of our customer's server power systems." Srivatsan Ramachandran, Vice President and General Manager, Global Strategic Business, AMI "AMI has been a driving force behind modern compute environments, providing scalability, security, and sustainability. We're thrilled to team up with the cybersecurity innovators at Axiado, integrating AI-infused hardware solutions to embrace the next wave of technological change. Together, we're shaping the future of tech." Daniel Hou, General Manager, Giga Computing "The enterprise server market is demanding advanced security features that require a new breed of chip solutions and AI-driven approaches. The Axiado TCU AX2000/AX3000 family offers a fresh and new approach to platform security. Early adoption of innovative technologies like Axiado's will enable a continued leadership position for GIGABYTE with our enterprise customer base." Stephen Gentile, Chief Marketing Officer, Insyde Software "As a leading independent firmware supplier, Insyde Software fully understands the evolving security and management landscape and the importance of continual innovation in this area. That's why we are thrilled to collaborate with innovative newcomers like Axiado, ensuring our mutual customers have best-in-class platform security solutions." Bou Lin, President, Senao "Our clients consistently express the need for enhanced security protection in our next-generation product line, including enterprise-class top-of-rack switches. By integrating the Axiado TCU into Senao's leading enterprise switches, we can deliver the enhanced security features our clients demand today." Eric Kuo, Vice President of MiTAC Computing Technology Corporation's Server Infrastructure Business Unit, Tyan Computer Corporation "TYAN is a strong believer in modularized server systems for enterprise customers as well as cloud service providers. We therefore work closely with silicon players like Axiado to ensure a new wave of platform security solutions can fit well within OCP's DC-SCM2.0 specifications. Our engineering teams collaborate to ensure interoperability between TCU - based DC-SCM and TYAN's industry leading Host Processor Modules." William Lin, President of Enterprise & Networking Business Group, Wistron Corp. "Wistron is a key proponent for OCP based initiatives such as DC-SCM as it aligns well with our end customers in the Enterprise and CSP markets. We are therefore excited to look for opportunities to collaborate with chip-level disruptors such as Axiado which complement our go-to-market vision and provide new innovations in platform security. Steven Lu, Executive Vice President, Wiwynn "The collaboration between Wiwynn and Axiado signifies a critical leap forward for the cloud service provider and enterprise markets. This shift toward modular systems aligns perfectly with the industry's trajectory and reinforces Wiwynn's position as a Tier 1 player." About Axiado's TCU The Axiado AX3000/AX2000 TCUs represent a new category of forensic-enabled cybersecurity processors designed to enhance existing zero-trust models. TCUs combine silicon, AI and data collection, and software into a compact, power-efficient SoC with unique AI functionality explicitly designed for security. The single-chip solution is rooted in real-time and proactive AI with pre-emptive threat detection and comprehensive protection provided by a dedicated coprocessor that allows manufacturers to build safe, secure, and resilient solutions by design and default. The TCU relies extensively on AI-based real-time threat mitigation with forensic-enabled hardware fingerprints as well as platform monitoring and optimization (clocks/voltages/temperature) using AI and machine learning (ML). The TCU solution includes root of trust (RoT), baseboard management controller (BMC), trusted platform module (TPM), hardware security module, SmartNIC, firewall, and AI and ML technologies. About Axiado Axiado is a cybersecurity semiconductor company deploying a novel, AI-driven approach to platform security against ransomware, supply chain, side-channel and other cyberattacks in the growing ecosystem of cloud data centers, 5G networks and other disaggregated compute networks. The company is developing new class of processors called the trusted control/compute unit (TCU) that redefines security from the ground-up: its hardware-anchored and AI-driven security technologies include Secure Vault root-of-trust/cryptography core and per-platform Secure AI pre-emptive threat detection engine. Axiado is a San Jose based company with a mission to protect the users of everyday technologies from digital threats. For more information, go to axiado.com or follow us on LinkedIn.

Read More

Software Security

SCYTHE Latest Version 4.1 Introduces Enhanced Deployment Flexibility and AI-Driven Productivity Boost

