Tag Archive for: teams

Going into the Darknet: How Cynet Lighthouse Services Keep Cybersecurity Teams One Step Ahead of Hackers

/in


By monitoring the darknet, as well as underground forums, Cynet is able to identify and prepare for the latest cybersecurity threats before they reach deafening levels.

By Eyal Gruner, Co-Founder and CEO of Cynet

Data breaches are far from new, but the scale of attacks and sophistication of the attackers has reached all new levels in recent years. Since the pandemic, with the rise in remote work environments and work from home setups, compromised credentials became the most common initial access vector for data breaches in 2022 according to IBM – leading to rampant cybersecurity attacks. Because of the anonymity it offers, the darknet is fertile ground for bad actors looking to buy, sell, and trade large datasets of credential that can be used to access compromised accounts and systems left unchecked.

The alarming rise in compromised credentials led Cynet to launch its Lighthouse Service which monitors underground forums, private groups, and malicious servers for evidence of compromised credentials within the environment – taking its MDR team (CyOps) into the darknet and underground forums to search for potential cybersecurity threats before they become full-on attacks. Unlike traditional darknet monitoring services, Cynet focuses primarily on credential theft monitoring because of the swift rise in leaked credentials.

A Primer on the Darknet and Underground Forums  

Unlike the internet we all use to work, shop, and connect online, users must download a special Tor browser or browser add-ons to navigate the darknet. Because there is no link between a user and the user’s IP, the darknet requires specific access (software, configurations, authorization) – thus making it a prime location for illegal activity. Industry analysts estimate that the darknet accounts for 4% to 6% of internet content, with as many as three million users per day.

But the darknet is not the only gathering spot for cybercriminals. The internet we use on a daily basis (Clearnet) also houses underground forums that fuel and empower threat actors. The now seized “RaidForums” and its predecessor, “Breached,” are two popular sites that can be accessed via common web browsers. While the two are…

Source…

Five ways security teams can more effectively manage identities in the cloud

/in


Managing identities in the cloud has been described as a “big mess” by many security pros – and that’s why SC Media decided to focus on this issue as we celebrate Data Privacy Day.

For starters, the comparatively orderly on-prem days in which all identities were managed by Microsoft Active Directory, or network admins could geo-locate an employee based on an IP address that was in the company’s building are long gone.

Rather, the confluence of the cloud accelerated by the pandemic moved companies outside the building, where they are now managing hundreds of applications and data sets, and permissions and access right for all those applications and data.

“For just AWS alone, a company may have 100 different applications,” said Frank Dickson, vice president for security and trust at IDC. “Someone may have access to Salesforce, but only to the files for their customers. So think about the exponential scaling of that complexity across multiple applications and you begin to understand how challenging managing identities in the cloud has become.”

Based on interviews with Dickson and other security pros here’s a list of tips to consider for managing identities in the cloud.

  • Invest in core identity technology. Dickson said once a company gets past 100 users, managing identity becomes unwieldy. Businesses need to invest in a tool such as Okta or Azure AD that can automate the management of all the cloud-based identities – and that’s especially true for large organizations with hundreds, if not thousands of users.
  • Consider cloud identity management tools for IaaS and SaaS. There’s no one-size-fits-all solution to managing identifies in the cloud, said Dickson. There are products from the likes of CrowdStrike, Microsoft and Sonrai Security for example, under the umbrella of cloud infrastructure entitlement management (CIEM), that let different teams and developers implement least privilege access at scale. It lets security teams grant access to a specific segment in public cloud environments, and it can do this across all the major public cloud environments, such as AWS, Azure and the Google Cloud Platform. And then there are tools known as SaaS Detection and Response…

Source…

Check Point teams with Intel for processor-level anti-ransomware security

/in


Cybersecurity firm Check Point Software Technologies Ltd. has extended a collaboration with Intel Corp. to offer enhanced anti-ransomware capabilities for Check Point Harmony customers.

Under the collaboration, the Intel vPro platform’s threat detection technology will be available within Check Point Harmony Endpoint. The pairing provides enterprises with processor-level anti-ransomware security at both the hardware and software levels at no extra cost.

The problem being addressed is a well-known one: Cyber criminals are becoming more creative in their attacks. Check Point recorded a 42% global increase in cyberattacks in 2022, with ransomware identified as the No. 1 threat. The company argues that “prevention first” continues is the best cybersecurity strategy because once an attack happens, it can be challenging to repair the damage to the victim and its reputation.

The integration sees Check Point Harmony Endpoint tap into Intel’s Threat Detection Technology Technology, available on the Intel vPro platform, to employ artificial intelligence and machine learning. With the ability to use AI and machine learning, Harmony can analyze processor telemetry and recognize ransomware encryption commands early in the attack flow, raising the barrier against advanced threats, according to the companies.

Combined, the service strengthens prevention and security measures for customers, blocking endpoint threats with capabilities that identify, block and remediate the entire attack chain.

“The Intel vPro platform contains hardware-based security features, including Threat Detection Technology specifically designed to detect ransomware and other advanced threats,” Carla Rodríguez, vice president and general manager, Ecosystem Partner Enabling at Intel, said in a statement. “When paired with Check Point’s security solutions, customers can be confident knowing their endpoints are better protected at both the hardware and software layers.”

Check Point customers benefit from processor-level security that starts at the silicon level and provides anti-ransomware capabilities allowing for earlier prevention and expansive attack surface coverage.

Additional details,…

Source…

Palo Alto Networks teams with Google Cloud to provide secure access to applications

/in


Palo Alto Networks Inc. today announced a new partnership with Google LLC Cloud that combines BeyondCorp Enterprise from Google Cloud and Prisma Access from Palo Alto Networks to provide hybrid users with secure access to applications.

Built on the backbone of the Google Cloud network, the cloud-delivered Zero Trust Network Access 2.0 solution is said to enable users to work securely from anywhere, regardless of device type. Tapping into Prisma Access, customers gain access to ZTNA 2.0 security for all devices, branch offices and applications. With the inclusion of BeyondCorp Enterprise Essentials, users can secure access to applications and resources for unmanaged devices.

The pairing combines threat intelligence and machine learning that automatically detects and remediates threats to users, applications and enterprise data, powered by low-latency connections on Google Cloud. “Legacy VPN and ZTNA 1.0 solutions provide access to users that are too broad and lack continuous security inspection, putting cloud-first and hybrid organizations at risk,” explained Kumar Ramchandran, senior vice president of products at Palo Alto Networks.

Also announced today by Palo Alto Networks at its annual Ignite Conference in Las Vegas was Prisma Cloud Secrets Security. A cloud-native application protection platform, the solution taps into signature-based secrets detection, observing events and identifying patterns that match the signatures of known attacks, and an entropy model that measures the amount of uncertainty an attacker faces to determine the value of a secret.

Prisma Cloud now scans all files, including “infrastructure as code” and source files, to deliver a solution that offers full application lifecycle protection. The service does so by scanning for hardcoded in-code pre-commit, version control systems and continuous integration pipelines.

The service additionally alerts users to exposed secrets in cloud works and resources using built-in runtime policies. Key features include application programming interface risk profile for cloud-native applications that rely on APIs for communication.

Prisma Cloud now has enhanced web application and API security capability with…

Source…