Connect with us

Cloud

Trellix Announces Expanded Support for Amazon Security Lake From AWS

Published

on

Trellix has announced expanded support for Amazon Security Lake from Amazon Web Services (AWS), a service automatically centralizing security data from the cloud, on-premises, and custom sources into a purpose-built data lake. This offering is designed to enable simpler and faster delivery of Trellix XDR solutions along with increased protection of workloads, applications, and data for AWS customers.

Trellix’s expanded support for Amazon Security Lake allows AWS customers to integrate their security data lake into the Trellix XDR security operations platform while using the Open Cybersecurity Schema Framework (OCSF) open standard. Amazon Security Lake is a service that automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises, and cloud sources, into a purpose-built data lake so customers can act on security data faster and simplify security data management across hybrid and multicloud environments. In addition, the OCSF schema enables Trellix customers to combine hundreds of data sources with Amazon Security Lake data. As a result, AWS and Trellix customers can seamlessly apply Trellix machine learning (ML), threat intelligence, and predictive analytics to gain important insights that allow for deeper detection and faster threat mitigation.

“The amount of data available to any enterprise today is staggering,” said Britt Norwood, Senior Vice President, Global Channels & Commercial at Trellix. “Without a way to centralize the management and storage of that data, it’s difficult for customers to glean the insights needed to keep data safe. Our integration with Amazon Security Lake provides customers with more centralized visibility and quick resolution of their security issues.”

“With security at the forefront, we are relentlessly focused on innovating to deliver new ways to help customers secure their entire enterprise,” said Rod Wallace, General Manager for Amazon Security Lake at AWS. “Customers who leverage Amazon Security Lake and Trellix can collect a wide spectrum of security logs and findings from AWS, Trellix, and third-party sources in Amazon Security Lake and send them to Trellix for advanced analytics and incident response.”

  • Trellix for Amazon Security Lake: Through newly combined capabilities, customers can share security events across Trellix XDR and their Amazon Security Lake, getting complete detection and response capabilities for their AWS environments. By consolidating their security alerts into Amazon Security Lake using OCSF, security teams can spend time protecting environments instead of performing the undifferentiated heavy lifting of managing their security data.
  • Trellix and OCSF: Trellix is proud to be a contributing member of the open-source OCSF community that has built a framework promoting interoperability and data normalization between security products. Joining OCSF supports collaboration with other industry organizations, further benefiting customers and the broader cybersecurity community

Cloud

Check Point Software Announces 2024 Cloud Security Report

Published

on

Check Point Software Technologies Ltd. has today unveiled its 2024 Cloud Security Report. The report exposes a critical surge in cloud security incidents, marking a significant increase from 24% in 2023 to 61% in 2024 (a 154% increase), highlighting the escalating complexity and frequency of cloud threats. The latest survey from Check Point reveals a concerning trend: while most organizations continue to prioritize threat detection and monitoring, focusing on known vulnerabilities and patterns of malicious behaviour, only a mere 21% emphasize prevention. This is particularly alarming as companies struggle to keep pace with rapid technological advancements, including the speed of DevOps and the deployment of new codes and applications in the cloud.

The survey underscores a daunting reality— although cloud attacks are on the rise, only 4% of organizations disclosed that they can mitigate risks easily and quickly. An overwhelming 96% have expressed concern about their ability to handle such risks. In addition, 91% of respondents are alarmed by the surge in more sophisticated cyber threats, including unknown risks and zero-day attacks, which cannot be detected using conventional security tools.

“The data speaks volumes about the urgent need for organizations to shift their focus towards implementing AI-powered threat prevention measures,” states Itai Greenberg, Chief Strategy Officer at Check Point Software Technologies. “By adopting a consolidated security architecture and enhancing collaborative security operations, businesses can preemptively tackle emerging threats, ensuring a more secure and resilient cloud environment.”

Other insights from the 2024 Cloud Security Report:

  1. Escalation of Cloud Incidents: There has been a 154% increase in cloud security incidents compared to last year, with 61% of organizations reporting significant disruptions.
  2. Deep Concerns Over Risk Management: An overwhelming 96% of respondents reported concerns about their ability to effectively manage cloud risks, reflecting a considerable escalation from previous years.
  3. Rapid Adoption of AI Technologies: With 91% of organizations now prioritizing AI to enhance their security posture, the focus has shifted towards leveraging AI for proactive threat prevention.
  4. CNAPP for Enhanced Prevention: Despite the growing threat landscape, only 25% of organizations have fully implemented Cloud Native Application Protection Platforms (CNAPP). This underscores the urgent need for comprehensive solutions that go beyond traditional tooling.
  5. Complexity in Cloud Security Integration: Despite the potential for streamlined solutions, 54% of respondents face challenges in maintaining consistent regulatory standards across multi-cloud environments. Additionally, 49% struggle with integrating cloud services into legacy systems, often complicated by limited IT resources.

