Category: Uncategorized

Cortex Copilot – Another Step Forward in SOC Transformation

Post author By elinks
Post date January 13, 2025

Cortex Copilot - Another Step Forward in SOC Transformation

When Incidents Pile Up, You Need A Way Out

Security operations is hard. End-to-end attacks—from compromise to impact—happen in a matter of hours. This requires security analysts to quickly identify and remediate threats before significant impact can happen. However, the time it takes to respond highly depends on an analyst’s skills and experience with the tools they use. Even for experienced analysts, the need to collect various artifacts and navigate different capabilities across a security tool can eat away precious time.

When analysts are on their own, figuring out where to start and which actions to take can significantly slow incident response times. Incidents pile up and analysts get stuck in a reactive vortex that is hard to escape. This vortex is the reality for the majority of security teams, leaving no time for proactive activities that help stay ahead of new threats.

In security operations, analysts need every advantage they can get to remain one step ahead of the attacker. This is why we created Cortex Copilot.

Cortex Copilot – Another Step Forward in SOC Transformation

Back on May 7, Palo Alto Networks announced a wave of new security solutions powered by Precision AI™. These solutions help solve various security challenges for organizations, including how SOCs respond to cyberthreats. To support this, we previously announced the private beta of Cortex Copilot, an advanced security operations AI assistant.

Over the last five months, we have partnered with mature security teams in different industries to test it in real-world scenarios and learn from their experiences. Numerous users at these organizations leveraged Cortex Copilot to investigate incidents, harden defenses, and hunt for threats in their environment. Along the way, they have provided feedback, which we use to enhance capabilities and overall user experience. One theme that immediately became clear is that Cortex Copilot helped streamline security operations for our customers.

Today, we are excited to announce the general availability (GA) of Cortex Copilot to all our customers. This is a key step in transforming how the SOC drives improved security outcomes. With this GA release, Cortex Copilot will be available to all Cortex XSIAM customers, accessible from anywhere in the product, Customers will be notified in-product once this capability has been activated – free of charge.

Empowering the SOC Analyst

Cortex Copilot is an advanced security operations assistant designed to change how analysts work in security tools. This powerful tool empowers security analysts to reenvision threat detection and response by providing context and step-by-step guidance throughout their day-to-day work. And that, in turn, enables them to move faster, resolve incidents sooner, and proactively hunt for threats.

“According to ESG Research, 45% report that Security Operations are more difficult today than two years ago. Despite the many automated security tools in use, the SecOps process is fraught with tedious, time-consuming tasks, as analysts race with the adversary to identify and stop attacks before objectives can be carried out. GenAI assisted tools, such as Palo Alto Networks’ Cortex Copilot, can automate many of these manual activities, accelerating response while helping to guide the investigation and response process for both junior and senior security analysts..” – Dave Gruber, Principal Cybersecurity Analyst at Enterprise Strategy Group

With Cortex Copilot, SOC teams can accomplish three primary objectives:

1. Speed Up Investigations

Analysts can utilize Cortex Copilot within Cortex XSIAM to examine new incidents, explore impacted systems and users, and pinpoint signs of compromise without toggling between screens. Incident details, such as indicators of compromise, are automatically enriched with threat intelligence.

Additionally, Cortex Copilot will suggest investigation and response actions such as running queries or isolating systems. For example, when an analyst asks a question like “What processes are running on client-02?”, Cortex Copilot will automatically provide the recommended appropriate query, saving the analyst valuable time.

Image 1: Cortex Copilot automatically recommends queries based on the question.

Image 2: Cortex Copilot automatically recommends the necessary XQL query and prepopulates required parameters, saving the analyst time.

2. Optimize Analyst Workflow

Cortex Copilot enables analysts to stay more productive by suggesting in-context actions, helping them get the most out of XSIAM’s capabilities. When an analyst provides a prompt, such as asking a question about a system or user name, Cortex Copilot automatically recognizes it and populates relevant details. Additionally, Cortex Copilot will recommend context-appropriate actions based on the prompt. For example, if the question includes a system name, response actions like isolating the system or initiating a live terminal will be presented.

Image 3: Cortex Copilot recommends appropriate response actions based on the system name prompt.

Copilot also helps analysts with support issues or product-related questions. Instead of searching through product documentation for answers, analysts can ask Cortex Copilot for summarized information about a topic, reducing the overall learning curve and enabling new analysts to contribute immediately.

Image 4: Cortex Copilot answers a support question and links to relevant documentation from the Cortex Help Center.

3. Democratize Threat Hunting

Cortex Copilot empowers analysts of diverse skill levels to conduct comprehensive threat detection by simplifying searches across data sources and guiding them through hunting actions. It suggests potential actions such as enabling the execution of advanced queries, examining attack chains, and enhancing security protections. This empowers analysts to uncover advanced threats and proactively improve overall security effectiveness.

Analysts can proactively search for suspicious activity throughout the environment. For example, an analyst may ask Cortex Copilot to “Show rare new services created in the last 24 hours.” With this analyst prompt, Cortex Copilot will suggest relevant queries that can be executed.

Image 5: Cortex Copilot helps with threat hunting by writing complex queries for the analyst.

If the analyst finds something suspicious, such as a malicious file, they can immediately take action in Cortex Copilot. This proactively strengthens an organization’s security posture every day.

Image 6: Cortex Copilot enables analysts to add a malicious hash to a block list.

Cortex Copilot is transforming the way security analysts work in the SOC by changing how they interact with Cortex XSIAM, and helping them to make decisions even faster.

Cortex Copilot Results in the Real-World

During the private beta of Cortex Copilot, we spent five months working with over 100 security analysts. These analysts work for security teams facing the most sophisticated security challenges and represent organizations from high technology, healthcare, and financial services. We asked them to test Cortex Copilot by using it in real-world scenarios, from asking product questions, to getting support, investigating incidents, and crafting complex hunting queries.

We’re excited to see that Cortex Copilot is already delivering on its promise of transforming the way analysts work by allowing them to take security actions in one place.

