Connect with us

Cloud

Help AG Launches Analytics Powered Next Generation Cloud SOC

Published

on

Help AG has launched a fully cloud-delivered, Next-Generation SOC (Security Operations Center). The Help AG Cloud SOC will modernize security operations of the largest enterprise infrastructures in the region with analytics-powered solutions that uncover unknown threats, provide powerful anomaly detection, and user and entity risk profiling, to ultimately thwart attacks on enterprise assets.

The SOC utilizes next-generation security information and event management (SIEM) coupled with user and entity behavior analytics (UEBA) to address critical use cases like insider threats, lateral movement detection, and data exfiltration in modern enterprise environments. Curated threat intelligence from the locally managed security service provider (MSSP) helps to deliver high fidelity alerts and provides an unmatched range of services such as threat detection and hunting, network traffic analysis (NTA), and data enrichment.

Commenting on the launch, Stephan Berner, Chief Executive Officer at Help AG, said: “Our cloud-delivered, analytics powered, Next-Gen SOC is a fully managed service deployed to match our customers’ overall hybrid and cloud IT strategies. Built on the foundations of next-generation SIEM, integrated with UEBA capabilities and delivered through local cloud infrastructure, Help AG’s Next-Gen Cloud SOC ensures enterprises get the protection and assurance they need.”

Delivered as software as a service (SaaS), Help AG’s Next-Gen Cloud SOC provides a pay-as-you-grow fully managed platform, offering a predictable cost model and upgrade options to include security orchestration, automation, and response (SOAR), network detection and response (NDR), and endpoint detection and response (EDR), among other services.

One of the main backbones of the offering is user and entity behavior analytics (UEBA), which enables enterprise customers to discover abnormal and risky behavior by users, machines, and other entities. In addition, next-gen SIEM leveraging UEBA uses modern big data technologies to perform analytics at scale, with ingestion from all public clouds and major SaaS environments, while ensuring compliance with local data residency regulations.

UEBA not only provides better user and entity risk profiling by deploying sophisticated analytics capabilities to discover risky users but also enables powerful anomaly detection to reduce false positives and surface hard-to-detect complex zero-day threats. UEBA also helps with event chaining to show security incidents spanning multiple users, IP addresses, and IT systems.

“Help AG’s Next-Gen Cloud SOC offers customers the opportunity to utilize the experience and expertise of the largest MSSP in the region with a layered approach culminating people, processes, and technology. In today’s complex cybersecurity landscape, companies and clients will vastly benefit from this Next-Gen Cloud SOC that is enabled from day zero of their digital transformation journeys, offering quicker visibility and effectively detecting sophisticated threats like ransomware, insider threats, data exfiltration, privileged access abuse, advanced persistent threats (APTs) and phishing,” the company said in a statement.

Cloud

Preparing a Secure Cloud Environment in the Digital New Norm

Published

on

Written by Daniel Jiang, General Manager of the Middle East and Africa, Alibaba Cloud Intelligence

As hybrid or remote working is being adopted by many companies globally and becoming the ‘new norm’ for millions of workers, cyberattacks meanwhile continue unabated. Building a secure and reliable IT environment has therefore become an increasingly important priority for many businesses who are exploring opportunities in the global digital economy. While moving to the cloud and using cloud-based security features is a good way to challenge cyber risks, it’s important to delve deeper into how best to construct a secure and reliable cloud environment that can fend off even the most determined attacker.

In today’s digital environment, discussions about cyber security’s best practices have never been more important. The UAE in particular established the Cybersecurity Council to develop a cybersecurity strategy and build a secure cyber infrastructure by creating related regulations. Following this move, the nation ranked 5th place on the International Telecommunications Union’s Global Cybersecurity Index 2020, jumping 33 places and it continues to prioritize cyber security and awareness. Creating a secure cloud environment – from building the architecture to adopting cutting-edge security technologies and putting in place important security management practices – will inspire more thorough conversations on this subject.

A resilient and robust security architecture is essential for creating a cloud environment capable of assuring an organisation about the availability, confidentiality and integrity of its systems and data. From the bottom up, the architecture should include security modules of different layers, so that companies can build trustworthy data security solutions on the cloud layer by layer – from the infrastructure security, data security, and application security to business security layers.

