PLATFORM SECURITY

Searchlight Security Elevates Dark Web Intelligence to Board Level with New Automated Reporting

Searchlight Security | August 02, 2022 | Read time : 03:00 min

Searchlight Security
Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives.

DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business.

DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats.

“Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.”

Eric Milam, EVP product at Searchlight Security

DarkIQ Reporting gives enterprise security teams and MSSPs the ability to:
  • Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform.
  • Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data.
  • Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations.
  • Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers.
  • Resource more effectively - with less time spent on reporting so they can spend more time protecting the business.
  • Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence.

Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.”

About Searchlight Security
Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Spotlight

The time is now for virtual desktops. In our new eBook, we’ll show you how Citrix and Microsoft are ready to help you take the fastest route to a modern desktop. Citrix is authorized by Microsoft to provide users with the benefits of Windows Virtual Desktop. Is your IT experiencing infrastructure sprawl or inadequate network and


Other News
DATA SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS

Legit Security Discovers and Helps Remediate Software Supply Chain Vulnerabilities in Google Firebase & Apache Open-Source Projects

Legit Security | September 16, 2022

Legit Security, a cyber security company with an enterprise platform to secure an organization’s software supply chain, today announced that it discovered software supply chain attack vulnerabilities in popular open-source projects from Google and Apache. The discovered vulnerability affects GitHub, an extremely popular Source Code Management (SCM) system at the heart of many organization’s software supply chains and used by software developers globally. The Legit Security research team found a new type of CI/CD vulnerability called “GitHub Environment Injection” that allows attackers to take control of the vulnerable project's GitHub Actions CI/CD pipeline. Any GitHub user could exploit this vulnerability to modify the project’s source code, steal secrets, move laterally and attack inside the organization, and ultimately initiate a SolarWinds-like supply chain attack. The vulnerability was found in the Google Firebase project and in a very popular integration framework project from Apache. Both Google and Apache acknowledged and fixed the vulnerabilities after an initial disclosure by Legit Security. Legit Security has published a technical disclosure blog on their website including guidance for organizations to remediate this vulnerability. Legit Security’s Research Team discovered that a specially crafted payload written to a GitHub environment variable called “GITHUB_ENV” could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a “pull request” or a proposed change to the source code. The mere act of submitting the pull request will trigger the vulnerable build action and carry out a successful compromise and the attacker does not need to be subjected a code review approval from the source code maintainer for it to take effect. The Legit Security team disclosed these issues to Google and Apache project maintainers, along with remediation guidelines, and verified that these vulnerabilities weren’t exploited by a malicious actor. Both projects have been fixed and are now safe. However, these are not the only projects susceptible to this kind of attack. Since using the GITHUB_ENV file is currently considered the “safe” way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed to supply chain attacks. “This type of vulnerability joins many other software supply chain vulnerabilities and attacks targeting popular open-source projects, including GitHub, which is the largest and the de facto host of most open-source projects. “We, as a security community, must build the tools and processes to address these threats and allow organizations to trust software and use it safely. Here at Legit Security our mission is to secure every organization’s software supply chain and we are active conducting security research and collaborating on initiatives to achieve this goal." Liav Caspi, CTO and co-founder of Legit Security According to Gartner®, nearly half of organizations worldwide will experience an attack on their software supply chains by 2025, a three-fold increase from 2021. There has been a huge rise in attempts to compromise open-source projects and CI/CD build services, including GitHub Actions, to enable wide ranging attacks through software supply chains. For in-depth analysis of the GitHub Environment Injection vulnerability, along with broader information and guidance on how to protect your organization from software supply chain attacks, please visit the Legit Security website and blog. About Legit Security Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code and people so that businesses can stay safe while releasing software fast. Legit provides an easy to implement SaaS platform that supports both cloud and on-premises resources and combines automated discovery and analysis capabilities with hundreds of security policies developed by industry experts with real-world SDLC security experience. This integrated platform keeps your software factory secure and provides continuous assurance that your applications are released without vulnerabilities.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Cerberus Sentinel announces acquisition of NLT Secure

