Security

Logpoint appoints new Regional Director for CEMA

Logpoint has announced Sven Bagemihl as Regional Director for the CEMEA region, including Germany, Switzerland, and Austria. Sven will be responsible for building growth across enterprise customers and alliances within a fast-growing and highly competitive marketplace, working out of the new Logpoint offices in Munich. Logpoint is the only major European provider of foundational SIEM, UEBA, SOAR, and SAP security technologies converged into a complete security operations platform. Logpoint secures digital transformation and helps organisations of all sizes combat cyber security threats, operate reliable IT infrastructures, and provide essential compliance with important regulations such as KRITIS, GDPR and NIS2. “We are at a historical tipping point where global digital transformation is threatened by increasingly aggressive adversaries: organised crime and state-sponsored actors. The war in Ukraine, the energy crisis, and the COVID-19 pandemic have accelerated this development. I’m excited to join Logpoint at a time when the need for efficient and scalable European cyber security technology is more apparent than ever,” says Sven. Scandinavian private equity fund Summa Capital recently announced the acquisition of a majority stake in Logpoint, investing in European cyber security resilience and building a European cyber security powerhouse as an alternative to the dominating US vendors. The Frankfurt-based investment firm Yttrium (formerly Digital+ Partners) remains a significant minority shareholder in Logpoint after the transaction. “Logpoint has a decade-long track record of technology excellence and thought leadership in the cyber security domain. Across Europe, it’s increasingly becoming a priority for customers to work with vendors that have European DNA and understand the importance of privacy, data residency, and strategic resiliency. I believe Logpoint is in a unique position as the only native European SIEM/SOAR vendor,” says Frank Brandenburg, new Logpoint board member. “With Sven and Frank, we are adding almost 60 years of technology and cyber security leadership experience to the Logpoint team. We are increasing Logpoint reach and capability, extending our ability to serve strategic partners and customers, and strengthening our position in the CEMEA market, particularly in Germany. They will be key assets on our way to creating the strongest European cyber security company with global reach,” says Logpoint CEO Jesper Zerlang.

Collaboration delivers API security to cloud architectures

Noname Security has announced that it has been accepted by Accelerated by Intel. Noname Security software takes advantage of 4th Gen Intel Xeon Scalable processors and Intel's NetSec Accelerator Reference Design, incorporating an Intel Ethernet E810 network interface with an embedded system on a chip (SoC) to accelerate API response times for low latency use cases and the performance of near-real-time machine learning for runtime API security at the edge of the network. Noname Security's platform was optimised using 4th Gen Intel Xeon Scalable processors and Intel Advanced Matrix Extensions (AMX), a new built-in accelerator that improves deep-learning training and inference performance on the central processing unit (CPU).  Noname Security's Sensor with Intel NetSec Accelerator Reference Design will allow customers to offload network and security tasks processing to the accelerator, preserving server resources for more generic operations. This integration opens up a broad spectrum of new industry vertical solutions utilising edge processing, including addressing extremely low latency requirements. “Noname Security is committed to helping organisations secure all their APIs, and partnering with Intel is a significant step in achieving that goal," says Oz Golan, CEO of Noname Security. “Intel's technology expertise will enable us to provide the best-of-breed API security solution for more customers and help them secure their critical assets against advanced cyber threats.” Key benefits for Noname Security and Intel customers include:  • Improved performance using the same or lower power, up to three times for specific scenarios  • Up to 10 times faster machine learning (ML) inferencing, benefiting runtime API security capabilities  • Deployment options for hybrid, private, and public cloud architectures as well as on and off-premises  • API Security for extremely low latency use cases, including telecommunications and edge computing • Seamless offloading of API processing, and adjacent networking and security functions, on the accelerator card • Increased performance and response times, leading to better utilisation of resources and decreased total cost of ownership for customers • New use cases, including 5G, satellite communications, military, and intelligence community applications