Cortex Copilot is a great one-stop-shop to quickly investigate and take action on incident artifacts.
– Zachary Ivins, Principal Security Analyst, HealthPartners

Cortex Copilot simplifies analyst investigations:

Adopting Cortex Copilot within security operations centers has proven to be a significant step forward in SOC transformation. During the private beta phase, 60% of users used Cortex Copilot to simplify and accelerate security actions, like running advanced queries.

Cortex Copilot accelerates tasks:

Nearly half of the beta users trusted their Copilot to take security actions on their behalf. The data further demonstrated the value of adding Cortex Copilot to the normal workflow, with nearly 70% of users continuing to leverage it week-over-week during the private beta period.

What’s Next for Cortex Copilot?

In the fast-paced world of security operations, early results show that Cortex Copilot is emerging as a true partner for the SOC analyst. Designed to empower security analysts and transform threat detection and response, this advanced AI assistant streamlines investigations, optimizes workflow, and democratizes threat hunting. By providing context, step-by-step guidance, and automating certain actions, Cortex Copilot enables analysts to stay one step ahead of threats and quickly respond to incidents. This further enhances an organization’s security posture in today’s cybersecurity landscape.

As we move forward, Cortex Copilot will continue to integrate into more SOC workflows. The possibilities for future capabilities and use cases are endless – faster response, improved actions with automation, and more. While available in XSIAM today, Cortex Copilot will extend across the Cortex platform, enabling more workflows for endpoint security, automation, attack surface management, and more.

To learn more about Cortex Copilot visit the Cortex XSIAM page, download the Cortex Copilot Datasheet, or speak to your account manager. If you missed it, check out our Prepare for a Brand-New Fight virtual event, where Nikesh Arora, CEO of Palo Alto Networks, details how security professionals should prepare for cybersecurity’s AI inflection point.

info@elinksgroup.com

Uncategorized

Cisco’s 2024 AI Readiness Index: Urgency Rises, Readiness Falls

Post author By elinks
Post date December 10, 2024

Cisco's 2024 AI Readiness Index: Urgency Rises, Readiness Falls

News Summary:

Leaders feel the pressure; 98% report increased urgency to deliver on AI and 85% believe they have less than 18 months to act.
Networks are not equipped to meet AI workloads; only 21% of companies report having the necessary GPUs to meet current and future AI demands.
Only 13% say they are fully ready to capture AI’s potential – down from 14% last year.

SAN JOSE, Calif., Nov. 19, 2024— Cisco (NASDAQ: CSCO), the worldwide leader in networking and security, today announced the findings from the second annual AI Readiness Index. The report explores how prepared organizations are to invest in, deploy and use AI. Nearly eight thousand organizations took part in the report.

Most notably, the report highlights a huge chasm between the urgency companies feel to deploy AI and their readiness to do so. Nearly all companies (98%) report the urgency to deploy AI has increased in the last year. However, the research found that from 2023 to 2024, global AI readiness in the enterprise has actually declined. Only 13% of companies today are fully ready to capture AI’s potential – down from 14% a year ago. Given the rapid market evolution and the significant impact AI is anticipated to have on businesses, this gap between urgency and ability is especially startling.

“Eventually there will be only two kinds of companies: those that are AI companies, and those that are irrelevant. AI is making us rethink power requirements, compute needs, high-performance connectivity inside and between data centers, data requirements, security and more,” said Jeetu Patel, Chief Product Officer at Cisco. “Regardless of where they are on their AI journey, organizations need to be preparing existing data centers and cloud strategies for changing requirements, and have a plan for how to adopt AI, with agility and resilience, as strategies evolve.”

Key Findings

Alongside the finding that only 13% of companies are fully prepared to implement their AI strategies, some of the most significant findings include: 

URGENCY: Companies feel they only have 18 months to showcase the impact of AI. Nearly all (85%) companies say they only have 18 months to start demonstrating the impact of AI. More than half (59%) give it only 12 months.
STRATEGY: Companies agree that AI cannot be deployed effectively in an organization without a clear strategy. Cybersecurity is the top priority for AI deployment with 42% of respondents having achieved advanced security deployment. Infrastructure follows at 40%, and data analysis and data management tied for third at 39%.
INVESTMENT: Companies are doubling down on AI despite lukewarm results from current AI projects. In the next five years, respondents anticipate that roughly 30% of IT budgets will be dedicated to AI, nearly double what it is today. Close to half of companies say AI implementations across top priorities have fallen short of expectations this year, yet 59% believe the impact from AI investments will surpass expectations after five years.
INFRASTRUCTURE: Networks are not equipped to meet AI workloads. The largest decline was in infrastructure readiness, with gaps in compute, data center network performance, and cybersecurity, amongst other areas. Only 21% of organizations have the necessary GPUs to meet current and future AI demands and 30% have the capabilities to protect data in AI models with end–to–end encryption, security audits, continuous monitoring and instant threat response.
DATA: Companies report feeling less ready to manage data effectively for AI initiatives, compared to a year ago. Nearly a third (32%) of respondents report high readiness from a data perspective to adapt, deploy and fully leverage AI technologies. Most companies (80%) report inconsistencies or shortcomings in the pre-processing and cleaning of data for AI projects. This remains almost as high as a year ago (81%). Additionally, 64% report that they feel there is room for improvement in tracking the origins of data.
TALENT: A lack of skilled talent is a top challenge across infrastructure, data, and governance, underscoring the critical need for skilled professionals to drive AI initiatives. Only 31% of organizations claim their talent is at a high state of readiness to fully leverage AI. Twenty-four percent say their organizations are under resourced in terms of in-house talent necessary for successful AI deployment. Twenty-four percent of all respondents also say that there is not enough talent available in their sector with the right skillsets to address the growing demand for AI.
GOVERNANCE: Effective AI governance is more crucial than ever, yet respondents feel that it has become more difficult. When asked about the comprehensiveness of their organizations’ AI policies and protocols, 31% of the organizations said they are highly comprehensive. Fifty-one percent of respondents identified “the lack of talent with expertise in AI governance, law and ethics in the market” as a challenge in improving their readiness from the governance perspective.
CULTURE: There has been a noticeable reduction in cultural readiness to embrace AI. A lack of receptiveness to AI’s changes has contributed to the decline in cultural readiness: boards have become less receptive to embracing the transformative power of AI, with 66% of them being highly or moderately receptive, down from 82% last year while 30% of organizations report employees are limited in their willingness to adopt AI or are outright resistant.

