Enhancing APT detection capabilities through Threat Intelligence

Enhancing APT detection capabilities through Threat Intelligence

by Business Insights , on 27.07.2021

Advanced Persistent Threats (APTs) continue to produce challenges for security teams. The ability to track and mitigate threats, such as StrongPity APT, Lazarus and the elusive Nebulae backdoor , is critical to being resilient against APTs. One of the best ways that security teams can both detect and respond to advanced threats is by using the MITRE framework. Unfortunately, these resources are not always available to security operation centers (SOCs), managed security services providers (MSSPs) or in-house security teams due to budget constraints and available high-level talent. read more

The Growing Importance of Cloud Workload Security

The Growing Importance of Cloud Workload Security

by Business Insights , on 22.07.2021

A growing number of organizations are increasing their use of the cloud. These workloads, including databases, transactions, and analytics, are vital to business operations. Cloud workloads are different from regular endpoints which is why security teams need to deploy platforms specifically designed to protect these resources. It’s no surprise that the cloud now dominates the modern IT infrastructure landscape. More and more workloads are shifting to cloud services, as organizations look to reap the benefits of the cloud computing model. The flip-side of this trend is that cyber criminals also see opportunity and are constantly looking for and finding new ways to exploit weaknesses in the cloud. That means cyber security leaders and teams need to focus on bolstering cloud workload security. Businesses See the Cloud as Vital to Growth The results of a survey by professional services firm PwC highlight that business leaders across the C-suite are seeing the cloud’s vital role in both defining and achieving their organization’s growth and operational ambitions, and they have high expectations for what the cloud can deliver for their organizations. A majority of executives in the survey (92%), say their companies are “all-in” on the cloud or have adopted it in many parts of the business. Spending on Cloud Services Continues to Rise Perhaps the best proof of cloud acceptance among organizations is that they are spending more on cloud services. An April 2021 report by research firm Gartner shows that worldwide end-user spending on public cloud services is forecast to grow 23% in 2021, totaling $332.3 billion. That’s up from $270 billion in 2020. The events of 2020, namely the Covid-19 pandemic, allowed CIOs to overcome any reluctance to moving critical workloads from on-premises to the cloud, according to the report. In addition, emerging technologies such as virtualization, containerization, and edgecomputing are becoming more mainstream and driving additional cloud spending. A number of key business workloads are suitable for cloud environments. These include database workloads to support a number of business processes; transactional workloads such as billing and order processing; batch workloads to support back-office operations; and analytic workloads to analyze data for business insights. As more companies become aware of the economics of using the cloud, it’s likely that the workload shift away from on-premises systems will continue. Unfortunately, this also creates a growing number of targets for cyber criminals. New Security Issues with Cloud Adoption The security issues involved with the cloud are different from those associated with on-premises systems and endpoints. The cloud encompasses a more diverse and highly connected architecture, and much about it is out of an organization’s control. It’s also more dynamic, with machines being created, moved across servers and clouds, and deleted dynamically—sometimes existing just for a few seconds. Many of the typical endpoint security tools available are not necessarily suited for cloud environments and some of the point solutions that evolved specifically for some of these environments are narrow in scope. Importance of Cloud Workload Security Platforms This is why adopting a dedicated cloud workload security platform is important. Such a platform should offer integration between on-premises and cloud services and provide the scalability, visibility, as well as advanced security designed to work within a dynamic cloud environment. Vendors that can provide cloud and on-premises-based cloud workload security platforms can deliver comprehensive cloud workload protection and posture management to their customers, according to a Forrester Wave report from Forrester Research. The report, which includes a detailed evaluation of cloud workload security providers, notes that “customer needs in securing workloads are changing. Old-school, on-premises security tooling [for example, security analytics/security information and event management, endpoint detection and response] no longer cut it.” Organizations today have to monitor and control the proliferation of cloud workloads comprehensively across multiple tiers, Forrester says. When addressing cloud workload security, they should look for platforms that offer features for guest operating system native protection. “Many of the threats in workloads are still traditional changes to configuration files and network intrusions,” the report says. Security teams need tools that offer memory integrity monitoring, host-based firewalls, and intrusion detection/prevention, and allow for scalable deployment of protection to a large number of workloads without interruption, the study says. Learn more about how Bitdefender Gravityzone can help improve your security posture and protect mission-critical assets. read more