Corero Network Security chosen to provide DDoS defence

Corero Network Security has announced its partnership with Dakota Carrier Network (DCN), delivering DDoS protection services across its network, both protecting customers from attacks, as well as offering an incremental revenue generating DDoS protection as-a-service to its customers.  DCN recognised that with the ever-increasing sophistication and frequency of DDoS attacks, having reliable network security in place to protect against them is critical. As well as attacks on their own network, maintaining excellent service availability for their downstream customers is vital. DCN provides critical network services to over 85% of all the exchanges in North Dakota including both state and local governments, as well as commercial businesses, such as banks and energy companies. “DDoS attacks can wreak havoc in a matter of seconds; by implementing Corero’s SmartWall DDoS solution, our customers are protected.” comments Jesse Heck, Director of Operations at Dakota Carrier Network. A key aspect of the Corero solution for DCN is the web application portal for its DDoS protection as-a-service offering, which enables it to onboard tenant customers, define and assign DDoS protection service levels and for DCN customers to view attack dashboards.  “Thanks to the Corero solution, our customers have the option to access their own DDoS portal for history and details about attack mitigation, including source and destination IPs, source and destination TCP/UDP ports, and attack volume. They can see for themselves where an attack has been mitigated and see the value of the protection they receive”, continues Jesse. Ashley Stephenson, CTO at Corero Network Security says, “We’re delighted to be working with DCN to support its goals of superior customer service and reducing the risk of downtime caused by DDoS attacks. We’re proud to be a partner in its dedication to providing secure communications infrastructure in the face of evolving attacks.”

Multi cloud security market projected to surpass $25bn by 2032

The multi cloud security market is set to grow from its current market value of more than $2 billion to over $25 billion by 2032; as reported in the latest study by Global Market Insights. The multi cloud security market is anticipated to register noticeable growth during 2023-2032, due to the increasing number of data centres across the globe. Today, most leading companies depend on multi-cloud strategies. Multi-cloud security is a complete cloud security solution that protects against complex security threats and attacks on company and customer data, applications and assets across numerous cloud infrastructures and environments. However, market growth could be hampered due to the increased security cost, given the interference of third parties to manage multi cloud security. However, the budding use of multi cloud services for streaming high-end games on portable devices to provide authentic and exclusive gaming experiences to the customers will escalate the product demand during the estimated timeframe. Overall, the multi cloud security market is segmented in terms of offerings, security, organisation size, end-use, and region. Based on offerings, the service segment is slated to exceed $9 billion by 2032. A multi cloud service offers many advantages to organisations, such as improved security, superior failover options, and improved disaster recovery. It also ensures that the data storage resources are always available, making the organisation's cloud deployment more robust for the long term. By security, the data and storage security segment will grow considerably through 2032. The rising user inclination towards cloud and growing digitisation will offer lucrative growth opportunities to the market. Besides, various big brands operating in the industry are engaged in strategic initiatives, such as mergers, acquisitions, and partnerships, to bring innovative products to the market. Considering the organisation size, the large enterprises segment is anticipated to witness high adoption of multi cloud security solutions through 2032, credited to the escalating demand for data analytics in such enterprises. Based on end-use, the government and public enterprises segment will exhibit over 15% CAGR during the estimated timeframe. Digitisation in government departments, the increasing influence of smart city projects, and the budding need for data and digital infrastructure security will augment the demand for multi cloud security systems in government and public enterprises. Regionally, the Asia-Pacific multi cloud security market is projected to showcase sturdy growth in the next 10 years as the region is witnessing a rising adoption of the multi cloud environment in enterprises. Besides, the presence of some of the leading players in the region who are constantly working on developing new agile products will positively influence regional growth.

