Security

DigiCert has announced that it will be providing digital trust services to the European Production Giganet project. In doing so, it will be serving a key role in secure data communication and exchange for the manufacturing industry, adhering to European standards of self-sovereign identity. EuProGigant is set to bring about the next step in Industry 4.0 in Europe, by demonstrating a shared, intelligent and automated data ecosystem, that will drive value creation within the European manufacturing sector. This will be the first practical implementation that will make Gaia-X understandable for the manufacturing domain, a framework for federated European data architecture. The company will be providing its digital trust services, based on the DigiCert ONE platform, within the EuProGigant’s federation services for secure identity and authentication. These include content and IoT trust services and following eIDAS guidelines for creating verifiable credential wallets, as well as the self-description principles of Gaia-X. Mike Nelson, DigiCert’s Vice President of Digital Trust, says “DigiCert’s role in EuProGigant reinforces its position as a global leader in digital trust and a driver of digital transformation within the European Manufacturing Industry. We are proud to be involved in this landmark project and hope that our contributions will pave the way for future innovation with the sector.” The project is led by Vienna University of Technology and Darmstadt University of Technology. It involves over 20 companies from within the industrial and technology sectors including manufacturing companies such as voestalpine High Performance Metals, Heller and MTU Aero Engines. The project intends to exhibit how industry can use sovereign data and information exchange, with a shared data ecosystem to revolutionise the manufacturing sector. By automating and improving data-driven value chains, it estimates that the European manufacturing industry will profit from higher data quality and lower costs. In part, this is meant to allow the industry to compete with low cost manufacturers from emerging markets through innovation and establishment of stronger connected systems.

AWS announces general availability of Amazon Security Lake

Amazon Web Services has announced the general availability of Amazon Security Lake. It is a service that automatically centralises an organisation’s security data from across its AWS environments, leading SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake. Amazon Security Lake allows customers to act on security data faster and simplify security data management across hybrid and multi-cloud environments. It also converts and conforms incoming security data to the Open Cybersecurity Schema Framework open standard, making it easier for security teams to automatically collect, combine, and analyse security data from more than 80 sources, including AWS, security partners, and analytics providers. It is part of a broad set of AWS Cloud security services that build on AWS’s secure infrastructure to help make it flexible and secure cloud. It aggregates and optimises large volumes of disparate log and event data to enable faster threat detection, investigation, and response so organisations can effectively address potential issues, using their preferred analytics tools. “Security has been our top priority since the very beginning, when we were designing to meet the needs of the most security-sensitive organisations,” says Jon Ramsey, Vice President for Security Services at AWS. “We also know that customers need trusted partners to extend the benefits of the cloud and make sure their organisations are secure end-to-end. With more than 80 sources providing data to Amazon Security Lake, security teams can achieve greater visibility into potential security threats and how to respond to them, further protecting the workloads, applications, and data that are critical to driving business forward.”

