DATA SECURITY

XM Cyber Confirms Cortex XSOAR Integration with Palo Alto Networks

XM Cyber | May 05, 2021

XM Cyber, the multi-award-winning leader in Attack-Centric Exposure Prioritization, revealed today's integration with Palo Alto Network's Cortex XSOAR security orchestration automation and response (SOAR) platform. This new integration adds one-click access to risk-free attack simulation inside the Cortex XSOAR Marketplace, allowing security teams to see the entire path of a possible attack.

Security and network teams are constantly debating whether a specific alert is a high risk, low risk, impacts mission-critical assets or should wait for the next patch. When it comes to securing an organization's critical assets, the joint strength of XM Cyber and Cortex XSOAR provides teams with the contextual data they need to make the right choices possible.

The integration enriches events and incidents in Cortex XSOAR with critical information, including:

• The ability to determine whether business-critical assets are at risk

• The name and a description of the attack technique

• Detailed information on all impacted assets, including those deemed mission-critical

• Identification of choke points, i.e. whether the asset resides in line with multiple attack paths

• Context-sensitive recommendations for remediation ranked in order of importance

• A link to the XM Cyber platform for running attack simulations

This data assists security analysts in properly understanding their network environment and identifying user errors, bad IT hygiene, misconfigurations, and misplaced credentials, which can also go unnoticed. Cortex XSOAR's industry-leading automation and orchestration tools and features, combined with an attack-centric exposure approach to threat simulation, will help companies avoid 99% of real threats to their network while only addressing the 1% that matters.

About XM Cyber

XM Cyber is the world's leading provider of attack path management solutions. The XM Cyber platform allows companies to respond rapidly to cyber threats impacting their business-critical systems by actively identifying new exposures such as exploitable vulnerabilities and credentials, misconfigurations, and user activities. XM Cyber actively simulates and needs to prioritize attack paths that threaten mission-critical systems, including context-sensitive remediation options. XM Cyber assists in eliminating 99% of the risk by allowing IT and Security Operations to concentrate on the remaining 1% of exposures before they are exploited to compromise the organization's "crown jewels" – its sensitive properties. XM Cyber was founded by top executives from the Israeli cyber intelligence community and has offices in North America, Europe, and Israel.


About Palo Alto Networks


Palo Alto Networks, the global cybersecurity leader, is defining the cloud-centric future of technology that is changing the way individuals and companies work. Their goal is to be the go-to cybersecurity partner for protecting digital lives. They contribute to addressing the world's most pressing security issues through constant innovation that focuses on the most recent breakthroughs in artificial intelligence, analytics, automation, and orchestration. They are at the forefront of protecting tens of thousands of organizations through clouds, networks, and mobile devices by providing an open platform and empowering a growing ecosystem of partners.

Spotlight

DDoS attacks against financial firms have continued to grow in size and frequency. The specific tactics and sophistication of the attacks have evolved rapidly. Outages have prevented customers and prospects from opening new accounts, viewing account and billing information, conducting online transactions and accessing brand and product information. In other cases, while sites have technically been available during an attack, DDoS defense measures have caused response times to degrade up to 30 to 50 seconds, making sites effectively down from an end-user perspective.


Other News
SOFTWARE SECURITY

JFrog Integrates with ServiceNow to Improve Software Security Vulnerability Response Times with “ServiceOps”