In addition to the security modules of all of the layers, there are a variety of automated data protection tools that enable companies to perform data encryption, visualisation, leakage prevention, operation log management and access control in a secure computing environment. Enterprises can also leverage cloud-based IT governance solutions for custom designs of cloud security systems to meet compliance requirements from network security and data security to operation auditing and configuration auditing. This ensures full-lifecycle data security on the cloud, with controllable and compliant data security solutions in place.

Another consideration is to build a multi-tenant environment, abiding by the principle of least privilege and adopting consistent management and control standards to protect user data from unauthorised access. In addition, establishing strict rules for data ownership and operations on data, such as data access, retention and deletion, is also pivotal in creating a safe environment.

Moreover, enterprises can embrace the zero-trust security architecture and build a zero-trust practice by design to protect the most sensitive systems. The architecture requires everything (including users, devices and nodes) requesting access to internal systems to be authenticated and authorised using identity access protocols. As such, the zero-trust security architecture cuts down on automatic trust, or trust without continuous verification, addressing modern challenges in securing remote working environments, hybrid cloud settings and increasingly aggressive cyber threats.

Cutting-edge security technologies such as comprehensive data encryption, confidential computing and many more emerging tech solutions, can be leveraged to ensure we stay on top of the trends in cybersecurity. Comprehensive data encryption provides advanced data encryption capabilities on transmission links (such as data-in-motion), compute nodes (such as data-in-use), and storage nodes (such as data-at-rest). Key Management Service and Data Encryption Service help users securely manage their keys and use a variety of encryption algorithms to perform encryption operations.

Another emerging technology to safeguard the cloud environment is confidential computing. Confidential computing is dedicated to securing data in use while it is being processed, protecting users’ most sensitive workloads. Confidential computing based on trusted execution environments (TEEs), ensures data security, integrity and confidentiality while simplifying the development and delivery of trusted or confidential applications at lower costs.

It is equally important to adopt proper security management practices and mechanisms to maximise the security protection of one’s critical system and important data. One essential mechanism to protect the cloud environment is to develop a comprehensive disaster recovery system, which enables businesses to configure emergency plans for data centres based on factors such as power, temperature and disasters, and establish redundant systems for basic services such as cloud computing, network and storage. It helps companies to deploy their business across regions and zones and build disaster recovery systems that support multiple recovery models.

Setting the effective reviewing and response mechanism for your cloud security issues is imperative. First, having vulnerability scanning and testing in place is important to assess the security status of systems; second, it is vital to use cloud-native monitoring tools to detect any anomalous behaviour or insider threats; furthermore, establishing proper procedures and responsibility models to quickly and accurately assess where vulnerabilities exist and their severity, will help ensure that quick remedy actions can be taken when security problems emerge.

In the future, developing the security architecture, technologies, management and response mechanism will no longer be perceived as a cost-centre burden for companies, but rather, as critical capabilities to safeguard the performance and security of daily business operations. Crafting a comprehensive cloud security plan, adopting the best industrial practices, and choosing a professional cloud service provider with strong security credentials to work with, should be an imperative subjects in a CXO’s agenda.

Continue Reading

Cloud

Qualys Brings External Attack Surface Management (EASM) to its Cloud Platform

Published

on

Qualys, Inc. has announced it is adding External Attack Surface Management (EASM) capabilities to the Qualys Cloud Platform. Integrated into CyberSecurity Asset Management 2.0, the new component adds the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface.

“Digital transformation, increased adoption of cloud and Internet of Things (IoT), a growing remote workforce, and a technology talent shortage have led to an exponential rise in organizations’ attack surface. This expansion makes it harder for security teams to correlate externally visible and internally managed assets and govern compromises that occur because of undiscovered, unmanaged, or poorly managed IT assets. Organizations need a new approach to view vulnerable assets from the outside in and execute like an attacker to quickly identify areas of risk,” the company said in a statement.

“Organizations must proactively manage their cyber defenses, which includes finding and addressing vulnerabilities to reduce cyber risk,” said Michelle Abraham, research director, Security and Trust at IDC. “Qualys’ unique approach to EASM is integrating the internal and external asset data from CyberSecurity Attack Management with its Vulnerability Management, Detection and Response (VMDR) solution into a single view. As a result, organizations can better identify undiscovered assets and immediately access and mitigate the cyber risk within the same workflow.”