Technical Advisory: SeriousSAM – Windows 10 Flaw Can Be Used by Malicious Actors to Obtain Administrator Rights

Technical Advisory: SeriousSAM – Windows 10 Flaw Can Be Used by Malicious Actors to Obtain Administrator Rights

by Business Insights , on 22.07.2021

Newer versions of Windows 10 (build 1809 - 2018-present) may be vulnerable to a local privilege escalation enabled by misconfiguration on the Security Account Manager (SAM) database file. SAM is a database file that stores password hashes for all local user accounts. (This file can be found in folder %SystemRoot%System32ConfigSAM and it is mounted in registry under HLKMSAM.) read more

Effective Healthcare Security Is Much More Than Compliance

Effective Healthcare Security Is Much More Than Compliance

by Business Insights , on 22.07.2021

When it comes to managing the security of their data and business-technology systems, many healthcare enterprises focus heavily on regulatory compliance efforts, such as their HIPAA security and patient privacy mandates. This is for an excellent reason — noncompliance can lead to costly fines and the ire of regulators. While it’s likely that focusing on regulatory compliance can incrementally improve security, that shift alone won’t take the organization to the level of security maturity it needs to have to protect against today’s threats such as ransomwar. read more

Join Bitdefender at Black Hat 2021!

Join Bitdefender at Black Hat 2021!

by Business Insights , on 15.07.2021

Come August, the Bitdefender team – along with some 20K security and InfoSec professionals – will descend on Las Vegas for four days of revelry on and about the latest security risks, research, and trends. read more

Seven Steps Healthcare Providers Can Take Now to Shrink Their Security Skills Gap

Seven Steps Healthcare Providers Can Take Now to Shrink Their Security Skills Gap

by Business Insights , on 09.07.2021

Healthcare providers are operating in a time of extraordinary pressure. Whether it's recovering their operations from a devastating pandemic year or it's the pace that their organization is embracing a rapid digital transformation aimed to optimize and modernize their systems. The last thing healthcare organizations needed this past year was an increase in ransomware and other types of attacks — but that's precisely what they experienced. read more

Want to get started with XDR? XEDR may be the best place to begin

Want to get started with XDR? XEDR may be the best place to begin

by Bogdan Carlescu, from Business Insights , on 09.07.2021

Every three to five years a new cybersecurity technology term gets hyped. In 2021 it’s eXtended Detection and Response (XDR). I’m old enough to remember way back in 2017 when endpoint detection and response (EDR) was considered the ‘Holy Grail’ of cyber defense. read more

Security Architecture considerations for Cyber Resilience - Threat Prevention

Security Architecture considerations for Cyber Resilience - Threat Prevention

by Bogdan Carlescu, from Business Insights , on 05.07.2021

Inanearlierblogthis year,I comparedthe concepts of cybersecurity and cyber-resiliency, arguing thatthe main difference between the two is one of perspective. Cybersecurityiscentered on the idea that attacks can(and should)be preventedwhile cyber-resilience acknowledges that some attacks will gothrough,and thatorganizations must prepare todeal with the consequences quickly and effectively. read more

Advisory on Kaseya VSA Ransomware Attack

Advisory on Kaseya VSA Ransomware Attack

by Business Insights , on 03.07.2021

Update: July 13, 2021 -- Kaseya issued a critical security update for VSA users that is available on their site - Kaseya Critical Security Update. We recommend users follow Kaseya's recommended updates as soon as possible. - - - - - - - - - - - - - - - We continue to monitor and analyze the attack using Kaseya Software to deploy a variant of REvil ransomware into a victim’s environment.The attack targetedKaseya’smanaged service provider(MSP)customers, which oftenprovideIT support to small- to medium-size businesses. By targetingMSPs,attackersalsoseekto access and infiltratetheMSP’scustomerscomputer networks. read more

Next >>