JFrog | May 27, 2022

JFrog Ltd. , the Liquid Software company and creators of the JFrog DevOps Platform, today unveiled new integrations for JFrog Xray with ServiceNow’s Lightstep Incident Response and Spoke products for IT Service Management. Available immediately, the JFrog Xray integrations with ServiceNow (NYSE: NOW) provide IT leaders with real-time insights on security vulnerabilities and compliance issues to quickly engage necessary team members from across the organization for more immediate response and remediation. “Successfully securing the software supply chain at the speed of business is a team sport, requiring efficient, cross-team collaboration for timely security incident remediation. Our integration with ServiceNow aims to change the relationship between developers and the rest of the business, so they can maintain the speed and frequency of releases, while avoiding downtime and loss of trust from end customers." Shlomi Ben Haim, Co-Founder and CEO, JFrog The new integration enables IT teams to proactively address security issues before they become major concerns. The combination of JFrog Xray and ServiceNow delivers a robust software composition analysis (SCA) tool that can quickly scan binaries for vulnerabilities and license compliance issues, then share those insights with the appropriate parties across the organization. The JFrog Xray-ServiceNow solution is unique in that it helps DevOps engineers, site reliability engineers (SREs), IT system administrators, and others, more securely build, deploy, run, and monitor applications effortlessly, in a single view. It also enables real-time security alerts and insights with assigned actions across all the tools, people, and processes needed for timely resolution. JFrog Xray & ServiceNow: Delivering Incident Response & Enterprise-wide Workflow Design for Security Incidents Identifying and effectively responding to malicious attacks must transcend business units and operational functions. By improving real-time insight, collaboration, and communication amongst and between enterprise security and IT teams, the JFrog Xray-ServiceNow integrations ensure swift responses to emerging security threats. The JFrog Xray integration with Lightstep Incident Response enables developers, SREs, and Security Administrators to: Monitor, collect and respond to license compliance and security vulnerabilities impacting the software supply chain across all stages of the software development and release lifecycle. Streamline vulnerability response by pulling-in the right team members across the organization for faster remediation. The JFrog Xray Spoke for ServiceNow allows IT operations staff to: Generate violation reports, create ‘ignore rules’, re-scan builds, add custom item properties, and more. Automate workflows that meet audit demands and avoid penalties for improper use of code segments obtained from the open-source community. Identify problems earlier in the application development pipeline and incorporate change management solutions. For more information on the new JFrog Xray integrations for ServiceNow Lightstep Incident Response, read this blog or solution sheet. Further details on the JFrog Xray integration with Spoke can be found in this blog. You can also connect with JFrog and ServiceNow solution experts during swampUP 2022 taking place in San Diego, May 25 - 26, 2022. For more information and to register, visit https://swampup.jfrog.com/. About JFrog JFrog Ltd. , is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back.

Read More

DATA SECURITY

S2W has signed contribution agreement with INTERPOL for CTI solution XARVIS ENTERPRISE

S2W | January 03, 2022

Data Intelligence company S2W announced that INTERPOL has recently signed a contribution agreement introducing S2W's cyber threat intelligence (CTI) solution "S2-XARVIS ENTERPRISE" to strengthen its ability to analyze new cyber threats such as dark web and ransomware. S2W has been supporting INTERPOL to identify and prevent "third-world dark web crimes" as part of its "binding the gap among member countries for a safer world," and recently conducted international ransomware organization arrest operation such as Revil, Cl0p, and GandCrab. "INTERPOL is strengthening the use of advanced information and communication technologies such as artificial intelligence and big data and expects that the introduction of S2W's cyber threat intelligence (CTI) solution – S2 XARVIS Enterprise will directly help to prevent nationwide cybercrime through real-time threat detection and dark web/deep web coverage," Robert Han, Head of Global Business of S2W Sangduk Suh, CEO of S2W said "We are focusing on providing services to institutions and companies so that we can build a strong security environment using threat intelligence (TI) information, and through this, we will contribute to eradicating international cybercrime." About S2W S2W is a Data Intelligence company, established in 2018, that extracts and provides actionable intelligences optimized for each client's needs from numerous data. Specialized intelligence provided by S2W can cover multiple industries with its unique data collection and big data analysis for the Dark Web and Deep Web. S2W solutions protect clients from various cyber threats and data leakage, such as personal information, financial information, confidential information within organizations through top-notch data collection and detection technologies.

