Acronis Introduces Unique, Turn-Key Data Loss Prevention Solution
Acroni has debuted a new Advanced Data Loss Prevention (DLP) pack for Acronis Cyber Protect Cloud, a game-changing solution that shields managed service providers (MSPs) and businesses of all sizes from data leakage. Notably, the solution does not require months for deployment, and highly skilled teams to maintain it. Drawing from decades-long experience enabling MSPs in data protection, this expansion resolves the main obstacles hindering the broader adoption of DLP solutions: grueling roll-out and cumbersome ongoing administrative execution.
For years, organizations have struggled to protect sensitive data from unauthorized access via external attacks or insider risks such as IT misconfigurations and human error. Only a handful of large enterprises had the resources to manage the overall complexity, high deployment costs, and more significant obstacles that come with DLP adoption. This is why the global DLP market size is set to exceed US$6 billion by 2026, according to Global Industry Analysts Inc.
According to the 2021 Gartner Market Guide for Data Loss Prevention, “Small and midsize organizations often struggle to implement and operate DLP tools. Consulting and managed DLP services can offer a path to value in terms of managing tools, but they cannot replace internal data knowledge and ownership of risk by business units.”
“Across the clients we work with daily, fear of their financial records or customer data appearing on Google search keeps them up at night. It keeps us up, too,” said Lawrence Troemel, President of NobleTec. “We want to help them close the gap, but it’s really tough to cost-effectively succeed within short time frames – especially when a new customer comes to us after a major breach.”
Acronis Advanced DLP
The integration of behavioral-based DLP capabilities into the Acronis Cyber Protect Cloud platform is what extends its ability to deliver unified data protection, cybersecurity and management across systems, data and workloads regardless of their location. It offers an unparalleled range of cyber protection capabilities that span the NIST cybersecurity framework from Identification to Recovery to ensure business continuity in the face of cybercriminals, insider risk threats or technology failure.
The Early Access version of Acronis Advanced DLP:
- Protects sensitive data transferred via a wide array of user and system connections including for example, instant messaging and peripheral devices.
- Uses the same, unified Acronis Cyber Protect Cloud console and agent for data visibility and classification.
- Offers out-of-box data classification templates for common regulatory frameworks including GDPR, HIPAA and PCI DSS.
- Provides continuous monitoring for DLP incidents with multiple policy enforcement options, enabling ongoing automated policy adjustment to business-specifics.
- Includes robust audit and logging capabilities, giving administrators the ability to respond effectively to DLP events and conduct post-breach forensic investigations.
With a single platform and agent enabling this highly accessible form of DLP, both MSPs and businesses will benefit from faster, easier deployment and time-to-value, while avoiding all the most common threats to data. These same benefits can be accrued by larger organizations needing immediate protection while evaluating more complex and sophisticated DLP programs with multi-year implementation cycles.
Acronis Early Access Program
This new Advanced DLP technology is now available in an Early Access Program via Acronis Cyber Protect Cloud. Existing Acronis customers and partners using the platform can provision and trial the solution at no cost.
In addition, for organizations new to Acronis and its platform, the Acronis Cyber Protect Cloud platform with Advanced DLP is also available as a free trial.
Kaspersky Intros New Enterprise Specialisations and Benefits to its Partner Program
Kaspersky United partner program now includes new Enterprise specializations for its Gold and Platinum partners. Rebates for resellers and distributors were also updated, and new compensations were introduced for Proof of Concept and Deployment services.
Kaspersky introduced two new specializations for partners that provide significant advantages when selling and deploying enterprise solutions: Enterprise specialization for Gold and Platinum partners and Enterprise+ for Platinum partners. These specializations allow partners to get additional rebates to drive sales of Expert products, to be eligible for prioritized presale support from Kaspersky, to run joint marketing activities for enterprise solutions, and other benefits. Partners offering advanced cybersecurity services to their customers, including the deployment of Kaspersky solutions, can get the Enterprise+ specialization. Partners with this specialization will be eligible to receive compensation for POC services and deployment, technical training vouchers, and much more benefits.
