Security

Veeam partners with Microsoft

Veeam Software has announced that it is integrating Veeam Backup for Microsoft 365 with Microsoft 365 Backup via its backup APIs to bring customers and partners new capabilities for backup, recovery, ransomware protection and business continuity. Veeam plans to utilise this integration to deliver new innovations and experiences to Microsoft customers that need the very best data protection and ransomware recovery to keep their businesses running. “Today, every business is a digital business,” says Danny Allan, CTO at Veeam. “That means fast, reliable access and availability of data is critical to keep businesses running. Veeam is the leading provider of backup and recovery for Microsoft 365, with over 15 million users protected. We’re delighted to extend our advanced capabilities to customers and partners using Microsoft 365 Backup. We plan to deliver innovative new features and capabilities, taking advantage of the power and reliability of the Veeam data platform which keeps businesses running.” “We’re excited to work with Veeam, and look forward to the unprecedented speed and scale of backup and restore experiences they can bring to customers with our new Microsoft 365 Backup solution,” says Jeff Teper, President, Collaboration Apps and Platforms, Microsoft. Veeam Backup for Microsoft 365 Veeam Backup for Microsoft 365 is being used to protect more than 15 million users. This adoption reflects customers’ shared responsibility to own and protect their critical Microsoft 365 data, eliminating the risk of losing Microsoft 365 data. It provides the lowest recovery point objectives (RPO), the broadest set of recovery options, and the flexibility to back up Microsoft 365 data to any location. Availability Work on the integration between Veeam Backup for Microsoft 365 and Microsoft 365 Backup via its backup APIs is underway, with general availability of the updated offering expected within 90 days of the Microsoft 365 Backup service being available. Click here for latest data centre news.

GovAssure, cyber security and NDR

By Ashley Nurcombe, Senior Systems Engineer UK&I, Corelight We live in a world of escalating digital threats to government IT systems. The public sector has recorded more global incidents and data breaches than any other over the past year, according to a recent Verizon study. That’s why it is heartening to see the launch of the new GovAssure scheme, which mandates stringent annual cyber security audits of all government departments, based on a National Cyber Security Centre (NCSC) framework. Now the hard work starts. As government IT and security leads begin to work through the strict requirements of the Cyber Assessment Framework (CAF), they will find network detection and response (NDR) increasingly critical to these compliance efforts. Why we need GovAssure GovAssure is the government's response to surging threat levels in the public sector. It is not hard to see why it is such an attractive target. Government entities hold a vast range of lucrative citizen data which could be used to carry out follow-on identity fraud. Government services are also a big target for extortionists looking to hold departments hostage with disruptive ransomware. And there's plenty of classified information in there for foreign powers to go after to gain a geopolitical advantage. Contrary to popular belief, most attacks are financially motivated (68%), rather than nation-state attempts at espionage (30%). That means external, organised crime gangs are the biggest threat to government security. However, internal actors account for nearly a third (30%) of breaches, and collaboration between external parties and government employees or partners accounts for 16% of data breaches. When the cause of insider risk is malicious intent rather than negligence, it can be challenging to spot because staff may be using legitimate access rights and going to great lengths to achieve their goals without being noticed. Phishing and social engineering are still among threat actors' most popular attack techniques. They target distracted and/or poorly trained employees to harvest government logins and/or personal information. Credentials are gathered in an estimated third of government breaches, while personal information is taken in nearly two-fifths (38%). Arguably the shift to hybrid working has created more risk here as staff admit being more distracted when working from home (WFH), and personal devices and home networks may be less well protected than their corporate counterparts. The growing cyber attack surface Several other threat vectors are frequently probed by malicious actors, including software vulnerabilities. The new Freedom of Information data reveals a worrying number of government assets are now using outdated software that vendors no longer support. Connected Internet of Things (IoT) devices are an increasingly popular target, especially those with unpatched firmware or factory default/easy to guess passwords. Such devices can be targeted to gain a foothold in government networks and/or to sabotage smart city services. Finally, the government has a significant supply chain risk management challenge. Third-party suppliers and partners are critical to efficiently delivering government services. But they also expand the attack surface and introduce additional risk, especially if third parties aren't properly and continuously vetted for security risks. Take the recent ransomware breach at Capita, an outsourcing giant with billions of pounds of government contracts. Although investigations are still ongoing, as many as 90 of the firm's clients have already reported data breaches due to the attack. What the CAF demands In this context, GovAssure is a long overdue attempt to enhance government resilience to cyber risk. In fact, Government Chief Security Officer, Vincent Devine, describes it as a "transformative change" in its approach to cyber that will deliver better visibility of the challenges, set clear expectations for departments and empower security pros to strengthen the investment case. Yet delivering assurance will not be easy. The CAF lists 14 cyber security and resilience principles, plus guidance on using and applying the principles. These range from risk and asset management to data, supply chain and system security, network resilience, security monitoring and much more. One thing becomes clear, visibility into network activity is a critical foundational capability on which to build CAF compliance programmes. How NDR can help NDR (Network Detection and Response) tools provide visibility. This kind of visibility will enable teams to map assets better, ensure the integrity of data exchanges with third parties, monitor compliance and detect threats before they have a chance to impact the organisation. Although the CAF primarily focuses on finding known threats, government IT leaders should consider going further, with NDR tooling designed to go beyond signature-based detection to spot unknown but potentially malicious behaviour.  Such tools might use machine learning algorithms to learn what regular activity looks like to better spot the signs of compromise. If they do, IT leaders should avoid purchasing black box tools that don't allow for flexible querying or provide results without showing their rationale. These tools can add opacity and assurance/compliance headaches. Open-source tools based on Zeek may offer a better and more reasonably priced alternative. Ultimately, there are plenty of challenges for departments looking to drive GovAssure programmes. Limited budgets, in-house skills, complex cyber threats, and a growing compliance burden will all take its toll. But by reaching out to private sector security experts, there is a way forward. For many, that journey will begin with NDR to safeguard sensitive information and critical infrastructure. Click here for more thought leadership.

