Connect with us

News

Secureworks Launches MDR Solution for OT and IT

Published

6 months ago

on

Secureworks has announced two new offerings to unify the way industrial organizations prevent, detect, and respond to threats across the OT and IT landscapes. 

  • Taegis XDR for OT – Secureworks award-winning XDR platform that combines intelligence from OT with security telemetry across the IT landscape into a single unified threat prevention, detection, and response platform. The platform is for Managed Security Service Providers (MSSPs) who want to deliver Managed Detection and Response (MDR) solutions, and for organizations that manage their own SOCs.

  • Taegis ManagedXDR for OT – Secureworks MDR offering that empowers industrial organizations, such as manufacturers, to secure both OT and IT environments with a team of security experts detecting, investigating, and responding to threats 24×7. 

The convergence of OT and IT in the industrial sector brings technological and economic benefits, but also increases risk. The more OT systems are digitally connected, the larger the overall attack surface becomes, making OT an increasingly attractive target for threat actors. This, combined with a global cybersecurity talent shortage numbering in the millions, has led to unprecedented levels of cyberattacks impacting the industrial sector.

According to Gartner, manufacturing companies are now among the most targeted for cyberattacks, comprising 23% of all attacks. Secureworks Counter Threat Unit data shows that approximately 22% of Secureworks’ emergency incident response engagements between April 2022 and April 2023 were in the manufacturing industry alone. Manufacturing made up 20% of all ransomware-based incident response engagements that Secureworks remediated in the same period. Gartner also predicts that by 2025, 70% of asset-intensive organizations will have converged their security functions across both enterprise and operational environments. Yet, in industrial environments overall, OT is often managed differently from IT with no centralized visibility across both. 

“As OT and IT systems infrastructure becomes more interdependent and connected, the risks from threats traversing these environments are rapidly escalating,” said Dave Gruber, Principal Analyst with Enterprise Security Group. “Security operations teams need visibility into the combined OT/IT environment to detect, investigate, and respond to these complex threats. Secureworks’ move to offer a specialized OT security solution by leveraging its own, proven Taegis XDR platform highlights the importance of this increasing threat.” 

“Industrial organizations will continue to be challenged by an expanding attack surface and evolving threat landscape. Their risks include unplanned shutdowns, financial losses, and harm to human populations that rely on critical services,” said Kyle Falkenhagen, Chief Product Officer, Secureworks. “And the potential costs are staggering. For example, manufacturers lose an average of $148 per second of unplanned downtime – almost $9,000 per minute. As a managed solution that unifies threat prevention, detection, and the response of OT and IT into a single platform, Secureworks helps organizations with OT environments reduce cyber risks and enhance their security postures as they complete their digital transformations,” Falkenhagen concluded. 

Industrial organizations can reduce risk by bringing Taegis XDR’s threat monitoring, detection, investigation, and response capabilities across both OT and IT environments, eliminating the visibility challenges often associated with OT and IT systems. Taegis XDR is already used by five of the top 20 manufacturers in the world. Now, with the first integrated MDR solution for OT and IT, organizations can unify their security monitoring and visibility strategies under a single platform, while gaining the benefits of a fully managed security solution using Taegis ManagedXDR. 

The solution includes: 

  • 24×7 threat monitoring with unlimited access to security experts in 90 seconds or less, collaborative design of OT and IT response processes, customizable rules and playbooks, quarterly expert security reviews, monthly threat hunting, onboarding support, and access to proactive services (including incident response planning and adversarial testing). 
  • Taegis XDR platform, a SaaS security platform that processes more than 640 billion events daily across more than 2,000 customers to enable superior detection and response. The Taegis platform integrates feeds from third-party tools that are normalized and analyzed, along with Secureworks own proprietary data and global threat intelligence curated by the Counter Threat Unit. 
  • Secureworks Taegis endpoint agent and the Secureworks Taegis iSensor IDS/IPS device for monitoring IT and OT traffic. 
  • Integrations with leading OT solutions.  
  • Hundreds of out-of-the-box integrations across different technology solutions including Google, Mimecast, AWS, Microsoft, and Netskope among others. 
  • Access to a full suite of proactive security testing services to raise cyber resiliency across OT and IT environments. 

Secureworks brings the power of Taegis XDR to OT environments by delivering: 

  • Superior threat detection and unmatched response across OT and IT environments through the Taegis XDR platform. Taegis XDR uses advanced analytics and machine learning to discover stealthy threats while automatically prioritizing the most serious threats. The platform includes more than 700,000 curated threat indicators and 20,000 curated countermeasures. Designed as an open platform, Taegis continuously interprets telemetry from proprietary and third-party sources while providing the best support for environments with endpoint solutions from different providers.

  • Vast insights into threats targeting industrial environments. The Secureworks Counter Threat Unit research team analyzes and uncovers new threats targeting industrial environments, from manufacturers to critical infrastructure services, using over 20 years of defending organizations all over the world. Threat insights are developed by elite threat researchers tracking over 175 active threat groups, findings from over 3,000 incident response and testing engagements each year, and a diversity of attack data from Taegis. 
Related Topics:
Continue Reading

Cyber Security

ManageEngine Intros Enhanced SIEM with Dual-Layered System for Better Precision in Threat Detection

Published

5 days ago

on

November 30, 2023

By

ManageEngine, the enterprise IT management division of Zoho Corporation, today unveiled the industry’s first dual-layered threat detection system in its security information and event management (SIEM) solution, Log360. The new feature, available in Log360’s threat detection, investigation and response (TDIR) component, Vigil IQ, empowers security operations centre (SOC) teams in organizations with improved accuracy and enhanced precision in threat detection.

