Security – Digital IT News

Trend Micro Empower MSSPs to Elevate SOC Capabilities

Digital IT News Editors — Thu, 24 Aug 2023 21:35:47 +0000

Trend Micro Incorporated announced an extension to its partner program and launched a new offering designed to empower MSSPs, service partners and pure-play managed detection and response (MDR) companies to build or grow their MDR and SOC-as-a-service offerings. The new program will further enable the global ecosystem of MSSP partners that customers rely on amidst a cybersecurity skills shortage.

“Breaches are on the rise, but many global organizations can’t afford the investment of time, resources and staff that a full SOC requires,” said Louise McEvoy, vice president of US channels at Trend. “And those that can often find their analysts frustrated by tool sprawl and overwhelmed by alerts. This opens a lucrative and important opportunity for MSSPs to deliver more value to customers, as long as they can find the right platform to deliver SOCaaS.”

Trend Vision One for Service Providers provides turnkey threat detection and response with extended SOAR capabilities built for managed security service partners, offering multi-tenant SOC capabilities and hundreds of third-party integrations across the IT environment and with other security vendors.

Out-of-the-box value, via incident response playbooks which reduce the need to build custom solutions
Comprehensive, end-to-end SOC technology, from XDR to protection
Improved customer outcomes, with MTTR (mean time to respond, repair, resolve, recover) measured not in weeks but hours
Extensive integrations – hundreds of integrations that offer visibility, analysis and automation across Trend and a wide range of third-party products
Greater SOC inspection and analytics thanks to log inspection and analytics which capture event data from a wide range of sources across the organization, from Trend and third-party solutions
MSSP-ready capabilities – a multi-tenant offering delivered via a single pane of glass

The new Trend Vision One for Service Providers will help managed service partners adopt and scale their SOC/SOCaaS capabilities based on readiness and maturity, to meet the complex requirements of large organizations.

“Trend’s channel-first model means the company is well positioned to address the fast-growing MSSP market,” said Jay McBain, Chief Analyst at Canalys. “Applying their resources beyond technology and into channel-driven services and programs like this latest example will enable them to maintain this standing and better serve customers.”

Partners who sign up to Trend Vision One for Service Providers will also receive industry-leading benefits including:

White-glove onboarding and enablement, leveraging Trend’s industry know-how working with hundreds of SOCs to help partners accelerate adoption and delivery of SOCaaS and MDR
Highly competitive pricing to allow new and existing MSSPs to penetrate the market quicker
Choice of partnership, which means partners can choose the partnership right for their business:
- Fully managed MDR or SOCaaS
- API integration to offer co-managed services for “bring your own technology” clients, where MSSPs help configure and manage Trend SOAR solution deployed on customers’ premises

“As a trusted voice in cybersecurity, Trend has made significant and valuable upgrades to enable a more effective MDR service,” said Randy Watkins, chief technology officer (CTO) for Critical Start. “The Vision One platform addresses the growing demand for risk visibility without increasing the burden on security teams and empowers us to provide superior value to our customers and increase their cyber resilience.”

For more information visit the website here.

Top Security Challenges for Small Organizations is Lack of Budget

The post Trend Micro Empower MSSPs to Elevate SOC Capabilities appeared first on Digital IT News.

MixMode’s Paradigm Partner Program Offers Advanced AI Cybersecurity

Digital IT News Editors — Thu, 24 Aug 2023 20:48:41 +0000

MixMode Inc. announced the MixMode Paradigm Partner Program, giving the world’s top Value Added Resellers (VARs), Managed Service Providers (MSP), Global Systems Integrators (GSIs) and Distributors, access to an advanced cybersecurity platform for real-time threat detection and response. The new program enables MixMode and its partners to meet accelerated demand for solutions that bolster cybersecurity defenses across complex data environments: cloud, on-prem, or hybrid.

“We have launched this channel-first strategy at MixMode to meet the rising demand from enterprise organizations whose technologies are failing them in the fight against cyber threats. MixMode’s patented AI generates an evolving alert framework capable of precise real-time detections, uniquely positioning MixMode and its partners to detect and combat the sophisticated cyber attacks of the 21st century including zero-day attacks and ransomware,” said Mark Rotolo, Chief Revenue Officer. “We are excited to empower our partners to deliver more secure solutions leveraging the MixMode Platform.”