Cisco AI Readiness Index:

The Cisco AI Readiness Index is conducted by an independent third-party and based on a double-blind survey of 7,985 senior business leaders, with responsibility for AI integration and deployment at organizations across 30 markets with 500 or more employees. The Index assessed respondents’ AI readiness across six key pillars: strategy, infrastructure, data, talent, governance and culture.

Companies were examined on 49 different metrics across these six pillars to determine a readiness score for each, as well as an overall readiness score for the respondents’ organization. Each indicator was assigned an individual weightage based on its relative importance to achieving readiness for the applicable pillar. Based on their overall score, Cisco has identified four groups at different levels of organizational readiness – Pacesetters (fully prepared), Chasers (moderately prepared), Followers (limited preparedness) and Laggards (unprepared).

info@elinksgroup.com

Uncategorized

Fortinet Achieves the Highest Possible “AAA” Rating on the Industry’s Only Independent, Third-Party Security Service Edge Test

Post author By elinks
Post date December 10, 2024

Fortinet Achieves the Highest Possible “AAA” Rating on the Industry’s Only Independent, Third-Party Security Service Edge Test

News Summary

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced its Security Service Edge (SSE) offering, FortiSASE, received a “AAA” rating from CyberRatings.org, the industry’s only independent third-party cybersecurity testing nonprofit.

“SSE is growing in importance as more organizations embrace Unified SASE to protect all devices, edges, and users within their hybrid networks,” said Nirav Shah, SVP Products and Solutions, Fortinet. “CyberRatings’s third-party testing provides customers with the transparency they need to make informed product decisions, including selecting the best SSE solution for their needs. Fortinet’s high-performing score for SSE showcases our continued commitment to delivering advanced and effective security for the hybrid workforce and support for independent, unbiased third-party testing.”

Superior Performance Across All Test Categories

FortiSASE delivers comprehensive, cloud-based security with the industry’s most flexible connectivity options. During CyberRatings testing, it received the highest “AAA” rating across all four categories: Exploits, Malware, Evasions, and TLS/SSL Functionality. These results illustrate the solution’s strong threat protection, seamless TLS/SSL decryption, and minimal performance impact.

Evasions, Exploits, and Malware: FortiSASE achieved a perfect score in the Evasion category (100%) and a near-perfect score in both the Exploit (99.02%) and Malware (99.5%) categories against a sophisticated threat repository. FortiSASE leverages AI-powered threat intelligence, sandboxing, and behavioral analysis to identify and block known and unknown advanced attacks.
TLS/SSL Functionality: FortiSASE demonstrated full compatibility and decryption capabilities with prevalent TLS/SSL configurations, including TLS 1.2 and 1.3 cipher suites. This enables secure communication and allows for deep inspection of encrypted traffic to prevent data leakage and identify threats hidden within encrypted channels without complex configurations.
Performance: Throughout testing, FortiSASE had minimal impact on network throughput, even under high load conditions, for both clear text (HTTP) and encrypted (HTTPS) traffic. FortiSASE leverages high-performance hardware and optimized software architecture to minimize latency and maximize throughput, ensuring it has little impact on network performance and delivers a smooth user experience even with robust security features enabled.

Recognized in Cloud-Delivered Security

FortiSASE provides secure access to websites and applications for all users and devices no matter their location through comprehensive cloud-delivered security services, including Firewall-as-a-Service, secure web gateway, cloud access security broker, universal zero-trust network access, and FortiGuard AI-Powered Security Services. Because it’s built on the unified Fortinet operating system, FortiOS, and is a part of the Fortinet Security Fabric, FortiSASE integrates seamlessly with Fortinet Secure SD-WAN to provide Unified SASE.

Fortinet was named a Challenger in the 2024 Gartner® Magic Quadrant™ for SSE and was recognized for the second time in the 2024 Gartner Peer Insights™ Customer Choice for SSE. We believe these third-party recognitions further highlight the strength and efficacy of the FortiSASE solution.

Supporting Quote

We pride ourselves for putting solutions through the wringer and conducting the most thorough testing available today. FortiSASE detected and blocked thousands of exploits, malware, and evasion tactics while securing traffic and maintaining efficient performance. We have no doubt that FortiSASE is an effective solution with robust security features and recommend it to any organization in need of a comprehensive SSE solution.

– Vikram Phatak, Chief Executive Officer of CyberRatings.org

Download the full 2024 CyberRatings.org Security Service Edge Report on FortiSASE here.

info@elinksgroup.com

Uncategorized

Bitdefender Enhances its Extended Detection and Response (XDR) Capabilities for Protecting Business Data in the Cloud

Post author By elinks
Post date December 10, 2024

Bitdefender Enhances its Extended Detection and Response (XDR) Capabilities for Protecting Business Data in the Cloud

New XDR Sensor Addresses Critical Cybersecurity Challenges of Monitoring, Detecting and Responding to Security Events from Cloud-Based Productivity and Collaboration Applications

BUCHAREST, Romania and SANTA CLARA, Calif. — Bitdefender, a global cybersecurity leader, today announced enhancements to its GravityZone XDR platform with the addition of its new Business Applications sensor, designed to protect corporate data hosted and stored in cloud-based productivity and collaboration applications. The sensor will initially support Atlassian cloud applications including Confluence, Jira, and Bitbucket, with plans to extend to other popular software-as-a-service (SaaS) platforms frequently used in business operations.

“XDR provides organizations with the visibility needed to monitor, correlate, and respond quickly to security events across their entire footprint,” said Mike Jude, research director at IDC. “With its latest advancements, Bitdefender addresses a major challenge—balancing the operational benefits of cloud-based applications and the need to maintain robust security and reduce risks as the attack surface continues to expand.”