DigiCert partners with ReversingLabs to advance supply chain security

DigiCert, a global provider of digital trust, has announced a partnership with ​ReversingLabs​, a software supply chain security platform, to enhance software security by combining advanced ​binary analysis ​and​ ​threat detection from ReversingLabs with DigiCert’s enterprise-grade secure code signing solution. DigiCert customers will benefit from improved software integrity through deep analysis that shows their software is free from known threats like malware, software ​implants​, software tampering and exposed secrets before they securely sign ​​​​it.​​ "DigiCert’s partnership with ReversingLabs advances​​ supply chain security through threat detection and secrets protection delivered by automated workflows that seamlessly operate within DevOps environments and CI/CD pipelines,” says Deepika Chauhan, Chief Product Officer at DigiCert. “This newly combined solution protects against software-based vulnerabilities and attacks, helping organisations ensure digital trust and build confidence with their customers.” "ReversingLabs is excited to partner with DigiCert to help ​solve​ software supply chain security issues at all stages of the software development and deployment process,” says ​Mario Vuksan, CEO and Co-Founder, ReversingLabs. “Every DigiCert customer needs to think about the integrity of the software they build, buy or run. Our work together will strengthen the ecosystem and provide organisations​ with ​the necessary tools to ensure the trustworthiness of their software."  “Organisations must take proactive efforts to secure their software supply chain to withstand the continuing and evolving threats of cyber attacks,” says Katie Norton, Senior Research Analyst for IDC’s DevOps and DevSecOps research practices. “Digital trust strategies that centralise, standardise and unify software security practices play a key role in improving resiliency and user trust.” ​​​​Weaknesses​ in the software supply chain have been exploited in recent years, resulting in tampering, ​​malware insertion and other threats to critical business software. A recent survey found that nearly 90% of technology professionals detected significant risks in their software supply chain in the last year. More than 70% said that current application security solutions are not providing necessary protections.   The threat detection within DigiCert Software Trust Manager secures the software supply chain through advanced, comprehensive detection of threats such as malware​,​ software tampering, inclusion of secrets and certificate misconfigurations in open-source software, proprietary software, containers and release packages.   It also provides a single workflow that is centrally controlled across the organisation. The solution also generates a comprehensive Software Bill of Materials (SBOM), covering internally developed and third-party software, such as open-source ​and commercially licensed ​software. As attacks on the ​software supply chain​ increase, threat detection and SBOM generation are becoming​ increasingly important and the focus of government and industry regulations​.

SentinelOne launches virtual data centre in Australia

SentinelOne has announced the launch of a new virtual data centre in Australia. The deployment, which comes on the heels of the company achieving Protected IRAP status for its Singularity XDR platform, will aid local government agencies and organisations in complying with data sovereignty requirements and bolstering the nation’s cyber defences. The centre, which will be hosted by SentinelOne strategic partner, AWS, comes at a pivotal time for Australia, as the Federal Government is rewriting its cyber security strategy, tightening reporting regulation, and reforming its incident response mechanisms to keep pace with the evolving threat landscape and boost the nation’s security capability. “As cyber attacks become more widespread and complex, it is imperative for government organisations to have access to advanced, intelligence-based solutions that enable them to protect their systems and information,” says Jason Duerden, Regional Director, ANZ. “At SentinelOne, we understand the unique requirements that local agencies face and provide a unique platform they can use to detect, respond to, and remediate threats in a real-time, compliant way.”The singularity platform is a unified solution that combines endpoint protection, cloud security, identity threat detection, and response and data ingestion with analytics in a single console using a native back end and the industry’s most performant security data lake. It is also the first XDR solution in the local market that offers complete data localisation and sovereignty, with both IRAP accreditation and a Sydney AWS point of presence, that is a completely isolated cluster, air gapped from other SentinelOne locations, ensuring no data leaves Australian shores.“With SentinelOne, government agencies can unlock the power of emerging technologies such as generative AI that adversaries are increasingly using to execute attacks to protect critical infrastructure and systems of national importance,” says Jason. “And we will continue to invest in and deliver innovations that help them prevent threats, reduce risk and keep our nation safe in full compliance with the standards and requirements they must meet.”

