Connect with us

News

Netskope Appoints Su Le as CxO Advisor

Published

on

Netskope has appointed Su Le to its advisory board. Su Le joins Netskope following several years in leadership roles at the Saudi Government initiative NEOM and will serve as a crucial liaison between Netskope and the Middle East, offering guidance to Netskope’s customers as they navigate the complex cybersecurity landscape of the region, and leverage Netskope’s cutting-edge solutions to fortify their digital infrastructure.

With a background in cybersecurity strategy and executive leadership, both within the Middle East and Globally, Su Le brings a wealth of experience to Netskope’s advisory team. His appointment underscores Netskope’s commitment to providing tailored support to organizations within the region, empowering them to address evolving cybersecurity challenges effectively.

“The cybersecurity landscape in the Middle East faces a growing threat of increasingly sophisticated attack vectors,” said Le. “CxO executives need to learn how to demystify cybersecurity to pave the way for new opportunities and tightened defences – especially in the context of digital transformation and implementation of cybersecurity protocols. With a history working in both the Middle East and global cybersecurity landscapes, I am looking forward to promoting innovative and comprehensive cloud-native solutions as part of the Netskope team.”

Jonathan Mepsted, Vice President, Middle East and Africa at Netskope, commented, “Technology leaders are now at the forefront of accountability when it comes to reimagining architectures that will enable growth, agility and flexibility. We are excited to have Su, with his wealth of knowledge and razor-sharp expertise, to make this very daunting transformational journey as seamless as possible across the board. Le’s prior experience as a member of SambaNova Systems’ advisory board emphasizes the importance of his expertise in guiding organizations through crucial transformative security initiatives.”

Netskope’s expansion of its CxO Advisory Board comes at a time of rapid growth and innovation for the company. The company has expanded its EMEA team significantly, bolstering the regional leadership to better support local organizations in their adoption of Security Service Edge (SSE) on their journey to SASE. Netskope’s customers include more than a quarter of the Fortune 100 and some of the world’s largest commercial banks, healthcare providers, telecommunications companies, and retailers. The company has raised over $1.4 billion from leading investors including ICONIQ Growth, Lightspeed Venture Partners, Accel, and Sequoia Capital Global Equities.

Cyber Security

Cloudflare Reports Q3 2024 DDoS Attack Trends

Published

on

Cloudflare has announced its 2024 Q3 DDoS report. This report includes insights and trends about the DDoS threat landscape — as observed across the global Cloudflare network, which is one of the largest in the world. The number of DDoS attacks spiked in the third quarter of 2024. Cloudflare mitigated nearly 6 million DDoS attacks, representing a 49% increase in QoQ and a 55% increase YoY.

Out of those 6 million, Cloudflare’s autonomous DDoS defence systems detected and mitigated over 200 hyper-volumetric DDoS attacks exceeding rates of 3 terabits per second (Tbps) and 2 billion packets per second (Bpps). The largest attack peaked at 4.2 Tbps and lasted just a minute. The Banking & Financial Services industry was subjected to the most DDoS attacks. China was the country most targeted by DDoS attacks, and Indonesia was the largest source of DDoS attacks.

In Q3, Cloudflare’s systems mitigated nearly 6 million DDoS attacks bringing it to a total of 14.5 million DDoS attacks year-to-date (4.5 million in Q1 and 4 million in Q2). That’s an average of around 2,200 DDoS attacks every hour. Of those attacks, Cloudflare mitigated over 200 hyper-volumetric network-layer DDoS attacks that exceeded 1 Tbps or 1 Bpps. The largest attacks peaked at 3.8 Tbps and 2.2 Bpps. At the time of writing the Q3 report, on October 21, 2024, Cloudflare’s systems autonomously detected and mitigated a 4.2 Tbps DDoS attack that lasted around a minute.

Of the 6 million DDoS attacks, half were HTTP (application layer) DDoS attacks and half were network layer DDoS attacks. Network layer DDoS attacks increased by 51% QoQ and 45% YoY, and HTTP DDoS attacks increased by 61% QoQ and 68% YoY. 90% of DDoS attacks, including the largest of attacks, were very short-lived. The company did see, however, a slight increase (7%) in attacks lasting more than an hour. These longer attacks accounted for 3% of all attacks.

In Q3, Cloudflare saw an even distribution in the number of network-layer DDoS attacks compared to HTTP DDoS attacks. Of the network-layer DDoS attacks, SYN flood was the top attack vector followed by DNS flood attacks, UDP floods, SSDP reflection attacks, and ICMP reflection attacks. On the application layer, 72% of HTTP DDoS attacks were launched by known botnets and automatically mitigated by our proprietary heuristics.