The program for distributors now includes two specializations. The Value Added Distributor (VAD) specialization allows partners to get rebates for sales of specific enterprise products, and the Specialist specialization rewards distributors for deployment and POC services on behalf of the partner. Distributors with VAD specializations are focused on driving enterprise product sales to the market, and Specialist specialization is created for the distributors who are eager to deliver deployment and additional services to customers. For MSP distributors in Italy, Iberia, France, North America, APAC, and LATAM, Kaspersky introduced additional rebates for MSP sales.
Kaspersky LMP (License Management Portal) is becoming easier to operate and to search for customers there. MSP partners can purchase an SKU Plus license, which allows them to get 24/7 immediate phone support from the Kaspersky team instead of the standard system of ticketing. Another update for MSPs includes a possibility for partners to buy Kaspersky Professional Services on behalf of the MSP, and Kaspersky will help with its expertise in deployment, implementation, etc.
“The introduction of the new Enterprise specializations reflects the shift in our corporate strategy, as we have extended our secure-by-design solution offering to enterprise customers globally. We believe they create additional opportunities for our channel partners to leverage the global cybersecurity trends and to address the growing cybersecurity customer concerns. These changes can be a great opportunity to grow businesses both for our partners and us,” comments Kirill Astrakhan, Executive Vice President at Kaspersky.
A Total of 13 Organizations in 9 Countries Fall Victim to “Dark Pink”
Group-IB has today published a new update into the APT (advanced persistent threat) group codenamed Dark Pink, revealing that a total of 13 organizations in 9 countries have now fallen victim to this malicious actor. Dark Pink’s operations were detailed in depth by Group-IB’s Threat Intelligence unit in a January 2023 blog post, and at this time, researchers linked the group to attacks on 7 organizations in the Asia-Pacific region and 1 in Europe. Group-IB experts have since discovered 5 new Dark Pink victims, and the geographic scope of the group’s operations is wider than previously thought, as organizations in Brunei, Thailand, and Belgium were all hit by Dark Pink attacks.
Continued analysis has revealed that this group is still active, as Dark Pink attacked a government ministry in Brunei this past January and a government agency in Indonesia as recently as April 2023. Additionally, Group-IB researchers were able to attribute three other attacks from 2022 to this particular APT group. The initial access vector for Dark Pink attacks continues to be spear-phishing emails, and Group-IB researchers noted in their January 2023 blog that the group utilized an almost-entirely custom toolkit to exfiltrate files and messenger data from infected devices and networks.
Since then, Group-IB experts can reveal that Dark Pink APT has updated many of these custom tools, changing their functionalities in order to allow the group to slip undetected past defense mechanisms of cybersecurity systems. For example, the group’s custom KamiKakaBot module, designed to read and execute commands from the threat actors via Telegram, is still stored on the filesystem of infected devices, but it is now divided into two distinct parts — one that controls the device and the other that steals sensitive data. Dark Pink also continues to use an MSBuild utility to launch KamiKakaBot in the infection chain.
Group-IB’s Threat Intelligence unit has discovered Dark Pink’s new account on GitHub, which was created as soon as the first information about the APT group was published in the public domain this past January. The threat actors can issue commands to infected machines to download files from this GitHub account, and Group-IB researchers found 12 commits to the new account performed between January 9 and April 11, 2023.
Recent attacks have also seen the group exfiltrate stolen data over a HTTP protocol using Webhook service, and they have also leveraged functionalities of an MS Excel add-in to ensure the persistence of TelePowerBot (a simpler version of KamiKakaBot written in PowerShell). In line with Group-IB’s zero-tolerance policy to cybercrime, all confirmed and potential victims of Dark Pink attacks were issued with proactive warnings.
“Dark Pink APT shows no sign of slowing down,” Andrey Polovinkin, Malware Analyst at Group-IB, said. “APT groups are renowned for their responsiveness and ability to adapt their custom tools to continually avoid detection, and Dark Pink is no exception. The profile of the affected targets underscores the significant danger that Dark Pink poses for both public- and private-sector actors. Group-IB will continue to analyze all Dark Pink activity and ensure that confirmed and potential victims are informed.”