Lacework announces new CIEM functionality for simplified cloud security

Lacework has announced new CIEM functionality to address the complex and growing challenges in managing identity threats and unnecessary risk within public cloud environments by unifying entitlements management and threat detection for simplified cloud security. With over 35,000 granular permissions across hyperscale cloud providers, organisations can struggle to maintain an overview and to manage access and identities securely. Most cloud users and instances are granted far more permissions than they require, exposing unnecessary vulnerabilities to cloud breach, account takeover, and data exfiltration. This issue is then intensified by machine identities in the cloud, which typically outnumber humans by an order of magnitude. Lacework’s new CIEM capabilities extend the company’s broad identity security offerings with powerful new automation that calculates risks and prioritises action for security teams. It delivers real time monitoring of all cloud identities across complex multi-cloud environments. This has now been combined with its sophisticated system and behavioural analysis to identify exposed secrets, IAM misconfiguration and over-provisioning of permissions, and to prioritise any necessary action according to risk. These new capabilities augment Lacework’s existing anomaly detection technology that actively monitors human and non-human activity to detect behaviour that may be a sign of an attack in progress. Unifying these capabilities at scale bridges the gap between IAM and SecOps teams to simplify cloud identity security. “Our customers need to know what entities are actually doing in their cloud and whether it’s malicious or inappropriate, and it can’t get in the way of their ability to move fast,” says Adam Leftik, Vice President, Product, Lacework. “Now Lacework customers can address both sides of the identity security issue with a single platform that prevents identity risk exposure and detects identity threats at scale, with the context to quickly investigate, prioritise, and respond to identity alerts. It’s the latest step in our mission to give enterprises the confidence to rapidly innovate in the cloud and drive their business forward.” Preventing cloud identity risk with new entitlement management technology Lacework dynamically discovers all cloud user, resource, group and role identities and their net-effective permissions, and automatically correlates granted versus used permissions to determine identities with excessive privileges. The platform calculates a risk score for each identity, determines the riskiest identities based on attack path analysis, and auto-generates high-confidence recommendations for right-sizing permissions based on historical observations. Combined with it's ability to prioritise risks from an attack path context, as well as detect user and entity behaviour anomalies, customers are able to: Continuously comply with IAM security and regulatory compliance requirements. Identify all cloud user, application and service identities, know exactly what actions each can take, and prioritise the identities that pose the greatest risk. Limit the blast radius of compromised cloud accounts, achieve least privilege, and establish trust with engineering teams. Continuously discover risky behaviour, including lateral movement and privilege escalation, without writing rules or stitching together disparate alerts.  Rapidly detect insider threats associated with malicious or accidental abuse of permissions. “Enforcing least privilege and having visibility of identities and entitlements is a top cloud security challenge for IDC clients. With this innovation from Lacework, security teams can automatically see which identities are overly-permissive, and zero in on the ones that pose the greatest risk,” says Philip Bues, Research Manager for Cloud Security, at IDC. “Beyond prioritising risks, this will also allow teams to confidently suggest policy changes and reduce their overall attack surface risk.”

