Data Security

Vectra AI Reveals Cybersecurity Blind Spots in PaaS and IaaS Environments with Security Survey

Vectra AI | August 06, 2021

Vectra AI, a leader in threat detection and response, today released the findings of the PaaS & IaaS Security Survey Report. The report compiled the answers of 317 IT executives all using AWS, 70% coming from organizations of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organizations.

As digital transformation efforts continue, the survey found that AWS is becoming an even more critical component to organizations who are regularly deploying new workloads, leveraging deployments in multiple regions and are relying on more than one AWS service. The survey found:

64% of DevOps respondents are deploying new workload services weekly or even more frequently
78% of organizations are running AWS across multiple regions (40% in at least three)
71% of respondents say that they are using more than four AWS services (such as S3, EC2, IAM, etc.)
The expansion of AWS services has naturally led to increased complexity and risk with 100% of companies surveyed having experienced at least one security incident in their public cloud environment. Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration. Some blind spots the Vectra report uncovered include:

30% of organizations surveyed have no formal sign-off before pushing to production
40% of respondents say they do not have a DevSecOps workflow
71% of organizations say that 10 or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers.

Despite these blind spots, the survey showed that companies are taking security seriously. Over half of the companies reported having double-digit security operations center (SOC) headcounts, showing a significant investment in keeping their organizations secure.  

"Securing the cloud with confidence is nearly impossible due to its ever-changing nature," said Matt Pieklik, Senior Consulting Analyst at Vectra. "To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness."

Vectra has answered this industry need through the creation of Detect for AWS which reduces risk of cloud services being exploited, detects threats against AWS services, and automatically responds to attacks against applications running in AWS.

To learn more about the threats facing today's organizations you can download the full Paas & IaaS Security Survey Report or read our companion blog.

About Vectra

Vectra is the leader in threat detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using AI to enrich network metadata it collects and stores with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers four applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed. And Cognito Detect for Office 365 and Azure AD™ finds and stops attacks in enterprise SaaS applications and the Microsoft 365 ecosystem.

Spotlight

Counterfeit threats, such as fraudulent ads and look-alike domains, are on the rise especially with the expansion of e-commerce and online consumer-to-business interaction. However, the collection and mitigation of counterfeit activity can be complicated. Prioritizing relationships with platforms and providers along with collect


Other News
Data Security

Cohesity and Carahsoft Partner to Offer Data Security to Public Sector

Cohesity | September 07, 2023

Cohesity, an industry leader in data security and management, and Carahsoft Technology Corp., a provider of trusted government IT solutions, announced entering into a partnership. Under the agreement, Carahsoft plans to act as a distributor for Cohesity, making Cohesity's data cloud platform accessible to the Public Sector via Carahsoft's reseller partners, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), NASA Solutions for Enterprise-Wide Procurement (SEWP) V, National Association of State Procurement Officials (NASPO) ValuePoint, OMNIA Partners, National Cooperative Purchasing Alliance (NCPA), and E&I Cooperative service contract. The extensive data cloud platform from Cohesity consolidates data sources, assists in the elimination of infrastructure silos, and automates data management tasks. The platform streamlines data management by offering a single, user-friendly interface for managing data in cloud, on-premises, and edge environments. Cohesity's data security and management solutions offer the public sector with granular control over their data, enabling them to comply with legal and regulatory requirements and protect sensitive data. The Cohesity Data Cloud’s key capabilities include: Data Protection: Captures backup copies of data that are preserved inalterably and are instantaneously recoverable in an instance of a ransomware attack or other business disruptions. Data Security: Provides enhanced resilience to cyber threats via cyber vaulting, data classification, threat intelligence and scanning, and bidirectional integration with the security operations center of agencies. Data Mobility: Enables agencies to transfer data across hybrid multi-cloud environments in a secure and efficient manner, thereby reducing costs and increasing flexibility. Data Access: Eliminates unnecessary copies and efficiently manages files and objects at scale. Data Insight: Enables agencies to search, classify, and analyze data worldwide across their entire infrastructure in order to provide business value or pinpoint sensitive data for compliance. Kit Beall, Chief Revenue Officer at Cohesity, said, We are pleased to partner with Carahsoft and its resellers to provide U.S. government agencies with powerful novel capabilities based on our leadership position in data security and management. [Source – GlobeNewswire] Beall also added that they look forward to expanding their strategic partnership with Carahsoft to assist public sector customers in strengthening their cyberspace resilience in the face of evolving advanced adversaries. About Cohesity Cohesity is an industry leader in AI-powered data management and security. The company makes it simple to secure, protect, manage, and extract value from data — across the data center, cloud, and edge. It provides organizations with comprehensive data security and management capabilities, such as AI-based threat detection, immutable backup snapshots, and monitoring malicious behavior, among others, to defend against cybersecurity threats. About Carahsoft Carahsoft Technology Corp. is a trusted government IT solutions provider serving public sector organizations across local, state, and federal government agencies and healthcare and education markets. As the master government aggregator for vendor partners, the company provides solutions for multicloud, DevSecOps, cybersecurity, Big Data, AI, customer experience and engagement, open source, and other domains. Working with resellers, systems integrators, and consultants, Carahsoft's sales and marketing teams provide hundreds of contract vehicles with industry-leading IT products, services, and training.