Industry leader continues to define the API security market

Noname Security has announced enhancements to its API security platform to help organisations protect their API ecosystem, secure their applications, and increase cyber resilience. Noname enables secure growth with API security innovation  Today, APIs drive businesses, delivering value to customers, clients, patients, users, shareholders, and more. However, securing APIs - and all of the critical assets they connect - has become more difficult than ever as APIs attacks have increased exponentially. IBM Security X-Force reported that two-thirds of its analysed incidents were due to unsecure APIs. “APIs are the connective tissue for the digital world, but the explosion in API use has created new and rapidly growing threats to organisations across the globe. We created the Noname API Security Platform to uniquely address the modern API ecosystem, with discovery, insight, protection, and testing capabilities,” says Shay Levi, co-founder and CTO at Noname Security. “Doing so means not only securing APIs and their use, but also improving the speed at which our customers can expand their businesses.” Discover more and strengthen security posture Noname Security’s discovery and posture management solutions locate and provide insight to every API in an organisation’s ecosystem, uncovering vulnerabilities (including the most recent OWASP API Top Ten), protecting sensitive data, and proactively monitoring for changes, including in OpenAPI and other specifications. New capabilities enable customers to: • Gain complete visibility and detailed insights to protect APIs with customisable discovery, flexible tagging, and datatype assignments - including PII, PCI, PHI, and custom categories - for grouping APIs by application, business unit, and more. • Understand APIs in rich context with visualisations of business logic, physical network infrastructure, and API traffic to understand specific interactions and behaviour patterns. • Secure containerised applications with enhanced discovery and detection for Kubernetes (k8s). • Prioritise resources and eliminate blind spots with extensive infrastructure inventories for AWS and Azure, enabling organisations to find unprotected APIs, map the connections between APIs and infrastructure resources, pinpoint resources that could increase the attack surface, and resolve potential issues with full context. Stop attacks with runtime protection  Noname Security Runtime Protection detects and blocks API attacks with real-time traffic analysis, out-of-band monitoring, inline remediation options, and workflow integrations to increase SOC effectiveness. New capabilities enable customers to:  • Identify business-logic-based attacks immediately with updates to the industry’s most advanced anomaly detection engine using artificial intelligence and machine learning (AI/ML), including unsupervised online learning. • Reduce Mean-Time-To-Resolution (MTTR) with more context on issue records, including detailed remediation guidance and tools for deeper investigation. • Fully align with security operations centre (SOC) processes with automation, custom workflows, and integrations with existing systems such as ITSM, SIEM, SOAR, and more. Deliver secure APIs faster with active testing  Noname Security Active Testing is a purpose-built API security testing solution that helps organisations add security into the CI/CD pipeline without sacrificing speed. The newest version of active testing enables customers to:  • Shift left with integrations into the entire software development lifecycle (SDLC). Teams get dynamic API visibility across multiple states and environments throughout the CI/CD process. • Leave no API untested with a unique ability to find and test every API based on an understanding of the application’s business logic. • Empower developers with best-in-class usability such as simple set up and automation, in-line test results, and contextual guidance for request failure mitigation. Continuously adapt to changing environments Noname Security offers the most flexible and comprehensive set of deployment and integration options available. New capabilities enable customers to:  • Rapidly realise value with simplified step-by-step onboarding and in-app guidance. • Meet any deployment requirement with both agentless and agent-based options, including eBPF, and both out-of-band and inline protection options. • Easily manage complex deployments with automatic updates across cloud-hosted, self-hosted, hybrid, and distributed deployments. • Maintain data residency and reduce overhead with remote engines to aggregate traffic into a centralised console, allowing you to keep data within your control and reducing traffic. • Meet strict public-sector compliance requirements with a new hardened virtual appliance. • See the entire attack surface with additional integrations and improvements to Akamai, AWS ECS, Cloudflare, Oracle Cloud Infrastructure, Citrix, and other connectors.  

The data centre operators investing in DDoS mitigation

By Adrian Taylor, VP EMEA at A10 Networks For commercial data centre operators, business is good. Inventory and workloads are growing, while the percentage of vacant capacity is shrinking - indicators of success that have led to a projected industry revenue of nearly £50 billion by 2025. Although the future of the industry is looking bright, there are some threats on the horizon. The cost of downtime continues to grow. The Uptime Institute found one in four data centre incidents of downtime exceed $1 million. As DDoS attack methods become more sophisticated, effective and frequent, data centre operators need to bank on mitigation. A recent survey by A10 Networks and Gatepoint Research found that senior decision makers at commercial data centres are under siege from cyber criminals. Data centre and colocation providers are concerned not only about the cost of intensifying DDoS attacks, but also about lost business and reputational damage. Dissatisfied with their current data centre security and DDoS defence capabilities, many are seeking better ways to address the threat - and an increasing number want to extend that protection-as-a-service to their tenants as well. The simple yet devastating DDoS threats As disclosed in the latest A10 Networks DDoS Threat Report, DDoS threats are soaring. The number of tracked DDoS weapons in the environment has nearly tripled in the past two years, and the 3.45 Tbps DDoS attack on Microsoft Azure in late 2021 showed the unprecedented scale hackers are now capable of achieving. Of course, size isn’t everything - even attacks under 500Mbps that slip through data centre security gaps can have a significant impact on service. In fact, these smaller exploits are proliferating fast, as botnets-for-hire make it easy for even unskilled hackers to wreak havoc. A single compromised server can open the door to a flood of malicious traffic in under half a minute. Commercial data centre operators are all too aware of the situation, reporting to A10 Networks that DDoS threats in their networks are growing more sophisticated (64%), more frequent (48%), and larger (38%). Even a single DDoS attack can have a serious impact, impairing or denying mission-critical services for an individual data centre tenant or across the entire facility - and nearly one in 10 survey respondents are suffering such incidents weekly, or more. Lost business and customer attrition from a DDoS attack is a concern for nearly two-thirds of providers, and rightly so. Staying ahead of evolving tactics While data centre security and DDoS defence capabilities such as fast detection and response can limit the damage from a DDoS attack, time is of the essence. Data centre and colocation providers need to be able to distinguish a sudden flood of fraudulent requests from legitimate usage in real time, at massive scale, to filter out malicious traffic without disrupting their customers’ normal business operations. DDoS mitigation solutions typically offer features and capabilities such as benchmarking, anomaly detection, IP reputation lists, connection and rate limits, and attack mitigation, but these essential DDoS defence tasks need to be performed thoroughly and frequently. The A10 Networks-Gatepoint survey reported that data centre operators missed attacks, saw slowed performance, decreased service availability, and in an alarming number of cases, an inability to adequately detect DDoS threats at all. Nearly two in five are planning to re-evaluate their DDoS defence solution in the near future. Tenant shielding services Value-added services are a core element of the commercial data centre business, with a large majority of survey respondents going beyond space, power, and cooling to offer managed network services, professional IT consulting services, and remote management and troubleshooting. Given the tenant mix of the typical commercial data centre, often dominated by financial services, retail, and government customers, data centre security services are also a very popular offering. DDoS mitigation is particularly well suited to this model. From the tenant’s perspective, a DDoS mitigation service makes it possible for even small businesses to tap into high-end features such as machine learning, automation, and rapid mitigation. For the data centre provider, protection for individual tenants can reduce the risk of an out-of-control attack causing ancillary damage to neighbouring tenants or the data centre itself. When offered free of charge, DDoS mitigation can be a powerful competitive differentiator and customer enticement. Offered on a paid basis, potentially in multi-tiered models, DDoS mitigation services can open a rich new revenue stream. However, many in the industry have been slow to respond to either the advantages or the necessity of tenant DDoS mitigation, with only 58% offering such services either free or for an added fee. As DDoS threats increase, investing in effective mitigation services is a vital step for data centre operators, in order to protect tenants, themselves, and to fulfil the bright projections for the industry.