A quality SOC ensures people, processes, and cutting-edge technology function well. However, enterprise security is made difficult by staffing shortages and solution orchestration complexities. Following recent upgrades to the security analytics module of Log360 designed to facilitate SOC optimization through key performance metric monitoring, the company has focused on addressing pressing challenges in security operations.

“In a recent ManageEngine study, a majority of respondents revealed that their SOCs are understaffed. These resource-constrained SOCs grapple with significant obstacles, such as process silos and manual investigation of alerts, which are often non-threats, low-priority issues or false positives. These lead to extended detection and response times for actual threats. To overcome these challenges, we recognize the imperative adoption of AI & ML for contextual event enrichment and rewiring threat detection logic,” said Manikandan Thangaraj, vice president at ManageEngine.

“We pioneered a dual-layered, ML approach to heighten the precision and consistency of threat detection. First, Vigil IQ ensures genuine threats are discerned from false positives. Second, the system facilitates targeted threat identification and response. This advanced system significantly improves the accuracy of identifying threats, streamlining the detection process and allowing SOC analysts to focus their valuable time on investigating real threats.”

Key Features of the Dual-Layered Threat Detection System of Vigil IQ in Log360:
Smart Alerts: Vigil IQ, the TDIR module of Log360, now combines the power of both accuracy and precision in threat detection. With its dynamic learning capability, Vigil IQ adapts to the changing nature of network behaviour to cover more threat instances accurately. It will spot threats that get overlooked due to manual threshold settings, thereby improving the detection system’s reliability.

Proactive Predictive Analytics: Leveraging predictive analytics based on historical data patterns, Vigil IQ predicts potential security threats, facilitating the implementation of proactive measures before incidents occur. This predictive intelligence drastically reduces the mean time to detect (MTTD) threats.

Contextual Intelligence: Vigil IQ enriches alerts with deep contextual information, providing security analysts with comprehensive threat insights. This enrichment of alerts with non-event context accelerates the mean time to respond (MTTR) by delivering pertinent, precise information.

Continue Reading

News

Proofpoint Appoints Sumit Dhawan as Chief Executive Officer

Published

5 days ago

on

November 29, 2023

By

Proofpoint has announced that Sumit Dhawan has been appointed chief executive officer, effective immediately. Rémi Thomas, Proofpoint’s chief financial officer, who has been acting as Proofpoint’s interim CEO since October 25th, will continue to serve as the company’s CFO. “The Proofpoint board of directors could not be more excited to partner with Sumit as he joins Proofpoint to usher in a new stage of growth,” said Seth Boro, managing partner at Thoma Bravo. “Sumit brings a wealth of valuable experience and expertise in building category-leading, scaled companies and businesses. We are confident his customer-centric passion and strong legacy of leadership will continue to carry Proofpoint’s mission forward in providing people-centric cybersecurity solutions that address some of the most challenging risks facing organizations today.”

Dhawan is a highly respected and seasoned technology leader with a proven track record of building market-leading security, cloud, and end-user computing businesses. In his most recent role as president of VMware, Dhawan was responsible for driving over $13B of revenue and led the company’s go-to-market functions including worldwide sales, customer success and experience, strategic ecosystem, industry solutions, marketing, and communications. Before that, he was chief executive officer of Instart, a cybersecurity business delivering innovations in web application security services. He has held senior executive and general management roles at both VMware and Citrix and has successfully established category-leading businesses at scale.

“Over the years, Proofpoint has built an exceptional brand and is trusted by some of the world’s leading organizations as their cybersecurity partner of choice,” said Sumit Dhawan. “I’m honoured to join a leader at the forefront of cybersecurity innovation and to shepherd its continuing and unwavering commitment to helping organizations across the globe protect people and defend data.”

Proofpoint recently announced it has entered into a definitive agreement to acquire Tessian, a leader in the use of advanced AI to automatically detect and guard against both accidental data loss and evolving email threats. Tessian’s cloud-native, API-enabled inbound and outbound email protection solution will extend Proofpoint’s award-winning offering to address the most frequent form of data loss including, misdirected email and data exfiltration.

Continue Reading

Cloud

Google Clarifies the Cause of Missing Google Drive Files

Published

5 days ago

on

November 29, 2023

By

Many Google Drive users recently experienced the unsettling disappearance of their files, prompting concerns. Google has now identified the root cause, attributing the issue specifically to the Google Drive for Desktop app. While assuring that only a limited subset of users is affected, the tech giant is actively investigating the matter and promises timely updates.

To prevent inadvertent file deletion, Google provides the following recommendations:

  1. Avoid clicking “Disconnect account” within Drive for desktop.
  2. Refrain from deleting or moving the app data folder, located at:
    • Windows: %USERPROFILE%\AppData\Local\Google\DriveFS
    • macOS: ~/Library/Application Support/Google/DriveFS
  3. Optionally, create a copy of the app data folder if there is sufficient space on your hard drive.

Before Google officially addressed the issue, distressed users took to the company’s support forum to report deleted files. One user from South Korea highlighted a particularly severe case where their account reverted to May 2023, resulting in the loss of anything uploaded or created after that date. Additionally, the user emphasised that they had not synced or shared their files or drive with anyone else.

As Google delves deeper into resolving this matter, affected users are advised to heed the provided precautions. The company’s commitment to ongoing updates reflects its dedication to swiftly addressing and rectifying the situation. The incident serves as a reminder of the importance of proactive measures to safeguard digital data, especially as users navigate cloud-based platforms such as Google Drive.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.