Cerberus Sentinel | September 07, 2022

Cerberus Cyber Sentinel Corporation , an industry leader as a managed cybersecurity and compliance provider, based in Scottsdale, Ariz., announced that it has completed the acquisition of NLT Secure, a cybersecurity company with headquarters in Providencia, Chile, and U.S. offices in Tampa, Florida. Under the terms of the agreement, NLT Secure became a wholly owned subsidiary of Cerberus Sentinel. NLT Secure provides a broad range of security solutions and managed services to organizations throughout South America. Lorenzo Espinoza, founder and chairman, NLT Secure, will continue to manage the company's team of professionals and will work closely with the leadership team in Latin America. “NLT Secure accelerates our growth strategy into Latin America and is an excellent cultural fit. “As cybersecurity continues to be a global challenge requiring a breadth of capabilities, NLT has made this its mission to help secure businesses and organizations. NLT Secure has partnered with our Arkavia Networks and CUATROi teams, also based in Chile, for several years and compliments our combined service offerings.” David Jemmett, CEO and founder of Cerberus Sentinel "Our vision has always been to protect and guarantee the continuity of operations for our clients considering the challenging scenario of cyber threats they face every day. I want to deeply thank the incredible team of professionals that make up NLT, because it is thanks to their passion and commitment that we have managed to make this dream come true. I´m so excited to take this step together with the incredible team of Cerberus Sentinel, with whom we share a culture and a vision,” said Espinoza. About Cerberus Sentinel Cerberus Sentinel is an industry leader as a managed cybersecurity and compliance provider. The company is rapidly expanding by acquiring world-class cybersecurity, secured managed services, and compliance companies with top-tier talent that utilize the latest technology to create innovative solutions to protect the most demanding businesses and government organizations against continuing and emerging security threats and compliance obligations.

Read More

PLATFORM SECURITY

Talon Cyber Security Announces $100M in Series A Funding to Redefine Security for the Future of Work

Talon Cyber Security | August 04, 2022

Talon Cyber Security, the leading secure enterprise browser provider, today announced $100 million in Series A funding, led by Evolution Equity Partners, with participation from Ballistic Ventures, CrowdStrike’s Falcon Fund, Merlin Ventures, SYN Ventures and previous investors CrowdStrike co-founder and CEO George Kurtz, Lightspeed Venture Partners, Sorenson Ventures and Team8. The funds will be used to accelerate go-to-market efforts to meet the increasing global demand for Talon’s secure enterprise browser, TalonWork, and deliver new product enhancements to continuously improve security for modern workforces. As organizations have embraced distributed work for employees and contractors, the reliance on SaaS applications has risen, and security needs have evolved drastically. The traditional ways of enabling secure access to enterprise applications are complex, expensive, and put organizations at risk. The TalonWork browser simplifies security by allowing secure access to corporate applications and data on any device, managed or unmanaged, and on any operating system. With Talon, security teams benefit from deep visibility into browser and application activity, as well as native security features like authentication, data loss prevention and Zero Trust controls. Based on Chromium, TalonWork delivers the consistent and familiar user experiences expected by today’s workers, fostering productivity across the enterprise. “We have built the team and technology to redefine and power security for the future of work – a future where security is delivered naturally through the enterprise’s most heavily-used application: the browser. “The world and the applications the largest organizations rely on are moving to the web, creating an extensive need for a vehicle that can provide secure access without changing the way work is conducted. This new funding will allow us to continue to show why that vehicle is Talon’s secure enterprise browser.” Ofer Ben-Noon, co-founder and CEO, Talon Cyber Security Co-founded by Ben-Noon and CTO Ohad Bobrov, Talon was named the winner of the Innovation Sandbox Contest at RSA Conference 2022, and has demonstrated unrivaled market and technical leadership since launching the industry’s first secure enterprise browser in October 2021. The company’s recent momentum includes numerous customer deployments at large organizations, the release of the industry’s first secure enterprise browser for mobile devices, and established partnerships with the two leaders in endpoint security: CrowdStrike and Microsoft. The round includes the conversion of $17 million in SAFE (Simple Agreement for Future Equity) investments announced earlier this year into A round shares, bringing Talon’s total amount raised to over $126 million. As part of today’s announcement, Richard Seewald, Founder and Managing Partner of Evolution Equity Partners, is joining Talon’s board of directors. “In cybersecurity, the word innovative gets thrown around often, but with Talon, it is a perfect descriptor,” said Richard Seewald, Founder and Managing Partner, Evolution Equity Partners. “I have never seen a company create and lead a category with such authority, and experience such impressive traction with customers so quickly. Talon has the potential to become one of the leading companies in the broader security industry, and it’s an honor to help them on their journey.” “Today’s threat environment is complex, but an organization’s approach to security should not be,” said George Kurtz, co-founder and CEO, CrowdStrike. “By delivering enterprise-grade security through the TalonWork browser, Talon makes security simple and effective for its customers.” “When we launched Ballistic, we made it our mission to find and partner with companies that have the technology and what it takes to change the trajectory of cybersecurity, and Talon fits this bill perfectly,” said Jake Seid, co-founder and General Partner, Ballistic Ventures. “The browser has fundamentally become the most important tool for today's workforce. Talon’s secure enterprise browser does something few security products do. It offers the trifecta of strong security, seamless end-user experience, and low cost and complexity for the enterprise. Talon’s team and solution are some of the strongest I have ever come across, and this financing will help propel the company to new heights.” “From my time as a CISO and now as an investment partner for leading security companies, I have evaluated countless technologies,” said Jay Leek, co-founder and Managing Partner, SYN Ventures. “The widespread problem that Talon addresses and the time to value of its technology is beyond impressive – it's a game changer. I’m thrilled to have the opportunity to work with the company and help accelerate its growth.” About Talon Cyber Security Talon Cyber Security is modernizing security programs and improving user experiences for hybrid work by delivering the first secure enterprise browser. Built on Chromium, the TalonWork browser provides customers with the consistent user experiences, deep security visibility, and control over SaaS and web applications needed to simplify security for the future of work. Talon was named the Most Innovative Startup of 2022 at the prestigious RSA Conference Innovation Sandbox Contest.