In Q3, the company observed a 4,000% increase in SSDP amplification attacks compared to the previous quarter. Disabling UPnP on unnecessary devices and using DDoS mitigation strategies can help defend against this attack. In Q3, 80% of HTTP DDoS attack traffic impersonated the Google Chrome browser, which was the most common user agent observed in attacks. More specifically, Chrome 118, 119, 120, and 121 were the most common versions.

In second place, no user agent was seen for 9% of HTTP DDoS attack traffic. In third and fourth place, attacks were observed using the Go-http-client and fasthttp user agents. The former is the default HTTP client in Go’s standard library and the latter is a high-performance alternative. fasthttp is used to build fast web applications but is often used for DDoS attacks and web scraping too.

China was the most attacked location in the third quarter of 2024. The United Arab Emirates was ranked second, with Hong Kong in third place, followed closely by Singapore, Germany, and Brazil. In Q3, Banking & Financial Services was the most targeted by DDoS attacks. Information Technology & Services was ranked in second place, followed by the Telecommunications, Service Providers, and Carriers sector. Cryptocurrency, Internet, Gambling & Casinos, and Gaming followed closely behind as the next most targeted industries. Consumer Electronics, Construction & Civil Engineering, and the Retail industries rounded out the top ten most attacked industries.

Indonesia was the largest source of DDoS attacks in the third quarter of 2024. The Netherlands was the second-largest source, followed by Germany, Argentina, and Colombia. The next five largest sources included Singapore, Hong Kong, Russia, Finland, and Ukraine. The unprecedented surge in hyper-volumetric DDoS is capable of overwhelming Internet properties, particularly those relying on capacity-limited cloud services or on-premise solutions. The increasing use of powerful botnets, fuelled by geopolitical tensions and global events, is expanding the range of organizations at risk — many of which were not traditionally considered prime targets for DDoS attacks. Unfortunately, too many organizations reactively deploy DDoS protections after an attack has already caused significant damage.

Commenting on the report, Bashar Bashaireh, VP – Middle East and Türkiye at Cloudflare, says: “Our observations confirm that businesses with well-prepared, comprehensive security strategies are far more resilient against these cyber threats. At Cloudflare, we’re committed to safeguarding your Internet presence. Through significant investment in our automated defences and a robust portfolio of security products, we ensure proactive protection against both current and emerging threats — so you don’t have to.”

Continue Reading

Cyber Security

Unsupervised Device Sharing Poses Security Risks for Kids

Published

on

In the current security climate and with the complexities of a hybrid workforce, IT decision-makers still have a huge challenge when it comes to fully securing the workplace. A new Cisco study reveals that among parents who share their devices used for work with children in the UAE, 40 per cent allow unsupervised access with full knowledge of passcodes. Even among those without access to passcodes, 54 per cent remain unsupervised.

“In the UAE, the rise of remote work combined with the increasing prevalence of shared devices within families presents significant security challenges that cannot be overlooked,” says Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS. “As we navigate this landscape, it is crucial for organizations to not only implement robust security measures like multi-factor authentication and zero-trust frameworks but also to engage with employees in understanding their unique home environments. By fostering a culture of security awareness and adapting to the realities of family dynamics, we can better safeguard sensitive information while supporting working parents in our communities.”

With 91 per cent of working parents sharing a personal device used for work with a child in the past six months in the UAE, it is clear IT teams need to factor in more than just standard security risks. They need to consider more broadly the issues that arise in chaotic real-world environments, and how substituting security for convenience continues to be a threat. Among those sharing devices with children, the survey further shows low usage of effective security. Only 24 per cent use multi-factor authentication (MFA) for important work tasks, while 62 per cent simply rely on “strong” passwords.

In a time where over two-thirds of connected household devices are shared among family members (75 per cent vs 65 per cent two years ago), it’s time to sharpen up on best practices and monitor activity across devices – managed or unmanaged, fixed or mobile – to make sure nothing falls through the cracks.

Cisco’s Tips to Mitigate the Security Risk of Device Sharing:

  1. Work with rather than against users. Allow users to create guest user accounts on devices to allow family members restricted use without access to business systems but benefitting from corporate cyber protection. Permitting guest accounts is less than ideal, but it’s better than having unauthorised users with full access to a device.
  2. Implement multi-factor authentication *(MFA) or two actor authentication (2FA). When a user accesses a new application or system, verify that the user intended to act as an MFA/2FA ping or biometric recognition. A simple additional verification step will almost certainly prevent curious children from accessing sensitive systems.
  3. Keep sensitive business data protected. Not all data has equal security requirements, so guard sensitive data with additional elements such as zero trust network access (ZTNA), VPN, or multifactor authentication (MFA/2FA) so that it can only be accessed by the appropriate device user.
  4. Back-up, back-up and back-up again. The family home environment is hazardous for fragile electronic devices. Spilled coffee, lemonade or paint can easily disable a device, as can falls from height on to a tiled kitchen floor. Ensuring that important data isn’t lost and that replacement devices can be easily restored from backed-up data is vital to keeping hybrid workers operational.
  5. Educate users about cyber security. Devious users have a nasty habit of finding ways to subvert security protections if they find that these protections get in the way of their goals. Make sure users are aware of the importance of cyber security, the consequences of getting it wrong, as well as common threats and attacks. Simple policies reinforced with sanctions for transgressions help users understand what is acceptable and what is not.
Continue Reading