Read More

DATA SECURITY

Years of Growth Lead to Covail Acquisition by Cybersecurity Firm GoSecure

Covail | December 23, 2021

Covail, a Columbus-based cybersecurity and digital optimization firm founded by Central Ohio’s largest companies, is being acquired by a leading Managed Detection and Response firm. Covail announced today that it has agreed to be acquired by cybersecurity and managed detection and response (MDR) services provider GoSecure. The transaction is estimated to close in December 2021. Terms of the acquisition were not disclosed. “Since our founding six years ago as the Columbus Collaboratory, our goal has been to find ways to leverage collaboration to deliver successful AI, cybersecurity and cloud-based software solutions to our Fortune 500 clients,With this acquisition by GoSecure, our clients will now have access to an even broader set of capabilities and expertise thanks to our ability to leverage GoSecure’s class-leading capabilities and solutions. This will also help to further accelerate market penetration for our leading-edge security products and AI capabilities.” Covail CEO Matt Wald Covail, as Columbus Collaboratory, was born out of the aspiration of seven of the largest companies in central Ohio – American Electric Power (AEP), Battelle, Cardinal Health, Huntington Bank, L Brands (now Bath & Body Works), Nationwide, and OhioHealth – in partnership with One Columbus. The goal of the endeavor was to solve common automation, AI, and cybersecurity challenges across multiple industries. “The diversity and maturity of these founding companies made Covail the innovative, value-driven, solutions partner that it is today”, said Michael Krouse, SVP of Strategy and Transformation at Ohio Health and Chairman of the Covail Board. “Covail accelerated the cybersecurity and AI capabilities of the founding companies, upskilled critical tech talent for the region, and built a high-growth company that contributed to our region’s economic growth engine. It’s exciting to be able to leverage this strategic relationship to secure Columbus as the Midwest’s premier cybersecurity hub.” Through its ecosystem of collaborators and commercial partners, Covail’s technology teams executed over 1,000 engagements and collaboration sessions that solved complex business challenges using machine learning and the latest cyber defense practices. The firm’s work attracted top technology talent to the region, Wald said, and led to the development of software products that enabled advanced cyber threat detection and continuous risk management. GoSecure is a recognized cybersecurity leader and innovator. The company is the first and only to integrate endpoint, network and email threat detection into a single Managed Detection and Response (MDR) service. GoSecure plans to leverage Covail’s talent, proprietary technology, and client relationships to build a regional presence in Central Ohio that will help accelerate its momentum in the US market. GoSecure’s access to technology talent and partnerships made Columbus an attractive, economically viable location for a cybersecurity hub, Wald said. Wald said partnership with the original companies in the Covail firm will continue, along with an expansion to additional businesses with the goal of making Central Ohio a major U.S. cybersecurity operations center. About Covail Covail™ is a trusted solutions partner, enabling organizations to optimize through Intelligent Operations solutions that lower total risk and cost for key business functions, equipping them to transform from a position of strength. Since 2015, Covail’s experts in Cybersecurity, Artificial Intelligence (AI), and Automation have been delivering business results for leading Fortune 500 companies across industries. Trustworthy, Intelligent Operations. Accelerated. Learn more at covail.com. About GoSecure GoSecure is a recognized cybersecurity leader and innovator, pioneering the integration of endpoint, network, and email threat detection into a single Managed Detection and Response service. The GoSecure TitanTM platform delivers predictive multi-vector detection, prevention, and response to counter modern cyber threats. Titan MDR offers a detection to mitigation speed of less than 15 minutes, delivering rapid response and active mitigation services that directly touch the customers’ network and endpoints. For over 10 years, GoSecure has been helping customers better understand their security gaps and improve their organizational risk and security maturity through MDR and Advisory Services solutions delivered by one of the most trusted, skilled and experienced teams in the industry.

Read More

PLATFORM SECURITY

CrowdStrike and Mandiant Form Mission-Focused Strategic Partnership to Protect Organizations Against Cyber Threats

CrowdStrike | April 08, 2022

CrowdStrike , a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, and Mandiant , announced a strategic partnership that will help joint customers investigate, remediate and defend against increasingly sophisticated cybersecurity events that plague organizations globally. As part of the collaboration, Mandiant will utilize the CrowdStrike Falcon® platform and subscription offerings for its incident response (IR) services and proactive consulting engagements for joint customers. Further, the Mandiant Managed Defense offering intends to include support for customers leveraging the Falcon platform later this year.As two of the most respected leaders in the cybersecurity industry, CrowdStrike and Mandiant share a common mission to stop breaches and put customers' needs first. Both companies have long operated under the practice that in order to defend against tenacious cyber adversaries, there must be a combination of cutting edge products and elite cybersecurity experts. Because of this, both companies have embraced an open and collaborative approach with high caliber partners and technologies to provide organizations superior protection. Today’s complex threat environment calls for a collaborative approach that brings together industry-leading technologies and world class teams to build the strongest defense for customers, which is exactly what this partnership is about,” said George Kurtz, co-founder and chief executive officer of CrowdStrike. “CrowdStrike has worked with Mandiant many times over the years and there is a mutual respect for the caliber of technical and team expertise we both bring to the fight. We are proud to establish this alliance with them and to more effectively enable the people, processes and procedures necessary to secure the modern organization. “CrowdStrike and Mandiant have developed reputations as go-to cybersecurity resources for public and private sector entities across the globe,This partnership between two mission-focused companies strengthens cyber defenses at a time when cyber attacks have become a notable business issue faced by organizations every day.” -Kevin Mandia, chief executive officer of Mandiant. About CrowdStrike CrowdStrike , a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data.Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value. About Mandiant, Inc. Since 2004, Mandiant® has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.Join the conversation.

Read More

Spotlight

DDoS attacks against financial firms have continued to grow in size and frequency. The specific tactics and sophistication of the attacks have evolved rapidly. Outages have prevented customers and prospects from opening new accounts, viewing account and billing information, conducting online transactions and accessing brand and product information. In other cases, while sites have technically been available during an attack, DDoS defense measures have caused response times to degrade up to 30 to 50 seconds, making sites effectively down from an end-user perspective.

Resources