The Paradigm program is structured in three tiers for our reseller partner community to reward deeper engagement and investments in MixMode. As well, MixMode offers a managed service partners’ program powered by the platform’s multi-tenant capabilities, which makes our MSPs more efficient from one console and provides a seamless billing solution so they can help customers fight AI-generated and novel attacks with generative AI.

The key benefits of the newly-launched MixMode Paradigm Partner Program Includes:

Access to the MixMode patented generative AI Platform
Co-marketing investments for market growth
Partner enablement to accelerate our joint support in the field with partners
Access to our newly-launched partner portal with the ability to leverage co-branded vertical technical assets

The MixMode Paradigm Partner Program is designed to open new channels for global customers to harness the breakthrough threat detection and response capabilities MixMode’s patented AI Platform offers for both cloud and on-prem environments. MixMode partners are already seeing service opportunities at around 25% of the total sale, which is driving better margins and overall support for their end-users.

“MixMode gives our clients the ability to detect zero-day attacks and other non-signature-based techniques in the world’s largest datasets before they become a problem,” said Justin Domachowski, CEO and Founder of Defy Security. “This is game-changing protection against increasingly sophisticated adversaries.”

“I’m proud to launch the Paradigm Partner Program and provide our partners with the tools and support they need to take advantage of MixMode’s one-of-a-kind application of generative AI for Cybersecurity threat detection, to benefit and protect our partners’ customers,” said Todd DeBell, VP of Global Channels. “2023 has been a year of investment and growth in MixMode’s channel-first strategy and I am pleased to lead this veteran team of channel professionals. This program enables our partners to quickly leverage the MixMode Platform to deliver advanced threat detection and response at scale to customers across every industry.”

For more information visit the website here.

Knightscope Security Robot Receives Signed Contract

The post MixMode’s Paradigm Partner Program Offers Advanced AI Cybersecurity appeared first on Digital IT News.

Gigamon Deep Observability Pipeline Is Ready To Be Explored

Digital IT News Editors — Fri, 11 Aug 2023 17:17:56 +0000

Gigamon showcases the new security solutions for hybrid cloud infrastructure, highlighting how organizations can eliminate security blind spots.

Gigamon announces the new GigaVUE Cloud Suite, a VMware-certified deep observability pipeline, that acquires, optimizes, and distributes traffic and network-derived intelligence from any virtual machine or container across leading cloud platforms to monitoring and security tools at the VMware Explore event in Las Vegas.

“Working with VMware, we’ve certified our Gigamon Deep Observability Pipeline so mutual customers can gain visibility into all hybrid cloud traffic, regardless whether virtual, container, or multi-cloud, and better leverage their current tooling to secure their hybrid cloud infrastructure.” said Bassam Khan, vice president of product and technical marketing at Gigamon.

As the complexity of hybrid cloud infrastructure continues to grow and organizations look to get the most out of their cloud investments, the deep observability market is forecasted to grow at a 52 percent CAGR and reach $1.9B by 2027. This growth is supported by the recent Gigamon 2023 Hybrid Cloud Security Survey, in which nearly all respondents agree that today cloud security is dependent on gaining visibility across all data-in-motion (96%) and believe that deep observability is an important element of their cloud security (97%).

You can learn more from the experts about the Gigamon Deep Observability Pipeline as it works within the VMware environment to harness actionable network-level intelligence to amplify the power of security and observability tools by visiting the Gigamon website here to schedule a demo.

“As network blind spots continue to grow with increasing lateral and container communications, deep observability has emerged as the foundation for today’s effective security posture,” said Bassam Khan, vice president of product and technical marketing at Gigamon.

Trend Vision One Announced for Optimized Security for Endpoints

The post Gigamon Deep Observability Pipeline Is Ready To Be Explored appeared first on Digital IT News.

IDEMIA ID2Travel Delivers a Biometric Travel Experience

Taylor Graham — Mon, 06 Dec 2021 23:51:56 +0000

IDEMIA I&S North America, the leading identity security and authentication solutions provider, announced the first-of-its-kind travel platform, ID2Travel is launching in North America. ID2Travel is the only interoperable traveler identity platform covering the entire passenger facilitation ecosystem, already proven by IDEMIA and partners around the globe.