A global survey of 1,200 cybersecurity professionals revealed that extending security capabilities across diverse and expanding environments is a top challenge for organizations. In addition, over half (56%) of respondents admitted they do not regularly audit or assess risks across cloud infrastructures, potentially leaving business data and critical assets exposed to cyberattacks.

As organizations use cloud-based productivity platforms like Atlassian, Microsoft 365, Google Workspace and others to drive operational efficiency and lower costs, they also increase their exposure to cyber risks. SaaS environments, which store vast amounts of information, have become prime targets for cybercriminals seeking to steal trade secrets, encrypt data for ransom, inject malicious code, or conduct espionage. These incidents often lead to privacy violations, disruptions to business operations, and severe financial losses.

The Business Applications sensor is the latest enhancement for GravityZone XDR, Bitdefender’s native XDR platform built to deliver rich security context, correlate disparate alerts, provide out-of-the-box analytics, and enable rapid incident triage and attack containment through automated and guided responses. GravityZone XDR increases threat visibility across infrastructure, cloud workloads, identities and applications by unifying and associating data from multiple sources into single, actionable organization-level incidents.

Once integrated into an Atlassian cloud environment the Business Applications sensor allows organizations to monitor and analyze security events stemming from Atlassian applications, baseline and detect unusual behavior, and immediately restrict access for suspicious users. With the addition of these capabilities, Bitdefender becomes one of the first cybersecurity providers to offer comprehensive prevention, protection, detection and response across all major attack surfaces covering endpoints, identity, productivity, network, mobile devices and cloud environments.

“Cyberattacks have become complex and multifaceted, with threat actors now targeting widely used business applications to gain a foothold and breach organizations,” stated Andrei Florescu, president and general manager, Bitdefender Business Solutions Group. “With the addition of our new sensor, we have extended GravityZone XDR capabilities to provide to more than 300,000 businesses using Atlassian productivity tools with a robust solution for protecting business data, enhancing security visibility, and maximizing security team efficiency.”

The Business Applications sensor for GravityZone XDR is available now. For more information, visit here.

info@elinksgroup.com

Uncategorized

Understanding the Microsoft CrowdStrike Outage: Key Insights

Post author By elinks
Post date July 23, 2024
No Comments on Understanding the Microsoft CrowdStrike Outage: Key Insights

Understanding the Microsoft CrowdStrike Outage: Key Insights

In our highly connected world, even the big players in cybersecurity like Microsoft and CrowdStrike can hit a bump in the road. When they face an outage, it’s a big deal because it shows that even top-notch systems have their weak spots. This reminds us all just how crucial strong cybersecurity is for keeping our data and services safe from sophisticated threats.

Let’s break down what happened with the Microsoft CrowdStrike outage, how it impacted the world, and what steps were taken to fix it. By understanding these details, we can better grasp the challenges of managing cybersecurity in our digital age.

What Happened: Understanding the Outage

Overview of the Incident

The Microsoft CrowdStrike outage was a major event that kicked off early on a Friday. The trouble started with a software update from CrowdStrike, targeting their Falcon sensor security software on Microsoft Windows. This update caused widespread “blue screens of death,” those infamous error screens on Windows.

Details of the Affected Updates

CrowdStrike’s update was supposed to enhance the Falcon sensor’s ability to detect new cyber threats. Instead, it had a logic error triggered by a routine sensor configuration update. This update rolled out just after midnight EST on Friday and led to system crashes.

Immediate Impacts Detected

The effects were severe and widespread, hitting various sectors globally. Critical services like air travel faced massive disruptions, with thousands of flights canceled and delays piling up. The healthcare sector was also hit hard, with some surgeries postponed and emergency services experiencing outages. This incident highlighted how essential cybersecurity software is to our modern digital infrastructure.

Global Impact of the Incident

The Microsoft CrowdStrike outage had a far-reaching impact, affecting multiple sectors and regions. Here’s a closer look:

Affected Sectors (airlines, healthcare, financial services)

The airline industry was hit particularly hard, with over 4,295 flights canceled globally, causing chaos at airports. Healthcare systems like Mass General Brigham and Emory Healthcare had to postpone services and revert to manual systems. Financial services also suffered, with disruptions in payment systems and customer access at banks worldwide.

Geographical Spread of the Outages

This wasn’t just a local issue—it affected services across the U.S., Canada, the UK, Europe, and Asia. Major U.S. cities saw disruptions in healthcare and public transportation, while the UK’s National Health Service faced setbacks in managing patient records and appointments.

Operational Consequences on Businesses

Businesses worldwide faced operational hurdles. Amazon warehouse employees struggled with schedule management, and Starbucks temporarily closed stores due to mobile ordering issues. Big corporations like FedEx and UPS reported substantial disruptions affecting logistics and deliveries. This outage underscored how crucial stable and secure IT infrastructures are for modern businesses.

Responses from CrowdStrike and Microsoft

Statements from CrowdStrike and Microsoft Executives

CrowdStrike’s CEO apologized for the disruption and assured that they had identified and fixed the issue, focusing on restoring customer systems. Microsoft deployed experts to work with affected customers and collaborated with other cloud providers to mitigate the impact.

Technical Steps Taken to Resolve the Issue

CrowdStrike pinpointed the problematic update and reverted changes to stabilize systems. Microsoft provided manual remediation documentation and scripts and updated the Azure Status Dashboard to keep customers informed. Both companies mobilized full resources to address the issue quickly.

Customer Communication and Support Efforts

CrowdStrike used their support portal and official channels to update customers and recommended specific remediation steps. Microsoft shared updates and solutions through official platforms to ensure widespread awareness and swift resolution. CrowdStrike also provided guidelines on their blog and support portal for further assistance.

Challenges and Recovery Efforts

Technical challenges in the recovery process

Recovery was tough due to the need for manual remediation of many devices. A critical issue was the lack of a phased rollout of updates, which would usually help reduce the impact. Companies deployed hundreds of engineers to work directly with affected systems and used specific recovery tools to restore PCs.

Cloud vs. on-premises remediation

Addressing issues in cloud environments like AWS, Azure, and GCP involved unique challenges compared to traditional on-premises systems. Cloud platforms don’t support conventional recovery methods like “safe mode,” requiring administrators to use more complex procedures to resolve issues.

