Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security Vendor. Show all posts
Ransomwares
Cyber Security Cyber Security Vendor macOS MacOS Malware Malware attacks MITRE MITRE ATT&CK Ransomwares

MITRE’s Latest ATT&CK Evaluations Reveal Critical Insights into Cybersecurity Solutions

 

MITRE Corporation has published its findings from the latest round of ATT&CK evaluations, offering important insights into the effectiveness of enterprise cybersecurity solutions. This sixth evaluation assessed 19 vendors against two major ransomware strains, Cl0p and LockBit, as well as North Korean-linked malware targeting macOS systems. The advanced malware simulations used during the evaluation highlighted sophisticated tactics, such as exploiting macOS utilities and covert data exfiltration, emphasizing the dynamic nature of modern cyber threats.

The Findings and Their Significance

According to MITRE’s general manager, William Booth, the evaluation revealed notable disparities in vendors’ abilities to detect and distinguish between malicious activities. Some solutions achieved high detection rates but also suffered from alarmingly high false-positive rates, indicating a need for better precision in threat identification. MITRE’s methodology involved a two-phase approach: first, evaluating baseline detection capabilities and then assessing protection performance after vendors adjusted their configurations to improve detection accuracy. This approach highlights the adaptability of vendors in enhancing their solutions to counter emerging threats.

The Struggles with Post-Compromise Detection

A key takeaway from the evaluation was the struggle vendors faced with post-compromise threat detection. MITRE stressed the importance of detecting and mitigating ransomware activities after the initial breach, as ransomware often mimics legitimate system behaviors. Booth emphasized that relying solely on blocking initial infections is no longer sufficient—solutions must also account for activities occurring later in the attack chain. This represents a critical area where cybersecurity solutions need improvement to effectively neutralize threats at all stages of an attack.

Contrasting Detection Strategies

The evaluation also highlighted differences in detection strategies among vendors. Some vendors utilized machine learning and AI-based methods for threat detection, while others relied on more traditional heuristic approaches. These contrasting methodologies led to varying levels of effectiveness, particularly in the detection of false positives and distinguishing between benign and malicious activities. The use of AI-based methods showed promise, but some vendors struggled with accuracy, underscoring the challenges faced by the industry in keeping up with evolving threats.

MacOS Threats: A New Challenge

For the first time, MITRE included macOS threats in its evaluation. Addressing macOS malware posed unique challenges, as there is limited publicly available Cyber Threat Intelligence (CTI) on such threats. Despite these challenges, MITRE’s inclusion of macOS malware reflects its commitment to addressing the evolving threat landscape, particularly as more organizations adopt Apple devices in their enterprise environments. The move signals MITRE’s proactive approach to ensuring that cybersecurity solutions account for all major operating systems in use today.

Looking Ahead: Vendor Transparency and Improvement

Although MITRE refrains from ranking vendors, its evaluation provides transparency that can guide organizations in making informed decisions about their cybersecurity strategies. The findings underscore the importance of refining cybersecurity technologies to meet the demands of a rapidly evolving cyber environment. Booth highlighted that these evaluations encourage vendors to continuously improve their technologies to better counter the increasing sophistication of cyber threats.

By incorporating ransomware and macOS malware into its evaluations, MITRE continues to shed light on the complexities of modern cyberattacks. The insights gained from this evaluation are invaluable for organizations looking to enhance their defenses against increasingly sophisticated threats. As cyberattacks become more advanced, understanding the varying capabilities of enterprise security solutions is essential for building a robust cybersecurity posture.

Read more »
IT Security
CrowdStrike CrowdStrike outage Cyber Attacks Cyber Security Vendor Digital Disaster Global IT Outage IT Security

Navigating the Impact of Major IT Outages: Lessons from the CrowdStrike Incident

 

On Friday, a critical software update by cybersecurity firm CrowdStrike led to a massive outage, affecting around 8.5 million Windows machines globally. This incident serves as a stark reminder of the importance of preparedness for IT disruptions. Experts from CIO Journal have shared their insights on how organizations can better prepare for similar scenarios in the future. Understanding vendor practices is crucial. 

IT leaders should hold vendors, like CrowdStrike, to high standards regarding development and testing. Neil MacDonald, a Gartner vice president, emphasizes the need for thorough regression testing of all Windows versions before any update is released. IT managers must ensure that vendors are transparent about their software development processes and offer options for phased updates. With automatic software updates becoming standard practice, the CrowdStrike incident highlights the need for caution. Paul Davis from JFrog suggests prioritizing testing for updates based on their potential impact. 