Based on identity management and biometric identification, ID2Travel is a passenger facilitation solution that improves the traveler experience to deliver efficient, secure and frictionless travel. The platform is interoperable and can be deployed as part of the airport, airline, port or any travel-based infrastructure, or through IDEMIA’s patented and National Institute of Standards and Technology (NIST)-rated biometric capture solutions. The passenger experience from check-in and across every touchpoint in the travel experience uses identity proofing that leverages mobile enrollment with secured digital credentials on the traveler’s mobile device, biometric devices, and technology back-end services.

“ID2Travel is transforming the entire travel experience,” said Lisa Sullivan, Senior Vice President, Travel and Transport, IDEMIA I&S North America. “Prior to COVID, Americans took approximately 2.3 billion trips, over a one-year period, and this makes the need for the passenger experience to be even more frictionless and seamless as we return to pre-pandemic travel patterns. With that experience and privacy in mind, the timing couldn’t be more ideal to launch our ID2Travel offering in North America to improve passenger flow and maintain a touchless experience, while balancing interoperability throughout the broader travel ecosystem.”

Passengers can enroll using a mobile device from home by scanning a state ID or passport, and then taking a selfie to do a 1:1 match. Once submitted for enrollment, travelers will be able to use biometrics to securely and simply move through the airport to their gate and beyond in their travel experience.

The IDEMIA solution also allows passengers to opt out and remove their enrollment at any time and all data is immediately removed from the system, empowering the traveler to take full control of their personal identity information (PII). IDEMIA is the only company that has successfully delivered a complete biometric enrollment to gate frictionless passenger facilitation solution.

AI Should Be Used to Help Youth Tackle Smartphone Addiction

The post IDEMIA ID2Travel Delivers a Biometric Travel Experience appeared first on Digital IT News.

Organizations Are Prioritizing Cybersecurity Initiatives But Are Dragged Down By Lack Of Fundamentals, New ReliaQuest Study Reveals

Taylor Graham — Thu, 16 Sep 2021 23:30:27 +0000

Open XDR-as-a-Service leader ReliaQuest, in partnership with Ponemon Research, announced publication of a survey report detailing the needs and priorities of cybersecurity leaders in the United States and United Kingdom. The report, “Making Security Possible and Achieving a Risk-oriented Security Posture,” shows that organizations are prioritizing strategic security programs but missing the foundational capabilities they need to make meaningful changes to their security posture. Among the roadblocks to achieving a risk-oriented posture are ineffective security metrics, operational inefficiencies, and the lack of full visibility across their dynamic IT environment.

“This research offers insights into the priorities of security leaders, the day-to-day struggles they face and their ambition to support the business through change,” said Ashok Sankar, Vice President of Product and Solutions Marketing at ReliaQuest. “While it’s positive to see more leaders engaging in strategic approaches to securing their organization, as they look to implement programs like Zero Trust – which can be a multi-year journey – it’s important to keep their energy focused on the fundamentals of cybersecurity. Visibility, metrics and process aren’t sexy, but they are the building blocks of a resilient security program.”

Sankar added: “As organizations seek to digitally transform their business and adapt to hybrid work, it’s critical that security teams are not only aligned on goals, but also have the proper resources to drive resilient security operations, setting the enterprise up for long-term success.”

Key insights include:

Security leaders are committed to a stronger risk-based security posture

57% of respondents are prioritizing securely migrating applications to the cloud.
Almost half (49%) of security leaders are enabling DevSecOps best practices.
48% of organizations surveyed are prioritizing implementing Zero Trust principles as part of their security strategy.

Security teams are not aligned on their security program or metrics

The primary obstacle to implementing an IT security risk management program is a lack of standardized metrics to measure progress (64%), followed by the lack of a risk management strategy and decision-making structure (58%).
58% of respondents say that the lack of a well-defined security and risk management program is what makes their organization most vulnerable to attacks, but only 31% consider developing a risk-reduction program a top security priority.
Only a third (37%) of those surveyed believe that their teams are tracking the right security metrics and that it is easy to communicate them to business executives and board members.
Only about half (49%) rate developing business goal–oriented metrics as one of the top priorities for the next year.

Security teams are inhibited by process and operational inefficiencies

31% of respondents report their security staff spends at least 3 hours a day manually administering and managing (optimization, writing rules, integrating) tools.
The majority (57%) of organizations have one staff member managing more than four tools in their organizations. Only 17% have one staff member assigned to manage a single tool.
52% agree that their team is spending too much time on data collection activities instead of threat detection and analysis.

