Connect with us
CCW 2024

Cyber Security

Mimecast Joins XDR Alliance as a Founding Member

Published

on

Mimecast has announced it has joined Exabeam’s XDR Alliance as a founding member. The alliance is a partnership of leading cybersecurity industry innovators committed to an inclusive and collaborative extended detection and response (XDR) framework and architecture. The goal of the XDR Alliance is to foster an open approach to XDR which is essential to enable organizations everywhere to protect themselves against the growing number of cyberattacks, breaches, and intrusions.

“We are thrilled to be a founding member and inaugural email security partner in the XDR Alliance,” said Jules Martin, vice president of ecosystem and alliances at Mimecast. “We see collaboration in security being essential in keeping our customers safe, and leveraging the members’ interconnected, best in class cybersecurity solutions, which allows joint customers to benefit greatly.”

Collaboration is at the core of Mimecast’s industry-leading cyber resilience ecosystem, which includes Exabeam plus 60 other partners, and supports the open framework that is engineered to underpin threat sharing, control points, and remediation capabilities which are fundamental to the modern enterprise. The integration among the XDR members is designed to allow organizations to gain greater insights into their threat landscape, reduce complexity, minimize risk and improve threat detection and response times.

“History will look back and declare how well the cybersecurity industry succeeded in putting collaboration above the competition to help protect our organizations and institutions,” said Gorka Sadowski, chief strategy officer, Exabeam and founder of the XDR Alliance. “We are at an inflection point with an extremely fragmented industry that requires all of us in the vendor community to come together to strengthen organizations’ SOCs. The XDR Alliance brings together the most forward-thinking names in cybersecurity to collaborate on building an XDR framework that is open and will make it easier for security operations (SecOps) teams to protect and secure their organizations.”

The charter of the XDR Alliance is to define an inclusive and open XDR framework and architecture that enables SecOps teams to improve their SOC and their threat detection, investigation, and response (TDIR) by better integrating their current, evolving, and new tools and applications. The open framework will help ensure better interoperability across XDR security technologies resulting in shorter time to value and greater ease of use for security teams. The alliance will also foster collaboration on XDR market education and awareness.

The XDR Alliance has developed a three-tier model that focuses on the core components of the XDR technology stack, which can be broken down into three tiers:

  • Data sources / Control points – This refers to the security tooling that generates telemetry, logs and alerts, and that act as control points for a response.
  • XDR Engine – This tier is the engine that ingests all the collected data and performs broad threat detection, investigation, and response (TDIR) for SOC operations.
  • Content – This tier includes the pre-packaged content and workflows that allow security organizations to deliver on required use cases with maximum efficiency and automation.

XDR Alliance members represent the subcategories of SecOps including security analytics, security information and event management (SIEM), data lake, endpoint, identity management, email security and archive, cloud, network, OT/IoT as well as managed security service providers (MSSPs), Managed Detection and Response Services (MDRs) and Systems Integrators (SIs).

Cyber Security

Kaspersky Warns of Android Malware Exhibiting Diverse Features

Published

on

Three new dangerous Android malware variants have been analyzed by Kaspersky researchers. The Tambir, Dwphon, and Gigabud malicious programs exhibit diverse features, ranging from downloading other programs and credential theft to bypassing two-factor authentication and screen recording, jeopardizing user privacy and security.

In 2023, Kaspersky Solutions blocked nearly 33.8 million attacks on mobile devices from malware, adware, and riskware, highlighting a 50% global increase in such attacks from the previous year’s figures. Android malware and riskware activity surged in 2023 after two years of relative calm, returning to early 2021 levels by the end of the year. That said, the number of unique installation packages dropped from 2022, suggesting that malicious actors were more frequently using the same packages to infect different victims: last year Kaspersky detected more than 1.3 million unique malicious installation packages targeting the Android platform and distributed in various ways. Among these were Tambir, Dwphon and Gigabud malicious programs with the diverse features below described.

Tambir is a spyware application disguised as an IPTV app. It collects sensitive user information, such as SMS messages and keystrokes, after obtaining the appropriate permissions. The malware supports over 30 commands retrieved from its Command and Control server and has been compared to the GodFather malware, both targeting users mainly in Turkey, though several other countries were also affected.

Gigabud, active since mid-2022, was initially focused on stealing banking credentials from users in Southeast Asia, but later crossed borders into other countries and regions. It has since evolved into fake loan malware and is capable of screen recording and mimicking tapping by users to bypass two-factor authentication.

Dwphon, discovered in November 2023, targets cell phones from Chinese OEM manufacturers, primarily targeting the Russian market. The same malware earlier had been found in the firmware of a kids’ smartwatch by an Israeli manufacturer distributed mainly in Europe and the Middle East. Dwphon is distributed as a component of a system update application and collects information about the device as well as personal data. It also gathers information regarding installed third-party applications and is capable of downloading, installing and deleting other applications on the device. One of the analyzed samples also included the Triada trojan, one of the most widespread mobile trojans of 2023, which suggests that Dwphon modules are Triada-related.

“As Kaspersky’s mobile threats report shows, Android malware and riskware activity surged in 2023 after two years of relative calm, returning to levels seen in 2021 by the end of the year. Users should exercise caution and should avoid downloading apps from unofficial sources, meticulously reviewing app permissions. Frequently, these apps lack exploitation functionality and depend solely on permissions granted by the user. Furthermore, using anti-malware tools can help preserve the integrity of your Android device,” comments Jornt van der Wiel, senior security researcher at Kaspersky’s GReAT.