Security: the top determinant for cloud vendor selection

Security is the top consideration for Asian businesses when choosing their cloud strategy and cloud vendors according to a survey commissioned by Alibaba Cloud. ‘The Next-Generation Cloud Strategy in Asia’ survey obtained responses from 1,000 organisations across eight markets in Asia that are currently using cloud. Respondents listed security as the top reason for choosing their current strategy (private cloud: 74%, hybrid cloud: 70% and public cloud: 58%). In choosing their cloud vendors, more than two-thirds (69%) of all respondents stated that security is the most important consideration, outweighing other factors such as availability (58%) and cost (55%). The emphasis on security in cloud vendor selection is consistent across markets and industries, especially for the Philippines (85%), Indonesia (82%) and Thailand (78%), and for sectors such as manufacturing, media and telecommunications, and financial services. In the previous survey released in 2021, ‘security credentials’ was also identified as the top reason for choosing cloud vendors by a majority (58%) of respondents.                                                  “At Alibaba Cloud, we prioritise the critical importance of security in cloud adoption. We understand the potential impact that cyber security incidents can have on businesses, regardless of their size. That’s why we offer a wide range of comprehensive security solutions that are tailored to meet the specific needs of businesses throughout Asia, enabling them to safeguard their data, applications and infrastructure,” says Jiangwei Jiang, Senior Researcher and General Manager of Infrastructure Products, Alibaba Cloud Intelligence. “Globally, we have obtained more than 130 security and compliance certificates and our mission is to empower businesses by providing them with the necessary tools and resources to confidently embrace the cloud, with the assurance that their assets are protected by the industry’s leading security solutions.” Beyond security, insufficient training for employees (private cloud: 42%; public cloud: 37%) and lack of budget (private cloud: 36%; public cloud: 36%) are the other major barriers businesses experience when implementing an effective cloud strategy. Alibaba Cloud commissioned global market research firm NielsenIQ to conduct the survey, with an aim to better understand the state of adoption of the prevailing cloud strategies across Asia. Unlocking operational efficiency through cloud adoption Respondents, regardless of the type of strategy adopted, quoted ‘improved operational efficiency’ as the biggest benefit of cloud adoption (hybrid cloud: 71%; public cloud: 62% and private cloud: 60%). Public cloud users also see improved business continuity (47%), better support for remote workers (45%) and improved security and risk management (44%) as the other benefits of adopting the cloud. “As businesses in Asia increasingly seek reliable and secure cloud solutions with local support, Alibaba Cloud is well positioned to address these needs. Our strong local expertise enables us to support customers, complementary to their internal resources. Additionally, we are committed to talent development and providing businesses with the necessary training and resources to maximise the benefits of our cloud solutions. Businesses can also benefit from a deep understanding of the local market and regulations, faster response times and our extensive experience in a wide range of industries from retail to finance, logistics to entertainment,” adds Jiangwei. Asia-based cloud vendors exceed user expectations The survey showed that, the largest share of businesses (38%) are using regional/Asia-based vendors. In an improvement from the previous survey, an overwhelming majority (91%) of businesses reported that their experience in using cloud services either met or exceeded their expectations, demonstrating the high quality of cloud services available in Asia. In Thailand, a notably high percentage of businesses (64%) have opted for regional/Asia-based vendors, while in South Korea, a larger share of respondents (56%) use local vendors. In terms of industry, businesses in the Manufacturing (42%) tend to use regional/Asia-based vendors while a higher percentage of respondents in the Retail (45%) and Public Sector (45%) favour local vendors.

Colt partners with Venari Security to protect against cyber risks

Colt Technology Services has announced a collaboration with Venari Security. The partnership will give organisations deeper visibility into their encrypted network traffic, improving security and helping them to stay on top of complex regulatory requirements. The collaboration will see Colt integrate VigilanceAI, Venari Security’s Encrypted Traffic Analysis (ETA) platform, into its existing service offering. The platform provides insight and visibility into how encryption is actively used across the enterprise, including cloud, regulated and third-party environments, allowing Colt customers to maintain strong encryption standards while supporting data privacy in transit. By providing this validation and visibility, Colt’s customers can reduce their risk exposure and potential attack surface. Mirko Voltolini, VP Innovation, Colt Technology, says, “At Colt, we look for innovative technologies to help solve our customers’ real business challenges. Venari Security’s solution enables businesses to measure, monitor, and ensure compliance with encrypted communications. Regulated industries and global organisations face significant challenges meeting country-specific and regulatory obligations. In recent years we have seen a significant change in regulatory and privacy laws requiring data to be encrypted in transit. Venari Security’s VigilanceAI platform enables Colt to help our customers solve in a truly innovative way the challenge associated with encrypted communications.” Hiten Mistry, Chief Revenue Officer, Venari Security, says, “We are delighted to partner with such a prominent innovative network and technology operator. With Colt’s footprint across capital markets and enterprise organisations, we are genuinely excited about this partnership. Our platform enables organisations to understand their encrypted communications, highlight risks and ensure that customers meet their privacy and regulatory obligations regarding encryption. Organisations face the potential of significant financial penalties and reputational damage by not adhering to privacy and regulatory compliance. Additionally, with the rise of quantum computing, organisations need to gain visibility of their encrypted communications to deliver a plan for a post-quantum era.” 74% of organisations have reported one or more cyber security incidents in the last 12 months, according to Forrester’s April 2023 'Top Cybersecurity Threats in 2023' report. The VigilanceAI platform consists of two solutions, V-Comply and V-Detect. Colt will be integrating both solutions into its offering, enabling it to provide a thorough TLS attack surface review as part of the routine security hygiene service it offers its customers. The collaboration is the latest to be announced as part of Colt’s ongoing digital transformation programme, focused on enhancing, simplifying and automating systems and processes which directly address customers’ business challenges, to boost Colt’s customer experience.

