Cyber Security
Dynatrace Intros Security Analytics for Proactive Defense Against Threats to Cloud Apps
Dynatrace has announced the introduction of Security Analytics, a new Dynatrace platform solution designed to help organizations better defend against threats to their hybrid and multi-cloud environments. Dynatrace Security Analytics leverages Davis AI, which combines predictive and causal AI techniques to provide security analysts with the precise answers and data context they need to prioritize and investigate threats and vulnerabilities. Later this year, Security Analytics will also include generative AI capabilities as part of Dynatrace’s planned expansion to provide a hypermodal AI offering through Davis.
In addition, Security Analytics now leverages Dynatrace AutomationEngine to create automation and workflows that analysts can use to assess the impact of an attack, find the indicators of compromise (IOCs), or automatically trigger a response. Combining Davis hypermodal AI, precise answers with context, and intelligent automation empowers security analysts to defend against emerging cyber threats proactively. It also bolsters their organization’s cybersecurity defence and overall security posture.
Security analysts often lose productivity due to disjointed tools and processes that require considerable human intervention. This approach can result in alerts going uninvestigated for months or years, posing significant risks to their organizations. Many teams rely on traditional Security Information and Event Management, or SIEM solutions, that monitor log data to find IOCs. This data lacks crucial context, such as the underlying cloud infrastructure and application topology, which can help narrow the scope of an investigation. Missing this context makes it difficult to use SIEM solutions to accelerate an investigation or identify and defend against cyber threats.
Allie Mellen, Senior Analyst at Forrester Research, wrote, “Security information and event management (SIEM) capabilities alone are no longer sufficient for security operations teams. Today’s security analytics platforms combine features to enable analytics, investigation, automation, threat hunting, dashboards, and reporting to help security analysts be more effective.”
Dynatrace Security Analytics addresses these needs by fueling the answers and automation it delivers with logs, metrics, traces, and topology while keeping data context intact. This enables teams to identify and investigate threats that may be impossible to pinpoint from logs alone. Furthermore, Security Analytics adds to other Dynatrace application security capabilities. These include:
- Runtime vulnerability analytics, which provides real-time detection and prioritization of vulnerabilities that have escaped into production environments.
- Runtime application protection, which detects and blocks common application attacks, like SQL injection, command injection, and JNDI attacks.
Steve Tack, SVP of Product Management at Dynatrace, said, “In today’s rapidly evolving threat landscape, organizations face an unprecedented risk of cyberattacks that can wreak havoc on their operations and customers’ trust. With Dynatrace Security Analytics, analysts can quickly investigate and verify what happened and leverage observability and security data in full context to analyze and take proactive action to strengthen defences. Combining these new security analytics with our platform’s other application security capabilities enables our customers to successfully deliver digital transformation with the confidence that their hybrid and multi-cloud environments are well protected.”
As the malware development market continues to flourish with new stealers such as Lumma, for the last three years Redline still remains the dominant data-stealing malware used by cybercriminals. More than half of every device (55%) targeted by password-stealer attacks in 2023 has been infected with the Redline malware, Kaspersky Digital Footprint Intelligence finds.
Infostealers infiltrate devices to illicitly obtain sensitive credentials such as logins and passwords, which are then peddled on the shadow market, posing significant cybersecurity threats to personal and corporate systems. According to information gleaned from log files traded or distributed freely on the dark web, Redline was used in 51% of infostealer infections from 2020 to 2023. Other notable malware families included Vidar (17%) and Raccoon (nearly 12%). In total, around 100 distinct infostealer types were identified by Kaspersky Digital Footprint Intelligence between 2020 and 2023 using metadata from log files.
The underground market for data-stealing malware development is expanding, evident from the rising popularity of new stealers. Between 2021 and 2023, the portion of infections caused by new stealers grew from 4% to 28%. Specifically, in 2023, the new “Lumma” stealer alone was responsible for more than 6% of all infections.
“Lumma emerged in 2022 and gained popularity in 2023, through a Malware-as-a-Service (MaaS) distribution model. This means any criminal, even those without advanced technical skills, can purchase a subscription for a pre-made malicious solution and use this stealer to carry out cyberattacks. Lumma is primarily designed for stealing credentials and other information from cryptocurrency wallets, commonly spread through email, YouTube, and Discord spam campaigns,” said Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence.
To guard against data-stealing malware, individuals are advised to use a comprehensive security solution for any device. This will help prevent infections and alert them to dangers, such as suspicious sites or phishing emails that can be an initial vector for infection. Companies can help their users, employees and partners protect themselves from the threat by proactively monitoring leaks and prompting users to change leaked passwords immediately.
AmiViz has forged a partnership with Abstract Security, a cyber threat operations platform offering a revolutionary approach to security analytics that allows organisations to improve efficiency, reduce SIEM-related storage costs, and enhance detection and response capabilities across multi-cloud and on-premise environments. The Abstract platform disrupts traditional cybersecurity analytics with its innovative approach, challenging the limitations of conventional Security Analytics systems. Abstract Security offers a transformative cyber threat operations platform in an era marked by compliance-induced data swamps and redundant data storage.
“Engineered to streamline security analytics, it enhances detection and response capabilities across diverse IT environments, including multi-cloud and on-premise setups. By integrating tactical artificial intelligence (AI), Abstract empowers security analysts to decode complex cloud security data, improving detection strategies and filling visibility gaps. Pioneering initiatives like the decentralized edge computing platform and a one-click data lake further solidify Abstract Security’s position as a visionary player in cybersecurity,” the company said.
“The strategic expansion into Middle Eastern markets aligns with the region’s growing demand for advanced cybersecurity measures. With rapid digital transformation and increased cyber threats, the Middle East presents a significant opportunity for Abstract Security. Government investments in cybersecurity infrastructure and the adoption of IoT technologies amplify the demand for efficient, AI-driven security solutions,” the company added.