Continue Reading

Cyber Security

Intercede Intros MyID MFA v5

Published

on

Intercede has announced the launch of MyID MFA (Multi-Factor Authentication) 5.0. The latest addition to the MyID product family raises the security bar, by enabling organizations to protect on-premise and cloud-based applications, as well as the Windows desktop logon (on and off-line) with a range of phishing-resistant MFA options including OTP (one-time passwords), mobile apps, syncable FIDO passkeys and biometric protected hardware devices.

Bringing enterprise-managed FIDO passkeys into MyID MFA makes it easy to FIDO-enable multiple applications and deploy passkeys to end users, enhancing security and improving the user experience. MyID MFA acts as both a FIDO authentication server and a passkey issuance solution. End users authenticate to MyID MFA with their passkey, and by support for standard federated identity protocols, MyID MFA provides authentication services to multiple applications including cloud, on-premise and Windows desktop logon.

Organizations can choose from syncable passkeys, that use the FIDO protocol built into mobile devices and web browsers, to deliver a simple, secure and passwordless authentication process, via fingerprint, face ID or PIN. For organizations requiring higher levels of security and control, MyID MFA supports device-bound passkeys, such as Yubikey and the innovative YubiKey Bio device, which delivers a similarly seamless authentication experience while ensuring the highest level of security.

MyID MFA also enables the federation of applications (the ability to share identity and authentication information between systems in a managed way), be they cloud-based or on-premise, with support for standards-based protocols such as OpenID Connect and SAML. With federated identity provider (IDP) capabilities built into MyID MFA, it is a natural successor to Microsoft ADFS (Active Directory Federation Services). In addition to acting as an IDP, MyID MFA enables federations with an organisation’s existing credentials and identity providers, including Google and Microsoft Authenticator apps. This allows users to use the apps they are already familiar with and enables organisations to use credentials that are already deployed, reducing operational costs and speeding up the time to deployment.

MyID MFA supports the delivery of a unified authentication experience across the entire application suite, including authentication to applications, accessing self-service portals (to reset credentials), as well as logging on to the Windows desktop. The Windows Desktop Agent has been enhanced in v5.0 with added support for federation, the inclusion of third-party authenticators and FIDO passkeys, meaning organizations have a wider choice than ever on how to protect the primary gateway to their data, networks and applications, regardless of whether they are on Windows 11 or Windows 10 devices.

Allen Storey, Chief Product Officer at Intercede, states: “It is our mission to help organizations protect themselves against data breach by deploying stronger authentication simply, securely and at scale, whether they are SMBs with hundreds of users, larger enterprises, or federal authorities with thousands of users. MyID MFA is the simplest way for any organization to protect their applications, data and networks against cyber-attacks, with phishing-resistant authentication that is easy to deploy, manage and use.”

MyID MFA is part of the MyID product family that includes MyID PSM (Password Security Management) and MyID CMS (Credential Management System), which enables organisations to choose the level of security that best fits their needs, from passwords to one-time codes, mobile apps, FIDO passkeys and public key infrastructure (PKI).

Continue Reading

Artificial Intelligence

Check Point to Secure AI Cloud Infrastructure with NVIDIA

Published

on

Check Point Software Technologies has announced it is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating with NVIDIA DPUs, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

“AI provides great benefits across healthcare, education, finance and more. At the same time, the rate and sophistication of cyber attacks are increasing, with threat actors increasingly looking at ways to disrupt AI workloads in the cloud,” said Gera Dorfman, Vice President of Network Security at Check Point Software Technologies. “We are working with NVIDIA to deliver a new secure AI cloud solution with Check Point AI Cloud Protect that guards even the most sensitive and private AI workloads against cyber threats.”

The rapid proliferation of AI has brought about a revolution in workplace efficiency and innovation. However, this growth also creates additional attack vectors specifically targeting AI, such as backdooring AI models to control a model’s output or to gain unauthorized access to the environment, data exfiltration to expose intellectual property, and denial of service to degrade performance and reduce capacity.

These threats compromise the integrity and security of AI systems and pose risks to business outcomes. They can also erode the foundational trust in AI operations, while potentially affecting other aspects of the data center. There is a critical need for a revamped security approach to protect not only the data in its traditional form but also the AI models themselves, which are central to innovation and competitive edge.

Check Point aims to address these challenges with NVIDIA by integrating network and host-level security insights, offering a comprehensive solution that protects AI infrastructures from both conventional and novel cyber threats. This integrated approach helps ensure the security system is cognizant of network activities and host-level processes, which is crucial for safeguarding AI’s future.

As AI becomes more pervasive, securing AI clouds becomes paramount,” said Yael Shenhav, Vice President of Networking Products at NVIDIA. “NVIDIA BlueField 3 enables innovators such as Check Point to offer robust cyber defence measures to secure AI cloud data centres, while also ensuring peak AI performance.”

In response to these emerging challenges, AI Cloud Protect emerges as a strategic solution, addressing the dynamic security requirements of the AI era. Designed for easy deployment and adaptability, it offers out-of-the-box security without impacting AI performance. Designed for effortless integration and scalability, the AI Cloud Protect provides a robust shield against sophisticated cyber threats.

Engineered with the NVIDIA BlueField 3 DPU, which powers a new class of AI cloud data centres, and the NVIDIA DOCA software framework, AI Cloud Protect is designed to seamlessly integrate into NVIDIA’s AI ecosystems, providing:

  • Robust Defense Against AI-Specific Threats: Empowers organizations to efficiently shield against model inversion, model theft and other attack vectors with unprecedented efficiency.
  • Scalable, Seamless Integration: Facilitates easy deployment across diverse AI environments, ensuring security measures grow in tandem with organizational needs.
  • Optimized Performance with Zero Compromise: Ensures AI operations continue unhindered, with security processes running discreetly, leveraging NVIDIA’s technological infrastructure without impacting AI performance.
Continue Reading
Advertisement CCW 2024

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.