Platform Security

Sophos Announces Sophos X-Ops

Sophos
Sophos, a global leader in next-generation cybersecurity, today announced Sophos X-Ops, a new cross-operational unit linking SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against constantly changing and increasingly complex cyberattacks. Sophos X-Ops leverages the predictive, real-time, real-world, and deeply researched threat intelligence from each group, which, in turn, collaborate to deliver stronger, more innovative protection, detection and response capabilities.

Sophos today is also issuing “OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks,” research about increased attacks against unpatched Microsoft SQL servers and how attackers used a fake downloading site and grey-market remote access tools to distribute multiple ransomware families. Sophos X-Ops identified and thwarted the attacks because the Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize the adversaries.

“Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged. Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos,” said Joe Levy, chief technology and product officer, Sophos. “We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise. Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response. Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.”

Speaking in March 2022 to the Detroit Economic Club about the FBI partnering with the private sector to counter the cyber threat, FBI Director Christopher Wray said, “What partnership lets us do is hit our adversaries at every point, from the victims’ networks back all the way to the hackers’ own computers, because when it comes to the FBI’s cyber strategy, we know trying to stand in the goal and block shots isn’t going to get the job done.

“We’re disrupting three things: the threat actors, their infrastructure and their money. And we have the most durable impact when we work with all of our partners to disrupt all three together.” Sophos X-Ops is taking a similar approach: gathering and operating on threat intelligence from its own multidisciplinary groups to help stop attackers earlier, preventing or minimizing the harms of ransomware, espionage or other cybercrimes that can befall organizations of all types and sizes, and working with law enforcement to neutralize attacker infrastructure. While Sophos’ internal teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined process necessary to counter equally fast-moving adversaries.

“Effective cybersecurity requires robust collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors at speed at scale. Combining these separate teams into Sophos X-Ops shows that Sophos understands this principle and is acting on it.”

Michael Daniel, president and CEO, Cyber Threat Alliance

Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity due to the aggressive advancements in organized cybercrime. By intertwining the expertise of each group, Sophos is pioneering the concept of an artificial intelligence (AI) assisted Security Operations Center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos believes this approach will dramatically accelerate security workflows and the ability to more quickly detect and respond to novel and priority indicators of compromise.

“The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it. The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups,” said Craig Robinson, IDC research vice president, Security Services. “Combining the ability to cut across a wide breadth of threat intelligence expertise with AI assisted features in the SOC allows organizations to better predict and prepare for imminent and future attacks.”

About Sophos
Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.

Spotlight

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission. In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a va


Other News
Software Security

ZeroFox Unveils New Anti-Phishing Features to Stop Attacks at Source

ZeroFox | September 22, 2023

ZeroFox, an industry-leading provider of enterprise software-as-a-service for external cybersecurity, has announced the unveiling of multiple anti-phishing product enhancements. These updates solidify ZeroFox's position as the world leader in digital risk protection. Developed using cutting-edge AI/ML technologies and designed by a team of top-tier security experts, these new anti-phishing features boost escalated alert volume, reduce the occurrence of false positives, and expedite the process from threat identification to initial disruption and successful takedowns for all our customers. The importance of these new features cannot be overstated, especially given the rising threat landscape. In the first half of 2023, ZeroFox Intelligence has recorded a substantial increase in the volume and complexity of phishing attacks, including a 30% surge in domain takedowns compared to the first half of 2022. New ZeroFox phishing trend research also highlights the adoption of evasion techniques like cloaking alongside emerging tactics such as SEO poisoning and phishing-as-a-service. These developments underscore the critical role of these new capabilities in safeguarding against evolving cyber threats. Continuous and Complete Protection Against Domain-based Threats ZeroFox adopts a unique approach to phishing compared to email security and conventional anti-phishing providers. Its strategy revolves around the identification, disruption, and elimination of the domains necessary for launching phishing campaigns. With daily monitoring of over 65 million domains, ZeroFox combats various threats like typo squats, subdomain spoofs, homoglyphs, and other malicious domain and URL-based attacks, effectively shielding customers and preventing any disruptions to business operations. Incorporate advanced domain protection capabilities to enhance their cybersecurity measures, aiming to achieve substantial and measurable business outcomes: Reduce Phishing Risks with Anti-Cloaking Capabilities: Strengthen Compliance and Trust with SSL Monitoring Secure Brand Identity with Favicon Search Improve Operational Efficiency with Enhanced Subdomain Coverage Enhance User Experience (UX) with Weblog Monitoring Mike Price, Chief Technology Officer of ZeroFox, said, ZeroFox has been detecting and disrupting phishing attacks for the last decade, constantly enhancing our solution to protect our customers from changing phishing techniques used by threat actors, including the widespread use of malicious cloaking and subdomains techniques. [Source – Globe Newswire] Price stated that the enhanced capabilities being announced represented their ongoing commitment to tackling the increasing phishing challenge encountered by security teams. He emphasized that as phishing continued to evolve, ZeroFox would remain a trusted anti-phishing partner dedicated to safeguarding customers from both current and future phishing techniques. About ZeroFox ZeroFox, a prominent enterprise software-as-a-service provider in the field of external cybersecurity, has revolutionized security beyond the corporate perimeter on the internet, where businesses conduct their operations and threat actors are active. Their platform seamlessly integrates cutting-edge AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust set of breach, incident, and takedown response tools. This enables them to uncover and disrupt various threats, including phishing and fraud campaigns, botnet exposures, impersonations, credential theft, data breaches, and physical threats that target domains, brands, personnel, and assets.