“Qualys CyberSecurity Asset Management provides invaluable attack surface insights from an external attacker’s point of view,” said Mike Orosz, vice president information and product security at Vertiv. “This view allows us to proactively augment our vulnerability management program by discovering risks presented by previously unknown internet-facing devices. Additionally, the automated workflows enable us to prioritize security engineering actions that will reduce cyber risk and rapidly improve our company’s security.”

According to Qualys, its CyberSecurity Asset Management 2.0 with EASM enables organizations to continuously monitor and reduce the entire enterprise attack surface including internal and internet-facing assets and discover previously unidentified exposures. “It also helps synchronize with CMDBs, detect security gaps like unauthorized or end-of-support software, open ports, remotely exploitable vulnerabilities, digital certificate issues, unsanctioned apps and domains, and mitigate risk by taking appropriate actions,” the company said.

“Achieving full asset visibility remains one of cybersecurity’s most elusive goals,” said Sumedh Thakar, president and CEO of Qualys. “CyberSecurity Asset Management 2.0 solves this by providing both the holistic, external attacker-level and internal view of the attack surface to comprehensively address the increased threat landscape. Taking protection a step further, we’ve natively integrated the solution with Qualys VMDR so organizations can prioritize vulnerabilities and asset groups based on risk and proactively remediate to quickly reduce exposure.”

Qualys CyberSecurity Asset Management 2.0 with EASM is currently in preview and available to existing customers. It will be generally available in mid-September.

Continue Reading

Cloud

Help AG Partners with Securonix to Offer Next-Gen Cloud SOC to UAE Customers

Published

on

Help AG has become a Managed Security Services Provider (MSSP) partner of Securonix. The partnership will enable Help AG to offer an integrated, cloud-based, analytics-powered Security Operations Center (SOC) proposition to clients in the United Arab Emirates.

Today, sensitive data, applications, and critical business processes occur in a distributed landscape. Cloud hosting, SaaS providers, mobile devices, mobile apps, and the Internet of Things (IoT) all collect, process, and store data, making it challenging for infrastructure to scale and provide quick value. Securonix offers the leading SaaS-based, multi-tenant security analytics, operations and response platform that provides complete visibility, advanced detection and response, and unlimited scalability. By partnering with Securonix, Help AG is expanding its service portfolio to offer a Next-Gen Cloud SOC offering that combines SIEM and UEBA capabilities in a unified platform to deliver unmatched detection and response capabilities at cloud scale.

Commenting on the partnership, Stephan Berner, Chief Executive Officer at Help AG, said: “Help AG has taken a pioneering role in the region when it comes to secure cloud enablement, and our collaboration with Securonix comes at a critical juncture as UAE organizations across all sectors increasingly migrate to the cloud. The partnership brings together Securonix’s cloud-first, analytics-driven SIEM and UEBA with Help AG’s deep expertise and threat intelligence capabilities for swift detection and remediation.”

David Wagner, Vice President, Global MSSPs and SIs at Securonix

He added: “Our collaboration highlights Help AG’s position as the largest and leading MSSP in the region, constantly upgrading our service offering to meet the emerging needs of regional organizations. Additionally, the partnership supports Help AG’s ambition to offer 90% of our deliverables as a service in the coming three years, under our “Help AG as a Service” model.”

David Wagner, Vice President, Global MSSPs and SIs at Securonix, said: “Accelerated cloud adoption has underscored the importance of analytics-driven threat detection and response and visibility across multiple technology layers. Our partnership with Help AG will drive increased adoption of our cloud-native security analytics and operations platform in the UAE market, working hand-in-hand to secure vital cloud and hybrid environments in the region.”

“Securonix Next-Gen SIEM achieves advanced detection at scale by combining log management, analytics, automation, and response capabilities into a single, unified solution. The SIEM solution collects massive volumes of data in real-time, utilizing machine learning to provide security teams with visibility and advanced threat detection and response at cloud scale. Securonix integrates seamlessly with all data sources, threat intelligence tools, and other technologies in the organization’s SOC, enabling analysts to stay on top of threats. Simultaneously, Securonix UEBA allows organizations to gain cloud monitoring with built-in APIs for all major cloud infrastructures as well as many security and business applications,” the companies said.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.