Connect with us

News

Check Point Expands its Cloud Native Application Protection Platform (CNAPP) with Risk Management Engine

Published

on

Check Point Software Technologies has introduced a new risk management engine along with enhanced capabilities to the Check Point CloudGuard Cloud Native Application Protection Platform (CNAPP). The new capabilities add intelligent risk prioritization, agentless scanning, entitlement management, and pipeline security. With a focus on context, speed, and automation, the new capabilities operationalize cloud security, removing complexities and overhead noise associated with traditional standalone cloud security alerts, allowing security teams to focus on comprehensive threat prevention from code to cloud across the entire application lifecycle while supporting DevOps’ agility.

Cloud adoption and digital transformation continue to accelerate. The 2022 Cloud Security Report revealed that 35% of respondents are running more than 50% of their workloads in the cloud. However, 72% are extremely concerned about cloud security, and 76% are hindered by the complexity of managing multiple cloud vendors, which often results in misconfigurations, lack of visibility, and exposure to cyberattacks. Moreover, the study revealed that misconfiguration is seen as the number one cause of security-related incidents, which can be attributed to the need for around-the-clock security operations and alert fatigue.

“It is challenging for organizations to manage security risk while supporting faster cloud-native development cycles,” says Melinda Marks, Senior Analyst, Enterprise Strategy Group (ESG), “As development teams grow, organizations are looking for a unified platform to help them prioritize and efficiently take the actions that are the most impactful in reducing security risk so they can effectively manage security instead of falling behind.”

With the launch of Effective Risk Management (ERM), in addition to Cloud Identity & Entitlement Management (CIEM), Agentless Workload Posture (AWP), and pipeline security tools, Check Point CloudGuard now provides smart risk prioritization that allows teams to quickly eliminate critical vulnerabilities, such as misconfigurations and over-privileged access, based on severity throughout the software development lifecycle. The collaborative output that enterprises receive is simple, easy to understand, and focused on the threats that matter to them, thereby reducing the complexity that was once a challenge. By minimizing this complexity, the threat landscape is also reduced.

“Cloud adoption continues to accelerate and the ability to streamline cloud security has become vital,” explains TJ Gonen, VP Cloud Security at Check Point Software. “By adding Effective Risk Management and amplifying Check Point CloudGuard’s CNAPP offering, we are making it possible for organizations to shift CNAPP left and take a prevention-first approach to their cloud security that’s easy to manage. With our contextual AI and risk scoring engine, security teams no longer have to manually figure out which alerts to remediate first—the machine will do it for them. By removing this burden, customers can focus on migrating their critical workloads to the cloud with confidence.”

Check Point CloudGuard combines the latest tools into a new generation of CNAPP capabilities to aid security professionals while removing barriers to DevSecOps with ShiftLeft tools. Check Point CloudGuard utilizes the power and potential of unification along with operational value to end users including:

  • Effective Risk Management: CloudGuard’s ERM engine prioritizes risks and provides actionable remediation guidance based on full context including workload posture, identity permissions, attack path analysis, and the application business value. Security teams can now focus on critical threats and administer a “minimal effective dose” of security for maximum impact.
  • Cloud Identity & Entitlement Management: The CIEM capabilities understand effective permissions of users and cloud services, identify exposure and risks, and automatically generate explicit least privilege role recommendations to reduce access and revoke unused permissions. With CIEM built into ERM, users can understand their permissions and enforce the least privilege across their cloud environments.
  • Agentless Workload Posture: AWP extends CloudGuard’s agentless infrastructure visibility into workloads. AWP scans and identifies risks including misconfigurations, malware detection, vulnerabilities, and secrets across all cloud workloads including virtual machines, container, and serverless functions. With this agentless deployment model, security teams gain deep workload security visibility at scale without impacting performance.
  • Pipeline Security: The pipeline security capabilities fully integrate the Spectral offering to detect and resolve misconfigurations, secrets, and vulnerabilities within CloudGuard. The developer-first security extends workload protection to the CI/CD to the pipeline to remediate issues before reaching production. Security teams can shift CNAPP left and secure cloud applications from the start.