Poor enterprise-wide visibility is the main culprit behind risk exposure

Only 13% say they have more than 75% visibility across all security tools, including on-premises and the cloud. 69% believe they have less than 50% visibility across all security tools, including on-premises and the cloud.
Only about one-third (36%) say they are measuring visibility across the environment, including on-premises and the cloud.

The full report is available to download here.

Ponemon Research and ReliaQuest will host a webinar to review the findings in greater detail. To register for the online webinar, please visit online experiences.

Methodology
More than 1,000 security leaders were surveyed in the United States (632) and United Kingdom (391) who are familiar with the organizations’ security operations and strategy. Participants in this research are knowledgeable about their organizations’ efforts in attaining a risk-oriented security posture. Most respondents are involved in implementing solutions (61 percent) followed by evaluating solutions (48 percent). The report presents the consolidated U.S. and U.K. research findings.

Image licensed by pexels.com

Survey Finds 76% of Enterprises Have Already Adopted a Multi-Cloud Strategy According to HashiCorp’s Inaugural State of Cloud Strategy

The post Organizations Are Prioritizing Cybersecurity Initiatives But Are Dragged Down By Lack Of Fundamentals, New ReliaQuest Study Reveals appeared first on Digital IT News.

Norton Family Plan Adds New Features to Boost Safety as Parents Send Their Children Back to School

Taylor Graham — Wed, 11 Aug 2021 21:12:55 +0000

NortonLifeLock, a global leader in consumer Cyber Safety, introduced new features to Norton Family that provide an easy, safe and secure way for parents to remotely supervise their children with location-based boundaries and alerts.

“As children of all ages return to school in-person, many parents will want to be aware of their kids’ whereabouts as they spend more time outside the home,” said Gagan Singh, chief product officer at NortonLifeLock. “We’ve added new personalized features to our Norton Family product to help make it easier and more secure for parents to be connected with their children who are on the go.”

Norton has added new features to Norton Family, including:

Favorite Locations: Helps parents establish approved geographic locations as favorite locations. Once set, parents will receive notifications when their child’s device arrives or departs those set locations.
Alert Me: Automatically allows parents to easily stay informed about their child’s location. Parents can set specific dates and times to receive automatic check-in alerts from the location of their child’s device.

With parental controls to address Cyber Safety risks and establish healthy online habits, Norton Family provides a truly holistic solution for parents to help ensure their children are protected and staying safe online. As the school year begins across the country, these parental controls and safety measures are even more important as children spend an increasing amount of time online across multiple devices for education purposes. To help children of all ages stay safe this school year, Norton has provided the following tips for parents to manage cyber risks:

Talk About Cyber Safety Early: A recent study conducted online by The Harris Poll found that Americans think conversations about online safety should start young, with more than 4 in 5 Americans (84%) feeling it’s absolutely essential or very important for parents to teach their children about Cyber Safety. As young children enter school and start to establish their independence, it’s important to provide a basic understanding of online safety by addressing topics like:

The dangers of the internet, including suspicious activity, phishing scams and what to do if something seems unusual. Make it clear that laptops and devices should never be left unattended and that lock screens should be used to add further protection.
Cyberbullying and the dangers of online predators. Parents can set rules that their young children can only chat or game online with people whom they’ve already met in real life.
The importance of creating strong passwords that are not recycled for multiple accounts or are easy to guess.

Digitally-savvy Tweens and Teens Still Need Guidance: Tweens and teens may be more digitally advanced than ever before, but that doesn’t mean they have the best judgment when it comes to staying safe online. Parents of children in this age group can further protect their kids by educating them on the following:

The importance of protecting their identity. It’s important to remind children not to reveal too much information about themselves online. For example, a teen may not think twice about sharing a picture of their license after passing their driver’s test, but that could provide a treasure trove of sensitive and valuable information for identity thieves and cybercriminals.
The importance of keeping privacy settings on to ensure personal information isn’t intercepted by a hacker.
Mitigating risks when connecting to public Wi-Fi. As teens may go to coffee shops or public libraries to complete school assignments individually or in a group setting, make it clear that cybercriminals consider public Wi-Fi an easy access point to get hold of sensitive data and encourage them to take steps to protect their online privacy and security by using a VPN.