Six Degrees gains Microsoft Cloud Security

Six Degrees has announced that it has successfully renewed its Microsoft Azure Expert MSP status and gained new Microsoft Cloud Security and Threat Protection specialisations.  These credentials demonstrate its commitment to holding deep technical expertise, backed by a demonstrable track record and a strategic relationship with Microsoft. Combined, they allow the company to enable organisations to achieve more through secure, integrated cloud services.   This brings several benefits to customers:  Designations aligned to the Microsoft solution areas recognise its broad technical capabilities and demonstrated success delivering technology solutions.  Benefits aligned to its solutions partner designations include product benefits, go to market services, co-sell eligibility, skilling and sales enablement resources, making it easier for customers to buy Microsoft solutions.  Specialisations further validate deep technical expertise after the company attains a Solutions Partner designation, giving customers reassurance that it is well placed to maximise its Microsoft investments.  Simon Crawley-Trice, CEO, Six Degrees, says, “I am delighted to have renewed our status as an Azure Expert MSP program member and I look forward to enabling many more organisations to succeed through the intelligent application of Microsoft technology. This isn’t a time to rest on our laurels, though. At Six Degrees we never stand still when it comes to our partnerships, and we will work to attain further specialisations which align to our core capabilities across cloud, cyber security and connectivity.”  Eleri Gibbon, Director, Services Partners, Microsoft UK, says, “In today’s challenging operating landscape, organisations will benefit from integrated secure cloud solutions that enable them to achieve competitive differentiation while protecting their people and their customers. By embracing the Microsoft Azure stack throughout their secure cloud offerings, Six Degrees is well placed to deliver these solutions to benefit organisations throughout the UK.” 