Türk Telekom delivers DDoS protection services for customers

Türk Telekom has deployed A10 Thunder TPS from A10 Networks to deliver DDoS protection services for its business customers. The service is protecting critical infrastructure from DDoS attacks, enhancing service access reliability for subscribers using on-premises DDoS protection solutions from A10 Networks. Maintaining security and service availability for business customers As one of the first ISPs to invest in cyber security service offerings in Turkey, Türk Telekom aims to protect its business customers with a full range of service options. With its hybrid protection model in managing DDoS services, Türk Telekom is the only service provider in Turkey that provides backbone-level protection against application-layer attacks with its DDoS 7+ services. In today’s world, where the number of DDoS attacks rise continually at a significant rate, Türk Telekom started offering an advanced DDoS protection solution, capable of separating legitimate traffic from illegitimate, to provide consistent and reliable service availability for customers. With this solution, the company achieved enhanced protection of its own network backbone, automation and high capacity. “As a leading cyber security service provider in Türkiye, we understand our customer’s needs and improve our product portfolio continuously to ensure strong security and resilient infrastructure with our unique managed security experience,” says Zeynep Özden, Türk Telekom Marketing and Customer Experience Assistant General Manager. “A10’s superior detection and mitigation capabilities supporting a DDoS scrubbing service, in addition to high performance and scalability, is very attractive to Türk Telekom. Türk Telekom is protecting its customers’ critical infrastructure from cyber security threats and maintaining service availability with a resilient infrastructure built on A10 technology,” says Dhrupad Trivedi, President and CEO of A10 Networks.

Acronis simplifies endpoint security with new EDR solution

Acronis has announced the general availability of Acronis Advanced Security + Endpoint Detection and Response (EDR) for Acronis Cyber Protect Cloud. With new capabilities such as AI-based attack analysis, Acronis EDR reduces complexity and simplifies workflows for a more streamlined operation, making it easier for MSPs and the businesses they serve to deploy comprehensive security and data protection. With more organisations turning to MSPs for their backup and security needs, and with a greater need for simplicity and efficiency, Acronis EDR aims to expand the adoption of advanced security capabilities, helping organisations of all sizes better protect themselves. “With the proliferation of endpoints and increasing frequency of cyber threats, EDR has become a mission-critical tool in incident response and the fight for data protection. But solutions that are difficult to deploy and maintain are an obstacle,” says Research Vice President of Security and Trust Michael Suby at IDC. “The best solutions deliver the advanced security of EDR and meet the needs of the IT professionals who use it. That means easy deployments and rapid detection, response, and recovery with AI and automation on board.” Acronis EDR offers a broad number of out-of-the-box recovery options that take advantage of integration with Acronis Cyber Protect’ backup and recovery, endpoint management, and endpoint security capabilities. Designed for managed service providers (MSPs), it allows them to quickly and easily analyse and prioritise security incidents, minimise downtime, and maintain business continuity while keeping their clients safe and protected. “Other EDR tools can be over-complicated and force MSPs into expensive, time-consuming processes to implement and understand. Acronis EDR delivers a robust EDR solution that is easy to deploy and use while following industry-established standards like the NIST cyber security framework and mapping to the MITRE ATT&CK framework,” says Candid Wüest, VP of Research at Acronis. “By rapidly understanding attack analysis and impact, Acronis EDR users can quickly evaluate a potential threat, gain insight into how an attacker gained access, what damage was caused, and how the attack might spread.” Acronis EDR delivers: • Optimised incident analysis to quickly and easily analyse and prioritise security incidents and potential attacks without relying on costly security expertise or time-consuming processes. • Integrated security with backup and recovery, for comprehensive protection critical to minimising downtime and maintaining business continuity in the event of an attack. • A complete cyber protection solution in a single agent - simple for MSPs to deploy, manage, and scale - that eliminates the cost, complexity, and security gaps inherent in multiple-point solutions.