Read More

DATA SECURITY,PLATFORM SECURITY

SCYTHE New Version 4.0 Enhances Collaboration Across Multiple Security Team Roles

SCYTHE | September 09, 2022

SCYTHE, a leader in adversarial emulation, announced the release of version 4.0 of the company’s flagship cybersecurity platform, offering new features and functionality that will extend capabilities for greater collaboration between blue, red, and purple teams. SCYTHE runs real-world adversary emulations that help security teams reduce detection and response rates, validate controls, and optimize resources by enabling teams to prioritize vulnerabilities, and focus on the highest risk issues to the business. Its scalable platform automates adversary emulations and expands your team’s threat intelligence skills so that you can multiply your cybersecurity team’s velocity and reduce cybersecurity risk. SCYTHE has the largest, public library of threats in the breach attack simulation industry and has more capabilities than all other competitors combined as shown by Tidal Cyber’s Community Edition of their SaaS threat-informed defense platform. With a redesigned UI, SCYTHE 4.0 makes threats easier to manage by bringing campaign details to the surface, allows for greater communication between team members, and makes it simpler to take action via Jira integrations—all available as an on-prem or SaaS offering. Through automation, communication, and integrations, SCYTHE 4.0 is designed to help security teams collaborate, as a purple team, on adversary emulation. “The new SCYTHE 4.0 platform sets a new standard for adversary emulation automation for offensive, defensive, and hybrid purple teams to help customers strengthen defenses, share actionable data between teams to better resolve real-world cybersecurity concerns quickly, and improve collaboration,” said Stephanie Simpson, VP, Product. “Version 4.0 is based on feedback from our customers and prospects about what they need to optimize their teams’ breach and attack simulation (BAS) capabilities.” In addition to this, SCYTHE’s Cyber Threat Intelligence (CTI) Team just released offerings that are complementary to the SCYTHE platform capabilities and services that can serve as an extension of your security team. This includes emergency action emulation plans, custom plans, cloud-focused plans, and emulation plans covering more diverse tactics, techniques and procedures. What’s New With 4.0? SCYTHE version 4.0 was designed to enhance collaboration within security teams and improve the user experience. These updates include: Collaboration features — SCYTHE enables greater collaboration between blue, red, and purple teams to create and leverage existing adversary emulation plans. The updated, user-friendly dashboard clearly displays outcomes and severity of campaign results. Users can have different access levels to create and personalize realistic attacks or re-run existing attacks. In-platform messaging now allows for better and faster communication between users. Workflow automation — Users can take a more collaborative team approach and seamlessly share actionable insights through a Jira integration. SaaS and on-prem — Previously an exclusively on-prem solution, SCYTHE 4.0 now has a SaaS offering available to provide flexibility to customers in any type of environment. SCYTHE 4.0 will be available for customers in Q4. About SCYTHE SCYTHE is like hiring the hacker you always wanted, but could never afford. SCYTHE transforms your organization’s capabilities and defines a new technology category: Attack, Detect, and Respond to integrate cybersecurity risk management across people, process, and technology. The SCYTHE 4.0 platform enables collaboration between red, blue, and purple teams to build and emulate real-world adversarial campaigns. Customers can easily and quickly validate the risk posture and exposure of their business and employees and the performance of enterprise security teams and existing security solutions.

Read More

Spotlight

The time is now for virtual desktops. In our new eBook, we’ll show you how Citrix and Microsoft are ready to help you take the fastest route to a modern desktop. Citrix is authorized by Microsoft to provide users with the benefits of Windows Virtual Desktop. Is your IT experiencing infrastructure sprawl or inadequate network and

Resources