Acronis releases Mid-Year Cyberthreats Report

Acronis has released its ‘Mid-Year Cyberthreats Report, from Innovation to Risk: Managing the Implications of AI-driven Cyberattacks’. The study is based on data captured from many global endpoints and provides insight into the evolving cyber security landscape. It also uncovers the growing utilisation of generative AI systems by cybercriminals to craft malicious content and execute sophisticated attacks. The biannual threat report highlights ransomware as the dominant risk to small and medium size businesses. And while the number of new ransomware variants continues to decline, ransomware attacks’ severity remains significant. Equally concerning is the growing prominence of data stealers who leverage stolen credentials to gain unauthorised access to sensitive information.  “The volume of threats in 2023 has surged relative to last year, a sign that criminals are scaling and enhancing how they compromise systems and execute attacks,” says Candid Wüest, Acronis VP of Research. “To address the dynamic threat landscape, organisations need agile, comprehensive, unified security solutions that provide the necessary visibility to understand attacks, simplify context, and provide efficient remediation of any threat, whether it may be malware, system vulnerability, and everything in between.” According to the report's findings, phishing is the primary method criminals leverage to unearth login credentials. In the first half of 2023 alone, the number of email-based phishing attacks has surged 464%, when compared to 2022. There has also been a 24% increase in attacks per organisation. Over the same frame, Acronis-monitored endpoints observed a 15% increase in the number of files and URLs per scanned email. Cyber criminals have also tapped into the burgeoning large language model (LLM)-based AI market, using platforms to create, automate, scale, and improve new attacks through active learning.  The cyberattack landscape is evolving Cyber criminals are becoming more sophisticated in their attacks, using AI and existing ransomware code to drill deeper into victims’ systems and extract sensitive information. AI-created malware is adept at avoiding detection in traditional antivirus models, and public ransomware cases have exploded relative to last year. Acronis picks up data about how these cybercriminals operate and recognises how some attacks have become more intelligent, sophisticated and difficult to detect. Drawing from research and analysis, key findings from the report include: Acronis blocked almost 50m URLs at the endpoint in Q1 2023, a 15% increase over Q4 2022.  There were 809 publicly mentioned ransomware cases in Q1 2023, with a 62% spike in March over the monthly average of 270 cases. In Q1 2023, 30.3% of all received emails were spam and 1.3% contained malware or phishing links.   Each malware sample lives an average of 2.1 days in the wild before it disappears. 73% of samples were only seen once. Public AI models are proving an unwitting accomplice for criminals looking for source code vulnerabilities, creating attacks and developing fraud prevention-thwarting attacks like deep fakes.  Cybercriminal gangs phish to acquire credentials, extract data and dollars, of note: Phishing remained the most popular form of stealing credentials, making up 73% of all attacks. Business email compromises (BECs) were second, at 15%. The LockBit gang was responsible for major data breaches. Clop breached a mental health provider’s system, affecting the personal and HIPAA-covered data of more than 783,000 individuals. BlackCat stole more than 2TB of secret military data, which included personal information of employees and customers, from an Indian industrial manufacturer. Vice Society compromised 1,200 servers and the personal information of 43,000 students, 4,000 academic staff and 1,500 administrative staff at the University of Duisburg-Essen in Germany. Breaches demonstrate major security concerns Traditional cyber security methods and lack of action let attackers in, the report shares: There is a lack of strong security solutions in place that can detect zero-day vulnerability exploitations. Organisations often fail to update vulnerable software in a timely manner, long after a fix becomes available.   Linux servers face inadequate protection against the cybercriminals who are increasingly going after them.   Not all organisations follow proper data backup protocol, including the 3-2-1 rule. With these trends in mind, Acronis emphasises the need for proactive cyber protection measures. A sound cybersecurity posture requires a multi-layered solution that combines anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM, and backup capabilities. Leveraging an advanced solution that combines AI, machine learning, and behavioural analysis can help mitigate the risks posed by ransomware and data stealers.

Node4 announces the acquisition of ThreeTwoFour

Node4 has announced the acquisition of ThreeTwoFour to strengthen its cyber security offering and expand in the finance and banking sector. This is its third significant growth purchase in the last 18 months, having also bought risual and Tisski. ThreeTwoFour is renowned for its extensive suite of information security services, including programme delivery, cyber strategy, risk and control assessment, and governance. It also brings strong experience across the financial services sector. In addition, its expertise in M&A Cyber Due Diligence adds further capabilities to the company’s solutions and services portfolio.  The acquisition significantly enhances Node4’s security and transformation capabilities, particularly for enterprise-level clients. Drawing on ThreeTwoFour’s capabilities, the company will also be better equipped to meet the increasing requirements in the public sector and government frameworks for effective cyber security solutions.  Alex Coburn, Founder, ThreeTwoFour, along with his leadership team, will remain with the business as it integrates with Node4. The brand will also function as the consultative arm of security practice.   With its core team based in the UK, ThreeTwoFour is also supported by specialists working remotely from all over the world. Alongside its Cyber Essentials Certification, the firm provides expertise in various other sectors, such as data loss prevention, risk management and security architecture.