Nebulon launches TripLine

Nebulon has announced TripLine, a new threat detection service designed to alert customers when a cryptographic ransomware attack has been detected, as well as the precise location and point-in-time the attack occurred. The company also announced smartDefense, a cyber security solution that narrows threat vectors, detects ransomware attacks, and accelerates recovery. Despite the growing awareness about the dangers of ransomware - nearly two-thirds (63%) of the codebases in production have unpatched vulnerabilities rated ‘High’ or ‘Critical’ according to the March 2023 Unit 42 Cloud Threat Report. The same report also cites an average response time of approximately six days to a security alert, whereas it only takes a few hours for threat actors to start exploiting a newly disclosed vulnerability. Nebulon TripLine is the first combined server-storage threat detection solution for cryptographic ransomware. The new smartInfrastructure service can identify attacks on application data as well as the operating system and application software. TripLine is enabled within two parts of the Nebulon solution: (1) the Nebulon Secure Enclave, an isolated infrastructure domain that includes all server lights-out management, data services, boot and data volumes, and attached SSDs, and (2) the Nebulon ON cloud control plane. Machine learning (ML) runs in the Secure Enclave and identifies encrypted versus unencrypted blocks in real time. Every 30 seconds, these results are sent to the Nebulon ON cloud, which uses a combination of ML and statistical models to compare that data to the historical average of encrypted blocks for a given volume. A spike in encrypted blocks will generate an alert within a few minutes of the first suspicious result. “As a provider of electronic medical records and practice management solutions, HIPAA compliance is a top priority for our organisation and our clients,” says Hamid Amjadi, CTO of Prime Clinical Systems. “Nebulon’s new ransomware detection service, combined with its existing recovery features, helps us better protect patient privacy and should be a checklist item for any healthcare provider looking to bolster HIPAA compliance.” Hyper-converged infrastructure (HCI), which provides no isolation between infrastructure services and application services, is particularly vulnerable to cyber attacks. When the HCI operating system (OS) becomes infected, data services become unavailable and the disks that store snapshots protecting application data become compromised, making fast recovery impossible. This leaves enterprises with no choice but to re-install and reconfigure operating systems and clustering software, then recover application data from backup servers which also likely have been compromised - a process that can take days or even weeks. Unlike HCI, Nebulon TripLine enables performant ransomware detection and recovery of the entire physical infrastructure without resorting to re-installation or backups. Combined with Nebulon ON, enterprises can benefit from push-button, API-accessible recovery of all affected volumes using TimeJump, Nebulon’s four-minute ransomware recovery service. Nebulon also announced smartDefense, a new smartInfrastructure solution for narrowing threat vectors, detecting ransomware breaches, and accelerating recovery. smartDefense is intended to complement what organisations have in place for their cyber security framework, adding a solution for the deep server-storage application infrastructure. smartDefense protection relies on Nebulon ImmutableBoot, which maintains a known good version of the operating system and application stack within the Secure Enclave of every server. With every reboot, the server reverts to this trusted software instance, eliminating errant firmware updates or dormant malware in the process. smartDefense detection and recovery capabilities leverage Nebulon TripLine and Nebulon TimeJump. TimeJump can rapidly recover operating systems, application configurations, and data, reducing recovery time from days to less than four minutes for multiple clusters simultaneously. With the addition of TripLine to the smartDefense solution, customers can precisely identify the point of attack within their infrastructure and revert to a secure state using TimeJump, resulting in a significant reduction in overall threat response and recovery time. “The focus is shifting from perimeter-level protection to comprehensive solutions that cover the entirety of an organisation's infrastructure, and there are woefully few options to protect the server-storage infrastructure,” says Siamak Nazari, Nebulon CEO. “Since powerful detection and recovery services are architecturally built-in, not bolt-on, CISOs and CIOs should demand such capabilities be an inherent part of any modern infrastructure deployment.”