Norton Family is available at Norton.com as well as through retail partners including Amazon, Best Buy, NewEgg, and Staples Canada.

To learn more about Norton Family and additional Cyber Safety tips for parents, visit https://us.norton.com/norton-family.

Image licensed by pexels.com

Western Digital Flash Innovations Unlock Powerful New Experiences for Next-Generation 5G Smartphone Users

The post Norton Family Plan Adds New Features to Boost Safety as Parents Send Their Children Back to School appeared first on Digital IT News.

Traceable AI releases the industry’s first free API security solution

Leigh Porter — Tue, 03 Aug 2021 16:24:22 +0000

Traceable AI, announced the introduction of the industry’s first free API security solution. Unique in its offering, Traceable’s free API security solution enables developers and security operations teams to get started improving the API security of their applications without the need for budgetary approval. With this new offering, Traceable AI aims to enable everyone to make progress on solving the API security crisis.

Despite knowing that API security needs to be a critical component of developing their applications, DevOps teams often remain handicapped by inadequate tools and budgets to properly address their needs. This has put the software industry in an API security crisis.

Per the just released Gartner® Hype Cycle for APIs and Business Ecosystems, 2021 report, “Every connected mobile, modern web or cloud-hosted application uses and exposes APIs. These APIs are used to access data and to call application functionality. APIs are easy to expose but difficult to defend. This creates a large and growing attack surface, leading to a growing number of publicized API attacks and breaches. Traditional network and web protection tools do not protect against all the security threats facing APIs, including many of those described in the OWASP API Security Top 10.”

In the report, Gartner further states “Because APIs are typically used for access to data or application functionality, often linked to systems of record, the impact of an API breach can be substantial. Privacy regulations typically require reporting if private data is breached through an insecure API. APIs are easily and intentionally programmable, so a vulnerability can leak large volumes of data. That it can be challenging to separate valid API use from nefarious access raises the risk of blocking valid use.”

Despite frequent high profile breaches such as Peloton and LinkedIn, organizations on average only allocate about 6% of their overall IT spend towards security — leaving them unprepared to manage the explosion of API adoption and the associated security risks.

With the free API security solution offered by Traceable AI, these teams now have the option to use a free enterprise-grade solution to gain visibility, protection, and analytical insights into their APIs.

Powered by its distributed tracing and unsupervised machine learning technologies, Traceable AI addresses these problems by learning the application context and normal behaviors. Unlike Web Application Firewalls (WAFs) that rely on static threat signatures of known attacks, deep API insights and ML enhanced anomaly detection enable the Traceable AI Free tier offering to detect and block known (such as the OWASP Top 10) and unknown threats with no signature tuning yet minimal false positives.

“API security threats are becoming pervasive and increasing in frequency. API security is an emerging field, and application and security teams need to understand how to address this problem unique to their business models. WAFs and API gateways simply aren’t enough to overcome these emerging threats and it’s past time for us to have a real-solution that solves the problem rather than just apply a band-aid. Our free offering introduces API security benefits without the budget pressure that these teams often face. We hope access to it will encourage widespread adoption of API security practices and help teams to truly understand and address API-based security threats,” said Jyoti Bansal, CEO and Co-Founder of Traceable AI.

The self-service deployable free version of Traceable AI includes:

Continuous discovery and inventory of all APIs, including shadow and orphaned APIs
Real-time, automatic API documentation including parameter details, usage patterns, and API changes flagged
Insights into API runtime behavior, including API usage patterns, user details, and where sensitive data is being exposed
Continuously updated API risk scores based on likelihood and impact of abuse
API & web application protection (OWASP Top 10) powered by ML anomaly detection for low false positives without signature maintenance
Real-time API vulnerability detection of API misconfigurations to prevent malicious exploitation by cybercriminals
API performance metrics for establishing normal vs abnormal behavior, including number of calls, call frequency, and error and latency distribution
Block threats based on threat actor, IP range, anomaly detection + signatures

For larger scale environments and more advanced features, Customers can also upgrade to the Team or Enterprise tiers offered by Traceable AI.