Cyber Security

CrowdStrike to Acquire Adaptive Shield

Published

on

CrowdStrike has announced it has agreed to acquire Adaptive Shield, a leading provider of SaaS security solutions. With this acquisition, CrowdStrike will be able to provide unified, end-to-end protection against identity-based attacks across the entire modern cloud ecosystem – from on-premises Active Directory to cloud-based identity providers and SaaS applications – delivered from a single, unified platform. Announced at Fal.Con Europe, CrowdStrike’s inaugural premier user conference in the region, this acquisition will position CrowdStrike as the leading provider of comprehensive protection across complex hybrid environments.

“CrowdStrike was built to tackle the toughest cybersecurity challenges, and we drive relentless innovation based on what our customers need to stay ahead of modern threats,” said George Kurtz, CEO and founder, CrowdStrike. “As SaaS and AI adoption grows, every new application brings additional complexity and the risk of misconfigurations across human and non-human accounts that create openings for sophisticated attacks. With the acquisition of Adaptive Shield, CrowdStrike will continue to set the standard for identity-based protection in the cloud, delivering best-in-class SaaS protection from the Falcon platform.”

Cloud exploitation cases grew by 110% last year, while identity-based attacks continue to rise – 75% of attacks to gain initial access are now malware-free. ‘Cross-domain’ adversaries, targeting identity and cloud, have numerous attack paths, from on-premises Active Directory to cloud-based identity providers and the growing landscape of SaaS applications. The complexity of modern hybrid cloud environments and disconnected security tools create protection gaps, making it difficult to prevent identity-based threats.

SaaS is projected to be the largest category of cloud computing in 2024, capturing more than 40% of all public cloud spending. Under the SaaS shared responsibility model, SaaS vendors provide security controls, while organizations manage configurations. In today’s complex environments, where hundreds of SaaS applications each come with unique access controls and identity configurations, security teams face significant challenges in maintaining visibility into who has access, what sensitive data is exposed, and active threats – even with purpose-built SaaS protection.

Adaptive Shield delivers the industry’s most complete security posture management and threat protection across SaaS identities, misconfigurations and data, stopping SaaS breaches. As an integrated component of the CrowdStrike Falcon cybersecurity platform, Adaptive Shield will equip CrowdStrike with the most advanced capabilities to stop identity-based attacks across all aspects of modern hybrid cloud environments. Customer benefits will include:

  1. Comprehensive SaaS Security Posture Management (SSPM): Organizations gain full visibility and governance over misconfigurations, the entitlements and activity levels of both human and non-human identities, and exposed data across 150+ SaaS applications. This new end-to-end visibility of identities across hybrid cloud environments gives operators a unique context for rapid cloud detection and response (CDR).
  2. GenAI Application Security Control: By continuously monitoring GenAI SaaS applications, Adaptive Shield empowers organizations to enforce consistent security standards by detecting configuration shifts, controlling AI settings to prevent data leakage, and identifying shadow AI applications to revoke access based on their risk profile. This approach ensures that AI-integrated applications remain aligned with security policies to protect sensitive data.
  3. Unified Hybrid Identity and Cloud Security: The powerful combination of Adaptive Shield and CrowdStrike Falcon Identity Protection will provide customers with comprehensive identity protection across SaaS, on-premises Active Directory and cloud-based environments (Okta and Microsoft Entra ID). CrowdStrike Falcon Cloud Security customers will also gain unified visibility and protection across the entire modern cloud estate – infrastructure, custom applications, data, AI models and SaaS applications – all from the same unified console and workflow.
  4. Existing Integration Accelerates Detection and Response: Adaptive Shield’s existing integration with CrowdStrike Falcon Next-Gen SIEM provides rapid first-party detection and response across multiple security domains – endpoints, identities, workloads and applications – automatically correlating detections inline with the latest threat intelligence and Falcon Fusion SOAR delivering near real-time response.

“Widespread adoption of SaaS applications has rapidly expanded the enterprise attack surface, as shared responsibility models and fragmented security controls make SaaS environments a prime target,” said Maor Bin, CEO and co-founder, Adaptive Shield. “Our mission perfectly complements CrowdStrike, stopping SaaS breaches while further accelerating consolidation on cybersecurity’s most comprehensive platform. I’m incredibly proud of our team for building the most advanced SaaS security solution, defining the market.”

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.