Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label XDR Firm. Show all posts
XDR Firm
CISO Cyber Security IBM Palo Alto Networks Software XDR Firm

IBM's Exit from Cybersecurity Software Shakes the Industry


 

In an unexpected move that has disrupted the cybersecurity equilibrium, IBM has announced its exit from the cybersecurity software market by selling its QRadar SaaS portfolio to Palo Alto Networks. This development has left many Chief Information Security Officers (CISOs) rethinking their procurement strategies and vendor relationships as they work to rebuild their Security Operations Centers (SOCs).

IBM's QRadar Suite: A Brief Overview

The QRadar Suite, rolled out by IBM in 2023, included a comprehensive set of cloud-native security tools such as endpoint detection and response (EDR), extended detection and response (XDR), managed detection and response (MDR), and key components for log management, including security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms. The suite was recently expanded to include on-premises versions based on Red Hat OpenShift, with plans for integrating AI capabilities through IBM's Watsonx AI platform.

The agreement, expected to close by the end of September, also designates IBM Consulting as a "preferred managed security services provider (MSSP)" for Palo Alto Networks customers. This partnership will see the two companies sharing a joint SOC, potentially benefiting customers looking for integrated security solutions.

Palo Alto Networks has assured that feature updates and critical fixes will continue for on-premises QRadar installations. However, the long-term support for these on-premises solutions remains uncertain.

Customer Impact and Reactions

The sudden divestiture has taken the cybersecurity community by surprise, particularly given IBM's significant investment in transforming QRadar into a cloud-native platform. Eric Parizo, managing principal analyst at Omdia, noted the unexpected nature of this move, highlighting the substantial resources IBM had dedicated to QRadar's development.

Customers now face a critical decision: migrate to Palo Alto's Cortex XSIAM platform or explore other alternatives. Omdia's research indicates that IBM's QRadar was the third-largest next-generation SIEM provider, trailing only Microsoft and Splunk (now part of Cisco). The sudden shift has left many customers seeking clarity and solutions.

Market Dynamics

This acquisition comes at a pivotal time in the cybersecurity industry, with SIEM, SOAR, and XDR technologies increasingly converging into unified SOC platforms. Major players like AWS, Microsoft, Google, CrowdStrike, Cisco, and Palo Alto Networks are leading this trend. Just before IBM's announcement, Exabeam and LogRhythm revealed their merger plans, aiming to combine their SIEM and user and entity behaviour analytics (UEBA) capabilities.

Forrester principal analyst Allie Mellen pointed out that IBM's QRadar lacked a fully-fledged XDR offering, focusing more on EDR. This gap might have influenced IBM's decision to divest QRadar.

For Palo Alto Networks, acquiring QRadar represents a significant boost. The company plans to integrate QRadar's capabilities with its Cortex XSIAM platform, known for its automation and MDR features. While Palo Alto Networks has made rapid advancements with Cortex XSIAM, analysts like Parizo believe it still lacks the maturity and robustness of IBM's QRadar.

Palo Alto Networks intends to offer free migration paths to its Cortex XSIAM for existing QRadar SaaS customers, with IBM providing over 1,000 security consultants to assist with the transition. This free migration option will also extend to "qualified" on-premises QRadar customers.

The long-term prospects for QRadar SaaS under Palo Alto Networks remain unclear. Analysts suggest that the acquisition aims to capture QRadar's customer base rather than sustain the product. As contractual obligations expire, customers will likely need to transition to Cortex XSIAM or consider alternative vendors.

A notable aspect of the agreement is the incorporation of IBM's Watsonx AI into Cortex XSIAM, which will enhance its Precision AI tools. Gartner's Avivah Litan highlighted IBM's strong AI capabilities, suggesting that this partnership could benefit both companies.

In conclusion, IBM's exit from the cybersecurity software market marks a paradigm shift, prompting customers to reevaluate their security strategies. As Palo Alto Networks integrates QRadar into its offerings, the industry will closely watch how this transition unfolds and its impact.




Read more »
XDR Firm
Cyber Attacks Encryption Tools ransomware attacks Royal Ransomware XDR Firm

Cybereason Issues a Warning on a Rapid Growth of Royal Ransomware

 

The Royal Ransomware Group has emerged, and Cybereason, the XDR company, today released a new worldwide danger notice alerting public and private sector companies about the group's use of distinctive tactics, strategies, and procedures in attacks to elude detection. Due to the fact that hackers target weak enterprises around the holidays and on the weekends, businesses should be extremely vigilant against ransomware assaults. 

Since its initial appearance this year, the Royal Ransomware Group has attacked scores of companies all around the world. The group appears to be run by the Conti Group and other well-known ransomware organizations. Organizations should take precautions to prevent being victims because the threat level from Royal attacks is “HIGH.” 

Important report findings 

Unusual method of dodging anti-ransomware defenses: Royal ransomware extends the idea of partial encryption by having the capacity to encrypt a specific piece of the file content and basing it on configurable percentage encryption, making detection by anti-ransomware solutions more difficult. 

Ransomware that uses multiple threads: Royal ransomware uses several threads to hasten the encryption process. 

Global ransomware operation: The Royal ransomware purportedly runs independently and globally. The gang doesn't seem to target a particular industry or nation or utilize ransomware-as-a-service. 

High Severity: Given the sharp rise in attacks from this group over the previous 60–90 days, Cybereason rates the threat level from Royal Ransomware as HIGH. 

Mitigation Tips 

Maintain excellent security hygiene by, for instance, implementing a programme for staff security awareness and making sure operating systems and other software are routinely patched and updated. 

Verify that important players can be reached whenever needed: Attacks that happen over holidays and weekends may cause critical reaction activities to be delayed. 

Conduct routine drills and exercises on a table: Include important stakeholders from other departments outside security, such as Legal, HR, IT, and senior executives, so that everyone is aware of their duties and responsibilities and can react as quickly as possible.

Implementing unambiguous isolation procedures will block any more network intrusions and stop ransomware from spreading to other systems. The ability to disconnect a host, lock down a hacked account, and block a malicious domain are all skills that security teams should have. 

When feasible, think about locking down important accounts: Attackers frequently raise access to the admin domain level before deploying ransomware to spread the malware throughout a network. In the active directory, teams should set up highly secure, emergency-only accounts that are only used when other operational accounts are momentarily disabled as a precaution or rendered inaccessible due to a ransomware assault. 

Install EDR on every endpoint: The fastest method for both public and private sector enterprises to combat the ransomware plague continues to be endpoint detection and response (EDR).
Read more »
Subscribe to: Posts (Atom)