One year since the initial company launch, Traceable AI has been deployed in several customer environments, pioneering the way for the adoption of API Security practices. One such customer, Houwzer, provides an end-to-end digital real-estate and mortgage brokerage platform to its clients. It was important for Houwzer to ensure a secure platform to prevent bad actors from gaining unauthorized access to its clients’ private and sensitive information and ensure compliance with all regulatory authorities.

“Houwzer faces a high-stakes threat landscape and an extremely complex regulatory environment. Ensuring data security and compliance is absolutely critical to our business continuity and success,” said Greg Phillips, Chief Technology Officer at Houwzer. “With Traceable AI, we went from blocking zero threats to automatically blocking hundreds of threats. We have been able to secure our customer data, prevent breaches, and it has helped our development and security teams work collaboratively on addressing API based threats. Traceable AI also empowers us to seamlessly comply with 21 different licenses. It’s been a game changer. All this, without hiring a dedicated security team as we scale our business.”

To obtain more features and achieve broader scalability, Traceable AI also offers Team and Enterprise editions. To learn more or to get started with the free solution, visit https://www.traceable.ai/free.

Gartner, ‘Hype Cycle for APIs and Business Ecosystems, 2021’, Mark O’Neill, John Santoro, July 27, 2021

Image licensed by unsplash.com

Gartner Says Four Trends Are Shaping the Future of Public Cloud

The post Traceable AI releases the industry’s first free API security solution appeared first on Digital IT News.

Optiv Security Launches Next-Gen Managed XDR to Stop Threats Earlier in Attack Lifecycle

Leigh Porter — Tue, 03 Aug 2021 16:02:09 +0000

Optiv Security, launched its Managed Extended Detection and Response (MXDR) offering at Black Hat USA 2021. The technology-independent offering enables clients to take rapid and decisive action against today’s most critical cyberattacks and strengthen their security posture.

Optiv Managed XDR is a next-generation tech-enabled service that leverages your existing technology investments and deploys Optiv’s deep expertise to detect, analyze and remediate threats in real time.

“Optiv MXDR brings simplicity, transparency and automation to clients’ environments, enhancing existing defenses to counter known and emerging threats with confidence and speed,” said David Martin, chief services officer for Optiv. “What’s more, we can seamlessly leverage the power of Optiv to extend and layer the offering with a full suite of complementary services like remediation, incident response, threat hunting, and beyond.”

Optiv MXDR is the only managed cloud-based, next-gen advanced threat detection and response service that ingests data across various layers of technologies to correlate, normalize, enrich, and enable automated responses to malicious activity in real-time. By automating incident investigation with actionable insights, organizations can detect threats faster and prioritize which threats to mitigate first, significantly reducing the attack surface.

“We know the threat landscape; both what’s at stake and how to circumvent threat actors while significantly reducing time to detect and respond,” said John Ayers, XDR vice president for Optiv. “We meet clients where they are and customize our continuously managed approach to ease the burden of the unknown and allow teams to detect, respond and remediate threats faster while also automating deeper investigation for future improvements.”

Devo has been named a foundational partner in Optiv MXDR, delivering scalable, cloud-native logging and security analytics via the Devo Platform, enabling full visibility across cloud and on-premise environments for Optiv customers.

“Security teams are eager to learn more about XDR as they look to consolidate their security stack for greater efficiency and accuracy in threat detection and response,” said Ted Julian, SVP of Product at Devo. “Two constraints have always stood in their way: lack of real-time access to historical data, and the inability to collect and analyze the massive data volumes associated with modern operational environments. Devo eliminates these concerns and is uniquely qualified to power solutions like Optiv’s MXDR.”

Optiv delivers threat management solutions to more than 60 percent of Fortune 500 companies. View the complete MXDR service brief and find out how organizations can enhance their security posture with Optiv.

Image licensed by: unsplash.com

Veristor and Network Data Systems Partner to Deliver Services for Managed Secure Networking

The post Optiv Security Launches Next-Gen Managed XDR to Stop Threats Earlier in Attack Lifecycle appeared first on Digital IT News.

Zero Trust Security Framework & The Remote Workforce

Taylor Graham — Tue, 20 Jul 2021 04:56:04 +0000

Zscaler, Inc., the leader in cloud security, released a new study examining the state of IoT devices left on corporate networks during a time when businesses were forced to move to a remote working environment.