Indusface reveals cyber secure countries for business

Recent research has shown that 68% of high-revenue growth companies have embraced a hybrid model worldwide. With businesses enjoying remote or hybrid working, benefits including reduced maintenance costs, improved flexibility and extended talent pool, cyber security awareness has become more critical than ever. With this in mind, Indusface has been intrigued to find out the most secure countries for businesses to allow their employees to work from, by creating an index score based on cyber security data including DDOS attacks, phishing sites, malware hosting sites and compromised computers. Indusface found out that UK only ranked 12th most cyber secure European country and 40th in the global ranking, with an overall cyber security index score of 71.19/100. It has an average of 680 phishing sites and 750 malware hosting sites per 100,000 URLs, meaning that the chances of sites being fake or containing malware could be high. Top 10 most cyber secure European countries to work from RankCountryDDOS  attacks per 100,000 Internet UsersPhishing sites  per 100,000 URLsMalware  hosting sites  per 100,000 URLsCompromised  computers   per 100,000 internet users Cyber security index score (/100)= 1Finland793204304782.45= 1Belgium3142803901182.453Austria17526034013780.594Switzerland  2034604701778.09= 5Sweden9441039073676.31= 5Greece3863704402576.317Norway4753404901475.518France506108503174.92= 9 Germany1774805707573.89= 9 Estonia6985404401473.89 *Total DDOS attacks were counted between 2015 to 2021.  **Compromised computers = have been infected with the Gamarue botnet. The company found out that Finland and Belgium share the title of the most secure European countries for businesses to allow employees to remotely work from, each with a cyber security score of 82.45 out of 100.  Finland has received the second lowest number of DDOS attacks (79) during 2015 to 2021, only 29 attacks higher than France, who has the lowest among the top 10 European countries. This is an important factor for businesses to consider, as successful DDOS attacks could block your business sites and bring down all servers and connections you depend on.  Contributing to Belgium’s top ranking is that it has the lowest number of compromised computers per 100,000 internet users (11) in the country. Computers that have been infected with the Gamarue botnet open doors to hackers and make it easier for them to take control of your business data and devices. Belgium also has the second lowest malware hosting sites, with an average of 390 sites per 100,000 URLs.  Ranking third is Austria with an overall cyber security index score of 80.59/100. Boasting the lowest number of both malware hosting sites (34) and phishing sites (260) per 100,000 URLs, the country owns less sites that contain malware, making businesses less worried about sensitive information being stolen.  In fourth place is Switzerland with a cyber secure index score of 78.09/100. Sweden and Greece rank fifth place with a score of 76.31/100.  Five least cyber secure European countries to work from RankCountryDDOS  attacks per 100,000 Internet UsersPhishing  sites per 100,000 URLsMalware  hosting  sites per 100,000 URLsCompromised  computers per 100,000 internet users Cyber security score (/100)1Bulgaria167.4012201,17043051.822Serbia173.617807901,46753.833Lithuania560.7410108403855.774Romania118.0010407201,43556.015Croatia724.607503402,10556.57 Bulgaria ranks the least secure for businesses to allow employees to remotely work from, with a total cyber security score of only 51.82 out of 100. With 1,220 phishing sites and 1,170 malware hosting sites per 100,000 URLs, businesses in the country will need to be extra careful when identifying whether a website is genuine. Serbia owns one of the highest number of compromised computers per 100,000 internet users (1,467), which leads to its low cyber security score of 53.83, ranking as the second least cyber secure European country. Venky says, “attracting top talent through remote work can revolutionise your business. However, it also leaves your sensitive data and assets vulnerable to hackers. Therefore, it is important to be prepared to address remote work security risks. There are a few points when recruiting talents globally. “Firstly, you could consider which countries are least targeted by hackers and least risk to your cyber security. Secondly, look at regulations that govern data security. For example, GDPR is probably the gold standard when it comes to data security. Thirdly, research law enforcement. This indicates how quickly people will be punished when committing cyber crime. Fourthly, get to know the government grants. Cyber security grants are provided to SMBs who tend to be more susceptible to attacks. Finally, the level of cyber security awareness in the generation also affects how likely hackers would commit cyber crimes.”  Venky continues, “There is no one way to secure remote working but instead you should make remote work access security an integral part of your employee’s ongoing training and workplace culture. There are six best practices for secure remote working within your business.” The six best practices include: Create strong authentication  It starts by identifying the remote worker before a worker can access corporate data and assets. From this, a company can build audit trails of the actions against the identity. Update systems and encrypt devices Outdated technology could open doors to hackers with credential information like credit cards being stolen. Cases like this will have a fatal hit on a business’s reputation as well as cyber security. It is highly recommended that all the devices be updated and encrypted with SSL certificates. Conquer internal security risks Working habits could lead to malware or ransomware attacks that could put a company and clients at risk. Indusface recommends hosting full employee training on cyber security and making it fun. The team can get engaged in the training by setting up phishing email simulators so they could see the potential dangers in action.  Avoid weak or duplicate passwords Many businesses share duplicate passwords for multiple accounts. Research shows hackers rely on weak passwords when brute forcing PoS terminals. Use an automatic password generator to create safe and secure passwords company wide.  Only upload files to secure systems Hackers could upload their own files with malicious code that can be executed directly on company’s server. Therefore, it is important to avoid storing data in unencrypted storage, leaving data on devices without password protection, and attaching sensitive information directly into an email.  Secure web application security Using a combination of open-source CMS and cloud-based apps increases remote work risks. It should be considered as part of a company’s security policy to approve web app purchases and free downloads. The data was collected in June 2023 and is correct as of then.