Read More

Data Security

Canadian Federal Government Choose Netskope as Preferred Vendor

Netskope | September 11, 2023

Netskope, an industry-leading secure access service edge (SASE) provider, has announced that it has been chosen as the preferred cloud access security broker vendor for the Canadian Federal Government under the cybersecurity procurement vehicle (CSPV) of Shared Services Canada (SSC). The objective of the SSC cloud access security broker CSPV is to provide government users with secure access to cloud-based applications, including all software-as-a-service (SaaS) applications, regardless of their location. The Government of Canada (GC) selected Netskope after a competitive bidding process for a commercially available cloud access security broker service to fulfill its business requirements across various government organizations and agencies. The cloud access security broker service aims to facilitate the continued adoption, utilization, and delivery of SaaS cloud services by GC departments. The cloud access security broker service will improve the security posture of GC applications, services, and data as they are migrated to public cloud environments, permitting complete visibility and monitoring of GC cloud environments to detect, prevent, and respond rapidly to cyber threats; and ensuring the privacy, confidentiality, and protection of GC data in accordance with GC policies. As an integral part of Netskope Intelligent Security Service Edge (SSE), Netskope's market-leading cloud access security broker enables agencies to detect and manage the usage of cloud applications rapidly, irrespective of whether they are managed or unmanaged, and safeguard sensitive data from being stolen by malicious cybercriminals or risky insiders who have compromised the technology environment. A cloud access security broker is a cloud-based or on-premises security policy enforcement point situated between cloud service providers and consumers to combine and insert enterprise security policies when cloud-based resources are accessed. With a cloud access security broker solution, agencies can manage the unintentional or unauthorized transfer of sensitive data between cloud application instances while expediting security workflows with simple policy controls and incident response management. Paul Tanasi, Federal Regional Manager, Netskope, said, With the hybrid workforce becoming the new normal, Canadian government departments and agencies are relying more and more on giving their users direct-to-cloud access to SaaS applications and to web applications in general. [Source – Cision PR Newswire] Paul Tanasi further mentioned that there is a requirement to ensure these users' security and regain some of the visibility and control they were accustomed to when everyone worked from the office. A solution is required to tackle risks associated with cloud services, enforce security policies, and adhere to regulations, mainly when dealing with cloud services that are located outside their network perimeter and beyond their direct control. Netskope's CASB solution would offer the capability to adopt cloud applications and services confidently without compromising security or performance. About Netskope Netskope, an industry leader in SASE, assists organizations in implementing zero trust principles and AI/ML innovations to safeguard data and defend against cyber threats. The company's platform offers optimized access and real-time security for devices, people, and data, regardless of their location. Netskope assists customers in mitigating risk, accelerating application performance, and gaining unparalleled visibility into cloud, web, and private application activity. Thousands of clients rely on Netskope and its robust NewEdge network to combat evolving threats, technology shifts, new risks, organizational and network changes, and others.