The new report, “IoT in the Enterprise: Empty Office Edition,” analyzed over 575 million device transactions and 300,000 IoT-specific malware attacks blocked by Zscaler over the course of two weeks in December 2020 – a 700% increase when compared to pre-pandemic findings. These attacks targeted 553 different device types, including printers, digital signage and smart TVs, all connected to and communicating with corporate IT networks while many employees were working remotely during the COVID-19 pandemic. The Zscaler^TMThreatLabz research team identified the most vulnerable IoT devices, most common attack origins and destinations, and the malware families responsible for the majority of malicious traffic to better help enterprises protect their valuable data.

“For more than a year, most corporate offices have stood mostly abandoned as employees continued to work remotely during the COVID-19 pandemic. However, our service teams noted that despite a lack of employees, enterprise networks were still buzzing with IoT activity,” said Deepen Desai, CISO of Zscaler. “The volume and variety of IoT devices connected to corporate networks is vast and includes everything from musical lamps to IP cameras. Our team saw 76 percent of these devices still communicating on unencrypted plain text channels, meaning that a majority of IoT transactions pose great risk to the business.”

What Devices are Most at Risk?

Out of over half a billion IoT device transactions, Zscaler identified 553 different devices from 212 manufacturers, 65 percent of which fell into three categories: set-top boxes (29 percent), smart TVs (20 percent), and smartwatches (15 percent). The home entertainment & automation category had the greatest variety of unique devices but they accounted for the least number of transactions when compared to manufacturing, enterprise, and healthcare devices.

Most traffic instead came from devices in manufacturing and retail industries – 59 percent of all transactions were from devices in this sector and included 3D printers, geolocation trackers, automotive multimedia systems, data collection terminals like barcode readers, and payment terminals. Enterprise devices were the second most common, accounting for 28 percent of transactions, and healthcare devices followed at nearly 8 percent of traffic.

ThreatLabz also discovered a number of unexpected devices connecting to the cloud, including smart refrigerators and musical lamps that were still sending traffic through corporate networks.

Who’s Responsible?

The ThreatLabz team also looked closely at activities specific to IoT malware tracked in the Zscaler cloud. Volume-wise, a total of 18,000 unique hosts and roughly 900 unique payload deliveries were observed in a 15-day timeframe. Malware families Gafgyt and Mirai were the two most common families encountered by ThreatLabz, accounting for 97 percent of the 900 unique payloads. These two families are known for hijacking devices to create botnets – large networks of private computers that can be controlled as a group to spread malware, overload infrastructure, or send spam.
Who is Being Targeted?

The top three nations targeted by IoT attacks were Ireland (48 percent), the United States (32 percent), and China (14 percent). The majority of compromised IoT devices, nearly 90 percent, were observed sending data back to servers in one of three countries: China (56 percent), the United States (19 percent), or India (14 percent).

How can Organizations Protect Themselves?

As the list of “smart” devices out in the world grows on a daily basis, it’s almost impossible to keep them from entering your organization. Rather than trying to eliminate shadow IT, IT teams should enact access policies that keep these devices from serving as open doors to the most sensitive business data and applications. These policies and strategies can be employed whether or not IT teams (or other employees) are on-premises. ThreatLabz recommends the following tips to mitigate the threat of IoT malware, both on managed and BYOD devices:

Gain visibility into all your network devices. Deploy solutions able to review and analyze network logs to understand all devices communicating across your network and what they do.
Change all default passwords. Password control may not always be possible, but a basic first step for deploying corporate-owned IoT devices should be to update passwords and deploy two-factor authentication.
Update and patch regularly. Many industries—particularly manufacturing and healthcare—rely on IoT devices for their day-to-day workflows. Make sure you stay apprised of any new vulnerabilities that are discovered, and that you keep device security up-to-date with the latest patches.
Implement a zero trust security architecture. Enforce strict policies for your corporate assets so that users and devices can access only what they need, and only after authentication. Restrict communication to relevant IPs, ASNs, and ports needed for external access. Unsanctioned IoT devices that require internet access should go through traffic inspection and be blocked from all corporate data, ideally through a proxy. The only way to stop shadow IoT devices from posing a threat to corporate networks is to eliminate implicit-trust policies and tightly control access to sensitive data using dynamic identity-based authentication – also known as zero trust.