News

Axis Intros Next-Gen AI-Powered Dome Cameras

Published

on

Axis Communications has launched four new, robust AI-powered cameras engineered to provide outstanding image quality and forensic detail, even in the harshest weather and environments. These cameras, available in up to 8 MP resolution, are built on the advanced ARTPEC-9 chip, offering accelerated performance for powerful analytics directly at the edge.

The lineup includes:

  • AXIS Q3546-LVE (4 MP) and AXIS Q3556-LVE (4 MP): These models offer a choice of a wide 10 mm lens or a telephoto 51 mm lens. The AXIS Q3556-LVE also comes with an acoustic sensor and AXIS Audio Analytics preinstalled, notifying users of relevant sounds like screams, shouts, or changes in sound levels, even without visual cues.
  • AXIS Q3548-LVE (8 MP) and AXIS Q3558-LVE (8 MP): The AXIS Q3558-LVE also features the acoustic sensor with AXIS Audio Analytics.

Thanks to the ARTPEC-9 processor, these AI-powered dome cameras deliver enhanced performance, making it possible to run sophisticated analytics applications directly on the device. They come with AXIS Object Analytics preinstalled, enabling detection, classification, tracking, and counting of humans, vehicles, and vehicle types. Additionally, AXIS Image Health Analytics is preinstalled, alerting users if the image is blocked, degraded, underexposed, or redirected.

Key features include:

  1. Outstanding image quality up to 8 MP
  2. Next-generation AI-powered analytics
  3. Variants with diverse lens choices
  4. Models with AXIS Audio Analytics preinstalled
  5. Built-in cybersecurity with Axis Edge Vault

Constructed from high-grade aluminum, these durable cameras boast IK10, IP66, IP6K9K, and NEMA 4X ratings, making them ideal for outdoor use and highly resistant to vandalism and impact. They operate in extreme temperatures, ranging from -55°C to 55°C (-122°F to 131°F). For power redundancy, they can be powered via DC or PoE. Furthermore, Axis Edge Vault, a hardware-based cybersecurity platform, safeguards the device and offers FIPS 140-3 Level 3 certified secure key storage and operations.

Continue Reading

Cyber Security

ESET Research Uncovers Iran-Aligned BladedFeline Spying on Iraqi, Kurdish Officials

Published

on

The Iran-aligned threat group BladedFeline has targeted Kurdish and Iraqi government officials in a recent cyber-espionage campaign, according to ESET researchers. The group deployed a range of malicious tools discovered within the compromised systems, indicating a continued effort to maintain and expand access to high-ranking officials and government organizations in Iraq and the Kurdish region. The latest campaign highlights BladedFeline’s evolving capabilities, featuring two tunneling tools (Laret and Pinar), various supplementary tools, and, most notably, a custom backdoor Whisper and a malicious Internet Information Services (IIS) module PrimeCache, both identified and named by ESET.

Whisper logs into a compromised webmail account on a Microsoft Exchange server and uses it to communicate with the attackers via email attachments. PrimeCache also serves as a backdoor: it is a malicious IIS module. PrimeCache also bears similarities to the RDAT backdoor used by OilRig Advanced Persistent Threat (APT) group.

Based on these code similarities, as well as on further evidence presented in this blogpost, ESET assesses that BladedFeline is a very likely subgroup of OilRig, an Iran-aligned APT group going after governments and businesses in the Middle East. The initial implants in the latest campaign can be traced back to OilRig. These tools reflect the group’s strategic focus on persistence and stealth within targeted networks.

BladedFeline has consistently worked to maintain illicit access to Kurdish diplomatic officials, while simultaneously exploiting a regional telecommunications provider in Uzbekistan, and developing and maintaining access to officials in the government of Iraq.