Lacework publishes The Modern CISO Network: Board Book

Lacework has announced the release of the first edition of The Modern CISO Network: Board Book. Security has become a business-critical priority for every organisation and proposed new rules from the Securities and Exchange Commission (SEC) would require the board of directors of public companies to disclose which members, if any, have security experience. Lacework’s first edition aims to help close the cybersecurity knowledge gap in today’s boardrooms by highlighting more than 140 board-ready security leaders. A recent Harvard Business Review survey of 600 boardrooms revealed that just 47% regularly interact with their company’s CISO. That is likely because most boards don’t have anyone with the security expertise to speak the CISO’s language. According to research from the CAP Group, among Fortune 100 companies, just 51% have directors with relevant cybersecurity experience. The situation is even more alarming in the Fortune 500, where only 9% of boards have directors with a strong understanding of cybersecurity. In the Russell 3000, just 8% of companies have directors with cybersecurity acumen. These statistics underscore the urgent need for organisations to prioritise cybersecurity expertise at the board level to effectively address the evolving threat landscape. “Cybersecurity goes beyond addressing technical risks. It is an organisational problem that requires business alignment and should be viewed as a strategic imperative,” says David Christensen, Chief Information Security Officer, PlanSource. “Cybersecurity experience at the board level is necessary to overcome the perplexities that often accompany discussions around cyber-risk, allowing boards to ask the right questions and provide the right oversight.” Adding to the urgency, the SEC is expected to enforce new regulations that would require public companies to disclose which board members have security knowledge or experience, along with details about the board’s approach to cyber oversight. “Imagine if a corporate board had not a single director who understood how to read and interpret financial statements, or who could recognise that the CFO had overlooked some critical matter that had the potential to bankrupt the company. It is clear how that story would end. Somehow, however, despite all of us recognising that cyberattacks can inflict tremendous damage upon a business, many boards oversee cyber-risk management with essentially the same level of blindness,” says Joseph Steinberg, Cybersecurity Board Member, Author, and Expert Witness. “Boards need to alter their composition to include directors who understand cybersecurity at a strategic level, who know how to oversee cyber-risk management and the function of making a business resilient against cyberthreats, and who can help boards appropriately direct and maintain their cyber-risk oversight focus.” The Modern CISO Network: Board Book is a directory of qualified senior security leaders that are ready to advise and guide businesses, as they navigate the evolving cybersecurity landscape. By creating a diverse network of experienced security leaders, the book aims to elevate the role of the CISO and simplify the process for companies to find the guidance they need to navigate security threats.