About Zscaler ThreatLabz

The Zscaler ThreatLabz research team consists of security experts, researchers, and network engineers responsible for analyzing and eliminating threats across the Zscaler security cloud and investigating the global threat landscape. The team shares its research and cloud data with the industry at large to help promote a safer internet.

All data presented in this report is sourced directly from the Zscaler platform, which facilitates over 160 billion transactions daily. The data for this report was collected between December 15th and December 31, 2020, and only represents devices and attacks on corporate networks in physical office locations. ThreatLabz observed approximately 300,000 blocked transactions related to IoT malware, exploits, and command-and-control communications, including a total of 18,000 unique hosts and roughly 900 unique payload deliveries in this 15-day timeframe.

For more information, including access to the full report, please see “IoT in the Enterprise: Empty Office Edition.”

Image licensed by pixabay.com

Internet of Things (IoT) Security Market will Accelerate at a CAGR of over 30%|Technavio

The post Zero Trust Security Framework & The Remote Workforce appeared first on Digital IT News.

Palo Alto Networks Introduces Complete Zero Trust Network Security

Taylor Graham — Wed, 26 May 2021 08:27:23 +0000

Palo Alto Networks, a leader in The Forrester Wave: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020, introduced five key innovations that make it easier for customers to adopt Zero Trust across their network security stack.

The introductions of SaaS Security, Advanced URL Filtering, DNS Security, Cloud Identity Engine, and new ML-Powered Firewalls allow organizations to easily and effectively implement Zero Trust Network Security with four key benefits:

Secure access to the right applications: The first integrated Cloud Access Security Broker (CASB) that allows customers to proactively extend secure access to all SaaS applications, including those never seen before.
Secure access for the right users: The industry’s first Cloud Identity Engine allows customers to easily authenticate and authorize their users across enterprise networks, clouds and applications, irrespective of where their identity stores live.
Enhanced security: The Advanced URL Filtering service offers industry-first prevention of zero-day web attacks with inline machine learning capabilities. The expanded DNS Security capabilities prevent emerging DNS attacks that no other solution protects against.
Making secure access universally available: These new capabilities are designed to be available on all firewall form factors: hardware, software and cloud-delivered, making safe access universally available, regardless of where users are located. In addition to the existing firewalls, these innovations will run on new ML-Powered Next-Generation Firewall models to enable Zero Trust Network Security across your enterprise — from the smallest branch offices (with the PA-400 Series) to the largest campuses and hyperscale data centers (with the PA-5450 platform).

“The Palo Alto Networks SaaS Security solution is straightforward to deploy. We are leveraging the solution’s enterprise-class capabilities to protect data across all of our corporate SaaS applications,” said Bobby Wilkins, vice president of cybersecurity, Caesars Entertainment Corporation.

“At Takeda, we believe in better health for people and a brighter future for the world, and having the right cybersecurity partner is critical for achieving that vision. The breadth of innovation in this release has convinced me Palo Alto Networks will continue to play a vital role in how we securely enable the translation of science into life-changing medicines,” said Michael Towers, CISO, Takeda Pharmaceutical North America.

“Our customers across the spectrum want the same visibility into unknown threats and context-based policies that are the mark of advanced security postures. The latest release of Palo Alto Networks ML-driven Next-Generation Firewalls brings the performance and modern capabilities that will help us to bring innovative cybersecurity solutions to any business, large or small,” said Tom Cahill, vice-president, Product and Partner Management, CDW.

“With the same ML-driven capabilities WWT and Palo Alto Networks deliver to large enterprises and service providers, the new Next-Generation Firewall form factors, out-of-the-box readiness, and security innovations will now enable us to deliver best-in-class cybersecurity solutions to a broad segment of mid-size enterprises and smaller businesses,” said Greg Schoeny, vice president, Services and Strategic Solutions at World Wide Technology.

Availability
Most of the hardware and all of the new features will be available in June. The smallest desktop firewall, the PA-410, will be available in late summer.

More Information
An overview of the ML-Powered NGFW platform and its new capabilities is available here. Join the virtual launch event series starting on June 9, 2021, to learn more.

Image licensed by Pixabay.com

Zscaler Advances Zero Trust Security for the Digital Business Disrupting Decades of Legacy IT Security and Networking Models

The post Palo Alto Networks Introduces Complete Zero Trust Network Security appeared first on Digital IT News.