The role of BitLocker in recovery

BitLocker, Microsoft’s disk encryption technology, played a dual role. While it provided essential security, it also complicated recovery efforts by requiring access to the BitLocker Recovery Key to manage disks securely.

Learning from the CrowdStrike Outage: Enhancing Disaster Recovery Plans

The recent CrowdStrike outage teaches an important lesson for all organizations: the need for a solid disaster recovery (DR) strategy. This incident reminded us that in today’s digital world, no system is immune to disruptions. Whether it’s due to cyberattacks, technical issues, or natural disasters, having an effective DR plan is crucial for maintaining business continuity and minimizing downtime.

Here are a few key takeaways for bolstering your disaster recovery plans:

Practice Regular DR Drills and Update/Review Plans Continuously: Run simulations of possible outage scenarios to test your response strategies and find any weaknesses and regularly review your DR plans to adjust to new threats
Backup Essential Data: Regularly back up all crucial data and store it in multiple locations.
Have a Failover Plan: Determine your failback plan to get back to your production environment

Stay Vigilant: Scammers Exploit Chaos During Outages

The outage also shined a light on another big problem: opportunistic scammers. While CrowdStrike was handling the chaos, scammers swooped in to take advantage of the situation, making things even more complicated for businesses. This really drives home the point that we need not only a solid DR plan but also strong cybersecurity measures to protect against these kinds of threats when we’re most vulnerable.

Key Takeaways and Future Directions

This outage showed just how dependent we are on digital infrastructures and the critical need for robust cybersecurity measures. It highlighted the importance of rapid response mechanisms, effective customer communication, and ongoing innovation in cybersecurity practices.

As we continue to navigate the digital world, this event underscores the significance of preparedness and resilience. It’s a call to enhance cybersecurity protocols and collaborate to build a more resilient digital ecosystem, ensuring we’re ready for any future threats.

FAQs

1. What sectors were impacted by the CrowdStrike outage?
The CrowdStrike outage had a broad impact, affecting various major business sectors globally. Notably, it caused significant disruptions at airports, leading to severe delays and cancelations of flights, as the computers essential for these services were compromised.

2. Was the Microsoft outage caused by CrowdStrike?
Yes, the global outage experienced by Microsoft on Thursday was triggered by an issue with CrowdStrike’s Falcon Sensor software. This problem led to widespread disruptions and caused the ‘Blue Screen of Death’ to appear on Windows PCs.

3. What were the effects of the Microsoft outage?
The Microsoft outage led to substantial disruptions across numerous sectors. It resulted in flight delays and cancelations, and affected critical services in hospitals, banks, supermarkets, and millions of other businesses.

4. What does CrowdStrike Falcon® Insight XDR do?
CrowdStrike Falcon® Insight XDR is the Endpoint Detection and Response (EDR) component of the CrowdStrike Falcon® endpoint protection platform. It functions similarly to a DVR for endpoints, continuously recording activities to detect and address incidents that bypassed initial preventive measures.

info@elinksgroup.com

Uncategorized

Bitdefender Expands Arrow Electronics Collaboration with Powerful Subscription-Based Cybersecurity Solutions for Businesses

Post author By elinks
Post date July 23, 2024
No Comments on Bitdefender Expands Arrow Electronics Collaboration with Powerful Subscription-Based Cybersecurity Solutions for Businesses

Bitdefender Expands Arrow Electronics Collaboration with Powerful Subscription-Based Cybersecurity Solutions for Businesses

Extended Collaboration Delivers Advanced Threat Prevention, Detection and Response Solutions, Including XDR and MDR, to Organizations Across Key European Markets

BUCHAREST, Romania, SANTA CLARA, Calif. – Bitdefender, a global cybersecurity leader, today announced it has expanded its collaboration with Arrow Electronics to deliver a broader range of powerful threat prevention, detection and response solutions to managed service providers (MSPs) and their customers.

Through the extended cooperation Arrow will shift to a subscription-based model with Bitdefender, offering Bitdefender’s full MSP product portfolio on a pay-as-you-go basis to customers in U.K., France, Germany, Luxembourg, Belgium and the Netherlands.

“Businesses must leverage every possible advantage to keep pace with the latest malware and techniques cybercriminals use to exploit systems and breach environments,” said Richard Tallman, senior director, worldwide MSP and cloud at Bitdefender Business Solutions Group. “Our expanded collaboration with Arrow gives their customers an optimal path for stopping cyberattacks through powerful threat prevention, detection and response in a turnkey package and service flexibility they prefer.”

Arrow has incorporated Bitdefender GravityZone Cloud MSP Security Solutions, a dedicated security suite designed specifically for MSPs, into ArrowSphere Cloud, the company’s cloud delivery and management platform which provides on-demand security solutions, including advanced endpoint protection, Extended Detection and Response (XDR) and 24×7 Managed Detection and Response (MDR) services. Once a business submits an order in ArrowSphere Cloud, solutions are provisioned and running in minutes.

Bitdefender security solutions deliver a multi-layered approach to security via system hardening to help stop threats at the door, all the way through threat detection and response, including human-led threat hunting. The company’s products and services are driven by its extensive network of hundreds of millions of sensors continuously collecting threat data worldwide and fed to its array of interconnected Security Operation Centers (SOCs) staffed with highly skilled security analysts, threat hunters and investigators who detect, verify, contain and eliminate threats as they occur.

Bitdefender user and Arrow channel partner Mike Dumange, infrastructure and systems consultant at TDI Services stated, “To help our clients truly achieve digital transformation, they have to trust that their service provider is fully protecting their systems against escalating threats. Working with the professional team at Arrow and integrating Bitdefender’s comprehensive, flexible security solutions into our MDR Managed SOC offering allows us to optimize our clients’ engagements.”