Although testing every update may not be feasible, automation and AI tools can assist in managing this process efficiently. Jack Hidary from SandboxAQ advocates for AI-driven error detection to enhance software reliability. Developing a robust disaster recovery plan is also essential. Gartner’s MacDonald likens a major IT outage to a natural disaster, advising businesses to prepare similar recovery strategies. Establishing a “clean room” environment for restoring critical systems and conducting regular tabletop exercises can help maintain operational resilience. Regular data backups also mitigate the impact of such outages, as noted by Victor Zyamzin from Qrator Labs. Reviewing vendor contracts and insurance coverage is another vital step. Companies should scrutinize their agreements for clauses that ensure vendor reliability and explore compensation options for outages. 

Peter Halprin from Haynes Boone underscores the importance of cyber insurance, which can provide financial protection against business income losses due to IT disruptions. Finally, organizations may need to reassess their reliance on specific platforms. The CrowdStrike update, which primarily affected Windows-based systems, raises questions about whether businesses should consider alternative operating systems like macOS or Linux. As Chirag Mehta of Constellation Research points out, evaluating the necessity of deeper access provided by Windows might lead some to adopt simpler systems like Chromebooks.

The CrowdStrike outage underscores the importance of rigorous testing, effective disaster recovery plans, careful vendor and insurance management, and a thoughtful approach to platform selection. By addressing these areas, businesses can better prepare for future IT challenges and safeguard their operations.
Read more »
Threat Landscape
Application Security Cyber Security Vendor SaaS Platform Technology Threat Landscape

Check Point to Acquire Cyber Startup Atmosec to Boost Its SaaS Security Offering

 

Check Point Software intends to acquire an early-stage SaaS security business founded by former Armis leaders in order to anticipate and combat malicious application threats. 

According to Vice President of Product Management Eyal Manor, the Silicon Valley-based platform security vendor's proposed acquisition of Tel Aviv, Israel-based Atmosec will give customers a better understanding of what's going on with the SaaS platforms that power their businesses, such as Office 365, Salesforce, and GitHub. Each of these platforms has thousands of apps running in the background, some of which are harmful. 

"We really loved their technology. We loved the demo. This is exactly the share of mind that our customers are looking for. This is the share of mind that is basically part of our DNA. We saw that, and we really liked it," Manor told Information Security Media Group. 

In trading on Wednesday, Check Point's shares rose $0.01, or 0.01%, to $133.86 per share. The acquisition's terms, which are slated to conclude by mid-September, were not disclosed. Check Point agreed to buy New York-based zero trust network access and secure web gateway firm Perimeter 81 for $490 million less than a month ago. 

Atmosec's capabilities, according to Manor, go beyond SaaS security posture management, which concentrates on the configuration surface and can block users from connecting without multifactor authentication. Atmosec handles apps that access SaaS platforms and can promptly, automatically, and autonomously fix any issues with poor, rogue, or untrusted applications. 

Atmosec can integrate with office productivity tools, CRM environments, development environments, and HR platforms to offer customers a picture of what's going on and to stop threat activity. Manor claims that combining Perimeter 81's ZTNA and SWG assets with Atmosec's SaaS security product and Check Point's native SD-WAN tool will enable the company to provide consolidated, single-vendor SASE. 

According to Manor, Check Point has also expanded organic security service edge capabilities as part of its Harmony Connect product, which focuses on identifying, blocking, and understanding known, unknown, and zero-day vulnerabilities. However, Manor said that Check Point had not invested sufficiently in network infrastructure, leaving clients without network-as-a-service capabilities or private network cloud assets. 

Many firms have battled with usability when it comes to adopting and maintaining SASE infrastructure due to the delay associated with routing data across distant locations. As a result, he claims that some organisations have chosen to implement less security protections in order to maintain usability. When properly set, SASE both prevents risks and provides a fantastic user experience, according to Manor. 

Perimeter 81 will ultimately provide CheckPoint clients a native, private virtual network via a variety of providers, with Atmosec supplying the SaaS platform and Harmony Connect supplying the security layer. Manor intends to monitor the extent of SaaS security service uptake by current CheckPoint clients as well as their level of SASE tool usage.
Read more »
Subscribe to: Posts (Atom)