The report advises organizations to embrace a more comprehensive, collaborative, and AI-driven cybersecurity framework.

Continue Reading

Cloud

Google Clarifies the Cause of Missing Google Drive Files

Published

on

Many Google Drive users recently experienced the unsettling disappearance of their files, prompting concerns. Google has now identified the root cause, attributing the issue specifically to the Google Drive for Desktop app. While assuring that only a limited subset of users is affected, the tech giant is actively investigating the matter and promises timely updates.

To prevent inadvertent file deletion, Google provides the following recommendations:

  1. Avoid clicking “Disconnect account” within Drive for desktop.
  2. Refrain from deleting or moving the app data folder, located at:
    • Windows: %USERPROFILE%\AppData\Local\Google\DriveFS
    • macOS: ~/Library/Application Support/Google/DriveFS
  3. Optionally, create a copy of the app data folder if there is sufficient space on your hard drive.

Before Google officially addressed the issue, distressed users took to the company’s support forum to report deleted files. One user from South Korea highlighted a particularly severe case where their account reverted to May 2023, resulting in the loss of anything uploaded or created after that date. Additionally, the user emphasised that they had not synced or shared their files or drive with anyone else.

As Google delves deeper into resolving this matter, affected users are advised to heed the provided precautions. The company’s commitment to ongoing updates reflects its dedication to swiftly addressing and rectifying the situation. The incident serves as a reminder of the importance of proactive measures to safeguard digital data, especially as users navigate cloud-based platforms such as Google Drive.

Continue Reading

Cloud

Addressing Blind Spots in the Hybrid Cloud

Published

on

Written by Mark Jow, EMEA Technical Evangelist, Gigamon

With the rapid growth of the hybrid cloud market, businesses are experiencing numerous benefits. According to a study by Amazon Web Services, cloud computing is projected to add almost $181 billion to the UAE’s economy by the year 2033. Further reports reveal that in 2021, the adoption of cloud computing in the UAE contributed an astounding 2.26% to the country’s GDP, uplifting the economic value to $9.5 billion.

However, security has emerged as a significant challenge. In a recent survey conducted by Gigamon, we found that 90 percent of IT and Security leaders across EMEA, APAC and the US have experienced a data breach in the last 18 months. We also uncovered that over 70 per cent of IT security leaders admit they allow encrypted data to flow freely across their IT infrastructure. It seems therefore that there’s an industry-wide lack of awareness about blind spots and the complexity and risks in maintaining security in hybrid cloud environments.

How to identify blind spots
Going back to the basics, blind spots are areas within a hybrid cloud infrastructure that are not adequately reached by traditional security and monitoring tools. These areas remain hidden from view, hindering effective data collection and analysis and therefore compromising security.

The good news is that IT and Security professionals are increasingly becoming aware of the importance of avoiding blind spots: our research uncovered that unexpected blind spots being exploited are a major concern to CISOs. To address this concern, CISOs and their teams are embracing deep observability to provide complete visibility across their entire infrastructure. This is achieved by harnessing immutable, precise and actionable network-derived intelligence to amplify the power of existing tools, eliminating blind spots both on-premise and in the cloud, and providing greater visibility and understanding of an organisation’s security posture and potential threats.

Encrypted traffic and limited visibility
Yet there is still work to be done. There’s a huge underestimation of blind spots and what these consist of, considering only 30 per cent of organisations have visibility into encrypted traffic. Moreover, 35 per cent of respondents reported limited visibility into containers, and less than half (48 per cent) had visibility of east-to-west traffic, which involves the lateral movement of data within the hybrid cloud infrastructure. These limitations further contribute to the existence of unobserved segments in the hybrid cloud.

The impact of unrecognised blind spots
As a result, nearly one-third of breaches go undetected by IT and Security professionals and their tools, as identified in the latest survey that included 1000 IT professionals across EMEA, the US, Australia and Singapore. The failure to recognise blind spots significantly hampers the ability to effectively protect sensitive data and respond to security incidents. While surface-level confidence appears high, with 94 per cent of global respondents to our survey believing their security tools provide complete visibility, it’s clear this perception is simply not the reality of hybrid cloud security.

The hybrid cloud is inherently complex, and traditional security and monitoring tools are often insufficient in addressing blind spots in this area. To effectively eliminate blind spots and narrow the perception vs. reality gap in hybrid cloud security, CISOs and their teams must actively prioritise deep observability. By leveraging actionable network-derived intelligence, businesses can amplify the power of existing security and observability tools and gain comprehensive visibility of their complete hybrid cloud estate.

Implementing deep observability will significantly accelerate progress in improving visibility into containers, east-west traffic and encrypted data to bolster security and totally eradicate the blind spots that are keeping today’s CISOs up at night.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.