For more information about cybersecurity solutions offered through Arrow and Bitdefender visit https://www.bitdefender.com/business/products/mdr-for-msp.html.

info@elinksgroup.com

Uncategorized

Palo Alto Networks Unit 42 Named a Leader in Cybersecurity Incident Response Services

Post author By elinks
Post date July 23, 2024
No Comments on Palo Alto Networks Unit 42 Named a Leader in Cybersecurity Incident Response Services

Palo Alto Networks Unit 42 Named a Leader in Cybersecurity Incident Response Services

Unit 42 receives highest possible scores in nine criteria including Innovation, Technology, Threat Intelligence, Cloud Environments, and IR Leadership and Team Structure

SANTA CLARA, Calif., June 10, 2024 /PRNewswire/ — Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today announced Palo Alto Networks^® Unit 42^® has been named as a Leader in The Forrester Wave™: Cybersecurity Incident Response Services, Q2 2024.

Wendi Whitmore, Senior Vice President and Head of Unit 42 at Palo Alto Networks, said:
“As the threat landscape intensifies and attacks increase in speed, scale, and sophistication, organizations need a strategic partner to help them prepare for and respond to incidents; Unit 42 is that and more. As trusted advisors and partners, we guide our clients through some of the world’s most significant cybersecurity incidents, ultimately transforming their security posture by leveraging the full power of Palo Alto Networks AI-powered security platforms and solutions to prevent and reduce the likelihood of future attacks.”

The Unit 42 team includes a global team of threat experts and seasoned IR consultants with a depth of experience ranging from complex ransomware investigations to insider threats, vulnerability exploitation and nation-state attacks.

In the last year, Unit 42 nearly doubled its number of Incident Response (IR) Retainer customers. This growth is a testament to the team’s relentless pursuit of excellence, enabling them to more effectively navigate complex incident response investigations and help them respond and recover stronger than before. The global nature of the team enables Unit 42 to respond 24/7 to cybersecurity incidents quickly.

The Forrester report recognizes Unit 42 for the following reasons:

“The combined team and offering under the Unit 42 product name has gone global and launched innovative IR offerings.”
“It also brought in top leadership talent, built up its global presence, and expanded its partner network over the last two years to complement its in-house products and services, allowing it to hold its own with the larger IR firms and big consultancies.”
“Investigations are enhanced by its threat intelligence capabilities, including embedded analysts for each response and dynamic battlecards guiding response or negotiation activities by specific threat actors.”
“[Unit 42 offering is designed to]…streamline the retainer management and IR processes, especially for those one-to-many breaches where a vulnerability in a tech product affects hundreds or thousands of customers.”
“Unit 42 recently launched Arcade, an IR client onboarding and retainer management platform designed to establish a customer’s security profile, gain situational awareness of the customer’s environment, and serve as a relationship hub.”

Unit 42’s incident response approach goes beyond responding quickly and effectively; it’s about transforming an organization’s security posture and enhancing overall cyber resilience. Utilizing Precision AI™ technology, Unit 42 automates detection, prevention and remediation, shifting security from reactive to proactive. Its team of experts helps clients mature their security strategies after an incident to reduce the likelihood of future attacks and ensure business continuity. To better prepare organizations for future threats, Palo Alto Networks leverages Unit 42 threat intelligence derived from thousands of IR engagements to inform a cycle of continuous improvement and technology development across its network, cloud and SOC platforms and solutions.

For more information about Unit 42’s incident response services and to download a complimentary copy of “The Forrester Wave™: Incident Response Services, Q2 2024” visit https://start.paloaltonetworks.com/forrester-wave-incident-response or read the blog.

This is the second Forrester Wave this month in which Palo Alto Networks has been positioned as a Leader. In June 2024, Palo Alto Networks was also named a Leader in The Forrester Wave™: Extended Detection and Response, Q2 2024. In total, Palo Alto Networks currently is recognized in 23 cybersecurity product categories by the industry analyst community.

About Unit 42
Palo Alto Networks Unit 42 brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organization passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against the right threats, transform your security strategy with a threat-informed approach, and respond to incidents in record time so that you get back to business faster.

About Palo Alto Networks
Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2023, 2022, 2021), with a score of 100 on the Disability Equality Index (2023, 2022), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, Unit 42, Precision AI, and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.

info@elinksgroup.com

Uncategorized

Fortinet Threat Research Finds Cybercriminals Are Exploiting New Industry Vulnerabilities 43% Faster than 1H 2023

Post author By elinks
Post date May 6, 2024
No Comments on Fortinet Threat Research Finds Cybercriminals Are Exploiting New Industry Vulnerabilities 43% Faster than 1H 2023

Fortinet Threat Research Finds Cybercriminals Are Exploiting New Industry Vulnerabilities 43% Faster than 1H 2023

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the release of the FortiGuard Labs 2H 2023 Global Threat Landscape Report. The latest semiannual report is a snapshot of the active threat landscape and highlights trends from July to December of 2023, including analysis on the speed with which cyber attackers are capitalizing on newly identified exploits from across the cybersecurity industry and the rise of targeted ransomware and wiper activity against the industrial and OT sector.

Key findings from the second half of 2023 include:

Attacks started on average 4.76 days after new exploits were publicly disclosed: Like the 1H 2023 Global Threat Landscape Report, FortiGuard Labs sought to determine how long it takes for a vulnerability to move from initial release to exploitation, whether vulnerabilities with a high Exploit Prediction Scoring System (EPSS) score get exploited faster, and whether it could predict the average time-to-exploitation using EPSS data. Based on this analysis, the second half of 2023 saw attackers increase the speed with which they capitalized on newly publicized vulnerabilities (43% faster than 1H 2023). This shines a light on the need for vendors to dedicate themselves to internally discovering vulnerabilities and developing a patch before exploitation can occur (mitigate instances of 0-Day vulnerabilities). It also reinforces that vendors must proactively and transparently disclose vulnerabilities to customers to ensure they have the information needed to effectively protect their assets before cyber adversaries can exploit N-day vulnerabilities.
Some N-Day vulnerabilities remain unpatched for 15+ years: It’s not just newly identified vulnerabilities that CISOs and security teams must worry about. Fortinet telemetry found that 41% of organizations detected exploits from signatures less than one month old and nearly every organization (98%) detected N-Day vulnerabilities that have existed for at least five years. FortiGuard Labs also continues to observe threat actors exploiting vulnerabilities that are more than 15 years old, reinforcing the need to remain vigilant about security hygiene and a continued prompt for organizations to act quickly through a consistent patching and updating program, employing best practices and guidance from organizations such as the Network Resilience Coalition to improve the overall security of networks.
Less than 9% of all known endpoint vulnerabilities were targeted by attacks: In 2022, FortiGuard Labs introduced the concept of the “red zone,” which helps readers better understand how likely it is that threat actors will exploit specific vulnerabilities. To illustrate this point, the last three Global Threat Landscape Reports have looked at the total number of vulnerabilities targeting endpoints. In 2H 2023, research found that 0.7% of all CVEs observed on endpoints are actually under attack, revealing a much smaller active attack surface for security teams to focus on and prioritize remediation efforts.
44% of all ransomware and wiper samples targeted the industrial sectors: Across all of Fortinet’s sensors, ransomware detections dropped by 70% compared to the first half of 2023. The observed slowdown in ransomware over the last year can best be attributed to attackers shifting away from the traditional “spray and pray” strategy to more of a targeted approach, aimed largely at the energy, healthcare, manufacturing, transportation and logistics, and automotive industries.
Botnets showed incredible resiliency, taking on average 85 days for command and control (C2) communications to cease after first detection: While bot traffic remained steady relative to the first half of 2023, FortiGuard Labs continued to see the more prominent botnets of the last few years, such as Gh0st, Mirai, and ZeroAccess, but three new botnets emerged in the second half of 2023, including: AndroxGh0st, Prometei, and DarkGate.
38 of the 143 advanced persistent threat (APT) groups listed by MITRE were observed to be active during 2H 2023: FortiRecon, Fortinet’s digital risk protection service, intelligence indicates that 38 of the 143 Groups that MITRE tracks were active in the 2H 2023. Of those, Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig were the most active groups. Given the targeted nature and relatively short-lived campaigns of APT and nation-state cyber groups compared to the long life and drawn-out campaigns of cybercriminals, the evolution and volume of activity in this area is something FortiGuard Labs will be tracking on an ongoing basis.

Dark Web Discourse

The 2H 2023 Global Threat Landscape Report also includes findings from FortiRecon, which give a glimpse into the discourse between threat actors on dark web forums, marketplaces, Telegram channels, and other sources. Some of the findings include:

Threat actors discussed targeting organizations within the finance industry most often, followed by the business services and education sectors.
More than 3,000 data breaches were shared on prominent dark web forums.
221 vulnerabilities were actively discussed on the darknet, while 237 vulnerabilities were discussed on Telegram channels.
Over 850,000 payment cards were advertised for sale.

Join the Discussion on Responsible, Radical Transparency at RSAC 2024

Learn more about the importance of driving responsible transparency across the cybersecurity industry from renowned industry experts during the session, “No More Secrets in Cybersecurity: Implementing Radical Transparency.”

Time: Thursday, May 9, from 10:50 to 11:40 a.m. PT
Location: Moscone South Room 156

Panelists:

Carl Windsor, Sr. Vice President, Product Technology and Solutions, Fortinet
Michael Daniel, President and Chief Executive Officer, Cyber Threat Alliance
Eric Goldstein, Executive Assistant Director for Cybersecurity, DHS-CISA
Suzanne Spaulding, Former Undersecretary, U.S. Department of Homeland Security

Turning the Tide Against Cybercrime

With the attack surface constantly expanding and an industrywide cybersecurity skills shortage, it’s more challenging than ever for businesses to properly manage complex infrastructure composed of disparate solutions, let alone keep pace with the volume of alerts from point products and the diverse tactics, techniques, and procedures threat actors leverage to compromise their victims.

Turning the tide against cybercrime requires a culture of collaboration, transparency, and accountability on a larger scale than from just individual organizations in the cybersecurity space. Every organization has a place in the chain of disruption against cyberthreats. Collaboration with high-profile, well-respected organizations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally.

It’s through constant technology innovation and collaboration across industries and working groups, such as Cyber Threat Alliance, Network Resilience Coalition, Interpol, the World Economic Forum (WEF) Partnership Against Cybercrime, and WEF Cybercrime Atlas, that will collectively improve protections and aid in the fight against cybercrime globally.

info@elinksgroup.com

Uncategorized

Why Choose Delinea

As organizations continue their digital transformations and move to the cloud, they face increasingly complex environments and an expanding number of identities. This can lead to more challenging privileged access requirements for securing an expanded threat landscape.

Privileged Access Management (PAM) is complex, but the solution doesn’t have to be. At Delinea we believe the
opposite of complex isn’t simple — it’s seamless.

Delinea is a leading provider of solutions that seamlessly extend Privileged Access Management for the modern, hybrid
enterprise. We believe every user should be treated like a privileged user and wants seamless, secure access, even as administrators want privileged access controls without excess complexity. Our solutions put privileged access at the center of cybersecurity strategies by defining the boundaries of access. With Delinea, privileged access is more accessible.

A partner for extended privileged access controls
Digital transformation, the cloud, and remote working have created new requirements for how to securely access what is
needed to be productive and successful. Access controls are no different than any other cybersecurity tool — no matter who
is using it, they just want it to be invisible and to work seamlessly. That’s where we excel. Delinea provides authorization for all
identities, controlling access to an organization’s most critical hybrid cloud infrastructure and sensitive data.

Engineered for seamless security
Maintain and evolve your Privileged Access Management program with greater confidence and achieve higher stakeholder
adoption levels. Our PAM solutions are designed to reduce complexity and minimize costs by helping delineate the
boundaries of access. Delinea gives users more digital freedom, and gives IT and Security teams more control and greater
value in less time.

We’re accessible at any size
We’re a trusted partner to thousands of organizations around the globe — from small businesses to the Fortune 100 —
because we make privileged access more accessible for everyone. And we do it while eliminating the need for complex
security tools while prioritizing productivity, flexibility, and control.
Whether in the cloud or on-premise, Delinea’s solutions are readily customizable, scalable for growth, and powerful
enough to secure your organization no matter where it is on its PAM maturity journey.