Regional Cybersecurity Leaders Promote Joint Action Against Cybercrime at GSMA M360 EURASIA 2023 Conference
On the sidelines of the GSMA M360 EURASIA 2023 conference in Baku, Azerbaijan, cybersecurity experts from the Middle East and Central Asia highlighted the need for collective action to address the global cybersecurity challenge at an exclusive media roundtable.
Dr. Tural Mammadov, Director of the Azerbaijan Computer Emergency Response Center (CERT), was joined in the panel by Dr. Mohammad Khaled, Director of Business Development and Strategic Projects, e& Enterprise, Dr. Elvin Balajanov, Chairman of the Board of Azerbaijan Cybersecurity Organization Association and Dr. Aloysius Cheang, Chief Security Officer, Huawei Middle East & Central Asia. Dr. Haitham Hilal Al Hajri, Sr. Executive – Cyber Security Projects, Oman National CERT, moderated the discussions.
Dr. Tural Mammadov observed that given the scale of the cybersecurity threat, no single regulatory body possesses enough depth to police cybercrime effectively. “The solution lies in all stakeholders working together, including bringing end-users on board. Numerous attacks today bypass information systems entirely and target end users directly. Telecoms cannot react to such threats as they lack visibility, requiring joint action by service providers, cybersecurity experts, and the end users.”
Under the theme of “Build more secure and resilient telecom networks to support the future digital economy efficiently,” participants in the media roundtable discussed various topics, including collaborations among network operators and their partners, suppliers, and customers in defending against telecom cybersecurity, how regulators could promote local telecom industry’s cybersecurity development, and the role that cybersecurity plays in safeguarding critical information infrastructure and the digital economy, among other topics.
Dr. Mohammad Khaled reiterated the need to diversify solutions and technology providers as part of an effective cyber defense strategy. “If we try to build one solution to defend against all threats, whatever application we put in place can be easily understood, manipulated, and finally breached. Since we face numerous cybersecurity threats, we must by necessity deploy as many cyber defense tools that address specific challenges.”
Similarly, Dr. Elvin Balajanov, Azerbaijan Cybersecurity Organization Association, stated that since the telecom infrastructure is built upon multiple technologies, then a multi-stakeholder cybersecurity approach is required to implement a holistic cybersecurity strategy. “A holistic approach promotes information sharing, which is very important, especially considering that different stakeholders depend on each other. Further, the cybersecurity landscape is too diverse and rapidly evolving; therefore, all stakeholders must remain informed and up-to-date.”
Dr. Aloysius Cheang highlighted the importance of regional cybersecurity initiatives such as OIC-CERT and the ITU Arab Regional Cyber Security Center in the overall war against cybercrime. “Through multinational efforts such as these, we can find synergies such as initiating joint projects, which can then be customized and localized. That said, such projects should follow a public-private partnership (PPP) model. In such a scenario, the industry should drive the process while governments provide the framework to ensure success.”
The telecom industry has become an integral part of modern society and is recognized as a critical infrastructure industry (CII). It plays a vital role in connecting people, businesses, and governments, facilitating communication, information sharing, and commerce on a global scale. However, as telecom networks become more complex and interconnected, they become more vulnerable to cyber threats.
Global standards, internationally agreed processes, and industry best practices are critical in addressing cyber threats effectively. NESAS/SCAS is an ideal example of global collaborative efforts in this domain. It offers a standardized cybersecurity assessment mechanism jointly defined by GSMA and 3GPP, the telecom industry’s leading standards-setting organizations, and GSMA 5G Cybersecurity Knowledge Base to provide useful guidance on 5G security risks and mitigation measures.
Toward the end of the session, Dr. Haitham Hilal Al Hajri reiterated that the Cybersecurity of telecoms is a critical component of national security, and therefore, it is essential to bring together telecom stakeholders to achieve a more robust telecom cybersecurity posture. This includes working closely with telecom service providers, equipment manufacturers, government entities, and other ICT industry players to identify and mitigate cybersecurity risks, develop and implement best practices, deliver cutting-edge digital services unimpeded by cyber threats, and further continuously raise awareness about the importance of cybersecurity in telecom.