Tag Archive for: XDR

Week in review: Strengthening firmware security, Help Net Security: XDR Report released

/in


Here’s an overview of some of last week’s most interesting news, articles and interviews:

Help Net Security: XDR Report has been released
The topic of this inaugural report is extended detection and response (XDR), an emerging technology that has been receiving a lot of buzz in the last few years.

Apache OpenOffice users should upgrade to newest security release!
The Apache Software Foundation (ASF) has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document.

Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)
With the newest iOS and iPad updates, Apple has fixed another vulnerability (CVE-2021-30883) that is being actively exploited by attackers.

Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)
On October 2021 Patch Tuesday, Microsoft has fixed 71 CVE-numbered vulnerabilities. Of those, only one was a zero-day exploited in attacks in the wild (CVE-2021-40449) and three were publicly known before the release of the patches.

How do I select a SASE solution for my business?
To select a suitable SASE solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

REvil/Sodinokibi accounting for 73% of ransomware detections in Q2 2021
McAfee released a report which examines cybercriminal activity related to ransomware and cloud threats in the second quarter of 2021.

Strengthening firmware security with hardware RoT
Hackers are growing smarter and more sophisticated in their attempts to avoid detection. With IT security and visibility efforts still largely focused higher in the stack at the application layer, bad actors are seeking to breach systems further down the stack at the firmware level.

Remote work exposing SMEs to increased cybersecurity risk
Remote working is leading to increased cybersecurity risks for SMEs, a research from ServerChoice shows. The research, conducted with 1,000 business leaders at SMEs, found that changes in working patterns are resulting in infrastructure being left…

Source…

XDR: The Next Step in Threat Detection and Response

/in


The global EDR market (Endpoint Detection and Response) is growing rapidly. The Transparency Market Research team predicted that this market will increase at a CAGR of about 21% in the next decade, reported Help Net Security. If it happens, this growth will help the global EDR market surpass a valuation of $13.8 billion by 2030.

What’s Behind the Projected Growth of EDR?

One of the biggest reasons for these optimistic forecasts is the reality that organizations need a systemized approach to defend all their endpoints against digital threats. To put this into perspective, LogMeIn found that the average organization had approximately 750 servers, employee computers, mobile devices and other endpoints connected to the network. 

Such complexity makes it difficult for security teams to effectively manage those devices. In the absence of something like EDR, they’re limited in their ability to adequately defend their organization against both internal and external security threats that impact assets beyond the endpoint.

Not only that, but the number of endpoints will likely increase over the next few years as the world witnesses a surge in the number of connected devices over the next few years. Indeed, Gartner estimated that the number of PCs, tablets and mobile phones would total 6.2 billion units in 2021 before reaching 6.4 billion units a year later. 

“The COVID-19 pandemic has permanently changed device usage patterns of employees and consumers,” explained Ranjit Atwal, senior research director at Gartner, in a press release. “With remote work turning into hybrid work, home education changing into digital education and interactive gaming moving to the cloud, both the types and number of devices people need, have and use will continue to rise.”

Understanding the Pervasiveness of EDR Neglect

Notwithstanding the growing number of endpoints and devices, many organizations aren’t using EDR solutions. A majority (64%) of respondents to a 2020 study said they did not use EDR, reported TechRepublic. Those individuals went on to cite a lack of skilled security staff as one of the reasons why.

This issue in part ties back to the growing complexity of the corporate network…

Source…

Elastic Announces the Launch and General Availability of Limitless XDR in Elastic Security, General Availability of Elastic Agent, and Centralized Management of Elastic Enterprise Search | Business

/in


MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–Aug 3, 2021–

Elastic (NYSE: ESTC) (“Elastic”), the company behind Elasticsearch and the Elastic Stack, today announced new capabilities and enhancements across its Elastic Enterprise Search, Observability, and Security solutions, which are built in a single platform – the Elastic Stack.

New capabilities include the general availability of Elastic Agent, a single, unified agent that simplifies the management and monitoring of data from a growing volume of diverse sources, centrally managed in Fleet to give users broad visibility and control over their environments.

With Elastic Agent, Elastic Security users benefit from integrated ransomware and malware prevention, as well as remediation capabilities directly from the endpoint. Elastic Observability users gain better visibility across their applications and infrastructure, as well as secure, centralized agent management.

Elastic announces the launch and general availability of the industry’s first free and open Limitless Extended Detection and Response (XDR). Part of Elastic Security, Elastic Limitless XDR modernizes security operations by unifying the capabilities of security information and event management (SIEM), security analytics, and endpoint security on one platform.

Additionally, Elastic Enterprise Search can now be centrally managed in Kibana, the single management interface across all Elastic solutions.

Other key updates across the Elastic Stack, Elastic Cloud, and solutions include:

Elastic Stack and Elastic Cloud

Elastic announces the general availability of Elastic Agent with centralized management in Elastic Fleet. First released in beta in 7.9 and now generally available in 7.14, Elastic Agent serves as a single unified agent to make it simple for customers and users to onboard and manage new data sources fast, while also protecting their endpoints from cyber security threats. Elastic Agent is an Elastic Stack capability that delivers value to users across Elastic Security and Elastic Observability solutions.

Elastic also announces that support for Microsoft Azure Private Link is now generally available. Customers can now privately and…

Source…