Delinea Platform
Seamlessly extend Privileged Access Management to provide just-in-time access with easy, adaptive controls
• Establish a Secure Vault
• Secure Remote Access
• Extend MFA Enforcement
• Access the Marketplace
• Scale Easily

Secret Server
Discover, manage, protect, and audit privileged access
• Establish a Secure Vault
• Discover Unknown Accounts
• Delegate Access
• Manage Secrets
• Control Sessions

Server PAM
Manage identities and policies on servers
• Centrally Manage Identities
• Enforce Adaptive MFA
• Adopt Least Privilege
• Improve Security & Compliance

Privileged Behavior Analytics
Detect anomalies in privileged account behavior
• Secure Accounts
• Establish Baselines
• Monitor & Identify
• Alert
• Take Action

Privilege Manager
Implement endpoint application control for workstations
• Deploy Agents
• Manage Accounts
• Define Policies
• Elevate Applications
• Improve Productivity

DevOps Secrets Vault
Protect the secrets that DevOps teams and RPA tools need
• Establish Vault
• Centralize Secrets
• Automate & Scale
• Issue Certificates

Connection Manager
Ensure unified management of remote sessions
• Establish Remote Access
• Manage Sessions
• Centralize Control
• Record Sessions
• Track & Audit

Account Lifecycle Manager
Control and manage service account governance
• Establish Workflow
• Delegate Ownership
• Provision Service Accounts
• Enforce Governance
• Decommission Accounts

Remote Access Service
Secure remote access for vendors and third-parties
• Secure Remote Access
• Reduce Vulnerability
• Streamline Deployment
• Centralize Third-Party Access
• Monitor and Record Sessions

info@elinksgroup.com

Uncategorized

Cisco Launches New Business Performance Insight and Visibility for Modern Applications on AWS

Post author By elinks
Post date December 1, 2023
No Comments on Cisco Launches New Business Performance Insight and Visibility for Modern Applications on AWS

Cisco Launches New Business Performance Insight and Visibility for Modern Applications on AWS

Business Metrics for Cisco Cloud Observability Capability Enables Customers to Protect Revenue, Improve Digital Experiences and Manage Brand Reputation.

News Summary:

New business metrics for Cisco Cloud Observability enable customers to significantly enhance critical business context when observing the end-to-end flow of modern applications.
Business metrics and AWS cloud services integrations enrich and expand Cisco’s business transaction monitoring to allow customers to quickly connect digital experiences to business outcomes and make faster, better decisions and prioritizations.
Cloud service expansion, based on customer feedback, enables Cisco to unite applications and business metrics with the AWS services that impact customers within business transactions.

AWS re:Invent, LAS VEGAS, Nev., Nov. 28, 2023 — Cisco (NASDAQ: CSCO) today announced new business metrics in Cisco Cloud Observability, powered by the Cisco Observability Platform to enhance business context for modern applications running on Amazon Web Services (AWS). This latest release also supports integration with AWS services and application performance monitoring (APM) correlation and provides end-to-end visibility into the performance of cloud native applications.

Traditional application monitoring tools only provide visibility of application and infrastructure performance metrics. This leaves teams— including ITOps, DevOps and SREs— managing modern applications without clear sight into the relationship between application performance and critical business KPIs such as customer conversion rates and real-time impact on business revenue.

As a result, these teams are unable to make prioritizations based on business impact. 

Cisco’s latest innovations in full-stack observability deliver teams with the enhanced business context they need to manage modern applications and protect revenue, customer experiences and brand reputation, bridging the gap between business goals and IT.

This new capability empowers users with:

Support for multiple business metrics within a business transaction.
Easy identification of business transactions configured with business metrics for troubleshooting.

User-friendly configuration interface that enables users to preview business transaction attributes for accuracy and set up mission-critical metric alerts.
Advanced KPI visualization including baseline performance and a historical analysis trend line, to easily identify when business performance is abnormal. 
Data segmentation by selected attribute values for quick visibility of customer segments being affected most.

For Cisco customers such as Royal Caribbean, these insights are critical. “With Cisco Full-Stack Observability, we’ve gone from reactive to proactive. Cisco Cloud Observability will allow us to visualize and correlate metrics, events, logging, and tracing (MELT) data so we can identify, triage, and troubleshoot problems at an even greater velocity,” said Alice McElroy, Director, IT Operational Excellence, Royal Caribbean.

Supporting integration with more AWS services, DevOps teams can also now observe AWS Lambda functions as an entity within Cisco Cloud Observability APM pages, helping them to understand the functions’ contribution to an application, correlate their performance to overall user experience and quickly troubleshoot unexpected behavior.

“By elevating business metrics to first-class status, similar to other performance-related metrics, we enable organizations to mature their observability practice by empowering technical teams to prioritize technical issues that are aligned with business outcomes,” said Ronak Desai, Senior Vice President and General Manager for Cisco AppDynamics and Full-Stack Observability.

Cisco also announced support for 10 additional AWS services that are now pre-integrated with Cisco Cloud Observability. By tying together applications, business transactions, business metrics and expanded support for AWS infrastructure services, application owners can gain deep cross-domain visibility across the full stack.

Business metrics for Cisco Cloud Observability is now available. For more information, register for our upcoming webinar here.

Additional Resources:

For more information and live demos of new Cisco Full-Stack Observability innovations in AWS, re:Invent 2023 attendees can visit the Cisco booth (#680) located within the expo.

Demos include:

Observability for modern applications
Business risk observability for cloud native applications
Extending observability on the Cisco Observability Platform

Cisco product experts will be hosting live sessions in the booth theater, and meetings are available.

About Cisco 

Cisco (NASDAQ: CSCO) is the worldwide technology leader that securely connects everything to make anything possible. Our purpose is to power an inclusive future for all by helping our customers reimagine their applications, power hybrid work, secure their enterprise, transform their infrastructure, and meet their sustainability goals. Discover more on The Newsroom and follow us on X at @Cisco.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco’s trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

info@elinksgroup.com