Read More

Enterprise Security

Skybox Security Launches New Continuous Exposure Management Platform

Skybox Security | September 14, 2023

Skybox Security, a leading Exposure Management solutions provider, has unveiled the next generation of its prestigious Continuous Exposure Management Platform. This 13.0 release introduces significant enhancements to its solution for Attack Surface and Vulnerability Management, which revolutionizes the manner businesses manage and mitigate cyber exposure risk. Attack Surface Management Delivers Complete Visibility Skybox's Surface Management solution provides an extensive inventory and map of users' assets and applications. It evaluates and simulates attack paths. The result is a dynamic security model for the hybrid attack surface. Version 13.0 introduces significant new features, including: New Attack Surface Map Enhanced Attack Path Analysis LDAP Integration Cloud Infrastructure Integration Vulnerability Management Deepens Exposure Insights Skybox's Vulnerability Management solution combines more than 25 third-party threat intelligence feeds with its own Skybox Threat Intelligence feed in order to prioritize threats based on exposure risk and remediate vulnerabilities with prescriptive guidance. With Version 13.0, businesses are able to: Import Vulnerability Data New Business-Focused' Solutions View' Celebrity Vulnerabilities SOAR Integration Mordecai Rosen, CEO of Skybox Security, said, In today's complex threat landscape, organizations need to continuously manage their threat exposure based on the prioritized risks to their business. [Source – Business Wire] Rosen stated that the Skybox platform now supports every stage of an enterprise's continuous exposure management (CEM) program, from mapping the attack surface through contextualization and risk-based prioritization to final remediation. It was also mentioned that the latest enhancements enable organizations to further improve their security posture and substantially reduce the risk of a successful attack. About Skybox Skybox is trusted by over 500 of the world's largest and most security-conscious enterprises for providing insights and assurance to stay ahead of dynamically changing attack surfaces. Its Exposure Management Platform provides complete analytics, visibility, and automation to quickly prioritize, map, and remediate vulnerabilities across organizations. The vendor-agnostic solution optimizes security policies, actions, and change processes across all cloud environments and corporate networks. With Skybox, security teams can emphasize the most strategic business initiatives while ensuring enterprises remain protected.

Read More

Software Security

Lacework and Snowflake Expand Their Alliance to Secure Cloud Business

Lacework | September 15, 2023

Lacework, a company specializing in data-driven cloud security, and Snowflake, a prominent Data Cloud company, have jointly announced an expanded partnership. This partnership aims to propel the evolution of cloud infrastructure while enhancing cloud security automation at scale. Through this extended collaboration, security teams gain direct access to their Lacework cloud security data using Snowflake's secure data sharing, thus enabling unified visibility and tailored automation. Ulfar Erlingsson, Chief Architect, Lacework, said, Snowflake has been a dedicated platform partner as Lacework has scaled our business to support over 900 customers — ranging from small, early-stage startups to some of the most sophisticated enterprises running in the cloud space today — whose operations result in tremendous volume, variety, and velocity of security-relevant data. [Source – Cision PR Newswire] Erlingsson mentioned that, over the past seven years, Lacework had successfully conducted timely and efficient data processing by utilizing the Snowflake Data Cloud, even among a highly skewed set of customers. He further explained that their extended partnership with Snowflake would enhance their ability to serve joint customers at a cloud scale. This would apply whether customers needed them to handle only a small amount of security data or data processing at rates as high as 10s of gigabytes per second. As generative AI advances and becomes more accessible across various industries, the frequency and severity of cybersecurity threats are on the rise. This trend is driven by businesses accelerating their development processes and increasing cloud data generation. Addressing this new era of cloud security necessitates a fundamentally fresh approach, and Lacework's platform is designed to efficiently manage the substantial volume of data within an organization's cloud ecosystem. This includes data related to code, identities, containers, and multi-cloud infrastructure, with Snowflake serving as a critical platform partner. Through the combined capabilities of Lacework's security platform and Snowflake's Data Cloud, customers gain the ability to extend the value of cloud security data throughout their organization. This enables organizations to thoroughly assess their security and compliance status. Head of Cybersecurity Strategy at Snowflake, Omer Singer, said, Among the many potential advantages of generative AI is the ability for enterprises to deploy new applications faster, which places even more emphasis on the need to have scalable infrastructure and solutions. The combination of Snowflake and Lacework will continue to assist organizations scale their cloud businesses securely in the new era. [Source – Cision PR Newswire] About Lacework Lacework protects organizations in the cloud, enabling them to innovate with greater speed and assurance. Lacework's platform is designed to scale with the variety, volume, and velocity of cloud data across an organization's cloud environment, including code, containers, identities, and multi-cloud infrastructure. Only Lacework provides Security and Development teams with a connected and prioritized end-to-end view that identifies the most significant hazards and security events. About Snowflake The Snowflake enables all organizations to mobilize their data with its Data Cloud. Customers utilize the Data Cloud to integrate disparate data sources, power data applications, discover and securely share data, and implement a variety of AI/ML and analytic workloads. Snowflake provides a singular data experience that transcends multiple clouds and geographies, regardless of where data or users reside. Snowflake Data Cloud is used by thousands of customers across numerous industries, including 639 of the 2023 Forbes Global 2000 as of July 31, 2023.

Read More

Spotlight

Counterfeit threats, such as fraudulent ads and look-alike domains, are on the rise especially with the expansion of e-commerce and online consumer-to-business interaction. However, the collection and mitigation of counterfeit activity can be complicated. Prioritizing relationships with platforms and providers along with collect

Resources