New security platform to fight AI-based cyber attacks

OryxAlign has launched securyXDR, a fully managed extended detection and response (XDR) platform. An advanced form of antivirus and malware management, the system is part of a solution that will address the expected rise in sophisticated AI-phishing attacks. It will be valuable for SMEs, or those with a hybrid and remote workforce, across sectors including financial services, recruitment, legal and more. Traditionally, antivirus systems have operated in silos, being limited to detecting and responding to threats on individual devices, or endpoints. The solution was previously Endpoint Detection and Response (EDR). With the rise in hybrid and remote working, and the reliance on networked storage and cloud-based workflows, there is now a need for visibility of threats across a company’s entire IT ecosystem. “In 2023, we expect to see a sharp rise in sophisticated AI-based phishing attacks, as well as endpoint attacks on remote and hybrid workers. The criminals’ focus may change to SMEs as they are believed to have weaker security,” explains Nathan Charles, Head of Customer Experience. “But because we combine our XDR platform with EDR and email management we can fight fire with fire. “securyXDR is our new cyber security XDR platform that is offered as a fully managed service, in partnership with an outsourced security operation centre (SOC) that has 200 staff globally,” continues Nathan. “Given that even small networks can generate tens of thousands of cyber security alerts a day, the securyXDR managed service will alleviate the pressure on internal IT teams, taking them away from manually triaging and responding to individual threats, and focusing on more productive projects. “We know that the loss of productivity following a cyber attack can be just as devastating as the initial damage to your IT system. The cost of having an XDR system in place will more than pay for itself in the long run, by providing early detection of threats. What’s more, SOCs are uniquely positioned to respond to threats, by applying their broad learning from a high volume of attacks across their managed networks.” OryxAlign says that securyXDR stands out from other enterprise XDR platforms by offering customisable service plans based on customer needs. For example, users can select how long log files are stored to minimise storage costs, choose custom restore points for compromised endpoints, and set their choice of response urgency, typically from one to three hours.