Business Wire | November 02, 2023

SCYTHE, a leading provider of cybersecurity solutions, announces the release of SCYTHE 4.1, the latest evolution in its cutting-edge cyber resilience offering. This release brings new and enhanced features to empower organizations in their continuous efforts to strengthen their cybersecurity posture. SaaS Offering for Unparalleled Flexibility SCYTHE 4.1 introduces its initial Software as a Service (SaaS) offering, providing organizations with newfound deployment flexibility. This SaaS option offers the same robust capabilities as the on-premises version, ensuring that teams can choose the deployment model that best suits their needs without pricing changes. SCYTHE's commitment to flexibility ensures that organizations can secure their infrastructure on their terms. Advanced Agent Support with Scheduling for Continuous Testing To unlock even greater control over security testing, SCYTHE 4.1 introduces advanced agent support with scheduling. This feature allows organizations to perform continuous testing by automating the deployment and execution of security assessments at specified intervals. With the power of scheduling, teams can proactively identify threats, assess controls, and evaluate their readiness to respond to cyber threats. SCYTHE empowers organizations to maintain the highest level of cyber resilience without manual intervention. Cloppy - Your AI-Powered Security Analyst In a significant leap forward, SCYTHE unveils the early access beta release of "Cloppy," its supervised machine learning (ML)-based AI analyst chatbot. Cloppy enhances team productivity, job satisfaction, and cybersecurity capabilities by delivering instant insights and recommendations. This AI-driven assistant will leverage private knowledge base instances, ensuring sensitive information stays secure. Cloppy is poised to become a trusted companion for security professionals, providing real-time guidance and augmenting their decision-making processes. As cyber threats continue to evolve, so must our approach to cybersecurity. SCYTHE 4.1 represents our commitment to innovation and empowering organizations to stay ahead of cyber adversaries, said Marc Brown, Head of Product at SCYTHE. With our SaaS offering, advanced agent support, and the introduction of Cloppy, we're equipping organizations with the tools they need to enhance their cyber resilience while simplifying offensive security. SCYTHE 4.1 Platform is now available for both new and existing customers. For more information on SCYTHE's comprehensive cyber resilience solutions, please visit https://scythe.io. About SCYTHE SCYTHE represents a paradigm shift in cybersecurity risk management, empowering organizations to Attack, Detect, and Respond efficiently. The SCYTHE platform enables collaboration between red, blue, and purple teams to build and emulate real-world adversarial campaigns. SCYTHE's innovative dual-deployment options and comprehensive features ensure a proactive cybersecurity approach. Headquartered in Arlington, VA, SCYTHE is privately funded by distinguished partners dedicated to shaping a more resilient cybersecurity landscape.

Read More

API Security

Data Theorem Introduces Industry’s First CNAPP Workflow Optimizations for Attack Path Analysis and Protection of APIs and Software Supply Chains

Business Wire | October 25, 2023

Data Theorem, Inc., a leading provider of modern application security, today introduced an industry-first attack path analysis of APIs and software supply chain exploits to its Cloud-Native Application Protection Platform (CNAPP) called Cloud Secure. The new release includes machine learning (ML)-based hacker toolkits and improved visualizations that boost discovery of potential data breaches in first-party APIs and third-party software supply chain assets hosted in multi-cloud environments. As a result of today’s launch, organizations can now leverage an advanced ML-based CNAPP solution to best secure their cloud-native apps and discover weaknesses which could lead to data breaches. Previously, organizations had to rely on cloud security posture management (CSPM) and agent-based cloud workload protection platforms (CWPP) that lack the ability to accurately detect attack surfaces such as first- and third-party APIs that lead to the critical path hackers utilize to successfully exploit vulnerabilities and extract sensitive data. Data Theorem’s new release of Cloud Secure now delivers Cloud Hacker Toolkits powered by a new set of visualization features and ML enhancements for exploit prioritization, helping organizations focus on the most critical vulnerabilities that hackers can take advantage of for a cyberattack to extract data from cloud-native apps. In addition, Cloud Secure now offers ML-powered optimized Cloud Assets inventory with new visualizations for organizations to better understand the relationships between applications (mobile and web), APIs (first and third party), and the myriad of cloud resources. As a result, organizations for the first time can have an accurate inventory of their cloud-native and cloud-hosted applications, and visualize the growing attack surfaces including APIs they develop themselves and APIs that come from leveraging open-source software, third-party software development kits (SDKs), and public cloud services within their software supply chains. As we have seen, machine learning, and particularly generative language learning model (LLM), offers a new set of innovations and creativity for both security practitioners and attackers, said Doug Dooley, Data Theorem COO. Data Theorem is pleased to offer the industry’s first CNAPP solution which leverages some of the more useful elements of machine learning combined with run-time analysis, observability, and active protection. Cloud Secure continues to lead the industry as the most application-centric CNAPP offering helping organizations uncover new attack vectors in cloud-native applications and APIs that ultimately prevent large-scale data breaches. ML-powered Hacker Tool Kits and Optimized Cloud Assets, in addition to Cloud Secure’s other advancements in this new release, uniquely protect organizations’ cloud applications in multi-cloud environments. Cloud Secure now also offers a new UI design that improves the end-to-end CNAPP workflow for organizations with new dashboard, inventory, security testing, and cloud-native protection sections. For example, the Cloud-Native Protection visualization graph with Cloud Abuse highlights priority events, actors, and attack path analysis that uniquely helps organizations diagnose near real-time data breaches and attempts at exfiltration attacks. In addition, Cloud Secure’s Enhanced Compliance Summary section with status and on-demand reporting downloads automates the audit processes to help organizations prove compliance. Cloud Secure, powered by Data Theorem’s award-winning Analyzer Engine, helps organizations secure their cloud-native applications and address regulatory compliance for cloud monitoring and reporting. It is the industry’s first solution delivering full-stack attack path analysis for cloud-native applications that starts at the client layer (mobile and web), protects the network layer (APIs), and extends down through the underlying infrastructure (cloud services). Its combination of attack path analysis and run-time active protections enables both offensive and defensive security capabilities to best prevent data breaches of cloud-native applications, embedded APIs, and serverless cloud functions. Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-driven microservices and cloud resources. Its solutions are powered by its award-winning Analyzer Engine which leverages a new type of dynamic and runtime analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation. Data Theorem is one of the first vendors to provide a full stack application security analyzer that connects attack surfaces of applications starting at the client layers found in mobile and web, the network layers found in APIs, and the infrastructure layers found in cloud services. About Data Theorem Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world. Data Theorem is headquartered in Palo Alto, Calif., with offices in New York and Paris. For more information visit www.datatheorem.com.

Read More