Read More

API Security

Wallarm Announces Policy Integration with MuleSoft AnyPoint Platform

Wallarm | October 13, 2023

Wallarm has announced the availability of Application and API Security policies seamless integration with the MuleSoft AnyPoint Platform, providing essential protection for apps and APIs in various deployment scenarios. This integration of Wallarm and MuleSoft presents a compelling choice for organizations dedicated to comprehensively safeguarding and managing their API security management, ensuring robust protection for their digital assets. In the digital age, enterprises heavily depend on APIs to facilitate application connections and drive their digital transformation. Wallarm's latest offering seamlessly integrates with the MuleSoft API management and integration platform, bolstering cloud security and compliance to meet the evolving needs of modern businesses. Effective API management is paramount for organizations, and the market offers numerous commercial solutions, each with its unique features. Whether opting for well-known platforms such as MuleSoft, Kong, or Apigee, or exploring external tools like Akamai Edge and Azion Edge, the decision on how to deploy and manage crucial APIs depends on factors such as scalability, performance, and existing infrastructure. Regardless of the chosen approach, the demand for robust API security that effortlessly aligns with these varied deployment methods remains a top priority. CEO and Co-founder of Wallarm, Ivan Novikov, said, Wallarm is keen to unveil a cutting-edge cloud-based security policy that is agile and fully integrated with MuleSoft, a leading integration and API management platform in the market. [Source – Business Wire] About Wallarm Wallarm is a leading provider of robust protection for APIs, microservices, web applications, and serverless workloads in cloud-native environments. Trusted by numerous Security and DevOps teams, Wallarm excels in comprehensive web app and API endpoint discovery, shielding against emerging threats across their API portfolio, and automating incident response for enhanced risk management. The platform is designed to support modern tech stacks, offering a myriad of deployment options in both cloud and Kubernetes-based environments, including a full cloud solution. Based in San Francisco, California, Wallarm is backed by prominent investors like Y Combinator, Toba Capital, Partech, and others.