Ilyas Mohammed, COO at AmiViz, said, “Our partnership with Abstract Security heralds a new era in cybersecurity analytics. By leveraging their innovative solutions, we empower our clients with proactive threat management capabilities that surpass traditional systems. Together, we redefine industry standards, ensuring robust protection against evolving cyber threats and bolstering our position as leaders in the cybersecurity landscape.”
Richard Betts, Vice President of International Business at Abstract Security, commented on the strategic alliance, stating, ‘Our collaboration with AmiViz in the Middle East is more than a partnership; it’s a synergy of strengths. This venture not only amplifies our presence in a region but also marks a significant step in our journey to broaden Abstract Security’s international reach.
The companies claimed that the solutions are tailored for large enterprises in critical sectors like finance, oil and gas, telecommunications, MSSP and government, to address unique cyber threats. Abstract Security said it aims to integrate its solutions in local markets deeply through a channel-focused distribution strategy, empowering channel partners and addressing evolving security needs. The company added that it has partnered with AmiViz to provide comprehensive support, including technical training, marketing assistance, and dedicated account management, further strengthening Abstract Security’s position in the GCC markets.
Abstract Security’s partnership with AmiViz allows Middle Eastern channel partners to revolutionize security analytics, transcending traditional SIEM systems and compliance burdens. Together, they set a new standard for cybersecurity analytics, paving the way for proactive and predictive security measures. This partnership aims to position the Middle East as a cybersecurity stronghold, contributing to its global leadership in cybersecurity.
Check Point Software Technologies has announced its participation at the Gulf Information Security Expo & Conference (GISEC) 2024, scheduled from April 23rd to April 25th, 2024, at the Dubai World Trade Centre. As cyber threats continue to evolve rapidly, the need for advanced cybersecurity solutions has never been more pressing. With the United Arab Emirates experiencing an average of 1,207 cyberattacks per organization each week over the last six months—surpassing the global average—Check Point Software is set to showcase its flagship Check Point Infinity Platform at GISEC 2024.
This platform, which is at the forefront of AI-powered, cloud-delivered cybersecurity, has been specifically designed to meet the modern challenges of an evolving threat landscape, providing comprehensive protection, consolidated operations, and collaborative communication capabilities. Visitors can explore these solutions at booth #C39 in Hall 7, where the following highlights will be featured:
- Check Point Infinity Playblocks: Automatically triggers preventive actions upon detecting an attack, swiftly containing threats through a consolidated, cloud-based security platform.
- Check Point Infinity AI Copilot: Enhances the efficiency of security teams by leveraging AI to automate complex tasks and deliver proactive security solutions.
- Check Point UAE Infinity Portal: Tailored to meet the needs of organizations of all sizes while fully adhering to the UAE’s data privacy regulations.
Ram Narayanan, Country Manager at Check Point Software Technologies Middle East, commented, “Our participation at GISEC 2024 underscores our commitment to bolstering cybersecurity defences in the region. The Check Point Infinity Platform, with its AI-powered threat prevention and cloud-delivered threat intelligence, is critical for organizations needing robust solutions to protect their assets. We look forward to engaging with customers and partners to discuss how these innovations can enhance cybersecurity resilience.”
Additionally, at GISEC 2024, Check Point Software will focus on strengthening relationships with customers and partners. This commitment highlights the company’s ongoing effort to provide advanced cybersecurity solutions in the region. Check Point Software is eager to meet with attendees, discuss their security challenges, and explore how it can help organizations enhance their defences, prevent cyber-attacks, and protect their critical assets.
Airbus to Show Off Agnet Turnaround at Critical Communications World 2024
Kirisun to Showcase DMR and PTToC Solutions at CCW 2024 in Dubai
Hytera to Show Off Innovations for Law Enforcement and Industrial Safety at CCW 2024 in Dubai
OPTIMAS, UiPath, Vistas Global Join Forces to Reimagine Risk Management
Check Point Software Announces 2024 Cloud Security Report
Qualys Offers 30-Day Free Access to the Qualys Enterprise TruRisk Platform
Check Point Announces a New Collaboration with Microsoft
CyberKnight to Focus on Zero Trust Security at GISEC 2024
SolarWinds to Showcase Hybrid Cloud Observability at GISEC 2024
Positive Technologies to Knock Out Email Threats at GISEC 2024 with New Service
Video: Interview with Bertil Brendeke of BotGuard at #GISEC2024
Video: Interview with Abdul Rehman Tariq of SolarWinds at #GISEC2024
Video: Interview with Prashant R. Menon of Check Point at #GISEC2024
Video: Interview with Pedro Simoes of Motorola Solutions at Intersec 2024
Video: Interview with Osama Qafiti of Vanguard Integrated Solutions at Intersec 2024
-
Market Research5 days agoBeyondTrust Releases 2024 Microsoft Vulnerabilities Report
-
Market Research6 days agoNetApp’s 2024 Cloud Complexity Report: Unveiling the “Disrupt or Die” Era
-
Market Research1 week agoInfoblox Threat Intel Exposes “Muddling Meerkat” Behind China’s Great Firewall
-
Cloud4 days agoCheck Point Software Announces 2024 Cloud Security Report
-
News5 days agoCrowdStrike Strengthens Cloud Security with Integrated ASPM and CNAPP
-
Critical Communications4 days agoHytera to Show Off Innovations for Law Enforcement and Industrial Safety at CCW 2024 in Dubai
-
Critical Communications5 days agoCritical Communications World 2024: A Global Hub for Innovation in Dubai
-
Critical Communications3 days agoKirisun to Showcase DMR and PTToC Solutions at CCW 2024 in Dubai