ESET Research assesses that BladedFeline is targeting the Kurdish and Iraqi governments for cyberespionage purposes, with an eye toward maintaining strategic access to the computers of high-ranking officials in both governmental entities. The Kurdish diplomatic relationship with Western nations, coupled with the oil reserves in the Kurdistan region, makes it an enticing target for Iran-aligned threat actors to spy on and potentially manipulate. In Iraq, these threat actors are most probably trying to counter the influence of Western governments following the US invasion and occupation of the country.

In 2023, ESET Research discovered that BladedFeline targeted Kurdish diplomatic officials with the Shahmaran backdoor, and previously reported on its activities in ESET APT Activity reports. The group has been active since at least 2017, when it compromised officials within the Kurdistan Regional Government, but is not the only subgroup of OilRig that ESET Research is monitoring. ESET has been tracking Lyceum, also known as HEXANE or Storm-0133, as another OilRig subgroup. Lyceum focuses on targeting various Israeli organizations, including governmental and local governmental entities and organizations in healthcare.

ESET expects that BladedFeline will persist with implant development in order to maintain and expand access within its compromised victim set for cyberespionage.

Continue Reading

News

Genetec Enhances Security Center SaaS with Robust New Features

Published

on

Genetec has announced new updates to Security Center SaaS, the company’s enterprise-grade Security-as-a-Service (SaaS) solution. Since its launch, Genetec has delivered new features to the platform every 12 days. This ensures Genetec provides a flexible, open, SaaS solution that is continuously extended to meet the needs of any modern security operation.

Security Center SaaS combines video surveillance, access control, forensic search, intrusion monitoring, automation, and other advanced capabilities in a single solution. Designed to run fully in the cloud or in a hybrid deployment that can include on-premises systems, it gives organizations the freedom to choose how they manage and scale their security infrastructure. The latest updates expand support for direct-to-cloud cameras, improve edge recording capabilities, and introduce new third-party analytics integrations, reinforcing the platform’s pace of innovation and commitment to customer choice.

Unlike proprietary SaaS solutions, Security Center SaaS enables security professionals and channel partners to choose the hardware that best fits their needs, without being locked into a single vendor. Its open architecture supports a broad range of devices from Axis, Bosch, and i-PRO, including direct-to-cloud, PTZ, and fisheye cameras (now with automatic de-warping). Organizations can connect their current non-cloud-ready access control devices, cameras, and intrusion panels using Genetec appliances, avoiding the costs of replacing existing hardware.

This flexibility further extends to deployment models. Security Center SaaS gives organizations full control over their cloud migration, supporting cloud-native, on-premises infrastructure, or a combination of both. Video can be stored at the edge or in the cloud, depending on bandwidth, policy, or operational needs, with centralized management through web and mobile apps. New edge recording via SD cards enables local storage on the camera, while recording profiles make it easy to define how and where video is captured across multiple devices.

With built-in support for WebRTC, the platform also enables peer-to-peer video streaming directly from cameras to a web interface. This reduces video call-up time and bandwidth usage, making it ideal for live monitoring, spot checks, and large-scale deployments, without requiring additional configuration.

Security Center SaaS simplifies the management of multi-site environments across sectors such as retail, education, corporate campuses, banking, healthcare, and city infrastructure. Operators can manage systems from a central Security Operations Center (SOC) or remotely via web and mobile apps. Real-time alerts enable teams to respond quickly and consistently, while its open architecture makes it easy to integrate partner technology that further enhances these capabilities. For example, new firearm detection analytics from Bosch can trigger immediate alerts and initiate event-to-action workflows the moment a weapon is identified, helping security teams act decisively when it matters most.

“Genetec is redefining what SaaS means for physical security. It’s not just moving to the cloud; it’s about giving customers and integrators the flexibility to build, scale, and evolve their systems,” said Christian Morin, Vice President of Product Engineering at Genetec Inc. “Security Center SaaS stands apart by unifying physical security functions on a single platform, continuously adding new cloud-native capabilities while supporting the hardware and deployment models organizations already rely on.”

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.