Read More

Software Security

Lacework and Snowflake Expand Their Alliance to Secure Cloud Business

Lacework | September 15, 2023

Lacework, a company specializing in data-driven cloud security, and Snowflake, a prominent Data Cloud company, have jointly announced an expanded partnership. This partnership aims to propel the evolution of cloud infrastructure while enhancing cloud security automation at scale. Through this extended collaboration, security teams gain direct access to their Lacework cloud security data using Snowflake's secure data sharing, thus enabling unified visibility and tailored automation. Ulfar Erlingsson, Chief Architect, Lacework, said, Snowflake has been a dedicated platform partner as Lacework has scaled our business to support over 900 customers — ranging from small, early-stage startups to some of the most sophisticated enterprises running in the cloud space today — whose operations result in tremendous volume, variety, and velocity of security-relevant data. [Source – Cision PR Newswire] Erlingsson mentioned that, over the past seven years, Lacework had successfully conducted timely and efficient data processing by utilizing the Snowflake Data Cloud, even among a highly skewed set of customers. He further explained that their extended partnership with Snowflake would enhance their ability to serve joint customers at a cloud scale. This would apply whether customers needed them to handle only a small amount of security data or data processing at rates as high as 10s of gigabytes per second. As generative AI advances and becomes more accessible across various industries, the frequency and severity of cybersecurity threats are on the rise. This trend is driven by businesses accelerating their development processes and increasing cloud data generation. Addressing this new era of cloud security necessitates a fundamentally fresh approach, and Lacework's platform is designed to efficiently manage the substantial volume of data within an organization's cloud ecosystem. This includes data related to code, identities, containers, and multi-cloud infrastructure, with Snowflake serving as a critical platform partner. Through the combined capabilities of Lacework's security platform and Snowflake's Data Cloud, customers gain the ability to extend the value of cloud security data throughout their organization. This enables organizations to thoroughly assess their security and compliance status. Head of Cybersecurity Strategy at Snowflake, Omer Singer, said, Among the many potential advantages of generative AI is the ability for enterprises to deploy new applications faster, which places even more emphasis on the need to have scalable infrastructure and solutions. The combination of Snowflake and Lacework will continue to assist organizations scale their cloud businesses securely in the new era. [Source – Cision PR Newswire] About Lacework Lacework protects organizations in the cloud, enabling them to innovate with greater speed and assurance. Lacework's platform is designed to scale with the variety, volume, and velocity of cloud data across an organization's cloud environment, including code, containers, identities, and multi-cloud infrastructure. Only Lacework provides Security and Development teams with a connected and prioritized end-to-end view that identifies the most significant hazards and security events. About Snowflake The Snowflake enables all organizations to mobilize their data with its Data Cloud. Customers utilize the Data Cloud to integrate disparate data sources, power data applications, discover and securely share data, and implement a variety of AI/ML and analytic workloads. Snowflake provides a singular data experience that transcends multiple clouds and geographies, regardless of where data or users reside. Snowflake Data Cloud is used by thousands of customers across numerous industries, including 639 of the 2023 Forbes Global 2000 as of July 31, 2023.

Read More

Cloud Security

Checkmarx Introduces AI-Powered Checkmarx One Platform’s 3.0 Version

Checkmarx | October 12, 2023

Checkmarx, a leading provider of cloud-native application security solutions, has launched version 3.0 of its AI-powered Checkmarx One enterprise AppSec platform. Specifically developed for enterprise cloud development, Checkmarx One 3.0 enhances the developer experience significantly. It extends the AI-driven security features of the platform's CheckAI Plug-in, augments its reporting and analytics capabilities, and bolsters its Supply Chain Security solution, ensuring robust and efficient application security for enterprises. Sandeep Johri, CEO at Checkmarx, stated, Checkmarx One is the AI-driven application security (AppSec)platform for today and for the future. Enterprise CISOs now see the strength of their AppSec as critical to their overall security postures. Johri mentioned the importance of harnessing AI to safeguard intricate enterprise applications. They highlighted the need for the platform to be user-friendly for developers while providing a strong defense against software supply chain attacks. Checkmarx One Version 3.0 offers: AI-Powered Application Security Seamless Developer Experience Expanded Supply Chain Security Capabilities Advanced API Security Consolidated, Simplified AppSec Advanced Reporting and Analytics Amit Daniel, Chief Marketing Officer at Checkmarx, said, Checkmarx One offers tremendous and measurable benefits for our customers, improving both developer experience and application security for a more seamless faster time-to-market and AppSec experience. Daniel mentioned that a Fortune 500 customer tailored their AppSec solution, enhanced their AppSec skills through secure code training, and established a security champions program to connect development and AppSec teams. As a result, there was a 1600x increase in the number of vulnerabilities remediated, significantly enhancing enterprise security. About Checkmarx Checkmarx, a leader in enterprise application security, offers Checkmarx One, a cloud-native AppSec platform promoting DevSecTrust in enterprises. Informed by insights from their renowned AppSec security research team and powered by AI-driven technology, the platform empowers AppSec, CISOs, and development leaders to focus on key business impact areas. It secures every development phase for all applications, from initial coding to production, harmonizing the evolving needs of security and development teams. Going beyond traditional paradigms, Checkmarx ensures security permeates every aspect. The company serves 1,800+ customers, including 60% of Fortune 100 organizations, and is committed to its customers' safety and the security of applications shaping daily lives.

Read More

Spotlight

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission. In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a va

Resources