Jane Frankland takes up advisory role at e2e-assure

e2e-assure has announced that Jane Frankland has joined the business as an advisor. Bringing over two decades of experience, her appointment reinforces e2e’s commitment to nurturing a diverse and unique set of skills and knowledge to help guide the company. Commenting on her new role, Jane says, “I'm thrilled to join e2e-assure and be part of a team that is dedicated to establishing trust, transparency and reliability in the increasingly complex world of cyber security. As experts in threat detection and response, an agile, innovative, and value-driven boutique player, serving clients of all sizes from the UK and Australia, e2e-assure serves an invaluable role in today's uncertain and expanding digital world. As an advisor, I'm looking forward to helping them scale, further innovate, and create a securer future for all.” Jane has built a stellar reputation as an award-winning leader, bestselling author, and women’s change agent. Referenced by Wiki, LinkedIn (as a Top Voice) and UNESCO, she works as a board advisor, speaker, consultant, coach and trainer. She is well-known for all the work she does to attract and retain women in cyber security through her writing, keynotes, consulting and her brand-new women's career platform, The Source. Rob Demain, CEO and Founder of e2e-assure comments, “We’re absolutely delighted and privileged to have Jane join the business. We recognised that, if we wanted to continue in our commitment to helping our customers succeed, we needed to ensure that we had someone with deep experience, a strong track record and gravitas. Visionary and highly respected within the market, Jane was a natural choice. We’re excited for her to be part of our journey, helping us to reinforce our mission - that is to give our customers greater access to faster, simpler and more cost-effective threat detection and response solutions.”

New group formed to overcome attacks against data centres

Operators will be given the tools to enhance the security measures within their data centres as a result of the new Data Centre Work Group, formed by the Trusted Computing Group (TCG). Data centres play a crucial role for business operations across the globe, but they remain prime targets for cyber criminals. Should an interposer position themselves between the Central Processing Unit (CPU) and a hardware Root of Trust - such as the Trusted Platform Module (TPM) - within a data centre, they can cause significant damage by gaining possession of legitimate control signalling between the CPU and the TPM. Interposers can even inject their own boot code into the CPU and wield an authorisation key to fool a remote verifier to make the TPM attest the integrity of fraudulent information. This allows them to snoop, suppress and modify vital signals and measurements, and, as a result, will be able to access and exploit secrets and information from within the data centre, weaponising it against the operator. To this end, the Data Centre Work Group at TCG has been formed to establish trust within systems and components within a data centre, focusing primarily on developing protective measures against any active interposers within a system. The Work Group will examine the existing attack enumerations against data centres, and devise ways to avoid or mitigate them. These attacks include the feeding of compromised boot code to the CPU, impersonations of the CPU to the TPM, the suppression and injection of false measurements to a legitimate TPM, and the redirection of legitimate measurements to an attacker controlled TPM. “With the formation of this Work Group, a TPM will be empowered to protect the resources and communication of a CPU to which it is bound with precise, given measurements”, says co-Chair of the Data Centre Work Group, Dennis Mattoon. “The TPM will also be able to prove the measurements and the correct CPU instance of a given object to a verifier. We look forward to developing our plans to continue establishing trusted computing within data centres”. Dennis and Jeff Andersen have been confirmed as the co-Chairs of the Work Group. Dennis is a Principal Software Development Engineer for Microsoft Research, and co-Chairs the attestation, supply chain security, DICE, and marketing work groups at TCG. Jeff is a Staff Software Engineer at Google and became a member of the TCG in 2021. “We’re delighted to publicly announce the formation of the new Work Group”, says Jeff. “Current data centre hardware designs make it difficult for CPUs to be permanently bonded with the TPM, creating a gap for malicious entities to exploit. Our goal is to overcome the interposers operating within this area and mitigate the significant threats they can bring to data centres.” The Work Group will also look at protecting the data centre against hackers looking to clear platform configuration registers (PCRs) in the legitimate TPM by falsely asserting that the CPU has reset. As a result, operators will be able to trust that the components and hardware found within the system are operating successfully without the fear it may become weaponised by an attacker.

Neterra stopped nearly 500,000 DDoS attacks in 2022

Neterra protected its customers from 488,151 DDoS attacks in 2022. To do this, the company implemented various effective solutions that include a cloud platform, specialised hardware equipment, and a combination of the two. Of the total number of attacks, its cloud platform stopped 135,590 and its hardware stopped 352,561. DDoS attacks aim to disrupt (wholly or partially) user access to the services or equipment of a specific company - targeted as a victim. Often, for example, the victim's website becomes unavailable, loads slowly and returns errors. While the company is under attack and struggling to restore normal operations, the perpetrators take advantage of the breach to gain access to its resources. Most DDoS attacks aim to steal data, money, or intellectual property. Customers of Neterra's DDoS protection service can monitor statistics of attacks against them in real time through the unified monitoring system, as well as make periodic inquiries, for example - the number of attacks daily, monthly, and annually. They can also see what each of the attacks looked like. In addition to protection from DDoS attacks, Neterra offers complete solutions for enterprises for both cyber security, such as backup and ransomware protection, and for connectivity - dedicated internet access (DIA), data centre and managed services, IT service and resource rental.