Cato Networks has announced a new SASE throughput record, achieving 5Gbps on a single encrypted tunnel with all security inspections enabled. “Once again, Cato has set the mark for SASE at scale,” says Gur Shatz, Co-Founder, President, and COO of Cato Networks. "Pushing the boundary of SASE throughput worldwide is more than an engineering achievement. It demonstrates how quickly a platform with a cloud-native architecture can make new technology globally available."  As larger enterprises adopt SASE, higher capacity connections are needed for interconnecting data centres and private clouds. Cato meets that need with leading support for 5Gbps throughput on a single, encrypted tunnel regardless of security inspections. Previously, Cato supported a maximum of 3Gbps per tunnel. The improved throughput underscores the benefits of a cloud-native architecture. It nearly doubled the performance of the Cato Socket without requiring any hardware changes. This was only possible because Cato runs the compute-intensive operations that normally degrade edge appliance performance, in the Cato Single Pass Processing Engine (SPACE) running across Cato PoPs. By improving SPACE, all edges connected to the Cato SASE Cloud gain increased throughput. Replacement of the Cato Socket is not required. By contrast, SASE solutions implemented as virtual machines (VMs) in the cloud or modified web proxies remain limited to under 1Gbps of throughput for a single tunnel. This limitation forces enterprises to have their edge appliance create and manage multiple tunnels and load-balance their traffic between them. Cato is also delivering 5Gbps connections to other cloud providers. The new Cato cross-connect will enable private, high-speed layer-2 connections between Cato and any other cloud provider connecting to the Equinix Cloud Exchange (ECX) or Digital Reality. The Cato cross-connect meets the need for multicloud and hybrid cloud deployments that demand reliable, high-throughput connections. It also enables channel partners to deliver Cato SSE 360 into legacy deployments by establishing a network-to-network interface (NNI) into the Cato SASE Cloud.

BlueHat Cyber improves data centres with Tintri solutions

Tintri has announced that BlueHat Cyber has implemented Tintri’s VMstore solutions as the backbone of its Infrastructure as a Service (IaaS) and Disaster Recovery as a Service (DRaaS) business. Its technology allows BlueHat Cyber to offload time-consuming administrative storage tasks and replicate across data centres, so it can focus on providing its clients with premium service. BlueHat Cyber offers a cyber security portfolio and assists in planning, design, integration, operation, and optimisation of organisations’ IT security requirements. It needed a solution to simplify storage management, improve I/O and replicate workloads across multiple data centres, and chose Tintri VMstore as the solution for its benefits with fast asynchronous replication, increased uptime and performance, and ‘set it and forget it’ operations. Now, BlueHat Cyber’s US Virtual Data Centre is running on 100% Tintri VM-aware technology because it is a purpose-built solution to store and manage virtualised workloads in enterprise data centres. “We went from spending eight to 10 hours a week managing storage to maybe taking a glance at it once in a blue moon. We basically set it and forget it. When looking at a new client proposal, we consider if we have the capacity to take it on, but we never have to think about I/O performance, regardless of how intense the workload,” says Tim Averill, CTO, BlueHat Cyber. “The key to a simple and successful hybrid cloud deployment is the use of best-of-breed technologies and industry best practices along with the support from an experienced MSP partner who can make the most cost-effective and future-proof recommendations, allowing your infrastructure to grow with your business,” says Brock Mowry, CTO, Tintri. “We are proud to see Tintri VMstore deliver on simplified and worry-free data management as it has proven to do for BlueHat Cyber.”

Invicti Security appoints Lou DiFruscio as CRO

Invicti Security has announced that Lou DiFruscio has joined its executive leadership team as Chief Revenue Office (CRO). DiFruscio brings over 25 years of leadership and experience, and will be accelerating the ongoing expansion and high-growth success of the global company in the enterprise, small to medium enterprise, and channel segments. Previously, Lou served as Chief Revenue Office for SmartBear. Over his eight-year tenure there, he helped drive and lead 400% sales growth. “Operating in the growing AppSec and API security market gives us an opportunity to expand like few other industries have in the current economic environment,” says Lou. “We will continue to build an outstanding sales organisation and culture of performance, by investing in our people, prioritising our customers, and bringing to market our leading DAST, IAST, SCA, and API security solutions.” “Lou brings decades of experience and sales excellence to our organisation,” says Michael George, CEO of Invicti. “His depth of knowledge and track record of building customer-focused, performance-oriented teams will support our success as we continue to up level our business and support our growing customer base.”